Like so many of our favorite tech companies are doing lately, the NSA has released a “transparency” report. The scope of the report is to give us a better idea of just what the NSA was up to in 2013. Unfortunately, just like some of the other reports we see, it doesn’t give a lot of detail, and may not even be useful in many cases.
The number of National Security Letters, Federal Intelligence Surveillance Act (FISA) orders, and use of the FISA Business Records provision are shown. The report spans 12 months — all of 2013. The NSA chose to release this report on Tumblr (for some strange reason).
So just how much snooping did the NSA do? They executed 1,767 FISA orders, and 178 applications for business records under the FISA provision. Of those business provisions, 423 “selectors” were “queried under the NSA telephony metadata program”. The number 248 is also significant — that’s the number the NSA gives for “the number of known or presumed U.S. persons who were the subject of queries of information collected in bulk or who were subject to a business records application.”
We also learn the NSA issues 19,212 National Security Letters, and 38,832 requests for information. As cut-and-dry as it may seem, some aren’t happy. Google, for one, doesn’t think the report represents adequate data.
Director of Law Enforcement and Information Security for Google, Richard Selgado, commends the NSA for the report, but notes the difference between an “account” and “target” leads to further confusion:
The government reports in a manner that makes it impossible to compare its report with the report of companies, such as the Google Transparency Report. Specifically, the government has chosen to disclose an estimated number of “targets” that it has surveilled, rather than the number of “accounts” at issue. This means that where the “target” is an organization composed of many people, and the government uses FISA to require disclosure of information from many different providers about the many accounts used by those people, covering a broad array of services, it may only report that there was one target. By contrast, in our methodology, and that used by other companies, we each would count the number of accounts impacted by a particular surveillance request. The government could provide more meaningful transparency by specifying the number of accounts too.
The report was ordered by President Obama, who sought to give citizens more transparency in what the NSA was doing. It doesn’t give specifics, which we didn’t expect it would, but is also apparently inadequate as a reference tool.