The FBI’s Standards for Ingesting Raw 702 Data
In most Section 702 hearings, there is no FBI witness, which means NSA witnesses can make claims about back door searches that are completely irrelevant to the biggest concern — FBI’s far more frequent back door searches.
Today was different. Carl Ghattas, FBI’s Executive Assistant Director for National Security, testified. And aside from totally dodging a Chuck Grassley question about why, according to Rosemary Collyer, FBI waited 11 months before informing the FISA Court about one violation, he was a very informative witness.
Take, for example, a detail he provided in his written testimony (after 34:50) about what FBI obtains in raw form (this may be public in the DIOG that the Intercept leaked, but I’m not otherwise aware of this detail). The FBI can only get raw data for selectors “relevant to” full investigations, not preliminary investigations or assessments.
It’s important to remember FBI receives a small fraction of the total collection that NSA receives under this program. In fact, the FBI only receives a small percentage of NSA’s downstream collection and none of NSA’s upstream collection. The reason for this is that the FBI can only request and receive Section 702 collection if the selector — that is, an email address or social media handle, for example — is relevant to a pending full investigation. The FBI cannot receive Section 702 collection during either a preliminary inquiry or an assessment. As a result, although the FBI conducts significantly more US person queries than NSA, those queries are running against a small fraction of the total 702 collection that is acquired by the US government. In other words, when the FBI runs a US person identifier through our database, that query is run against only FBI’s 702 collection that’s obtained during FBI full investigations and not the total collection maintained by NSA.
This does limit things, though as the FBI likes to say, it has thousands of investigations going at any time, the most emphasized of which (terrorism and counterintelligence) would likely implicate 702 data. Moreover, it raises questions about the foreign intelligence designations made, especially (prior to this year) regarding the data FBI shared in raw form with NCTC. And of course, we all know that the word “relevant to” has ceased to have real limiting meaning.
Also, the FBI may only obtain this information at the Full Investigation level, but it can query it at the assessment level. And today’s hearing, like all others, failed to discuss that the FBI uses those queries, in part, to find informants, some of whom may be guilty of nothing beyond doing something that FBI can use to coerce their cooperation.
So a full investigation (which may include an enterprise investigation targeted generally at, for example, ISIS or Russian spies) sucks in all relevant tasked selectors (Ghattas did not describe how the FBI nominates selectors), which can then be queried at the assessment level for the US person being queried.