OCR of the Document

View the Document >>

Office of the Director of National Intelligence, "Statistical Transparency Report Regarding use of National Security Authorities, Annual Statistics for Calendar Year 2017", April 2018. Unclassified.

STATISTICAL TRANSPARENCY REPORT Regarding Use of National Security Authorities Calendar Year 2017 Office of Civil Liberties Privacy and Transparency April 2018 STATISTICAL TRANSPARENCY REPORT Regarding Use of National Security Authorities Calendar Year 2017 Table of Contents Introduction 3 A Background 3 B Areas Covered in this Report 4 C Context and Clarity 5 D Key Terms 5 FISA Probable Cause Authorities 7 A FISA Titles I and III 7 B FISA Title VII Sections 703 and 704 7 C Statistics 8 FISA Section 702 10 A Section 702 10 B Statistics--Orders and Targets 12 C Statistics--U S Person Queries 14 D Section 702 and FBI Investigations 19 NSA Dissemination of U S Person Information under FISA Section 702 20 A Section 702 20 B Statistics 22 FISA Criminal Use and Notice Provisions 25 A FISA Sections 106 and 305 25 B Statistics 25 FISA Title IV - Use of Pen Register and Trap and Trace PR TT Devices 27 A FISA Pen Register Trap and Trace Authority 27 B Statistics 27 FISA Title V - BUSINESS RECORDS 30 A Business Records FISA 30 B Statistics - Traditional Business Records Statistics Orders Targets Identifiers 31 C Statistics - Call Detail Record CDR Orders Targets Identifiers 32 D Statistics - Call Detail Records Queries 35 NATIONAL SECURITY LETTERS NSLs 36 A National Security Letters 36 B Statistics - National Security Letters and Requests of Information 36 APPENDIX A 39 Introduction Today consistent with the USA FREEDOM Act and the FISA Amendments Reauthorization Act of 2017 the reauthorized FAA requirements to release certain statistics codified in 50 U S C 1873 b and the Intelligence Community's IC Principles of Intelligence Transparency we are releasing our fifth annual Statistical Transparency Report Regarding Use of National Security Authorities presenting statistics on how often the government uses certain national security authorities Providing these statistics allows for an additional way to track the use of Foreign Intelligence Surveillance Act FISA authorities and gives further context to the IC's rigorous and multi-layered oversight framework that safeguards the privacy of United States person information acquired pursuant to FISA The report goes beyond its statutory duty of providing statistics and further provides the public with detailed explanation as to how the IC uses these national security authorities Additional public information on national security authorities is available at the Office of the Director of National Intelligence's ODNI website www dni gov and ODNI's public tumblr site IC on the Record Furthermore since the release of the previous report ODNI has created the new website www intelligence gov that contains additional public information on the IC's activities A Background In June 2014 the Director of National Intelligence DNI began releasing statistics relating to the use of critical national security authorities including the FISA in an annual report called the Statistical Transparency Report Regarding Use of National Security Authorities hereafter the Annual Statistical Transparency Report Subsequent Annual Statistical Transparency Reports were released in 2015 2016 and 2017 On June 2 2015 the USA FREEDOM Act was enacted codifying a requirement to publicly report many of the statistics already reported in the Annual Statistical Transparency Report The Act also expanded the scope of the information included in the reports by requiring the DNI to report information concerning United States person U S person or USP search terms and queries of certain FISA-acquired information as well as specific statistics concerning call detail records See 50 U S C 1873 b On January 19 2018 the reauthorized FAA was signed See 50 U S C 1881a The reauthorized FAA also referred to as the Section 702 Reauthorization Act of 2017 codified additional statistics that must be publicly released including many statistics that the government previously reported pursuant to its commitment to transparency 3 Page B Areas Covered in this Report This report provides statistics in the following areas the terms used below are defined and explained later in this report FISA Probable Cause Authorities The number of orders--and the number of targets under those orders--for the use of FISA authorities that require probable cause determinations by the Foreign Intelligence Surveillance Court FISC under Titles I and III and Section 703 and 704 of FISA FISA Section 702 o The number of orders--and the number of targets under those orders--issued pursuant to Section 702 of FISA o The number of U S person queries of Section 702-acquired content and metadata o The number of instances in which the Federal Bureau of Investigation FBI personnel received and reviewed Section 702-acquired information that the FBI identified as concerning a U S person in response to a query that was designed to return evidence of a crime unrelated to foreign intelligence o The number of instances in which the FBI opened under the Criminal Investigative Division an investigation of a U S person who is not considered a threat to national security based wholly or in part on Section 702-acquired information o The number of National Security Agency NSA -disseminated Section 702 reports containing U S person identities various statistics relating to reports where the U S person identity was openly named or originally masked and subsequently unmasked Use in Criminal Proceedings The number of criminal proceedings in which the United States or a State or political subdivision provided notice under FISA of the government's intent to enter into evidence or otherwise use or disclose any information derived from electronic surveillance physical search or Section 702 acquisition Pen Register and Trap and Trace Devices The number of orders--and the number of targets under those orders--for the use of FISA's pen register trap and trace devices and the number of unique identifiers used to communicate information collected pursuant to those orders Business Records The number of orders--and the number of targets under those orders--issued pursuant to FISA's business records authority and the number of unique identifiers used to communicate information collected pursuant to those orders In 4 Page addition the number of orders--and the number of targets under those orders--issued pursuant to FISA's business record authority for the production of call detail records and the number of call detail records received from providers and stored in NSA repositories National Security Letters The number of national security letters issued and the number of requests for information within those national security letters C Context and Clarity Consistent with the IC's Principles of Intelligence Transparency this report seeks to enhance public understanding by including explanations and charts for context and clarity For example the report provides charts that place the statistics in this report in context with the statistics in prior reports While these statistics provide an important point of reference for understanding the use of these authorities it is important to keep in mind the statistics' limitations The statistics fluctuate from year to year for a variety of reasons e g operational priorities world events technical capabilities some of which cannot be explored in an unclassified setting Moreover there may be no relationship between a decrease in the use of one authority and an increase in another Nonetheless we believe this report provides helpful information about how the IC uses these vital national security authorities D Key Terms Certain terms used throughout this report are described below Other terms are described in the sections in which they are most directly relevant U S Person As defined by Title I of FISA a U S person is a citizen of the United States an alien lawfully admitted for permanent residence as defined in section 101 a 20 of the Immigration and Nationality Act an unincorporated association a substantial number of members of which are citizens of the United States or aliens lawfully admitted for permanent residence or a corporation which is incorporated in the United States but does not include a corporation or an association which is a foreign power as defined in 50 U S C 1801 a 1 2 or 3 50 U S C 1801 i Section 602 of the USA FREEDOM Act however uses a narrower definition Since the broader Title I definition governs how U S person queries are conducted pursuant to the relevant minimization procedures it will be used throughout this report 5 Page Target Within the IC the term target has multiple meanings With respect to the statistics provided in this report the term target is defined as the individual person group entity composed of multiple individuals or foreign power that uses the selector such as a telephone number or email address Orders There are different types of orders that the FISC may issue in connection with FISA cases for example orders granting or modifying the government's authority to conduct foreign intelligence collection orders directing electronic communication service providers to provide any technical assistance necessary to implement the authorized foreign intelligence collection and supplemental orders and briefing orders requiring the government to take a particular action or provide the court with specific information The FISC may amend an order one or more times after it has been issued For example an order may be amended to add a newly discovered account used by the target This report does not count such amendments separately The FISC may renew some orders multiple times during the calendar year Each authority permitted under FISA has specific time limits