STATISTICAL TRANSPARENCY REPORT  REGARDING USE OF NATIONAL SECURITY AUTHORITIES                                               FOR CALENDAR YEAR 2016    April 2017    Introduction    In June 2014, the Director of National Intelligence (DNI) began releasing statistics relating to the  use of critical national security authorities, including the Foreign Intelligence Surveillance Act  (FISA), in an annual report called the Statistical Transparency Report Regarding Use of National  Security Authorities (hereafter the Annual Statistical Transparency Report). Subsequent Annual  Statistical Transparency Reports were released in 2015 and 2016.    On June 2, 2015, the USA FREEDOM Act was enacted, codifying a requirement to publicly report  many of the statistics already reported in the Annual Statistical Transparency Report. The Act  also expanded the scope of the information included in the reports by requiring the DNI to  report information concerning United States person search terms and queries of certain FISA‐ acquired information, as well as specific statistics concerning information collected pursuant to  call detail records. See 50 U.S.C. § 1873(b).      Today, consistent with the USA FREEDOM Act requirements to release certain statistics  (codified in 50 U.S.C. § 1873(b)) and the Intelligence Community’s (IC) Principles of Intelligence  Transparency, we are releasing our fourth Annual Statistical Transparency Report presenting  statistics on how often the government uses certain national security authorities.     This fourth report has been reformatted to provide a description of the statistics being  reported. Related definitions and additional context to the statistics included in this report are  provided throughout. The order in which the statistics are presented remains consistent with  last year’s report and follows the order set forth in 50 U.S.C. § 1873(b).      Additional public information on national security authorities is available at the Office of the  Director of National Intelligence’s (ODNI) website, www.dni.gov, and ODNI’s public tumblr site,  IContheRecord.tumblr.com.        FISA Title I ‐‐ Title III ‐‐ Title VII Sections 703 & 704     All of these authorities require individual court orders based on probable cause.       Titles I and III apply to FISA activities directed against persons within the United  States.     Sections 703 and 704 apply to FISA activities directed against U.S. persons  outside the United States.    Both FISA Title I and FISA Title III require a probable cause court order to target individuals  within the United States regardless of U.S. person status. Under FISA, Title I permits electronic  surveillance and Title III permits physical search in the United States of foreign powers or  agents of a foreign power for the purpose of collecting foreign intelligence information. See 50  U.S.C. §§ 1804 and 1823. Title I (electronic surveillance) and Title III (physical search) are  commonly referred to as “Traditional FISA.” Both require that the Foreign Intelligence  Surveillance Court (FISC) make a probable cause finding, based upon a factual statement in the  government’s application, that (i) the target is a foreign power or an agent of a foreign power,  as defined by FISA and (ii) the facility being targeted for electronic surveillance is used by or  about to be used, or the premises or property to be searched is or is about to be owned, used,  possessed by, or is in transit to or from a foreign power or an agent of a foreign power. In  addition to meeting the probable cause standard, the government’s application must meet the  other requirements of FISA. See 50 U.S.C. §§ 1804(a) and 1823(a).      FISA Title VII Sections 703 and 704 similarly require a court order based on a finding of  probable cause for the government to undertake FISA activities targeting U.S. persons located  outside the United States. Section 703 applies when the government seeks to conduct  electronic surveillance or to acquire stored electronic communications or stored electronic  data, in a manner that otherwise requires an order pursuant to FISA, of a U.S. person who is  reasonably believed to be located outside the United States. Section 704 applies when the  government seeks to conduct collection overseas targeting a U.S. person reasonably believed to  be located outside the United States under circumstances in which the U.S. person has a  reasonable expectation of privacy and a warrant would be required if the acquisition were  conducted in the United States. Both Sections 703 and 704 require that the FISC make a  probable cause finding, based upon a factual statement in the government’s application, that  2    the target is a U.S. person reasonably believed to be (i) located outside the United States and  (ii) a foreign power, agent of a foreign power, or officer or employee of a foreign power;  additionally, the government’s application must meet the other requirements of FISA. See 50  U.S.C. §§ 1881b(b) and 1881c(b).       U.S. Person. As defined by Title I of FISA, a U.S. person is “a citizen of the United States  or an alien lawfully admitted for permanent residence (as defined in section 101(a)(20)  of the Immigration and Nationality Act), an unincorporated association with a  substantial number of members of which are citizens of the United States or aliens  lawfully admitted for permanent residence, or a corporation which is incorporated in  the United States, but does not include a corporation or an association which is a  foreign power, as defined in [50 U.S.C. § 1801(a)(1), (2), or (3)].” 50 U.S.C. § 1801(i).  Section 602 of the USA FREEDOM Act, however, uses a narrower definition. Since the  broader Title I definition governs how U.S. person queries are conducted pursuant to  the relevant minimization procedures, it will be used throughout this report.     Target. Within the IC, the term “target” has multiple meanings. With respect to the  statistics provided in this report, the term “target” is defined as the individual person,  group, entity composed of multiple individuals, or foreign power that uses the selector  such as a telephone number or email address.     The role of the FISC. If the FISC finds that the government’s application meets the requirements  of FISA and the Constitution, the FISC must issue an order approving the requested authority.        Types of Orders. There are different types of orders that the FISC may issue in  connection with FISA cases, for example: orders granting or modifying the government’s  authority to conduct intelligence collection; orders directing electronic communication  service providers to provide any technical assistance necessary to implement the  authorized intelligence collection; and supplemental orders and briefing orders  requiring the government to take a particular action or provide the court with specific  information.      Amendments and Renewals. The FISC may amend an order one or more times after it  has been issued. For example, an order may be amended to add a newly discovered  account used by the target. This report does not count such amendments separately.    The FISC may renew some orders multiple times during the calendar year. Each  authority permitted under FISA has specific time limits for the FISA authority to continue  (e.g., a Section 704 order against a U.S. person target may last no longer than 90 days  3    but FISA permits the order to be renewed, see 50 U.S.C. § 1881c(c)(4)). Each renewal  requires a separate application submitted by the government to the FISC and a finding  by the FISC that the application meets the requirements of FISA. Thus, unlike  amendments, this report does count each such renewal as a separate order. These  terms will be used consistently throughout this report.    FISA “Probable Cause” Court Orders and Targets  Titles I and III and Sections 703 and 704 of FISA     CY2013  CY2014 CY2015  CY2016  Total number of orders   1,767  1,519  1,585  1,559  Estimated* number of targets of such orders  1,144  1,562  1,695  1,687  See 50 U.S.C. § 1873(b)(1).   *Throughout this report, when numbers are estimated, the estimate comports with the  statutory requirements to provide a “good faith estimate” of a particular number.     How targets are counted. If the IC received authorization to conduct electronic surveillance  and/or physical search against the same target in four separate applications, the IC would count  one target, not four. Alternatively, if the IC received authorization to conduct electronic  surveillance and/or physical search against four targets in the same application, the IC would  count four targets. Duplicate targets across authorities are not counted.     FISA “Probable Cause” Targets – U.S. Persons*   Titles I and III  and Sections 703 and 704 ‐‐ Targets                   Estimated number of targets who are non‐U.S. persons  Estimated number of targets who are U.S. persons  Estimated percentage of targets who are U.S. persons  CY2016  1,351   336  19.9%  *While not statutorily required to publicly provide these statistics, the IC is providing them  consistent with the commitment to its Principles of Intelligence Transparency.    4    Title VII ‐ FISA Amendment Act (FAA) Section 702   Commonly referred to as “Section 702.”     Requires individual targeting determinations that the target is (1) a non‐United States  person who (2) is reasonably believed to be located outside the United States and who  (3) has or is expected to communicate or receive foreign intelligence information.   Section 702. Title VII of FISA includes Section 702, which permits the Attorney General and the  DNI to jointly authorize the targeting of (i) non‐U.S. persons reasonably believed to be (ii)  located outside the United States to (iii) acquire foreign intelligence information. See 50 U.S.C.   § 1881a. All three elements must be met. Additionally, Section 702 requires that the Attorney  General, in consultation with the DNI, adopt targeting procedures and minimization procedures  that they attest satisfy the statutory requirements and are consistent with the Fourth  Amendment.       Section 702 Targets and “Tasking.” Under Section 702, the government “targets” a  particular non‐U.S. person, group, or entity reasonably believed to be located outside  the United States and who possesses, or who is likely to communicate or receive,  foreign intelligence information, by directing an acquisition at – i.e., “tasking” –  selectors (e.g., telephone numbers and email addresses) that are assessed to be used by  such non‐U.S. person, group, or entity, pursuant to targeting procedures approved by  the FISC.      Before “tasking” a selector for collection under Section 702, the government must apply its  targeting procedures to ensure that the IC appropriately tasks a selector used by a non‐U.S.  person who is reasonably believed to be located outside the United States and who will likely  possess, communicate, or receive foreign intelligence information.      The FISC’s role. Under Section 702, the FISC determines whether certifications provided jointly  by the Attorney General and the DNI appropriately meet all the requirements of Section 702. If  the FISC determines that the government’s certifications and its targeting and minimization  procedures meet the statutory requirements of Section 702 and are consistent with the Fourth  Amendment, then the FISC issues an order and supporting statement approving the  certifications. A recent FISC order and statement approving certifications was publicly released  in April 2016 and posted on IC on the Record.    