The NSA and the USA Freedom Act

 | David Kris 07/03/2018 10:02 AM MDT

Share this article

NSA Eagle
Credit: Wikipedia Commons

The National Security Agency has announced a startling failure in the implementation of the USA Freedom Act of 2015. According to a public statement released by NSA on June 28, the call detail records that NSA has been receiving from telephone companies under the Act are infected with errors, NSA cannot isolate and correct those errors, and so it has decided to purge from its data repositories all of the CDRs ever received under the Act. As the public statement explains, “on May 23, 2018, NSA began deleting all call detail records (CDRs) acquired since 2015 under Title V of the Foreign Intelligence Surveillance Act (FISA) ... because several months ago NSA analysts noted technical irregularities in some data received from telecommunications service providers. These irregularities also resulted in the production to NSA of some CDRs that NSA was not authorized to receive. Because it was infeasible to identify and isolate properly produced data, NSA concluded that it should not use any of the CDRs.”

This post (1) reviews the program of bulk collection of telephony metadata that existed prior to the USA Freedom Act, (2) describes the processes required under the Freedom Act, and (3) considers lessons learned from the failure of the Act.


I. Bulk Telephony Metadata Collection, 2006–15

From 2006 until the USA Freedom Act of 2015, NSA engaged in bulk collection of telephony metadata under the supervision of the Foreign Intelligence Surveillance Court (FISC). As I have explained here, NSA would collect vast quantities of telephony metadata, or records about telephone calls—sometimes referred to as “call detail records” or “CDRs”—from certain telephone companies. These records included information about the telephone numbers involved in a call and the date and time of the call, but they did not include the words spoken in the call. The information was similar to what used to appear in an old-fashioned paper telephone bill—it might show, for example, that (123) 456-7890 called (234) 567-8901 on Monday, Jan. 1, at noon, for 30 minutes. It operated on a truly enormous scale: NSA would collect this sort of information from telephone companies and store it in huge data repositories.