Intelligence Surveillance & Privacy

The 18 Documents that ODNI Released on Section 702: Summaries

Sarah Grant, Matthew Kahn, Shannon Togawa Mercer
Thursday, September 7, 2017, 10:20 AM

In response to a FOIA request from the ACLU, the Office of the Director of National Intelligence and the Department of Justice released FISA Amendments Act Section 702 documents on August 23. Below, we summarize each document. Note that redactions necessarily leave noticeable gaps in some of the summaries.

NSA Headquarters in Fort Meade, MD. (Photo: Wikimedia)

Published by The Lawfare Institute
in Cooperation With

In response to a FOIA request from the ACLU, the Office of the Director of National Intelligence and the Department of Justice released FISA Amendments Act Section 702 documents on August 23. Below, we summarize each document. Note that redactions necessarily leave noticeable gaps in some of the summaries.

Document 1: 2015 Certification Government’s Cover Filing

This document is the Government’s ex parte submission of reauthorization certifications, amended certifications, and procedures to the Foreign Intelligence Surveillance Court (FISC) for approval. The submission contains two discussions: first, the Government details clarifications of, and amendments to, the targeting and minimization procedures of the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Central Intelligence Agency (CIA); second, the Government provides FISC-requested information concerning dissemination provisions in the FBI and CIA minimization procedures.

The FBI minimization procedures discussed include added language to reflect actual FBI practice concerning database queries, a new requirement for reviewing query results, new language imposing restrictions on the FBI’s use and dissemination of Section 702 data in connection with non-foreign intelligence criminal matters, and new language clarifying the scope of the term “query” as used in an FBI search. Additionally, three modifications are made to provisions concerning attorney-client communications: adding access restriction exceptions for technical personnel accessing attorney-client privileged communications in backup or original evidence systems; requiring the FBI office of general counsel or the FBI division counsel to approve disseminations of attorney-client privileged communications (recommending a procedure for approval); and requiring the inclusion of additional language and information in disseminations of attorney-client communications. Furthermore, there is a new allowance for the FBI’s retention of Section 702 data in emergency backup systems and systems containing original evidence copies, provided that only systems administrators or other technical personnel have access. This section includes a modification to the FBI destruction requirements to allow for the retention of encrypted raw FISA data if its needed for cryptanalysis or deciphering. The submission also includes an addition allowing the FBI to disseminate information to private entities or individuals if the private entity or individual may be capable of providing assistance in mitigating or preventing serious economic harm or serious physical harm to life or property.

The NSA and CIA discussion includes added provisions to reflect current practice in minimization procedures and modifications. Query procedures are modified to include a requirement that queries using United States persons’ identifiers are accompanied by a written statement of facts showing the use of identity as a query term is reasonably likely to return foreign intelligence. This section includes a modification to the retention and preservation obligations to allow for retention when the DOJ advises a department to preserve information in light of pending or anticipated litigation. Accompanying this modification, there is an added requirement that NSA and CIA provide the National Security Division (NSD) with a summary of the litigation matters that require the preservation of Section 702 data, and the status of each matter. The NSD will notify the court, and separately request authorization for retention, under certain conditions. Regarding attorney-client privileged communications, there is a specification that the communications should be destroyed if they do not contain foreign intelligence information or evidence of a crime.

Next, the Government provides the Court with requested detail concerning the dissemination provisions of the FBI and CIA’s respective minimization procedures. The FBI’s procedure allows for the dissemination of Section 702-acquired information to private entities or individuals. The Government makes a point of clarifying that this allowance expands on the existing procedure to allow for dissemination to private entities when that information may assist in mitigating or preventing computer intrusions or cyber-attacks. The Government discusses the history, justification, and oversight mechanisms associated with this procedure. The Government also provides further clarification of the meaning and scope of “otherwise authorized recipients outside of the CIA” in Paragraph 5 of the CIA’s minimization procedure authorizing the dissemination of information to parties outside of the CIA. Again, the Government discusses the history, justification, application (including a hypothetical), and oversight mechanisms associated with this procedure. According to the Government, “otherwise authorized recipients outside of the CIA” encompasses those recipients, be they government agencies, cooperating foreign intelligence services or private persons, that need to receive information from the CIA consistent with the CIA’s foreign intelligence mission.

Finally, the Government notes that it has provided the FISC with: (1) sample tasking sheets, query terms, and briefing regarding these sheets, query terms, and government oversight; (2) and a summary of notable Section 702 requirements, namely as a “reference guide to the prominent concepts governing the program.”

