Posts

DOJ’s IG Hints at Concerns about Back Door Search Issues

In addition to focusing on whether the classification of past IG Reports will limit what he can release about the Section 215 dragnet and Section 702 content collection, DOJ Inspector General Michael Horowitz laid out one more significant civil liberties concern related to national security investigations.

Additional concerns about civil rights and liberties are likely to arise in the future. For example, significant public attention has been paid to programs authorizing the acquisition of national security information, but relatively less has been paid to the storing, handling, and use of that information. Yet after information has been lawfully collected for one investigation, crucial questions arise about whether and how that information may be stored, shared, and used in support of subsequent investigations. Similar questions arise about the impact on civil rights and liberties of conducting electronic searches of national security information and about whether and how information obtained in a national security context can be used for criminal law enforcement. As the Department continues to acquire, store, and use national security information, these issues will arise more and more frequently, and the Department must ensure that civil rights and liberties are not transgressed.

I don’t guarantee this is a reference to back door searches.

But we know that FBI has been permitted to conduct searches on content collected under traditional FISA or FISA Amendments Act since at least 2008. We know that the Intelligence Community does not believe it needs even Reasonable Articulable Suspicion — of a national security concern or of a crime — to search this data. And in the past, DOJ has argued it can use FISA-collected information to find things like evidence of rape to use to coerce people to turn informant.

So I’m going to wildarseguess that at least part of what Horowitz alludes to here pertains to whether DOJ can search this incidentally collected information in support of criminal investigations. That would of course violate the spirit of every wiretap law in the country, but given the government’s past interpretations of what the elimination of the wall between NSA and FBI means and their claims they don’t need RAS to search these databases, it is a real possibility that’s what they doing (though they may be claiming that the crimes in question are “related” to the national security claims — things like money laundering and drug sales and so forth).

I’m also interested in Horowitz’ allusion to “national security information.” Does this go beyond content? Is he worried about the use of bulk-collected data in criminal investigations?

OK, now he’s got me worried.

But note what he doesn’t say: that he’s investigating this.

Will DOJ’s 1,265-Day Old Section 215 Review Be Squelched By Past Classifications?

DOJ’s Inspector General Michael Horowitz released his annual list of challenges today (which includes a focus on prison problems). In his section on national security and civil liberties he spends 4 paragraphs calling for more information sharing before he turns to civil liberties. In that section, he once again promises the report on the use of Section 215 his office has been working on for 1,265 days.

But he adds something new. He suggests this report may be limited by whether or not DOJ and ODNI declassify sections of the past reports.

The OIG’s ongoing reviews also include our third review of the Department’s requests for business records under Section 215 of the Foreign Intelligence Surveillance Act (FISA), as well as our first review of the Department’s use of pen register and trap-and-trace devices under FISA.  Although the full versions of our prior reports on NSLs and Section 215 all remain classified, we have released unclassified versions of these reports, and we have requested that the Department and the Office of the Director of National Intelligence (ODNI) conduct declassification reviews of the full classified versions.  The results of any declassification review may also affect how much information we will be able to publish regarding our pending reviews when they are complete.

As I have noted in the past, the 2008 report includes two appendices on then-secret uses of Section 215, one of which almost certainly pertains to the phone dragnet. In addition, it includes a sharply critical section on DOJ’s failure to institute new minimization procedures specific to Section 215 (which would dramatically affect its use for the phone dragnet).

Now Horowitz is saying that, unless DOJ and ODNI declassify these past reports, he won’t be able to present in unclassified form all the findings in his current report (which covers the period through 2009, and therefore the violations discovered in that year).

Horowitz suggests something similar is going on with DOJ IG’s work on content collection as well. Both a report he did last year on the FISA Amendments Act (which may suggest the FBI has not always abided by its targeting and minimization procedures) and Glenn Fine’s DOJ-specific review on the illegal wiretap program remain classified.

The OIG has also conducted oversight of other programs designed to acquire national security and foreign intelligence information, including the FBI’s use of Section 702 of the FISA Amendments Act (FAA), which authorizes the targeting of non-U.S. persons reasonably believed to be located outside the United States to acquire foreign intelligence information.  The OIG’s 2012 review culminated in a classified report released to the Department and to Congress that assessed, among other things, the number of disseminated FBI intelligence reports containing a reference to a U.S. person identity and the FBI’s compliance with the targeting and minimization procedures required under the FAA.  Especially in light of the fact that Congress reauthorized the FAA for another 5 years last session, we believe the findings and recommendations in our report will be of continuing benefit to the Department as it seeks to ensure the responsible use of this foreign intelligence tool.  This report also was included in our request to the Department and ODNI for a declassification review, as was the full, classified version of our 2009 report on the President’s Surveillance Program, which described certain intelligence-gathering activities that took place prior to the enactment of the FAA. [my emphasis]

Elsewhere, Horowitz alludes to the Snowden leaks. Clearly, much of what appears in the 2009 and 2012 reports has been covered in leaks and releases to Congress. And yet, it seems, someone is stalling the declassification of DOJ IG’s work.

