Albert Gidari of Just Security/Center for Internet and Society has been looking into the US Courts’ wiretap reports for 2014 and 2015. The problem with these reports is that nothing adds up. As he wrote for Just Security last year, there’s a huge discrepancy between the numbers reported by the US Courts Administrative Office and those reported by the service providers complying with the orders.
These numbers should be much closer than they are. If a wiretap is issued by a court, then the recipient service provider should report being served with one wiretap order. But that’s not what has happened. The US Courts AO reported 3,554 federal and state wiretap orders in 2014. Service providers, however, reported receiving 10,712 wiretap orders for that same year.
As Gidari pointed out in 2015 (examining the 2014 wiretap report), there’s not much that explains this discrepancy.
The Wiretap Report says “1,532 extensions were requested and authorized in 2014, a decrease of 28 percent.” So even if half of the carrier reported orders were extended once and then treated as separate orders in the carriers’ transparency reports (the Wiretap Report would treat an extended order a single order), the numbers are still off by more than twofold.
The same goes for orders that expired after the end of the reporting period. As Gidari notes, anything not counted by the courts the previous year would show up on next year’s report and be negated by the lack of a new order on service providers’ reports.
The AO now reports that 4,148 wiretaps were authorized in 2015, a 17% increase over 2014. Twentysix of those authorized wiretaps apparently were never installed, and therefore probably do not appear in provider transparency reports. The four major carriers (AT&T, Sprint, Verizon and T-Mobile) reported a total of 11,633 wiretaps in 2015. Thus, provider numbers reflected an increase in surveillance as well, but only by about 8%. So the three-fold delta from 2014 remains while the actual number of wiretaps reported by providers only increased half as much as the percentage increase reported by the AO. That is hard to explain.
As transparency reports from carriers and service providers become even more detailed, the gap in reporting becomes even harder to explain. It could be that carriers count each wiretap installed as another instance, even if it’s a dozen accounts targeted with a single order. It could be that, but it’s highly unlikely. Facebook — one of the more recent additions to wiretap reporting — states it this way in its transparency report.
Facebook reported that it received 296 wiretap orders that affected 399 user accounts in 2015.
While companies are moving towards greater transparency, the US court system seems to be stuck in the same place. There’s really only one way to explain this gap containing thousands of “missing” wiretap orders: underreporting by the those handing in numbers to the Administrative Office. Considering the huge potential for misuse and abuse, this apparent underreporting isn’t acceptable. The Administrative Office is investigating, but so far has yet to report any results from its digging.
Once again, it seems a reporting process ordered by Congress but left to another agency to enforce (with zero consequences for noncompliance) is resulting in discrepancies between the “official” numbers and those reported by the private sector. It looks and feels just like the FBI’s collection of officer-involved shootings: incomplete, inaccurate, and wholly dependent on government entities self-reporting data they’d rather not make public.