Brass Balls Blog has a post up about this February report by the Privacy And Civil Liberty Board's assessment of NSA's collection & use of phone records that gives a bit of the scope of what 2 hop surveillance gathers studying 14 FISA warrants under the USA Freedom Act.
I have covered before that the NSA stopped this program & deleted the data last year, looks like it was in response to what this audit of the program was finding. This statute applied strictly to terrorists who might be working for foreign powers. 
This is a victory in a long running effort to end the overly broad collection of phone records. Going back to at least 2004. Which resulted in this narrower law USA Freedom Act to apply to terrorists. Only 14 FISA warrants issued under the statute in 2018.
Law was passed in 2015 as other authorities to collect bulk phone call data were finally taken away after a decade long fight over the Patriot Act. Constitutional authority was claimed as the record of phone calls were not yours & private, but phone company business records.
Look at that data closely. 14 FISA's under this statute lead to collecting 19 million phone numbers making 434 million phone calls (including duplicates). That's more than 1.2 million phone numbers per FISA within 2 hops.
Can you imagine who would make the list of 1.2 million phone numbers within 2 hops of @carterwpage? Almost everyone in DC politics, London, Moscow, NYC energy circles, the list would be a double edged sword for data mining...
Before you over react to this, remember this is 14 terrorist suspect FISA's in 2018 under the Trump Admin. So in 2018 this authority was not being abused & was legal.
I suspect the redactions cover agents of foreign powers & foreign powers, which may covered under other authority
I suspect the redactions cover agents of foreign powers & foreign powers, which may covered under other authority
The reporting from 2015-2019 out of this program lead to 15 intelligence reports on terrorism issues. But they point to only 2 direct cases where information helped in a case. One to clear a suspect, one looks like they identified other contacts that mattered.
NSA ended the program in early 2019 due to repeated compliance issues with the data collection that involved 12 notices to the FISA court about minimization & compliance issues. We will look at what problems they had...
The deletion was not a cover up, but protecting the privacy of those collected. In fact, they kept the data that was used in intelligence reporting & 'mission management related' data. Which means they kept the #receipts to prove what was accessed by whom...
What problems did the NSA report to FISC?
Missing information from FISA applications.
Access by untrained NSA personnel.
& most interestingly data provided by the phone companies AFTER the FISA expired.
So they sometimes kept reporting data even when the FISA expired!
Missing information from FISA applications.
Access by untrained NSA personnel.
& most interestingly data provided by the phone companies AFTER the FISA expired.
So they sometimes kept reporting data even when the FISA expired!
Other problems included bad databases & information, including running second hops off of inaccurate data gathered in first hop errors.
The Board found no intentional misconduct on the part of Admiral Rogers' NSA, so that is a good sign...
Some good review in here on how the program worked pre-Patriot Act & initially under the Patriot Act.
This 90 day order is what Comey, Mueller, Wray & others attempted to stop in 2014 to end this program which they felt was illegal.
This 90 day order is what Comey, Mueller, Wray & others attempted to stop in 2014 to end this program which they felt was illegal.
Sorry about the typo above, that effort to stop the program was 2004 not 2014.
Initially these programs allowed for 3 hops in data collection from a terrorist suspect or other agent of a foreign power.
This board's previous report in 2014, lead to many reforms in an effort to scale back the program. Including an Obama order limiting the NSA to 2 hops.
In 2015, the USA Freedom Act restricted bulk collection related to terrorism suspects, I am not certain that the same restrictions applied to agents of Foreign Powers under other provisions of FISA. We see a repeat of some of these changes in the bill pending now.
I believe the new language prohibits considering phone records, GPS & tower location data to no longer be "business records" but "electronic surveillance" meaning they require probable cause not reasonable suspicion to collect.
Still can't wait to see if the IP address for the Trump Tower Starbucks shows up as one of the specific selection terms used to gather information under Carter Page's FISA!
The expiration of FISA authority would remove many of the statutory limits placed upon FISA usage & data collection that were imposed since the passage of the Patriot Act went too far.
It would make it harder to get authority on homegrown & lone wolf type terrorists. They would not be able to get the Orlando or San Bernadino shooter's phone records without first having probable cause that they were agents of foreign powers not just inspired by jihadists.