In accordance with subsection 702(g) of the Foreign Intelligence Surveillance Act (FISA), the Director of National Intelligence and the Attorney General must certify to the Foreign Intelligence Surveillance Court (FISC) on an annual basis that the Intelligence Community is following FISC-approved targeting and minimization procedures.

Documents 2-7 consist of the certification and supporting materials submitted by Attorney General Lynch and Acting Director of National Intelligence Michael Dempsey in August 2015.

Document 2: 2015 Certification AG-DNI Memorandum

This is an AG/DNI memorandum certifying that the targeting and minimization procedures used by the relevant Intelligence Community agencies comport with the statutory requirements, amending the prior authorization to reflect updated targeting and minimization procedures for certain agencies, and incorporating the prior authorization as to all other aspects.

Document 3: 2015 Certification NSA Director Affidavit

This is an affidavit submitted by NSA Director Admiral Michael Rogers in support of the certification, attesting to the propriety of the agency’s targeting, minimization, and inter-agency information-sharing procedures.

Document 4: 2015 Certification FBI Director Affidavit

This is the same kind of affidavit as Doc 3, submitted by FBI Director James Comey.

Doc 5: 2015 Certification CIA Director Affidavit

This is CIA Director John Brennan’s affirmation regarding the CIA’s minimization procedures for communications received from the NSA and FBI.

Document 6: 2015 Certification FBI Targeting Procedures

This explains the FBI’s targeting, documentation, and oversight procedures.

Document 7: 2015 Certification Exhibit F

The subject matter of document 7 is unknown. The content is redacted in its entirety and not visibly mentioned elsewhere in the released documents.

Document 8: Government’s Response to FISC’s 10/14/15 Order

This is the Government’s response to a FISC order directing the Government to file a written submission regarding the Government’s justification under the NSA’s Section 702 Standard Minimization Procedures (SMPs) and 50 U.S.C. § 1809(a)(2) for retaining data otherwise subject to purge in two mission management systems, the names of which are redacted. The Government describes the systems as compliance tools that assist NSA analysts and oversight and compliance personnel in determining whether persons of interest and persons accessing tasked facilities may be inside the United States, and therefore not targetable under Section 702 authorities. The Government then lays out its plan to limit access to information subject to purge that remains in the database to compliance and technical personnel and system administrators; analysts will no longer be able to access the information, preventing its use except for collection avoidance purposes after the purge date. The response brief goes on to explain the applicable statutory provisions, the purpose and current application of the NSA’s SMPs, the contribution of the systems in question to the NSA’s ability to comply with its post-targeting obligations, and the reasons why the NSA believes retention of limited data in the systems does not violate data purge requirements.

Document 9: Government’s Response to FISC’s 11/6/15 Order

After reviewing the Government’s submission (document 8), the Court entered an additional order directing the Government to report further information regarding the NSA’s retention of certain categories of information in the two name-redacted databases. The Court noted several categories of communications that may not be permitted to be retained under the NSA’s SMPs and “ordered the Government to report on how the NSA plans to comply with its ‘targeting and minimization procedures with respect to these other categories of information’ in these two systems, or, alternatively, ‘how the retention and use of these other categories of information…comports with the NSA’s targeting and minimization procedures.’” The categories of information the Court identified include: “(1) incidentally acquired communications of or concerning a United States person that are clearly not relevant to the authorized purpose of the acquisition or that do not contain evidence of a crime which may be disseminated under the minimization procedures; (2) attorney-client communications that do not contain foreign intelligence information or evidence of a crime; and (3) ‘any instances in which the NSA discovers that a United States person or person not reasonably believe to be outside the United States at the time of targeting has been intentionally targeted under Section 702.’”

The Government, in this response, explains how it intends to age-off FISA-acquired information in the systems, pursuant to the applicable time periods set forth in the 702 minimization procedures, and delete all data subject to 50 U.S.C. § 1809(a)(2). Going forward, in accordance with a prior Court determination, the NSA can retain data “that is derived from domestic communications placed on the NSA’s Master Purge List (MPL) for the purpose of collection avoidance,” so long as the domestic communication is not “subject to destruction under 50 U.S.C. § 1809(a)(2) or otherwise subject to purge for other reasons.” The Government then describes the methodology and timeline for purging data from the two systems. First, the NSA will complete the already-begun age-off process; second, it will implement additional processes necessary to purge relevant items identified in the future; and third, it will assess and refine “its ability to differentiate or parse between information that is required to be purged from information that it may retain (i.e. domestic communications that fall within Section 5 of the NSA’s Section 702 minimization procedures).” With regard to phase three, the NSA “will provide more information regarding its assessment at the hearing with the Court on January 27, 2016. The outcome of the assessment will determine the manner in which the NSA will accomplish the purging of the historic information remaining after the completion of the age-off and the timeline for completion of the purge.”