5     Certifications. The certifications are jointly executed by the Attorney General and DNI  and authorize the government to acquire foreign intelligence information under Section  702. Each annual certification application package must be submitted to the FISC for  approval. The package includes the Attorney General and DNI’s certifications, affidavits  by certain heads of intelligence agencies, targeting procedures, and minimization  procedures. A sample of a certification application package was publicly released on IC  on the Record. The certifications identify categories of information to be collected,  which must meet the statutory definition of foreign intelligence information, through  the targeting of non‐U.S. persons reasonably believed to be located outside the United  States. The certifications have included information concerning international terrorism  and other topics, such as the acquisition of information concerning weapons of mass  destruction.    Targeting procedures. The targeting procedures detail the steps that the government  must take before tasking a selector, as well as verification steps after tasking, to ensure  that the user of the tasked selector is being targeted appropriately – specifically, that  the user is a non‐U.S. person, located outside the United States, who is being tasked to  acquire foreign intelligence information. The IC must make individual determinations  that each tasked selector meets the requirements of the targeting procedures. As part  of the certification package, the FISC reviews the sufficiency of the IC’s targeting  procedures, which includes assessing the IC’s compliance with the procedures.      Minimization procedures. The minimization procedures detail requirements the  government must meet to use, retain, and disseminate Section 702 data, which include  specific restrictions on how the IC handles non‐publicly available U.S. person  information acquired from Section 702 collection of non‐U.S. person targets, consistent  with the needs of the government to obtain, produce, and disseminate foreign  intelligence information. As part of the certification package, the FISC reviews the  sufficiency of the IC’s minimization procedures, which includes assessing the IC’s  compliance with past procedures. The 2015 minimization procedures have been  released on IC on the Record.    The IC’s adherence to the targeting and minimization procedures is subject to robust internal  agency oversight and to rigorous external oversight by the Department of Justice (DOJ), ODNI,  Congress, and the FISC. Every identified incidence of non‐compliance is reported to the FISC  (through individual notices or in reports) and to Congress in semiannual reports. DOJ and ODNI  also submit semiannual reports to Congress that assess the IC’s overall compliance efforts. Past  assessments have been publicly released.   6    Section 702 Orders  Section 702 of FISA                         CY2013  CY2014  1  1  Total number of orders issued  CY2015  1  CY2016  0  See 50 U.S.C. § 1873(b)(2).    Counting Section 702 orders. As explained above, the FISC may issue a single order to approve  more than one Section 702 certification to acquire foreign intelligence information.     Note that, in its own transparency report, which is required pursuant to 50 U.S.C. § 1873(a), the  Director of the Administrative Office of the United States Courts (AOUSC) counted each of the  Section 702 certifications associated with the FISC’s order. Because the number of the  government’s Section 702 certifications remains a classified fact, the government requested  that the AOUSC redact the number of certifications from its transparency report prior to  publicly releasing it.    In 2016, the government submitted a certification application to the FISC. Pursuant to 50 U.S.C.  § 1881a(j)(2), the FISC extended its review of the 2016 certifications. The FISC may extend its  review of the certifications “as necessary for good cause in a manner consistent with national  security.” See 50 U.S.C. § 1881a(j)(2). Thus, because the FISC did not complete its review of the  2016 certifications during calendar year 2016, the FISC did not issue an order concerning those  certifications in calendar year 2016. The 2015 order remained in effect during the extension  period.    Section 702 Targets*  Section 702 of FISA                            CY2013  Estimated number of targets of such orders         89,138  CY2014  CY2015  CY2016  92,707  94,368  106,469  *While there is no statutory requirement to disclose this number, it is provided in this report to  foster public understanding of the IC’s use of the Section 702 collection authority. The IC is  committed to sharing as much information as possible with the public without jeopardizing  mission capabilities.     Estimating Section 702 targets. The number of 702 “targets,” provided above, reflects an  estimate of the number of non‐United States persons who are the users of tasked selectors.  This estimate is based on information readily available to the IC. Unless and until the IC has  information that links multiple selectors to a single foreign intelligence target, each individual  7    selector is counted as a separate target for purposes of this report. On the other hand, where  the IC is aware that multiple selectors are used by the same target, the IC counts the user of  those selectors as a single target. This counting methodology reduces the risk that the IC might  inadvertently understate the number of discrete persons targeted pursuant to Section 702.    Section 702 Search Terms Used to Query Content  Section 702 of FISA                                   Estimated number of search terms concerning a  known U.S. person used to retrieve the unminimized  contents of communications obtained under Section  702 (excluding search terms used to prevent the  return of U.S. person information)*   CY2015  CY2016  4,672   5,288         See 50 U.S.C. § 1873(b)(2)(A).   *Consistent with § 1873(d)(2)(A), this statistic does not include queries that are conducted by  the Federal Bureau of Investigation (FBI).    The above is the good faith estimate of the number of search terms (e.g., email addresses and  telephone numbers,) concerning known U.S. persons that the government used to query  unminimized (i.e., raw) lawfully acquired Section 702 content.     Counting U.S. person search terms used to query Section 702 content. The National Security  Agency (NSA) counts the number of U.S. person identifiers it uses to query the content of  unminimized Section 702‐acquired information. For example, if the NSA used U.S. person  identifier “johndoe@XYXprovider” to query the content of Section 702‐acquired information,  the NSA would count it as one regardless of how many times the NSA used  “johndoe@XYXprovider” to query its 702‐acquired information. In calendar year 2016, the  Central Intelligence Agency (CIA) adopted this same model for counting search terms. In prior  calendar years, however, the CIA counted the total number of actual queries it conducted using  U.S. person identifiers. For example, if the CIA used the identifier “johndoe@XYXprovider” 7  times, in prior years the CIA would count this as 7 search terms. Now, CIA the counts this as a  single search term.              8    Section 702 Queries of Noncontents  Section 702 of FISA                             CY2013  Estimated number of queries concerning a  known U.S. person of unminimized  noncontents information obtained under  Section 702 (excluding queries containing  information used to prevent the return of U.S.  person information)*  9500  CY2014  CY2015  CY2016  17,500   23,800  30,355    See 50 U.S.C. § 1873(b)(2)(B).   *Consistent with § 1873(d)(2)(A), this statistic does not include queries that are conducted by  the FBI.    The above is a good faith estimate of the number of queries concerning a known U.S. person  that the government conducted of unminimized (i.e., raw) lawfully acquired Section 702   metadata.   Counting queries using U.S. person identifiers of noncontents collected under Section 702.  This estimate represents the number of times a U.S. person identifier is used to query the  noncontents (i.e., metadata) of unminimized Section 702‐acquired information.  For example, if  the U.S. person identifier telephone number “111‐111‐2222” was used 15 times to query the  noncontents of Section 702‐acquired information, the number of queries counted would be 15.     As with last year’s transparency report, one IC element remains currently unable to provide the  number of queries using U.S. person identifiers of unminimized Section 702 noncontent  information. Under 50 U.S.C. § 1873(d)(3)(A), if the DNI concludes that this good‐faith estimate  cannot be determined accurately because not all of the relevant elements of the IC are able to  provide this good faith estimate, then the DNI is required to (i) certify that conclusion in writing  to the relevant Congressional committees; (ii) report the good faith estimate for those relevant  elements able to provide such good faith estimate; (iii) explain when it is reasonably anticipated  that such an estimate will be able to be determined fully and accurately; and (iv) make such  certification publicly available on an Internet web site. Because one IC element remains unable  to provide such information, the DNI made a certification, pursuant to § 1873(d)(3)(A) to the  relevant Congressional committees.     As required by statute, this certification is being made publicly available as an attached  appendix to this current report (see Appendix A).    9    Required Section 702 Query Reporting to the FISC  Section 702 of FISA                                                     Per the FISC Memorandum Opinion and Order dated November 6, 2015:   Each instance in which FBI personnel received and reviewed Section 702‐ acquired information that the FBI identified as concerning a U.S. person in  response to a query that was designed to return evidence of a crime  unrelated to foreign intelligence.  CY2016    1    On November 6, 2015, the FISC granted the government’s application for renewal of the 2015  certifications and, among other things, concluded that the FBI’s U.S. person querying provisions  in its minimization procedures, “strike a reasonable balance between the privacy interests of  the United States persons and persons in the United States, on the one hand, and the  government’s national security interests, on the other.” Memorandum Opinion and Order dated  November 6, 2015, at 44 (released on IC on the Record on April 19, 2016). The FISC further  stated that the FBI conducting queries, “designed to return evidence of crimes unrelated to  foreign intelligence does not preclude the Court from concluding that taken together, the  targeting and minimization procedures submitted with the 2015 Certifications are consistent  with the requirements of the Fourth Amendment.” Id.      