ODNI's 2016 Transparency Report: A Summary

On Tuesday, the Office of the Director of National Intelligence (ODNI) released its fourth Annual Statistical Transparency Report relating to the use of national security authorities. The report is based on a mix of statutory requirements under the USA FREEDOM Act of 2015 and the Intelligence Community’s internal guidance document entitled Principles of Intelligence Transparency.

The ODNI first began releasing transparency reports in 2014, based on directions from then-President Barack Obama to “declassify and make public as much information as possible about certain sensitive U.S. Government surveillance programs while protecting sensitive classified intelligence and national security information,” which Lawfare highlighted here. Below is a breakdown of this year’s report by authorities used.

The report contains statistics on surveillance authorities including Title I (50 U.S.C. § 1804) and Title III (§ 1823), as well as Sections 703 and 704, of the Foreign Intelligence Surveillance Act (FISA). Titles I and III require “a probable cause court order to target individuals within the United States regardless of U.S person status,” with the former focusing on electronic surveillance and the latter focusing on physical searches. Sections 703 and 704 require probable cause to target U.S. persons located outside the country, the latter under circumstances in which the U.S. person “has a reasonable expectation of privacy and a warrant would be required if the acquisition were conducted in the United States.”

The report clarifies that while the Foreign Intelligence Surveillance Court (FISC) may amend an order approving the requested surveillance authority multiple times after the order has been issued, the document’s tallies only count the first amendment. Renewals of an order are included in the tally of the order itself—so, for example, if an order was renewed twice, only the initial order would be counted.

In 2016, FISC issued 1,559 orders based on “probable cause” court orders, which were used against an estimated 1,687 targets (what the report refers to as a “good faith estimate”). Of those targets, 19.9 percent (336 targets) were U.S. persons. This number of U.S. person targets is provided pursuant to the provisions of the Principles of Intelligence Transparency guidance document.

The report corroborates the 2016 report on FISA Court activities in noting that the FISC did not issue a single order under Section 702 in 2016. At the request of the government, the number of applications made before the court has been redacted--as was the case in the FISC report. However, FISC has also extended its review of the 2016 certifications into the next year, leaving its 2015 order authorizing 702 collection in place during the extension period. There were 106,469 targets of Section 702 orders in 2016.

An estimated 5,288 U.S. person search terms (email addresses and phone numbers of U.S. persons) were used to retrieve the unminimized contents of communications obtained under Section 702, with an estimated 30,355 queries of metadata using these search terms. Pursuant to 50 U.S.C. § 1873(d)(2)(A), these figures do not take into account search terms used or queries conducted by the FBI. Additionally, the figures do not incorporate data from an unnamed intelligence agency that is currently unable to provide a good faith estimate of the number of queries. Appendix A of the report includes a letter from Director of National Intelligence Dan Coats to the Chairmen of the House and Senate Committees on Intelligence and the Judiciary anticipating the availability of a full estimate by the end of 2018, as required by 50 U.S.C. § 1873(d)(3)(A).

The report explains that the FBI received and reviewed Section 702 information in response to a query unrelated to foreign intelligence only once in 2016, information included as per a FISC order from November 6, 2015 that was released on April 19, 2016. As Adam Klein has written, critics often refer to this authority as the “backdoor search” loophole.

Next, the report moves on to how many reports compiled by NSA from information collected under Section 702 and containing data on U.S. persons were disseminated to other agencies, either with the U.S. person information. The report—which provides this information consistent with Recommendation 9(5) of the Privacy and Civil Liberties Oversight Board (PCLOB)—explains that the NSA shared 3,914 reports containing U.S. person identities. Of those, 2,964 contained U.S. person information that was originally “masked” (meaning that the identifying information was replaced with a phrase like “U.S. Person 1”), while 1,200 contained U.S. person information that was revealed from the beginning.

Furthermore, from the 2,964 reports that contained masked information, 1,934 U.S. Persons had their identities “unmasked” upon a request. The report notes that last year’s report provided only the number of requests, not the number of identities that were released—which was 2,232.

For 2016, the FISC issued 60 orders against 41 estimated targets for pen register and trap and trace surveillance under § 1842. The government used an estimated 125,378 targeted or non-targeted unique identifiers (email addresses or telephone numbers) used to communicate information collected, as given by service providers. Of those targeted, 43.9 percent were U.S. persons—18 in total.

Eighty-four orders were issued by the FISC for “traditional” business records (books, records, papers, etc.) under § 1861(b)(2)(B), with 88 targets and 81,035 unique identifiers used to communicate the information collected. Forty orders were issued for “call detail” records (such as originating and terminating phone number and length of call), with an estimated 42 targets, under § 1861(b)(2)(C). An whopping 151,230,968 call detail records were received from service providers, while an estimated 22,360 search terms were used to query databases of the information collected. (Bobby Chesney does the math on the number of call detail records as compared to the number of targets here.) While bulk collection of business records was terminated by the USA FREEDOM Act, the intelligence community continues to retain previously collected bulk metadata under obligations from pending litigation.

Lastly, the report details that 12,150 National Security Letters (NSLs) were issued by the FBI, encompassing 24,801 requests for information. An individual NSL can contain multiple requests for information as tallied here—for example, if a single NSL contained a request for a service provider to return records for several different email addresses. This information supplements the Justice Department’s Annual Foreign Intelligence Surveillance Act Report to Congress, which reports on the number of requests made for certain information and the number of individuals subject to an NSL. The ODNI report, on the other hand, only provides the number of NSLs issued.