N.S.A. Phone Program Cost $100 Million, but Produced Only Two Unique Leads

WASHINGTON — A National Security Agency system that analyzed logs of Americans’ domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study.

Moreover, only twice during that four-year period did the program generate unique information that the F.B.I. did not already possess, said the study, which was produced by the Privacy and Civil Liberties Oversight Board and briefed to Congress on Tuesday.

“Based on one report, F.B.I. vetted an individual, but, after vetting, determined that no further action was warranted,” the report said. “The second report provided unique information about a telephone number, previously known to U.S. authorities, which led to the opening of a foreign intelligence investigation.”

The report did not reveal the subject matter of the one significant F.B.I. investigation that was spurred by the Freedom Act program, and did not divulge its outcome.

But the high expense and low utility of the call records collected sheds new light on the National Security Agency’s decision in 2019 to shutter the program amid recurring technical headaches, halting a counterterrorism effort that has touched off disputes about privacy and the rule of law since the Sept. 11, 2001, attacks.

The information surfaced as Congress is weighing whether to allow the law that authorizes the agency to operate the system — the USA Freedom Act of 2015 — to expire on March 15, or whether to accede to the Trump administration’s request that lawmakers extend the statute, so the agency could choose to turn the system back on in the future.

The House Judiciary Committee will meet on Wednesday to consider a draft bill that would adjust surveillance law in several ways, including terminating the program’s authority. Separately on Tuesday, Attorney General William P. Barr met with Republican senators to urge them to extend three other investigative powers also set to expire on March 15.

The privacy board is an independent agency created by Congress on the recommendation of the commission that studied the Sept. 11 attacks. A declassified, partly censored version of the board’s 103-page report was viewed by The New York Times.

In an interview, the board’s chairman, Adam I. Klein, praised the National Security Agency for deciding last year to suspend the program — not only because of its high cost and low value, but because of continuing problems in which telecommunications companies kept sending the agency more people’s phone records than it had legal authority to collect.

“It shows a lot of judgment to acknowledge that something that consumed a lot of resources and time did not yield the value anticipated,” Mr. Klein said. “We want agencies to be able to reflect on their collection capabilities and wind them down where appropriate. That’s the best way to ensure civil liberties and privacy are balanced with operational needs.”

In a statement appended to the report, Mr. Klein also noted that phone records are becoming less important as people shift to using encrypted chat apps. And, he noted, the government can still gain access to some phone logs through other means, like traditional subpoenas for records of discrete accounts, or N.S.A. collection abroad, where there are fewer legal limits.

The Times reported last year that the National Security Agency had delivered a bleak internal assessment of the call records program’s steep costs and minimal benefits without taking an explicit position on whether the Trump administration should seek to extend the law that authorized it. But the specific figures undergirding that briefing were previously classified.

The privacy board, working with the intelligence community, got several additional salient facts declassified as part of the rollout of its report. Among them, it officially disclosed that the system has gained access to Americans’ cellphone records, not just logs of landline phone calls.

It also disclosed that in the four years the Freedom Act system was operational, the National Security Agency produced 15 intelligence reports derived from it. The other 13, however, contained information the F.B.I. had already collected through other means, like ordinary subpoenas to telephone companies.

The report cited two investigations in which the National Security Agency produced reports derived from the program: its analysis of the Pulse nightclub mass shooting in Orlando, Fla., in June 2016, and of the November 2016 attack at Ohio State University by a man who drove his car into people and slashed at them with a machete. But it did not say whether the investigations into either of those attacks were connected to the two intelligence reports that provided unique information not already in the possession of the F.B.I.

The system traces back to a secret decision by President George W. Bush to unleash the National Security Agency from certain legal constraints following the terrorist attacks of Sept. 11, 2001. Among other things, the agency began collecting customer calling records in bulk, from several large telecoms. Counterterrorism analysts used the data as a map of social links, hunting for hidden associates of known terrorism suspects by looking at indirect connections.

In 2006, the Foreign Intelligence Surveillance Court secretly blessed the program under a legally disputed interpretation of the Patriot Act. In 2013, the program’s existence was leaked by the former National Security Agency contractor Edward J. Snowden, prompting an uproar over privacy rights and the rule of law.

Defenders of the program claimed that it could have stopped the Sept. 11 attacks. But in practice, its most concrete accomplishment, according to a 2014 report by the Privacy and Civil Liberties Oversight Board, was leading the F.B.I. to scrutinize a San Diego man who turned out to have donated several thousand dollars to the Shabab, the Islamist group in Somalia. There was no accusation that he was planning to commit any terrorist attack.

In 2015, Congress enacted the USA Freedom Act, which ended the bulk collection of phone records under the Patriot Act, but authorized the National Security Agency to operate an alternative system that kept the bulk records in the hands of phone companies.

With a judge’s permission, the agency could query the system to swiftly obtain the records not only of a suspect, but of everyone with whom that suspect had been in contact.

The exponential math meant that the agency was still gathering a huge number of call and text records about Americans, however. In 2018, the N.S.A. obtained 14 court orders, but gathered 434 million call detail records involving 19 million phone numbers.

There were repeated signs of trouble. In the spring of 2018, the National Security Agency purged hundreds of millions of records after it realized that its database was contaminated with some files the agency had no authority to receive. And in the fall of 2018, it discovered again that it was overcollecting data. The agency turned off the program in 2019.

The National Security Agency has said that the cause of the problems was largely that telecoms were returning erroneous call records. The unclassified version of the privacy board’s report adds a few details to that discussion, but sections about exactly what went wrong remain blacked out.

Mr. Klein said that after the agency’s staff worked with the intelligence community to get large amounts of information declassified, the board met with Joseph Maguire, the former acting director of national intelligence, to ask for four more things to be made public.

Mr. Maguire agreed to declassify one — that the program had cost taxpayers $100 million — but three others remain secret despite the board’s request. Among them, Mr. Klein said, were additional details about what kinds of records the program did and did not collect, about the cause of the compliance problems with the telecoms and about how the agency processed the data.

Katie Benner and Nicholas Fandos contributed reporting.

Continue reading at New York Times