What has DOJ’s IG found that Eric Holder and James Clapper are trying to hide?

Guidance Directive [Redacted]”'>The FBI’s Official “CAIR Has Cooties Guidance Directive [Redacted]”

I had just about come to the conclusion that Michael Horowitz, DOJ’s Inspector General who took over after Glenn Fine retired in 2010, was a worthy successor. In recent weeks, Horowitz has released reports critical of DOJ’s handling of classified information, its refusal to account for drones’ unique risks to privacy, and the Bureau of Alcohol, Tobacco, and Firearms’ use of “churning” (money-making) operations.

But then I read this report — on the FBI’s Interactions with the Council on American-Islamic Relations — and I got literally sick to my stomach.

The report purports to determine whether the FBI complies with Agency guidance — the title and issuing authority for which are redacted in the report, which is why I am referring to it as the “Cooties Guidance Directive [Redacted]” throughout, even where it is redacted in direct quotes — that FBI personnel are not to engage in any community outreach with people from CAIR. For results, it shows that in three of five cases where FBI personnel did engage (or almost engage!) with people from CAIR, the personnel either didn’t consult with the FBI entity the IG deems to be in charge of this policy (which is probably the Counterterrorism Division, but the IG Report redacts that too), or consulted instead with the Office of Public Affairs, which is in charge of community outreach.

In response to these shocking (!!) results, Congressman Frank Wolf has already called for heads to roll.

But what the report actually shows is, first of all, how in response to two non-criminal pieces of evidence — a meeting between men who would go on to found CAIR and Hamas, which was not yet a designated a terrorist organization, and CAIR’s designation as an unindicted co-conspirator in the Holy Land Foundation case (the publication of which was subsequently deemed a violation of the group’s Fifth Amendment rights) — the FBI formulated a formal policy to treat that organization as if it has cooties.

And yet, even the language the IG repeats about this policy makes it clear that the FBI was operating on a policy of “guilty until proven innocent.”

The guidance specifically stated that, until the FBI could determine whether there continued to be a connection between CAIR or its executives and Hamas, “the FBI does not view CAIR as an appropriate liaison partner” for non-investigative activities.

That is, for the entire 5 year period versions of this policy have been in place, FBI has maintained that so long as it doesn’t develop evidence that CAIR has no ties to Hamas, then FBI will treat the organization and its officials as if they do have such ties by refusing to let them on FBI property or attend any CAIR-affiliated events. And we’re supposed to believe, I guess, that the FBI has used not a single one of their intrusive investigative methods to try to prove or disprove this allegation in the interim 5 years, and so it just will never know whether the allegation is correct or not, and so must operate on the playground Cooties standard.

Heck, in one of the “incidents” the report investigates, the local FBI office actually vetted an event participant to make sure his service on CAIR’s local board didn’t taint all his other community ties so badly that he should not participate in the event.

Yet whether or not a particular CAIR representative [redacted] is irrelevant to the Cooties Guidance Directive  [Redacted] to deny the organization access to the FBI in such non-investigative community-outreach activities.

And the IG Report — Michael Horowitz’ report — judges that vetting that found this gentleman to be innocent was not sufficient reason to ignore the Cooties Guidance Directive [Redacted]. The Report seems to endorse the view that vetting notwithstanding, this guy had a formal role in CAIR that made all his other roles in the Muslim community suspect and that’s the way things work in America.

Then there’s the underlying logic. The entire policy is premised on a bizarre belief that it is exploitative for a Muslim organization to advertise its willingness to work with the FBI.

The June 2011 EC also reiterated that CAIR was not prohibited from “maintaining a relationship with the FBI regarding civil rights or criminal violations; however, civil rights and criminal squads should be cognizant CAIR has exploited these relationships in the past.”

[snip]

The end result of this incident- CAIR posting on its website of a photograph showing the SAC speaking at the event and a description of CAIR’s Civil Rights Director moderating his speech is the sort of exploitation of contact with the FBI that the Cooties Guidance
Directive [Redacted] was intended to avoid.

