OCR of the Document

NSA Office of the Inspector General Releases Three Reports 17 February 2016 The National Security Agency NSA is releasing today three reports by NSA’s Inspector Genera about the Agency’s compliance with a current and former statute authorizing electronic surveillance The reports detail steps NSA has taken to adhere to the law and highlight the importance of these leg authorities to the Agency’s national security mission They also reveal some procedural and other deficiencies that have been subsequently corrected NSA reported the incidents to Congress as required All three reports – more than 300 pages total – confirmed that there had been no cases of intentional violation of laws NSA released the reports under a Freedom of Information Act request They are being published on NSA gov to help raise public awareness of the Agency’s foreign intellige mission and to highlight the Agency’s ongoing commitment to compliance with the law The NSA Inspector General’s rigorous independent and continuous reviews are an essential part of the Agenc extensive oversight These reports issued over a five-year period beginning in 2010 concern NSA activities conducted pursuant to two authorities Section 702 of the Foreign Intelligence Surveillance Act FISA which authorizes targeted surveillance of foreign persons located outside the United States in certain cases and Section 215 of the USA PATRIOT Act which was replaced last year by the USA FREEDOM A NSA itself initiated two of the reports and one was requested by members of the Senate Judiciary Committee Below are highlights from these NSA Office of the Inspector General OIG reports NSA OIG report ST-14-0002 This report issued on February 20 2015 was compiled by the OIG at the request of members of the Senate Judiciary Committee The OIG reviewed the controls implemented by NSA in carrying out activities pursuant to two FISA authorities The first was Section 702 which was enacted as part of the FISA Amendments Act of 2008 and authorizes the targeting of non-U S persons reasonably believed to be outside the United States to acquire critical foreign intelligence information This collection authority is one of the Intelligence Community’s most significant tools for the detection identification and disruption of terrorist threats to the United State and its allies The second authority examined by the OIG was Section 215 of the USA PATRIOT Act Pursuant to Section 215 NSA was authorized to collect in bulk certain telephone metadata This program operated from 2006 until its termination by statute on November 28 2015 Section 215 wa amended by the USA FREEDOM Act which was enacted on June 2 2015 and became effective on November 29 2015 The USA FREEDOM Act made significant changes to NSA’s authority to collect telephone metadata pursuant to the Foreign Intelligence Surveillance Act and was not the subject of OIG’s review so significant portions of the report are no longer relevant to NSA’s activities The report presents a detailed comprehensive picture of the operation of the Section 702 program Specifically it describes the extensive internal and external oversight and compliance regi including access restrictions training requirements and technical controls – as well as limits on data retention and dissemination of information The report also notes a number of unintentional compliance failures and describes the controls put in place to mitigate recurrence The report furthe notes that Section 702 contributes significantly to NSA’s mission NSA OIG report ST-11-0009 This report focused solely on Section 702 and was issued on March 29 2013 It reviewed the system of management controls that NSA implemented including training access and multiple levels of review and oversight The OIG did not identify any areas of no compliance It recommended several areas in which controls over compliance with Section 702 coul improved including a lack of clear guidance to analysts inadequate documentation and insufficient training in some instances In each case NSA’s Signals Intelligence Directorate agreed with the OIG’ recommendations and implemented corrective action plans NSA OIG report AU-10-0023 This report which covered only certain aspects of NSA’s implementation of Section 702 was issued on November 24 2010 Specifically the report reviewed process by which NSA transitioned from collection pursuant to Section 702 to other authorities under FISA The OIG identified the lack of a standardized process which created the potential for gaps in lawful surveillance coverage The Agency has since implemented