for the FISA authority to continue e g a Section 704 order against a U S person target outside of the United States may last no longer than 90 days but FISA permits the order to be renewed see 50 U S C 1881c c 4 Each renewal requires a separate application submitted by the government to the FISC and a finding by the FISC that the application meets the requirements of FISA Thus unlike amendments this report does count each such renewal as a separate order These terms will be used consistently throughout this report Estimated Number Throughout this report when numbers are estimated the estimate comports with the statutory requirements to provide a good faith estimate of a particular number Dissemination In the most basic sense dissemination refers to the sharing of minimized information As it pertains to FISA including Section 702 if an agency in this instance NSA lawfully collects information pursuant to FISA and wants to disseminate that information the agency must first apply its minimization procedures to that information 6 Page FISA Probable Cause Authorities A FISA Titles I and III FISA Title I Title III and Title VII Section 703 and 704 To conduct electronic surveillance or physical search under FISA Title I or FISA Title III a probable cause court order is All of these authorities require individual court orders required regardless of U S person status based on probable cause Under FISA Title I permits electronic surveillance and Title III permits physical Titles I and III apply to FISA activities directed against search in the United States of foreign persons within the United States powers or agents of a foreign power for the purpose of collecting foreign Sections 703 and 704 apply to FISA activities directed intelligence information See 50 U S C against U S persons outside the United States 1804 and 1823 Title I electronic surveillance and Title III physical search are commonly referred to as Traditional FISA Both require that the FISC make a probable cause finding based upon a factual statement in the government's application that i the target is a foreign power or an agent of a foreign power as defined by FISA and ii the facility being targeted for electronic surveillance is used by or about to be used or the premises or property to be searched is or is about to be owned used possessed by or is in transit to or from a foreign power or an agent of a foreign power In addition to meeting the probable cause standard the government's application must meet the other requirements of FISA See 50 U S C 1804 a and 1823 a B FISA Title VII Sections 703 and 704 FISA Title VII Sections 703 and 704 similarly require a court order based on a finding of probable cause for the government to undertake FISA activities targeting U S persons located outside the United States Section 703 applies when the government seeks to conduct electronic surveillance or to acquire stored electronic communications or stored electronic data in a manner that otherwise requires an order pursuant to FISA of a U S person who is reasonably believed to be located outside the United States Section 704 applies when the government seeks to conduct collection overseas targeting a U S person reasonably believed to be located outside the United States under circumstances in which the U S person has a reasonable expectation of privacy and a warrant would be required if the acquisition were conducted in the United States Both Sections 703 and 704 require that the FISC make a 7 Page probable cause finding based upon a factual statement in the government's application that the target is a U S person reasonably believed to be i located outside the United States and ii a foreign power agent of a foreign power or officer or employee of a foreign power Additionally the government's application must meet the other requirements of FISA See 50 U S C 1881b b and 1881c b C Statistics How targets are counted If the IC received authorization to conduct electronic surveillance and or physical search against the same target in four separate applications the IC would count one target not four Alternatively if the IC received authorization to conduct electronic surveillance and or physical search against four targets in the same application the IC would count four targets Duplicate targets across authorities are not counted Figure 1a Table of FISA Probable Cause Court Orders and Targets Titles I and III and Sections 703 and 704 of FISA Total number of orders Estimated number of targets of such orders CY2013 CY2014 CY2015 CY2016 CY2017 1 767 1 519 1 585 1 559 1 437 1 144 1 562 1 695 1 687 1 337 See 50 U S C 1873 b 1 and 1873 b 1 A Although providing this statistic was first required by the USA FREEDOM Act the reauthorized FAA of 2017 enumerated this requirement at 50 U S C 1873 b 1 A 8 Page Figure 1b Chart of FISA Probable Cause Court Orders and Targets FISA Probable Cause Court Orders and Total Targets Titles I III and Sections 703 704 1 767 1 519 1 562 1 585 1 695 1 559 1 687 1 437 1 337 1 144 CY2013 CY2014 Total Orders CY2015 CY2016 Est Total Targets CY2017 Figure 2 Table of FISA Probable Cause Targets - U S Persons Titles I and III and Sections 703 and 704 -- Targets Estimated number of targets who are non-U S persons Estimated number of targets who are U S persons Estimated percentage of targets who are U S persons CY2016 CY2017 1 351 1 038 336 299 19 9% 22 4% See 50 U S C 1873 b 1 B and 1873 b 1 C for rows one and two respectively Previously the IC was not statutorily required to publicly provide these statistics but provided them consistent with transparency principles The reauthorized FAA of 2017 codified this requirement at 50 U S C 1873 b 1 B and 1873 b 1 C 9 Page FISA Section 702 A Section 702 Title VII - FISA Amendments Act FAA Section 702 Title VII of FISA includes Section 702 which permits the Attorney General and Commonly referred to as Section 702 the DNI to jointly authorize the targeting of i non-U S persons ii reasonably Requires individual targeting determinations that the believed to be located outside the United target 1 is a non-U S person 2 who is reasonably States iii to acquire foreign intelligence believed to be located outside the United States and 3 information See 50 U S C 1881a All who has or is expected to communicate or receive foreign three elements must be met intelligence information Additionally Section 702 requires that the Attorney General in consultation with the DNI adopt targeting procedures minimization procedures and querying procedures that they attest satisfy the statutory requirements and are consistent with the Fourth Amendment Additional information on how the government uses Section 702 is posted on IC on the Record Section 702 Targets and Tasking Under Section 702 the government targets a particular non-U S person group or entity reasonably believed to be located outside the United States and who possesses or who is likely to communicate or receive foreign intelligence information by directing an acquisition at - i e tasking - selectors e g telephone numbers and email addresses that are assessed to be used by such non-U S person group or entity pursuant to targeting procedures approved by the FISC Before tasking a selector for collection under Section 702 the government must apply its targeting procedures to ensure that the IC appropriately tasks a selector used by a non-U S person who is reasonably believed to be located outside the United States and who will likely possess communicate or receive foreign intelligence information NSA and FBI task selectors pursuant to their respective Section 702 targeting procedures which are discussed below All agencies that receive unminimized i e raw Section 702 data - NSA FBI Central Intelligence Agency CIA and National Counterterrorism Center NCTC - handle the Section 702-acquired data in accordance with minimization procedures which are explained below 10 P a g e The FISC's role Under Section 702 the FISC determines whether certifications provided jointly by the Attorney General and the DNI meet all the requirements of Section 702 If the FISC determines that the government's certifications its targeting minimization and as described below querying procedures meet the statutory requirements of Section 702 and are consistent with the Fourth Amendment then the FISC issues an order and supporting statement approving the certifications The 2016 FISC order and statement approving certifications was publicly released in May 2017 and posted on IC on the Record Certifications The certifications are jointly executed by the Attorney General and DNI and authorize the government to acquire foreign intelligence information under Section 702 Each annual certification application package must be submitted to the FISC for approval The package includes the Attorney General and DNI's certifications affidavits by certain heads of intelligence agencies targeting procedures minimization procedures and as described below querying procedures Samples of certification application packages have been publicly released on IC on the Record most recently in May 2017 The certifications identify categories of information to be collected which must meet the statutory definition of foreign intelligence information through the targeting of non-U S persons reasonably believed to be located outside the United States The certifications have included information concerning international terrorism and other topics such as the acquisition of information concerning weapons of mass destruction Targeting procedures The targeting procedures detail the steps that the government must take before tasking a selector as well as verification steps after tasking to ensure that the user of the tasked selector is being targeted appropriately - specifically that the user is a non-U S person located outside the United States who is being tasked to acquire foreign intelligence information