I don’t get it. If CAIR really were a terrorist sleeper cell, wouldn’t advertising their willingness to associate with the FBI completely ruin all their terrorist Cred, and therefore neutralize whatever threat they presented?

In any case, on the one hand, the report chronicles how the federal agency in charge of investigating civil rights abuses basically treated an entire constitutionally protected civil rights organization as guilty without charging it with any crime.

But then there’s the fact that, after responding to a request to fear-mongers in Congress, this report saw the light of day in the fashion it appears.

As noted above, the IG Report seems to accept this premise of guilty until proven innocent without noting the problem underlying it. Like, you know, the Constitution. In places, the language of the report even echos that of a presumption of guilt, as in this passage where it berates OPA for actually treating an individual with multiple formal ties to the Muslim community as such, rather than as someone branded solely by his affiliation with CAIR.

It appears that OPA provided guidance that effectively reversed the presumption against CAIR participation in non-investigatory FBI activities in this instance. OPA indicated that it wanted to ensure that there was sufficient justification for excluding the CAIR participant apart from his role in CAIR.

Then there’s the way in which this was released. While the actual Cooties Guidance  Directive [Redacted] is classified, nothing else in the report seems like it should be (though the FBI has removed the classification marks from the paragraphs to hide the basis for their claims that this is classified). In particular, FBI or DOJ or OIG has chosen to redact anything that would make it clear whether this is an actual policy, or just guidance on which CTD and OPA disagree (in their complaint about the report, the ACLU notes that it doesn’t appear to have gone through the formal policy-making process). And yet, having hidden that information, the IG presents it as if the failure to implement the Cooties Guidance Directive [Redacted] is a graver problem than the upending of presumption of innocence.

Finally, there are a few tonal issues. For example, the report presents this view — from a Chicago SAC who twice blew off the Cootie Guidance Directive [Redacted] — as if his basic civility presents a problem.

He stated that if DHS considered CAIR officials to be part of the community and invited them to the Roundtable, the FBI was not going to deny them entry at the door.

In another instance, it quotes another violating SAC as using the term “Islamophobia” (PDF 22), but presents the term in scare quotes. This is borderline McCarthyist shit, treating the language of people fighting terrorists by treating Muslims as human beings as some kind of brand against them.

Finally, there’s the timing of this. The fear-mongers requested this report in March 2012 — over 20 months after after the Section 215 IG Report that we’ve been waiting for for 1,224 days got started. Three of four of what are probably interviews with those deemed in violation of this guidance took place over the course of 8 days in August and September of 2012 (the last took place in July, which makes me wonder whether that was added to beef up an otherwise thin report.)

But then the report didn’t get released until a second state CAIR affiliate starts challenging the FBI’s killing of a Muslim person. And the IG Report got released on the very same day that CAIR released a major report on Islamophobia (or, as the IG appears to treat it, “Islamophobia.”)

The whole thing seems designed not to make the FBI a more orderly place (if that were the purpose, then it might be better to focus on how the Cooties Guidance Directive
[Redacted] became formal policy — if it did — without going through formal policy channels). Rather, it seems designed to foment a kind of McCarthyism within FBI targeted at those counterterrorism investigators who believe the best way to fight Islamic extremists is to treat Muslims as partners in rooting out violence.

Hot Numbers and the 2009 Troubles

Starting in 2007, DOJ’s Inpector General Glenn Fine did a series of reports on the FBI’s use of National Security Letters and Exigent Letters. In response (and as the FBI tried to clean up the mess from its inappropriate use of those tools), in 2007 the government asked OLC for an interpretation on the Electronic Communications Privacy Act. That opinion, which was issued on November 8, 2008, ruled that ECPA barred telecom providers from responding to certain kinds of requests without legal process.

Finally, you have asked whether a provider, in answer to an oral request before service of an NSL, may tell the FBI whether a particular account exists. This information would be confined to whether a provider serves a particular subscriber or a particular phone number. We believe that ECPA ordinarily bars providers from complying with such requests.

In the last of his IG Reports on NSLs and Exigent Letters, Fine argued that that OLC opinion made two of FBI’s practices with exigent letters — “sneak peeks” and “hot numbers” — illegal.

