Transparency Report From Office Of The Director Of National Intelligence Shows Government Issuing 50 NSLs Per Day

from the section-702-still-most-efficient-use-of-paperwork dept

In the begrudging spirit of forced openness, the Office of the Director of National Intelligence (James "Least Untruthful" Clapper, presiding) has released its First Annual Ever Transparency Report. So, what have our intelligence agencies been up to for the last calendar year? Well, a little of this and whole lot of that, all of it broken down into numbers that don't really provide that much transparency.

The figure that first stands out is related to the Section 702 program. As defined in intelspeak, the 702 program:

facilitates the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States, creating a new, more streamlined procedure to collect the communications of foreign terrorists.
In plain English, the Section 702 program does this:
[The] collection done under Section 702 captures content of communications. This could include content in emails, instant messages, Facebook messages, web browsing history, and more.
Like other bulk surveillance programs, Section 702 supposedly targets non-US persons but frequently "incidentally" collects content from US persons and other non-targets. This data on Americans is then searchable via backdoor searches. Much of this information is collected directly off the "Internet backbone" as communications flow through NSA collection points. The authority it operates under is incredibly vague and almost completely without adequate oversight. This last sentence explains the following numbers.


In contrast with sections 703, 704 and pen register requests -- where the number of targets roughly corresponds with the number of orders -- the 702 program operates under one order… which nets over 89,000 targets. Note -- and this is important -- that the report only says how many "targets" are "affected." It does not say how many other people's communications are "incidentally" collected along the away and made open to those backdoor searches. And, rest assured, that number is likely much larger than 89,000 -- especially since we already know that any communication "about" any target gets swept up, but that won't count towards that number. And, as discussed below, the definition of "target" can often mean something entirely different than what you think it means. This broad collection, one that harvests content rather than (supposedly harmless) metadata, is one of the NSA's favorite tools and explains its willingness to discuss alterations to the Section 215 bulk metadata program, but not to change the 702 program at all. (Not that anything much actually happened to the 215 program, even after all of the discussion.)

What's more interesting, though, is the long discussion about the incredibly high number of National Security Letters issued in 2013.


The FBI (along with other agencies) is issuing NSLs at the rate of 53 per day. The ODNI's long explanation attempts to portray this huge number as most certainly not evidence of NSL abuse.
In addition to those figures, today we are reporting (1) the total number of NSLs issued for all persons, and (2) the total number of requests for information contained within those NSLs. For example, one NSL seeking subscriber information from one provider may identify three e-mail addresses, all of which are relevant to the same pending investigation and each is considered a “request.”
So, the FBI (and unnamed other agencies) must issue a new NSL (the "must" is up for discussion) for each account it wishes to collect from, whether it's an email address or some other online account. And if multiple names are used for one target, then new NSLs must be issued to claim that information. And so on, until the government is issuing nearly 20,000 per year.

The ODNI attempts to explain how difficult it is to narrow down how many people are being targeted by NSLs.
We are reporting the annual number of requests rather than “targets” for multiple reasons. First, the FBI’s systems are configured to comply with Congressional reporting requirements, which do not require the FBI to track the number of individuals or organizations that are the subject of an NSL.

Even if the FBI systems were configured differently, it would still be difficult to identify the number of specific individuals or organizations that are the subjects of NSLs. One reason for this is that the subscriber information returned to the FBI in response to an NSL may identify, for example, one subscriber for three accounts or it may identify different subscribers for each account…

We also note that the actual number of individuals or organizations that are the subject of an NSL is different than the number of NSL requests. The FBI often issues NSLs under different legal authorities, e.g., 12 U.S.C. § 3414(a)(5), 15 U.S.C. §§ 1681u(a) and (b), 15 U.S.C. § 1681v, and 18 U.S.C. § 2709, for the same individual or organization.
All well and good, but the DOJ's transparency report (linked to by the ODNI) breaks that number down just fine. (For whatever reason, the ODNI Tumblr post links to a report for 2012. The PDF of the ODNI's report contains a link to the 2013 version. Both are embedded below.)

