The National Security Agency released its first transparency report on mass surveillance. While it revealed very specific statistics about the exact number of “targets” it has watched, a target can be one individual or an entire organization. Under it’s most controversial legal program, Section 702 of the USA Freedom Act, the NSA admits to affecting 89,138 targets’ communications [PDF].

But the word “target” is a sly trick, since a target can be an organization.

“One target, in the number 89,000, one could be 20 or 100 individual people,” explains Electronic Frontier Foundation staff attorney Mark Rumold. According to the NSA’s explanation, if there are multiple email addresses for one person, and the NSA isn’t aware of each account, it could be double-counting this targeting.

But the more likely scenario is that most targets represents multiple people.

“There’s no way that the 89,000 figure is the floor … the ceiling is likely much, much higher,” he says.

More interesting is that while many other NSA requests need one or more court approvals, the entire Section 702 program was approved with just one order. “Section 702 completely removes the judiciary,” warned Rumold.

The American Civil Liberties Union was also concerned that the numbers don’t reflect how many American targets have been spied on. The NSA is legally required to target foreigners, but it inevitably sweeps up U.S. citizens’ communications. “The statistics also mask the vast number of Americans swept up in the government’s bulk collection programs, such as the NSA’s daily collection of Americans’ calling records en masse,” the ACLU’s attorney Brett Max Kaufman, told me.

Despite the obscurity, Google’s Director of Law Enforcement and Information Security, praised the report. “This is a step in the right direction of increasing trust in both government and Internet services, and it demonstrates again that governments can embrace transparency while protecting national security,” he wrote in a blog post.

As of this year, tech companies have been permitted to disclose some details on the number of users targeted by requests. Google, for instance, has said that between 0-16,000 users have gotten requests for information. Rumold says those probably accurately reflect the number of individual users (not groups). But since many citizens use multiple services, it’s difficult to know the full extent of NSA spying across all tech platforms.

So, today’s report should probably put “transparency” in quote.