Document 10: NSA’s 702 Targeting Review Guidance

This document lays out the Standard Operating Procedure (SOP) for NSA analysts, releasers, and adjudicators performing 702 targeting and identifies steps required for targeting and responsibilities pertaining to targeting. It explains that a target and associated selectors can be requested for targeting under 702 only if covered by an existing 702 Certification, and that analysts must include in a targeting request sufficient information to show why the target is reasonably believed to be a non-U.S. person located outside the U.S. Analysts are also required to create a “permanent record of the citations associated with each target and associated selectors, as well as the…information that supported the foreignness determination,” which can be retrieved and reviewed at any time to ensure NSA tasking decisions comply with statutory authority. The SOP next lists the training courses that analysts must complete prior to gaining access to the tools required for requesting 702 tasking. It then describes the 702 “Obligation to Review” process, which involves a series of step to mitigate potential future compliance incidents due to continued collection following target use of the selector from within the U.S. Detasking requirements and processes, references, and errors to avoid in the targeting request are included in the document, but nearly completely redacted.

Document 11: NSA’s 702 Practical Applications Training

The NSA’s 702 Practical Applications training course, one of the courses listed in the SOP summarized above, consists of five lessons: “Overview of FAA702 Authority”; “How Do I Create TAR Statements?”; “How Do I Create a Foreignness Explanation?”; “How Do I Sustain FAA702 Targeting?”; and “How Do I Handle Targeting Incidents?”.

Lesson 1, “Overview of FAA702 Authority,” says that 702 provides “NSA/CSS with the means to compel U.S. electronic communications service providers to assist in acquiring foreign intelligence information from communications.” Three requirements form the foundation of the authority: the target isn’t a U.S. person, the target is reasonably believed to be located outside the U.S., and the target possesses, or is likely to receive, or is likely to communicate foreign intelligence information regarding an approved target set. Under 702, the Attorney General and the Office of the Director of National Intelligence are empowered to approve Certifications authorizing SIGINT collection against specified targets. For example, see documents 2-7, above. The training course mentions that there are two ways to obtain surveillance data, the first of which is redacted and the second of which is UPSTREAM collection. UPSTREAM collection allows the NSA to obtain communications to, from, or about a foreign target, and may involve multiple communications in a single transaction. The course concludes by explaining why oversight procedures are important and specifying circumstances when 702 should not be used.

Lesson 2, “How Do I Create TAR Statements?”, examines the targeting request process, focusing on the Targeting Rationale (TAR) Statement. A mostly-redacted section describes the process by which someone checks the targeting request submitted by the analyst to determine if the 702 Certification selected does actually apply to the target and reviews the whole request for consistency with 702 criteria. An adjudicator then must replicate the queries done by the analyst and perform other checks to ensure the selector isn’t used by a U.S. Person, and review the information submitted for internal consistency. If an adjudicator or reviewer finds something wrong with a targeting request, most often an issue with the TAR Statement or Foreignness Explanation, they will deny the request and provide a denial code and comments to assist with revision and resubmission. The lesson then describes the TAR, which identifies why an analyst is proposing a new selector. “It identifies the target’s connection to the chosen Certification and the foreign intelligence expected to be gained, by providing a short, concise, but complete explanation as to why” the selector is being targeted. The training concludes with a series of knowledge check questions and exercises to practice developing TARs.

Lesson 3, “How Do I Create a Foreignness Explanation?”, covers the elements of the Foreignness Explanation required as part of a targeting request: Who, What, Where, and When. It also describes the standard of evidence—reasonable belief based on the totality of circumstances—and the documentation required to establish the target’s foreignness. The lesson concludes with knowledge check questions and exercises.

Lesson 4, “How Do I Sustain FAA702 Targeting?”, provides an overview of the “Obligation to Review” (OTR) process, including required review cycles and targeting renewals, and how to detect and respond when a target enters the U.S. and can no longer be tasked. OTR entails reviewing traffic on selectors and following targets on a regular basis to continuously verify that the target fits the selected Certification and the reasonable belief of foreignness remains. The lesson also explains the detargeting and retargeting procedures employed when a selector roams in and out of the U.S. The lesson concludes with a knowledge check.

