NSA broke privacy rules, leaked audit finds

The United States' National Security Agency overstepped its authority and broke privacy rules on thousands of occasions since 2008, the Washington Post has reported.

An NSA audit obtained by The Post, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorised collection, storage, access to or distribution of legally protected communications.

Most were unintended. Many involved failures of due diligence or violations of standard operating procedure. The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders.

The audit only tracked incidents of overreach by the agency in its offices in and around Washington, DC.  Sources told the Washington Post the number would rise significantly if the investigation cast a wider net over the agency's activities elsewhere.  

The NSA issued a statement in response to the Washington Post's findings, saying that in July 2012, Director of National Intelligence James R. Clapper declassified certain statements about the government's implementation of Section 702 in order to inform the public and congressional debate relating to reauthorization of the FISA Amendments Act (FAA).

"Those statements acknowledged that the Foreign Intelligence Surveillance Court (FISC) had determined that 'some collection carried out pursuant to the Section 702 minimization procedures used by the government was unreasonable under the Fourth Amendment'."