Another “incident,” in February 2012, involved the unlawful retention of 3,032 files that the FISA court had ordered the NSA to destroy after five years, according to the May 2012 audit document. Each file contained an undisclosed number of telephone-call metadata records, the document showed.
The large number of database query incidents – which by definition involve communications that were previously collected – indicate that the NSA is collecting and storing scads of information for later analysis, including data on Americans, some analysts say. The audit documents list a dozen data-collection systems with code names – among them PINWALE, MARINA, DISHFIRE, FASTSCOPE, OCTAVE, and XKEYSCORE – in which there were 119 incidents in early 2011.
For its part, the NSA said Friday in a statement to the Post that the audit shows that the agency is trying hard to ride herd on its surveillance programs and to ensure that it adheres to the law – and that it is unabashedly documenting its own failures.
“We want people [inside the agency] to report if they have made a mistake or even if they believe that an NSA activity is not consistent with the rules,” according to the NSA statement. “NSA, like other regulated organizations, also has a 'hotline' for people to report and no adverse action or reprisal can be taken for the simple act of reporting. We take each report seriously, investigate the matter, address the issue, constantly look for trends, and address them as well – all as a part of NSA’s internal oversight and compliance efforts.”
The agency reported, too, that more than 300 people are assigned to its internal privacy-compliance program, a fourfold increase since 2009. That group manages NSA’s rules, trains its personnel, develops and implements technical safeguards, and sets up systems to monitor and guide NSA activities.