NSA internal audit reveals thousands of privacy violations
Posted on 16 August 2013.
Bookmark and Share
An internal NSA audit document and several other seen by The Washington Post journalists prove that there have been over a 1,000 violations of FISA and presidential executive orders each year since the agency was granted broader surveillance powers in 2008.

"The documents, provided earlier this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance," Barton Gellman pointed out.

"In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence."

Some of the violations were caused by computer errors and other by operators. For example, in 2008, a computer mistake has resulted in the interceptions of calls made from Washington D.C. (US area code 202) instead of those made from Egypt (international dialing code 20). As a reminder: 2008 was an election year.

In a statement reacting to the piece, a NSA official stated on the record that the NSA is "a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line.”

And they are right. The problem is not in the fact that errors are made, but that they are swept under "statistical addendum" rugs and reports of this kind are often not shared with people who should decide whether the NSA should be allowed to continue with the practices or not. If they are, they often don't include the actual number of innocent American citizens that have been affected.

"The NSA uses the term 'incidental' when it sweeps up the records of an American while targeting a foreigner or a U.S. person who is believed to be involved in terrorism. Official guidelines for NSA personnel say that kind of incident, pervasive under current practices, 'does not constitute a . . . violation' and 'does not have to be reported' to the NSA inspector general for inclusion in quarterly reports to Congress," writes Gellman, and points out that once added to the databases the communications of Americans may be searched freely if there are not other restrictions in place.

In addition to this, Carol Leonnig reports that the Foreign Intelligence Surveillance Court does not have the means to verify whether government reports regarding the spying programs are accurate and whether the included mistakes are actually unintentional, and is, therefore, forced to take the information at face value.

"The court’s description of its practical limitations contrasts with repeated assurances from the Obama administration and intelligence agency leaders that the court provides central checks and balances on the government’s broad spying efforts," she writes, adding that several US legislators who are members of the House and Senate intelligence committees have said that they are limited in their efforts to question NSA officials about the work they do.









Spotlight

Nine patterns make up 92 percent of security incidents

Posted on 23 April 2014.  |  Researchers have found that 92 percent of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //