About the legality and constitutionality of the Section 215 metadata program

(Updated: December 27, 2020)

It was one of the NSA's most controversial activities: the bulk collection of domestic telephone records under the Section 215 program. On September 2, a court of appeal ruled that this violated the Foreign Intelligence Surveillance Act (FISA) and suggested that it may have been unconstitutional under the Fourth Amendment.

Here, I will provide a summary of this court case, United States v. Moalin, summarize the initial legal authority for the Section 215 program and explain on what grounds the court of appeal has now found that it was in violation of the law.

That's followed by a more extensive discussion about whether telephone metadata are protected under the Fourth Amendment of the US Constitution, which shows that the court didn't recognize the difference between extensive data mining and the much more restricted method of contact-chaining as conducted by the NSA.

Slide about the NSA's Section 215 domestic telephone records program, from the keynote
by former NSA director Keith Alexander during the security conference Black Hat USA 2013

United States v. Moalin

The case in which the US Court of Appeals for the Ninth Circuit decided is about four Somali immigrants, Basaaly Saeed Moalin, Ahmed Nasir Taalil Mohamud, Mohamed Mohamud and Issa Doreh, who were found guilty by a San Diego jury in February 2013 on charges of sending money to al-Shabaab, a jihadist terrorist group based in East Africa.

The principal evidence against the four men consisted of a series of recorded calls between Moalin, his co-defendants, and individuals in Somalia, obtained through a wiretap of Moalin's phone. After Snowden revealed the Section 215 program in June 2013, several government officials tried to defend this program by claiming that it had provided information that led to reopening the investigation into Moalin.

Among them was then-FBI Deputy Director Sean Joyce who in a congressional hearing said that "the NSA provided us a telephone number only in San Diego that had indirect contact with an extremist outside the United States." This led to an identification of co-conspirators and enabled the FBI to disrupt their financial support to al-Shabaab.

Three of the four men convicted in 2013
(image: CBS News)

Subsequently, Moalin and his co-defendants argued that the metadata program violated both the Fourth Amendment and the law under which it was authorized. Therefore, the "fruits" of the government's acquisition of Moalin's phone records should therefore have been suppressed.

And indeed, the three-judge panel of the Court of Appeals unanimously found that the bulk collection of telephone records violated the Foreign Intelligence Surveillance Act (FISA) and was possibly unconstitutional under the Fourth Amendment (see below).


No benefit for Moalin

But after carefully reviewing the classified FISA applications and all related classified information, the court was also convinced that the telephone metadata, even if unconstitutional, did not taint the evidence presented by the government.

In other words: the court saw no evidence that Section 215 had provided a lead to reopen the investigation into Moalin and to wiretap him: "To the extent the public statements of government officials created a contrary impression, that impression is inconsistent with the contents of the classified record".

This means that Moalin, who received an 18-year sentence, and one of his co-defendants remain in prison; the two other co-defendants already completed their sentences. Any of them or the government can still seek review from a larger, 11-judge en banc court, but they can also bring the case before the Supreme Court.

Notice of intelligence information

While the Ninth Circuit's ruling on Section 215 has no consequences anymore, another part of the opinion still has: the government has to provide notice to criminal defendants when evidence was obtained from surveillance conducted under FISA and the FISA Amendment Act (FAA). This also applies to surveillance conducted under other foreign intelligence authorities, including Executive Order 12333.

In the Moalin case, the defendants were not notified about the use of intelligence information, but learned about it after the trial from the public statements that government officials made in the wake of the Snowden revelations. The court, however, considered that "information as to whether surveillance other than the metadata collection occurred would not have enabled defendants to assert a successful Fourth Amendment claim."

The Richard H. Chambers building in Pasadena, once a hotel, now one of
the courthouses of the US Court of Appeals for the Ninth Circuit
(photo: Levi Clancy/Wikimedia Commons)

Bulk collection under Section 215

The NSA started its collection of domestic telephone records in October 2001 as part of the President's Surveillance Program (PSP), better known under its classification codename STELLARWIND.

This program was based upon a very controversial legal opinion by Justice Department lawyer John Yoo, arguing that it was justified by the president's wartime powers according to Article Two of the US Constitution.*

After objections raised by Justice Department officials Jack Goldsmith and James Comey, a new legal basis for this collection of telephone metadata was found in Section 215 of the Patriot Act, which was approved in secret by the FISA Court on May 24, 2006.

> See also: Edward Snowden and the STELLARWIND report

Unlike the content of phone calls, the associated metadata were not considered constitutionally protected. This because in 1979, the US Supreme Court had ruled that telephone records that have been voluntarily provided to a telecom provider are not protected under the Fourth Amendment of the US Constitution (Smith v. Maryland, also known as the third-party doctrine).

Section from the classified STELLARWIND report, page 16

Violation of the law

Now let's take a closer look at why the Ninth Circuit Court of Appeals considered the Section 215 bulk collection program unlawful.

Section 215 of the Patriot Act amended 50 U.S. Code §1861 and authorized the government to apply to the FISA Court for an "order requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities."

According to the PCLOB report the government didn't link its FISA Court applications to a single counter-terrorism investigation. Instead, the practice was to "list multiple terrorist organizations [...] and declare that the telephone records being sought are relevant to each of those investigations", which is "little different [...] from simply declaring that they are relevant to counter-terrorism in general."

With this practice the statutory requirement of relevance for "an investigation" became virtually meaningless and therefore the Ninth Circuit ruled that the telephony metadata collection program exceeded the scope of Congress's authorization and violated that particular section of the law.


The intelligence committees

While the NSA's collection of domestic telephone records was not according to how Section 215 was intended, the congressional intelligence committees were aware of it. They had been briefed multiple times about what was actually going on - a practice that (in secret) had also been approved by the FISA Court.*

According to an American legal doctrine, "Congress is presumed to be aware of judicial interpretations of the law". So when Congress reauthorized Section 215 in 2009 and 2011, the government argued that it had also "ratified" the FISA Court's secret interpretation that allowed the NSA's bulk collection.*

However, many members of the intelligence committees choose not to attend such classified briefings, preferring to stay comfortably ignorant not only about how their legislation turned out in practice, but also about how it was interpreted by the FISA Court.*

On May 7, 2015 the Court of Appeals for the Second Circuit had excused this by saying that details about the Section 215 program were actually so hard to access, even for members of the intelligence committees, that no meaningful debate had been possible.

