After a report in August revealed more than 3,000 violations of privacy rules by employees of the National Security Agency (NSA) in a one-year period, NSA Chief Compliance Officer John DeLong hurried to reassure reporters that only "a couple of" those infractions were willful. Pressed to clarify about what happened in those cases, the NSA admitted that it knew about several instances where employees were using the agency's incredible spying power to check in on the communications of overseas love interests.
The agency jokingly refers to these violations as LOVEINT, a play on the operation names for HUMINT (human intelligence) and SIGINT (signal intelligence). Backers of the NSA's controversial digital surveillance practices were inclined to brush off concerns about these "isolated incidents."
"Clearly, any case of noncompliance is unacceptable, but these small numbers of cases do not change my view that NSA takes significant care to prevent any abuses and that there is a substantial oversight system in place," Sen. Dianne Feinstein (D-Calif.) told The Wall Street Journal. "When errors are identified, they are reported and corrected."
The key phrase: "When errors are identified." The NSA says that the LOVEINT revelations were primarily self-reported-usually in the course of a polygraph administered as part of the security clearance renewal process. The agency admits that it lacks the controls to know how common such violations really are. Many people have administrator or auditor status within the NSA's voluminous databases, which makes it difficult or impossible to trace their actions.