Editor’s note: This post first appeared on Lawfare.
New Statistics Confirm the Continuing Decline in the Use of National Surveillance Authorities
April is “reporting season” regarding the annual activities of the U.S. intelligence community under the Foreign Intelligence Surveillance Act (FISA) with both the Office of the Director of National Intelligence (ODNI) releasing its Annual Statistical Transparency Reportand the Administrative Office of the United States Courts (AOUSC) sending its mandated report on the activities of the Foreign Intelligence Surveillance Court (FISC) to Congress. A third annual report from the Department of Justice, as required by § 107 of FISA, was transmitted to Congress on April 29. In this post, I will explore details of these three reports and offer my analysis on the broader trends under FISA.
What Do the Numbers Show?
The results presented in each of the reports for calendar year (CY) 2021 activities reflect a continuing decline in the use of national surveillance authorities that began in CY 2019 and has accelerated in each of the past two years. As reflected in Table 1, the decline covers both the number of orders issued by the FISC as well as the number of targets covered by those orders, and each figure represents the smallest use of the surveillance authorities provided in FISA since the ODNI began releasing its annual statistical reports in 2014.
Table 1. FISA Orders Issued Under Title I, Title III, and Sections 703 and 704
(Orders and Targets)
A somewhat broader picture of the use of all of the national surveillance authorities available through FISA appears in the CY 2021 statistics released by the AOUSC reflecting the activities of the FISC (Table 2). The court’s workload addressing government applications for electronic surveillance and physical search authority are captured in those columns showing electronic surveillance only (47), physical search only (25), the more prevalent case of applications seeking authorization for both surveillance and physical search authority (319), and applications under FISA § 704 (42) requesting authority to conduct collection overseas targeting a U.S. person reasonably believed to be located outside the U.S. under circumstances in which the person has a reasonable expectation of privacy and a warrant would be required if the acquisition were conducted in the U.S. for law enforcement purposes. Cumulatively, these four categories within the FISC statistics total 433 applications, which, after discounting the three applications seeking combined electronic surveillance/physical search authority that were denied by the FISC, produces the same total of 430 FISC orders documented in the 2022 Statistical Transparency Report.
Table 2. CY 2021 Activities of the FISC Regarding Requests for Electronic Surveillance Only (§ 1805), Physical Search Only (§ 1824), Combined Requests for Electronic Surveillance and Physical Search (§§ 1805/1824), and Pen Registers (§ 1842)
|Applications or Certifications
|Orders Denied in Part
|Applications or Certifications Denied
|§ 1805 only
|§ 1824 only
|§§ 1805 and 1824
Reflecting another trend, the FISC statistics also show that the court received 13 applications seeking to obtain business records under the authority provided in § 1861 of FISA. This total represents the smallest number of applications seeking business records and tangible things submitted to the FISC since the AOUSC began publicly releasing such statistics at the end of CY 2015 (Table 3).
Table 3. Applications for Business Records and Tangible Things (FISA §1861)
One explanation for the decline mentioned above almost certainly lies in the changing standards that now apply for obtaining business records since Congress allowed the broader version of this surveillance authority, as expanded by the USA Patriot Act in 2001, to expire on March 15, 2020. Now, those broader Patriot Act standards can be employed only with respect to acquiring records for an investigation initiated or an offense occurring before the standards expired. In those investigations, the government can continue to apply to the FISC for an order to obtain “any tangible thing” that is “relevant” to (a) “an investigation to obtain foreign intelligence information not concerning a United States person or” (b) “to protect against international terrorism or clandestine intelligence activities.” Such business record requests for tangible things may include books, records (for example, electronic communications transactional records), papers, documents and other items; the bulk acquisition of records, however, is prohibited and a business record order must identify a “specific selection term” to narrow the scope of the collection.
For investigations initiated on or after March 15, 2020, however, or for those that are not investigating offenses that began or occurred before that date, the broader Patriot Act version of FISA § 1861 is no longer available and the narrower statutory language limits the government to seeking only records from common carriers (for example, an airline or a bus company, not a telecommunications company), public accommodation facilities (for example, hotels), physical storage facilities and vehicle rental facilities. Moreover, instead of the more flexible standard of “relevance” to the investigation, the government must also provide specific and articulable facts giving reason to believe that the person to whom the records pertain is either a foreign power or an agent of a foreign power.