The IC must make individual determinations that each tasked selector meets the requirements of the targeting procedures Each agency's Section 702 targeting procedures are approved by the Attorney General and then reviewed as part of the certification package by the FISC which reviews the sufficiency of each agency's targeting procedures including assessing the IC's compliance with the procedures NSA's targeting procedures signed in 2017 for the 2016 certification package have been publicly released IC on the Record Minimization procedures The minimization procedures detail requirements the government must meet to use retain and disseminate Section 702 data which include specific restrictions on how the IC handles non-publicly available U S person information acquired from Section 702 collection of non-U S person targets consistent with the needs of the government to obtain produce and disseminate foreign intelligence information Each agency's Section 702 minimization procedures are approved by the Attorney General and then reviewed as part of the certification package by the FISC which reviews the sufficiency of each agency's 11 P a g e minimization procedures including assessing the IC's compliance with past procedures The 2016 certification minimization procedures have been released on IC on the Record Querying procedures With the reauthorized FAA of 2017 Congress amended Section 702 to require that querying procedures be adopted by the Attorney General in consultation with the DNI Section 702 f requires that a record of each U S person query term be kept Similar to the other procedures the querying procedures are required to be reviewed by the FISC as part of the certification package for consistency with the statute and the Fourth Amendment Congress added other requirements in 702 f which pertain to the access of certain results of queries conducted by FBI those requirements will be discussed later in this report To date each agency's court-approved minimization procedures have provided the rules under which the agency may query their databases containing previously acquired Section 702 data content and metadata using a U S person query term As described above with the reauthorized FAA of 2017 Congress amended Section 702 to require that going forward querying procedures must be adopted by the Attorney General Query terms may be datebound and may include alphanumeric strings such as telephone numbers email addresses or terms such as a name that can be used individually or in combination with one another Pursuant to court-approved procedures an agency can only query Section 702 information if the query is reasonably likely to return foreign intelligence information or in the case of the FBI evidence of a crime Additional information about U S person queries is posted on IC on the Record Compliance The IC's adherence to the targeting and minimization procedures including query requirements is subject to robust internal agency oversight and to rigorous external oversight by the Department of Justice DOJ ODNI Congress and the FISC Every identified incidence of non-compliance is reported to the FISC through individual notices or in reports and to Congress in semiannual reports DOJ and ODNI also submit semiannual reports to Congress that assess the IC's overall compliance efforts Past assessments have been publicly released B Statistics--Orders and Targets Counting Section 702 orders As explained above the FISC may issue a single order to approve more than one Section 702 certification to acquire foreign intelligence information Note that in its own transparency report which is required pursuant to 50 U S C 1873 a the Director of the Administrative Office of the United States Courts AOUSC counted each of the Section 702 certifications associated with the FISC's order Because the number of the government's Section 702 certifications remains a classified fact the government requested that the AOUSC redact the number of certifications from its transparency report prior to publicly releasing it 12 P a g e In 2016 the government submitted a certification application package to the FISC Pursuant to 50 U S C 1881a j 2 the FISC extended its review of the 2016 certification package The FISC may extend its review of the certifications as necessary for good cause in a manner consistent with national security See 50 U S C 1881a j 2 note that with the reauthorized FAA of 2017 this section has been updated to 1881a k 2 Thus because the FISC did not complete its review of the 2016 certifications during calendar year 2016 the FISC did not issue an order concerning those certifications in calendar year 2016 The 2015 order remained in effect during the extension period On April 26 2017 the FISC issued an order authorizing the 2016 certifications Figure 3 Table of Section 702 Orders Section 702 of FISA Total number of orders issued CY2013 CY2014 1 1 CY2015 1 CY2016 CY2017 0 1 See 50 U S C 1873 b 2 Estimating Section 702 targets The number of 702 targets provided below reflects an estimate of the number of non-U S persons who are the users of tasked selectors This estimate is based on information readily available to the IC Unless and until the IC has information that links multiple selectors to a single foreign intelligence target each individual selector is counted as a separate target for purposes of this report On the other hand where the IC is aware that multiple selectors are used by the same target the IC counts the user of those selectors as a single target This counting methodology reduces the risk that the IC might inadvertently understate the number of discrete persons targeted pursuant to Section 702 13 P a g e Figure 4 Table of Section 702 Targets recall that only non-USPs are targeted Section 702 of FISA Estimated number of targets of such orders CY2013 CY2014 CY2015 CY2016 CY2017 89 138 92 707 94 368 106 469 129 080 See 50 U S C 1873 b 2 A Previously the IC was not statutorily required to publicly provide this statistic but provided it consistent with transparency principles The reauthorized FAA of 2017 codified this requirement at 50 U S C 1873 b 2 A C Statistics--U S Person Queries In July 2014 the Privacy and Civil Liberties Oversight Board PCLOB or Board issued a report on Section 702 entitled Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act PCLOB's Section 702 Report which reported U S person query statistics for calendar year 2013 See PCLOB's Section 702 Report at 57-58 The USA FREEDOM Act enacted in 2015 required the public reporting of statistics regarding the number of U S person queries of Section 702 Specifically the Act required the number of search terms concerning a known United States person used to retrieve the unminimized contents - referred as query terms of content - and the number of queries concerning a known United States person of unminimized noncontents information - referred as queries of metadata See 50 U S C 1873 b 2 B and b 2 C respectively Thus ODNI began reporting on these statistics in the Annual Statistical Transparency Report covering calendar year 2015 Below are statistics for U S person queries of raw unminimized Section 702-acquired data 1 The U S person statistics are based on a approved U S person query terms used to query 1 With the reauthorization of FAA in 2017 Congress codified new requirements regarding the access of results of certain queries conducted by the FBI Specifically under Section 702 f 2 A an order from the FISC is now required before the FBI can review the contents of a query using a U S person query term when the query was not designed to find and extract foreign intelligence information and was performed in connection with a predicated criminal investigation that does not relate to national security Before the FISC may issue such an order based on a finding of probable cause an FBI officer must apply in writing to include the officer's justification that the query results would provide evidence of criminal activity and the application must be approved by the Attorney General 14 P a g e Section 702 content and b U S person queries conducted of Section 702 noncontents i e metadata It is important to understand that these two very different numbers cannot be combined because they use different counting methodologies approved query terms versus queries conducted and different data types content versus noncontents Counting approved U S person query terms used to query Section 702 content The NSA counts the number of U S person identifiers it approved to query the content of unminimized Section 702-acquired information For example if the NSA used U S person identifier johndoe@XYZprovider to query the content of Section 702-acquired information the NSA would count it as one regardless of how many times the NSA used johndoe@XYZprovider to query its 702-acquired information The CIA started using this model in 2016 for counting query terms and those statistics were included in the Annual Statistical Transparency Report covering CY2016 When the NCTC began receiving raw Section 702 information NCTC followed a similar approach of counting U S person query terms that were used to query Section 702 content Figure 5 Illustration of how the IC counts approved U S person query terms used to query Section 702 content Query Events johndoe@XYZprovider 1 2 3 johndoe@XYZprovider johndoe@XYZprovider johndoe@123company marydoe@XYZprovider Query Terms Used johndoe@XYZprovider johndoe@123company marydoe@XYZprovider Raw Section 702 CONTENT Count 3 USP Query Terms Not counted were the 6 instances the query terms queried the content marydoe@XYZprovider 50 U S C Section 1873 b 2 A requires annual reporting of the number of times the FBI received an order pursuant to 702 f 2 A this statistic will be provided in future transparency reports 15 P a g e Figure 6a Table of U S Person Query Terms Used to Query Section 702 Content Section 702 of