Page 30 - pclob usa freedom
P. 30

TOP SECRET//SI//NOFORN


               it received more than 151 million CDRs from providers in 2016, 534 million CDRs in 2017, and
               434 million CDRs in 2018.  135
                       (U) NSA used these CDRs as part of its contact-chaining analysis.  NSA’s goal in contact
               chaining was to map an attacker’s (or potential attacker’s) network or find connections between
               the attacker and other individuals known to NSA. 136   To conduct contact chaining, an NSA
               analyst would use Tool 1 to query the internal metadata repository.  NSA estimated that NSA
               analysts used 22,360 such query terms associated with US persons to conduct such queries in
               2016, 31,196 in 2017, and 164,682 in 2018. 137   (Note, however, that some of these query terms
               were non-telephony identifiers that could not have returned CDRs.)  NSA used the results of
               these queries, combined with information from other sources, in intelligence reports.  These
               reports were disseminated to other US government agencies, including FBI, to assist their
               counterterrorism efforts.

                       (U) It is the Board’s impression that, when combatting terrorism, NSA felt it had to use
               all available authorities, including the CDR program.  This was done in case the data revealed an
               intelligence lead or a terrorist plot that otherwise would have been unknown.  However, NSA
               told the Board that traditional telephony metadata, like that obtained through the CDR program,
               was unlikely to show a suspected terrorist’s complete social network because it did not account
               for other modes of communication. 138   Further complicating matters, NSA was aware of data-
               integrity issues with the CDRs, which made them hesitant to rely solely on USA Freedom Act
               CDRs.  139

                       (S//NF) In measuring value, NSA often looks to the number of reports that is generated
               by a collection platform or methodology. 140   NSA issued relatively few reports based on CDRs
               collected under the USA Freedom Act.  Over a span of four years, NSA wrote and disseminated




               135  (U) 2018 Statistical Transparency Report at 30.  These numbers include duplicates.
               136  (U) NSA briefing to the Board (May 23, 2019).
               137  (U) 2018 Statistical Transparency Report at 31.  The intelligence community’s annual statistical transparency
               report includes an estimate of the number of search terms associated with a US person used to query USA Freedom
               Act CDR data.  It is likely, however, that these numbers overstate NSA analysts’ “true” queries of information
               concerning a US person because NSA analysts group query terms together to run against multiple repositories that
               the analyst is authorized to query.  The result is that a query containing a large amount of non-telephony metadata
               could be run against NSA’s USA Freedom Act CDR holdings, along with data collected under other authorities
               more relevant to the analysis.  Each of those query items would count in the numbers reported in the annual
               Statistical Transparency Reports, even though some queries would not conceivably return USA Freedom Act CDRs.
               138  (U) NSA briefing to the Board (May 23, 2019).
               139  (U) NSA briefing to the Board (May 23, 2019).

               140  (U) NSA briefing to the Board (May 23, 2019).

                                                             27


                                                TOP SECRET//SI//NOFORN
   25   26   27   28   29   30   31   32   33   34   35