Finally, the separate authority provided in §1861 (and modified by the USA Freedom Act in 2015) permitting the government to acquire call detail records (CDRs) also expired in March 2020. The expiration of this CDR authority, coupled with the National Security Agency’s (NSA’s) August 2019 suspension of its use of that authority (and concomitant deletion of all previously acquired CDRs), means that there are no longer any statistics reported for this surveillance authority in the ODNI’s AnnualStatistical Transparency Report.
The reversion to the narrower scope of § 1861 precipitated by Congress’s failure to extend its broader provisions in March 2020, combined with NSA’s suspension of the CDR program, has seen the use of this national surveillance authority decline by nearly 90 percent within the past five years.
The Robust Use of FISA Section 702 Continues
One surveillance authority that has not seen the reductions reflected in FISA Title I (electronic surveillance), Title III (physical search) and Title V (business records and tangible things) applications is the collection activity conducted under the authority of FISA § 702. Since § 702 permits the FISC to approve the collection authority sought in a § 702 certification for periods of up to one year, the government generally submits, and the FISC considers, only one or two certifications per year. Consequently, a more informative source for the scope of the collection activity conducted under § 702 is probably best captured in the number of reported § 702 targets. After a slight dip in CY 2020, the number of targets rose again in CY 2021 to 232,432—the largest number since the ODNI began reporting § 702 targeting statistics in 2014 (Table 4).
Table 4. FISA Section 702 Targets
A frequently contentious corollary of the § 702 program is the use of U.S. person query terms to retrieve the unminimized content it collects. As depicted in Table 5, the use of those U.S. person query terms generally has tracked the increases in the number of § 702 targets. In past Statistical Transparency Reports, however, the figures disclosed only the number of queries initiated by NSA, CIA and the National Counterterrorism Center (NCTC).
Table 5. U.S. Person Query Terms Used to Query Section 702 Content
(Estimated Number of Search Terms Concerning a Known U.S. Person Used to Retrieve Unminimized Content Collected Under Section 702)
In recent years, however, the release of redacted FISC opinions addressing the court’s review of § 702 certifications has shown that the number of queries run by the FBI against unminimized § 702 content dwarfs those executed by the NSA, CIA and NCTC. In its November 2020 opinion addressing the government’s requested renewal of the § 702 collection authority, the FISC expanded its own reporting requirement to include the number of U.S. person queries run by the FBI against § 702-acquired information. Further, according to the 2022 Statistical Transparency Report, FBI systems now allow for the capture of this information. Table 6 includes the numbers for this information since 2019. For the first time, the most recent report included these numbers.
Table 6. FBI U.S. Person Queries
|FISA Section 702
|Estimated number of U.S. person queries of unminimized Section 702 contents and noncontents for foreign intelligence information and/or evidence of a crime
|Fewer than 1,324,057
|Fewer than 3,394,053
The methodology and parameters used to produce these FBI statistics are somewhat arcane—the most recent Statistical Transparency Reportdevotes four pages to explaining them. For CY 2021, the FBI reported, for the first time, on a specific number of large “batch” queries—a term describing the FBI’s practice of running multiple query terms at the same time using a common justification for all the query terms. In the report, the FBI revealed that the batch queries relating to attempts to compromise U.S. critical infrastructure by foreign cyber actors accounted for a significant fluctuation. According to the FBI, these batch queries—which included approximately 1.9 million query terms—related to potential victims, including U.S. persons, represented the vast majority of the increase in U.S. person queries conducted by the FBI over the prior year.
By any standard of measurement, however, it is apparent that the FBI’s querying of unminimized § 702 content exceeds the cumulative querying totals of the NSA, CIA and NCTC by a considerable amount. This is a reflection, at least in part, of the FBI’s unique role in both foreign counterintelligence and law enforcement. But critics have long insisted that the FBI accesses the content collected under the warrantless § 702 program for law enforcement purposes using so-called back door searches. Feeding those suspicions is the fact that, despite Congress adding a requirement in its January 2018 reauthorization of § 702 mandating that the FBI obtain an order from the FISC (a § 702(f)(2)(A) order) to query § 702 content where the query is for law enforcement purposes in an investigation not related to the national security, the FBI has never actually sought such an order. This year’s report, however,identifies four instances—reported as compliance incidents to the FISC—when agents looked at such material without the required order.
