The FBI unintentionally spied on the communications data of some Americans who were not targets of investigations because of typographical errors, according to a government watchdog.
The Justice Department's inspector general concluded in a report Thursday that the FBI has improved its overall handling of national security letters, which permit the agency to collect telephone and Internet data of suspects believed to be tied to a national security investigation.
But the inspector general identified a number of areas that "require additional effort and attention," such as a tendency to collect data on the wrong person because of routine mistakes.
"We found that the FBI's corrective measures have not completely eliminated potential intelligence violations resulting from typographical errors in the identification of a telephone number, email address, or social security number in an NSL," the report reads. "These typographical errors cause the FBI to request and, in some instances receive, the information of someone other than the intended target of the NSL."
The FBI has fulfilled 23 of 28 prior recommendations issued by the inspector general, according to the new report, which looked at the national security letter program from 2007 to 2009. Among those improvements are better guidance and training to FBI personnel, a new record-keeping practice, and periodic reviews of how national security letters are used.
Additionally, a footnote in the public version of the report says that the inspector general believed the FBI demanded too many redactions in the 232-page unclassified report.
"We disagree with these markings, which have the effect of redacting information that we believe is important to the public's understanding of the FBI's compliance with NSL requirements," the footnote reads. It added that some of the blackouts involved information that "is the same as or substantially similar to" information included in previous reports on national security letters.
Two earlier reports have been released by the Justice Department that have examined its use of national security letters, which do not require a judge's approval. In general, the FBI bars companies, such as Google or Facebook, that receive requests for user data under national security letters from discussing them publicly.