[T]he Department’s Office of Legal Counsel concluded, and we agree, that the ECPA ordinarily bars communications service providers from telling the FBI, prior to service of legal process, whether a particular account exists. We also concluded that if that type of information falls within the ambit of “a record or other information pertaining to a subscriber to or customer of such service” under 18 USC 2702(a)(3), so does the existence of calling activity by particular hot telephone numbers, absent a qualifying emergency under 18 USC 2702(c)(4).

[snip]

Therefore, we believe that the practice of obtaining calling activity information about how numbers in these matters without service of legal process violated the ECPA.

[snip]

We believe the FBI should carefully review the circumstances in which FBI personnel asked the on-site communications service providers [redacted] “hot numbers” to enable the Department to determine if the FBI obtained calling activity information under circumstances that trigger discovery or other obligations in any criminal investigations or prosecutions.

The “hot number” practice is functionally equivalent to the “alert list” the NSA used on the Section 215 dragnet database, in which it checked daily incoming calls to see if there had been any US contact with both approved and unapproved identifiers; if there was activity in both cases, it would spark further investigation.

The practice Fine focused on in this report was the requests FBI would get onsite telecom providers to fill without a subpoena. But at the same time Fine was working on that series of reports (the last one wasn’t issued until 2010) he was also working on a report on the FBI’s 2006 use of Section 215 (issued in March 2008), which included two classified appendices on bulk collection programs including (presumably) the phone dragnet from May until December 2006, and the 2009 Joint IG Report on the illegal wiretap program (which would have covered the dragnet program through May 2006).

We now know that both the pre May 2006 dragnet program and the post May 2006 dragnet program included a practice that, in wake of that OLC opinion (and perhaps before), Fine would find required some legal attention (the Pen Register equivalent in a grand jury context might put the post May 2006 practice in good stead, the 2008 opinion would seem to make the use of alerts earlier illegal, along with everything else).

Which may be why the government asked Judge Reggie Walton to consider whether the dragnet program complied with ECPA for his December 12, 2008 opinion.

That’s just a hypothesis (though the December 2008 would have been the first dragnet application after the OLC memo).

But if it’s right, it makes the NSA”s “discovery” of the alert process the following month all the more ridiculous. The alert process had been in place for years. FBI was being scolded for an equivalent practice (that ended in 2006) within FBI. And yet NSA somehow didn’t think to tell Walton about it until he had ruled ECPA did not present a problem for the dragnet more generally.

These three programs — the illegal program and the exigent letters, which both became the early dragnet in 2006 — are all closely related. Once you read them in tandem, though, it makes NSA”s claims to ignorance completely incredible.

Which brings me back to a reminder I’ve made several times. In the wake of the 2009 discoveries, Pat Leahy tried to mandate a DOJ review of the ongoing Section 215 activity, an effort the Administration thwarted. Fine agreed to do one anyway … then left. His replacement, Michael Horowitz, keeps claiming he’s still working on that investigation (but only covering the activities through 2009). That investigation has been going on 1,191 days now.

Update: Another interesting timing detail. According to the White Paper, the Intelligence and Judiciary Committees had all received the initial application and Primary Order on the dragnet by December 2008. So did they wait until the Walton opinion? Or did they know the Judiciary Committees would get them as part of DOJ IG reports?

If by “New” IG Investigation You Mean 1,155 Days Old

Shane Harris reads the DOJ IG Report on its civil liberties related work and reports that it is investigating the use of Section 215 of the PATRIOT Act.

The Department of Justice Inspector General, which has issued several critical reports over the years about FBI surveillance, is again looking into the bureau’s use of powerful and secretive orders for information about Americans.

A new review is examining “any improper or illegal uses” of the FBI’s surveillance authorities under Section 215 of the Patriot Act. That’s the portion of the law that allows the government to collect Americans’ phone records en masse. And in what appears to be a first review of its kind, the IG will also look at the FBI’s use of pen register and trap-and-trace authority under the Foreign Intelligence Surveillance Act. These are the authorities that allow the bureau to track the metadata of communications made to and from phone numbers and email accounts.

Only this is not a new review. Now-retired DOJ IG Glenn Fine first laid out his plans for the investigation on June 15, 2010 in a letter to Pat Leahy. I reported on the April update on that investigation and the related back story here, 6 weeks ago.

By my math, that means this IG Investigation of abuses we know occurred in 2009 has been going on  1,155 days. And the investigation remains focused on abuses that happened 2 PATRIOT Act extensions ago, rather than what is going on with the program now.

