FORT MEADE, Md. –
The National Security Agency (NSA) concurs with the recommendations in today's report by NSA's Office of the Inspector General (OIG) on internal procedures and policy for the deletion of certain data. NSA welcomes the recommendations made by the NSA OIG, and has already taken actions to close four of the recommendations and has plans to meet the intent of the remaining recommendations.
In addition to the technical controls described in the IG’s report, NSA has overlapping technical and policy controls to protect civil liberties and privacy that substantially reduce the likelihood of information retained beyond policy and legal limits being available for use.
As required by law and Agency policies, on an ongoing basis NSA deletes data that was lawfully collected in connection with the Agency’s foreign signals intelligence mission, balancing privacy concerns with the need to have relevant data available for analysis in connection with national security threats. This process is the subject of detailed, continuous and extensive oversight – both by internal supervisory and compliance checks as well as by external entities such as (depending on the particular type of data) the Foreign Intelligence Surveillance Court, the Department of Justice and the Department of Defense. As is the case with any complex data management process that relies on computers and software programs, some error rate is possible. The Agency’s goal is for perfect compliance.
In this case, the IG identified an error rate involving substantially less than one-tenth of 1% of items that should have been deleted. NSA treats this seriously and has implemented steps to further reduce the possibility of errors, consistent with the OIG report.