FISA CY2015 CY2016 CY2017 Estimated number of search terms concerning a known U S person used to retrieve the unminimized contents of communications obtained under Section 702 excluding search terms used to prevent the return of U S person information 4 672 5 288 7 512 See 50 U S C 1873 b 2 B Consistent with 50 U S C 1873 d 2 A this statistic does not include queries that are conducted by the FBI However the reauthorized FAA of 2017 codified a new reporting requirement for the FBI under 50 U S C 1873 b 2 D which is addressed later in this report Figure 6b Chart of U S Person Query Terms Used to Query Section 702 Content Number of USP Query Terms used to query the content of Section 702 information 8 000 7 512 7 000 6 000 5 000 4 000 5 288 4 672 3 000 2 000 1 000 0 CY2015 CY2016 CY2017 16 P a g e Counting queries using U S person identifiers of noncontents collected under Section 702 This estimate represents the number of times a U S person identifier is used to query the noncontents i e metadata of unminimized Section 702-acquired information For example if the U S person identifier telephone number 111-111-2222 was used 15 times to query the noncontents of Section 702-acquired information the number of queries counted would be 15 Figure 7 Illustration of how the IC counts U S person queries of Section 702 noncontents Queries Events Query Terms Approved 1 111-111-2222 2 333-444-4444 3 555-555-6666 111-111-2222 111-111-2222 111-111-2222 333-444-4444 555-555-6666 555-555-6666 Raw Section 702 NON-CONTENTS i e Metadata Count 6 USP Queries Each individual query event is counted As with last year's transparency report one IC element the CIA remains currently unable to provide the number of queries using U S person identifiers of unminimized Section 702 noncontents information for CY2017 Under 50 U S C 1873 d 3 A if the DNI concludes that this good-faith estimate cannot be determined accurately because not all of the relevant elements of the IC are able to provide this good faith estimate then the DNI is required to i certify that conclusion in writing to the relevant Congressional committees ii report the good faith estimate for those relevant elements able to provide such good faith estimate iii explain when it is reasonably anticipated that such an estimate will be able to be determined fully and accurately and iv make such certification publicly available on an Internet web site Because the CIA remained unable to provide such information for calendar year 2017 the DNI made a certification pursuant to 50 U S C 1873 d 3 A to the relevant Congressional committees As required by statute this certification is being made publicly available as an attached appendix to this current report see Appendix A As described in Appendix A CIA will be able to provide a good faith estimate of these queries for calendar year 2018 such information will be included in the 2019 annual transparency report 17 P a g e Figure 8 Table of U S Person Queries of Noncontents of Section 702 Section 702 of FISA CY2013 CY2014 CY2015 CY2016 CY2017 Estimated number of queries concerning a known U S person of unminimized noncontents information obtained under Section 702 excluding queries containing information used to prevent the return of U S person information 9 500 17 500 23 800 30 355 16 924 See 50 U S C 1873 b 2 C Consistent with 50 U S C 1873 d 2 A this statistic does not include queries that are conducted by the FBI However the reauthorized FAA of 2017 codified a new reporting requirement for the FBI under 50 U S C 1873 b 2 D which was addressed earlier in this report FISC Order Requiring Certain Section 702 Query Reporting by FBI On November 6 2015 the FISC granted the government's application for renewal of the 2015 certifications and among other things concluded that the FBI's U S person querying provisions in its minimization procedures strike a reasonable balance between the privacy interests of the United States persons and persons in the United States on the one hand and the government's national security interests on the other Memorandum Opinion and Order dated November 6 2015 at 44 released on IC on the Record on April 19 2016 The FISC further stated that the FBI conducting queries designed to return evidence of crimes unrelated to foreign intelligence does not preclude the Court from concluding that taken together the targeting and minimization procedures submitted with the 2015 Certifications are consistent with the requirements of the Fourth Amendment Id Nevertheless the FISC ordered the government to report in writing each instance after December 4 2015 in which FBI personnel receive and review Section 702-acquired information that the FBI identifies as concerning a United States person in response to a query that is not designed to find and extract foreign intelligence information Emphasis added Id at 44 and 78 The FISC directed that the report contain details of the query terms the basis for conducting the query the manner in which the query will be or has been used and other details Id at 78 In keeping with the IC's Principles of Transparency the DNI declassified the number of each such query reported to the FISC in calendar year 2016 This year the DNI has again declassified the number reported for calendar year 2017 as noted in Figure 10 18 P a g e Figure 9 Table Regarding Required Section 702 Query Reporting to the FISC Section 702 of FISA CY2016 CY2017 1 0 Per the FISC Memorandum Opinion and Order dated November 6 2015 Each reported instance in which FBI personnel received and reviewed Section 702-acquired information that the FBI identified as concerning a U S person in response to a query that was designed to return evidence of a crime unrelated to foreign intelligence D Section 702 and FBI Investigations The reauthorized FAA of 2017 now requires that the FBI report on the number of instances in which the FBI opened a criminal investigation of a U S person who is not considered a threat to national security based wholly or in part on Section 702-acquired information See 50 U S C 1873 b 2 D This statistic will provide transparency with regard to how often Section 702 collection is used for non-national security investigations conducted by the FBI Figure 10 provides the required statistic Figure 10 Table Regarding Number of FBI Investigations Opened on USPs Based on Section 702 Acquisition Section 702 of FISA The number of instances in which the FBI opened under the Criminal Investigative Division or any successor division an investigation of a U S person who is not considered a threat to national security based wholly or in part on an acquisition authorized under Section 702 CY2017 0 See 50 U S C 1873 b 2 D 19 P a g e NSA Dissemination of U S Person Information under FISA Section 702 A Section 702 In July 2014 the PCLOB's Section 702 Report contained 10 recommendations Recommendation 9 focused on accountability and transparency noting that the government should implement measures to provide insight about the extent to which the NSA acquires and utilizes the communications involving U S persons and people located in the United States under the Section 702 program PCLOB's Section 702 Report at 145-146 Specifically the PCLOB recommended that the NSA should implement processes to annually count 5 the number of instances in which the NSA disseminates non-public information about U S persons specifically distinguishing disseminations that includes names titles or other identifiers such as telephone numbers or e-mail addresses potentially associated with individuals Id at 146 This recommendation is commonly referred to as Recommendation 9 5 In response to the PCLOB's July 2014 Recommendation 9 5 NSA previously publicly provided in the Annual Statistical Transparency Report for calendar year 2015 and continues to provide the following additional information regarding the dissemination of Section 702 intelligence reports that contain U S person information Because the PCLOB issued its recommendation in 2014 these statistics were not included in Annual Statistical Transparency Report for calendar years 2013 or 2014 NSA has been providing similar information to Congress since 2009 in classified form per FISA reporting requirements For example FISA Section 702 m 3 requires that NSA annually submit a report to applicable Congressional committees regarding certain numbers pertaining to the acquisition of Section 702-acquired information including the number of disseminated intelligence reports containing a reference to a United States person identity See 50 U S C 1881a m A 3 i prior to the reauthorized FAA of 2017under 1881a l 3 A i Section 702a m A 3 also requires that the number of United States-person identities subsequently disseminated by NSA in response to request for identities that were not referred to by name or title in the original reporting See 50 U S C 1881a m 3 A ii This second requirement refers to NSA providing the number of approved unmasking requests which is explained below Additionally NSA provides the number of NSA's disseminated intelligence reports containing a U S person reference to Congress as part of the Attorney General and the DNI's joint assessment of compliance See 50 U S C 1881a m 1 prior to the reauthorized FAA of 2017under 1881a l 1 Prior to the PCLOB issuing its Section 702 Report NSA's Director of the Civil Liberties Privacy and Transparency Office published NSA's Implementation of Foreign Intelligence Surveillance Act Section 702 on April 16 2014 hereinafter NSA DCLPO Report in which it explained 20 P a g e NSA's dissemination processes NSA DCLPO Report at 7-8 NSA only generates classified intelligence reports when the information meets a specific intelligence requirement regardless of whether the proposed report contains U S person information NSA DCLPO Report at 7 Section 702 only permits the targeting of non-U S persons reasonably believed to be located