The US National Security Agency has broken privacy laws thousands of times each year since it was granted broad new surveillance powers by Congress in 2008, leading to the interception of emails and telephone calls of US citizens due to mistakes made by agency staff.

Errors led the NSA to illegally spy on US citizens, secret audit leaked by Edward Snowden reveals. (Credit: Reuters)

A secret internal audit of the NSA was given to the Washington Post earlier this summer by whistleblower Edward Snowden, and details the illegal surveillance, which ranges from significant violations of US law, to typing errors leading to the unintended interception of communication between Americans.

One such error was made in 2008 and resulted in the interception of a "large number" of calls placed from Washington when a programming error confused the US dialing code 202 for 20, the international dialing code for Egypt. The mistake was blamed on a "quality assurance" review not being distributed to NSA's oversight staff.

The audit is dated May 2012, marked 'Top Secret' and was intended for the agency's top leaders; it also only counts incidents at the NSA's Forte Meade headquarters and other facilities in the Washington area. Government officials speaking to the Washington Post on grounds of anonymity said the number of incidents would be substantially higher if it included other NSA operating units and regional collection centres.

What not to tell 'our overseers'

A four-page section of the audit explains to NSA staff that, while the agency wants "to provide our FAA [Fisa Amendments Act of 2008] overseers with the information they need, we DO NOT want to give them any extraneous information." Staff are then asked to follow instruction detailing how to remove and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence.

Since the NSA's widespread surveillance was first reported in June, it has always insisted that spying only takes place on foreign targets and not US citizens, but the audit reveals Americans have been monitored thousands of times a year, albeit accidentally.

In the 12 months to May 2012 the audit counted 2,776 incidents of unauthorised collection, storage, access to or distribution of legally protected communications. The Post reports that "most were unintended. Many involved failures of due diligence or violations of standard operating procedures."


The report adds that the most serious incidents "included a violation of a court order and unauthorised use of data about more than 3,000 Americans and green-card holders."

The cause and severity of the incidents vary. One in 10 is attributed to a typing error where an analyst enters an incorrect query and retrieves data about US phone calls or emails. More serious incidents include unauthorised access to intercepted communications, distributing protected content and the use of automated computer systems without built-in safeguards to prevent unlawful surveillance.

Speaking to the Post before the audit and corresponding report were published, the NSA said it attempts to identify problems "at the earliest possible moment, implement mitigation measures wherever possible, and drive the number down."

A senior NSA official speaking with White House permission to remain anonymous said: "We're a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line."

In a bid to remove these errors, the NSA has announced that it is moving ahead with plans to lay off 90% of its 1,000 system administrators (of which Snowden was one) and replace them with automated systems.

FISC Lacks Tools to Verify NSA Actions

As for preventing the accidental spying on American citizens, a second report by the Post claims the chief judge of the secret Foreign Intelligence Surveillance Court (FISC) said it lacks the tools to independently verify how often NSA spying breaks the court's rules aimed to protect Americans' privacy.

In a written statement to the Post, US District Judge Reggie B. Walton said: "The FISC is forced to reply upon the accuracy of the information that is provided to the court. The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing [government] compliance with its order."

Walton's comments go against those made by President Obama in June, when he said the government has "federal judges that we've put in place who are not subject to political pressure...They've got lifetime tenure as federal judges, and they're empowered to look over our shoulder at the executive branch to make sure that these programmes aren't being abused."