An illustration picture shows the logo of the US National Security Agency
The National Security Agency apparently compensated email service providers "millions of dollars" for costs they incurred in the fallout from an October 2011 court ruling that an unrelated aspect of the agency's surveillance operations violated the Constitution, according to a newly disclosed document.
The document - a brief article in a secret internal agency newsletter, dated October 2012, that was leaked by the former NSA contractor Edward J. Snowden and published by The Guardian on Friday - added a detail to the emerging public understanding of the once-secret episode, but it also raised new questions.
Meanwhile, Sen. Dianne Feinstein, D-Calif., chairwoman of the Senate Intelligence Committee, said Friday that the NSA inspector general's office had briefed Congress this week that there had been "roughly one case per year" over the past decade in which an agency official had willfully broken surveillance rules to gather information inappropriately, and that "disciplinary action has been taken."
Feinstein, who was responding to reporting by Bloomberg News, also said that none of the cases involved the Foreign Intelligence Surveillance Act - the law that regulates surveillance activities conducted on American soil - and "in most instances did not involve an American's information."
She portrayed the abuses as "isolated" - although unacceptable - episodes that did not change her view that the NSA had an oversight system that worked, despite the problems.
The NSA newsletter mentioning millions of dollars in costs stemming from the October 2011 ruling announced the smooth completion last fall of the Foreign Intelligence Surveillance Court's annual recertification of certain NSA procedures. (The Obama administration declassified the court ruling Wednesday.)
The procedures involve how the agency carries out eavesdropping operations without warrants on domestic soil, but aimed at foreigners abroad, under a 2008 law called the FISA Amendments Act.
The effort has two parts: one called Prism, which the NSA uses to collect messages from email providers like Google, and an "upstream" collection from networks operated by companies like Verizon. The entire effort collects about 250 million communications a year, the 2011 court ruling said.
The successful recertification contrasted with the one in October 2011, the newsletter said, when Judge John D. Bates of the surveillance court ruled that the NSA's upstream operations, which were also collecting tens of thousands of purely domestic emails for a technical reason, violated the Constitution.
As a result, the NSA had worked out new procedures for handling such messages, resulting in months of delays.
"Last year's problems resulted in multiple extensions to the Certifications' expiration dates which cost millions of dollars for Prism providers to implement each successive extension, costs covered" by the NSA, the newsletter said.
It is not remarkable that the government paid the companies for their costs. In the 2008 law, Congress required compensation "at the prevailing rate" to electronic communications service firms for "providing information, facilities or assistance" in complying with surveillance directives.
But it is not clear why Prism providers would incur significant extra costs for the mere extension of the expiration date for the older set of procedures already in use - especially when the problem leading to the delays in approving new certifications involved an issue only on the upstream surveillance operation.
© 2013, The New York Times News Service