The NSA Sent Daily Metadata Reports to the FBI for Years

In 2011, former FBI general counsel Valerie Caproni testified about the bureau's "going dark" problem to the House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security. Echoing a popular refrain from then-Director Robert Mueller, Caproni explained that the bureau was incapable of keeping up with the sheer volume of digital communications, and that it needed additional internet surveillance tools to keep from being left in the dark.

"Addressing the Going Dark problem does not require the Internet to be re-designed or re-architected for the benefit of the government," she testified. "Within the current architecture of the Internet, most of our interception challenges could be solved using existing technologies that can be deployed without re-designing the Internet and without exposing the provider’s system to outside malicious activity."

Caproni also testified that the FBI had sufficient legal authority to surveil the internet; the problem was a lack of technical capability to sift through the vast regions of the web. What Caproni didn't mention was that the FBI was already enjoying the spoils of another agency with vast data-mining skills: the NSA.

According to documents released by the Director of National Intelligence last Friday (which flew under the radar thanks to President Obama's NSA speech), the NSA regularly provided the FBI with collected metadata from at least 2006 to 2011.

The documents are court orders from the Foreign Intelligence Surveillance Court (FISC), the secret court overseeing application of the Foreign Intelligence Surveillance Act. One, dating from August 2006, grants a request from the director of the FBI for access to NSA metadata, and outlines how such sharing would work, a format used by five years of subsequent orders.

As FISC Judge Malcom J. Howard writes in that August 2006 document, the request must be limited to "tangible things," in this case call metadata. Also, per the requirement of Section 702 of the FISA Amendments Act that any such snooping be focused on international persons, Howard writes that the metadata must be "relevant to authorized investigations" being conducted by the FBI that "protect against international terrorism."

As if a couple-dozen court approvals weren't enough evidence, it appears the FBI was regularly taking advantage of the NSA's data. A footnote on page 4 of the August 2006 order linked above says "the Court understands the NSA expects that it will continue to provide on average approximately three telephone numbers per day to the FBI."

Credit to [Ars Technica's Cyrus Farivar for highlighting that footnote](http://A similar footnote from a November 2006 court order refers to ), and for finding the ongoing pattern:

A similar footnote from a November 2006 court order refers to “two telephone numbers.” The “three” figure was continued until documents from March 2009, when the specific language changed to simply “information.”

A June 2011 order from FISC Judge John D. Bates shows how the information-sharing program evolved in the intervening five years of daily metadata report sharing. In it, Bates orders a redacted party (presumably a phone carrier) to produce daily reports to the NSA containing all call metadata for a redacted person of interest.

Bates also ordered the redacted service provider to provide the NSA will "all call detail records or "telephony metadata" created by [redacted] for communications between (i) the United States and abroad; or (ii) wholly within the United States, including local telephone calls." Presumably, that means the redacted entity is at least in contact with a foreign person, even if they're in the States; FISC judges have been clear that they won't let the NSA spy on domestic citizens unless one end of a phone call originates outside of the US.

Bates also notes that any information the FBI received as a result of the order could only be used provided the FBI followed data minimization procedures laid out by the Attorney General aimed at preventing regular people getting swept up in the dragnet.

Notable then, albeit tangentially related, is a decision from Bates just one month prior. In a May 2011 order, he ruled part of the NSA's data collection program unconstitutional because the agency failed to follow court-ordered minimization procedures.

Despite that, and despite knowing the NSA was being intentionally misleading, Bates approved metadata collection with more stringent minimization procedures. In fact, FISC approved every FISA application from 2010-2012, and yet we now know that the NSA repeatedly lied about its capabilities.

The flow of NSA data to the FBI isn't particularly surprising; we've known that the agencies have collaborated for years, which has produced operations as strange as a World of Warcraft sting. But it serves to highlight the simple fact that the NSA's metadata collection procedures don't exist in a vacuum. The data the NSA collects gets disseminated outside the walls of the agency, which makes such procedures even more troubling. (As the documents stop in 2011, it's unclear if such sharing exists today, although it'd be a safe bet to say they do.)

To this day, the NSA's metadata program is billed by President Obama as being dedicated to the fight against international terrorism. While that's far from the case—NSA's mission is hardly limited to terrorists—the NSA sharing the fruits of its massive metadata-collection infrastructure with the FBI, an organization ostensibly tasked with domestic security, is worrisome.

Former FBI Director Mueller's 12 year tenure saw a massive shift in the FBI's focus from federal crime to counterterror operations, which has fueled the bureau's need for signals intelligence. In the fight against the supposed "going dark" problem, the FBI, along with the Justice Department as a whole, has gained more and more ability to conduct online surveillance. And like the NSA, the DoJ is obsessed with data collection, which has resulted in absolutely despicable acts like spying on the Associated Press.

Combined with the latest documents released from the DNI, it's becoming ever clearer that the United States' myriad police and counterterror organizations aren't isolated in their endeavors. Instead, they've worked in concert to develop an enormous electronic surveillance complex aimed at accessing as many forms of electronic communication as possible, even if the gleaned data has not been extraordinarily helpful in actually catching terrorists.

With new FBI Director James Comey having stated that the FBI is indeed an intelligence organization, a position President Obama supports, don't expect the paradigm to change soon.

@derektmead