With the help of the NSA, the FBI collects information via traditional FISA orders. They got 1,559 of them last year, of which 1,477 were targeted at someone in the United States, and of which 336 were targeted at American citizens or permanent residents. All that data goes into a cloud server at the FBI and a separate one at NSA.
In addition, NSA collects information targeted at people overseas under Section 702. FBI can also ask NSA to collect on people they’ve come across in their investigations. Altogether, NSA collected on over 106,000 individual targets last year, via both upstream collection and by asking American providers (Google, Facebook, Yahoo, and the like) for any data they’ve got on those 106,000 targets. They’ll get both sides of targets’ conversations, stored documents and photos, calendar information, and other information.
After NSA gets that information, it will share the parts of that are most relevant to the CIA and the FBI’s missions with them, in raw form. At the FBI, that data is stuck on the same cloud server as the domestic-focused FISA data is in. It is understood that FBI receives any terrorism, counterproliferation, or spying data that has a domestic component (such as Russian spies or ISIS recruiters trying to recruit Americans).
All three agencies — NSA, CIA, and FBI — can then search their own collections of FISA information using the identifier of a US person (a citizen or permanent resident). At NSA and CIA, the analyst has to have a foreign intelligence purpose, such as they think Russians are trying to recruit Mike Flynn. At FBI, an agent has to be looking for criminal information, national security information, or even doing an assessment (such as to figure out whether Carter Page would make a good informant on what the Trump campaign is doing). FBI does so many of these searches they can’t count them.
If there are conversations involving these people in the relevant databases, it appears to the analyst or agent in unmasked form. Yes, if CIA and NSA want to write reports to the White House about what they found, then the name might be masked (but in the vast majority of reports based off 702 reports involving US persons — perhaps 74% — the US person identities eventually get unmasked), but the FBI may dump that data into investigative files.
To understand how and who this might impact in the United States, take this comment from Jim Comey the other day. When asked how many active terrorist investigations the FBI has, he said there were 1,000 investigations where the target was known to be talking to terrorist overseas, and 1,000 where the target embraced radicalism all by him or herself, without talking to an ISIS or any other overseas recruiter.
COMEY: Yes I do. If — we have about 1,000 home grown violent extremist investigations and we probably have another 1,000 or so that are — I should define my terms. Home grown violent extremists, we mean somebody — we have no indication that they’re in touch with any terrorists.
TILLIS: Any foreign touch. Right.
COMEY: Yes. Then we have another big group of people that we’re looking at who we see some contact with foreign terrorists. So you take that 2,000 plus cases, about 300 of them are people who came to the United States as refugees.
Let’s take the higher number, and say there are 2,000 people in the US the intelligence community thinks might be terrorists or susceptible to being convinced to become one.
Now let’s look at the back door search numbers. The NSA used the identifiers (say, their cell phone identifier or their email) of US persons and searched the metadata from their stash of 702 data 30,355 times last year. (The CIA and FBI refuse to count how many metadata searches they did.) That means that NSA tried to do a network analysis on over 28,000 Americans and permanent residents who are not the subject of investigations by the FBI for being terrorists.
Between CIA and FBI combined, they did 5,288 queries on US persons last year. Back in 2013, the CIA did far more searches than the NSA (on 1,400 selectors as compared to NSA’s 198); we don’t know how the split works now. But assume that at least one agency is doing at least 2,644 searches. At the NSA, all 336 traditional FISA targets can be (and I assume are) tasked for back door searches; presumably a chunk of the 336 people targeted under are being investigated for terrorism, though that would also include people like (allegedly) Carter Page, people the FBI has gotten the FISA court to believe are agents of foreign powers). But even if we assume none of the people targeted under FISA are terrorists and all domestic terrorists are being back door searched at NSA, that leaves over 300 people (2,644 – 1,000 – 1,000 – 336) who are having their content accessed without a warrant by the NSA (to say nothing of the FBI, which does it so often it can’t count it). The number is probably higher, though, given that 1,000 of those terrorist suspects aren’t conversing with foreigners. The NSA (or CIA) is only going to access content if they know it exists from metadata, and Comey comment suggests there’s no metadata indicating such conversations. And at least some of those 336 targeted US persons are terror suspects.
Which means one agency — NSA or CIA — is likely accessing the raw content of 1,300 people who aren’t terrorist suspects.
That’s fine. There are other things they might be: suspected weapons proliferators, suspected Russian or Chinese spies, people the government is worried are being recruited by spies, suspected hackers, suspected leakers, Americans who’ve been kidnapped.
But the numbers make clear that the presumption that all of this spying is targeted at terrorists is simply wrong. There are at least 300 people — and probably more like 1,300 people — who even the NSA is accessing the content of without a warrant who are not terrorist suspects.
And the number at FBI is so high it can’t count it.