Estimating Incidental Collection in Foreign Intelligence Surveillance: Large-Scale Multiparty Private Set Intersection with Union and Sum, 31st USENIX Security Symposium (2022)

Princeton Professor Jonathan Mayer (joint appt Computer Science and School of Public and Int’l Affairs) and computer science doctoral candidate Anunay Kulshestha note that for more than a decade members of Congress and civil society organizations have called on the IC to estimate the scale of incidental collection under §702. Senior intelligence officials have acknowledged the value of quantitative transparency for incidental collection, but the IC has not identified a satisfactory estimation method that respects individual privacy, protects intelligence sources and methods, and imposes minimal burden on IC resources. The authors that this can be done using secure multiparty computation (MPC). The IC possesses records about the parties to intercepted communications, and communications services possess country-level location for users. By combining these datasets with MPC, they argue that is possible to generate an automated aggregate estimate of incidental collection that maintains confidentiality for intercepted communications and user locations