The summary released Thursday by the NSA’s Office of the Inspector General is based on a classified report produced earlier this year and says that “a small percentage of the large number” of pieces of content the NSA collects is “being retained beyond legal and policy limits.”
It does not specify the actual number.
“Current oversight must be strengthened if it is to ensure compliance with retention requirements,” the summary found.
The NSA is required to periodically delete much of the information it collects, either after a set expiration date — often five years — or because it is information the agency isn’t allowed to hold on to, for example, if an operation inadvertently picks up on a conversation between two American citizens.
The report looks at signals intelligence, such as phone calls and online communication, that the NSA collects using two of its primary legal authorities for foreign intelligence, Executive Order 12333 and Section 702 of the Foreign Intelligence Surveillance Act.
To address these problems, the OIG made 11 recommendations to the NSA in its original report. The NSA has already addressed four of those recommendations and is in the process of addressing the remaining seven, the OIG said.
“As is the case with any complex data management process that relies on computers and software programs, some error rate is possible,” an NSA spokesman said in a statement. “The agency’s goal is for perfect compliance.”