DOJ’s IG, at least under Fine, was very good at rooting out problems with intelligence programs. But we have yet to hear much from his replacement, Michael Horowitz (who has been on the job for 16 months after a long delay in both nominating and confirming him), to indicate one way or another whether he’ll be as good as Fine.

We do know he’s taking his sweet time reviewing problems that happened 4 years ago.

On the Refusal to Exercise Oversight over Vast Surveillance Programs, Episode 117

The Joint IG Report on the illegal wiretap program left out all discussion of what happened to the Internet and (to a lesser extent) phone metadata collection that got moved into Pen Register/Trap&Trace and Section 215 collection, respectively, as described by the NSA Draft IG Report (see page 39 ff).

The transition of certain PSP-authorized activities to FISC orders is described in detail in Section 5 of the classified report and Chapter Five of the DOJ OIG Report. Further details regarding this transition are classified and therefore cannot be addressed in this unclassified report.

But the report did make it clear that Glenn Fine, then DOJ’s Inspector General, had recommended DOJ and other Intelligence Committee agencies track whether these programs were useful in their new form.

As noted above, certain activities that were originally authorized as part of the PSP have subsequently been authorized under orders issued by the FISC. The DOJ OIG believes that DOJ and other IC agencies should continue to assess the value of information derived from such activities to the government’s counterterrorism efforts.

[snip]

Finally, the collection activities pursued under the PSP, and under FISA following the PSP’s transition to that authority, involved unprecedented collection activities. We believe the retention and use by IC organizations of information collected under the PSP and FISA should be carefully monitored.

The Joint IG Report came out in July 2009. The debate over extending the PATRIOT Act started in earnest in September 2009.

Yet not only wasn’t that review baked into the extension, but when Patrick Leahy tried to include additional oversight that would include, among other things,

  • Mandate further audits of some of these provisions, such as the use of pen registers
  • Give the Court oversight over the minimization procedures for the use of Section 215 and pen register and trap and trace devices
  • Require that Section 215 and pen registers only be granted if authorities can show that the requested information has ties to terrorism

Dianne Feinstein got Leahy to take much of that out in a substitute bill, and then Jeff Sessions, seemingly working on behalf of the Administration, gutted things further in the Senate markup. It was fairly clear then that the IC — if not the Administration personally — wanted to make sure this oversight did not get added to the PATRIOT Act.

And it didn’t.

The next year, Glenn Fine — who, of course, was the guy who recommended increased oversight in the first place — said he’d do the reviews anyway.

We intend to initiate another review examining the FBI’s use of NSLs and Section 215 orders for business records. Among other issues, our review will assess the FBI’s progress in responding to the OIG’s recommendations in the prior reports. In addition, we intend to examine the number of NSLs issued by the FBI from 2007 through 2009, and we will closely examine the automated system to generate and track NSLs that the FBI implemented to address the deficiencies identified in the OIG reports.

In addition, our review will cover the FBI’s use of Section 215 orders for business records. It will examine the number of Section 215 applications filed from 2007 through 2009, how the FBI is using the tool today, and describe any reported improper or illegal uses of the authority. Our review will also examine the progress the FBI has made in addressing recommendations contained our prior reports that the FBI draft and implement minimization procedures specifically for information collected under Section 215 authority.

We also intend to conduct a programmatic review of the FBI’s use of its pen register and trap and trace authority under the FISA. That part of the review will examine issues such as how the FBI uses the authority to collect information, what the FBI does with the information it collects, and whether there have been any improper or illegal uses of the authority either reported by the FBI or identified by the OIG. [my emphasis]

Writing in 2010, when both metadata collection programs were still ongoing under these authorities, this basically laid out a plan to review all the secret metadata collection hidden inside these authorities.

Fine wrote that in June; in November of that year, he announced his resignation, saying he wanted to pursue new professional challenges.

Read more

The Intelligence Community’s Willful Ignorance about Americans Caught in 702 Surveillance

Given the Intelligence Community’s reluctant and partial disclosures on the Section 702 (PRISM/FAA) collection, I want to return to a squabble from last fall, before Congress reauthorized FAA.

As you’ll recall, Ron Wyden tried to get the IC to disclose the number of Americans whose communication had been reviewed under Section 702. The IC dicked around long enough to ensure Wyden didn’t get an answer in time to make a political stink about it. When they finally gave him an answer, they said providing such a number would violate the privacy of Americans.

I defer to [the NSA Inspector General’s] conclusion that obtaining such an estimate was beyond the capacity of his office and dedicating sufficient additional resources would likely impede the NSA’s mission. He further stated that his office and NSA leadership agreed that an IG review of the sort suggested would itself violate the privacy of U.S. persons.