From the 2013 letter:
In 2013, the FBI made 14,219 NSL requests (excluding requests for subscriber information only) for information concerning United States persons. These sought information pertaining to 5,334 different United States persons.
From the 2012 letter:
In 2012 the FBI made 15,229 NSL requests (excluding requests for subscriber information only) for information concerning United States persons. These sought information pertaining to 6,223 different United States persons.
It appears the FBI has the power to narrow down the number of persons targeted by its NSLs, although something must have happened in 2013 that made it append the following footnote to its FY2013 letter.
In the course of compiling its National Security Letter statistics, the FBI may over-report the number of United States persons about whom it obtained information using National Security Letters. For example, NSLs that are issued concerning the same US. person and that include different spellings of the US. person's name would be counted as separate U.S. persons, and NSLs issued under two different types of NSL authorities concerning the same US. person would be counted as two US. persons. This statement also applies to previously reported annual US. person numbers.
The DOJ's transparency letters again point out that the FISA court is basically approving everything set in front of it. Only one order has been withdrawn in the last two years and only 74 of 3,511 orders presented for "electronic surveillance" and/or "physical searches" were modified. The Section 215 collection requests were sent back for modification more often (roughly 2/3rds of the time) but ultimately, not a single one of those requests were denied.

So, there's more transparency than we're used to, but the 702 program still remains the best kept open secret. One order accesses thousands of "targets," and the ODNI hasn't exactly been forthcoming with additional details. Another explanatory note included does, however, point out inadvertently how useless the word "target" is when deployed by the NSA.
Within the Intelligence Community, the term “target” has multiple meanings. For example, “target” could be an individual person, a group, or an organization composed of multiple individuals or a foreign power that possesses or is likely to communicate foreign intelligence information that the U.S. government is authorized to acquire by the above-referenced laws.
Section 702's "explanation" takes it even farther:
In addition to the explanation of target above, in the context of Section 702 the term “target” is generally used to refer to the act of intentionally directing intelligence collection at a particular person, a group, or organization.
It's a noun, it's a verb, it's pretty much anything the NSA wants it to be, as Marcy Wheeler explains:
Except that it doesn’t admit that, at least in the past, sometimes target means “the switch we know lots of al Qaeda calls to use.” Meaning the term “target” is a misnomer even within the context they lay out.
There's still nothing "targeted" about the NSA's supposedly targeted collections. The collection comes first and the targeting comes later -- sometimes using pre-determined selectors and other times by splashing around in the data until something presents itself. What the NSA means by "target" is nothing more than a term deployed to gain access to massive amounts of communications and data, all under the theory that it's somehow "relevant" to its counter-terrorism work.

The new report is a step towards transparency, but it's a very calculated move that throws out a few vague numbers while withholding anything that could put them into context. In this sense, it follows the administration's idea of transparency: nothing that goes deeper than the surface.






Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Jun 27th, 2014 @ 12:46pm

    it would still be difficult to identify the number of specific individuals or organizations that are the subjects of NSLs.

    They must just collect data, and try and figure out who to arrest after something happens.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Jun 27th, 2014 @ 12:49pm

    I look forward to the next Snowden Report that comes out soon that completely takes a shit all over this report.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jun 27th, 2014 @ 1:17pm

    I would love to see

    I can't wait till that one 702 order gets released/leaked.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Jun 27th, 2014 @ 3:37pm

    No wonder the German government stopped using Verizon. I'm sure Verizon and AT&T probably make up around half of those NSL requests. Google and Facebook probably make up the other half.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Coyne Tibbets (profile), Jun 27th, 2014 @ 9:56pm

    Trust

    Amazing honesty! Everyone trusts them now, right?

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Jun 28th, 2014 @ 12:46am

    Re: Trust

    Everyone trusts them now, right?

    Actually, yeah. Or are you seriously going to argue that a Report consisting of lots and lots of verbs and nouns with charts and graphs numerically comparing "stuff" and "different stuff" in units of "things" isn't informative?

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.