Nevertheless, the FISC ordered the government to report in writing, “each instance after  December 4, 2015, in which FBI personnel receive and review Section 702‐acquired information  that the FBI identifies as concerning a United States person in response to a query that is not  designed to find and extract foreign intelligence information.” (Emphasis added). Id. at 44 and  78. The FISC directed that the report contain details of the query terms, the basis for  conducting the query, the manner in which the query will be or has been used, and other  details. Id. at 78. In keeping with the IC’s Principles of Transparency, the DNI declassified the  number of each instance such queries occurred in calendar year 2016.       10    ADDITIONAL SECTION 702 STATISTICS   PROVIDED IN   RESPONSE TO PCLOB RECOMMENDATION 9(5)    In July 2014, the Privacy and Civil Liberties Oversight Board (PCLOB or Board) issued a report on  Section 702 entitled, “Report on the Surveillance Program Operated Pursuant to Section 702 of  the Foreign Intelligence Surveillance Act” (PCLOB’s Section 702 Report), which contained 10  recommendations. Recommendation 9 focused on “accountability and transparency,” noting  that the government should implement measures, “to provide insight about the extent to  which the NSA acquires and utilizes the communications involving U.S. persons and people  located in the United States under the Section 702 program.” PCLOB’s Section 702 Report at  145‐146. Specifically, the PCLOB recommended that “the NSA should implement processes to  annually count […] (5) the number of instances in which the NSA disseminates non‐public  information about U.S. persons, specifically distinguishing disseminations that includes names,  titles, or other identifiers potentially associated with individuals.” Id. at 146. This  recommendation is commonly referred to as Recommendation 9(5). In response to  Recommendation 9(5), NSA previously publicly provided (in the Annual Statistical Transparency  Report for calendar year 2015) and continues to provide the following additional information  regarding the dissemination of Section 702 intelligence reports that contain U.S. person  information.     NSA has been providing similar information to Congress per FISA reporting requirements. For  example, FISA Section 702(l)(3) requires that NSA annually submit a report to applicable  Congressional committees regarding certain numbers pertaining to the acquisition of Section  702‐acquired information, including the number of “disseminated intelligence reports  containing a reference to a United States person identity.” See 50 U.S.C. § 1881(l)(3)(A)(i).  Additionally, NSA provides this number to Congress as part of Attorney General and Director of  National Intelligence’s joint assessment of compliance. See 50 U.S.C. § 1881(l)(1).    Prior to the PCLOB issuing its Section 702 Report, NSA’s Director of Civil Liberties and Privacy  Office published NSA’s Implementation of Foreign Intelligence Surveillance Act Section 702,” on  April 16, 2014, (hereinafter “NSA DCLPO Report”), in which it explained NSA’s dissemination  processes. NSA DCLPO Report at 7‐8. NSA “only generates classified intelligence reports when  the information meets a specific intelligence requirement, regardless of whether the proposed  report contains U.S. person information.” NSA DCLPO Report at 7.         11     Dissemination. In the most basic sense, dissemination refers to the sharing of  minimized information. As it pertains to FISA (including Section 702), if an agency (in this  instance NSA) lawfully collects information pursuant to FISA and wants to share (i.e.,  disseminate) that information, the agency must first apply its minimization procedures  to that information.     Section 702 only permits the targeting of non‐U.S. persons reasonably believed to be located  outside the United States to acquire foreign intelligence information. Such targets, however,  may communicate information to, from, or about U.S. persons. NSA minimization procedures  (publicly released on August 11, 2016) permit the NSA to disseminate U.S person information if  the NSA masks the information that could identify the U.S. person. The minimization  procedures permit NSA to disseminate the U.S. person identity only if doing so meets one of  the specified reasons listed in NSA’s minimization procedures, including that the U.S. person  consented to the dissemination, the U.S. person information was already publicly available, the  U.S. person identity was necessary to understand foreign intelligence information, or the  communication contained evidence of a crime and is being disseminated to law enforcement  authorities. Even if one these conditions applies, as a matter of policy, NSA may still mask the  U.S. person information and will include no more than the minimum amount of U.S. person  information necessary to understand the foreign intelligence or to describe the crime or threat.  Id. In certain instances, however, NSA makes a determination prior to releasing its original  classified report that the U.S. person’s identity is appropriate to disseminate in the first  instance using the same standards discussed above.       Masked U.S. Person Information. Information about a U.S. person is masked when the  identifying information about the person is not included in a report. For example,  instead of reporting that Section 702‐acquired information revealed that non‐U.S.  person “Bad Guy” communicated with U.S. person “John Doe” (i.e., the actual name of  the U.S. person), the report would mask “John Doe’s” identity, and would state that  “Bad Guy” communicated with “an identified U.S. person,” “a named U.S. person,” or “a  U.S. person.”      Recipients of NSA‘s classified reports, such as other Federal agencies, may request that NSA  provide the true identity of a masked U.S. person referenced in an intelligence report. The  requested identity information is released only if the requesting recipient has a legitimate  “need to know” the identity of the U.S. person and has the appropriate security clearances, and  if the dissemination of the U.S. person’s identity would be consistent with NSA’s minimization  procedures (e.g., the identity is necessary to understand foreign intelligence information or  assess its importance). Furthermore, per NSA policy, NSA is allowed to unmask the identity for  12    the specific requesting recipient only where specific additional controls are in place to preclude  its further dissemination and additional approval has been provided by a designated NSA  official.     As part of their regular oversight reviews, DOJ and ODNI review disseminations of information  about U.S. persons that NSA obtained pursuant to Section 702 to ensure that the  disseminations were performed in compliance with the minimization procedures.    Section 702 – U.S. person (USP) information disseminated by NSA           CY2016  Total number of NSA disseminated §702 Reports containing USP identities  3,914  Of those NSA disseminated §702 Reports containing USP identities        (from the first row in this chart), the USP identity was originally masked in  this many reports    2,964*  Of those NSA disseminated §702 Reports containing USP identities        (from the first row in this chart), the USP identity was originally revealed in  this many reports    1,200*  Of those NSA disseminated §702 Reports containing USP identities where  the USP identities was originally masked (from the second row in this  chart), the number of USP identities that NSA later released in response to  specific requests to unmask a USP identity**  1,934  *A single report may contain both masked and unmasked U.S. person identities.  **For this statistic, last year’s Annual Statistical Transparency Report provided the number of  approved requests (i.e., 654) for unmasking of U.S. person identities, rather than the number of  U.S. person identities that were released. A single request may contain multiple U.S. person  identities. This year’s report provides the number of U.S. person identities referred to by name  or title released in response to specific requests to unmask those identities. The number of U.S.  person identities that NSA released during calendar year 2015 in response to specific requests  to unmask an identity was 2,232, which was the number that should have been reported in last  year’s report.       13    FISA Title IV – USE of PEN REGISTER and TRAP and TRACE (PR/TT) DEVICES   Commonly referred to as the “PR/TT” provision.     Bulk collection is prohibited.     Requires individual FISC order to use PR/TT device to capture dialing, routing, addressing,  or signaling (DRAS) information.     Government request to use a PR/TT device on U.S. person target must be based on an  investigation to protect against terrorism or clandestine intelligence activities and that  investigation must not be based solely on the basis of activities protected by the First  Amendment to the Constitution.     Pen Register/Trap and Trace Authority. Title IV of FISA authorizes the use of pen register and  trap and trace (PR/TT) devices for foreign intelligence purposes. Title IV authorizes the  government to use a PR/TT device to seek and capture dialing, routing, addressing or signaling  (DRAS) information. The government may submit an application to the FISC for an order  approving use of a PR/TT device (i.e., PR/TT order) for (i) “any investigation to obtain foreign  intelligence information not concerning a United States person or” (ii) “to protect against  international terrorism or clandestine intelligence activities, provided that such investigation of  a U.S. person is not conducted solely upon the basis of activities protected by the First  Amendment to the Constitution.” 50 U.S.C. § 1842(a). If the FISC finds that the government’s  application sufficiently meets the requirements of FISA, the FISC must issue an order for the  installation and use of a PR/TT device.                         14    PR/TT Statistics  Title IV of FISA  PR/TT FISA          CY2013  CY2014  CY2015  CY2016  Total number of orders  131  135  90  60  Estimated number of targets of such  orders  319  516  456  41  ‐  ‐  Estimated number of unique  134,987**  125,378  identifiers used to communicate  information collected pursuant to such  orders*  See 50 U.S.C. §§ 1873(b)(3), 1873(b)(3)(A), and 1873(b)(3)(B).   *Pursuant to §1873(d)(2)(B), this statistic does not apply to orders resulting in the acquisition of  information by the FBI that does not include electronic mail addresses or telephone numbers.   **This number represents information the government received from provider(s) electronically  for the entire 2015 calendar year. The government does not have a process for capturing  unique identifiers received by other means (such as hard‐copy or portable media).     Counting orders. Similar to how orders were counted for Titles I and III and Sections 703 and  704, this report only counts the orders granting authority to conduct intelligence collection ‐‐  the order for the installation and use of a PR/TT device. Thus, renewal orders are counted as a  separate order; modification orders and amendments are not counted.       