Therefore, this court did not recognize the theory of the implicit ratification of the FISA Court's interpretation and ruled that the bulk collection exceeded the scope of what Congress had authorized under Section 215 of the Patriot Act - the same decision as that of the Ninth Circuit.

Hand-written copy of the proposed Bill of Rights from 1789, cropped to show
just the text that would later be ratified as the Fourth Amendment
(click to enlarge)

Protected under the Fourth Amendment?

Regarding the issue whether the telephone metadata collected under Section 215 were protected under the Fourth Amendment of the US Constitution, the Court of Appeals "stopped just short of saying that the snooping was definitely unconstitutional".*

Instead of a judgement, the court described a range of differences between the use of a simple pen register back in the days of Smith v. Maryland and the present-day capabilities of collecting and analyzing metadata in bulk:

- Nowadays, metadata reveal much more information, like the IMSI and IMEI number and the trunk identifier of a cell phone, telephone calling card numbers, and time and duration of a call.
- The amount of metadata created and collected has increased exponentially, along with the government's ability to analyze it.
- The duration of the collection in this case also vastly exceeds that in Smith v. Maryland: back then the pen register was used for a few days at most, while the NSA collected telephony metadata for years.
- Telephony metadata "as applied to individual telephone subscribers and when collected on an ongoing basis [...] permit something akin to [...] 24-hour surveillance."
- The extremely large number of people from whom the NSA collected telephony metadata enables the data to be aggregated and analyzed in bulk.

Regarding the latter, the court's opinion says:

"A couple of examples illustrate this point: A woman calls her sister at 2:00 a.m. and talks for an hour. The record of that call reveals some of the woman’s personal information, but more is revealed by access to the sister’s call records, which show that the sister called the woman’s husband immediately afterward. Or, a police officer calls his college roommate for the first time in years. Afterward, the roommate calls a suicide hotline.
These are simple examples; in fact, metadata can be combined and analyzed to reveal far more sophisticated information than one or two individuals’ phone records convey. As Amici explain, “it is relatively simple to superimpose our metadata trails onto the trails of everyone within our social group and those of everyone within our contacts’ social groups and quickly paint a picture that can be startlingly detailed"

This is a probably the most common argument against the bulk collection of metadata, but it ignores that there are actually different ways how intelligence agencies use large sets of metadata:

- Contact-chaining:
The full set of data is used in a "shallow" way by only looking which phone numbers (or other kinds of identifiers) are in contact with each other. This results in contact-chains and social network graphs:

- Pattern-of-life analysis:
Only parts of the data set are used to create a deeper insight into the daily life patterns of people of interest (after being identified through contact-chaining for example). Note that this kind of analysis is also conducted for individual people who are subject of targeted interception:

The examples cited by the Court of Appeals refer to the pattern-of-life analysis, while the data collected under Section 215 were only used for contact-chaining (and analyzing the results thereof).* The latter is also mentioned in the court's opinion, but without any further discussion:

"The government was also allowed to search phone numbers within three “hops” of that selector, i.e., the phone numbers directly in contact with a selector, the numbers that had been in contact with those numbers, and the numbers that had been in contact with those numbers."

The NSA's contact chaining method

The contact chaining started with a so-called "seed" - a phone number for which there was a Reasonable, Articulable Suspicion (RAS) that it was associated with a foreign terrorism organization.

This seed number was then entered into the MAINWAY contact chaining system to retrieve all the numbers that had been in contact with the seed - the first "hop". Then, analysts could also retrieve the numbers that had been in contact with the first hop numbers, which makes a second hop from the seed number:

Slide from a declassified NSA training about the Section 215 program
(click to enlarge)

Only for the numbers that showed up in such a two (and sometimes three hop) contact chain, analysts could use a separate tool to retrieve the associated call records which were stored in a different database.

These records included the originating and receiving phone number, the date, time and duration of the call (since 2008 also the IMEI and IMSI numbers of cell phones). The collection of location data was prohibited by the FISA Court, and subscriber information was also not acquired either.

In 2006, NSA analysts saw only one of every four million phone records as a result of the contact-chaining. In 2012, the NSA used 288 phone numbers as a seed for a contact-chaining query, resulting in 6000 phone numbers that analysts actually looked at.

Only such phone numbers of interest were "enriched" with additional information from other sources, like subscriber details, which would then reveal the associated names and things like family relations for example.

When this led to a suspicious American phone number, the NSA passed it on to the FBI for further investigation. There are no indications that the NSA conducted pattern-of-life analysis using the domestic telephone metadata collected under Section 215.

> See also: How NSA contact chaining combines domestic and foreign phone records

ACLU v. Clapper

The way Section 215 was operated was clearly less intrusive than the examples cited above, but the Ninth Circuit didn't mention this difference. It was discussed though by district judge William H. Pauley III, who summarized the actual practice in the case ACLU v. Clapper already in December 2013:

"First, without additional legal justification - subject to rigorous minimization procedures - the NSA cannot even query the telephony metadata database. Second, when it makes a query, it only learns the telephony metadata of the telephone numbers within three "hops" of the "seed." Third, without resort to additional techniques, the Government does not know who any of the telephone numbers belong to. In other words, all the Government sees is that telephone number A called telephone number B. It does not know who subscribes to telephone numbers A or B."

Accordingly, he ruled that the Section 215 program was lawful (this was overruled by the Court of Appeals for the Second Circuit because of violation of Section 215 of the Patriot Act (see above). For that reason the Second Circuit didn't want to "reach these weighty constitutional issues").


Contact chaining compared to pen register

In a report from last February, the Privacy and Civil Liberties Oversight Board (PCLOB) says that the first hop of the contact chaining process is not much different from what a pen register did: it lists the numbers with which a particular number had been in contact with.

Regarding the second hop, the PCLOB suggests that it's rather the nature than the number of call records that constitutes a Fourth Amendment protection.

Not discussed by district judge Pauley nor by the PCLOB is the subsequent analysis of the full call records associated with the numbers from the contact chains.

Telephone interception equipment that was used in the Netherlands from 1971 to 2003.
The brown device prints the metadata of the calls on a paper slip.
(photo: Wikimedia Commons - click to enlarge)

Apparently, the pen register in the Smith v. Maryland case only provided the phone numbers, but others may have recorded more call details. As of 1979 the Dutch police for example used a "telephone call analyzer" that recorded time and duration of a call, and the phone numbers of the calling and called parties - the same elements as the NSA collected under Section 215.

