NSA Only Finds 59% of Its Targeting of US Persons
This will be a minor point, but one that should be made.
The Privacies and Civil Liberties Oversight Board report on Section 702 included this little detail:
In 2013, the DOJ undertook a review designed to assess how often the foreignness determinations that the NSA made under the targeting procedures as described above turned out to be wrong — i.e., how often the NSA tasked a selector and subsequently realized after receiving collection from the provider that a user of the tasked selector was either a U.S. person or was located in the United States. The DOJ reviewed one year of data and determined that 0.4% of NSA’s targeting decisions resulted in the tasking of a selector that, as of the date of tasking, had a user in the United States or who was a U.S. person. As is discussed in further detail below, data from such taskings in most instances must be purged. The purpose of the review was to identify how often the NSA’s foreignness determinations proved to be incorrect. Therefore, the DOJ’s percentage does not include instances where the NSA correctly determined that a target was located outside the United States, but post-tasking, the target subsequently traveled to the United States.
0.4% of NSA’s targeting decisions falsely determine someone is a foreigner who is in fact a US person.
That’s a pretty low amount. Though based on ODNI’s number — showing 89,138 people were targeted in 2013 — that means 356 US persons get wrongly targeted each year. Again, still not a huge number, but it compares rather interestingly with the 1,144 people targeted under FISA each year. Those wrongly targeted under Section 702 actually make up 24% of those targeted in a year.
Just as interesting is comparing the NSA’s internal audit (see page 6) with DOJ’s results. For a period presumably covering some of the same time period, NSA discovered 20 US persons tasked (for some reason there was a big increase in this number for the last quarter of the report) and 191 incidences of “other inadvertent” tasking violations, which are described as, “situations where targets were believed to be foreign but who later turn out to be U.S. persons and other incidents that do not fit into the previously identified categories” (my emphasis). Not all of those 191 incidents should be counted as wrongly targeted US persons — the description includes other inadvertent targeting. But even counting them all as such, that means NSA only found 211 of the potential wrongly targeted US persons in a year, while DOJ found 356.
Again, in a country of 310 million people, these numbers are small, particularly as compared to the collection of US person communications under upstream collection, which is thousands of times higher.
But it does say that NSA’s internal reviews don’t find all the Americans who get wrongly targeted.
Correction: I originally mistranscribed DOJ’s number as .o4%–though I had calculated using .4%.
Are you sure you’re reading the DOJ’s language cynically enough?
.
At least in isolation, the sentence implies that there can be:
– “targeting decisions”, which might or might not pertain to multiple personal
– “targets”, but which definitely can spawn multiple
– “taskings of a selector”, with each selector possibly capturing the traffic of multiple
– “users”.
.
It’s easy to see how to mess with the numbers in a format like this, since, as far as I know, “targeting decision” doesn’t inherently mean anything. An exaggerated example: let’s say I make 500 “targeting decisions.” 498 of those decisions are to “issue selectors for all known electronic accounts of Iranian Official #1, Iranian Official #2,…Iranian Official #498”. Each one spawns multiple selectors, but even the speculative ones either hit people near Iran or at least are never proven to hit a US person.
.
Targeting Decision #499 is to issue selectors for all email with to/from addresses ending “@gmail.com”, a service known to have been used by a large number of foreign terrorists and their supporters. Tens of millions of US persons have their communications swept and subject to front door, back door, side door, and dog door searches. Targeting Decision #500 is to a selector for all IM traffic formatted in the Facebook messaging protocol, which is known to have been used by a large number of foreign terrorists and their supporters. Tens of millions of US persons again have their communications swept.
.
Well, by golly. 0.4% of my targeting decisions resulted in the tasking of a selector that had a user in the United States or who was a US person.
The root problem with any of these analyses is that of credibility. The PCLOB has conceeded elsewhere on their report that the NSA has lied about its own definitions, policies, and rules to both the legislative and Judicial branches. Similarly the DOJ has an established track record of embellishing their own performance on financial crimes, lying about access and of keeping record of their own 702 use. And finally the PCLOB itself is staffed with people such as Cass Sunstein and James Dempsey who have been less than aggressive in defense of privacy.
Given all that why should we trust them? This is an internal review of one suspect group by another being evaluated by a third. Absent raw data for validation I see now reason to draw any general conclusions from this other than insiders agree that insiders aren’t so bad.
@emptywheel – Do you think that when I Con The Record replied to the latest Intercept story “With limited exceptions (for example, in an emergency)” that could imply that some surveillance is done under a standing classified Executive Order declaring a State of Emergency related to terrorism?
Just a tiny point: the 89.138 from the ODNI report, aren’t necessary all people. The report says there were 89.138 targets, which are often mail or IP addresses and for many of them it is not known whether they belong to one single person or the more people are using one address, or one person has multiple addresses.