How a Typo At the NSA Can Flag You As a Terrorist Threat

Impact

A recently distributed internal audit of the National Security Agency has revealed some surprising news about the nature of violations of federal laws regarding surveillance. A high nuber of infractions by the agency, it turns out, have little to do with agency efforts to push the line on privacy. Instead, they have everything to do with unintentional human error.

The report reveals that small mistakes made by bureaucrats at the NSA such as operator search errors and typographical errors violate Americans' privacy every day. While Americans can take some solace in the fact that these violations are unintended, the revelation that our privacy stands at the mercy of human error should be troubling.

The audit report, obtained by the Washington Post, reveals that the NSA violated FISA standards during the first quarter of last year 195 times, where 123 of these incidents had to do with "operator error" such as "insufficient or inaccurate research information," "training issues," and "typographical errors," and 72 were the result of "computer error." 

Most of the 2,776 total violations to legal standards identified in the audit are the result of a small, unintended mistake made by an agency official. The incidents resulting from human and computer error then lead to unauthorized collection, storage, access, or distribution of legally protected communications of Americans or foreign intelligence targets in the United States.

The White House and the NSA have both replied to recent outcry regarding the audit to claim the errors are par for the course, and a problem the administration promises to address. "The one constant," the White House responded in a statement to The Washington Post, "is a persistent, dedicated effort to identify incidents or risks of incidents at the earliest possible moment, implement mitigation measures wherever possible, and drive the numbers down."

A senior NSA official echoed these claims, and fired back that this high degree of human error is unavoidable. “We’re a human-run agency operating in a complex environment with a number of different regulatory regimes," he explained, "so at times we find ourselves on the wrong side of the line.”

But, it is frightening to imagine how a powerfully a small typo can violate American privacy. As just one example, a small programming error in 2008 revealed in the audit that the U.S. area code 202 was confused for the number 20, the international dialing code for Egypt. This small typing difference in numerical code led to the interception of a "large number" of calls placed from Washington.

All U.S. government agencies are, of course, imperfect, human-run institutions that are subject to all sorts of failures that can stem from negligence and willful misconduct. The large scale of data the NSA must monitor in its security programs is no small task for the computer and human systems sifting through the material every day, so it may not come as a surprise that the monitoring is imperfect. But as the national debate on surveillance tends to focus on broad, theoretical debates about the line between privacy and security in crafting surveillance programs, the specific details of surveillance procedures including the substantial proclivity for human error in monitoring the databases should be taken into account. If these errors can be avoided by tightened systems, more fine-tuned procedures, and better training, it would be a step in the right direction for ensuring Americans' privacy.