CBSN

Trump calls out NSA for deleting data: Here are the facts

In a tweet on Tuesday morning, President Trump criticized the National Security Agency for deleting millions of "phone calls and text messages" and suggested the deletion was related to "the witch hunt," which is the way he habitually refers to the special counsel's ongoing investigation into Russian meddling in the presidential election. "Wow! The NSA has deleted 685 million phone calls and text messages," he tweeted. "Privacy violations? They blame technical irregularities. Such a disgrace. The Witch Hunt continues!" 

Much of the substance of and inferences made by the president's tweet are wrong. NSA referred inquires about the tweet to the White House, which did not immediately respond to a request for comment.  

The NSA had made its own announcement five days ago, last Thursday, about what kind of data it was deleting, why it was doing so, and what privacy considerations were at hand.

What data is the NSA deleting?

In its own disclosure on Thursday, the NSA said it was deleting "all call detail records (CDRs) acquired since 2015." Call Detail Records are neither phone calls nor text messages; they only include information about telephone numbers involved in a call or text, including their date and time. No content – spoken or written – of any number is collected, nor is any name, address, financial information or cell site location.

According to a public report about NSA surveillance activities, the agency collected about 534 million call detail records in 2017 and 151 million in 2016, for a total of about 685 million.

The NSA has this authority to help it obtain information about the activity of certain telephone numbers – including which other numbers they contact – for up to two contacts away from an original number. If, for example, NSA has reasonable suspicion a terrorist is using the number 555-555-1000, it can, through a process involving the Foreign Intelligence Surveillance Court (FISC), request data about which numbers that number connected with and when. For instance, suppose that original number connected with a caller whose number is 888-888-2000. The NSA can then request to see which numbers the 888 caller connected with and when – that is, two callers away from the original number that first raised suspicion. 

How did it get that data? 

The agency receives this information by requesting it directly from telecommunication companies, as required by the USA Freedom Act (UFA) of 2015, which is the law that changed how the NSA was allowed to store and access telecommunications data.  Prior to 2015, the agency used to collect and store this type of information – often referred to as telephony metadata – in bulk and on its own. 

It could also carry out its own searches of that data. UFA, which was passed in the aftermath of the Edward Snowden revelations, ended the NSA's ability to store bulk quantities of metadata and/or to search them. All that information is now stored by individual telecommunications companies and, as approved by the FISC, is provided to the NSA upon request. The NSA is able to store that data which it rightly requests and is authorized to receive, but not to collect and maintain vast quantities of it, as it had previously.

Why and when is NSA deleting it? 

The NSA said on Thursday that, months ago, its analysts noted "technical irregularities" in some of the data it received from telephone companies – which resulted in the production of some call detail records that the agency "was not authorized to receive." It is not entirely clear how that happened or what kind(s) of records those might have been. Because there was no way to separate the data it was entitled to from that which it received improperly, NSA said that after consultation with other intelligence agencies and the Department of Justice, it concluded it should delete all the data it was given since 2015 – all 685 million records.  

In an email, the NSA told CBS News it began investigating the matter in early 2018 and that deletion began on May 23, 2018. "The matter was addressed through a process that involved a number of remediation steps, including an interim step to restrict operational use of the data, prior to commencing the deletion effort," the agency said, adding, "We expect to complete remediation over the next few months."

What privacy and national security implications does it have? 

While the disclosure is troubling because it means a government agency was provided more information than it was legally entitled to, the NSA appears to be erring on the side of privacy protection in eliminating records it should not have.

The agency also told CBS News that it "considered the potential risk to national security in selecting this course of action," and that it "has a number of means of verifying the information – including looking at data that was not from UFA to ensure that the intelligence reporting is and remains accurate."

Still, the incident raises questions about the utility and functionality of the procedure put in place by the UFA for a few reasons – first, that the process resulted in over-collection in the first place, and second, that the agency concluded it could wholesale eliminate more than two years' worth of data without posing a significant risk to national security. 

What happens next? 

In its original disclosure NSA said it had identified the "root cause" of the problem and that it had "reviewed and revalidated" its intelligence reporting to make sure no improperly received CDRs were used.

The agency declined to describe to CBS News how it intends to ensure that over-collection does not reoccur within this process. It also will not disclose which or how many telecommunications companies were involved in this instance of over-collection, telling CBS News, "We cannot comment, as this involves operational details that remain classified."

Is it related to the special counsel's ongoing investigation? 

No. There is no evidence or indication this incident is in any way related to the Mueller investigation into Russian meddling.