Lesson 5, “How Do I Handle Targeting Incidents?”, defines 702 targeting incidents and identifies the steps for reporting a suspected targeting incident. Incidents are divided into two types: compliance and policy. Compliance incidents occur “when a legal requirement isn’t satisfied” and are reported to overseers like ODNI and DoJ, and usually revolve around targeting a U.S. person (status-related incidents) or a non-U.S. person located in the U.S. (location-related incidents). Policy incidents occur when the NSA’s own policies haven’t been followed. The training then lays out the five-step incident reporting process: 1) Initial Recognition; 2) Validate the Incident; 3) Stop All Collection; 4) Report the Incident; and 5) Purge the Data. An office called SV41 is responsible for providing guidance on possible incidents and responding to incident reports. The lesson concludes with a knowledge check.

Document 12: NSA’s 702 Training for NSA Adjudicators

This training course is designed for 702 adjudicators, who are responsible for reviewing targeting requests to ensure they satisfy 702 targeting requirements and procedures and helping analysts refine their requests so as to reduce compliance incidents. The course is mostly scenario-based and walks adjudicator-trainees through the process of reviewing and approving or denying targeting requests. The systems and tools used in that process are also discussed. The lesson then explains the requirements for TARs and Foreignness Explanations, mirroring the analyst training course transcribed in document 11, and what occurs after an adjudicator either accepts or denies a targeting request. The course concludes with exercises that take the trainee through the Adjudicator’s Checklist.

Document 13: NSA’s 702 Adjudication Checklist

The majority of the checklist is redacted, but visible tasks include: “Ensure the selector being tasked is actually the selector being supported by the source and Foreignness Explanation”; “Check that the Foreignness Explanation presents a reasonable belief that the target is outside the U.S. and that this information is contained in the source(s) provided”; “Review the TAR and ensure it meets the criteria of justifying the tasking and serves as a tie between the target and requested certification”; and “Ensure the source is valid and replicable”.

Document 14: NSA’s Inspector General Report – 2013 Annual Report

This letter, sent to the Director of National Intelligence, summarizes the NSA OIG’s oversight of FAA 702 during the 12-month period ending on August 31, 2013. It explains that OIG prepared two reports on Section 702 implementation. The first report studied management controls over Section 702, and the second studied management controls for a redacted program. The letter summarizes the number of reports containing 702-authorized collection (redacted) and specifies that 3,477 contained at least one U.S. person reference. It notes that the NSA released a redacted number of U.S. person identities upon request, mostly from within the intelligence community and law enforcement. The letter notes two preliminary compliance incident notices that DOJ filed, both related to post-tasking checks for telephony selectors. The NSA worked to address those matters.

Document 15: NSA’s Inspector General Report – 2014 Annual Report

Mirroring document 14, this letter to the DNI summarizes OIG’s monitoring of the 702 program during the 12-month period ending on August 31, 2014. The letter notes two OIG studies on the 702 program. The first study, published in October 2013, studied management controls of a redacted matter. The second studied implementation of the 702 program, including controls to protect U.S. persons, non-compliance incidents, and how 702 data supports intelligence missions. The letter summarizes statistics related to 702-derived reporting. The total number of reports is redacted, but 3,966 reports contained at least one reference to U.S. person. The NSA released a redacted number of U.S. person identities upon request, mostly from within the intelligence community and law enforcement. A redacted number of non-U.S. person selectors believed to be located outside of the U.S. at the time of tasking were later determined to have been accessed from within the U.S..

Though heavily redacted, the letter specifies that in August 2013, DOJ filed a preliminary compliance incident notice about a post-tasking check related to telephony selectors that did not always account for a redacted tasking method. In October 2013, DOJ filed another notice about another redacted matter related to telephony selectors. The NSA addressed technical issues and amended minimization procedures to address the uncertainty about target location arising from the post-tasking review issues.

Document 16: NSA’s Inspector General Report – 2015 Annual Report

Like documents 14 and 15, this letter, addressed to DNI Clapper, surveys OIG’s oversight of the 702 program during the 12-month period ending on August 31 2015. The OIG completed one study of 702 compliance, which focused on the controls protecting U.S. person privacy, non-compliance incidents, and the use of 702 data to support intelligence missions. The number of reports including data collection under 702 is redacted; 4,318 of those reports included at least one U.S. person reference. The NSA disseminated a redacted number of U.S. person identities, mostly in response to requests from within the IC or federal law enforcement agencies. A redacted number of non-U.S. person selectors reasonably believed to be located outside of the United States at the time of tasking were later determined to be accessed from inside of the country. Further details are redacted. The report does not note any DOJ preliminary notices of compliance incidents for this period.