Therefore, one could argue that these call records are also not protected under the Fourth Amendment, especially when they are from landline phones.

This would be a bit more difficult with the final phase of the NSA's contact chaining process, when the numbers from the contact chains are enriched with information from other sources, including names and other subscriber details.

About the subscriber information one could still say that people provide that to their phone company voluntarily (in the past it was even published in phone books), but enrichment with other kinds of information will likely cross the line of what people see as private.

Based upon this more detailed analysis of the Section 215 program, the contact chaining and the call record analysis seem close enough to a pen register to fall outside the protections of the Fourth Amendment.

For the enrichment that could be different as it comes closer to a pattern-of-life analysis, even when it still doesn't reveal "a vibrant and constantly updating picture of the person’s life" as it was cited in the Ninth Circuit's opinion.


Bulk collection?

A final aspect that has to be taken into account is that protection under the Fourth Amendment also requires recognition by society. The Court of Appeals mentions "the public outcry following the revelation of the metadata collection program" to show that nowadays "several years' worth of telephony metadata collected on an ongoing, daily basis" are regarded as something private.

But the majority of the general public probably never understood that the Section 215 metadata were only used for contact chaining and not for analyzing the database as a whole, by pattern analysis or data mining for example.*

Therefore it's yet another, but still unaddressed question whether there's a reasonable expectation of privacy when metadata are collected in bulk but only an extremely small number of them are picked out for closer examination.


Replacement and termination

For the NSA's Section 215 program these legal questions have no practical impact anymore. In 2015, it was replaced by the USA FREEDOM Act, which ended the bulk collection. Henceforth the NSA had to request the metadata from telephone companies based upon specific and pre-approved selection terms.

Early 2019, the NSA suspended the program and subsequently deleted all the data collected under this authority, "after balancing the program’s relative intelligence value, associated costs, and compliance and data-integrity concerns caused by the unique complexities of using these provider-generated business records for intelligence purposes."

> See also: Collection of domestic phone records under the USA FREEDOM Act

Summary

1. The first time a federal judge ruled about the Section 215 program was on December 16, 2013, when in the case of Klayman v. Obama, district judge Richard J. Leon found that the bulk collection of American telephone records likely violates the Fourth Amendment and granted a preliminary injunction pending appeal.
- On August 28, 2015, this injunction was vacated by the DC Circuit Court of Appeals because the plaintiffs failed to meet the heightened burden of proof which is required for preliminary injunctions.

2. Less than two weeks after judge Leon, another district court came to an opposite decision: on December 27, 2013 judge William H. Pauley III ruled in the case ACLU v. Clapper that the metadata collection did not violate the Fourth Amendment.
- This decision was overturned on May 7, 2015 by the Second Circuit Court of Appeals, which found that the bulk collection exceeded the scope of Section 215 of the Patriot Act. The Court therefore didn't decide on the constitutional aspects.

3. The third and most recent case is United States v. Moalin, in which a jury in San Diego convicted four Somali immigrants based upon evidence that had allegedly been obtained via the Section 215 program.
- On September 2, 2020, the Ninth Circuit Court of Appeals ruled once again that the metadata collection exceeded the scope of Section 215 but stoppped just short of saying that the program was unconstitutional.



Links & sources
- Lawfare: NSA Bulk Phone Data Collection Unlawful, Appeals Court Rules
- Emptywheel: Basaaly Moalin Wins His Appeal — But Gets Nothing
- Politico: Court rules NSA phone snooping illegal — after 7-year delay
- Brennan Center for Justice: A Breakdown of Selected Government Surveillance Programs
- Privacy and Civil Liberties Oversight Board: Report on the Telephone Records Program Conducted under Section 215
- Emptywheel: The Era of Big Pen Register: The Flaw in Jeffrey Miller’s Moalin Decision

Collection of domestic phone records under the USA FREEDOM Act

(Updated: March 2, 2020)

One of the most controversial NSA programs revealed by Edward Snowden was the bulk collection of domestic telephone records under the authority of Section 215 of the USA PATRIOT Act. A detailed analysis of the workings of this program was published on this weblog earlier.

In 2015, Section 215 was replaced by the USA FREEDOM Act, which prohibited the collection in bulk and provided more safeguards. The NSA became much more transparant about this program, which gives the opportunity for the following explanation of how the domestic phone records program currently works.

NSA is also more transparant about things going wrong: last month it revealed that it had to delete all the telephone records collected since 2015 due to technical irregularities.

Screenshot from 60 Minutes from December 15, 2013, showing an NSA contact chaining tool
used for the telephone records collected under Section 215.

Collection under Section 215 USA PATRIOT Act


The NSA started its bulk collection of domestic telephone metadata as part of the President's Surveillance Program (PSP), which president George W. Bush authorized in secret right after the 9/11 attacks. Its purpose was not to spy on random Americans, but to find connections between foreign terrorists and conspirators inside the US.

In May 2006, this bulk collection was brought from the president's authority under that of the FISA Court, based upon a very extensive interpretation of Section 215 of the USA PATRIOT Act. Internally, NSA refers to this kind of collection as BR FISA, with BR for Business Records.


Under Section 215, NSA collected domestic phone records from the three biggest American telecommunication companies: AT&T, Verizon and Sprint. According to government officials, the data provided by these companies consisted mostly of landline phone records, which meant that NSA actually got less than 30% of the total amount of US telephone metadata.

However, as of August 29, 2011, AT&T started to provide cell phone metadata too: ca. 1,1 billion records a day, which would make over 30 billion records each month. Before these records were handed over to NSA, AT&T stripped off the location data, to comply with the FISA Court orders that don't allow the collection of location data. Verizon was apparently not able or not willing to strip the location metadata, so their cell phone records could not be acquired by NSA.

To put these numbers in perspective: with a wireless communications market share of 32% for AT&T, the total number of cell phone metadata for the US would equal roughly 94 billion a month. During the first half of 2012, the NSA's total collection of foreign telephone metadata was 135 billion records a month. In January 2013, mobile phone calls in the Netherlands generated some 7.65 billion records a month.


At NSA, the domestic phone records were forwarded to MAINWAY, which is a centralized system for "contact chaining to identify targets of interest." MAINWAY not only contains domestic telephone metadata, but also foreign telephone and internet metadata, collected both inside and outside the US. Putting both foreign and domestic metadata in one system, allows finding as many connections as possible.

