The NSA Spying Numbers We Can’t See

While the nation's political reporters were waiting for this morning's Supreme Court ruling on the Affordable Care Act, the House Intelligence Committee reportedly voted unanimously, in a closed session, to approve a five-year extension of the controversial FISA Amendments Act. As I noted earlier this week, this is moving forward despite the National Security Agency's refusal to provide some extraordinarily basic information about the law's implementation—such as the number of Americans whose communications have been intercepted pursuant to this sweeping authority.

One odd thing about the NSA's claim that they are simply unable to provide such information is that it would seem to be impossible to comply with several of the FAA's safeguard provisions without some way of tracking this information. And indeed, as I reviewed the most recent publicly available report on the intelligence community's compliance with these procedures, I noted the following passage:

During the onsite visits to NSA, the team reviews NSA's [REDACTED] of Section 702-acquired data to verify compliance with minimization procedures. The team reviews all serialized reports based on Section 702-acquired data that NSA identifies as containing United States person information. The results of these reviews have been documented and included as attachments to the Section 707 Report. During this review period, the team also began to take a random sample of reports not identified by NSA to ensure that NSA was accurately identifying all reports containing United States person information.

Now, to be sure, what they're talking about here is reports and not acquisitions: From what we understand about how FISA surveillance generally works, NSA vacuums up an enormous amount of communications data, only a fraction of which ultimately is (or in practice ever could be) reviewed by human analysts to be written up, summarized, and disseminated to other agencies. But that figure is at least something, and would at least give us an inkling of how many Americans' communications have been reviewed by NSA personnel. Moreover, the same random sampling method could surely be used to determine, at least approximately, what proportion of the not-yet-reviewed intercepts concern Americans. Again, it's almost impossible to believe that an estimate is impossible to produce—as opposed to merely inconvenient for those who'd rather not risk rousing the public from a state of apathy about the scale of spying underway.

More generally, these reports contain a good deal of redacted statistical information that there is simply no plausible excuse for keeping secret. A table of "statistical data relating to compliance incidents," for example, is included—but entirely blacked out. Are we to believe that the national security of the United States would be imperiled if the public knew the number of times the NSA had difficulty following the law? The reviewers conclude that the "number of compliance incidents remains small, particularly when compared with the total amount of activity"—but is there any legitimate reason for barring the public from knowing what counts as a "small" number, or just how massive the "total amount of activity" truly is? For traditional, individually targeted FISA surveillance, this kind of aggregate information must be reported by law, and is made public as a matter of course—providing citizens with one of their only warning flags when secret surveillance increases dramatically. Aren't such numbers—whose publication clearly hasn't done anything to injure national security—even more important when the spying is no longer constrained by any obligation to seek individualized warrants?