There was good reason to put those efforts under tight scrutiny, the Inspector General's office said.

Under one program, nicknamed Program A, the DEA relied on "non-target specific" subpoenas to make telecoms supply metadata for calls made between the US and countries it deemed a "nexus to drugs," even when there was no apparent link to a specific case. Program B, meanwhile, used equally vague subpoenas to scoop up data for anyone buying certain products through key vendors, and had no plans to get rid of that data once it was no longer useful. Program C saw the DEA buy metadata on targets through a contractor for another agency, but it wasn't clear if the DEA's authority covered that data.

On top of this, the DEA took numerous steps that "hindered" the Inspector General's access to info.

The potential for abuse isn't as high as it was years ago. The DEA shut down Program B in 2013, and scaled back Program A to focus on specific investigations in the wake of Edward Snowden's leaks. The DEA also told Nextgov in a statement that it agreed to abide by 16 recommendations from the report that would keep bulk data collection legal and respectful of civil rights. Still, the findings aren't comforting -- they indicate that the DEA spent years (dating as far back as 1992) gathering data without checking that was honoring the law, compromising privacy safeguards in the process.