outside the United States to acquire foreign intelligence information Such targets however may communicate information to from or about U S persons NSA minimization procedures publicly released on May 11 2017 permit the NSA to disseminate U S person information if the NSA masks the information that could identify the U S person The minimization procedures also permit NSA to disseminate the U S person identity only if doing so meets one of the specified reasons listed in NSA's minimization procedures including that the U S person consented to the dissemination the U S person information was already publicly available the U S person identity was necessary to understand foreign intelligence information or the communication contained evidence of a crime and is being disseminated to law enforcement authorities Even if one these conditions applies as a matter of policy NSA may still mask the U S person information and will include no more than the minimum amount of U S person information necessary to understand the foreign intelligence or to describe the crime or threat Id In certain instances however NSA makes a determination prior to releasing its original classified report that the U S person's identity is appropriate to disseminate in the first instance using the same standards discussed above Masked U S Person Information Agency minimization procedures generally provide for the substitution of a U S person identity with a generic phrase or term if the identity otherwise does not meet the dissemination criteria this is informally referred to as masking the identity of the U S person Information about a U S person is masked when the identifying information about the person is not included in a report For example instead of reporting that Section 702acquired information revealed that non-U S person Bad Guy communicated with U S person John Doe i e the actual name of the U S person the report would mask John Doe's identity and would state that Bad Guy communicated with an identified U S person a named U S person or a U S person Unmasking U S Person Information Recipients of NSA's classified reports such as other federal agencies may request that NSA provide the U S person identity that was masked in an intelligence report The requested identity information is released only if the requesting recipient has a need to know the identity of the U S person and if the dissemination of the U S person's identity would be consistent with NSA's minimization procedures e g the identity is necessary to understand foreign intelligence information or assess its importance and additional approval has been provided by a designated NSA official 21 P a g e As part of their regular oversight reviews DOJ and ODNI review disseminations of information about U S persons that NSA obtained pursuant to Section 702 to ensure that the disseminations were performed in compliance with the minimization procedures Additional information describing how the IC protects U S person information obtained pursuant to FISA provisions is provided in recent reports by the civil liberties and privacy officers for the ODNI including NCTC NSA FBI and CIA The reports collectively documented the rigorous and multi-layered framework that safeguards the privacy of U S person information in FISA disseminations See ODNI Report on Protecting U S Person Identities in Disseminations under FISA and annexes containing agency specific reports B Statistics Below are statistics and charts to further explain how NSA disseminates U S person information incidentally acquired from Section 702 in classified intelligence reports NSA may i ii iii openly name i e originally reveal the U S person in the report initially mask i e not reveal the U S person identity in the report or in the instances where the U S person identity was initially masked upon a specific request later reveal and unmask the U S person identity but only to the requestor This year's report presents the dissemination numbers in a different format from the previous report to facilitate understanding and to provide consistency with NSA's classified FISA Section 702 m 3 reports to Congress This report separates the number of reports in Figure 11 from the statistics relating to the U S person identities later disseminated in Figure 12 NSA applies its minimization procedures in preparing its classified intelligence reports and then disseminates the reports to authorized recipients with a need to know the information in order to perform their official duties Very few of NSA's intelligence reports from Section 702 collection contain references to U S person identities whether masked or openly named The first row of Figure 11 provides an accounting of the number of disseminated intelligence reports containing a reference to a United States-person identity See 50 U S C 1881a m 3 A i Note that a single report could contain multiple U S person identities masked and or openly named NSA's counting methodology is to include any disseminated intelligence report that contains a reference to one or more U S person identities whether masked or openly named even if the report includes information from other sources NSA does not maintain records that allow it to readily determine in the case of an intelligence report that includes information from several sources from which source a reference to a U S person identity was derived Accordingly the references to U S person identities may have resulted 22 P a g e from Section 702 authorized collection or from other authorized signals intelligence activity conducted by NSA This counting methodology was used in the previous report and is used in NSA's FISA Section 702 m 3 report As noted above a U S person is a citizen of the United States an alien lawfully admitted for permanent residence as defined in section 101 a 20 of the Immigration and Nationality Act an unincorporated association a substantial number of members of which are citizens of the United States or aliens lawfully admitted for permanent residence or a corporation which is incorporated in the United States but does not include a corporation or an association which is a foreign power as defined in 50 U S C 1801 a 1 2 or 3 See 50 U S C 1801 i The second row of Figure 11 provides the number of reports containing U S person identities where the U S person identity was masked in the report The third row provides the number of reports containing U S person identities where the U S person was openly named in the report Figure 11 Table of Section 702 Reports Containing USP information unmasked by NSA Section 702 Reports Containing U S person USP information disseminated by NSA CY2016 CY2017 Reports - Total number of NSA disseminated 702 reports containing USP identities regardless of whether the identity was openly named or masked 3 914 4 065 Reports - Total number of NSA disseminated 702 reports containing USP identities where the USP identity was masked 2 964 3 034 Reports - Total number of NSA disseminated 702 reports containing USP identities where the USP was openly named 1 200 1 341 As explained above rows 2 and 3 will not total row 1 because one report may contain both masked and openly namely identities Figure 12 provides statistics relating to the numbers of U S person identities that were originally masked in those reports counted in Figure 11 but which NSA later provided to authorized requestors i e unmasked during CY2017 This statistic is the number required to be reported to Congress in NSA's FISA Section 702 m 3 report In other words Figure 12 provides an accounting of the number of United States-person identities subsequently disseminated by NSA in response to requests for identities that were not referred to by name or title in the original reporting See 50 U S C 1881a m 3 A ii This number is different than numbers provided in either CY2015 or the CY2016 Annual Statistical Transparency Report NSA has decided to declassify the total number of U S person identities unmasked in response to a request The U S person identities include individuals as well as non-individual entities 23 P a g e whose identities NSA masks pursuant to law or policy These non-individual entities include for example U S IP addresses and artificial persons such as corporations Previously the Annual Statistical Transparency Report focused on responding to the PCLOB's report recommendation 9 5 by counting only those U S person identities where the proper name or title of an individual was unmasked it did not count any other unmasking such as email addresses or telephone numbers or U S IP addresses or U S corporations Rather than distinguishing between the different ways a U S person might be named in an intelligence report NSA will provide the total number of U S person identities unmasked in response to a specific request from another agency whether it is a title of an individual an identifier such as an email address an IP address or a corporation Thus this current Annual Statistical Transparency Report in Figure 12 reports that same metric that is reported in NSA's FISA Section 702 m 3 However because NSA's FISA Section 702 m 3 reports have a time period of September through August comparing the two reporting years is not an exact comparison Figure 12 Table of Section 702 USP Identities disseminated by NSA Section 702 - U S person USP identities unmasked by NSA The number of U S person identities that NSA unmasked in response to a specific request from another agency 12 month period CY2017 Sep 2015-Aug 2016 9 217 9 529 Beginning with next year's transparency report due April 2019 ODNI will report statistics pertaining to how the IC disseminates U S person information regardless of the legal authority under which the information was collected not only FISA Section 702 See ICPG 107 1 Specifically ODNI will report 1 the total number of requests to identify U S persons whose identity was originally omitted