The National Security Agency defended its surveillance programs yesterday as U.S. lawmakers demanded tighter controls in response to an audit showing privacy rules were broken thousands of times.
The internal audit showing more than 2,700 violations involving NSA surveillance of Americans and foreigners “is just the tip of a larger iceberg,” Democratic Senators Ron Wyden of Oregon and Mark Udall of Colorado said in a joint statement.
The May 2012 audit showed the thousands of violations occurred over a one-year period, the Washington Post said, citing documents provided by former NSA contractor Edward Snowden. The disclosure added to calls by lawmakers for change when Congress returns in September, in what may become the biggest U.S. rewrite of intelligence programs since the aftermath of the 2001 terrorist attacks.
John DeLong, the agency’s compliance director, said cases of intentional wrongdoing were rare and that none of the errors cited in the audit were made on purpose.
“People need to understand that these are not willful violations, they are not malicious,” DeLong told reporters on a conference call yesterday.
President Barack Obama has sought to assure the public that agency programs that collect telephone-calling records, e-mails and other data don’t violate constitutional rights and are adequately overseen by Congress and a secret federal court.
“The documents demonstrate that the NSA is monitoring, detecting, addressing and reporting compliance incidents,” Josh Earnest, a White House spokesman, said yesterday in a statement on the disclosure of the audit.
The violations are “what happens when you have secret laws, no meaningful oversight and people in charge who think the Constitution wasn’t written for them,” Representative Justin Amash, a Michigan Republican, said yesterday on Facebook Inc.’s social-network website.
The incidents, even if inadvertent, show “a lack of sufficient respect for privacy rights and other constitutionally protected liberties” by the agency, Senator Richard Blumenthal, a Connecticut Democrat and a Judiciary Committee member, said in an interview.
Blumenthal introduced legislation this month that would overhaul the secret court that oversees NSA compliance with the Foreign Intelligence Surveillance Act.
“If these noncompliance issues were occurring with this frequency and severity in a civilian-court setting, judges would be hammering prosecutors and police and perhaps even imposing contempt of court at a certain point,” Blumenthal said.
Wyden and Udall, who both serve on the Senate intelligence committee, said, “the public deserves to know more about the violations of the secret court orders that have authorized the bulk collection of Americans’ phone and e-mail records.”
DeLong said the number of incidents cited in the audit was misleading. The audit showed fewer than 100 violations of the agency’s authority from database queries over the first three months in 2012. DeLong said that’s out of 20 million such queries NSA analysts make every month.
“We’re talking parts per million,” he said.
The errors are detected because the NSA actively looks for them, closely monitoring the work of thousands of analysts automatically through their computers and encouraging employees to report mistakes themselves, DeLong said.
Some of the errors may be the result of the large volume of data being monitored, retired Admiral Dennis Blair, the former Director of National Intelligence, said by telephone.
“I don’t want to sound like an apologist because I’m not,” Blair said. “When there were similar instances when I was director, I was exasperated by the mistakes, but nothing caused me concern that we were routinely and purposefully trampling on the rights of Americans in our zeal to catch terrorists.”
In June, Snowden, who faces U.S. espionage charges and has been granted temporary asylum in Russia, exposed a program under which the NSA collects telephone records on millions of Americans and stores the information in a database that can be searched. He also revealed a program that monitors Internet communications of suspected foreign terrorists by obtaining data from companies such as Google Inc. (GOOG) under secret court orders.
The internal audit counted 2,776 violations in the preceding 12 months related to the collection, dissemination, access and retention of data by the agency under laws and executive orders covering surveillance of Americans or foreigners in the U.S.
The majority of violations of the Foreign Intelligence Surveillance Act -- 63 percent -- were attributed to human error. Those included inaccurate or insufficient research, lack of due diligence and typographical mistakes, according to the audit, which the Post posted on its website.
Some violations occurred because the agency didn’t know a foreign target had traveled to the U.S., the audit said. The NSA is required by law to have a warrant to conduct surveillance inside the country.
The audit dealt only with incidents at the NSA’s Fort Meade, Maryland, headquarters outside Washington and other facilities in the metropolitan area, the Post said.
Senator Dianne Feinstein, a California Democrat who leads the Senate intelligence committee, said in a statement that her panel has been notified of “significant FISA compliance issues” and “in all such cases, the incidents have been addressed by ending or adapting the activity.”
The committee doesn’t receive as many reports on NSA activities under legal authorities other than the foreign intelligence act, “but I intend to add to the committee’s focus on those activities,” the senator said.
Human and technical errors “are unfortunately inevitable in any organization and especially in a highly technical and complicated system like NSA,” Republican Representative Mike Rogers of Michigan, chairman of the House intelligence committee, said in a statement.
Rogers had said on CBS Corp.’s “Face the Nation” television show on July 28 that there were “zero privacy violations” in the agency’s collection of phone records. Susan Phalen, a Rogers spokeswoman, said yesterday in a statement that Rogers was “referring to willful and intentional violations of law” and “the disclosed documents demonstrate that there were no intentional and willful violations.”
DeLong wouldn’t say how many “willful violations” have occurred when asked by reporters.
The most serious breach included the unauthorized collection of information about more than 3,000 Americans and holders of green cards, which give permanent resident status to immigrants, according to the Post.
DeLong said that violation didn’t involve analysts examining the records, and they were immediately destroyed.
The agency in 2008 also intercepted a “large number” of calls placed from Washington when a programming error confused the city’s area code, 202, with 20, the international dialing code for Egypt, according to a review that wasn’t distributed to the agency’s oversight staff, the Post said.
That mistake didn’t provide any metadata the NSA didn’t already collect under the USA Patriot Act, said a former senior intelligence official who asked not to be identified discussing the secret surveillance programs.
The latest disclosure shows the agency is breaking the most permissive U.S. surveillance law, passed by Congress in 2008, said Alex Abdo, a national-security lawyer with the American Civil Liberties Union in New York.
“I don’t think anyone suspected the extent of abuse was this great,” Abdo said by telephone. “What we’ve been hearing from government officials including the president is ‘trust the NSA because it has oversight.’ Now we know that the oversight mechanism has failed.”
U.S. District Judge Reggie Walton, chief judge of the secret court, said the court “does not have the capacity to investigate issues of non-compliance,” according to the Post. It relies on the “accuracy of the information that is provided to the Court,” he said in the newspaper.
Caitlin Hayden, a spokeswoman for the White House National Security Council, wouldn’t comment yesterday when asked whether Obama had been briefed on the agency audit.
To contact the editor responsible for this story: Bernard Kohn at firstname.lastname@example.org