Document 17: NSA’s Training on FISA Amendments Act Section 702

This document is a training transcript related to 702 compliance for all personnel who require access to raw signals intelligence containing 702-derived intelligence data. This transcript is dated August 16, 2016. The course is required annually and has two prerequisites.

Lesson 1, “FAA Section 702 Overview,” explains that 702 allows the NSA with the legal means to compel U.S. electronic communications service providers to aid in the acquisition of foreign intelligence from non-U.S. persons reasonably believed to be located outside of the United States and believed to “possess, receive, and/or is likely to communicate foreign intelligence information regarding an approved target set.” The lesson cites FAA definitions of U.S. persons, locations designated as in the U.S., and foreign intelligence information. Reverse targeting is not allowed. The lesson also describes the Attorney General/Director of National Intelligence certification process, noting that most certifications last one year, that the FISC decides whether to approve a certification, and that certifications include a list of targeting procedures, minimization procedures, and a foreign power target list. The lesson provides a heavily redacted overview of the difference between UPSTREAM and DOWNSTREAM collection. Last, the lesson describes 702-related cooperation with the FBI and CIA. Each agency has its own minimization procedures, but all three must comply with NSA targeting procedures.

Lesson 2, “Pre-targeting basics under 702,” begins by discussing how to determine whether a potential target would satisfy a foreign intelligence purpose, reiterating that targets “must be reasonably believed to possess, expected to receive, and/or likely to communicate foreign intelligence information about” a redacted set of topics and ways to link targets to existing certifications. The lesson next addresses how to satisfy the foreignness test—that is, to assure that the target is not a U.S. person and is not located in the United States. The NSA assesses the foreignness of a target based on the “totality of circumstances,” standard meant to ensure that analysts take a holistic review of available information on a potential target. Trainees should use the most recent information available to document their targeting and decision-making rationale in the tasking tool.

The next section pertains to documenting targeting decisions. Targeting procedures require documentation of certain information related to targets. The required information in the targeting rationale is:

  • the target (user)
  • the link between the user and the selector to be targeted
  • foreign intelligence purpose for the targeting and expected foreign intelligence to be gained

NSA personnel “cannot use purged data to support a foreignness determination.” When retargeting a selector, an analyst must provide:

  • a new assessment of foreignness
  • a new foreign intelligence purpose
  • new memorialization/documentation that will be subject to internal and external oversight (see Compliance Advisory #51 for more information)

Analysts should always evaluate targeting history when considering the “totality of circumstances,” including the possibility that a selector was previously targeted by another analyst. A list of examples of prior issues is redacted.

The Attorney General’s 2008 guidelines notes four specific prohibitions related to the foreignness of a target:

  • NSA may not intentionally target any person known at the time of acquisition to be located in the U.S.
  • NSA may not intentionally target a person reasonably believed to be located outside the U.S. if the purpose of such acquisition is to target a particular, known person reasonably believed to be in the U.S. (a/k/a no “reverse-targeting”).
  • NSA may not intentionally target a U.S. person reasonably believed to be located outside the U.S.
  • NSA may not intentionally acquire any communication as to which the sender and all intended recipients are known at the time of acquisition to be located in the U.S. (a/k/a “domestic communications”)

Even with the consent of a particular person, Section 702 does not authorize the targeting of any person believed to be a U.S. person or located inside of the U.S.

Lastly, the lesson says that the NSA is responsible for all targeting and that all targeting follows NSA Targeting Procedures. FBI has its own Targeting Procedures as an implementing agency. Both CIA and FBI may nominate selectors to the NSA in compliance with the NSA’s Targeting Procedures, and those agencies “may receive unminimized and unevaluated data from those nominated selectors.”

Lesson 3, “Post-targeting checks,” covers analysts’ post-targeting continuing obligations to ensure legal compliance. After targeting, Section 702 data, other signals intelligence collection, open source data, or leads from third parties or other agencies may provide information related to targeting decisions, such as the location or U.S. person status of a target. That information must continue to support a reasonable belief that the intended target is valid under 702 requirements. Analysts have an obligation to review collected data to ensure an ongoing reasonableness belief. Analysts need to review enough communications to be confident that the NSA is not intentionally collecting on invalid targets.

