In this post, I’ll cover the rest of the I Con the Record 2016 Transparency Report.
Title I, III, VII 703 and 704
As the report notes, these are the individually approved orders. To be assholes, ODNI includes Section 703, which is not used. I Con the Record reports 1,559 orders, which it does not break down.
For the same authorities (1805, 1824, 1805/1824, and 1881c), the FISA Court, which uses different and in most cases more informative counting metrics, reports 1,220 orders granted, 313 orders modified, and 26 orders denied in part (which add up to I Con the Record’s 1,559), plus 8 orders denied, which I Con the Record doesn’t mention.
As an improvement this year, I Con the Record has broken down how many of these targets are US persons or not, showing it to be 19.9%. That means the vast majority of targeted FISA orders are targeted at people like Sergey Kislyak, the Russian Ambassador all of Trump’s people talked to.
This is the target number for the original report, not the order number, and it is an estimate (which is curious). This means at least 28 orders target multiple people. Neither ICTR nor FISC reveals how many US persons were approved for 705b, meaning they were spied on when they went overseas.
Section 702
This is the authority that covers upstream and PRISM. After presenting its useless report that it had one certificate in 2016 (leftover from 2015), ICTR reports there were 106,469 knowably discrete 702 targets last year, an 11% increase off last year.
Note: one of the games played in the USA Freedom Act transparency procedures was that, once the other counts moved to a selector based count, this was removed from the required reports (which is why ICTR says they weren’t required by law to release it). They presumably did this to hide the likely fact that for every one of these 106,469 targets, there are multiple — possibly very many — selectors tasked, which would make the spying number look Yuge.
NSA and CIA provide the number of content queries they conducted. Since CIA has stopped double counting selectors it uses more than once, this represents more than the 12% increase in queries suggested by the numbers. So queries are increasing at a higher — potentially significantly higher — rate than targets.
Given the way the NSA’s querying process ties queries to deadlines (60 days, for example, or to the underlying authorization), it’s likely NSA just keeps these queries targeted tasked throughout that period (which may mean CIA moved to do the same this year). If that’s right, it would effectively alert an analyst any time a new communication involving the US person came in.
This post talks about what the report’s claim that just one query of FBI holdings designed to find criminal information had a positive hit — and was reviewed– on 702 information really means.
Meanwhile, NSA’s US person metadata queries have gone up much faster than content queries or target selectors, a 32% increase. As noted in this post, FBI doesn’t have to count their queries and CIA still does not do so.
Also note, this is an estimate. The underlying NSA document makes it clear this is done via algorithm or business rule to estimate these queries, which suggests they’re done automatically.
To put these queries into perspective, Jim Comey today said there were 1,000 Islamic extremists in the US who were communicating overseas. Even assuming they track the other 1,000 extremists not known to be communicating overseas, that’s just a tiny fraction of the Americans they’re tracking.
ICTR provided better information on unmasked US person identities this year than last, revealing how many USP identities got released.
As I said last year, ICTR is not doing itself any favors by revealing what a tiny fraction of all 702 reports the 3,914 — it must be truly miniscule.
All that said if you do get reported in one of those rare 702 reports that includes a USP identity, chances are very good you’ll be unmasked. In 30% of the reports with USP identities, last year, at least one USP identity was released in original form unmasked (as might happen, for example, if Carter Page or Mike Flynn’s identity was crucial to understanding the report). Of the remainder, though, 65% had at least one more US person identity unmasked. I believe that means that only roughly 26% of the names originally masked remained masked in the reports.
Pen Registers
See this post for an explanation of why we shouldn’t take too much from a seeming significant decline in pen registers. Note, I didn’t mention that 43.9% of the 41 targets are estimated to be US persons — but are estimates, which is a bit nutty given the small numbers involved.
Note, of the 60 pen registers ICTR shows, FISC shows 10 were modified (perhaps to include minimization procedures).
Section 215
The section on “traditional” Section 215 shows that for each order (of which up to 4 had more than one target), there were almost 1,000 selectors sucked in.
Except!
Except the number is likely far, far higher, because this metric doesn’t track people sucked in via financial or travel or other Section 215 orders.
This post explains why the 151 million call session records sucked in via the new Section 215 phone dragnet may not actually be that much — but also likely represents edge cases.
Note, the FISC report shows 125 total Section 215 reports, with 108 approved, 16 modified, and 1 rejected (the latter of which ICTR doesn’t mention). The approved reports adds up to the same 124 that ICTR shows. The modified orders likely include minimization procedures.
Here’s the number of queries of returned new phone dragnet data done by NSA and CIA (note, in the old dragnet, this data would not have been as readily available even within NSA, much less at CIA).
As always with meaningful metrics, FBI is exempt. I’ll return to this metric.
NSLs
I may come back to this as well, but for now, know that FBI requested fewer NSLs last year than in previous years.