RegulationSecuritySurveillance-ITWorkspace

NSA ‘Broke Privacy Rules Almost 3,000 Times In A Year’

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Agency breaks rules designed to keep its surveillance in check thousands of times, according to an audit leaked by Edward Snowden

An audit of the National Security Agency (NSA) highlighted 2,776 incidents where it had broken privacy rules or overstepped legal boundaries, according to another leak from whistleblower Edward Snowden.

The NSA, which has come under fire for broad surveillance methods over recent months, broke many rules thanks to simple human errors, according to an NSA audit handed to the Washington Post, dated May 2012 and covering the preceding 12 months of activity.

But in other instances it has been shown to pick and choose what it reveals to the courts and regulatory bodies governing its operations.

Online surveillance © - Fotolia.comNSA not coming clean?

In one case the NSA did not report unintended surveillance of US citizens, and in 2008 it mistakenly intercepted a large number of calls for Washington when an error confused the US area code 202 for 20, the dialling code for Egypt. In that latter case, NSA’s “oversight staff” were not informed, according to the paper.

Another episode left the Foreign Intelligence Surveillance Court in the dark over a new method of data collection until it had been running for months. The court, which is tasked with watching over the surveillance of the NSA, eventually ruled it as unconstitutional.

The real number of infractions is likely to be far higher, given the audit only looked at incidents at the NSA’s Fort Meade HQ and ­facilities in the Washington area.

Snowden had previously stated there was not enough oversight of the NSA’s activities. He claimed audits were “incomplete” and were easily manipulated to “fake justifications”.

The NSA has defended itself by saying that mistakes happen, but it had procedures in place to identify cases where it may be overstepping the mark. “We’re a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line,” an NSA official told the Post.

Snowden’s leaks had already highlighted massive surveillance projects carried out by the NSA, including PRISM, which gathered data from the world’s most popular Internet companies, including Facebook, Google and Microsoft.

Another saw Verizon hand over all communications metadata of its customers to the government.

In the UK, GCHQ has allegedly been tapping fibre lines running in and out of the country, as part of Operation Tempora.

Are you a pedant on privacy issues? Try our quiz!