NSA published reports containing declassified compliance errors

The National Security Agency (NSA) has released a collection of compliance reports that details failures and errors in compliance to US laws on surveillance.

It’s Christmas time and the National Security Agency decided to post dozens of quarterly reports detailing cases where it potentially violated U.S. laws for monitoring of U.S. citizens and foreigners in an unauthorized manner. The reports are related to a 12 year period, from 2001 to 2013 and have been released after the American Civil Liberties Union filed a Freedom of Information Act lawsuit.

“In general, each NSA report contains similar categories of information, including an overview of recent oversight activities conducted by NSA’s Office of the Inspector General and the Office of the General Counsel; signals intelligence activities affecting certain protected categories; and descriptions of specific incidents which may have been unlawful or contrary to applicable policies,” reads the NSA executive summary.

The US Intelligence, including the NSA, relies on a 1981 executive order that authorizes the surveillance of foreigners living outside of the US. The American Civil Liberties Union highlights the agencies use the executive order “to sweep up the international communications of countless Americans.”

“At the targeting stage, NSA collects only those communications that it is authorized by law to collect in response to valid foreign intelligence and counterintelligence requirements,” the NSA report’s executive summary reads. “After foreign intelligence or counterintelligence information is acquired, it must be analyzed to remove or mask certain protected categories of information, including U.S. person information, unless specific exceptions apply.” “Data incorrectly acquired is almost always deleted.” 

The executive Order 12333 approved under the Regan’s Administration “requires” the NSA to detail and report “intelligence activities they have reason to believe may be unlawful or contrary to Executive Order or Presidential Directive.”

According to NSA, the data are stored by the Agency in its systems to be available for successive analysis. The reports disclosed by the NSA include datils related to many incidents where NSA agents pulled up the wrong information with the database. Of course the Agency added to each record a statement that clarify the data was either not accessed or the query and results were deleted.

Many reports include procedural errors committed by NSA operators, but as explained by TechCrunch it is quite normal when a so large number of agents access so complex tools for analysis.

“In short, most of the reported errors are more programatic in nature, dealing with people finding selectors that should have been deleted and the like. Keep in mind that the NSA employs a huge number of employees who have powerful tools, who operate under complex law, all while dealing with fluid situations. That they make the occasional accidental error is neither surprising, nor particularly worrisome.” reads a post on TechCrunch.


One of the reports also mentioned the case where an NSA agent has intentionally queried the systems for unnecessary and illegal data.

“One document states a woman went through her husband’s phone contacts “without his knowledge to obtain names and phone numbers for targeting” over a period of 2-3 years.” continues TechCrunch.

Sincerely speaking, I’m not surprised by the data released by the NSA, nothing new in my opinion and nothing goes out ordinary activities of an intelligence agency … even if we are speaking of errors or abuses.

Pierluigi Paganini

NSA published reports containing declassified compliance errors

December 31, 2014

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...