NSA Spied On 534 Million US Calls In 2017, Up Sharply From 2016

The NSA collected "call detail records" from over 500 million Americans' phone calls in 2017, over three times the number gathered in 2016 according to a new report from the Office of the Director of National Intelligence (ODNI).

This marks the second year of reporting following the passage of the 2015 USA FREEDOM Act - which requires that the DNI make public various search terms and surveillance statistics of collected "Call Detail Records," in an Annual Statistical Transparency Report meant to limit the bulk collection of records.

The sharp increase to 534 million call records from 151 million occurred during the second full year of a new surveillance system established at the spy agency after U.S. lawmakers passed a law in 2015 that sought to limit its ability to collect such records in bulk. The reason for the spike was not immediately clear. -Reuters

To that end, the "shocking" 2017 figure of 534 million CDRs collected pales in comparison to the estimated billions of records collected each day under the old NSA bulk collection system exposed by former US intelligence contractor Edward Snowden - and an earlier iteration of which was exposed by NSA whistleblower William Binney. 

In a statement, Timothy Barrett, a spokesman at the Office of the Director of National Intelligence, which released the annual report, said the government “has not altered the manner in which it uses its authority to obtain call detail records.”

The NSA has found that a number of factors may influence the amount of records collected, Barrett said. -Reuters

The DNI notes, however, that "the CIA, remains currently unable to provide the number of queries using U.S. person identifiers of unminimized section 702 noncontents information for CY2017." 

What's a 702 target?

According to the report, "Under Section 702, the government “targets” a particular non-U.S. person, group, or entity reasonably believed to be located outside the United States and who possesses, or who is likely to communicate or receive, foreign intelligence information, by directing an acquisition at – i.e., “tasking” – selectors (e.g., telephone numbers and email addresses) that are assessed to be used by such non-U.S. person, group, or entity, pursuant to targeting procedures approved by the FISC. Before “tasking” a selector for collection under Section 702, the government must apply its targeting procedures to ensure that the IC appropriately tasks a selector used by a non-U.S. person who is reasonably believed to be located outside the United States and who will likely possess, communicate, or receive foreign intelligence information.

What is a Call Detail Record?

The ODNI defines a CDR as "session identifying information (such as originating or terminating telephone number, an International Mobile Subscriber Identity (IMSI) number, or an International Mobile Station Equipment Identity (IMEI) number), a telephone calling card number, or the time or duration of a call. See 50 U.S.C. §1861(k)(3)(A)."

That said, "CDRs provided to the government do not include the content of any communication, the name, address, or financial information of a subscriber or customer, or cell site location or global positioning system information."

A number of factors influence the volume of records collected, said Barrett, which include "the number of Court-approved selection terms - like a phone number - that are used by the target; the way targets use those selection terms; the amount of historical data that providers retain; and the dynamics of the ever-changing telecommunications sector," adding “We expect this number to fluctuate from year to year.”

To see how CDRs add up, the DNI report has provided a handy illustration which shows how one FISA court order might lead to the collection of 6,000 records.

"Assume an NSA intelligence analyst learns that phone number (Phone A) is being used by a suspected international terrorist (target). Phone A is the “specific selection term” or “selector” that will be submitted to the FISC (or the Attorney General in an emergency) for approval using the “reasonable articulable suspicion” (RAS) standard. Assume that one provider (provider X) submits a record showing Phone A called unique identifier Phone B – what is referred to as a “call event.” This is the “first hop.” In turn, assume that NSA submits the “first-hop” Phone B to the provider X, and finds that unique identifier was used to call another unique identifier Phone D. This is the “second-hop.” If the unique identifiers call one another multiple times, then multiple CDRs are produced and duplication occurs. Additionally, the government may receive multiple CDRs for a single call event. NSA may also submit the specific selection Phone A number to another provider (provider Y) who may have CDRs of the same call events."

You can read the report here: