I Con the Record’s Annual Transparency™
Amid about 100 pressing bills having to do with surveillance, I Con the Record released the yearly FISA letter and pretty Transparency Report. Here’s what I can see in it (here’s last year’s report and letter for comparison).
Probable Cause FISA
Probable cause FISA orders (Title I, III, 703, and 704) have declined from 1,767 to 1,519, but the number of targets affected has gone up, from 1,144 to 1,562. This seems to suggest that at least some of these orders must involve more than one target. There were 1,416 applications total, including 1,379 including electronic surveillance.
Also note, at least until a few years ago, NSA never used 703 in isolation, it only uses 705(b) orders, which are combinations of 703 and 704. I’m not sure how ODNI counts them, then, and whether 705(b) orders are included as 703 counts.
There were a number of modified probable cause orders this year:
FISC made modifications to the proposed orders in 19 applications.1 Thus, the FISC approved collection activity in a total of 1,379 of the applications that included requests for authority to conduct electronic surveillance.
1 In addition to the 19 orders modified with respect to applications made during the reporting period, the FISC modified two orders for applications after first granting authorization. The FISC also modified two orders for application made in a previous reporting period during the current reporting period.
That’s actually interesting: it may reflect something problematic with the way the government was obtaining this data or that it was collecting too much incidentally protected data. Or it may reflect a new approach that required some negotiation with the Court.
As it did last year, the government only admits its one order, which hides that it has 3 or more certifications (a counterterrorism one, a counterproliferation one, and a foreign government catchall one).
The total number of targets affected has gone up, from 89,138 to 92,707. And remember, that’s just the targets. Every person who communicates with those targets will also be affected.
The total PRTT orders are pretty flat: they went from 131 to 135. But those affected far more targets, from 319 to 516.
I strongly suspect (in part because of the way USAF carved out location reporting in its transparency procedures) that the government is hiding some kind of systematic Stingray use. So it may be that those 516 targets each suck in hundreds of thousands of Americans co-located with them.
I didn’t realize this last year, but the government is reporting applications, not orders.There are good reasons to do this and dishonest reasons. In any case the number has remained relative flat, from 178 to 170, as have specific targets 172 to 160, and US persons who were subjects of queries, 248 to 227.
There are two far more interesting numbers.
First in 2013 (before NSA had to submit each selector to the FISA Court, but also a year with a major terrorist attack), there were 423 selectors approved to be queried in the phone dragnet. But in 2104 — when FISC started reviewing everything — just 161 selectors were approved. That may suggest (though we’d need more data we won’t get because of imminent changes of some sort or another) that the NSA queries on fewer selectors when it has to tell FISC what they are.
Even more interesting, whereas FISC modified 141 Section 215 orders in 2013, last year they just modified four applications last year. Here’s what recent numbers look like to convey how big of a change this is:
In the 2010 to 2012 time frame, the government admitted that these modifications were largely the court imposing minimization procedures and requiring the government report back on the implementation of those minimization procedures.
The change may mean that, in response to the Snowden disclosures, the government finally complied with the requirement mandated by Congress in 2006 that it adopt such procedures itself. It might reflect FISC’s confidence that the government was finally managing this properly. Or it might reflect that the government was collecting less incidental data. Or something else. But it is a very large change that merits further explanation.
Both the annual number of NSLs issued and the number of requests dropped by 15%, from to 19,212 to 16,348 and 38832 to 33,024 respectively.
The number of US persons affected showed a slightly smaller drop, about 12-13%. In 2013, the government made 14,291 requests affecting 5,334 different US persons. In 2014, the government made 12,452 requests affecting 4,699 US persons.