Advertisement

Privacy after surveillance reform? Advocates say there’s still work to be done

A new transparency report shows what Edward Snowden-sparked surveillance reform did and didn’t do.

Director of the National Security Agency (NSA) Adm. Michael Rogers testifying on Capitol Hill in 2015 before the Senate Intelligence. CREDIT: AP Photo/Pablo Martinez Monsivais
Director of the National Security Agency (NSA) Adm. Michael Rogers testifying on Capitol Hill in 2015 before the Senate Intelligence. CREDIT: AP Photo/Pablo Martinez Monsivais

The intelligence community released its most comprehensive transparency report this week, outlining what spy agencies have been doing with Americans’ data for the past year. The most glaring takeaway: the NSA collected 151 million phone records including call data and web history in 2016.

But for privacy advocates, that statistic wasn’t the biggest concern. More troubling, they say, is that the FBI claims it only sought information on a U.S. citizen in the intelligence database—as authorized under Section 702 of the Foreign Intelligence Surveillance (FISA) Act—just one, single, solitary time.

“It’s misleading,” said Robyn Greene, policy counsel and cybersecurity and surveillance expert for New America.

The 702 database is where intelligence collected on foreign targets with information about foreign affairs is kept. Per the Office of the Director of National Intelligence’s (DNI) report, the FBI only reported the number of times it made a search on a U.S. person that yielded results that were then reviewed.

Advertisement

Greene said that’s a gross misrepresentation of how the domestic law enforcement agency uses back door surveillance access.

“It creates this appearance of the FBI being really limited in how it is using this information and doesn’t account for how this information would be used,” in a domestic criminal matter, she said.

FBI Director James Comey testified Wednesday that the FBI can search several databases at once, including the 702 database.

I search the FBI’s databases. That search necessarily will also touch the information that was collected under 702 so that we don’t miss a dot, but nobody gets access to the information that sits in the 702 database unless they’ve been trained correctly.

If there is — let’s imagine that terrorists overseas were talking about a suspect in the United States, or someone’s email address in the United States was in touch with that terrorist, and that information sits in the 702 database, and we open the case in the United States and put in that name and that email address. It will touch that data and tell us his information in the 702 database that’s relevant.

The problem, privacy advocates say, is that 702 data can capture regular people, such as journalists reporting on foreign affairs, American citizens with family overseas, or anyone with international trade connections. And the number of targets subject to 702 surveillance grows each year.

Advertisement

“It’s quite obvious that there’s quite a lot of metadata collection going on,” Greene said. Reform in 2015 meant that “instead of fishing in a lake with a net, the NSA is fishing in the ocean with a rod.” In other words, the agency is able to obtain a lot of data, but they’re somewhat restricted in how they can get it.

The number of surveillance targets increased 12.8 percent, to 106,469, from 2015 to 2016, according to the report. That number is up 19.4 percent since 2013, when former NSA contractor Edward Snowden’s document leaks kick-started reform efforts.

The report is a product of the USA Freedom Act, which passed in 2015 and ostensibly ended bulk collection of metadata but allowed intelligence agencies to maintain their investigatory powers. The law stipulates that intelligence agencies provide some statistics or insight into what data they’re collecting on Americans and under which programs.

“This is first year that we’re getting the full report. The number seems high but this is actually a good sign,” said Michelle Richardson, the Center for Democracy and Technology’s deputy director of privacy and civil liberties policy. “It could’ve been billions [of records] on the daily basis before reform, completely indiscriminate.”

Now, she said, the NSA has to identify a target with a name or phone number in order to get access to the people they’ve called or texted. The 151 million number, while high, could possibly include duplicate records from different telecom providers, group messages or hundreds of correspondence between a target and another number.

The 2016 report is the most comprehensive look at intelligence agencies’ activities and shows some improvement, but it’s also a cause for some concern.

Advertisement

“It’s a step forward from where we were five years ago, but there’s still more that needs to be done,” said Neema Singh Guliani, legislative counsel who focuses on surveillance, national security, and privacy issues with the American Civil Liberties Union (ACLU).

“We don’t have an account of the number of Americans caught under 702,” and “there were some missing statistics from the CIA, some of their queries were missing despite the fact it was put in legislation,” Singh Guliani said. The CIA, for example, has gotten waivers for some of the requirements outlined in USA Freedom Act.

Missing data points and increased secret surveillance orders aside, there’s an upside. The NSA recently stopped its 9/11-era warrantless collection of Americans’ emails and texts with foreigners under Section 702 — a privacy win. And the hope is the NSA’s decision and DNI’s report advance a much-needed conversation.

“There continues to be massive surveillance, that increases the need for oversight and surveillance reform,” Singh Guliani said. “I don’t think it’s a conversation that Congress can avoid.”

She continued, saying “What you’re hearing from Congress and the public is a call for more transparency. You’re going to hear people asking, why are there missing data fields.”