Personal observation:
Internal security best practices in spy organizations are rarely 'overlooked'. It is all about trade-offs. II think the more important question is "why would the NSA have lax internal oversight on both user-privledges AND audit-logs?"
The answer is that it is much easier for black bag operations to be scrubbed from potential oversight when an individual holds the power to run the hidden|illegal analysis and clean their own log trails.
The answer is that it is much easier for black bag operations to be scrubbed from potential oversight when an individual holds the power to run the hidden|illegal analysis and clean their own log trails.