It was an "internal" audit to see how well they "comply" with the law and proper procedures.
An "internal" audit that -- Whoops! -- somehow the Washington Post just got a hold of.
(Does that qualify as yet another "failure to comply" incident, spymasters?)
NSA broke privacy rules thousands of times per year, audit finds
by Barton Gellman, washingtonpost.com -- Thursday, August 15, 2013
[...]
The NSA audit obtained by The Post, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications. Most were unintended. Many involved failures of due diligence or violations of standard operating procedure. The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders.
[...]
In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.
[...]
But the more serious lapses include unauthorized access to intercepted communications, the distribution of protected content and the use of automated systems without built-in safeguards to prevent unlawful surveillance.
The May 2012 audit, intended for the agency’s top leaders, counts only incidents at the NSA’s Fort Meade headquarters and other facilities in the Washington area. Three government officials, speaking on the condition of anonymity to discuss classified matters, said the number would be substantially higher if it included other NSA operating units and regional collection centers.
[...]
The article is hot off the presses. It has an interesting chart, and lots of other 'no big deal,' internal NSA faux-paus'.
And best of all -- the NSA did NOT intend for us to see this ...
Whoops! ... Well we wanted more transparency on them, right?
So there you go.