NSA's First Post-USA Freedom Act Report Shows It Can Still Turn Transparency Into Opacity
from the most-notable-fact?-that-it-even-exists. dept
The NSA has released its first post-USA Freedom Act “Transparency Report,” highlighting the changes made to its bulk records collection as a result of the legislation. The NSA is now limited to approaching service providers for records using RAS (Reasonable Articulable Suspicion)-approved selectors, rather than simply gathering everything and sorting through it at its convenience.
That being said, it still performs a certain amount of “selecting” in the dark, using collected data held on its own servers. While the number of “hops” it’s able to perform from its original RAS-approved selector has been limited, it may be able to perform more expansive contact chaining thanks to its own analytic processes, which are removed from FISA Court oversight.
Julian Sanchez, writing for Just Security, notes that the NSA is indeed complying with the new law’s limitations on contact chaining.
The report’s definition of “one hop” and “two hop” results clarifies that they are interpreting the statute as Congress intended: The “results” generated in response to a specific selector will encompass only particular numbers in direct contact with that selector, as opposed to any numbers that might show up on (say) the same monthly phone bill.
However, this doesn’t necessarily mean the NSA is limiting itself to contacts once or twice removed from numbers in direct contact with RAS-approved selectors. Sanchez points out that there’s no way to tell exactly what the NSA is doing with its collected records before approaching service providers for data on contacts further down the chain.
There are two notable consequences to this procedure. On the one hand, at least on its face, it would seem to preclude NSA from requiring the phone carriers to conduct “chaining” between the first and second hop using data (such as, for instance, location information or billing addresses) possessed by the telephone carriers but not produced to NSA, because it falls outside the scope of USA Freedom’s relatively narrow definition of Call Detail Records. On the other hand, it makes the process of generating the list of one-hop selectors to be used by carriers as the basis for production of second-hop Call Detail Records effectively a black box under NSA’s control. The first list of “specific selectors” will consist of phone numbers or other identifiers that the Foreign Intelligence Surveillance Court has verified are linked to a foreign power (or agent thereof) engaged in international terrorism. But the second list — the basis for production of those second-hop Call Detail Records — will be generated by NSA itself, using its massive array of internal databases and its own definition of what it means for two numbers (or other identifiers) to be in “direct contact.”
So, that’s a concern and one that’s incredibly hard to track, as the NSA’s transparency reporting obscures the number of selectors queried. Not only that, but despite the report continually referring to “call records” and “telecommunications providers,” there’s nothing in the program that limits the NSA to collecting only telephone call metadata. Marcy Wheeler points out that a “selector” could be almost anything and return — instead of numbers dialed or received — information that could be used to track other activity.
What this means, in effect, is that NSA and FBI (the latter does the actual application) will get a specific identifier — which could be a phone number, a SIM card number, a handset identifier, or a credit card, among other things — approved at the FISC, then go back to at least NSA’s data (and quite possibly FBI’s), and find all the contacts with something deemed to “be” that identifier that would be meaningful for a “phone company” to query their own records with, up to and including a cookie (which is, by definition, a session identifier).
The ambiguity surrounding the term “selector” will not be made any less ambiguous by the NSA’s reporting.
Given the breathtaking variety of selector types the NSA uses, this could represent a great deal of queries on the provider side, many tracking user activity rather than user communications. And, at least given how the privacy report describes the transparency reporting, neither those interim NSA selectors nor cookies showing user activity but not communication of information would get counted in transparency reports.
This is how the NSA will be reporting data on selectors, targets and records returned:
The number of targets under each order: Defined as the person using the selector. For example, if a target has a set of four selectors that have been approved, NSA will count one target, not four. Alternatively, if two targets are using one selector that has been approved, NSA will count two targets.
The number of unique identifiers used to communicate information collected pursuant to an order: Defined as each unique record sent back from the provider(s).
Julian Sanchez similarly notes the NSA will achieve opacity through transparency by reporting on its collection efforts in this manner.
[T]he additional directive to report the “number of unique identifiers used to communicate information collected pursuant to an order” employed under this authority has been interpreted in a rather counterintuitive way. The most natural-seeming way to read this would be as requiring a count of the number of “specific selectors” sent to the phone carriers as the basis for production of records — though arguably the fact that the statute doesn’t explicitly use the “specific selector” language could be read to signal that something different may have been intended. Instead, NSA reads this as requiring them to publish a tally of “each unique record sent back from the provider,” meaning that “if NSA receives the same record separately, whether from multiple providers or one provider, NSA will count each response separately. The Agency recognizes that NSA’s metrics, therefore, likely will be over-inclusive.” This will guarantee that the number reported is both extremely large and quite difficult to interpret.
By undercounting selectors and overcounting records collected, the NSA can nod towards transparency while producing a jumble of numbers that comes nowhere close to accurately portraying its collection activities.
Still, the fact that such a report exists is notable in and of itself, considering the agency has spent decades in total darkness. And there’s always a chance more refined reporting will be demanded in the future. For now, though, the NSA appears to be complying with the new law — at least as far as its relationship with telecommunications providers is concerned. Its method of contact chaining, however, appears to exist in a statutory loophole, free from direct FISA oversight.