WASHINGTON — New revelations from leaker Edward Snowden that the National Security Agency has overstepped its authority thousands of times since 2008 are stirring renewed calls on Capitol Hill for serious changes to NSA spy programs, undermining White House hopes that President Barack Obama had quieted the controversy with his assurances of oversight.
An internal audit provided by Snowden to The Washington Post shows the agency has repeatedly broken privacy rules or exceeded its legal authority every year since Congress granted it broad new powers in 2008.
In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence — reports used as the basis for informing Congress.
Obama has repeatedly said that Congress was thoroughly briefed on the programs revealed by Snowden in June, but some senior lawmakers said they had been unaware of the NSA audit until they read the news on Friday. The programs described earlier vacuum up vast amounts of metadata — such as telephone numbers called and called from, the time and duration of calls — from most Americans’ phone records, and scoop up global Internet usage data.
White House deputy press secretary Josh Earnest said Friday that the NSA documents showed that NSA’s Compliance Office established in 2009 “is monitoring, detecting, addressing and reporting compliance incidents,” and that “the majority of the compliance incidents are unintentional.” In a statement from the Massachusetts island of Martha’s Vineyard, where the president is vacationing, he added that the administration is “keeping the Congress appropriately informed of compliance issues as they arise.”
Senate Judiciary Committee Chairman Patrick Leahy announced he would hold hearings into the new disclosures.
“I remain concerned that we are still not getting straightforward answers from the NSA,” the Vermont Democrat said in a statement.
Senate Intelligence Committee chairwoman Dianne Feinstein said her committee had been notified of compliance problems — not by seeing the internal audit but through legally required reports to her committee.
“In all such cases, the incidents have been addressed by ending or adapting the activity,” the California Democrat said in a statement.” She added, “The committee has never identified an instance in which the NSA has intentionally abused its authority to conduct surveillance for inappropriate purposes.”
But she said that committee would be asking for additional reports in future, and members would start making routine trips to the NSA to oversee its activities.
Her Republican House counterpart, Intelligence chairman Mike Rogers, said human error was inevitable and “there was no intentional and willful violation of the law.”
But two senators who have consistently raised red flags about possible privacy violations stemming from NSA programs said the new information was incomplete.
“We believe Americans should know that this confirmation is just the tip of a larger iceberg,” said Democratic Sens. Mark Udall of Colorado and Ron Wyden of Oregon in a statement. Both declined to provide details, citing Senate rules about discussing classified information.
Proposed legislation to dismantle the programs was narrowly defeated last month in the House. The July legislative effort brought together Libertarian-leaning conservatives and liberal Democrats who pressed for change against congressional leaders and lawmakers focused on security.
House Democratic leader Nancy Pelosi, who generally supports the programs, said in a statement Friday that the new revelations “are extremely disturbing.”
Said Rep Mike Thompson, D-Calif., a member of the House Intelligence Committee: “Reports that the NSA repeatedly overstepped its legal boundaries, broke privacy regulations and attempted to shield required disclosure of violations are outrageous, inappropriate and must be addressed.”
A week ago, Obama sought to soothe concerns by promising to consider reforms to NSA surveillance.
“It’s not enough for me to have confidence in these programs,” he said at a White House news conference. “The American people have to have confidence in them as well.”
He announced changes such as convening an outside advisory panel to review U.S. surveillance powers, although it is unclear how that would differ from the existing U.S. Privacy and Civil Liberties Oversight Board, mandated by Congress to monitor surveillance and constitutional concerns. Obama also said the NSA would hire a privacy officer — though the NSA already has a compliance office. None of those measures would seem likely to stop the kind of inadvertent collection of information that was described in the NSA audit.
Most of the infractions revealed late Thursday involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by law and executive order, according to the May 3, 2012 audit, and other top-secret documents.
The May audit counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications. Most were reported to be unintended, and many involved failures to take sufficient care or violations of standard operating procedure. They ranged from significant violations of law to typographical errors that resulted in unintended interceptions of U.S. emails and telephone calls.
The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders.
In the typographical error category, the Post cited a 2008 example of the collection of a “large number” of phone records from Washington, D.C., when a programming error confused the District of Columbia area code 202 for 20-2, the international dialing code for Cairo, according to a quality assurance review that was not distributed to the NSA’s oversight staff.
The NSA also saw a spike in the number of “roamers,” or overseas, phone calls wrongly tracked in the first quarter of 2012, when those roamers traveled into U.S. territory, which is outside NSA’s authority. The report said the errors may have been due to tracking Chinese who were visiting friends and relatives for the Chinese lunar new year.
In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had been in operation for many months. The court ruled it unconstitutional.
The FISC’s chief judge told the Post that the court could rule only on the material it was given.
“The FISC is forced to rely upon the accuracy of the information that is provided to the Court,” U.S. District Judge Reggie Walton said in a written statement to the Post. “The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing (government) compliance with its orders.”
The Associated Press made a request to Walton for that statement. A court official said the judge had no response.
The White House declined Friday to comment on the latest revelations. It directed questions to the National Security Council, and NSC spokeswoman Caitlin Hayden directed questions to the NSA.
NSA spokeswoman Vanee Vines said the number of incidents in the first quarter of 2012 was higher than normal, and that the number has ranged from 372 to 1,162 in the past three years, due to factors such as “implementation of new procedures or guidance with respect to our authorities that prompt a spike that requires ‘fine tuning,’ changes to the technology or software in the targeted environment for which we had no prior knowledge, unforeseen shortcomings in our systems, new or expanded access, and ‘roaming’ by foreign targets into the U.S., some of which NSA cannot anticipate in advance but each instance of which is reported as an incident.”
“When NSA makes a mistake in carrying out its foreign intelligence mission, the agency reports the issue internally and to federal overseers — and aggressively gets to the bottom of it,” Vines said.
When asked why the Post did not publish the story earlier, though the paper said it had the documents for months, spokeswoman Kris Coratti emailed Friday that “it has taken some time to study them and understand the information they contain.”
The AP filed a Freedom of Information Act request to the NSA on June 17 asking for all copies of “minimization procedures” the agency uses to avoid collecting Internet and telephone data from U.S. citizens. That request sought documents that would also detail how the government purges records that may have been accidentally collected. The AP has yet to receive responsive material, though the NSA agreed to fast-track its request.
Associated Press writers Jesse J. Holland and Jack Gillum in Washington, and Darlene Superville in West Tilsbury, Mass., contributed to this report.