A report issued by the Office of the Director of National Intelligence (ODNI) yesterday provides a sobering set of statistics on the breadth and depth of US intelligence surveillance of targets both overseas and within the United States. Even after steps were taken to reduce the collection of phone call metadata—ending bulk collection of phone company records and limiting collection to specific requests against records held by telecommunications providers—the National Security Agency collected over 151 million phone call records while tracking only 42 targets.
While this number is significantly smaller than the estimated billions of records that the NSA collected and retained each year under previous policy, it demonstrates just how broad the reach of surveillance of a limited number of individuals can go. Because the NSA collects data on numbers that are “two hops” away from a targeted phone, records would be collected from any number that called or was called by the target number, and then every number each of those numbers interacted with. As a result, collection expands exponentially as additional targets are added.
Other statistics from the Statistical Transparency Report Regarding Use of National Security Authority for 2016—the third such report issued by the ODNI—reveal the ever-expanding nature of other surveillance by the NSA and other agencies under the provisions of the Foreign Intelligence Surveillance Act (FISA). The number of Foreign Intelligence Surveillance Court (FISC) “probable cause” orders issued per year has stayed relatively steady, with 1,559 orders issued by FISC applying to an estimated 1,687 targets—336 of whom are “US persons.” However, the total number of “targets” tracked through Internet surveillance and other means under FISA’s Section 702 has steadily climbed well beyond that, reaching a total of 106,469 tracked individuals in 2016.
The number of queries against the data collected through Internet taps for information about Americans by the NSA and CIA also grew year over year in 2016. The report estimated that 5,288 “known US person” searches were conducted against content gathered with “upstream” collection—up from 4,672 in 2015. This does not include searches that were conducted against the records by the FBI, and it’s based on the use of specific identifiers for Americans, such as e-mail addresses. It also doesn’t count the number of times each specific query was used, so the 5,288 searches each may have been repeated multiple times.
A more accurate count of the number of times the intelligence community searched for information on Americans comes from the report’s “estimated number of queries concerning a known US person of unminimized noncontents information”—in other words, searches specifically looking for Americans by identifying metadata, such as name or phone number. In 2013, there were 9,500 of these; by 2016, that number had grown to 30,335. But apparently, the CIA has no way of counting how many of these queries are conducted, so the total excludes any of that agency’s searches; these are all NSA queries.
Another development from 2016 was the very first instance of the FBI receiving and reviewing “unminimized” information (information that had not had personally identifying data removed to protect the privacy of Americans) to acquire evidence of a crime not related to FISA surveillance. In November of 2015, the FISC “concluded that the FBI’s US person querying provisions… are consistent with the requirements of the Fourth Amendment.” In January, the Obama administration approved rules for applying that ruling further, allowing the NSA to share unminimized intercepted communications with a host of US agencies, so that number should grow dramatically in next year’s report.
On April 28, the NSA announced that it was slightly curtailing the scope of its Section 702 collection, which depends largely on direct taps into the Internet backbone at major telecommunications nexus points (such as cable landing points and other major Internet peering locations). However, this change is unlikely to reduce the growth rate of overall data collection by the NSA, as it was focused exclusively on cutting back on the number of e-mails from Americans intercepted because of searches for “selectors” identifying tracked individuals within the content of some messages.