FINDING 1: NSA’s Primary ContentRepositoryHas Retained a Small Percentage of a Large Number of SIGINT Data Objects beyondLegal and Policy Retention Limits
FINDING 2: Retention Guidance Is Outdated
FINDING 3: Oversight Supporting Retention Compliance Is Insufficient
FINDING 4: The Policy Instruction for Early Age-Off of Raw SIGINT is Unclear
The OIG’s findings in this review reflect significant risks for noncompliance with legal and policy requirements governing the retention of SIGINT data. Those requirements include established minimization procedures for NSA SIGINT authorities, meaning that the deficiencies identified in our review have the potential to impact civil liberties and individual privacy. ..... The Agency agreed with all of the OIG’s recommendations and has taken action sufficient to close four of them. The OIG determined that the actions the Agency plans to take meet the intent of the remaining recommendations.
NSA Statement on NSA Inspector General Special Study
Release No: PA-001-19 Dec. 12, 2019
In this case, the IG identified an error rate involving substantially less than one-tenth of 1% of items that should have been deleted. NSA treats this seriously and has implemented steps to further reduce the possibility of errors, consistent with the OIG report.