Estimating the number of targets. The government’s methodology for counting PR/TT targets is  similar to the methodology described above for counting targets of electronic surveillance  and/or physical search. If the IC received authorization for the installation and use of a PR/TT  device against the same target in four separate applications, the IC would count one target, not  four. Alternatively, if the IC received authorization for the installation and use of a PR/TT device  against four targets in the same application, the IC would count four targets.      Estimating the number of unique identifiers. This statistic counts (1) the targeted identifiers  and (2) the non‐targeted identifiers (e.g., telephone numbers and e‐mail addresses) that were  in contact with the targeted identifiers. Specifically, the House Report on the USA FREEDOM Act  states that "[t]he phrase 'unique identifiers used to communicate information collected  pursuant to such orders' means the total number of, for example, email addresses or phone  numbers that have been collected as a result of these particular types of FISA orders‐‐not just  15    the number of target email addresses or phone numbers." [H.R. Rept. 114‐109 Part I, p. 26],  with certain exceptions noted.    FISA PR/TT Targets – U.S. Persons*  PR/TT Targets                                         CY2016  Estimated number of targets who are non‐U.S. persons  23  Estimated number of targets who are U.S. persons  18  Estimated percentage of targets who are U.S. persons  43.9%  *While not statutorily required to publicly provide these statistics, the IC is providing them  consistent with the Principles of Intelligence Transparency.                The remainder of this page is intentionally left blank.    16    FISA Title V – BUSINESS RECORDS   Commonly referred to as “Business Records” provision.       Bulk collection is prohibited.      Call Detail Records (CDR) may be obtained from a telephone company if the FISC issues  an individual court order for target’s records.     Request for records in an investigation of a U.S. person must be based on an  investigation to protect against terrorism or clandestine intelligence activities and  provided that the investigation is not conducted solely upon activities protected by the  First Amendment to the Constitution.   Business Records FISA. Under FISA, Title V authorizes the government to submit an application  for an order requiring the production of any tangible things for (i) “an investigation to obtain  foreign intelligence information not concerning a U.S. person or” (ii) “to protect against  international terrorism or clandestine intelligence activities, provided that such investigation of  a U.S. person is not conducted solely upon the basis of activities protected by the First  Amendment to the Constitution.” 50 U.S.C. § 1861. Title V is commonly referred to as the  “Business Records” provision of FISA.      In June 2015, the USA FREEDOM Act was signed into law and, among other things, amended  Title V, including prohibiting bulk collection. See 50 U.S.C. §§ 1861(b), 1861(k)(4). The DNI is  required to report various statistics about two Title V provisions – traditional business records  and call detail records (discussed further below).      On November 28, 2015, in compliance with amendments enacted by the USA FREEDOM Act,  the IC terminated collection of bulk telephony metadata under Title V of the FISA (the “Section  215 Program”). Solely due to legal obligations to preserve records in certain pending civil  litigation, including First Unitarian Church of Los Angeles, et al. v. National Security Agency, et  al., No. C 13‐03287‐JSW (N.D. Cal.) and Jewel, et al. v. National Security Agency, et al., No. C 08‐ 04373‐JSW (N.D. Cal.), the IC continues to preserve previously collected bulk telephony  metadata. Under the terms of a FISC order dated November 24, 2015, the bulk telephony  metadata cannot be used or accessed for any purpose other than compliance with preservation  obligations. Once the government’s preservation obligations are lifted, the government is  17    required to promptly destroy all bulk metadata produced by telecommunications providers  under the Section 215 Program.     As noted in last year’s Annual Statistical Transparency Report, on November 30, 2015, the IC  implemented certain provisions of the USA FREEDOM Act, including the call detail records  provision and the requirement to use a specific selection term. Accordingly, only one month’s  worth of data for calendar year 2015 was available with respect to those provisions. Any  statistical information relating to a particular FISA authority for a particular month remains  classified. Therefore, the Title V data specifically associated with December 2015 was only  released in a classified annex provided to Congress as part of the report for CY2015. For this CY  2016 report, statistical information was collected for an entire year under the USA FREEDOM  Act Title V provisions. As a result, those statistics are included in this report.    Statistics related to traditional business records under Title V Section 501(b)(2)(B) are provided  first pursuant to 50 U.S.C. § 1873(b)(4). Statistics related to call detail records under Title V  Section 501(b)(2)(C) are provided second pursuant to 50 U.S.C. § 1873(b)(5).   “Traditional” Business Records – Section 501(b)(2)(B)  Business Record (BR) requests for tangible things include books, records, papers, documents,  and other items pursuant to 50 U.S.C. §1861(b)(2)(B), also referred to as Section 501(b)(2)(B) .  These are commonly referred to as “Traditional” Business Records.   “Traditional” Business Records Statistics   Business Records “BR” – Section 501(b)(2)(B)  CY2016  Total number of orders issued pursuant to applications under  Section 501(b)(2)(B)   84  Estimated number of targets of such orders 88   Estimated number of unique identifiers used to communicate  information collected pursuant to such orders   81,035  See 50 U.S.C. §§ 1873(b)(4), 1873(b)(4)(A), and 1873(b)(4)(B).     Estimating the number of unique identifiers. This is an estimate of the number of (1) targeted  identifiers (e.g., telephone numbers and email addresses) and (2) non‐targeted identifiers that  were in contact with the targeted identifiers. This metric represents unique identifiers received  18    electronically from the provider(s). The government does not have a process for capturing  unique identifiers received by other means (i.e., hard‐copy or portable media).    Explaining how we count BR statistics. As an example of the government’s methodology,  assume that in 2016, the government submitted a BR request targeting “John Doe” with email  addresses john.doe@serviceproviderX, john.doe@serviceproviderY, and  john.doe@serviceproviderZ. The FISC found that the application met the requirements of Title  V and issued orders granting the application and directing service providers X, Y, and Z to  produce business records pursuant to Section 501(b)(2)(B). Provider X returned 10 non‐ targeted email addresses that were in contact with the target; provider Y returned 10 non‐ targeted email addresses that were in contact with the target; and provider Z returned 10 non‐ targeted email addresses that were in contact with the target. Based on this scenario, we would  report the following statistics: A) one order by the FISC for the production of tangible things, B)  one target of said orders, and C) 33 unique identifiers, representing three targeted email  addresses plus 30 non‐targeted email addresses.  Call Detail Records – Section 501(b)(2)(C)  Call Detail Records (CDR) – commonly referred to as “call event metadata” – may be obtained  from telecommunications providers pursuant to 50 U.S.C. §1861(b)(2)(C). A CDR is defined as  session identifying information (including an originating or terminating telephone number, an  International Mobile Subscriber Identity (IMSI) number, or an International Mobile Station  Equipment Identity (IMEI) number), a telephone calling card number, or the time or duration of  a call. See 50 U.S.C. §1861(k)(3)(A). CDRs do not include the content of any communication, the  name, address, or financial information of a subscriber or customer, or cell site location or  global positioning system information. See 50 U.S.C. §1861(k)(3)(B). CDRs are stored and  queried by the service providers. See 50 U.S.C. §1861(c)(2).     Call Detail Record (CDR) Statistics   Call Detail Records “CDR” – Section 501(b)(2)(C)                     Total number of orders issued pursuant to applications under  Section 501(b)(2)(C)  40  Estimated number of targets of such orders  42  See 50 U.S.C. §§ 1873(b)(5) and 1873(b)(5)(A).  19    CY2016  Estimating the number of targets of CDR orders. A “target” is the person using the selector. For  example, if a target uses four selectors that have been approved, the number counted for  purposes of this report would be one target, not four. Alternatively, if two targets are using one  selector that has been approved, the number counted would be two targets.    The estimated number of Call Detail Records received from providers. This metric represents  the number of records received from the provider(s) and stored in NSA repositories (records  that fail at any of a variety of validation steps are not included in this number). CDRs covered by  § 501(b)(2)(C) include call detail records created before, on, or after the date of the application  relating to an authorized investigation. While the USA FREEDOM Act directs the government to  provide a good faith estimate of “the number of unique identifiers used to communicate  information collected pursuant to” orders issued in response to CDR applications (see                   § 1873(b)(5)(B)), the statistic below does not reflect the number of unique identifiers contained  within the call detail records received from the providers. As of the date of this report, the  government does not have the technical ability to isolate the number of unique identifiers  within records received from the providers. As explained in the 2016 NSA’s public report on the  USA FREEDOM Act, the metric provided is over‐inclusive because the government counts each  record separately even if the government receives the same record multiple times (whether  from one provider or multiple providers). Additionally, this metric includes duplicates of unique  identifiers – i.e., because the government lacks the technical ability to isolate unique identifiers,  the statistic counts the number of records even if unique identifiers are repeated. This statistic  includes records that were received from the providers in CY2016 for all orders active for any  portion of the year, which includes orders that the FISC approved in 2015.    Call Detail Record (CDR) Statistics   Call Detail Records “CDR” – Section 501(b)(2)(C)                     Estimated number of call detail records received from providers  and stored in NSA repositories    CY2016  151,230,968      As an example, assume an NSA intelligence analyst learns that phone number (202) 555‐1234 is  being used by a suspected international terrorist. This is the “specific selection term” or  “selector” that will be submitted to the FISC (or the Attorney General in an emergency) for  approval using the “reasonable articulable suspicion” (RAS) standard. Assume that one provider  (provider X) submits to NSA a record showing (202) 555‐1234 had called (301) 555‐4321 on May  1, 2016. This is the “first hop” and would count as one record. If the provider submits records  showing additional calls between those same telephone numbers, each would count as an  20    additional record. Thus, if over the course of 2016, (202) 555‐1234 was in contact with (301)  555‐4321 once each day, then that would count as 365 records obtained from provider X. If  another provider (provider Y) also submits records showing direct contact between those two  telephone numbers (assume the same number of contacts), then those would add to the count.   