See for more:
- How NSA contact chaining combines domestic and foreign phone records
- Section 215 bulk telephone records and the MAINWAY database

Collection under the USA FREEDOM Act


Because the bulk collection under Section 215 was often regarded unconstitutional, the program was terminated as of November 2015 and replaced by the USA FREEDOM Act (USAFA or UFA), which was incorporated in Title V of the Foreign Intelligence Surveillance Act (FISA). Under this new authority, bulk collection of domestic phone records is not allowed anymore.

Instead, NSA can request only those records that contain phone numbers that have been in contact with an approved "seed" number. This means that all the American telecoms now have to hand over the matching results from both landline and cellphone calls, so it's a much larger pool compared to the situation under Section 215.


How this current domestic phone records program works is explained in remarkable detail in the transparancy report of the NSA Civil Liberties and Privacy Office (CLPO) from January 2016, as well as in the Annual Statistical Transparancy Report from the Office of the Director of National Intelligence (ODNI).

The statistical report for 2017 was published last April and also contains a lot of information about traditional FISA and Section 702 FAA (PRISM and Upstream) collection.

Overview of NSA's collection of domestic phone records under the USA FREEDOM Act
(source: NSA Transparancy Report - click to enlarge)

Seed numbers

The process starts with selecting specific targets and the phone numbers ("selectors") they use. Through the FBI and the Department of Justice, these selectors are submitted to the FISA Court (FISC), which determines whether there's a Reasonable, Articulable Suspicion (RAS) that these numbers are associated with foreign intelligence agents or people engaged in international terrorism. Under Section 215, the RAS was determined by one of 22 designated NSA officials.

After the FISC has approved these numbers, it issues individual orders approving the submission of these specific selectors to the telecommunications providers, and directing those providers to hand over the associated metadata to the proper government agency. According to the ODNI statistical report for 2017, the FISC issued orders for 42 targets in 2016 and for 40 targets last year.

The report doesn't mention the total number of selectors used by these targets. It's these selectors, phone numbers and maybe similar identifiers, that NSA uses as a "seed" to start creating a so-called contact chain. For earlier years, the total numbers of seed selectors were as follows (it's not known how many of these belonged to Americans):

2012	2013	2014	2015
288	423	161	56

Business records

At NSA, the RAS-approved selectors are entered into what is publicly called the "Enterprise Architecture", but which actually must be the MAINWAY contact chaining system. This returns any selectors from NSA's existing metadata collection that have been in direct contact with the RAS-approved seed selector.

Both the RAS-approved seed selectors and the connected ones from NSA's existing collection are then submitted to the telecommunications providers. They will query their databases of business records for those that contain any of the submitted phone numbers. The results are returned to the NSA, which lets them pass various validation steps, applies data tags and forwards them to the MAINWAY system.

Because a FISC order is valid for up to 180 days, the selectors can be submitted multiple times during that period in order to caputure any new matching records. These business records, or Call Detail Records (CDRs) are defined as "session identifying information" and include:

- Originating telephone number
- Terminating telephone number
- International Mobile Subscriber Identity (IMSI) number
- International Mobile Station Equipment Identity (IMEI) number
- Telephone calling card number
- Time and duration of a call

NSA is not allowed to receive the content of any communication, the name, address, or financial information of a subscriber or customer, or the cell site location or Global Positioning System (GPS) coordinates.
 

Contact chaining

The ODNI statistical transparancy report from April has a nice graphic that shows how to count the number of business records that the telecoms provide to the NSA:

Example of contact chaining of telephone metadata under the USA FREEDOM Act
(source: ODNI Transparancy Report - click to enlarge)

We see that the RAS-approved seed phone (number) can be in direct contact with a certain number of other phones, which is called the "first hop". Additionally, the providers also have to look for the phones that have been in contact with those first hop phones. This step is called the "second hop". A third hop is prohibited by law, but NSA analysts also determined that a third step is not analytically useful.

This way of contact chaining by linking phone numbers that have been in contact with each other may already be familiar from the reportings about the Section 215 program.

But the graphic also shows something that was rarely made clear: the business records collected by NSA are not just the phone numbers. Two phone numbers that have been in contact with eachother will usually have done so more than once (except for so-called "burner phones" that are intentionally used for one call only).

So for each pair of phone numbers, there can be a lot of records, at least one record generated per phone call or text message, both for the person calling and the person called. The example in the graphic shows 7 phones that produce 6000 call detail records (CDRs) during a certain period of time. This is something to keep in mind when it comes to the huge numbers of metadata collected by NSA.


Number of records

The ODNI transparancy report also provides the real numbers of telephone records collected by NSA under the authority of the USA FREEDOM Act. Although NSA is required by law to provide the annual number of "unique identifiers", the agency doesn't has the technical ability to isolate these unique identifiers within records received from the providers. This means that every single record is counted, even if the same record is received multiple times from one or multiple providers.

The report also explicitly says that the results of contact chaining will likely include both foreign and domestic phone numbers: "while the records are received from domestic communications service providers, the records received are for domestic and foreign numbers." Also, the targeted seed number could be a foreign number, which in the first hop could have called a foreign number, that in its turn could have called another foreign number in the second hop.


With that in mind, the report says that in 2016, the telecommunications providers handed over 151.230.968 phone records to NSA. In 2017 they did so for 534.396.285 records, which is not only a dramatic increase compared to the previous year, but also a probably unexpectedly high number for the just 40 targets approved by the FISA Court.

However, if each of these 40 targets called 50 numbers, and those numbers were also in contact with 50 numbers, we get some 100.000 phone numbers. Let's assume each pair of numbers was involved in 500 calls (or text messages), we already have 50.000.000 records. And this is still without duplicate records, like from multiple providers or recurring requests.


The large increase compared to 2016 may have been caused by a variety of factors, according to Alex Joel, ODNI's chief civil liberties officer: changes in the amount of historical data companies are choosing to keep; the number of phone accounts used by each target and changes to how the telecommunications industry creates records based on constantly shifting technology and practices.


Retention

These domestic call detail records may not be stored for more than 5 years after they were initially delivered to NSA. In addition, the minimization procedures require NSA to destroy promptly any records that are determined not to contain foreign intelligence information. Phone records that have been "the basis of a properly approved dissemination of foreign intelligence information" may be retained by NSA indefinitely.

After these records have been received and stored, they may also be queried, including using search terms associated with US persons. In 2016, NSA used ca. 22.360 search terms for such queries, while in 2017 that number had risen to 31.196.