The NSA lacks authorization to intentionally acquire domestic communications; with few exceptions, any domestic communications must immediately be destroyed. The only exceptions are when the Director determines that the target was properly targeted and that the communication:

  1. Is reasonably believed to contain significant foreign intelligence information
  2. Contains evidence of a crime
  3. Contains information on cryptanalytic, traffic analytics, or signal exploitation purposes or is necessary to understand or assess a communications security vulnerability; or
  4. Contains information pertaining to an imminent threat of serious harm to life or property.

Such findings must be in writing and must occur on a communication-by-communication basis

Analysts must confirm that all communication is “to,” from,” or “about” a target, and the NSA must destroy any communications which are not.

According to the FISC, a one-day delay between the judgment that a detargeting is necessary and actual detargeting constitutes a compliance incident. Detargeting must occur on the same day or shift as the detargeting decision. Based on a subsequent section, this commentary may be included in relation to “roamers,” or targets whose location status changes.

If a target is confirmed to have entered the U.S., then the analyst must immediately detarget and file a “confirmed roamer” incident report. There is a limited exception to this policy: the Director may determine that a time-lapse in targeting a non-U.S. person that has entered the U.S. would pose a threat of death or serious bodily harm. In that case, selectors belonging to that target maybe kept on task for up to 72 hours while the agency obtains an emergency Title I FISA authorization. An analyst who believes he or she has identified such a case should contact SV (an office responsible for providing guidance on possible incidents and responding to incident reports) and the Office of General Counsel.

If an analyst collects an ostensibly foreign communication but later determines that the target is actually a U.S. person or located in the U.S., then the analyst must immediately detarget the selector to avoid incidental collection. Those communications must then be treated as domestic communications and, with limited exceptions, must be purged. If an analyst discovers communications between a target and the target’s attorney, the analyst must contact OGC for further instructions. The same policy holds true for any communications indicating evidence of a crime or criminal activity

Analysts are responsible for ensuring that detargeting is complete in the appropriate interface, though the interface is redacted. Analysts cannot retarget on the presumption that a target is likely to have left the U.S., but only on the basis of evidence that such a departure has occurred.

Lesson 4 is almost entirely redacted, including the subject in its title, except for the rules governing the use of U.S. person identifiers to query data:

  • Only run U.S. person queries against [redacted] and Telephony data. The minimization procedures prohibit querying FAA Section 702 UPSTREAM data using U.S. person identifiers. This restriction is in place because queries in UPSTREAM data may return results that do not contain the targeted selector..
  • When composing and executing your query, be sure to check your default data sets and use [redacted] as needed to prevent querying any UPSTREAM data
  • [redacted]
  • Design and document all database queries to be reasonably likely to return foreign intelligence information, as defined in FISA

NSA makes all such queries available to DOJ and ODNI for oversight during bi-monthly reviews.

Lesson 5, “Upstream and [Multiple Communication Transactions (MCTs)],” describes the UPSTREAM program and restrictions on the exploitation of information collected through the program. UPSTREAM collection acquires communications “to” or “from” a target, as well as communications from non-targeted selectors that contain information “about” a target. Those non-targeted communications may include domestic communications, because a U.S. person or person located in the U.S. may discuss the selector of a valid target. One internet transaction may contain multiple communications sent in a single package. Current UPSTREAM procedures cannot break apart MCTs. Whether MCTs are made available to analysts depends on analysis of the “active user.” Further information about this term appear to be redacted. Analysts are responsible for appropriately handling MCTs, even after NSA systems segregate certain transactions. Analysts may only use communications within MCTs that are “to,” “from,” or “about” the targeted selector. Analysts may review the entire MCT in making that determination. Analysts may use metadata, but must purge any metadata from domestic communications or if the metadata is otherwise problematic. If an analyst finds that any single communication within an MCT is a domestic communication, then the entire MCT must be purged.

There are two exceptions to the general rules governing MCTs. First, MCTs may be retained if they contain foreign intelligence; are not to, from, or about the targeted selector; and are not from an identifiable U.S. person or person within the U.S. Second, MCTs may be kept if it is to, from, or about a U.S. person or person located within the U.S., but can “be used to protect against an immediate threat to human life.” The decision to keep the latter information must be relayed to ODNI and DOJ.