In turn, assume that NSA submits the “first‐hop” number above – (301) 555‐4321‐ to the  providers, and finds that it was used to call (410) 555‐5678. This is the “second‐hop” result.  Each contact between the first‐hop and second‐hop numbers would count as a separate record,  as would each such contact submitted by other providers. More information on how NSA  implements this authority can be found in the DCLPO report.  Call Detail Record (CDR) Statistics   Call Detail Records “CDR” – Section 501(b)(2)(C)                     Estimated number of search terms that included information  concerning a U.S. person that were used to query any database of  call detail records obtained through the use of such orders*  CY2016  22,360  See 50 U.S.C. § 1873(b)(5)(C).   *Consistent with § 1873(d)(2)(A), this statistic does not include queries that are conducted by  the FBI.    The number of search terms associated with a U.S. person used to query the CDR data. Each  unique query is counted only once. The same term queried 10 times, still counts as one search  term.  Similarly, a single query with 20 terms counts as 20.          The remainder of this page is intentionally left blank.        21    NATIONAL SECURITY LETTERS (NSLs)     Not authorized by FISA but by other statutes.     Bulk collection is prohibited, however, by the USA FREEDOM Act.     FBI may only use NSLs if the information sought is relevant to international  counterterrorism or counterintelligence investigation.  National Security Letters. In addition to statistics relating to FISA authorities, we are reporting  information on the government’s use of National Security Letters (NSLs). The FBI is statutorily  authorized to issue NSLs for specific records (as specified below) only if the information being  sought is relevant to a national security investigation. NSLs may be issued for four commonly  used types of records:     1)   telephone subscriber information, toll records, and other electronic communication  transactional records, see 18 U.S.C. § 2709;   2)   consumer‐identifying information possessed by consumer reporting agencies  (names, addresses, places of employment, institutions at which a consumer has  maintained an account), see 15 U.S.C. § 1681u;   3)   full credit reports, see 15 U.S.C. § 1681v (only for counterterrorism, not for  counterintelligence investigations); and   4)   financial records, see 12 U.S.C. § 3414.      Counting NSLs. Today we are reporting (1) the total number of NSLs issued for all persons, and  (2) the total number of requests for information (ROI) contained within those NSLs.  When a  single NSL contains multiple requests for information, each is considered a “request” and each  request must be relevant to the same pending investigation. For example, if the government  issued one NSL seeking subscriber information from one provider and that NSL identified three  e‐mail addresses for the provider to return records, this would count as one NSL issued and  three ROIs.       The Department of Justice’s Report on NSLs. In April 2017, the Department of Justice  released its Annual Foreign Intelligence Surveillance Act Report to Congress. That report,  which is available online, reports on the number of requests made for certain  22    information concerning different U.S. persons pursuant to NSL authorities during  calendar year 2016. The Department of Justice’s report provides the number of  individuals subject to an NSL whereas the ODNI’s report provides the number of NSLs  issued. Because one person may be subject to more than one NSL in an annual period,  the number of NSLs issued and the number of persons subject to an NSL differs.    Why we report the number of NSL requests instead of the number of NSL targets. We are  reporting the annual number of requests for multiple reasons. First, the FBI’s systems are  configured to comply with Congressional reporting requirements, which do not require the FBI  to track the number of individuals or organizations that are the subject of an NSL. Even if the  FBI systems were configured differently, it would still be difficult to identify the number of  specific individuals or organizations that are the subjects of NSLs. One reason for this is that the  subscriber information returned to the FBI in response to an NSL may identify, for example, one  subscriber for three accounts or it may identify different subscribers for each account.  In some  cases this occurs because the identification information provided by the subscriber to the  provider may not be true. For example, a subscriber may use a fictitious name or alias when  creating the account. Thus, in many instances, the FBI never identifies the actual subscriber of a  facility. In other cases, this occurs because individual subscribers may identify themselves  differently for each account (e.g., inclusion of middle name, middle initial, etc.) when creating  an account.      We also note that the actual number of individuals or organizations that are the subject of an  NSL is different than the number of NSL requests. The FBI often issues NSLs under different  legal authorities, e.g., 12 U.S.C. § 3414(a)(5), 15 U.S.C. §§ 1681u(a) and (b), 15 U.S.C. § 1681v,  and 18 U.S.C. § 2709, for the same individual or organization.  The FBI may also serve multiple  NSLs for an individual for multiple facilities (e.g., multiple e‐mail accounts, landline telephone  numbers and cellular phone numbers). The number of requests, consequently, is significantly  larger than the number of individuals or organizations that are the subjects of the NSLs.      NSL Statistics  National Security Letters (NSLs)                                                                             CY2013  CY2014  CY2015  CY2016     Total number of NSLs issued 19,212 16,348 12,870  12,150   Number of Requests for Information  38,832 33,024 48,642  24,801   (ROI)   See 50 U.S.C. § 1873(b)(6).  23    APPENDIX A 24 DIRECTOR OF NATIONAL INTELLIGENCE WASHINGTON, DC 20511 APR 2 8 2017 The Honorable Richard Burr The Honorable Chuck Grassley Chairman Chairman Select Committee on Intelligence Committee on the Judiciary United States Senate United States Senate The Honorable Devin Nunes The Honorable Robert W. Goodlatte Chairman Chairman Permanent Select Committee on Intelligence Committee on the Judiciary US. House of Representatives US. House of Representatives Dear Messrs. Chairmen: Section 603(b)(2)(B) of the Uniting and Strengthening America by Fulfilling Rights and Ensuring E??ective Discipline Over Monitoring Act 0f2015, 14?23), 129 Stat. 268 (hereinafter FREEDOM Act?), requires the Director of National Intelligence to make publicly available for the preceding 12-month period a good faith estimate of the number of queries concerning a known United States person of unminimized non-content information relating to electronic communications or wire communications obtained through acquisitions authorized under Section 702 of the Foreign Intelligence Surveillance Act excluding the number of queries containing information used to prevent the return of information concerning a United States person. If the DN I concludes that this good faith estimate cannot be determined accurately because some, but not all, of the relevant elements of the Intelligence Community are able to provide such good faith estimate, the USA FREEDOM Act requires him to certify that conclusion in writing to the committees identified above; (ii) report the good faith estimate for those relevant elements able to provide such good faith estimate; explain when it is reasonably anticipated that such an estimate will be able to be determined fully and accurately; and (iv) make such certification publicly available on an Internet website. I conclude that the good faith estimate required under section 603(b)(2)(B) of the USA FREEDOM Act cannot be determined accurately because some but not all of the relevant elements of the IC are able to provide such good faith estimate. The enclosed report includes the good faith estimate for those relevant IC elements that were able to provide such good faith estimate. Based on the information provided to me by the relevant elements, I reasonably anticipate that such an estimate will be able to be determined fully and accurately by the end of calendar year 2018. The Honorable Richard Burr The Honorable Chuck Grassley The Honorable Devin Nunes The Honorable Robert W. Goodlatte If you have any questions regarding this matter, please contact the Office of Director of Legislative Affairs, Deirdre M. Walsh, at (703) 275?2474. Sincerely, a?i Daniel R. Coats Enclosure: Statistical Transparency Report CCI Statistical Transparency Report Regarding Use of National Security Authorities April 30, 2016 Annual Statistics for Calendar Year 2015 regarding Use of Certain National Security Legal Authorities. In June 2013, President Obama directed the Intelligence Community (IC) to declassify and make public as much information as possible about certain sensitive U.S. government surveillance programs while protecting sensitive classified intelligence and national security information. Since then, the Director of National Intelligence (DNI) has declassified and authorized the public release of thousands of pages of documents relating to the use of critical national security authorities, including the Foreign Intelligence Surveillance Act (FISA). In addition to declassifying and publicly releasing these documents, the Intelligence Community has published several reports regarding these authorities, including the Statistical Transparency Report Regarding use of National Security Authorities (hereafter the DNI's annual transparency report), presenting metrics related to the use of certain authorities for calendar years 2013 and 2014. On June 2, 2015, the USA FREEDOM Act was enacted, codifying many of the statistics reported in the DNI's annual transparency reports. The Act also expanded the scope of the information included in the reports by requiring the DNI to report information concerning United States person search terms and queries of certain unminimized, FISA-acquired information, as well as information concerning unique identifiers used to communicate information collected pursuant to certain FISA orders.1 The IC implemented the USA Freedom Act on November 30, 2015.2 Today, consistent with the USA FREEDOM Act and the IC's Principles of Intelligence Transparency, we are releasing our third annual transparency report presenting statistics on how often the government uses certain national security authorities. The DNI has declassified and directed the release of the applicable statistics covering calendar year 2015. This information is available at the website of the Office of the Director of National Intelligence (ODNI); and ODNI's public website dedicated to fostering greater public visibility into the intelligence activities of the United States government, icontheRecord.tumblr.com. It is important to provide some additional context to the numbers included in this report: ? Types of Orders. There are several different types of orders that the Foreign Intelligence Surveillance Court (FISC) may issue in connection with FISA cases: orders granting or modifying the government's authority to conduct intelligence collection; orders directing electronic communication service providers to provide any technical assistance necessary to implement the authorized intelligence collection; supplemental orders and briefing orders requiring the government to take a particular action or provide the court with specific information; and so on. Under Section 702, rather than issuing an individual order authorizing the government to target each non-U.S. person reasonably believed to be located outside the United States who possesses, or who is likely to communicate or receive, foreign intelligence information, the FISC 1 See 50 U.S.C. ? 