Key Takeaways From the Washington Post Report Detailing Thousands of Privacy Violations by the NSA

The Washington Post has published two important stories, based on perhaps the most signficant documents yet leaked by NSA whistleblower Edward Snowden. Separately, the stories tell of an agency in charge of policing itself, leading to thousands of violations of Americans’ privacy per year, and a secret court with no power to stop them.

These new revelations, and the many before it, lead to one conclusion: we need a full, independent investigation of the NSA’s powers. Here are the most significant new facts we learned yesterday:

An internal NSA privacy audit showed thousands of violations of the law per year, despite administration statements insisting NSA hasn’t abused its powers:

The documents, provided earlier this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance.

The NSA, on at least one occasion, decided not to report a violation of Americans’ privacy to the FISA court, in violation of court rules:

In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.

In an important statement to the Post, the chief judge of the FISA court essentially says the court does not have enough power to adequately oversee the NSA:

“The FISC is forced to rely upon the accuracy of the information that is provided to the Court,” its chief, U.S. District Judge Reggie B. Walton, said in a written statement to The Washington Post. “The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing [government] compliance with its orders.”

In just a year’s time, from April 1, 2011 through March 31, 2012, there were 2,776 “incidents” of privacy violations. The number of Americans affected is unknown, but much higher than 2,776.

The NSA audit obtained by The Post, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications. Most were unintended…  The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders.

The audit only takes into account violations at NSA headquarters in Ft. Meade in Maryland, and omits other NSA locations.  

Three government officials, speak­ing on the condition of anonymity to dis