N.S.A. Disclosure of U.S. Identities in Surveillance Reports Nearly Tripled in 2023

The number of times the National Security Agency identified Americans or U.S. entities last year in intelligence reports containing information from a high-profile warrantless surveillance program nearly tripled from 2022, the government disclosed on Tuesday.

The sharp increase in so-called unmaskings, to more than 31,300 times, arose from attempts by foreign hackers to infiltrate the computer systems of critical infrastructure — not individual people, officials said. In particular, a single intelligence report last year identified a “large number” of potential American entities a hacker sought to breach, the report said.

The report was the most recent set of surveillance-related statistics made public each spring by the Office of the Director of National Intelligence, providing a measure of transparency into how intelligence agencies use their electronic spying powers.

The Foreign Intelligence Surveillance Act of 1978, or FISA, normally requires a warrant for national-security wiretapping on American soil. A provision of that law, known as Section 702, is an exception, allowing the government to collect, without a warrant, the messages and data of foreigners abroad from U.S. companies like Google and AT&T — even when they are communicating with Americans.

The Section 702 program has elicited intense controversy since Congress enacted it in 2008 to legalize a form of a warrantless surveillance program the Bush administration secretly began after the Sept. 11 attacks. This month, Congress renewed Section 702 for two years after an intense political fight disrupted the usual partisan alignment, with supporters and skeptics of the program in both parties.

In recent years, F.B.I. officials have repeatedly conducted searches using the identifiers of Americans, like e-mail addresses, that were later found to have violated standards for such queries of the repository of intercepts — including because the searches lacked sufficient justification or were too broad. Problematic queries have included searches using the identifiers of a lawmaker, Black Lives Matter protesters and Jan. 6 Capitol riot suspects.

The bill to extend the program imposed a number of limits, especially on the F.B.I.’s ability to use it. Those changes were too recent, however, to be reflected in the report. Still, many of the new restrictions codified into law changes the F.B.I. had put into place in 2021.

In March 2023, the Biden administration had trumpeted how the number of American identifiers the F.B.I. had used as search terms had plunged after the bureau made changes, and the new report showed that trend continuing — even as the total number of Americans or American entities who were identified in intelligence reports soared.

Specifically, the government roughly estimated that the F.B.I. had used more than 2.9 million American identifiers as search terms in the Section 702 database between December 2000 and November 2021. That number fell to roughly 119,383 in the yearly span that ended in November 2022, and fell again to roughly 57,094 in the year that ended last November. (Because of a complexity in F.B.I. systems, those estimates are an overcount of the actual numbers.)

The F.B.I. opened no ordinary criminal investigations into Americans based on information gathered using Section 702 last year, the report said, but it disclosed how often that F.B.I. officials had gained access to the results of queries for information about Americans that officials had conducted solely for the purpose of scrutinizing potential ordinary crime, with no connection to a national security investigation.

In the 12 months that ended in November 2022, for example, F.B.I. officials ended up looking at information 43 times that came up in response to a search for information about Americans while scrutinizing ordinary crimes. That was an upward revision by 27 from last year’s report because of discovering additional examples in an audit. They did so 21 times in the year that ended last November.

Most — 29 in 2022 and 17 last year — did not comply with internal limits because they were searches that essentially amounted to fishing expeditions by agents who lacked a sufficient reason to believe beforehand that they might find relevant evidence.

Privacy advocates have cited F.B.I. errors in searching for information about Americans that the government swept in without a warrant to argue that officials should be required to obtain court orders for such queries. National security officials strongly oppose such a proposal, arguing that it would gut the program’s effectiveness. A proposal to add such a limit to the Section 702 extension bill failed in a tie vote in the House this month.