Deletion

Recently, it turned out that the practical implementation of the collection of domestic phone records under the USA FREEDOM Act is apparently not that easy: in a remarkable public statement from June 28, 2018, NSA revealed that several months earlier, "analysts noted technical irregularities in some data received from telecommunications service providers."

These irregularities occurred in a number of Call Detail Records (CDRs), which meant that NSA was not legally authorized to receive them in that form. It appeared infeasible to identify and isolate the properly produced data, so NSA concluded that it should not use any of these records.


Subsequently, the agency began deleting all the phone records they had acquired since 2015. According to the statement, NSA meanwhile addressed the root cause of the problem for future CDR acquisitions. Civil liberties blogger emptywheel suggests that the records may have contained content or location data, but NSA spokesman Chris Augustine said that the problem did not result in any collection of location records from cellphone towers.

According to the NSA's general counsel, Glenn S. Gerstell, the irregularities were caused by one or more providers who sent NSA data sets that also included some numbers of people the targets had not been in contact with. When the agency then fed those phone numbers back to the telecoms to get the "second hop" records, NSA acquired metadata of people with no connection to the approved targets.


Senator Ron Wyden, a longtime NSA critic who for years tried to get the Section 215 program disclosed, now blamed the providers instead of NSA for the technical problems: "Telecom companies hold vast amounts of private data on Americans," Wyden said. "This incident shows these companies acted with unacceptable carelessness, and failed to comply with the law when they shared customers’ sensitive data with the government."

Former assistant attorney general for national security David Kris said that these "errors illustrated how new problems can sometimes crop up when the government makes systems more complex in an effort to better balance security and privacy."


Speculations

In the public statement it is said that the massive metadata deletion follows from the NSA's "core values of respect for the law, accountability, integrity, and transparency" but outsiders speculated about other motives: were these records destroyed before the Trump administration could misuse them? President Trump also tweeted about this issue and saw it as part of the "Witch Hunt" against him:

Wow! The NSA has deleted 685 million phone calls and text messages. Privacy violations? They blame technical irregularities. Such a disgrace. The Witch Hunt continues!

— Donald J. Trump (@realDonaldTrump) 3 juli 2018

David Kris, former assistant attorney general for national security, replied to Trump that "This NSA program is only for international terrorism, not spying or clandestine intelligence activity, so unless your collusion included terrorism, it should be no problem for you personally!"

UPDATES:

In early 2019, NSA suspended its collection of domestic phone records under the USA Freedom Act "after balancing the program’s relative intelligence value, associated costs, and compliance and data-integrity concerns caused by the unique complexities of using these provider-generated business records for intelligence purposes."

In February 2020, the Privacy and Civil Liberties Oversight Board (PCLOB) issued a report about the NSA's metadata collection under the USA Freedom Act. The Board considered the program "constitutional under settled Supreme Court precedent" and found "no abuse of the program; nor did it find any instance in which government officials intentionally sought records that they knew were statutorily prohibited." During its four years of operation, the program had cost 100 million USD (part of which was paid to the telecom providers). Metadata from the program were used in 15 intelligence reports, only two of which provided the FBI with unique information.

Links and sources
- Privacy and Civil Liberties Oversight Board: Report on the Government's Use of the Call Detail Records Program Under the USA Freedom Act (2020)
- TheMarketsWork.com: A Strange & Unsettling Day (2018)
- NYTimes.com: N.S.A. Purges Hundreds of Millions of Call and Text Records (2018)
- Emptywheel.net: AT&T Pulled Cell Location for its "Mobility Cell Data" (2015)
- HuffingtonPost.com: The NSA’s Telephone Metadata Program Is Unconstitutional (2014)

How NSA contact chaining combines domestic and foreign phone records

(Updated: September 18, 2017)

In the previous posting we saw that the domestic telephone records, which NSA collected under authority of Section 215 of the USA PATRIOT Act (internally referred to as BR-FISA), were stored in the centralized contact chaining system MAINWAY, which also contains all kinds of metadata collected overseas.

Here we will take a step-by-step look at what NSA analysts do with these data in order to find yet unknown conspirators of foreign terrorist organisations.

It becomes clear that the initial contact chaining is followed by various analysis methods, and that the domestic metadata are largely integrated with the foreign ones, something NSA never talked about and which only very few observers noticed.

What is described here is the situation until the end of 2015. The current practice under the USA FREEDOM Act differs in various ways. The information in this article is almost completely derived from documents declassified by the US government, but these have various parts redacted.

- RAS-approval - Different kinds of queries - Contact chaining queries -

- Analysing the contact chains - Conclusion -

- . - . - . - . -

 

RAS-approval

As a seed for starting a contact chain, NSA analysts can take a telephone identifier like a phone number (also called a selector), based upon:

- their own ongoing analysis on an existing target set;
- a Request for Information (RFI) from another government agency;
- a notification of a match between a known counterterrorism-related selector and an identifier among newly ingested phone metadata.

Access to the domestic phone records was granted to about 125 intelligence analysts from the Homeland Security Analysis Center (HSAC, or S2I4) of the NSA's Signals Intelligence Directorate. There were also up to 22 specially trained officials called Homeland Mission Coordinators or HMCs (initially shift coordinators).

As required by the FISA Court orders, only these HMCs, the chief and the deputy chief of the HSAC are allowed to determine that there is a Reasonable, Articulable Suspicion (RAS) that a certain selector is associated with a designated foreign terrorism group and/or Iran. Such a RAS-approval is only needed for the domestic phone records, not the ones collected overseas.

NSA has a special RAS Identifier Management System to streamline the adjudication of the requests for RAS approval and the documentation thereof. The codename of this system is IRONMAN, as we learn from this document from a declassified 2011 training presentation (.pdf) in which this codeword wasn't redacted twice:

A RAS-approval is effective for one year, meaning that during the next year, repeated queries using the approved seed selector can be made. If the selector is reasonably believed to be used by a US person, the approval period is 6 months.

The number of RAS-approved identifiers varied substantially over the years, but in 2012, there were fewer than 300. According to the annual Transparancy Report from the Director of National Intelligence (DNI), there were 423 such selectors in 2013, but just 161 in 2014. It's not known how many of these belonged to Americans.
 