1873(b). Although the USA FREEDOM Act was not implemented until November 30, 2015, the metrics provided in this report represent the full 2015 calendar year except where otherwise stated. 2 1 issues a single order3 approving certifications that describe categories of foreign intelligence information to be acquired through the targeting of non-U.S. persons reasonably believed to be located outside the United States. Unless otherwise indicated, only the orders granting authority to conduct intelligence collection under the applicable FISA section are counted in this report; the other types of orders (e.g., modification orders) are not included. ? Amendments and Renewals. The FISC may amend an order one or more times after it has been issued. For example, an order may be amended to add a newly discovered account used by the target. This report does not count such amendments separately. Moreover, some orders may be renewed multiple times during the calendar year (e.g., the FISA statute provides that a Section 704 FISA order against a U.S. person target may last no longer than 90 days but permits the order to be renewed). Unlike amendments, this report does count each such renewal as a separate order. ? Targets. Within the IC, the term "target" has multiple meanings. With respect to the statistics provided in this report, the term "target" is defined as the individual person, group, entity comprised of multiple individuals, or foreign power that uses the selector, such as a telephone number or email address. If a target were known to use four different selectors, the IC would count one target, not four. Alternatively, if four targets were known to use a one selector, the IC would count four targets. The term "target" can also be used as a verb. Under Section 702, for example, the IC "targets" a particular non-U.S. person, group, or entity reasonably believed to be located outside the United States and who possesses, or who is likely to communicate or receive, foreign intelligence information, by "tasking" selectors that are assessed to be used by such non-U.S. person, group or entity, pursuant to targeting procedures approved by the FISC. The number of 702 "targets" reflects an estimate of the number of known users of tasked selectors. This estimate is based on the information readily available to the IC. Unless and until the IC has information that links multiple selectors to a single foreign intelligence target, each individual selector is counted as being associated with a separate target in this report. On the other hand, where the IC is aware that multiple selectors are used by the same target, the IC counts the user of those selectors as a single target. This method of estimating helps ensure that the IC does not inadvertently understate the number of discrete persons targeted pursuant to Section 702. ? Title V of FISA. The IC implemented the USA FREEDOM Act's Title V provisions on November 30, 2015, resulting in one additional month's worth of data for calendar year 2015. Because statistical information tied to a particular FISA authority for a particular month remains 3 Note that, in its own transparency report, which is also required pursuant to Sec. 603 of the USA FREEDOM Act, the Director of the Administrative Office of the United States Courts (AOUSC) counted each Section 702 certification as being associated with its own order. Because the number of the government's Section 702 certifications remains a classified fact, the government requested that the AOUSC redact the number of certifications and the number of modified orders from its transparency report prior to publicly releasing it. 2 classified, Title V data specifically associated with December 2015 - i.e., the information required under Section 603 (b)(4)(A) and (B) and 603 (b)(5)(A), (B) and (C) - is included only in the classified annex to this report that has been provided to Congress. ? U.S. Persons. In calculating the metrics in this report, the IC applied the broader definition of the term "U.S. Person" used in FISA, rather than USA FREEDOM Act's narrower "U.S. Person" definition. Section 603(e)(4) of the USA FREEDOM Act defines "U.S. Person" as "a citizen of the United States or an alien lawfully admitted for permanent residence (as defined in section 101(a) of the Immigration and Nationality Act (8 U.S.C. ? 1101(a)))." This definition is narrower than FISA's, which defines "U.S. Person" as a citizen of the United States or an alien lawfully admitted for permanent residence (as defined in section 101(a)(20) of the Immigration and Nationality Act), an unincorporated association a substantial number of members of which are citizens of the United States or aliens lawfully admitted for permanent residence, or a corporation which is incorporated in the United States, but does not include a corporation or an association which is a foreign power, as defined in 50 U.S.C. ? 1801(a)(1), (2), or (3). Because the broader FISA definition is the one that governs how U.S. person queries are conducted pursuant to the relevant minimization procedures, it also governs how those queries are counted. It is not possible to isolate U.S. person search terms that only meet the USA FREEDOM Act's narrower definition. ? "Unique identifiers used to communicate information collected pursuant to such orders." This language describes metrics included in the Title IV (PR/TT) portion of the report and in the Title V information covered in the classified annex to the report. The House Report on the USA FREEDOM Act states that "[t]he phrase 'unique identifiers used to communicate information collected pursuant to such orders' means the total number of, for example, email addresses or phone numbers that have been collected as a result of these particular types of FISA orders--not just the number of target email addresses or phone numbers." H. Rept. 114-109 Part I. The remainder of this page is intentionally left blank. 3 Titles I and III and Sections 703 and 704 of FISA Total number of orders 1,585 Estimated number of targets of such orders 1,695 The remainder of this page is intentionally left blank. 4 Section 702 of FISA Total number of orders 1 Estimated number of targets of such orders 94,368 Estimated number of search terms concerning a known U.S. person used to retrieve the unminimized contents of communications obtained under Section 702 (excluding search terms used to prevent the return of U.S. person information) a 4,672b Estimated number of queries concerning a known U.S. person of unminimized noncontents information obtained under Section 702 (excluding queries containing information used to prevent the return of U.S. person information)c 23,800d a. b. c. d. Pursuant to 50 U.S.C. ? 1873(d)(2)(A), this metric does not apply to queries conducted by the FBI. This metric includes some duplicative or recurring queries conducted using the same term. Pursuant to 50 U.S.C. ? 1873(d)(2)(A), this metric does not apply to queries conducted by the FBI. One IC element is currently not able to provide this information. See the DNI's certification as to the estimated number of queries concerning a known U.S. person of unminimized noncontents information obtained under Section 702. The remainder of this page is intentionally left blank. 5 RESPONSE TO PCLOB RECOMMENDATION 9(5) In response to Recommendation 9(5) of the Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, prepared by the Privacy and Civil Liberties Oversight Board, the National Security Agency (NSA) provides the following additional information regarding the dissemination of Section 702 intelligence reports that contain U.S. person information. Section 702 only permits the targeting of non-U.S. persons reasonably believed to be located outside the United States to acquire foreign intelligence information. Such targets, however, may on occasion communicate information of or about U.S. persons. Where appropriate, NSA may disseminate such information concerning U.S. persons. NSA only generates signals intelligence reports in response to a specific intelligence requirement, regardless of whether the proposed report contains U.S. person information. NSA's minimization procedures expressly prohibit dissemination of information about U.S. persons in any NSA report unless that information is necessary to understand foreign intelligence information or assess its importance, contains evidence of a crime, or indicates a threat of death or serious bodily injury. Even if one of these conditions applies, NSA often will mask the information and will, under any circumstance, include no more than the minimum amount of U.S. person information necessary to understand the foreign intelligence or to describe the crime or threat. In certain instances, however, NSA makes a determination prior to releasing its original report that the U.S. person's identity is appropriate to disseminate in the first instance using the same standards discussed above. In 2015, NSA disseminated 4,290 FAA Section 702 intelligence reports that included U.S. person information. Of those 4,290 reports, the U.S. person information was masked in 3,168 reports and unmasked in 1,122 reports. Recipients of NSA reporting can request that NSA provide the true identity of a masked U.S. person referenced in an intelligence report, but this information is released only if the recipient has a legitimate need to know the identity and dissemination of the U.S. person's identity has been determined to be necessary to understand foreign intelligence information or assess its importance, contains evidence of a crime, or indicates a threat of death or serious bodily injury. Under NSA policy, NSA is allowed to unmask the identity for the specific requesting recipient only under certain conditions and where specific additional controls are in place to preclude its further dissemination, and additional approval has been provided by a designated NSA official. In 2015, NSA released 654 U.S. person identities in response to such requests. Finally, as part of their regular oversight reviews, the Department of Justice and the Office of the Director of National Intelligence review disseminations of information about U.S. persons that NSA obtained pursuant to Section 702 to ensure that the disseminations were performed in compliance with the minimization procedures. For additional information, see page 7 of the NSA Director of Civil Liberties and Privacy Office Report, NSA's Implementation of Foreign Intelligence Surveillance Act Section 702. 