The Washington Post’s new article on the NSA uncovered “unauthorized use of data” of 3000 US citizens. That’s about 0.0009% of the population, but you wouldn’t know from the headline: NSA Broke Privacy Rules Thousands of Times Per Year, Audit Finds.
Wow, sounds bad. So what courageous whistleblower found these violations and took action to stop them?
Well, that would be the NSA themselves. The source is an internal audit.
The NSA audit obtained by The Post, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications. Most were unintended. Many involved failures of due diligence or violations of standard operating procedure. The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders.
In a statement in response to questions for this article, the NSA said it attempts to identify problems “at the earliest possible moment, implement mitigation measures wherever possible, and drive the numbers down.” The government was made aware of The Post’s intention to publish the documents that accompany this article online.
“We’re a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line,” a senior NSA official said in an interview, speaking with White House permission on the condition of anonymity.
What this really shows: the NSA’s layers of oversight, and regulatory limitations, and the way the NSA complies with them — but no actual intentional wrongdoing, which has been a common thread throughout this story. This is evidence of due diligence, not wrongdoing.
UPDATE at 8/16/13 11:28:44 am
Here’s a very good point that I missed on first read through the NSA document:
So the actual number of US citizens involved in these incidents is much, much lower than it appears from the Washington Post’s hyperbolic headline and article.
UPDATE at 8/16/13 11:35:32 am
The New York Times posts a correction, showing once again that reports of the NSA collecting the “content” of phone calls were simply wrong:
Correction: August 16, 2013
An earlier version of this article inaccurately portrayed an incident in 2008 involving a mix-up of the area code of Washington, D.C., 202, and the international dialing code of Egypt, 20. While the Washington Post initially described this incident as involving the “interception” of calls placed from Washington, the Post later explained that it involved the collection of “metadata” logs about the calls. It is not the case that the N.S.A. recorded the contents of the calls.
There is no correction or update about this posted at the Washington Post. Transparency!