Report: NSA spying broke privacy rules thousands of times

Snowden leak reveals NSA broke its own rules 2:35

The White House on Friday said the Obama administration was committed to ensuring intelligence programs don't violate Americans' privacy, following news that the National Security Agency broke privacy rules and exceeded its legal authority thousands of times since it was given new powers in 2008, according to top secret documents leaked by Edward Snowden, The Washington Post reported Thursday.

"This Administration is committed to ensuring that privacy protections are carefully adhered to, and to continually reviewing ways to effectively enhance privacy procedures," the statement from the White House read. 

The Post said most of the breaches involved unauthorized surveillance of Americans or foreign intelligence targets in the United States.

The paper said they ranged from “significant violations of law” to typographical errors that led to the unintended interception of U.S. emails and telephone calls.

Staff at the National Security Agency broke privacy rules thousands of times, according to documents leaked by former contractor Edward Snowden. Patrick Semansky / AP, file

An NSA audit obtained by The Post from Snowden said there had been 2,776 cases in the year to May 2012 of unauthorized collection, storage, access to or distribution of legally protected communications. Most were unintended, it said.

The paper said the most serious incidents included the unauthorized use of data about more than 3,000 Americans and people with green cards, and a violation of a court order.

In its media release, the White House said: "The documents demonstrate that the NSA is monitoring, detecting, addressing and reporting compliance incidents."

The NSA said, in turn, its “foreign intelligence collection activities” were “continually audited and overseen internally and externally.”

“When NSA makes a mistake in carrying out its foreign intelligence mission, the agency reports the issue internally and to federal overseers - and aggressively gets to the bottom of it,” it said.

John DeLong, the NSA’s director of compliance, stressed there was a process for staff to report “if they have made a mistake or even if they believe that an NSA activity is not consistent with the rules.”

NSA chief heckled during speech 0:40

“NSA, like other regulated organizations, also has a 'hotline' for people to report -- and no adverse action or reprisal can be taken for the simple act of reporting,” he said in a statement.

“We take each report seriously, investigate the matter, address the issue, constantly look for trends, and address them as well -- all as a part of NSA's internal oversight and compliance efforts. What's more, we keep our overseers informed through both immediate reporting and periodic reporting.”

DeLong said more than 300 personnel worked in the NSA’s internal privacy compliance program -- “a fourfold increase since 2009.”

“They manage NSA's rules, train personnel, develop and implement technical safeguards, and set up systems to continually monitor and guide NSA's activities. We take this work very seriously,” he said.

Another NSA statement said the Director of National Intelligence James Clapper had declassified certain statements in July 2012 that revealed the Foreign Intelligence Surveillance Court had determined that "some collection” activities were “unreasonable under the Fourth Amendment.”

NSA's 'hop analysis' tracks calls linked to other calls 2:45

The NSA said “a variety of factors” could cause breaches.

“They include, but are not limited to: implementation of new procedures or guidance with respect to our authorities that prompt a spike that requires ‘fine tuning,’ changes to the technology or software in the targeted environment for which we had no prior knowledge, unforeseen shortcomings in our systems, new or expanded access, and ‘roaming’ by foreign targets into the U.S., some of which NSA cannot anticipate in advance but each instance of which is reported as an incident,” it said in a statement.

“The one constant across all of the quarters is a persistent, dedicated effort to identify incidents or risks of incidents at the earliest possible moment, implement mitigation measures wherever possible, and drive the numbers down.”

The White House reiterated the breaches were unintentional.

"As Chairman of the Senate Select Committee on Intelligence Feinstein has said today, the Committee has never identified an instance in which the NSA has intentionally abused its authority to conduct surveillance for inappropriate purposes not identified willful violations of the law; rather, the majority of the compliance incidents are unintentional," the statement read. 

Feinstein, D-Calif., chairman of the Senate Intelligence Committee, said Friday her committee has never identified an instance in which the NSA had intentionally abused its authority to conduct surveillance for inappropriate purposes.

"I believe, however, that the committee can and should do more to independently verify that NSA's operations are appropriate, and its reports of compliance incidents are accurate," Feinstein added in a statement. 

Snowden worked as a contractor for the NSA but fled to Hong Kong and leaked documents to The Guardian newspaper and The Post.

He has been charged by the United States with espionage, but is currently believed to be in Russia, where he has been granted asylum.