Just a couple of months ago, Deputy Attorney General James Cole spoke at a congressional hearing about the National Security Agency's surveillance efforts. After describing oversight efforts and systemic safeguards, Cole told lawmakers, "Every now and then, there may be a mistake."
The Washington Post's Barton Gellman reported overnight on just what "every now and then" means in practical terms.
The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents.Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by statute and executive order. They range from significant violations of law to typographical errors that resulted in unintended interception of U.S. e-mails and telephone calls.
So, for example, in 2008 the NSA inadvertently intercepted a "large number" of calls placed from Washington, D.C. because of a programming error -- someone typed "202" instead of "20." The former is D.C.'s area code; the latter is the international dialing code for Egypt.
The issue here does not appear to be deliberate widespread abuses from NSA officials. In fact, as the New York Times reported, "The violations, according to the May 2012 audit, stemmed largely from operator and system errors like 'inadequate or insufficient research' when selecting wiretap targets."
So, if we're talking largely about mistakes, what's the basis for the controversy? A few things, actually.
First, the public was told that these violations weren't occurring. The incidents may have been mostly inadvertent, but they were more common than we thought.
Second, the sheer number of the occurrences is striking. The NSA audit obtained by Gellman counted 2,776 incidents, most of which were unintended, over a one-year period, of "unauthorized collection, storage, access to or distribution of legally protected communications." The ACLU's Jameel Jaffer said the raw total was "jaw-dropping."
There's obviously a larger context here that we're not fully aware of. It's possible, for example, that 2,776 incidents is a tiny percentage of the larger number of intercepted communications, and it's easy to imagine the NSA stressing this as part of a defense -- it's likely that more 99% of the surveillance efforts didn't break any privacy rules or overstep legal limits.
But when there's a surveillance system in place in which "unauthorized collection, storage, access to or distribution of legally protected communications" happens on average more seven times a day, every day for a year, it suggests there's something wrong with the system itself.
And finally, there's the transparency problem. From Gellman's report:
The documents, provided earlier this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance. In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence.In one instance, the NSA decided that it need not report the unintended surveillance of Americans.... In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had been in operation for many months. The court ruled it unconstitutional.
Expect the calls for reform to grow quite a bit louder.