NSA Spent Over $100 Million Collecting Nearly Useless Phone Metadata, Former Official Says

February 28, 2020 Updated: March 2, 2020
FONT BFONT SText size

The federal government spent more than $100 million on an NSA phone records collection program that produced almost nothing of value, according to a former official who led the analysis of the collected data at the FBI.

The program, which was started under the 2001 Patriot Act, allowed the NSA to collect from phone carriers the metadata for all phone calls, such as the calling and receiving numbers, the time, and duration of the call.

Bassem Youssef, a former special agent who had run the FBI’s Communications Analysis Unit from late 2004 until his retirement in late 2014, repeatedly explained to bureau leadership the issues with the program and repeatedly called for reform, but was ignored, he said.

After the program was exposed by former CIA employee Edward Snowden, the FBI audited it in 2014 and found that it produced only two moderately valuable leads for counterterrorism cases. In contrast, it resulted in many “false negatives and positives” as well as “collateral damage in terms of civil liberties,” Youssef said on investigative reporter John Solomon’s Just the News podcast.

McCabe, Comey Knew

Youssef said he talked to Andrew McCabe, FBI’s then-assistant director for counterterrorism who later became the bureau’s deputy director. He also talked to then-Director James Comey, presenting his ideas on how to make the program cheaper, more useful, and more privacy-minded.

His pleas fell on deaf ears, he said. McCabe was “adamant” the program was needed, while Comey was only interested in whether Youssef had a “problem or concerns with the statutory authority” for the program.

Attempts to reach McCabe and Comey for comment through their lawyers were unsuccessful. The Justice Department didn’t respond to a request for comment. The FBI declined to comment.

The program was eventually overhauled by Congress in the 2015 USA Freedom Act. But the reform made the program “less operationally valuable while augmenting the very privacy concerns it sought to lessen,” argued two members of the Privacy and Civil Liberties Oversight Board (PCLOB), which is tasked with overseeing the program’s privacy and civil liberties implications.

“The inescapable conclusion is that the program was a $100 million waste,” Travis LeBlanc, a cybersecurity and data privacy expert and one of the PCLOB members, said in a statement emailed to The Epoch Times.

3 Hops, But Restricted Search

Originally, the NSA collected all the metadata, but analysts needed special permission from select NSA officials to search the data for “identifiers,” such as phone numbers, for which they could put together a “reasonable articulable suspicion” that the number was associated with a specified terrorist group.

“NSA approved only about 300 query terms in 2012,” said LeBlanc and Edward Felten, head of Princeton’s Center for Information Technology Policy and also a PCLOB member.

If searching for a single identifier, the analysts were allowed to see the records of not only that one number, but also the records of all the numbers the original phone communicated with and the records of each of the numbers those phones communicated with. This was called a “three-hop rule.”

In the three years between 2006 and 2009, the NSA issued 277 intelligence reports based on the collected data.

2 Hops, But Mass Searches

Under the Freedom Act, the NSA only collected from phone carriers metadata on specific identifiers, plus one additional “hop” of metadata on all the numbers and phones the identifiers communicated with.

The collection was thus significantly reduced, but still captured more than 400 million data points on more than 19 million phone numbers in 2018.

Yet, the law nixed the restrictions on searching the database. In 2018, the data was searched for 164,682 identifiers associated with U.S. persons.

Because NSA analysts search all of their databases at once, some of those identifiers were irrelevant to the phone metadata collection program. Some could have been email addresses, for instance, the PCLOB noted in its February report released by The New York Times (pdf).

The reformed program proved even less useful. The NSA only produced 15 reports based at least partly on the data since 2015. Only once did the data prove useful enough to prompt an investigation. It was a “foreign intelligence” probe, as opposed to a criminal or counterterrorism one. Also, the useful data was discovered in the “first hop,” further undermining the utility of the “second hop,” which seems to be the main source of grief for privacy advocates.

“NSA stated that an intelligence program of similar duration and cost would be expected to produce thousands or tens of thousands of reports,” the PCLOB report said.

Unauthorized Data Collection

The program was plagued by compliance issues and repeatedly obtained records it wasn’t legally authorized to obtain.

In 2018, unable to filter what it wasn’t supposed to have, the NSA deleted all records obtained since 2015. In early 2019, the program was shut down “after balancing the program’s relative intelligence value, associated costs, and compliance and data integrity concerns,” said Dan Coats, then-director of national intelligence, in an August 2019 letter to lawmakers.

During its three years of operation since the reform, the program cost over $100 million, LeBlanc and Felten wrote in the PCLOB report.

“I do not believe that we have cost data for the years before 2016,” LeBlanc said via email.

Abuse

PCLOB said it found no abuse of the program and “determined that the compliance incidents were inadvertent, not willful.”

Youssef, however, said he had “very little doubt” the program “was used for political spying or political espionage” in light of the recent official confirmation of illegal surveillance of former Trump campaign adviser Carter Page in 2016 and 2017.

Page was surveilled by the FBI using four Foreign Intelligence Surveillance Act (FISA) warrants, at least two of which were so flawed as to render them invalid.

Youssef suspected “sort of the same type of situation” with the phone metadata program.

Reauthorization

The legal authority for the program is set to expire on March 15.

During a Nov. 6, 2019, hearing by the Senate Judiciary Committee, NSA official Susan Morgan acknowledged that “currently, absolutely the value does not outweigh the cost,” but still argued the program should be reauthorized, saying that the NSA would “want to have the agility to use it should it be valuable moving forward.”

Coats also supported reauthorization.

LeBlanc and Felten disagreed. In addition to the cost-value argument, “the program intruded on the privacy and civil liberties of millions of Americans who were not subjects of individualized suspicion,” they said.

Some Congress members have already voiced opposition to the reauthorization, including Rep. Jim Jordan (R-Ohio) and Sen. Mike Lee (R-Utah).

Follow Petr on Twitter: @petrsvab