an improved transition process Moreover Section 701 of the USA FREEDOM Act subsequently clarified surveillance procedures in tha regard The National Security Agency is tasked with a complex foreign intelligence mission and is dedicated in its respect for U S laws and policies There is a robust internal and external oversight structure in which all three branches of government play a key role as well as a rigorous internal compliance program The three NSA OIG reports published here are intended to help raise public awareness of the Agency’s mission and to highlight ongoing commitment to compliance with the law DOCID 4273445 f -P SE CR£T VCOMilt11WNf l 9Ri¥ NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE U Final Report of the Audit on the FISA Amendments Act §702 Detasking Requirements AU100023 24 November 2010 DERIVED FROM NSA CSS Manual 152 DATED 08 January 2007 DECLASSIFY ON 2Q3261Ug 1 UP SE CRE 1 1 COJYillv 1 Jiv Of t1R1v pproved for Release by NSA on 02 112016 FOIA Case #80120 litigation 1 DOCID 4273445 l'Q TOP SECRE'l ICOMlNl NOFOR U NSA OFFICE OF THE INSPECTOR GENERAL U The NSA Office of the Inspector General OIG conducts audits investigations inspections and special studies Its mission is to ensure the integrity efficiency and effectiveness ofNSA operations provide intelligence oversight protect against fraud waste and mismanagement of resources and ensure that NSA activities are conducted in compliance with the law The OIG also serves as an ombudsman assisting Agency employees civilian and military with complaints and questions U Intelligence Oversight U The OIG Office oflntelligence Oversight reviews NSA's most sensitive and highrisk programs for compliance with the law U Audits U The OIG Office of Audits within the OIG provides independent assessments of programs and organizations Performance audits evaluate the effectiveness and efficiency of entities and programs and assess whether NSA operations comply with federal policies Information Technology audits determine whether IT solutions meet customer requirements while conforming to information assurance standards All audits are conducted in accordance with standards established by the Comptroller General ofthe United States U Investigations and Special Inquiries U The OIG Office oflnvestigations administers a system for receiving and acting on requests for assistance and complaints about fraud waste and mismanagement Investigations and special inquiries may be undertaken as a result of such requests and complaints including anonymous tips at the request of management as the result of questions that surface during inspections and audits or at the initiative of the Inspector General U Field Inspections U The Office of Field Inspections conducts site reviews as part of the OIG's annual plan or by management request Inspections yield accurate uptodate information on the effectiveness and efficiency of field operations and support programs along with an assessment of compliance with federal policy The Office partners with Inspectors Gener al of Service Cryptologic Components and other Intelligence Communjty Agencies to conduct joint inspections of consolidated cryptologic facilities DOCID 4273445 A U100023 O FFICE OF TH E INSP ECfOR GEN ERAL NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE 24 November 2010 IG11226 10 TO DISTRIBUTION SUBJECT U Audit of the FISA Amendments Act FAA §702 Detasking Requirements AU 100023 ACTION MEMORANDUM 1 U This report summarizes the results of our audit of the FISA Amendments Act FAA §702 Detasking Requirements AU10 0023 and incorporates management's response to the draft report 2 U FO UO As required by NSA CSS Policy 160 NSA CSS Office of the Inspector General actions on OIG audit recommendations are subject to monitoring and followup until completion Therefore we ask that you provide a written status report concerning each planned corrective action categorized as OPEN If you propose that a recommendation be considered closed please provide sufficient information to show that actions have been taken to correct the deficiency If a planned action will not be completed by the original target completion date please state the reason for the delay and yrovide a revised tar et completion date Status _ Assistant Inspector General reports should be sent to _ for Follow up at OPS 2B Suite 6247 within 15 calendar days after each target completion date c • 3 U j FOU O We apprec iate the courtesy and cooperation extended to the auditors throughout the review For additional l on 963 0957 or via email at information please conta