Back Door Searching the Data Coming into FBI’s Front Door

As I noted, the big takeaway of the changes to USA F-ReDux’s transparency provisions is that, after having given us a topline number for Section 702 collection, the IC has decided it can no longer do so. I provided some reasons why that might be here.

But there are several other interesting aspects of the transparency procedures worthy of note.

As with the Leahy bill, the transparency procedures simply don’t count the non-communications production under traditional Section 215. Though the means by which it counts exclusively communication has changed to “unique identifiers used to communicate information collected pursuant to such orders,” which the bill doesn’t define.

For the CDR function, it includes that (which should show some kind of return, though given that they’re not chaining exclusively on calls made any more, may exclude some of the production because it represents a “connection” chain rather than a “contact” chain). But then it adds a paragraph to track back door searches.

(C) the number of search terms that included information concerning a United States person that were used to query any database of call detail records obtained through the use of such orders;

This reveals the unsurprising detail that once they’ve collected all these records – under which, in the current scheme, they can be subject to all of NSA’s analytical toys – they do back door searches on them. It’s not clear what would be counted here or not (is a device identifier “concerning” a US person?). But this also would seem to exclude analysis done immediately upon intake, which we’ve seen that they do.

And, in case you haven’t already guessed, the FBI is exempted from counting the searches they do of the database, which likely means for them the data will be stuck into the database that gets searched with every assessment. That likely is new. I would bet a good deal that this data will come into the government via the FBI, rather than the NSA (because the FBI can legally share more widely, and because there’s no great technical burden to process the data as there currently is with the phone dragnet). In other words, whereas now the NSA must certify every dissemination to the FBI that is derivative of the phone dragnet, under this scheme, the FBI will be able to get everything in raw form.