in disseminated intelligence reports 2 the total number of those requests approved and 3 the total number of those requests denied 24 P a g e FISA Criminal Use and Notice Provisions A FISA Sections 106 and 305 FISA Sections 106 and 305 FISA Section 106 requires advance - Criminal Use and Notice Provisions - authorization from the Attorney General before any information Commonly referred to as the criminal use provision acquired through Title I electronic surveillance may be used in a criminal Section 106 applies to information acquired from Title I proceeding This authorization from the electronic surveillance Section 305 applies to information Attorney General is defined to include acquired from Title III physical search authorization by the Acting Attorney General Deputy Attorney General or Attorney General advance authorization is required upon designation by the Attorney before such information may be used in a criminal General the Assistant Attorney General proceeding if such information is used or intended to be for National Security Section 106 also used against an aggrieved person that person must be requires that if a government entity given notice of the information and have a chance to intends to introduce into evidence in suppress the information any trial hearing or other proceeding against an aggrieved person The reauthorized FAA of 2017 codified that statistics information obtained or derived from must be provided to the public as it pertained to Section electronic surveillance it must notify 106 Section 305 as well as Section 702 acquired the aggrieved person and the court information The aggrieved person is then entitled to seek suppression of the information FISA Section 706 requires that any information acquired pursuant to Section 702 be treated as electronic surveillance under Title I including for purposes of the use notice and suppression requirements under Section 106 FISA Section 305 provides the same requirements for information acquired through Title III physical search i e advance authorization notice and opportunity to suppress B Statistics The reauthorized FAA of 2017codified that certain statistics concerning criminal proceedings must be provided to the public pertaining to Sections 106 and 305 including Section 702acquired information Specifically figure 13 provides that in 2017 the Government filed notice of intent to use FISA-acquired information pursuant to Section 106 or 305 in seven 7 separate criminal proceedings 25 P a g e Figure 13 Table Regarding Number of Criminal Proceedings in which the Government Provided Notice of Its Intent to Use Cert FISA Information FISA Sections 106 and 305 The number of criminal proceedings in which the United States or a State or political subdivision thereof provided notice pursuant to Section 106 including with respect to Section 702-acquired information or Section 305 of the government's intent to enter into evidence or otherwise use or disclose any information obtained or derived from electronic surveillance physical search or Section 702 acquisition CY2017 7 26 P a g e FISA Title IV - Use of Pen Register and Trap and Trace PR TT Devices A FISA PR TT Authority FISA Title IV Title IV of FISA authorizes the use of pen register and trap and trace PR TT Commonly referred to as the PR TT provision devices for foreign intelligence purposes Title IV authorizes the government to use Bulk collection is prohibited a PR TT device to seek and capture dialing routing addressing or signaling Requires individual FISC order to use PR TT device to DRAS information The government capture dialing routing addressing or signaling DRAS may submit an application to the FISC for information an order approving the use of a PR TT device i e PR TT order for i any Government request to use a PR TT device on U S investigation to obtain foreign person target must be based on an investigation to intelligence information not concerning a protect against terrorism or clandestine intelligence United States person or ii to protect activities and that investigation must not be based solely against international terrorism or on the basis of activities protected by the First clandestine intelligence activities Amendment to the Constitution provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the First Amendment to the Constitution 50 U S C 1842 a If the FISC finds that the government's application sufficiently meets the requirements of FISA the FISC must issue an order for the installation and use of a PR TT device B Statistics Counting orders Similar to how orders were counted for Titles I and III and Sections 703 and 704 this report only counts the orders granting authority to conduct intelligence collection -the order for the installation and use of a PR TT device Thus renewal orders are counted as a separate order modification orders and amendments are not counted Estimating the number of targets The government's methodology for counting PR TT targets is similar to the methodology described above for counting targets of electronic surveillance and or physical search If the IC received authorization for the installation and use of a PR TT device against the same target in four separate applications the IC would count one target not 27 P a g e four Alternatively if the IC received authorization for the installation and use of a PR TT device against four targets in the same application the IC would count four targets Estimating the number of unique identifiers This statistic counts 1 the targeted identifiers and 2 the non-targeted identifiers e g telephone numbers and e-mail addresses that were in contact with the targeted identifiers Specifically the House Report on the USA FREEDOM Act states that t he phrase 'unique identifiers used to communicate information collected pursuant to such orders' means the total number of for example email addresses or phone numbers that have been collected as a result of these particular types of FISA orders--not just the number of target email addresses or phone numbers H R Rept 114-109 Part I p 26 with certain exceptions noted Figure 14 Table of PR TT Orders Targets and Unique Identifiers Collected Title IV of FISA CY2013 CY2014 CY2015 CY2016 CY2017 Total number of orders 131 135 90 60 33 Estimated number of targets of such orders 319 516 456 41 27 - - 134 987# 81 035# 56 064# PR TT FISA Estimated number of unique identifiers used to communicate information collected pursuant to such orders See 50 U S C 1873 b 3 1873 b 3 A and 1873 b 3 B Pursuant to 1873 d 2 B this statistic does not apply to orders resulting in the acquisition of information by the FBI that does not include electronic mail addresses or telephone numbers # This number represents information the government received from provider s electronically for the entire calendar year The government does not have a process for capturing unique identifiers received by other means such as hard-copy or portable media Last year the FBI mistakenly interchanged the number of unique identifiers for business records and PR TT orders reporting the number of business records unique identifiers as PR TT unique identifiers and vice versa This report corrects the error and accurately identifies the legal authority under which the FBI obtained the unique identifiers 28 P a g e Figure 15 Table of FISA PR TT Targets - U S Persons and Non-U S Persons PR TT Targets CY2016 CY2017 Estimated number of targets who are non-U S persons 23 16 Estimated number of targets who are U S persons 18 11 43 9% 40 7% Estimated percentage of targets who are U S persons See 50 U S C 1873 b 3 A i and 1873 b 3 A ii for rows one and two respectively Previously the IC was not statutorily required to publicly provide these statistics but provided them consistent with transparency principles The reauthorized FAA of 2017 codified this requirement at 50 U S C 1873 b 3 A i and 1873 b 3 A ii 29 P a g e FISA Title V - Business Records A Business Records FISA Under FISA Title V authorizes the government to submit an application for an order requiring the production of any tangible things for i an investigation to obtain foreign intelligence information not concerning a United States person or ii to protect against international terrorism or clandestine intelligence activities provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the First Amendment to the Constitution 50 U S C 1861 Title V is commonly referred to as the Business Records provision of FISA FISA Title V Commonly referred to as Business Records provision Bulk collection is prohibited Call Detail Records CDRs may be obtained from a telephone company if the FISC issues an individual court order for target's records Request for records in an investigation of a U S person must be based on an investigation to protect against terrorism or clandestine intelligence activities and provided that the investigation is not conducted solely upon activities protected by the First Amendment to the Constitution In June 2015 the USA FREEDOM Act was signed into law and among other things it amended Title V including by prohibiting bulk collection See 50 U S C 1861 b 1861 k 4 The DNI is required to report various statistics about two Title V provisions - traditional business records and call detail records discussed further below On November 28 2015 in compliance with amendments enacted by the USA FREEDOM Act the IC terminated collection of bulk telephony metadata under Title V of the FISA the Section 215 Program Solely due to legal obligations to preserve records in certain pending civil litigation including First Unitarian Church of Los Angeles et al v National Security Agency et al No C 13-03287-JSW N D Cal and Jewel et al v National Security Agency et al No C 08-04373-JSW N D Cal the IC continues to preserve previously collected bulk telephony metadata Under the terms of a FISC order dated November 24 2015 the bulk telephony metadata