ctl I ∙∙ I ·· b 3 P L 86 36 1 u rJit2Ad Inspector Genera l DOCID 4273445 AU100023 DISTRIBUTION cos OGC SID cc - ------____ J G L1- - SID I SAE _-· ·- ' - - -- ---- r J D12 Dl4 ··· as1 onr ∙ _ _ _ IG D 1 - · ·- ∙ T-Il ∙_∙ ∙_ I - Dlj ∙∙ _ ∙ ' ''' b 3 l P L 8636 DOCID 4273445 A U100023 U TABLE OF CONTENTS U EXECUTIVE SUMMARY iii I U INTRODUCTION 1 II U FINDING AND RECOMMENDATION 5 U FINDING Gaps inl _ __ __ l coverage Exist 5 U ACRONYMS AND ORGANIZA'l IONS 19 b 3 P L 86 36 U APPENDIX A About the Audit U APPENDIX 8 Data Analysis U APPENDIX C Full Text of Management Responses i DOCID 4273445 AU100023 U This page intentionally left blank 'fOP SECRF fh'COlvfH• 'Ft'NOFOAAr ii DOCID 4273445 AU10 0023 U EXECUTIVE SUMMARY 'fb 1 b p P L 8636 usc 3024 i b 3 so U OVERVIEW I 1 I ftf JL TO U A If V 1 1i Section 7 02 of the Foreign Intelligence Surveillance Act FISA Amendments Act of 2008 FAA has strengthened Signals Intelligen ce SIGINT collection particularly against terrorist targets From September 2008 to March 2010 the number of SIG INT re orts that inc or orated FAA 702 sour ' ted collection T I I fffi' Under the law collection under FAA §702 must cease in certain circumstances potentially resulting in a gap in coverage To regain coverage NSA must transition to another authority for continued collection such as a FBI FISA Order The Agency does not have a consistent process to ensure a seamless transition from FAA §702 authority to FBI FISA Orders U HIGHLIGHTS U Gaps Jnl • v • • ∙∙∙ ∙ 'b ' '3' ∙∙∙ ∙∙ ∙∙∙∙ ' DL v coverage exist v vn r v D 1 Analysis of detasking for FAA §702 compliance _ ∙∙∙∙∙∙∙∙ P L 8 9 6 ∙∙∙∙∙ ∙∙∙∙∙∙ ∙∙∙∙∙∙∙ U Signific nce TS7' Sft t r' otJ I t t I 1 b i SJJ J r • tS 01 R EL TO USA 'T'' ' ' 'TI 1 TDI 00 usc b 3 -s 36 024 i I I Need for standardized process The Agency lacks a standardized process I l'Bl' V ∙ ·· U I I POUO Management Response U I IFOUQ1 The recommendation is being addressed by manage • ∙∙ ∙ ∙∙ I ∙∙ • ¢ nt b 1 TOP SECR£'fi5'COMtNf' 'NO PORN iii b 3 P L 8636 b 3 so usc 3024 i DOCID 4273445 AU100023 U This page intentionally left blank 'fOP 5lCRl'f' itOlv t'NTJ 'NOf OttN iv DOCID 4273445 1UP SECRLYI 'COl'ffflV'f J' IOt'ORN AU100023 I U INTRODUCTION U Background T5Fl1r ∙∙∙∙∙ 1 T S NE Section 702 ofthe Foreign Intelligence Surveillance Act ' 'FTSA Amendments Act QJJ Q08 FAA enhances surveillance against foreign nationals outside the 'tJnitea ∙∙states ∙d I b 3 so usc 302 4 1§702 effectively broadened ∙ 1 access to cntical targets of interest particularly terrorists From September 2008 when FAA was implemented to March 2010 the number of Signals Intelligence SIGINT reports that incorporated §702 sourc ed c ollection 1 I b 3 - p · - 6-36 b' ''Yi ∙ ∙ ∙∙ ∙ ∙ b 3 P L 8636 TS 91 tHi' Collection under FAA §702 must cease under certain circumstances Detasking is required when a tar et is determined to be enterin or to have entered the United St ates ∙∙∙ - · · b 1 b 3 P L 8636 b 3 50 usc 3024 · · Collection also m'l lst∙c∙ease when a tar et is found to be a U S p To regain coverage of such a target collection must transition to another authority for example a Federal Bureau of Investigation FBI FISA Order The transition from FAA §702 to another authority may not be seamless thereby creating a gap in coverage and potentially causing a risk to U S security This audit assessed the circumstances and extent of the FAA §702 coverage gap by examining tasking and detasking records FBI FISA data traffic collected and purged and SIGINT reporting U FAA §702 'FS 91 tiF FAA §702 allows NSA to use the assistance of U S telecommunications and Internet service providers to target non USPs outside the United States After the Attorney General and the Director of National Intelligence file a joint certification that certain statutory requirements have been met and the certification is approved by the FISA Court FISC NSA may conduct foreign intelligence surveillance of the content of communications The certification includes an affirmation that the surveillance targets only nonUSPs reasonably believed to be outside the United States The certification is submitted to the FISC and typically is approved for one year Acquisition under a certification must adhere to targeting and minimization procedures approved by the Court As of August TOP ECRET $€0 '•fFNTh' •JOFORH 1 DOCID 4273445 AU10 0023 201 O l NSA was authorized to conduct FAA §702 collection under 1 certifications ∙∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙ ∙∙∙ •∙∙∙∙ ∙∙∙∙∙∙∙∙ ∙∙∙∙ ∙∙∙∙ BHl b 3 ∙∙ ∙p ∙ ∙∙J 8636 b 3 50 usc · 302 i ∙∙∙∙∙∙∙∙ U I IF OUO Other FISA authorities