6 Title IV of FISA PR/TT FISA Total number of orders 90 Estimated number of targets of such orders 456 Estimated number of unique identifiers used to communicate information collected pursuant to such ordersa 134,987b a. Pursuant to Section 1873(d)(2)(B), this metric does not apply to orders resulting in the acquisition of information by the FBI that does not include electronic mail addresses or telephone numbers. b. This number represents information the government received from provider(s) electronically for the entire 2015 calendar year. The government does not have a process for capturing unique identifiers received by other means (such as hard-copy or portable media). The remainder of this page is intentionally left blank. 7 Title V of FISA Annual number of approved applications 142a The number of individuals, entities, groups, or foreign powers subject to a business records application to obtain information about a specific subject 134 The number of selectors approved by the FISC to be queried either under the NSA telephony metadata program or by NSA under Section 501(b)(2)(C) of the USA FREEDOM Act The number of known or presumed U.S. persons who were the subject of queries of information collected in bulk prior to the effective date of the business record provisions of the USA FREEDOM Act, or who were subject to a business records application at any point in 2015 56b 183c a. This metric consists of the total number of approved applications, or orders issued, prior to the effective date of the business records provisions of the USA FREEDOM Act, as well as the approved applications, or orders issued, under Sections 501(b)(2)(B) and 501(b)(2)(C), as required by Section 603(b)(4) and 603(b)(5) of the USA FREEDOM Act. b. This metric reflects the number of selectors approved by the FISC as meeting the reasonable articulable suspicion standard. c. This metric includes some duplicative or recurring queries conducted using the same identifier. There may also be some duplication to the extent that some of the U.S. persons who were the subject of queries of information collected in bulk were also subject to a business records application. The remainder of this page is intentionally left blank. 8 National Security Letters (NSLs)a Annual number of NSLs issued 12,870 Annual number of Requests for Information (ROI)b 48,642 a. On April 29, 2016, the Department of Justice released its Annual Foreign Intelligence Surveillance Act Report to Congress. That report is available [here]. b. For example: one NSL seeking subscriber information from one provider may identify three e-mail addresses, all of which are relevant to the same pending investigation; each is considered a separate "request." The remainder of this page is intentionally left blank. 9 UNCLASSIFIED Statistical Transparency Report Regarding use of National Security Authorities April 22, 2015 Introduction. In June 2013, President Obama directed the Intelligence Community to declassify and make public as much information as possible about certain sensitive U.S. government surveillance programs while protecting sensitive classified intelligence and national security information. Since then, the Director of National Intelligence (DNI) has declassified and authorized the public release of thousands of pages of documents relating to the use of critical national security authorities. In addition to declassifying and publicly releasing these documents, the DNI and the Intelligence Community have published several reports regarding these authorities, including a first-of-its-kind report on June 26, 2014, presenting statistics on how often the government used certain authorities during calendar year 2013. Today, and consistent with the Intelligence Community's Principles of Intelligence Transparency, we are releasing our second annual report presenting statistics on how often the government uses these important authorities. Accordingly, the DNI has declassified and directed the release of the following information covering calendar year 2014. Annual Statistics for Calendar Year 2014 regarding Use of Certain National Security Legal Authorities. Titles I, III, IV, and VII of FISA. Annual Number of Orders FISA Orders based on probable cause 1519 orders (Title I and III of FISA, Sections 703 and 704 of FISA) Section 702 of FISA 1 order FISA Pen Register/Trap and Trace 135 orders (Title IV of FISA) Legal Authority 1 UNCLASSIFIED Estimated Number of Targets Affected 1562 92707 516 UNCLASSIFIED It is important to provide some additional context to the above statistics. ? Targets. Within the Intelligence Community, the term "target" has multiple meanings. For example, a "target" could be an individual person, a group, or an entity composed of multiple individuals or a foreign power that possesses or is likely to communicate foreign intelligence information that the U.S. government is authorized to acquire by the above-referenced laws. Some laws require that the government obtain a court order specifying the communications facilities (e.g., a telephone number, an email address) used by a "target" to be subject to intelligence collection. Although the government may have legal authority to conduct intelligence collection against multiple communications facilities used by the target, the user of the facilities - the "target" - is only counted once in the above figures. ? 702 Targets. In addition to the explanation of target above, in the context of Section 702 the term "target" is generally used to refer to the act of intentionally directing intelligence collection at a particular person, a group, or entity. For example, the statutory provisions of Section 702 state that the Government "may not intentionally target any person known at the time of the acquisition to be located in the United States" (emphasis added), among other express limitations. Under Section 702, the Foreign Intelligence Surveillance Court (FISC) approves Certifications as opposed to individualized orders. In the Section 702 context, the Intelligence Community targets a particular person, group, or entity by "tasking" selectors, pursuant to targeting procedures approved by the FISC. Selectors are specific communications facilities assessed to be used by a target (e.g., an email address or telephone number). Given the restrictions of Section 702, only selectors used by non-U.S. persons reasonably believed to be located outside the United States and who possess, or who are likely to communicate or receive, foreign intelligence information that is covered by an approved certification may be tasked. The number of 702 "targets" therefore reflects an estimate of the number of known users of particular selectors. This estimate is based on the information readily available to the Intelligence Community to identify unique targets - users whose identity may be unknown but who are reasonably believed to use the particular selector from outside the United States and who are reasonably believed to be non-United States persons. For example, foreign intelligence targets often communicate using several different email accounts. Each email account is a different selector, so unless the Intelligence Community has information that multiple email accounts are used by the same target, each of those accounts, i.e., selectors, would be counted separately in these figures. On the other hand, if the Intelligence Community is aware that multiple accounts, i.e. selectors, are all used by the same target, as defined above, they would be counted as one target. This method of estimating helps ensure that the Intelligence Community does not inadvertently understate the number of discrete persons targeted pursuant to Section 702. 2 UNCLASSIFIED UNCLASSIFIED ? Relationship of Orders to Targets. In some cases, one order can by its terms affect multiple targets (as with Section 702). Alternatively, a target may be the subject of multiple orders, as noted below. ? Amendments and Renewals. The FISC may amend an order one or more times after it has been issued. For example, an order may be amended to add a newly discovered account used by the target. To avoid redundant counting, these statistics do not count such amendments separately. Moreover, some orders may be renewed multiple times during the calendar year (for example, the FISA statute provides that a Section 704 FISA order against a U.S. person target may last no longer than 90 days but permits the order to be renewed). Unlike amendments, the statistics count each such renewal as a separate order. Title V of FISA (Business Records). We are reporting information about the government's use of the FISA Business Records provision (Title V) separately because this authority has been used in two distinct ways - collection of business records to obtain information about a specific subject and collection of business records in bulk. Accordingly, in the interest of transparency, we have decided to clarify the extent to which individuals are affected by each use. In addition, instead of reporting on the number of Business Records orders, the government is reporting on the number of approved applications submitted to the FISC because the FISC may issue several orders to different recipients based upon a particular application. 3 UNCLASSIFIED UNCLASSIFIED Legal Authority FISA Business Records (Title V of FISA) Annual Number of Approved Applications 170 Estimated Number Affected 160: The number of individuals, entities, or foreign powers subject to a business records application to obtain information about a specific subject. 161: The number of selectors approved by the FISC to be queried under the NSA telephony metadata program. 227: The number of known or presumed U.S. persons who were the subject of queries of information collected in bulk or who were subject to a business records application. National Security Letters. Finally, we are reporting information on the government's use of National Security Letters (NSLs). On April 21, 2015, the Department of Justice released its Annual Foreign Intelligence Surveillance Act Report to Congress. That report provides the number of requests made for certain information concerning different United States persons pursuant to NSL authorities during calendar year 2014. In addition to those figures, today we are reporting (1) the total number of NSLs issued for all persons, and (2) the total number of requests for information contained within those NSLs. For example, one NSL seeking subscriber information from one provider may identify three e-mail addresses, all of which are relevant to the same pending investigation and each is considered a "request." We are reporting the annual number of requests rather than "targets" for multiple reasons. First, the FBI's systems are configured to comply with Congressional reporting requirements, which do not require the FBI to track the number of individuals or organizations that are the subject of an NSL. Second, even if the FBI systems were configured differently, it would still be difficult to identify the number of specific individuals or organizations that are the subjects of NSLs. One reason for this is that the subscriber information returned to the FBI in response to an NSL may identify, for example, one subscriber for three accounts or it may identify different subscribers for each account. In some cases this occurs because the identification information provided by the subscriber to the provider may not be true. For example, a subscriber may use 4 UNCLASSIFIED UNCLASSIFIED a fictitious name or alias when creating the account. Thus, in many instances, the FBI never identifies the actual subscriber of a facility. In other cases this occurs because individual subscribers may identify themselves differently for each account (e.g., by including a middle name or middle initial) when creating an account. We also note that the actual number of individuals or organizations that are the subject of an NSL is different than the number of NSL requests. The FBI often issues NSLs under different legal authorities, e.g., 12 U.S.C. ? 