The National Security Agency is at an “increased risk” of jeopardizing civil liberties and the privacy of American citizens, according to an inspector general report that comes just months after a controversial program that collects emails and phone calls was extended.
The NSA watchdog said that agency analysts performed “noncompliant” searches using the organization’s Foreign Intelligence Surveillance Act Authority, which were caused by “human error, incomplete understanding of the rules, and gaps in guidance.”
According to the report, which covered the period from October 1, 2017, to March 31, 2018 the unauthorized searches were related to the FISA’s counterterrorism authority.
“This has been going on for some time,” said William Banks, a law professor at Syracuse University. He said that noncompliance was a heated topic when the section 702 of the FISA act was reauthorized earlier this year. “A fair amount of it was apparently mechanical or machine-driven mistakes ... you would expect it might take the better part of a year for improvement in implementation to show results.”
Previously, privacy groups have raised issue with the noncompliance searches of digital and electronic records.
Search violations are the most common type of compliance breaches of the section 702 program, according to a 2017 report from New America, a think tank. Section 702 allows the government to collect communications from foreigners, including when they speak with Americans.
“While these violations are not willful — they are inadvertent or unintentional — they are extremely concerning,” wrote Robyn Greene, a policy counsel at New America, in the report that analyzed section 702 program violations. “These unintentional violations are a threat to Americans' privacy, and their impact can be significant and prolonged.”
The inspector general also criticized the agency for “incomplete” documentation of internal processes related to foreign dissemination of FISA data, which “increases the risk of noncompliance.”
In another example, the NSA watchdog said that three open-source capabilities of the agency posed similar risks to citizens, as well as spreading classified material.
The report comes after the agency admitted in June that it had unintentionally collected hundreds of millions of call detail records, and five years after the Snowden revelations showed some of the U.S. government’s surveillance capabilities.
A previous version of this story incorrectly said the report covered the period from August 1 to March 31. It is October 1, 2017, to March 31, 2018.
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.