The deletions began on May 23rd. It's not certain when the purge ends, but this is all metadata, not the content of the calls and messages themselves. A spokesperson also told the NYT that it didn't include location data, as the Freedom Act doesn't allow gathering that information under this collection system. The companies involved have "addressed" the cause of the problem for data going forward, the NSA said.

While the step shows that the NSA is willing to err on the side of caution, it continues a streak of privacy violations at the agency since its bulk phone data collection fell under the Foreign Intelligence Surveillance Act in 2004. It also illustrates the problem with keeping such large-scale monitoring in check. The system depends on both the NSA and telecoms strictly honoring the law, and all it takes is a mistake to create a serious privacy breach.