Spying on Its Own: The NSA's Deep Bag of Tricks

http://www.spiegel.de/international/world/news-report-shows-how-the-nsa-spies-on-americans-too-a-917000.html


NSA headquarters in Fort Meade, Maryland

***SNIP

Thousands of 'Incidents'

Some 2,776 "incidents" are listed in the classified quarterly report from 2012 that the Washington Post has published in its entirety, with the exception of a few areas that have been blacked out. The report encompasses incidents from the previous 12 months. The report only covers incidents involving NSA facilities in the Washington DC area; the actual global figure could be considerably higher. The "incidents" referred to data for which the NSA does not have authorization to collect, store or analyze.

The only information collection that is not permitted is that of American citizens, but the report shows that their data often lands in the NSA's digital dragnet as by-catch. Each "incident" means that e-mails have been read, contact networks have been mapped and communications have been intercepted. In some cases such data has even been passed on to other US government agencies, like the Drug Enforcement Administration (DEA).

"The majority of incidents in all authorities were database query incidents due to human error," the report, written by the director of oversight and compliance for the NSA's Signals Intelligence Directorate, states. The systems most often involved in those incidents are powerful spying tools like XKeyscore and the NSA's Pinwale database, which can save large quantities of Internet communications data for years.

Among the most common causes given for the unauthorized surveillance is "lack of due diligence," as well as issues like typographical errors, using the wrong search parameters or overly broad syntax in searches. In some cases, data collection continues even though the related order to intercept it has long since expired.