Lesson 6, “Retention,” discusses the retention and destruction protocols for data obtained through different collection programs. Communications that have not been reviewed by an analyst may be retained for no longer than five years for telephony data and another redacted form of data, and two years for UPSTREAM data. The SIGINT Director may extend the UPSTREAM retention period to up to five years on a communication-by-communication basis. Any retention beyond five years requires approval from DNI.

DOJ may advise the NSA that data collected under Section 702 authority must be preserved due to pending or forthcoming litigation, even if that data would otherwise have to be destroyed.

NSA may retain data that would otherwise have to be destroyed if the Director issues a destruction waiver. A destruction waiver must fall into one of four categories:

  • Significant foreign intelligence
  • Evidence of a crime
  • Technical database information or COMSEC vulnerabilities
  • Imminent threat to life

Lesson 7, “Dissemination,” explains that at the NSA, only personnel with mission need and appropriate training may access 702-collected data and may only share the information through proper channels. At the FBI and CIA, only personnel who have received training on each agency's minimization procedures may access 702 data. Analyst-to-analyst transmission of unminimized data is not allowed. Unpublished data should not be provided to the CIA or FBI.

U.S. person information must be masked before dissemination.

U.S. person identifiers may only be released to people that require the identity, and only if one of the following conditions is met:

  • U.S. person has consented to dissemination or the specified U.S. person information [the analyst] wish[es] to disseminate is publicly available
  • U.S. person identity is necessary to understand the foreign intelligence or assess its importance
  • There are indications that the U.S. person is an agent of a foreign power, a foreign power, outside the United States and holding an official position in the government or military forces of a foreign power, a corporation or other entity owned or controlled directly or indirectly by a foreign power, or acting in collaboration with an intelligence or security service of a foreign power and the U.S. person has or has had access to classified national security information or material
  • U.S. person may be the target of intelligence activities of a foreign power
  • U.S. person is engaged in unauthorized disclosure of classified national security information (but only if the agency that originated the information certifies that it is properly classified)
  • U.S. person may be engaging in international terrorist activities
  • U.S. person communication was authorized by a court order AND the communications may relate to the foreign intelligence purpose of the surveillance
  • There is evidence of a U.S. person engaging in a criminal activity (consult with OGC)

In instances where there is an immediate threat to life, normal prior written approval is not necessary, but some redacted checks remain in place. The definition of immediate is redacted.

Information containing sensitive or sensational information must be sent to a redacted team, but that team does not need to see all reports containing U.S. person information. OGC must receive notification before the dissemination information protected by attorney-client privilege. Section 702-derived information may not be used in “any criminal proceeding, immigration proceeding, or in any other legal or administrative proceeding” without pre-approval from the Attorney General. OGC coordinates those requests.

All information derived from Section 702 authorities should be caveated appropriately “to indicate the purpose of the information contained within the report or document.” The caveats that the NSA uses for this purpose are mostly redacted. There is an “FBI FISA Caveat” section. NSA analysts must document the collection authority and any U.S. identities in each disseminated report, regardless of the dissemination tool he or she uses. TOPI must recall any reports that do not meet dissemination standards but may reissue reports after masking U.S. identities. TOPI must also report any improper dissemination to SV.

The NSA may disseminate “evaluated and minimized” data to foreign governments, preferably through serialized product reports. Any dissemination to a foreign government requires the approval of the Signals Intelligence Director. ODNI and DOJ review all disseminations to foreign governments. The NSA may disseminate raw data to a foreign government for linguistic or technical assistance under Section 8(b) of the Minimization Procedures if the NSA lacks the relevant capabilities. The foreign partner must return the raw data at the end of the assistance, making no copies and using the data for no other purpose. All foreign assistance under Section 8(b) must be cleared by SV and OGC, who will keep records and make reports to DOJ and ODNI.

Lesson 8, “Compliance Incidents and Oversight,” discusses the requirement and procedures for the NSA to report non-compliance incidents to SV, OGC, the NSA IG, ODNI, and DOJ. Incidents can occur at any point. Compliance incidents occur any time NSA’s actions do not comply with statutes or minimization or targeting procedures. They may result from the actions of NSA or the actions of an electronic communications service providers. For example, a compliance incident occurs if an analyst mistypes a selector and targets the wrong email account, thus collecting on a person that does not meet targeting procedure standards.

One type of compliance incident occurs when a target's validity changes—either due to a change in U.S. person status, a change in location, or a change in foreign intelligence value—and the analyst does not detarget immediately.

Analysts that suspect that a reportable event has occurred must immediately contact SV. If a targeted selector is no longer appropriate for targeting, the analyst must detarget immediately. Incidents must be reported within five days business days to DOJ and ODNI. Failure to report an incident within the reporting requirements is a compliance incident.

