May 4, 2018
N.S.A. Triples Collection of Data From U.S. Phone Companies
By Charlie Savage
WASHINGTON -- The National Security Agency vacuumed up more than 534 million records of phone calls and text messages from American telecommunications providers like AT&T and Verizon last year -- more than three times what it collected in 2016, a new report [1] revealed on Friday.
Intelligence analysts are also more frequently searching for information about Americans within the agency's expanding collection of so-called call detail records -- telecom metadata logging who contacted whom and when, but not the contents of what they said.
The new report -- an annual set of surveillance-related statistics issued by the Office of the Director of National Intelligence -- did not explain why the number of records increased so dramatically. But in an interview, Alex Joel, [2] the office's chief civil liberties officer, said the N.S.A. had not reinterpreted its legal authorities to change the way it collects such data.
He cited a variety of factors that might have contributed to the increase, potentially including changes in the amount of historical data companies are choosing to keep, the number of phone accounts used by each target and changes to how the telecommunications industry creates records based on constantly shifting technology and practices.
"Based on what we have learned from this data, we expect it will continue to fluctuate from year to year," Mr. Joel said.
Still, the large and growing volume of data gathered shows that the N.S.A. continues to collect significant amounts of information about Americans' phone and text messages after changes made by Congress in a 2015 law, the USA Freedom Act, which overhauled how the N.S.A. can gain access to domestic telecom data.
That law ended a once-secret program by which the N.S.A. had systematically collected Americans' domestic phone logs in bulk -- billions of records per day. The program traced back to the aftermath of the Sept. 11 attacks and was revealed in 2013 by leaks from Edward J. Snowden, the former intelligence contractor, setting off a wide debate over surveillance and privacy.
Though Congress ended that program, lawmakers still wanted the N.S.A. to retain its function: the ability to analyze links between people in search of hidden associates of terrorism suspects. So it authorized a new system in which the bulk records stay with the phone companies but the N.S.A. can get copies of all records of a target and everyone with whom a target has been in contact.
The phone companies turn over both whatever historical records they have for targets and for their associates, as well as new logs from calls and texts after the order. The system requires the Foreign Intelligence Surveillance Court to agree that there is "reasonable, articulable suspicion" that the seed target is linked to terrorism.
In 2016, the first full year for which that replacement system was in operation, the government obtained orders to target 42 people and collected just over 151 million call detail records. In 2017, the government obtained orders for 40 targets. (The orders generate data for 180 days, so some of the 2016 orders kept generating additional data in 2017, and some of the 2017 orders may have been reauthorizations of expiring 2016 orders pegged to the same targets.)
After the N.S.A. put the record sets obtained from the telecoms into its databases, intelligence analysts queried that data using 31,196 search terms associated with Americans last year, up from 22,360 a year earlier.
The large volume of records generated from a relatively small number of targets is attributable to several factors. One is the exponential math associated with gathering the communications logs not just of targets, but of every person with whom a target has been in contact.
Another is that some conversations generate more than one record at phone companies. These apparently include back-and-forths via text messages, as well as calls involving cellphone users on the move, whose calls are handled by different cellphone towers.
Officials have also cautioned that some records gathered by the N.S.A. are duplicates: A call between an AT&T customer and a Verizon customer, for example, generates records at both companies.
The report listed several other notable statistics about surveillance activities. For example, it showed that the number of people whom the surveillance court granted approval to target with wiretaps for national-security purposes dropped somewhat, from 1,687 in 2016 to 1,337 last year.
By contrast, the number of targets for the N.S.A.'s warrantless surveillance program -- noncitizens abroad whose communications are collected from American companies like Google -- grew significantly, from 106,469 in 2016 to 129,080 last year.
The warrantless surveillance program also grew out of the once-secret post-Sept. 11 programs, and is now conducted under a law called Section 702 of the FISA Amendments Act. It has attracted controversy because when foreign targets communicate with Americans, the government collects those Americans' emails and other private messages without a warrant, too. Congress reauthorized that law without major changes this year. [3]
The report contains several statistics about how the government has used Americans' information that it gathered without a warrant under Section 702. Analysts queried metadata harvested from that program for information about an American 16,924 times in 2017. That was down from 30,355 times the previous year; the report did not explain the drop.
F.B.I. agents did not open any criminal investigations into an American that had no connection to national security in 2017 based on Section 702 data, the report said. Nor did they scrutinize any communications in the Section 702 database that came up in response to queries for an American's information when agents were working on a criminal case that had no connection to foreign intelligence.
But the report did not disclose how many times the bureau did either of those things when agents did deem their work to have a foreign intelligence or security link.
It also did not disclose the volume of Americans' communications or metadata gathered by the N.S.A.'s work abroad, where its activities are regulated by Executive Order 12333, not the Foreign Intelligence Surveillance Act, and it is permitted to engage in bulk collection.
[1] https://www.dni.gov/files/documents/icotr/2018-ASTR----CY2017----FINAL-for-Release-5.4.18.pdf
[2] https://www.dni.gov/index.php/who-we-are/leadership/chief-civil-liberties-protection-officer
[3] https://www.nytimes.com/2018/01/18/us/politics/surveillance-congress-snowden-privacy.html