cannot be used or accessed for any purpose other than compliance with preservation obligations Once the government's preservation obligations are lifted the government is required to promptly destroy all bulk metadata produced by telecommunications providers under the Section 215 Program 30 P a g e As noted in last year's Annual Statistical Transparency Report on November 30 2015 the IC implemented certain provisions of the USA FREEDOM Act including the call detail records provision and the requirement to use a specific selection term Accordingly only one month's worth of data for calendar year 2015 was available with respect to those provisions Any statistical information relating to a particular FISA authority for a particular month remains classified Therefore the Title V data specifically associated with December 2015 was only released in a classified annex provided to Congress as part of the report for CY2015 For the CY 2016 report statistical information was collected for an entire year under the USA FREEDOM Act Title V provisions As a result those statistics were included in that report For the CY 2017 report statistical information was collected for an entire year under the USA FREEDOM Act Title V provisions As a result those statistics are included in this report Statistics related to traditional business records under Title V Section 501 b 2 B are provided first pursuant to 50 U S C 1873 b 5 Statistics related to call detail records under Title V Section 501 b 2 C are provided second pursuant to 50 U S C 1873 b 6 B Statistics - Traditional Business Records Statistics Orders Targets Identifiers Business Record BR requests for tangible things include books records papers documents and other items pursuant to 50 U S C 1861 b 2 B also referred to as Section 501 b 2 B These are commonly referred to as Traditional Business Records Estimating the number of unique identifiers This is an estimate of the number of 1 targeted identifiers e g telephone numbers and email addresses and 2 non-targeted identifiers that were in contact with the targeted identifiers This metric represents unique identifiers received electronically from the provider s The government does not have a process for capturing unique identifiers received by other means i e hard-copy or portable media Explaining how we count BR statistics As an example of the government's methodology assume that in 2017 the government submitted a BR request targeting John Doe with email addresses john doe@serviceproviderX john doe@serviceproviderY and john doe@serviceproviderZ The FISC found that the application met the requirements of Title V and issued orders granting the application and directing service providers X Y and Z to produce business records pursuant to Section 501 b 2 B Provider X returned 10 nontargeted email addresses that were in contact with the target provider Y returned 10 nontargeted email addresses that were in contact with the target and provider Z returned 10 nontargeted email addresses that were in contact with the target Based on this scenario we would report the following statistics A one order by the FISC for the production of tangible things B 31 P a g e one target of said orders and C 33 unique identifiers representing three targeted email addresses plus 30 non-targeted email addresses Figure 16 Table of Traditional Business Records Orders Targets and Unique Identifiers Collected Business Records BR - Section 501 b 2 B CY2016 CY2017 Total number of orders issued pursuant to applications under Section 501 b 2 B 84 77 Estimated number of targets of such orders 88 74 125 354 87 834 Estimated number of unique identifiers used to communicate information collected pursuant to such orders See 50 U S C 1873 b 5 1873 b 5 A and 1873 b 5 B Last year the FBI mistakenly interchanged the number of unique identifiers for business records and PR TT orders reporting the number of business records unique identifiers as PR TT unique identifiers and vice versa This report corrects the error and accurately identifies the legal authority under which the FBI obtained the unique identifiers C Statistics - Call Detail Record CDR Orders Targets Identifiers Call Detail Records CDRs - commonly referred to as call event metadata - may be obtained from traditional telecommunications providers pursuant to 50 U S C 1861 b 2 C A CDR is defined as session identifying information such as originating or terminating telephone number an International Mobile Subscriber Identity IMSI number or an International Mobile Station Equipment Identity IMEI number a telephone calling card number or the time or duration of a call See 50 U S C 1861 k 3 A CDRs provided to the government do not include the content of any communication the name address or financial information of a subscriber or customer or cell site location or global positioning system information See 50 U S C 1861 k 3 B CDRs are stored and queried by the service providers See 50 U S C 1861 c 2 Estimating the number of targets of CDR orders A target is the person using the selector For example if a target uses four selectors that have been approved the number counted for purposes of this report would be one target not four Alternatively if two targets are using one selector that has been approved the number counted would be two targets 32 P a g e Figure 17 Table of CDR Orders and Targets Call Detail Records CDRs - Section 501 b 2 C CY2016 CY2017 Total number of orders issued pursuant to applications under Section 501 b 2 C 40 40 Estimated number of targets of such orders 42 40 See 50 U S C 1873 b 6 and 1873 b 6 A The estimated number of Call Detail Records received from providers This metric represents the number of records received from the provider s and stored in NSA repositories records that fail at any of a variety of validation steps are not included in this number CDRs covered by 501 b 2 C include call detail records created before on or after the date of the application relating to an authorized investigation While the USA FREEDOM Act directs the government to provide a good faith estimate of the number of unique identifiers used to communicate information collected pursuant to orders issued in response to CDR applications see 50 U S C 1873 b 5 B the statistic below does not reflect the number of unique identifiers contained within the call detail records received from the providers As of the date of this report the government does not have the technical ability to isolate the number of unique identifiers within records received from the providers As explained in the 2016 NSA public report on the USA FREEDOM Act the metric provided is over-inclusive because the government counts each record separately even if the government receives the same record multiple times whether from one provider or multiple providers Additionally this metric includes duplicates of unique identifiers - i e because the government lacks the technical ability to isolate unique identifiers the statistic counts the number of records even if unique identifiers are repeated For example if one unique identifier is associated with multiple calls to a second unique identifier it will be counted multiple times Similarly if two different providers submit records showing the same two unique identifiers in contact then those would also be counted This statistic includes records that were received from the providers in CY2017 for all orders active for any portion of the year which includes orders that the FISC approved in 2016 Furthermore while the records are received from domestic communications service providers the records received are for domestic and foreign numbers More information on how NSA implements this authority can be found in the DCLPO report in particular see page 5 for a description and illustration of the USA FREEDOM Implementation Architecture 33 P a g e Figure 18 Illustration of a hop scenario and counting st 1 Hops nd 2 Hops PHONE D PHONE B PHONE E PHONE A PHONE F PHONE C PHONE G Target uses Phone A which is the FISC-approved selector in the FISC order This would count as 1 order 1 target 7 unique identifiers phones A B C D E F G and assuming 500 calls between parties 6000 CDRs produced for both sides of a call event Assume an NSA intelligence analyst learns that phone number Phone A is being used by a suspected international terrorist target Phone A is the specific selection term or selector that will be submitted to the FISC or the Attorney General in an emergency for approval using the reasonable articulable suspicion RAS standard Assume that one provider provider X submits a record showing Phone A called unique identifier Phone B - what is referred to as a call event This is the first hop In turn assume that NSA submits the first-hop Phone B to the provider X and finds that unique identifier was used to call another unique identifier Phone D This is the second-hop If the unique identifiers call one another multiple times then multiple CDRs are produced and duplication occurs Additionally the government may receive multiple CDRs for a single call event NSA may also submit the specific selection Phone A number to another provider provider Y who may have CDRs of the same call events Not all CDRs provided to the government will be domestic numbers The targeted specific selection term could be a foreign number could have called a foreign number or the first- 34 P a g e hop number could have called a foreign number thus these CDRs statistics contain both domestic and foreign number results Figure 19 Table of CDRs Received Arising from Such Targets Call Detail Records CDRs - Section 501 b 2 C CY2016 CY2017 Estimated number of call detail records arising from such targets that NSA received from providers pursuant to Section 501 b 2 C and stored in its repositories 151 230 968 534 396 285 While the statute directs the government to count the unique identifiers the government is not