Different kinds of queries

From various declassified documents analysed in an article on the weblog EmptyWheel, it becomes clear that there are three different kinds of queries that NSA analysts conducted on the domestic phone records database:

1. Queries for data integrity purposes
2. Queries for "Ident lookups"
3. Queries for contact chaining

In the EmptyWheel article it's assumed that besides these queries, NSA also conducted some kind of pattern analysis: in many declassified documents a redaction appears right after the term "contact chaining", which according to EmptyWheel could hide something like "pattern analysis".

Given that in these documents the targets are also redacted, there's also the possibility that the redaction hides a description of the target, like "contact chaining al-Qaida affiliates".

At least one NSA memorandum from 2009 indeed speaks about "chaining and analysis", but there can be two kinds of analysis: one conducted on the bulk of raw metadata records, and another one on selected results of contact chaining.

NSA always denied that it conducts pattern analysis on the bulk metadata themselves, stating that every search begins with a specific telephone number or other specific selection term. So far, there are no indications of the contrary, so the analysis apparently refers to the results of contact chaining queries, which is confirmed by the 2014 report (.pdf) about the Section 215 program by the Privacy and Civil Liberties Oversight Board (PCLOB).

As we will see later on, this second type of analysis is indispensable for making the contact chaining queries useful for foreign intelligence purposes.

(1) Data integrity queries

The first way the domestic phone records were queried was for data integrity purposes. This was done by some 25 specialized Data Integrity Analysts (DIAs). They didn't conduct target analysis, but helped intelligence analysts with questions on a target. For those cases, a DIA could use a standard login (with appropriate controls) to query the phone records for foreign intelligence purposes.

However, when they queried for data integrity purposes, DIAs used a special login that bypassed the normal controls (like EAR) and also the auditing. This because for this task, they were allowed to use identifiers that were not RAS-approved (not allowed though were selectors that had expired because they were not revalidated).

One goal of these data integrity queries was to discover selectors that, for reasons that were redacted in the review report, should not become part of analysis, both for BR FISA and other purposes. These selectors could then be added to a defeat list of identifiers that were deemed to be of little analytic value, and/or to a database holding those that should not be tasked onto the collection system.

There was of course a risk of mixing up these tasks, and after an expired identifier had been queried in March 2010, the NSA Inspector General recommended that the duties of DIAs and foreign intelligence analysts should be clearly separated.


(2) Ident lookup queries

A second kind of query was for so-called "ident lookup". According to an NSA Inspector General test report (.pdf) from April 2010, this refers to:

"querying a selector using [tool name redacted] to determine the approval status of a selector. In such cases, the Emphatic Access Restriction controls will prevent chaining of a selector that is not marked as approved for querying, and return an error message to the analyst. Because the selector was not actually chained, there is no violation of the Order"

Emphatic Access Restriction (EAR, pronounced as "ear") is a tool that was installed at the MAINWAY database in February 2009. It automatically prevents using a selector that is not RAS-approved. It seems therefore that when an analyst started a query and the seed selector appeared to be not approved, that query was called an "ident lookup" (although EmptyWheel has a different interpretation).

This could be the way it worked before the IRONMAN system was established, as in a training module from 2011, it is said that by then, analysts just had to "use [tool name redacted] to determine the identifier’s approval status".
 


(3) Contact chaining queries

The most important queries on the domestic phone records were of course those conducted by intelligence analysts in order to "identify unknown terrorist operatives through their contacts with known suspects, discover links between known suspects, and monitor the pattern of communications among suspects".

For this, an analyst took a RAS-approved selector (often a telephone number) and entered it into a specialized metadata tool, which searched the telephone metadata in the MAINWAY contact chaining system. To limit the number of results, the analyst could set a certain timeframe for the query.

The metadata tool then returns "a .cml file, usually referred to as a chain, which is made up of the individual first hop contacts of the seed". Usually, the analyst will also be interested in the second-hop contacts, and then the tool will retrieve the batches of one-hop chains for the identifiers that had been in direct contact with those from the first hop series.

Number of hops

Based upon the FISA Court orders, NSA analysts were also allowed to retrieve the numbers in contact with all the numbers from the second hop, which would make a third hop. The software tools are said to prevent looking beyond the third hop, or performing a query of a selection term that has not been RAS-approved.

The initial authorizations under the President's Surveillance Program (PSP) did not prohibit chaining more than two degrees of separation from the target, but "NSA analysts determined that it was not analytically useful to do so".* When this collection was brought under supervision of the FISA Court, it limited contact chaining to 3 hops.

But despite that authorization, the policy of NSA's Counter Terrorism branch restricted chaining to 2 hops, as can be seen in an NSA training presentation (.pdf) from 2007:

A 2011 training module says that chaining to a third hop is possible, but only after prior approval by the analyst's division management (for example when a contact that comes up with the first hop appears to be an already known suspect).

Strangely enough, both a government white paper and the PCLOB-report don't mention this policy restriction and in the latter it's even assumed that chaining 3 hops was regular practice:

"If a seed number has seventy-five direct contacts, for instance, and each of these first-hop contact has seventy-five new contacts of its own, then each query would provide the government with the complete calling records of 5,625 telephone numbers. And if each of those second-hop numbers has seventy-five new contacts of its own, a single query would result in a batch of calling records involving over 420,000 telephone numbers"

As of 2012, the FISA Court also allowed an automated chaining process in which "the NSA's database periodically performs queries on all RAS-approved seed terms, up to three hops away from the approved seeds. The database places the results of these queries together in a repository called the "corporate store" - the NSA was never able to get that working though (although the PCLOB report, again, describes it as if it was actually implemented).


Visualization

The results from a contact chaining query can be visualized by a contact graph. An example was published by the German magazine Der Spiegel, showing a slide from an NSA presentation with a 2-hop contact graph for the e-mail addresses of the CEO and the chairwoman of the Chinese telecommunications company Huawei:

> See also: An NSA eavesdropping case study

Domestic and foreign results

Generally, it is said that analysts query the "Section 215 calling records", the "BR metadata" or something similar. This sounds like they only access the domestic telephone records and that therefore the resulting contact chains would fully consist of American phone numbers.

The initial seed number however will often be a foreign number, as the whole purpose of the Section 215 program is to discover connections between foreign terrorists and potential conspirators inside the US. Analysts will therefore choose a seed for which they expect a good chance it has a domestic nexus, which probably explains the low numbers of RAS-approved identifiers.

But as we have seen in the previous article, NSA stored the domestic phone records in MAINWAY, which also contains the foreign telephone and internet metadata collected overseas. That means that a contact chaining query will not only return identifiers from the domestic, but also from the NSA's worldwide metadata collection.


