On Christmas Eve, the NSA released 12 years worth of internal reports that included information revealing they illegally withheld reports and were the subject of a FOIA lawsuit in 2009.
According to Bloomberg:
The heavily-redacted reports include examples of data on Americans being e-mailed to unauthorized recipients, stored in unsecured computers and retained after it was supposed to be destroyed, according to the documents. They were posted on the NSA’s website at around 1:30 p.m. on Christmas Eve.
In a 2012 case, for example, an NSA analyst “searched her spouse’s personal telephone directory without his knowledge to obtain names and telephone numbers for targeting,” according to one report. The analyst “has been advised to cease her activities,” it said.
The NSA released the documents in response to an ACLU lawsuit.
In the FY2006 1Q page 8 section c, there is this bit of information:
(TS//SI//NF) As a result of receiving advanced training on USSID SP0018 and associated SIGINT directives, an NSA intern reported that a co-worker had misused the SIGINT system to target his foreign girlfriend [REDACTED]. The OIG is investigating the alleged violation and will report the outcome of the inquiry.
If agents are so easily corruptible that they are willing to track people illegally because of a personal interest, what else are they willing to do?
If you read in between the redactions, what you’re seeing is the processes of handling database queries that are scraping information they shouldn’t.
The heavily redacted reports are available in multiple PDFs on the NSA website.
For more information on how this works, watch the PBS Frontline documentary United States of Secrets or read the Harvard Law Review article “Data Mining, Dog Sniffs, and the Fourth Amendment.”