Russia cyber case prompted big portion of FBI's surveillance database searches in 2021

A Russian cyberthreat against U.S. critical infrastructure in the first half of 2021 prompted the FBI to query the database of a warrantless surveillance program nearly 2 million times as the bureau cast a wide net for useful information, officials said Friday.

That single national security threat alone accounted for more than half of the total number of the roughly 3.4 million searches the FBI made in 2021 using terms likely to identify an American citizen, the officials said. The repository captures information from electronic surveillance tools authorized under Section 702 of the Foreign Intelligence Surveillance Act.

The FBI did not specify whether the danger was posed by the Russian government or a criminal group. The database queries were aimed at protecting Americans, a senior FBI official told reporters during the presentation of an annual transparency report on U.S. spying authorities.

“More specifically on this threat, we identified a pool of potential victims, which did include U.S. persons, and we ran that against our 702 collection in order to identify who, in particular, Russia was actually targeting,” the senior official said, noting the requests were reviewed by the Justice Department and found compliant with existing statute.

The first half of 2021 was dominated by massive ransomware attacks, including on the Colonial Pipeline company, software firm Kaseya and food processing giant JBS. Some of those cases have now been attributed to Russian hackers.

The FBI official also could not say if the total number of queries in the cyberthreat case — about 1.9 million — is comparable to past investigations. 

This year marks the first time the bureau has publicly provided the number of searches since the Office of the Director of National Intelligence began recording surveillance-related statistics in 2013. That move came after the leaks by former National Security Agency contractor Edward Snowden sparked a national debate over electronic eavesdropping.

The new ODNI report shows the FBI conducted about 1.3 million queries in 2020.

“The number this year, and the number last year, is certainly a large number. I am not going to pretend that it isn't,” the bureau official said.

Even though the overall figure represents the total number of searches — and not the amount of unique terms used to uncover data or a number of American citizens — Friday's disclosure will likely complicate the Biden administration’s push to renew Section 702, which is due to expire at the end of 2023.

The Record first reported that the U.S. intelligence community has begun preparing for next year’s debate over the spying tools, which allow the federal government to collect emails and other electronic communications of foreign intelligence targets but also incidentally hoover up the personal data of Americans, especially if they were communicating with a foreigner abroad who was targeted under the Section 702 rules.

FBI officials provided several caveats to the seven-digit figure, noting that the bureau's work only applied to about 4.4 percent of the targets in the database, and that all database searches must, by law, be relevant to an open investigation. The ODNI report shows the database had 232,432 such targets overall last year, up from 202,723 the previous year.

However, such complex and nuanced arguments could fall on deaf ears on Capitol Hill. 

Congressional reauthorization of surveillance programs is no longer a foregone conclusion after former President Donald Trump and his allies spent years making baseless accusations that his 2016 campaign was spied on. The rhetoric, combined with existing concerns from privacy-minded Democrats and civil libertarian-oriented Republicans, directly led to lawmakers declining to renew another part of FISA in 2020.

Sen. Ron Wyden (D-Ore.), a longtime privacy hawk, decried the report.

“For anyone outside the U.S. government, the astronomical number of FBI searches of Americans’ communications is either highly alarming or entirely meaningless,” Wyden said in a statement.

"Somewhere in all that over-counting are real numbers of FBI searches, for content and for noncontent — numbers that Congress and the American people need before Section 702 is reauthorized," added Wyden, who serves on the Senate Intelligence Committee.

The FBI must "be transparent about the particular circumstances in which it conducted a staggering 1.9 million additional queries in 2021 ... Baseline transparency is essential if the federal government wants to hold such sweeping surveillance powers."

Speaking at the Hewlett Foundation Verify 2022 conference in Saulsalito, California, Assistant Attorney General Matt Olsen didn't rule out declassifying more information about the particular case as DOJ works with lawmakers to renew 702.

“We’re looking at all these things,” he told The Record. “We need to have more information out there to justify that we need more authorities."

FBI officials stood by their decision to publicly release the number of searches for the first time.

“A different direction we could have gone is to say: ‘This number is too fuzzy. We're just going to hold it,’” a second bureau official told reporters. “We didn't think that was the right answer. We thought it was the right answer to give people the information with its fuzziness with its complexity, and allow them to make their own determinations about it instead of us making that decision for them.”

The transparency report “is in fact about transparency,” according to Ben Huebner, chief of the civil liberties, privacy and transparency office at ODNI. "We take some pride in the fact that while surveillance authorities are inherently something that we as the American public debate, even though these are classified operations.”

That debate "has been, in recent years and continues to be, based in fact. Based in reality," he added. "We're all sort of having the good arguments we have as a civil society operating on this in the same factual universe. And so, this is an effort to continue that right. We thought the most important thing was for folks to to understand how the FBI was using this authority."

*Dina Temple-Raston provided additional reporting.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Martin Matishak

Martin Matishak

is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.