The NSA may take remediation steps, including detargeting a selector, purging data ineligible for retention, and recalling disseminated intelligence reports. The NSA must document any purging in compliance incident documentation. The NSA may retain some domestic communications in limited exceptional cases documented in Section 5 of the minimization procedures. These three exceptions are when the communications are:

  • To notify the FBI of a target's presence in the U.S.;
  • If [NSA obtains] a Destruction Waiver; or
  • For collection avoidance purposes.

The NSA may inform the FBI when a target has entered the United States, including information about “where and when the target was assessed to be in the U.S.” The NSA would then restrict further use by placing the target on the Master Purge List.

ODNI and DOJ review three categories of information in bi-monthly reviews:

  1. Targeting/tasking: Reviewers look at every tasking sheet, including new selectors and the retargeted selector, that the NSA has prepared in a two-month period. When the NSA cannot produce additional information responsive to oversight inquiries, the agency typically must “detarget the selectors and purge any collected data.”
  2. Dissemination of U.S. person information: Reviewers evaluate minimization of U.S. person information and confirm appropriate use of caveats.
  3. Queries using U.S. person terms as selectors: DOJ and ODNI review U.S. person queries to ensure they are appropriately designed to return foreign intelligence information and that U.S. person identifiers are not used to query UPSTREAM data.

The NSA may depart from normal minimization procedures in emergency situations to protect against “an immediate threat to human life (such as in the case of force protection or hostage situations), but must notify ODNI and DOJ NSD in consultation with OGC. Whether an emergency or not, “it is NEVER appropriate to target a selector used by a U.S. person in the U.S. under FAA Section 702 or to do anything else in violation of the statute.”

Document 18: NSA’s 702 Metric Executive Briefs December 2013 – January 2017

This document is a collection of monthly executive briefing slides on NSA Section 702 reports. The only unredacted slides show the number of reports using Section 702-collected data and the how the reports are used in a particular month. The four listed purposes are analytic support, background information, executive support, and operational support. Summaries of the unredacted slides are below.

A graph shows that from 2008 to 2013, the number of Section 702 reports produced per year increased. Specific numbers are redacted. Additional graphs show that this trend continued from 2014 to 2016.

Another graph shows that in December 2014, 702 reports were used mostly for analytic support. The second most common uses, at about equal incidences, were operational support and background information. The fourth, final, and least common use was executive support.

For terrorism-specific reports in December 2014, the most used purpose was analytic support, followed by operational support, background information, and executive support.

A graph showing the relative use of 702-derived data in the President’s Daily Brief for December 2014 is redacted.

The same trends hold true for graphs showing data for December 2015, January 2016, February 2016, and March 2016.

In April 2016, the use of general reports for background information increased. The relative hierarchy of uses for that month is analytic support, background information, operational support, and last, executive support. For terrorism related reports, the relative hierarchy is analytic support, background information, executive support, operational support. It appears that the April 2016 terrorism-specific report slide is mislabeled March. It is categorized with the April reports, and there is a separate March 2016 report in the March section with different findings. (Editor’s note: Lawfare is reaching out to the FOIA office at ODNI to verify this conclusion.)

These trends continue through May and June 2016. In July 2016, the relative ranking of uses for general reports is (1) analytic support, (2) background information, (3) operational support, and (4) executive support. This ranking holds for terrorism-specific reports.

Sarah Grant is a graduate of Harvard Law School and previously spent five years on active duty in the Marine Corps. She holds an MPhil in International Relations from the University of Cambridge and a BS in International Relations from the United States Naval Academy. The views expressed here are her own and do not reflect those of the Department of Defense, the Marine Corps, or any other agency of the United States Government.
Matthew Kahn is a third-year law student at Harvard Law School and a contributor at Lawfare. Prior to law school, he worked for two years as an associate editor of Lawfare and as a junior researcher at the Brookings Institution. He graduated from Georgetown University in 2017.
Shannon Togawa Mercer is a senior associate at WilmerHale. Her practice focuses on complex global data protection, privacy, and cybersecurity matters. Ms. Togawa Mercer has extensive experience counseling clients on cross border data protection and privacy compliance as well as cyber incident response. She has practiced in London and Washington D.C. and previously served as Managing Editor and Senior Editor at Lawfare. Ms. Togawa Mercer also served as National Security and Law associate at the Hoover Institution.

Subscribe to Lawfare