The NSA released a privacy report on its surveillance activities under 12333, an Executive Order that provides broad authority for data collection. But the report only addresses a narrow aspect of the EO 12333 collection - protections for U.S. persons in the context of targeted signal intelligence activities. The report fails to address bulk collection or privacy protections for non-U.S. persons. A previously disclosed internal audit revealed that the NSA violated both legal rules and privacy restrictions thousands of times each year since 2008. Another document shows how NSA analysts are trained to avoid giving "extraneous information" to their "FAA overseers" when they want to target an individual. The NSA privacy report did not address these previous violations. Earlier this year, EPIC urged the Privacy and Civil Liberties Oversight Board to review the surveillance activities conducted under EO 12333. EPIC is also pursuing several FOIA matters to learn more about the use of 12333 authorities. For more information, see EPIC: Executive Order 12333.