Not surprisingly, the notable absence of any request for a § 702(f)(2)(A) order and the general opacity of the FBI’s query numbers did not escape the attention of § 702 critics like Sen. Ron Wyden, who called the “astronomical number” of FBI queries “either highly alarming or entirely meaningless.” It is reasonably certain that the FBI’s querying practices, a recurring bone of contention for § 702 critics, will continue to be a point of interest both to the FISC and to Congress when § 702 comes up for reauthorization as its Dec. 31, 2023, expiration date approaches.
What Do the Numbers Mean?
Given that the number of applications, orders and targets under Titles I, III and V have now decreased each year since 2018, and that those declines have accelerated in the past two years, what factors might account for this reduced activity? In commenting on the decline reflected in the FISA statistics for CY 2020, representatives from the ODNI pointed to the impact of the global coronavirus pandemic, noting that, while the number of surveillance targets fluctuates from year to year for operational, technological and other reasons, the decline in 2020 may have been due to an overall reduction in both global travel and mass gatherings, which in the past may have presented opportunities for large-scale attacks. In fact, in commenting on the FISA statistics for CY 2021 found in the 2022Statistical Transparency Report,ODNI representatives said, “The Covid-19 pandemic likely influenced target behavior—as it did last year—and those changes were one of the factors influencing the numbers this year” while also acknowledging that the drop could be partly attributed “to the changing nature of the threat from certain international terrorism groups during this time period.”
While some of the decline in the FISA statistics may be attributable to coronavirus-induced changes in the habits of certain international threats, the overall multipolar threat environment remains alarmingly menacing. The recently issued 2022 Annual Threat Assessment of the U.S. Intelligence Communityreported that, “[i]n the coming year, the United States and its allies will face an increasingly complex and interconnected global security environment marked by the growing specter of great power competition and conflict, while collective, transnational threats to all nations and actors compete for our attention and finite resources.” So it appears that the decline in the use of FISA surveillance authorities is not due to any lasting abatement in national security threats and, long term, is likely to be situational rather than enduring.
Finally, although senior law enforcement officials expressed uncertainty about whether the fallout from a 2019 Justice Department inspector general report uncovering flaws in FBI FISA applications to wiretap a former Trump campaign adviser has been a factor in the declining FISA numbers, it is hard to imagine that part of the decline is attributable to fewer FBI FISA applications. For example, while FISA applications generally increased from FISA’s passage in 1978 through 2000, the number of applications soared after the 9/11 attacks—more than doubling from 2001 to 2005—coinciding with the FBI’s increased emphasis on counterterrorism. As recently as 2017, the FISC issued over 1,400 orders approving electronic surveillance and/or physical searches. In the year following the 2019 release of the Justice Department inspector general’s report, however, when the FBI, on its own initiative and in response to directives issued by the FISC and the Justice Department, initiated extensive internal reforms in its FISA application and review process, FISA applications dropped by over 40 percent and have continued to decline to the current level of 430 orders. Over that same time span, FISC denials, in whole or in part, of applications for electronic surveillance and/or physical search authority dropped from 53 to 24. Intuitively, some portion of the drop in the number of FISA applications denied, in whole or in part, by the FISC is indicative of the smaller number of applications making their way to the FISC as a result of the FBI’s more rigorous vetting process.
Consequently, while officials insist that no study has been undertaken to ascertain whether FBI agents are more reluctant to use FISA, it seems plausible that the decline is, at least in part, attributable to an FBI process that has implemented significant reforms specifically designed to improve accuracy, add review and oversight, and repair the FBI’s reputation with the FISC.
By the time next April’s FISA reporting season rolls around, Congress is likely to be in the early stages of the FISA § 702 reauthorization process. What those CY 2022 numbers say, particularly with respect to the FBI querying of § 702 data, may have a sizable impact on that reauthorization process. Whether the recent trend of declining overall usage of FISA surveillance authorities continues remains to be seen.
George Croner is a former principal litigation counsel at the National Security Agency. He is a senior fellow at the Foreign Policy Research Institute, and a member of the Advisory Council at the Center for Ethics and the Rule of Law (CERL) at the University of Pennsylvania.
The opinions expressed in this post are those of the authors and do not necessarily represent CERL’s official views.