The US’s National Security Agency has revealed some details of privacy and data breaches its analysts have been responsible for over the past 12 years, in a batch of declassified data released on 24 December.
The NSA release was required by the President's Intelligence Oversight Board (IOB) following a response to a Freedom of Information Act (FOIA) request submitted by attorneys for the American Civil Liberties Union (ACLU). However, the names, addresses and details on documents have been redacted to protect disclosures of sensitive information.
The NSA notes that in the breaches recorded from the fourth quarter of 2001 to the second quarter of 2013, that “the vast majority of compliance incidents involve unintentional technical or human error”.
“NSA collects only those communications that it is authorized by law to collect in response to valid foreign intelligence and counterintelligence requirements”, states the agency.
However, the documents include examples of electronic spying on US persons, stockpiling data that the agency is required by law to delete, continuing surveillance against targets after they have been found to be USP.
In the documents, the NSA lists errors made by analysts that risk data security, such as storing information inappropriately, or emailing it to staff without the right clearance.
The work involves information received through foreign Signals Intelligence (SIGINT) about US persons (USPs), as well as database searches under the auspices of the Foreign Intelligence Surveillance Act.