Sen. Dianne Feinstein, chair of the Senate Intelligence Committee, has released the following Statement on NSA Compliance, in response to the Washington Post’s leaked internal NSA audit.
“By law, the Intelligence Committee receives roughly a dozen reports every year on FISA activities, which include information about compliance issues. Some of these reports provide independent analysis by the offices of the inspectors general in the intelligence community. The committee does not receive the same number of official reports on other NSA surveillance activities directed abroad that are conducted pursuant to legal authorities outside of FISA (specifically Executive Order 12333), but I intend to add to the committee’s focus on those activities.
“The committee has been notified—and has held briefings and hearings—in cases where there have been significant FISA compliance issues. In all such cases, the incidents have been addressed by ending or adapting the activity.
“The large majority of NSA’s so-called ‘compliance incidents’ are called ‘roaming’ incidents, in which the NSA is collecting the phone or electronic communications of a non-American outside the United States, and that person then enters the United States. The NSA generally won’t know that the person has traveled to the United States. As the laws and rules governing NSA surveillance require different procedures once someone enters the U.S.—generally to require a specific FISA court order—NSA will cite this as a ‘compliance incident,’ and either cease the surveillance or obtain the required FISA court order. The majority of these ‘compliance incidents’ are, therefore, unintentional and do not involve any inappropriate surveillance of Americans.
“As I have said previously, the committee has never identified an instance in which the NSA has intentionally abused its authority to conduct surveillance for inappropriate purposes.
“I believe, however, that the committee can and should do more to independently verify that NSA’s operations are appropriate, and its reports of compliance incidents are accurate. This should include more routine trips to NSA by committee staff and committee hearings at which all compliance issues can be fully discussed.”
The document leaked by Edward Snowden and published by the Washington Post’s Barton Gellman supports this claim; read it for yourself below. I’ve gone through it twice now, and there’s no evidence in here of deliberate malicious activity on the NSA’s part, or on any NSA analyst’s part.
As Feinstein said, most of the incidents reported are “roaming” incidents. The second most likely cause of an incident report is human error when entering database queries. (Typos, anyone?)
There are other causes listed — mostly errors of one kind or another — and some cases in which information was inappropriately collected and/or stored, but not a single case in which any person is implicated in intentional abuse.
And another interesting note in the document: there are comprehensive automatic reporting systems in place, that caught the majority of these incidents.