Deputy Attorney General James Cole, NSA Deputy Director John Inglis, General Counsel in the Office of the Director of National Intelligence Robert Litt, and FBI Deputy Director Sean Joyce testify during a hearing about oversight of the Foreign Intelligence Surveillance Act (FISA) surveillance programs.Alex Wong/Getty Images
The National Security Agency violated privacy laws and operated outside its legal authority thousands of times each year after Congress expanded the reach of the agency's power in 2008, according an internal audit acquired by The Washington Post.
An NSA audit dated May 2012 that was provided to the newspaper by former NSA contractor Edward Snowden earlier this summer detailed 2,776 incidents during the previous year in which the agency had unlawfully collected, accessed or distributed legally protected communications, the Post reported Thursday.
According to the audit, most of the unauthorized incidents were unintended, due to clerical errors that resulted in interception of emails or phone calls. But many incidents involved unlawful monitoring of data about thousands of Americans and foreign intelligence targets, which it opted not to disclose to the public or Congress, the Post said.
The NSA review said that one in 10 surveillance violations was caused by a typographical error in which an NSA employee enters a query incorrectly and retrieves data about email or phone communications, the Post reported.
In one of the documents, the Post said, NSA personnel are instructed to remove certain details and to simplify language in reports about its activities that were to be given to the Justice Department and the Office of the Director of National Intelligence.
In another case, the Foreign Intelligence Surveillance Court, whose role is to oversee the NSA's requests for surveillance, did not learn about a new data collection method the agency was using until after it had been implemented for a few months, the Post reported, after which FISC ruled the method was unconstitutional.
U.S. District Judge Reggie Walton, who is the chief of FISC, told the Post in a written statement that the court does not have the ability to keep the government's surveillance in check because it lacks the tools to independtently verify when the NSA has broken its rules.
"The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing [government] compliance with its orders," Walton wrote.
He also told the Post that it can't verify whether the NSA's employees really did unintentionally make typographical errors that inadvertently exposed email and telephone communications.
The audit only tracked surveillance violations that took place at the agency's headquarters in Fort Meade and at other Washington-based facilities; the number of infractions would be "substantially higher" if it tracked them at other regional NSA units, the Post said.
The NSA said in a statement in response to the Post's discovery of the internal audit that the agency tries to identify problems "at the earliest possible moment, implement mitigation measures wherever possible, and drive the numbers down," the newspaper reported.
"We're a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line," a senior NSA official told the Post who was authorized by the White House to speak on the condition of anonymity.