The NSA unfortunately has a long history of violating privacy rules, although this time the agency might not be entirely to blame. The NSA is deleting hundreds of millions of call and text message data records (collected since 2015) after learning of "technical irregularities" that led to receiving records it wasn't supposed to obtain under the USA Freedom Act. General counsel Glenn Gerstell told the New York Times in an interview that "one or more" unnamed telecoms had responded to data requests for targets by sending logs that included not just the relevant data, but records for people who hadn't been in contact with the targets. As it was "infeasible" to comb through all the data and find just the authorized data, the NSA decided to wipe everything.
The deletions began on May 23rd. It's not certain when the purge ends, but this is all metadata, not the content of the calls and messages themselves. A spokesperson also told the NYT that it didn't include location data, as the Freedom Act doesn't allow gathering that information under this collection system. The companies involved have "addressed" the cause of the problem for data going forward, the NSA said.
While the step shows that the NSA is willing to err on the side of caution, it continues a streak of privacy violations at the agency since its bulk phone data collection fell under the Foreign Intelligence Surveillance Act in 2004. It also illustrates the problem with keeping such large-scale monitoring in check. The system depends on both the NSA and telecoms strictly honoring the law, and all it takes is a mistake to create a serious privacy breach.