Ultimately, this statement seemed to be as much about resource allocation as anything else — the NSA and IC IGs would need more staff to accomplish the tast. (I must say, I do find it interesting the ICIG has time to investigate 375 leaks but not enough time to find out how many Americans are being spied on.)

But look at how closely the government is purportedly tracking US person data.

These procedures require that the acquisition of information is conducted, to the greatest extent reasonably feasible, to minimize the acquisition of information not relevant to the authorized foreign intelligence purpose.

Any inadvertently acquired communication of or concerning a U.S. person must be promptly destroyed if it is neither relevant to the authorized purpose nor evidence of a crime.

[snip]

Any information collected after a foreign target enters the U.S. –or prior to a discovery that any target erroneously believed to be foreign was in fact a U.S. person– must be promptly destroyed unless that information meets specific, limited criteria approved by the Foreign Intelligence Surveillance Court.

The dissemination of any information about U.S. persons is expressly prohibited unless it is necessary to understand foreign intelligence or assess its importance; is evidence of a crime; or indicates a threat of death or serious bodily harm.

Now, these passages ought to make people more worried about privacy than not. Stated clearly, it says the government believes it can collect and keep US person content if it deems that content “relevant” to the reason they collected the information.

Remember two things: this collection is not limited to use with terrorism; it can be used for espionage investigations, hacking, or any foreign intelligence purpose. And the government has already deemed every single one of our phone records to be “relevant” to an umbrella terror investigation, so the definition of relevance the government has developed in secret is unbelievably broad and persmissive.

That collection — the people whose content is reviewed and deemed relevant and kept — is the universe of people Wyden wanted to count. And the government is making decisions about the relevance of them in secret, but not tracking the process by which they do so.

Note too that the government can disseminate US person communications if “it is necessary to understand foreign intelligence.” This is not news (which is why it is so appalling that people were fighting over whether the government could listen to US person calls or read their emails). It is part of traditional FISA, too. (It was using that excuse that John Bolton was learning about what his rivals were negotiating with the North Koreans.) But given how much more information an analyst can access both because she is accessing all Internet activity and not just phone, but also because more associated communications are sucked up with a target, it means many more US persons’ communications might be disseminated. It’s not clear, by the way, such dissemination would exclude privileged conversations between lawyers and clients, or discussions between journalists and sources.

And this second group of people — the ones whose communications are being circulated — are counted.

Though we’re not allowed to know what those numbers are.

Here’s what the DOJ Inspector General Michael Horowitz had to say about a statutorily required review of the 702 collection he recently completed (I think, but it’s not entirely clear, that Horowitz didn’t finish this review until after FAA was renewed last year — I know he didn’t finish it before the Judiciary and Intelligence Committees passed it out).

Inspector General Michael E. Horowitz of the United States Department of Justice Office of the Inspector General (OIG) recently issued a report examining the activities of the Federal Bureau of Investigation (FBI) under Section 702 of the Foreign Intelligence Surveillance Act Amendments Act of 2008 (Act). Section 702 authorizes the targeting of non-U.S. persons reasonably believed to be outside the United States for the purpose of acquiring foreign intelligence information. The Act required that the Inspector General conduct a review of the Department’s role in this process and, in conjunction with this review, the OIG reviewed the number of disseminated FBI intelligence reports containing a reference to a U.S. person identity, the number of U.S. person identities subsequently disseminated in response to requests for identities not referred to by name or title in the original reporting, the number of targets later determined to be located in the United States, and whether communications of such targets were reviewed. See 50 U.S.C. 1881a(l)(2)(B) and (C). The OIG also reviewed the FBI’s compliance with the targeting and minimization procedures required under the Act.

The final report has been issued and delivered to the relevant Congressional oversight and intelligence committees, as well as leadership offices. Because the report is classified, its contents cannot be disclosed to the public.

In other words, the DOJ IG counted — because the law required him to — the following:

  • The number of US person-related communication that got disseminated in a first dissemination of intelligence 
  • The number of US persons whose identity identified in a follow-up on an original dissemination
  • The number of targets originally believed to be foreign who end up being US persons (note, the NSA conveniently doesn’t explain what the specific criteria are that would allow the government to keep these communications … I wonder why?)

But it did not count how many US persons’ communications were reviewed but not disseminated, many of which may be retained under the relevance standard.

In general, when the government chooses not to count things, there’s a reason it doesn’t want to.