NSA Collected Data on Millions of Americans Just to Investigate 248 People
The National Security Agency was interested in the phone data of fewer than 250 people believed to be in the United States in 2013, despite collecting the phone records of nearly every American.
As acknowledged in the NSA's first-ever disclosure of statistics about how it uses its broad surveillance authorities, released Friday, the NSA performed queries of its massive phone records troves for 248 "known or presumed US persons" in 2013.
During that year, it submitted 178 applications for the data to the Fisa court during that period, which, as first revealed by the Guardian thanks to leaks from Edward Snowden, permitted the ongoing, daily collection of practically all US phone records.
The number of "selectors" NSA queried from that data trove, a term referring to an account and not necessarily an individual user, was 423 in 2013, an increase from the "less than 300 times" it searched through the data trove in 2012, according to former deputy NSA director John Inglis.
"This transparency report is significant because it shows for the first time on an annual basis both targets of business-record orders and the number of US persons specifically targeted with these metadata queries," said Alan Butler, a lawyer with the Electronic Privacy Information Center.
"These are critical numbers to review when talking about a program that sweeps in the records of hundreds of millions of Americans."
The pressure that resulted from revelations of that bulk collection has prompted the NSA and the Obama administration to divest itself of collecting US phone data in bulk, opting instead under pending legislation to take chains of connected "call data records" from the phone companies based on judicial orders. Since thousands of such records can be obtained based on a single order, civil libertarians in and outside Congress doubt that the shift ends "bulk collection" as commonly understood; the NSA disagree.
That pressure also prompted the Office of the Director of National Intelligence to release the long-awaited statistics, as a transparency measure.
While the surveillance statistics report provides only limited detail, it reveals that under a single order in 2013 pursuant to a 2008 law permitting NSA to obtain Americans' international calls without individually specified warrants, some 89,138 "targets" had their data collected.
But those "targets" are not necessarily 89,138 people.
For the purposes of the relevant surveillance power, known as Section 702 of the Fisa Amendments Act of 2008, a target could be "an individual person, a group or an organization composed of multiple individuals or a foreign power," the report explained. Such targets are counted once in the report although the NSA might be able to siphon data from "multiple communications facilities" used by the target.
Nor did the NSA disclose how many times in 2013 it has warrantlessly searched those collected communications for Americans' data, something intelligence officials have pledged to disclose to Senator Ron Wyden, Democrat of Oregon.
The controversial queries, dubbed colloquially the "backdoor search" by Wyden, received a drubbing last week from a House amendment to defund it, and next week, a government privacy board plans to release the results of its investigation into the practice.
Similarly, a new accounting of a kind of nonjudicial subpoena for records used by the Federal Bureau of Investigation, known as a National Security Letter, declined to specify the number of Americans whose data was impacted. Instead, the report revealed that the FBI issued 19,212 national security letters in 2013, entailing 38,832 "requests for information."
The report said greater granularity would not be technically possible to provide.
"The FBI's systems are configured to comply with Congressional reporting requirements, which do not require the FBI to track the number of individuals or organizations that are the subject of an NSL," it said, further explaining that the "subscriber accounts" it receives in response from companies do not necessarily correspond to single individuals.
Some privacy advocates expressed scepticism about how genuine and accurate an account of NSA surveillance the report actually provides.
"The ODNI report calls itself into question by saying they're providing numbers, but immediately saying those numbers are only true to the extent the intelligence community believes it can release them without compromising sensitive information," said Amie Stepanovich of the digital rights group Access.
"The numbers could be much greater, and made to look smaller because of what the intelligence community calls preserving intelligence programs.
Butler considered the report an improvement, but "we'd still like to see more comprehensive reports," more akin to the detailed wiretap reportsissued by the administrative office of the US courts.