Federated queries

Such results from multiple sources are called federated queries. According to a 2011 training module, BR FISA queries initially only resulted in these federated queries, but in later versions of the query tool, the analyst could also check boxes to conduct an "unfederated" query and choose individual collection sources.

These options can be seen in the following screenshot from the user interface (the codename of which is redacted) used to conduct the contact chaining:

Selecting the "FISABR Mode" makes that an additional checkbox for the EO12333 source appears. An NSA memorandum explains that when this BR FISA option is chosen, the analyst will not only be provided with the domestic telephone metadata, but also with those from the SIGINT realm (which is collection overseas under EO 12333 authority), dating back to late 1998.

When the analyst used a RAS-approved selector, he could also check the box for PENREGISTRY, or PR/TT, which refers to the domestic internet metadata, but the collection thereof was ended by the end of 2011. Normal mode is for all other metadata collected abroad.

Analysts can determine the collection sources of each result by examining the Producer Designator Digraph (PDDG) and/or SIGINT Activity Designator (SIGAD) from each line of the contact chain file. BR FISA metadata can be identified by specific SIGADs.

SPCMA

There's also a fourth box for SPCMA mode, which stands for the "Special Procedures governing Communications Metadata Analysis" from January 2011. These allow contact chaining and other types of analysis on metadata that have already been collected under EO 12333, regardless of nationality and location (because metadata aren't constitutionally protected).

This means that US person identifiers that were in contact with valid foreign intelligence targets may be used for searching these foreign metadata too.

NSA isn't allowed to collect US data overseas, but these do come in "incidentally" when for example foreigners communicate with Americans - precisely the kind of communications that could reveal conspirators inside the US. Many international phone calls from or to the US, will likely be intercepted by NSA collection facilities abroad too.


In other words:

- By default, any contact chaining query will use the foreign metadata collected overseas. For these, any useful selector may be used as a seed, and, under SPCMA, even one that belongs to an American.

- If the seed selector is RAS-approved, then the domestic phone records will be used too, which could lead to the discovery of additional contacts within in the US.

The fact that most contact chains will consist of both foreign and domestic identifiers means that they contain much less American numbers then in calculations like the one from PCLOB, which give the impression that queries resulted in up to 3 hops of domestic numbers.

 


Analysing the contact chains

It should be noted that the phone numbers (or other selectors) which are returned after an initial contact chaining query are anonymous and therefore meaningless. They're just numbers which could belong to anyone: from a pizza delivery to a dangerous conspirator.

So, in order to identify which numbers are of interest for finding unknown suspects, additional analysis is needed - a comprehensive GCHQ book (.pdf) disclosed last week calls contact chaining the start of a "painstaking process of assembling information about a terrorist cell or network".


Analytic tools

In the early years of the President's Surveillance Program (PSP), only the SIGINT Navigator (SIGNAV) tool was available to view the output of the MAINWAY contact chaining system. Later, new tools were created to improve efficiency and to obtain the most complete results, they were designed to use phone records collected both domestically and overseas.

According to the 2009 BR FISA review, there were 19 different analytic tools used for analysing both the raw metadata as well as the results of contact chaining. The glossary of the review lists following tools, unfortunately with their codenames redacted:

S................?
"This tool is used by HMCs to conduct contact chaining against BR FISA metadata and provide the results to the [...]team. HMCs only used RAS-approced selectors when using this tool. The [...] team ultimately provided the results to NSA's [....]"

S.........?
"The primary desktop graphical user interface (GUI) for access to [....] data and services"

S....?
"An analytic query tool used to seek out additional information on telephony selectors from [MAINWAY?] and other knowledge bases and reporting repositories"

[SYNAPSE Workbench?]
"A next generation metadata analysis graphical user interface (GUI) which is the replacement for [......]"

W......?
"The query tool, which indicates whether a telephony selector is present in NSA data repositories, the total number of unique contacts, total number of calls, and "first heard" and "last heard" information for the selector"


The 2009 PR/TT review also mentions the following tool, which could have been redacted in the BR FISA review:

M.....?
"A database analytic system and user interface tool for integrated analysis of multiple types of metadata, facilitating more comprehensive target activity tracking"

Update:
According to the internal NSA newsletter SIDToday from March 4, 2005, which was published by The Intercept in September 2017, MAINWAY's Sigint Navigator (SigNav) version 4.0 became the vehicle for the new single sign-on tool GLOBALVISION, which gave analysts access to 11 databases.

Combining multiple contact chains

In 2006, a "high-level Bush Administration intelligence official" told Seymour Hersh that analysts could for example look whether any number that is two or three hops away from the seed number is also in direct contact with that original suspect number. That sounds smart, but in that case, that number which is two or three hops away is simply a first-hop contact.

Finding suspects just by looking at connections between anonymous numbers could work however when several contact chains (from related suspect seed numbers for example) are combined: then a number that appears to be in contact with seed #1 and also with seed #2, would be suspicious, as it apparently belongs to someone known by both initial suspects.

This approach was seen in the CBS television program 60 Minutes from December 15, 2013, in which an NSA employee gave a demonstration of how metadata contact chaining works. He used a tool for foreign collection under EO 12333, resulting in some contact chains of almost fully masked phone numbers from Somalia. Clearly visible are numbers that different targets had in common:

Detailed call record analysis

Besides analysing the breadth of the contact chains, each contact between two phone numbers can also be analysed in depth. For this, the analytic software provides analysts access to the complete calling records associated with all the phone calls from a contact chain.

Such a record, as provided by the telecoms, includes the calling and the called number, a calling-card number, the IMEI number of a mobile handset and the IMSI number of a SIM card, as well as the date and time of the call, its duration and technical information about how the call was routed through the telephone networks.

This provides analysts with information like which number initiated the call, the day and time the call was made, and how long it lasted. And although the domestic phone records may not contain cell phone location data, the area code and prefix of a landline telephone number, as well as the trunk identifier for mobile networks, still indicate the area where a particular phone was located.

As described in the previous article, these data weren't derived from the MAINWAY system, but from a second database which holds "individual BR FISA metadata call records for access by authorized Homeland Security Analysis Center (HSAC) and data integrity analysts to view detailed information about specific telephony calling events".