3414(a)(5), 15 U.S.C. ?? 1681u(a) and (b), 15 U.S.C. ? 1681v, and 18 U.S.C. ? 2709, for the same individual or organization. The FBI may also serve multiple NSLs for an individual for multiple facilities (e.g., multiple e-mail accounts, landline telephone numbers, or cellular phone numbers). The number of requests, consequently, is significantly larger than the number of individuals or organizations that are the subjects of the NSLs. Legal Authority National Security Letters issued pursuant to 12 U.S.C. ? 3414(a)(5), 15 U.S.C. ?? 1681u(a) and (b), 15 U.S.C. ? 1681v, and 18 U.S.C. ? 2709 Annual Number of NSLs Issued 16,348 Annual Number of Requests for Information 33,024 This information will be available at the website of the Office of the Director of National Intelligence (ODNI); and ODNI's public website dedicated to fostering greater public visibility into the intelligence activities of the government, IContheRecord.tumblr.com. 5 UNCLASSIFIED Declassified by DNI Clapper 06/23/2014 TOP SECRET//NOFORN Office of the Director of National Intelligence Statistical Transparency Report Regarding use of National Security Authorities Annual Statistics for Calendar Year 2013 Classified By: 2381928 Derived From: ODNI COL T-12 Reason: Declassify On: 20391231 TOP SECRET//NOFORN Declassified by DNI Clapper 06/23/2014 TOP SECRET//NOFORN Statistical Transparency Report Regarding use of National Security Authorities June 26, 2014 Introduction. In June 2013, President Obama directed the Intelligence Community to declassify and make public as much information as possible about certain sensitive U.S. Government surveillance programs while protecting sensitive classified intelligence and national security information. Over the past year, the Director of National Intelligence (DNI) has declassified and authorized the public release of thousands of pages of documents relating to the use of critical national security authorities. Today, and consistent with the DNI's directive on August 29, 2013, we are releasing information related to the use of these important tools, and will do so in the future on an annual basis. Accordingly, the DNI has declassified and directed the release of the following information for calendar year 2013. Annual Statistics for Calendar Year 2013 Regarding Use of Certain National Security Legal Authorities. Titles I, III, IV, and VII of FISA. Annual Number of Orders FISA Orders based on probable cause 1,767 orders (Title I and III of FISA, Sections 703 and 704 of FISA) Section 702 of FISA 1 order FISA Pen Register/Trap and Trace 131 orders (Title IV of FISA) Legal Authority Estimated Number of Targets Affected 1,144 89,138 319 It is important to provide some additional context to the above statistics. o Targets. Within the Intelligence Community, the term "target" has multiple meanings. For example, "target" could be an individual person, a group, or an organization composed of multiple individuals or a foreign power that possesses or is likely to communicate foreign intelligence information that the U.S. government is authorized to acquire by the above-referenced laws. Some laws require that the government obtain a Court order specifying the communications facilities used by a "target" to be subject to intelligence collection. Although the government may have legal authority to conduct intelligence collection against multiple communications facilities used by the target, the user of the facilities - the "target" - is only counted once in the above figures. TOP SECRET//NOFORN Declassified by DNI Clapper 06/23/2014 TOP SECRET//NOFORN o 702 Targets. In addition to the explanation of target above, in the context of Section 702 the term "target" is generally used to refer to the act of intentionally directing intelligence collection at a particular person, a group, or organization. For example, the statutory provisions of Section 702 state that the Government "may not intentionally target any person known at the time of the acquisition to be located in the United States" (emphasis added), among other express limitations. Under Section 702, the Foreign Intelligence Surveillance Court (FISC) approves Certifications as opposed to individualized orders. Thus, the number of 702 "targets" reflects an estimate of the number of known users of particular facilities (sometimes referred to as selectors) subject to intelligence collection under those Certifications. This estimate is based on the information readily available to the Intelligence Community to identify unique targets - users, whose identity may be unknown, but who are reasonably believed to use the particular facility from outside the United States and who are reasonably believed to be non-United States persons. For example, foreign intelligence targets often communicate using several different email accounts. Unless the Intelligence Community has information that multiple email accounts are used by the same target, each of those accounts would be counted separately in these figures. On the other hand, if the Intelligence Community is aware that the accounts are all used by the same target, as defined above, they would be counted as one target. o Relationship of Orders to Targets. In some cases, one order can by its terms affect multiple targets (as with Section 702). Alternatively, a target may be the subject of multiple orders, as noted below. o Amendments and Renewals. The FISC may amend an order one or more times after it has been issued. For example, an order may be amended to add a newly discovered account used by the target. To avoid redundant counting, these statistics do not count such amendments separately. Moreover, some orders may be renewed multiple times during the calendar year (for example, the FISA statute provides that a Section 704 FISA Order against a U.S. person target may last no longer than 90 days but permits the order to be renewed). The statistics count each such renewal as a separate order. Title V of FISA (Business Records). We are reporting information about the Government's use of the FISA Business Records provision (Title V) separately because this authority has been used in two distinct ways - collection of business records to obtain information about a specific subject and collection of business records in bulk. Accordingly, in the interest of transparency, we have decided to clarify the extent to which individuals are affected by each use. In addition, instead of reporting on the number of Business Record orders, the government is reporting on the number of applications submitted to the Foreign Intelligence Surveillance Court because the FISC may issue several orders to different recipients based upon a particular application. TOP SECRET//NOFORN Declassified by DNI Clapper 06/23/2014 TOP SECRET//NOFORN Legal Authority FISA Business Records (Title V of FISA) Annual Number of Applications 178 Estimated Number Affected 172: The number of individuals, entities, or foreign powers subject to a business records application to obtain information about a specific subject 423: The number of selectors approved to be queried under the NSA telephony metadata program 248: The number of known or presumed U.S. persons who were the subject of queries of information collected in bulk or who were subject to a business records application. National Security Letters. Finally, we are reporting information on the Government's use of National Security Letters (NSLs). On April 30, 2014, the Department of Justice released its Annual Foreign Intelligence Surveillance Act Report to Congress. That report, which is available here reports on the number of requests made for certain information concerning different United States persons pursuant to NSL authorities during calendar year 2013. In addition to those figures, today we are reporting (1) the total number of NSLs issued for all persons, and (2) the total number of requests for information contained within those NSLs. For example, one NSL seeking subscriber information from one provider may identify three e-mail addresses, all of which are relevant to the same pending investigation and each is considered a "request." We are reporting the annual number of requests rather than "targets" for multiple reasons. First, the FBI's systems are configured to comply with Congressional reporting requirements, which do not require the FBI to track the number of individuals or organizations that are the subject of an NSL. Even if the FBI systems were configured differently, it would still be difficult to identify the number of specific individuals or organizations that are the subjects of NSLs. One reason for this is that the subscriber information returned to the FBI in response to an NSL may identify, for example, one subscriber for three accounts or it may identify different subscribers for each account. In some cases this occurs because the identification information provided by the subscriber to the provider may not be true. For example, a subscriber may use a fictitious name or alias when creating the account. Thus, in many instances, the FBI never identifies the actual subscriber of a facility. In other cases this occurs because individual TOP SECRET//NOFORN Declassified by DNI Clapper 06/23/2014 TOP SECRET//NOFORN subscribers may identify themselves differently for each account, e.g., inclusion of middle name, middle initial, etc., when creating an account. We also note that the actual number of individuals or organizations that are the subject of an NSL is different than the number of NSL requests. The FBI often issues NSLs under different legal authorities, e.g., 12 U.S.C. ? 3414(a)(5), 15 U.S.C. ?? 1681u(a) and (b), 15 U.S.C. ? 1681v, and 18 U.S.C. ? 2709, for the same individual or organization. The FBI may also serve multiple NSLs for an individual for multiple facilities, e.g., multiple e-mail accounts, landline telephone numbers, cellular phone numbers, etc. The number of requests, consequently, is significantly larger than the number of individuals or organizations that are the subjects of the NSLs. Annual Number of NSLs Issued Legal Authority National Security Letters issued pursuant to 12 U.S.C. ? 3414(a)(5), 15 U.S.C. ?? 1681u(a) and (b), 15 U.S.C. ? 1681v, and 18 U.S.C. ? 2709 19,212 Annual Number of Requests for Information 38,832 This information will be available at the website of the Office of the Director of National Intelligence (ODNI); and ODNI's public website dedicated to fostering greater public visibility into the intelligence activities of the Government, ICOntheRecord.tumblr.com. TOP SECRET//NOFORN