technically able to isolate the number of unique identifiers thus this number includes duplicate records Additionally the number of records contains both domestic and foreign numbers D Statistics - Call Detail Record Queries The number of search terms associated with a U S person used to query the CDR data Each unique query is counted only once The same term queried 10 times counts as one query term A single query with 20 terms counts as 20 query terms Figure 20 Table of CDRs -- U S person query terms Call Detail Records CDRs - Section 501 b 2 C CY2016 CY2017 Estimated number of search terms that included information concerning a U S person that were used to query any database of call detail records obtained through the use of such orders 22 360 31 196 See 50 U S C 1873 b 6 C Consistent with 1873 d 2 A this statistic does not include queries that are conducted by the FBI 35 P a g e National Security Letters NSLs A National Security Letters National Security Letters In addition to statistics relating to FISA authorities we are reporting information on the government's use of National Security Letters NSLs The FBI is statutorily authorized to issue NSLs for specific records as specified below only if the information being sought is relevant to a national security investigation NSLs may be issued for four commonly used types of records Not authorized by FISA but by other statutes Bulk collection is prohibited however by the USA FREEDOM Act FBI may only use NSLs if the information sought is relevant to international counterterrorism or counterintelligence investigation 1 telephone subscriber information toll records and other electronic communication transactional records see 18 U S C 2709 2 consumer-identifying information possessed by consumer reporting agencies names addresses places of employment institutions at which a consumer has maintained an account see 15 U S C 1681u 3 full credit reports see 15 U S C 1681v only for counterterrorism not for counterintelligence investigations and 4 financial records see 12 U S C 3414 B Statistics - National Security Letters and Requests of Information Counting NSLs Today we are reporting 1 the total number of NSLs issued for all persons and 2 the total number of requests for information ROI contained within those NSLs When a single NSL contains multiple ROIs each is considered a request and each request must be relevant to the same pending investigation For example if the government issued one NSL seeking subscriber information from one provider and that NSL identified three e-mail addresses for the provider to return records this would count as one NSL issued and three ROIs 36 P a g e The Department of Justice's Report on NSLs In May 2018 the Department of Justice released its Annual Foreign Intelligence Surveillance Act Report to Congress That report which is available online provides the number of requests made for certain information concerning different U S persons pursuant to NSL authorities during calendar year 2017 The Department of Justice's report provides the number of individuals subject to an NSL whereas the ODNI's report provides the number of NSLs issued Because one person may be subject to more than one NSL in an annual period the number of NSLs issued and the number of persons subject to an NSL differs Why we report the number of NSL requests instead of the number of NSL targets We are reporting the annual number of requests for multiple reasons First the FBI's systems are configured to comply with Congressional reporting requirements which do not require the FBI to track the number of individuals or organizations that are the subject of an NSL Even if the FBI systems were configured differently it would still be difficult to identify the number of specific individuals or organizations that are the subjects of NSLs One reason for this is that the subscriber information returned to the FBI in response to an NSL may identify for example one subscriber for three accounts or it may identify different subscribers for each account In some cases this occurs because the identification information provided by the subscriber to the provider may not be true For example a subscriber may use a fictitious name or alias when creating the account Thus in many instances the FBI never identifies the actual subscriber of a facility In other cases this occurs because individual subscribers may identify themselves differently for each account e g inclusion of middle name middle initial etc when creating an account We also note that the actual number of individuals or organizations that are the subject of an NSL is different than the number of NSL requests The FBI often issues NSLs under different legal authorities e g 12 U S C 3414 a 5 15 U S C 1681u a and b 15 U S C 1681v and 18 U S C 2709 for the same individual or organization The FBI may also serve multiple NSLs for an individual for multiple facilities e g multiple e-mail accounts landline telephone numbers and cellular phone numbers The number of requests consequently is significantly larger than the number of individuals or organizations that are the subjects of the NSLs 37 P a g e Figure 21a Table of NSLs Issued and Requests for Information National Security Letters NSLs CY2013 CY2014 CY2015 CY2016 CY2017 Total number of NSLs issued 19 212 16 348 12 870 12 150 12 762 Number of Requests for Information ROI 38 832 33 024 48 642 24 801 41 579 See 50 U S C 1873 b 6 Figure 21b Chart of NSLs Issued and Requests for Information Total NSLs Issued and Total ROIs within those NSLs 70 000 60 000 50 000 40 000 38 832 33 024 30 000 48 642 24 801 20 000 10 000 41 579 19 212 16 348 12 870 12 150 12 762 CY2013 CY2014 CY2015 CY2016 CY2017 0 NSLs Issued ROIs in NSLs 38 P a g e APPENDIX UNCLASSIFIED DIRECTOR OF NATIONAL INTELLIGENCE WASHINGTON DC 20511 MAY 0 4 2018 The Honorable Richard Burr The Honorable Chuck Grassley Chairman Chairman Select Committee on Intelligence Committee on the Judiciary United States Senate United States Senate The Honorable Devin Nunes The Honorable Robert W Goodlatte Chairman Chairman Permanent Select Committee on Intelligence Committee on the Judiciary US House of Representatives US House of Representatives Dear Messrs Chairmen Section 603 b 2 B of the Foreign Intelligence Surveillance Act FISA as amended by the Uniting and Strengthening America by Fulfilling Rights and Ensuring E ective Discipline Over Monitoring Act #2015 129 Stat 268 hereinafter USA FREEDOM Act requires the Director of National Intelligence DNI to make publicly available for the preceding 12 month period a good faith estimate of the number of queries concerning a known United States person of unminimized non content information relating to electronic communications or wire communications obtained through acquisitions authorized under Section 702 of FISA excluding the number of queries containing information used to prevent the return of information concerning a United States person If the DN1 concludes that this good faith estimate cannot be determined accurately because not all of the relevant elements of the Intelligence Community 1C are able to provide this good faith estimate then FISA requires him to certify that conclusion in writing to the committees identi ed above ii report the good faith estimate for those relevant elements able to provide such good faith estimate explain when it is reasonably anticipated that such an estimate will be able to be determined fully and accurately and iv make such certification publicly available on an Internet website I conclude that the good faith estimate required under section 603 b 2 B of FISA cannot be determined accurately because not all of the relevant elements of the IC are able to provide this good faith estimate Specifically the Central Intelligence Agency CIA remained unable to provide such information for calendar year 2017 The enclosed report includes the good faith estimate for those relevant IC elements that were able to provide such good faith estimate Based on the information provided to me by the CIA I reasonably anticipate that such an estimate will be able to be determined fully and accurately by the end of calendar year 2018 so as to be included in the 2019 report UNCLASSIFIED UNCLASSIFIED The Honorable Richard Burr The Honorable Chuck Grassley The Honorable Devin Nunes The Honorable Robert W Goodlatte If you have any questions regarding this matter please contact the Office of the Director of National Intelligence Office of Legislative Affairs at 703 275 2474 Sincerely Cal Zea Daniel R Coats Enclosure Statistical Transparency Report CC Executive Secretary National Security Staff Director Central Intelligence Agency Under Secretary of Defense for Intelligence Under Secretary for Intelligence and Analysis Department of Homeland Security Director National Security Agency Director National Reconnaissance Office Director Defense Intelligence Agency Director National Geospatial Intelligence Agency Assistant Secretary for Intelligence and Research Department of State Assistant Secretary for Intelligence and Analysis Department of the Treasury Executive Assistance Director Intelligence Branch Federal Bureau of Investigation Chief of Intelligence Senior Officer Drug Enforcement Administration Director Of ce of Intelligence and Counterintelligence Department of Energy Deputy Chief of Staff G2 Army Director of Intelligence U S Marine Corps Director of Naval Intelligence N2 U S Navy Deputy Chief of Staff for Intelligence Surveillance and Reconnaissance A2 U S Air Force Deputy Chief of Staff for Intelligence and Criminal Investigations U S Coast Guard Assistant Attorney General for National Security Department of Justice UNCLASSIFIED This document is from the holdings of The National Security Archive Suite 701 Gelman Library The George Washington University 2130 H Street NW Washington D C 20037 Phone 202 994-7000 Fax 202 994-7005 nsarchiv@gwu edu