Leaked NSA Audit Shows It Violated Privacy Rules

Aug 17, 2013
Originally published on August 16, 2013 2:56 pm

The Washington Post  has released more of the information it received from the fugitive National Security Agency (NSA) leaker Edward Snowden.

The Post reports that an internal audit, the NSA found it had violated privacy rules thousands of times.

Some violations were as simple as typos that led to unintended searches, while others involved new collection methods that were ultimately ruled unconstitutional.


  • Carol Leonnig, reporter with the Washington Post. She tweets @CarolLeonnig.
Copyright 2018 NPR. To see more, visit http://www.npr.org/.


From NPR and WBUR Boston, I'm Meghna Chakrabarti, in for Jeremy Hobson.


I'm Robin Young. It's HERE AND NOW. And we start with more documents leaked from Edward Snowden, and in a minute a researcher who says he can change the way you feel about leaking and whistleblowing.

CHAKRABARTI: But first, about those Snowden documents. We're learning more now about how the National Security Agency broke some of its own rules - and sometimes thousands of times - in its massive surveillance program. That's the revelation this morning from the Washington Post which reports that the NSA frequently broke privacy guidelines or exceeded its legal authority since 2008. And that's according to a number of documents, including one of the NSA's own internal audits.

House Democratic leader Congresswoman Nancy Pelosi today says the news is extremely disturbing. Carol Leonnig is a reporter with the Washington Post, and she's been covering this story. Carol, welcome.


CHAKRABARTI: So first let's start with that NSA internal audit. It's from May 2012. What exactly did it find?

LEONNIG: What it showed was something we found really startling, and that was in two different categories, the NSA, just in its Washington office, its Fort Mead headquarters, was violating the rules intended to protect Americans' privacy when it listened to calls when it collected data, when it stored information about communications, both Internet and phone, that it broke those rules as many as 10 times a day.

This was in stark contrast to what the Department of Justice's deputy attorney general told the public, that it happens once in a while that the rules are broken.

CHAKRABARTI: Now obviously the existence of this audit suggests that the NSA knew this had happened. But did they do anything in response to discovering that rules were broken, what, almost 3,000 times?

LEONNIG: Correct. What's unclear from this document is how much of this information they shared with the court, meaning the secret surveillance spy court, often called the FISA court for foreign intelligence surveillance. So you don't know how often they told the court, as they are required to do when they violated privacy rules or other court orders, in how they queried this data and collected Americans' information.

We also can't tell from this document the specific remedies in each of the instances because there just isn't that much detail in the memorandum about all of the cases; there are so many of them. And we do have a little bit of insight from additional reporting about two very serious compliance problems that I'd be happy to tell you about, both in 2009 and 2011.

CHAKRABARTI: Absolutely, please do.

LEONNIG: Well in 2009, the Justice Department reported to the court, after an internal review, that there had been a huge what they called operational problem that led to series after series after series of compliance violations. That means it violated the order of the court in terms of protecting Americans' privacy.

Remember, you're only at the NSA supposed to access people's telephone or Internet records when you have a reasonable suspicion that they are linked or connected to or communicating with a foreign power or terrorist organization. So these are basically instances where innocent people are having their records collected or reviewed.

CHAKRABARTI: Now Carol, we read a little earlier part of a statement from Congresswoman Nancy Pelosi, and in addition to that, she said in the statement: Congress must conduct rigorous oversight to ensure that all incidents of noncompliance are reported and that appropriate steps are taken to ensure violations are not repeated.

In a couple seconds, I'm wondering if you could tell us how the NSA itself has responded to the reporting from the Washington post.

LEONNIG: The NSA declined to speak on the record when we asked them questions, when my colleague Bart Gellman and I talked with them about these - this internal memo. They provided - they and the White House provided - a senior intelligence official who did not want to be named to explain their view that they are, from time to time, have higher and lower incidents of compliance violations and that they are properly documenting those and trying to fix them.

They look for patterns of violations to try to make their system better, they say, but they so far have declined to talk on the record about this.

CHAKRABARTI: Well, Carol Leonnig is a reporter with the Washington Post. Carol, thank you so much for joining us today.

LEONNIG: Thank you. Transcript provided by NPR, Copyright NPR.