NSA’s Inspector General Appears to Be Disappearing 299 Deliberate Violations a Year

Bloomberg is getting a lot of attention for reporting the results of a still-classified (and unleaked) NSA Inspector General audit showing that NSA averages one rule violation a year.

Some National Security Agency analysts deliberately ignored restrictions on their authority to spy on Americans multiple times in the past decade, contradicting Obama administration officials’ and lawmakers’ statements that no willful violations occurred.


The incidents, chronicled in a new report by the NSA’s inspector general, provide more evidence that U.S. agencies sometimes have violated legal and administrative restrictions on domestic spying, and may add to the pressure to bolster laws that govern intelligence activities.

The inspector general documented an average of one case per year over 10 years of intentionally inappropriate actions by people with access to the NSA’s vast electronic surveillance systems, according to an official familiar with the findings. The incidents were minor, the official said, speaking on the condition of anonymity to discuss classified intelligence. [my emphasis]

Now, perhaps the IG is using the rule laid out by Barton Gellman saying that intentionally inappropriate action that serves “the mission” isn’t an intentionally inappropriate action.

If they are performing the mission that the NSA wants them to perform, and nevertheless overstep their legal authority, make unauthorized interceptions or searches or retentions or sharing of secret information, that is not abuse, that’s a mistake.

But this seems to be another example of NSA’s funny math.

Because the NSA’s own internal count of such violations suggests there would be closer to 300 such violations a year (counting just those deemed a lack of due diligence). The 772 violations for the S2 Directorate in the first quarter of 2011 represented 89% of all NSA’s violations that quarter; if their 68 due diligence violations represented 89% of all due diligence violations (S2’s rate for due diligence violations is lower than the two other categories broken out), you’d expect 76 each quarter, or just over 300 a year.

So whereas the NSA is telling itself that there are 300 examples a year where someone doesn’t follow rules — not because they don’t know them (those are training violations) or because they make a data entry error (those are human error), but something else — it is telling Congress there is just one example a year.

Poof! Magic math.

Update: If Kimberly Dozier got it too, it’s an official leak.

They apparently don’t fire people who use all these spy tools to spy on their exes.

Two U.S. officials said one analyst was disciplined in years past for using NSA resources to track a former spouse. The officials spoke on condition of anonymity because they were not authorized to speak publicly.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

17 replies
  1. What Constitution says:

    OK, let’s go for a little more highbrow in the “ridicule their asses” department:

    The NSA’s explanation for what constitutes a violation is very much like Medea’s explanation when caught trying to poison Theseus: “Poison? That?”

  2. Tryggth says:

    Still a little bit of a nervous breakdown, rolling disclosure. Bet there are a couple of doozies in the pile.

  3. Peterr says:

    DiFi’s reaction is comical:

    Last week, Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) said she was unaware of any intentional privacy violations.

    “As I have said previously, the committee has never identified an instance in which the NSA has intentionally abused its authority to conduct surveillance for inappropriate purposes,” she said in a statement.

    Why she would pride herself on the committee’s inability to conduct meaningful oversight is beyond me.

  4. whispersd says:


    “Why she would pride herself on the committee’s inability to conduct meaningful oversight is beyond me.”

    She has amassed a good deal of wealth with her attitude. Shouldn’t that be a point of pride?

  5. P J Evans says:

    people who use all these spy tools to spy on their exes

    It’s a temptation that has gotten people fired at other places, particularly hospitals where celebrities are likely to be patients.

  6. Snoopdido says:

    This is off topic, but is what this Guardian article says true? http://www.theguardian.com/world/2013/aug/22/david-miranda-court-victory-data-police

    “A Home Office lawyer said the material seized from Miranda as he was in transit from Berlin to Rio de Janeiro included tens of thousands of classified UK intelligence documents “disclosure of which would risk lives”.

    The Met welcomed the decision “which allows our examination of the material to continue in order to protect life and national security, and for the purposes of the schedule 7 examination [ie whether Miranda is a terrorist].

    “Initial examination of the material seized has identified highly sensitive material, the disclosure of which could put lives at risk. As a result the Counter Terrorism Command (SO15) has today begun a criminal investigation. This investigation is at an early stage and we are not prepared to discuss it in any further detail at this stage.”

    Breaking down the possibilities:

    1. It is true. The UK broke the encryption via NSA and/or GCHQ and has the documents.

    2. It is true. The UK “acquired” the encryption keys by spying on or stealing them from Laura Poitras in Germany or Glenn Greenwald in Brazil and decrypted the documents.

    3. It isn’t true. The UK wants Glenn Greenwald and Laura Poitras to believe that the UK decrypted the documents.

    In all 3 cases, I wonder how this will impact the way Glenn Greenwald and Laura Poitras approach their work now.

    It may also have been a factor in why the Guardian decided to work with the New York Times. Perhaps they believe that both Glenn Greenwald and Laura Poitras may be at risk of arrest now or soon and the Guardian decided to try and shelter under the umbrella of a bigger media outlet.

  7. Snoopdido says:

    @Snoopdido: In a related story, this from the AP’s Adam Goldman and Kimberly Dozier – Snowden suspected of covering electronic tracks – http://hosted.ap.org/dynamic/stories/U/US_NSA_SURVEILLANCE_SNOWDEN?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2013-08-24-03-30-59

    “The U.S. government’s efforts to determine which highly classified materials leaker Edward Snowden took from the National Security Agency have been frustrated by Snowden’s sophisticated efforts to cover his digital trail by deleting or bypassing electronic logs, government officials told The Associated Press. Such logs would have showed what information Snowden viewed or downloaded.

    The government’s forensic investigation is wrestling with Snowden’s apparent ability to defeat safeguards established to monitor and deter people looking at information without proper permission, said the officials, who spoke on condition of anonymity because they weren’t authorized to discuss the sensitive developments publicly.

    The disclosure undermines the Obama administration’s assurances to Congress and the public that the NSA surveillance programs can’t be abused because its spying systems are so aggressively monitored and audited for oversight purposes: If Snowden could defeat the NSA’s own tripwires and internal burglar alarms, how many other employees or contractors could do the same?”

  8. emptywheel says:

    @Snoopdido: On working with the NYT: Rusbridger is probably at greatest risk, but all are at risk for Official Secrets Act violations. By including the NYT, you make it clear that the UK is going to have to prosecute Scott Shane along with the Guardian if they want to make their case.

  9. JohnT says:

    Off topic

    Wha? No Trash Talk mentioning A Rodgers porn stache? Or is he a secret barber shop quartet singer? And the LLWS is this weekend

  10. emptywheel says:

    @JohnT: Yeah, Mr EW and I were laughing about that.

    I’ve been neck deep in NSA documents, and bmaz claims pre-season isn’t real football (probably because the Cardinals are playing better than the Packers).

    Though I almost did a trash just to try to work through the Kitties’ shellacking of the Pats the other night.

  11. earlofhuntingdon says:

    Funny how the press can be commenting on the “results” of a an “unleaked” but “still-classified” document.

  12. C says:

    @P J Evans: Spying on your ex would get you fired from any DMV and likely cause you to be charged with a crime. Ditto for any tax office or other local agency. Yet the NSA chooses merely to “discipline” them?

    That is so pathetic it does not deserve polite language.

Comments are closed.