Searching the second database

This database of calling records also enables analysts to subject these records "to other analytic methods or techniques besides querying", like for example searching them "using numbers, words, or symbols that uniquely identify a particular caller or device", or using "selection terms that are not uniquely associated with any particular caller or device" - according to the PCLOB report.

So, when analysing one or more contact chains resulted in finding several suspicious phone numbers, analysts can then use those numbers for querying the second database in order to see whether these numbers also appear in phone records that were not included in their initial contact chains.

And it also seems possible to query for example a trunk identifier to discover other phones from the same region. These kind of searches can therefore provide potential connections that could not have been found by conducting a direct contact chaining query.

Update:
An NSA slide that was already published in December 2013, shows that MAINWAY can indeed be used for queries with cell tower identifiers, in order to find selectors in certain geographical areas:

Some numbers

In a Department of Justice report (.pdf) from 2006 it's said that NSA "estimated that only a tiny fraction (0,000025% or one in four million) of the call-detail records [...] were expected to be analyzed". This would mean that of the 1,8 billion domestic phone records provided daily by AT&T, just 450 would be used for analysis.

So in a year, the records (not the content) of roughly 230.000 individual calls from the domestic metadata collection could have been used for analysis in addition to contact chaining.

Foreign call records

As we have seen, a contact chaining query on Section 215 telephone metadata will generally result in both foreign and domestic numbers. Analysts will therefore not only like to analyze the associated call records from the domestic collection, but also those from foreign collection conducted abroad.

These foreign phone records could be retrieved from the known metadata repositories like ASSOCIATION (for mobile calls) and BANYAN (for landline calls), or from a single foreign "SIGINT" database, as is suggested by an NSA memorandum from 2009.


Enrichment

Analyzing the detailed call records will still not provide names or other information that allows the identification of the people to which the numbers from a contact chain belong. For that, the phone numbers have to be correlated ("enriched") with other kinds of information.

The easiest way is probably to combine them with target watch lists to see if the contact chains contain phone numbers that belong to already known targets. This is demonstrated in the following video, which shows contact chain analysis using Sentinel Visualizer, which is a commercially available program for this purpose:

> See also: Video demonstration of two intelligence analysis tools

Telephone identifiers found through contact chaining and subsequent analysis can of course also be correlated with internet metadata. NSA does not collect domestic internet metadata anymore, but its collection abroad results in over 10 billion internet metadata a day being stored in the MARINA database.

The metadata from contact chains can also be enriched with data from for example GPS and TomTom, billing records and bank transactions, passenger manifests, voter registration rolls, property records and unspecified tax data - for both Americans and foreigners, according to a New York Times report, but in which NSA denies using this for the domestic metadata collected under Section 215.


SYNAPSE Data Model

With all this, analysts can build extensive social network graphs (or "community of interest" profiles) using 164 different relationship types like "travelsWith, hasFather, sentForumMessage, employs". It seems that this refers to the SYNAPSE Data Model, for which internal NSA relationships are shown in the following diagram that was published by The New York Times too:

Apparently also based upon this data model is SYNAPSE Workbench, which seems to be the "next generation metadata analysis graphical user interface (GUI)" described in the 2009 BR FISA review. SYNAPSE Workbench is apparently capable of fusing metadata from multiple sources and is also enabled for SPCMA searches.


Further action

When all this makes an analyst to believe that a certain telephone identifier belongs to someone who is of interest but wasn't yet known or identified, the following actions can be taken:

⇨ Is the identifier American and of counterterrorism value, then it can be passed on to the FBI for further intelligence or criminal investigation. From 2006-2009, NSA provided the FBI (and other intelligence agencies) a total of 277 reports containing 2883 telephone identifiers.

⇨ Is the identifier foreign, then NSA can use it as a selector to retrieve the content of associated communications that might be already in its databases. It can also be entered into the NSA collection system in order to pull in the content of any future communications of the target systematically.

In case the identifier of the yet unknown suspect is foreign, the analyst might have found out a name through the various enrichment correlations, but if not, this can also be achieved by listening into the content of associated phone calls or additional Human Intelligence (HUMINT) methods.


 

Conclusion

As we have seen, the domestic phone records collected by NSA under Section 215 are used for contact chaining that combines both domestic and foreign identifiers. NSA never explicitly explained this, probably because they didn't want to draw attention to their foreign metadata collection and analysis efforts. But it did became clear from the many documents about the Section 215 program that were declassified by the US government.

These documents made clear that NSA rarely went to 3 hops of contact chaining, which is contrary to what most people, including the Privacy and Civil Liberties Oversight Board (PCLOB) assumed. Because of the federated queries, the resulting contact chains were made up of both domestic and foreign identifiers, which means contact chaining under the Section 215 program involved far less American phone numbers than often presumed.

The documents also show that contact chaining for finding yet unknown conspirators isn't as easy as it may appear. It's not that one enters a phone numbers and the software provides a list of suspects. Data retrieved through the contact chains have to be analysed and correlated with other data sets in order to find out which numbers could matter. It still depends on experience, analysis and eventually even guessing which data and which numbers might be worth a closer investigation.

How successful this contact chaining and subsequent analysis is, is difficult to say. The PCLOB report judged that there was "no instance in which the [Section 215] program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack" - but it's also possible that there were just no such conspirators.

The PCLOB report noticed that analysing the domestic telephone metadata did provide some value "by offering additional leads regarding the contacts of terrorism suspects already known to investigators, and by demonstrating that foreign terrorist plots do not have a U.S. nexus" - although useful, this seems a rather meager result of what for sure required lots of work.


> Next: Collection of domestic phone records under the USA FREEDOM Act



Links and Sources
- Lawfare Blog: Understanding Footnote 14: NSA Lawyering, Oversight, and Compliance (2016)
- EmptyWheel.net: Federated Queries and EO 12333 FISC Workaround (2013) - What We Know about the Section 215 Phone Dragnet and Location Data (2016)
- PCLOB: Report on the Telephone Records Program Conducted under Section 215 of the USA PATRIOT Act (pdf) (2014)
- Cryptome.org: NSA FISA Business Records Offer a Lot to Learn (2013)
- Huffingtonpost.com: The NSA's Telephone Meta-data Program: Part I (2013)
- US Administration White Paper: Bulk Collection of Telephony Metadata under Section 215 of the USA PATRIOT Act (pdf) (2013)
- The New Yorker: What the N.S.A. Wants to Know About Your Phone Calls (2013)
- NSA: Business Records FISA NSA Review (.pdf) (2009)