The US National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the intelligence agency broad new powers in 2008, The Washington Post reports.
In one case, telephone calls from Washington were intercepted when the city's area code was confused with the dialing code for Egypt.
Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by law and executive order.
They range from significant violations of law to typographical errors that resulted in unintended interception of US emails and telephone calls, the Post reported Thursday.
The newspaper cited an internal audit and other top-secret documents provided earlier this year by NSA leaker Edward Snowden, a former systems analyst on contract with the agency.
In one document, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence.
It was the latest in a series of reports by the Post and other media on once-secret surveillance programs, based on information provided by Snowden, who fled the US and is now in Russia after having been granted temporary asylum there.
His status has strained the already tense relationship between the US and Russia, and President Barack Obama has called off a meeting with Russian President Vladimir Putin scheduled for next month.
The Post cited a 2008 example of the interception of a "large number" of calls placed from Washington when a programming error confused US area code 202 for 20, the international dialing code for Egypt, according to a "quality assurance" review that was not distributed to the NSA's oversight staff.
In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had been in operation for many months.
The court ruled it unconstitutional.
"At least some of these incidents seem to have implicated the privacy of thousands or millions of innocent people," Jameel Jaffer, the deputy legal director of the American Civil Liberties Union, said in a statement late Thursday. He also criticized the court, saying it relied too much on what intelligence officials say.
"It makes no sense at all to let the intelligence community police itself," Jaffer said.
The NSA audit obtained by the Post, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications. Most were unintended.
Many involved failures of due diligence or violations of standard operating procedure.
The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders.
In an emailed statement to The Associated Press late Thursday, John DeLong, NSA's director of compliance, said, "We want people to report if they have made a mistake or even if they believe that an NSA activity is not consistent with the rules. We take each report seriously, investigate the matter, address the issue, constantly look for trends and address them as well - all as a part of NSA's internal oversight and compliance efforts. What's more, we keep our overseers informed through both immediate reporting and periodic reporting."