The National Security Agency has released its Transparency Report on the implementation of the USA Freedom Act — as well as the minimization procedures to be used for the new non-bulk telephone metadata program — giving us a first glimpse of how the law’s reforms are being cashed out in practice. There are some useful points of clarification here — including one or two surprises — but also many questions left unanswered.
First, the report would appear to lay to rest a concern I broached back in 2014 concerning whether the law would truly limit the Agency’s collection to telephone metadata two “hops” or degrees of separation from specific suspicious numbers. How much data NSA would end up collecting in practice, I wrote then, would depend heavily on what kind of “records” were produced by a telephone carrier in response to a telephone number or other “specific selector” provided by NSA. If a carrier regarded an entire telephone bill containing a selector as the relevant “record,” it would clearly end up producing much more data than if the “record” to be produced were understood only as the record of specific calls to or from that number. The report’s definition of “one hop” and “two hop” results clarifies that they are interpreting the statute as Congress intended: The “results” generated in response to a specific selector will encompass only particular numbers in direct contact with that selector, as opposed to any numbers that might show up on (say) the same monthly phone bill.
Second, we’ve gained some additional clarity about precisely how the “chaining” of numbers will work. Presumably in the interest of logistical simplicity, the carriers themselves will not be expected to cross-reference records among themselves in order to produce telephone numbers in second-degree contact with (“two hops” from) numbers determined to be linked with a foreign terror group. Rather, NSA will submit its list of approved selectors to the phone carriers, get back a list of Call Detail Records indicating which numbers are in direct contact with those selectors, and then collate and analyze those records. Having determined which numbers are in contact with their initial selectors — using both the data produced by the phone companies and any records they may have obtained under other authorities, such as FISA or Executive Order 12333 (but not the bulk database obtained under the previous version of the program) — NSA then submits this second list of selectors to the phone companies in order to obtain a second batch of Call Detail Records containing the “two hop” numbers. The process will be iterated “periodically,” but the report stresses that “in no case will the procedures generate third or further hops from a FISC-approved specific selection term.”
There are two notable consequences to this procedure. On the one hand, at least on its face, it would seem to preclude NSA from requiring the phone carriers to conduct “chaining” between the first and second hop using data (such as, for instance, location information or billing addresses) possessed by the telephone carriers but not produced to NSA, because it falls outside the scope of USA Freedom’s relatively narrow definition of Call Detail Records. On the other hand, it makes the process of generating the list of one-hop selectors to be used by carriers as the basis for production of second-hop Call Detail Records effectively a black box under NSA’s control. The first list of “specific selectors” will consist of phone numbers or other identifiers that the Foreign Intelligence Surveillance Court has verified are linked to a foreign power (or agent thereof) engaged in international terrorism. But the second list — the basis for production of those second-hop Call Detail Records — will be generated by NSA itself, using its massive array of internal databases and its own definition of what it means for two numbers (or other identifiers) to be in “direct contact.” So for instance, as Marcy Wheeler has suggested, NSA might consult its databases of cell phone contact lists or the results of “co-traveler analytics” capable of determining when two phones are in consistent physical proximity (along with who-knows-what other undisclosed databases), and use these to generate its list of “first hop” selectors to send back to the carriers for the second phase of record production. This much larger list of selectors, of course, would not be subject to direct approval by the FISC, and the statute doesn’t give the court any clear role in overseeing NSA’s general procedures for determining when two numbers (or other selectors) are in “direct contact.” This is probably the point in the process with the greatest potential for mischief — though, it should be stressed, it does not represent any new capability under USA Freedom: NSA could have used similar procedures under the previous program as well.
Third, and related to the points above, the report treats “specific selector” as essentially synonymous with “telephone number” throughout. As a result, it provides little insight into how the process might work when “specific selectors” other than phone numbers are used as the “basis for production” at either phase. When we’re dealing with telephone numbers exclusively, it seems fairly intuitive how the process ought to operate: Two numbers are in “direct contact” when one number has called, or been called by, another number. Throwing other potential selectors into the mix complicates things substantially. Suppose, for instance, phone carrier records show a call from a specific suspect’s cell phone number to a phone number in a corporate office building. Clearly, NSA can send that number back to the carriers as a “selector” to obtain the “second hop” numbers in contact with that particular office line. But could they also, consulting their own internal databases (or maybe just a phone book), find the billing address of the corporation leasing that line, and submit that address as a selector, obtaining in response Call Detail Records pertaining to any phone line billed to the same address? If so, this would substantially increase the scope of responsive records, and allow the NSA to make practical use, for querying purposes, of information (like billing data) that it does not directly obtain as part of Call Detail Records as statutorily defined.
Fourth, and finally, a point for which I’m indebted to Prof. Alvaro Bedoya of Georgetown Law: The report indicates that NSA has chosen to interpret one of USA Freedom’s transparency directives in a rather surprising way. As part of an annual transparency report, NSA (via the Office of the Director of National Intelligence) will report the number of “targets” whose records are obtained under this program, counting each person as one “target” even if many phone numbers or other selectors are associated with that target. Nothing odd there. But the additional directive to report the “number of unique identifiers used to communicate information collected pursuant to an order” employed under this authority has been interpreted in a rather counterintuitive way. The most natural-seeming way to read this would be as requiring a count of the number of “specific selectors” sent to the phone carriers as the basis for production of records — though arguably the fact that the statute doesn’t explicitly use the “specific selector” language could be read to signal that something different may have been intended. Instead, NSA reads this as requiring them to publish a tally of “each unique record sent back from the provider,” meaning that “if NSA receives the same record separately, whether from multiple providers or one provider, NSA will count each response separately. The Agency recognizes that NSA’s metrics, therefore, likely will be over-inclusive.” This will guarantee that the number reported is both extremely large and quite difficult to interpret. The ratio of individual targets to “specific selection terms” would provide some insight into the Agency’s practices — and at least allow a degree of informed speculation about the answers to the questions raised above. The number of records produced, by contrast, especially since it will include duplicative records, will yield relatively little useful information.
None of this clangs any alarm bells particularly loudly, but to the extent NSA is prepared to clarify some of these points in future reports, it would help reassure the public that the USA Freedom Act is being implemented consistent with its underlying intent — and the public’s expectations about its practical effects.