The government today made public more documents related to the “telephony records program,” as well as other surveillance-related documents, all of which can be accessed on a tumblr page of the Director of National Intelligence.
There is a ton of stuff in this release — it’ll take some time to read it all. Perhaps the most significant are:
— Two FISC opinions — the first issued by Judge Colleen Kollar-Kotelly [apparently in 2006], and the second issued by Judge John Bates — concerning a now-discontinued NSA bulk email metadata program authorized under Section 402 of FISA, the Pen Register and Trap and Trace (PR/TT) provision;
— the 1986 and 2011 versions of U.S. Signal Intelligence Directive 18, which sets forth the minimization policies and procedures regarding NSA’s SIGINT activities, including the rules for the collection, retention, and dissemination of information about U.S. persons;
— what appears to be the government’s initial 2006 brief to the FISC in support of the requested business records order for bulk telephony metadata.
Here is the DNI’s description of all of the released materials:
Training. The documents released today include a number of internal NSA documents, including training slides and internal guidance. These documents explain in detail rules that have been put in place to ensure compliance with the law and to protect privacy rights in conducting the NSA’s signals intelligence mission. Together, these documents demonstrate the care with which NSA’s foreign intelligence collection pursuant to Section 501 is run, managed, and overseen. Each of the training documents details the efforts that NSA makes to ensure that the restrictions under which NSA operates are ingrained in the workforce charged with implementing the authority granted by Congress and authorized by the FISC.
Minimization Procedures. In addition, as part of the Government’s continuing effort to provide the public with additional information about how NSA conducts its activities, the DNI is publicly releasing United States Signal Intelligence Directive 18. This directive details policies and procedures designed to ensure that NSA’s missions and functions are conducted as authorized by law and in a manner that is consistent with the Fourth Amendment to the Constitution. The directive sets forth the minimization policies and procedures regarding NSA’s SIGINT activities, including the rules for the collection, retention, and dissemination of information about U.S. persons.
Electronic Communications Metadata Collection Opinions. Finally, the DNI has authorized the declassification and public release of two opinions of the FISC concerning a now-discontinued NSA bulk electronic communications metadata program. The FISC authorized this program under Section 402 of FISA, the Pen Register and Trap and Trace (PR/TT) provision. Previous public releases by the DNI, including the FISC’s opinion from October 3, 2011, referenced this program, and the fuller explanation of the program provided by today’s release extends the DNI’s commitment to providing greater transparency for FISA activities. Except for a brief period, the FISC reauthorized this program approximately every 90 days from its inception until it was discontinued in 2011. Throughout its operation, the program was briefed to the Intelligence and Judiciary Committees of Congress and generally referenced in the then-classified white papers provided to Congress during reauthorization of the USA PATRIOT Act in 2009 and 2010.
The discontinued PR/TT program shared certain similarities to the NSA’s bulk telephony metadata program—the subject of previous releases—in that the PR/TT program sought only the metadata associated with electronic communications and not their content; moreover, querying the metadata for both programs was permitted only for authorized counterterrorism purposes. Additionally, both programs operated with similar access, retention, and dissemination restrictions proposed by the Government and approved by the FISC. Given these operational similarities, many of the documents released today address both programs, sometimes side by side, even though, as noted above, the PR/TT program was conducted pursuant to a different legal authority from that authorizing the NSA’s bulk telephony metadata program. At all times, the PR/TT program collected metadata from only a small percentage of world wide electronic communications traffic.
Additional Information on the Discontinued PR/TT Program
Under the now-discontinued PR/TT program, the FISC, after finding that the Government’s applications satisfied the requirements of FISA and the Constitution, approved orders that enabled the Government to collect electronic communications metadata, such as the “to,” “from,” and “cc” lines of an email and the email’s time and date. This program did not authorize the collection of the content of any electronic communications. Under this program, NSA could not read the content of any electronic communications for which the metadata was acquired. Like NSA’s bulk telephony metadata program, this program was subject to several restrictions approved by the FISC, such as:
- The information had to be stored in secure databases.
- The information could be used only for counterterrorism purposes.
- The databases could be queried using an identifier such as an email address only when an analyst had a reasonable and articulable suspicion that the account or email address was associated with certain specified foreign terrorist organizations that were the subject of FBI counterterrorism investigations. The basis for that suspicion had to be documented in writing and approved by one of the 22 designated approving officials identified in the Court’s Order. Moreover, if an identifier was reasonably believed to be used by a United States person, NSA’s Office of General Counsel would also review the determination to ensure that suspected association was not based solely on First Amendment-protected activities.
- NSA was required to destroy the bulk metadata after a set period of time.
The Documents Released
The first PR/TT document released today is an opinion and order from the FISC that carefully analyzed and approved the Government’s application to initiate this collection program. The Court’s detailed 87-page opinion and 18-page order demonstrate the Court’s searching and exhaustive review of the proposed program prior to its implementation. The opinion not only details the program’s legal basis but also explains the procedures that NSA was required to follow in administering the program. The Court concluded that the NSA collection program was permissible under both FISA and the Constitution.
The second PR/TT document released today is a 117-page FISC opinion, which authorized NSA to re-initiate the program following the Government’s suspension of the program for several months to address compliance issues identified by the Government and brought to the Court’s attention. As the Court’s opinion explains, these incidents involved three general categories of compliance issues: (1) access to the metadata; (2) disclosure of query results and information derived from them; and (3) overcollection. Because of the significance and complexity of these incidents, the Government did not seek an order from the FISC to renew the program when it expired on its normal schedule, thus essentially suspending the program for several months. As detailed in the opinion released today, the Government addressed these concerns during that period and, after a careful review, the FISC approved the Government’s application to resume collection on a modified basis.
As previously stated, this electronic communications metadata bulk collection program has been discontinued. The Intelligence Community regularly assesses the continuing operational value of all of its collection programs. In 2011, the Director of NSA called for an examination of this program to assess its continuing value as a unique source of foreign intelligence information. This examination revealed that the program was no longer meeting the operational expectations that NSA had for it. Accordingly, after careful deliberation, the Government discontinued the program.
Both of these opinions contained extensive technical discussions of the particular means by which the collection was to be accomplished, particular targets of the collection, and other sensitive intelligence matters that must remain classified. Accordingly, they are being released in redacted form.
Executive Branch Initiatives
Upon discovery in 2009 of longstanding compliance issues associated with NSA’s electronic communications and telephony bulk metadata collection programs, NSA recognized that its compliance and oversight structure had not kept pace with its operational momentum and the evolving and challenging technological environment in which it functioned. NSA, in close coordination with the Office of the Director of National Intelligence and the Department of Justice, therefore undertook significant steps to address these issues from a structural, managerial, and training perspective. The Director of NSA ordered comprehensive reviews of both of these collection programs to ensure that they were being implemented in accordance with all applicable legal requirements. Concurrently, NSA created the position of Director of Compliance to focus on the NSA-wide structural, managerial, and training improvements necessary to keep NSA’s activities consistent with the law, policies, and procedures designed to protect privacy.
NSA continues to enhance training for both operational and technical personnel. NSA has added additional technology-based safeguards and has implemented procedures to ensure accuracy and precision in its filings before the FISC. NSA has also enhanced its oversight coordination with the Office of the Director of National Intelligence and the Department of Justice. NSA’s senior leadership is directly involved in and responsible for compliance efforts across NSA, including regular senior leadership reviews of NSA’s privacy compliance program.
Since 2009 and the discovery of the compliance incidents related to NSA’s bulk metadata programs, the Government has continued to increase its focus on compliance and oversight. Today, NSA’s compliance program is directly supported by over three hundred personnel, a threefold increase in just four years. This increase was designed to address changes in technology and authorities enacted as part of the FISA Amendments Act to confront evolving threats. This increase also reflects the commitment on the part of the Intelligence Community and the rest of the Government to ensuring that its intelligence collection activities are conducted responsibly and in accordance with the law.
The Government continues to evaluate whether additional information concerning the use of FISA authorities can be made public, consistent with protecting national security.