provide alternative means to obtain collection against foreign intelligence targets when NSA must stop collection detask pursuant to FAA §702 • U FAA §704 U I FO UO Other Acquisitions Targeting USPs Outside the United States A FISC Order is required but surveillance techniques are not reviewed by the court • U FAA §705b U I FOU9 Joint Applications and Concurrent Applications When a FISA Order tha t authorizes surveillance of a target inside the United States is in place the Attorney General can authorize targeting while the USP is reasonably believed to be outside the United States • U FBI FISA Order S SI REL 'fO FVEY The FBI is authorized under a FISC Order to perform searches and electronic surveillance against · number l __ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙a gent s∙∙∙∙ora ∙roreigh power Und∙er FISC docket b 1 b 3 P L 8636 known as the Raw Take Sharing Order dated July 2002 NSA b 3 50 usc 3024 i is able to receive most FBI FISA collection U Increased use of FAA §702 Authority 8 SI REL 'fO USA FVEY According to analysts in the Signals Intelligence Directorate SID collection under FAA §702 authority is productive and grew in the 19 months between September 2008 and March 2010 Increased tasking under FAA §702 authority has resulted in increased SIGINT reporting The Agency has also experienced an increase in compliancerelated detaskings of selectors 2 DOCID 4273445 AU100023 TOP SECRET $'COltffNI 5'l'lOFORN U Tasking 6 SI RBL 'fO USA FVBY Tasking by s electo d rm _ _ b 3 ∙ _so usc ∙∙∙ ao2 ·-- i -· · ∙∙∙∙∙∙∙∙ ∙∙ ∙∙ · · I TO usA FVEYI compliance reiatedt detasking l dl ifi tl s1gn 1can y Increase _ lr-· - l - _____ ____ 1 _ ___ U SIGINT reportirig ∙ ∙∙∙ ∙∙∙ S SI RSL TO USA FVEY R portin ∙∙∙∙ ∙∙ under FAA 702 authori increas ∙ed∙ ____ 1 ∙∙∙ based on collection S SI ' 'RE L TO USA F'lEY U NSA oversight of FAA §702 collection 6 SI RSL 'fO USA FYSY In addition to the analysts' obligation to review the status of their selectors the SID Oversight and Compliance Office SV is responsible for monitoring compliance with FAA §702 and tracking detasking SV monitors selectors through _ special tools to ensure c Pl I19 J ∙ l ' b 3 P L 8636 j when a∙ C'6mp1iance problem exists SV contacts the Targeting Office of Primary Interest TOP and requests that its personnel research the selector before detasking SV is also responsible for maintaining a Protect America Act PAA FAA Incident database to record and track incidents and provide that information for external oversight by the Department of Justice DoJ and the Office of the Director of National Intelligence I TOP SECR£Tht 01dfNT 5'NOFORH 3 DOCID 4273445 AU100023 U This page intentionally left blank TOP 8ECRE1 $'CObflN1 5'NOFORN 4 DOCID 4273445 AU100023 'f'OfJ ECR E'f»'COlfffN'f 'NOFOftN II U FINDING AND RECOMMENDATION U FINDING Gaps inLI ___ lcovera ·g · e Exisf∙ b 3 P L TSh'ShS'NF Although FAA §702 has provided important SIG NT collection theAgency has experiencedo vera e a s when transitionin from FAA 702 to another authorit ∙∙ ∙ U FAA §702 Implementation U FAA §702 procedures 'PS SI nF FAA §702 requires that NSA adopt procedures to ensure that its collection targets are nonUSPs reasonably believed to be outside the United States and to ensure that the Agency does not intentionally acquire communications known to be purely domestic NSA must also establish minimization procedures that reasonably balance its foreign intelligence needs against the privacy interests of USPs with respect to the collection retention and dissemination of information U FAA §702 detaskings for compliance U j FOUO In certain circumstances NSA must detask selectors to maintain compliance with FAA §702 and approved targeting and minimization procedures There are three broad reasons for detasking • U Roamers 3 31 j REL TO USA FVSY The foreign target is initially believed to be overseas but it is subsequent determined thaLthe tar et has en tered the United States ∙ '' b' ''' i•j•• - · · b 3 P L 8636 ∙∙∙∙∙∙ • U FOUO USP status determined after tasking £ SI f RSL TO USA F fEY The target is overseas and believed to be foreign but NSA subsequently determines that the target is a USP overseas b 1 b 3 P L 8636 usc 3024 i b 3 s∙o ' 5 I 7 f L 'fe usA FVE'td TOP SECRET fCa U JNT $'NOFOR f 5 ∙ 86 36 DOCID 4273445 AU10 0023 ∙∙∙∙∙ ∙∙∙∙ ∙∙∙∙∙•∙∙ ∙∙∙∙∙∙∙∙∙ ∙∙ ∙ ∙ ∙ b f' 3 ∙i ∙ 6 r 8 6 3 ∙ ' b' ' t 1 · ∙∙∙∙∙∙∙∙∙∙ ∙∙∙ ∙∙ ∙∙∙ NSA must detask the account from FAA §702 collection ∙∙∙∙∙∙∙∙∙ T f SII E O c ·e NSA determines that a tar et is a USP is ∙∙∙ roaming in the United Stat es or∙ NSA must detask associate lo nun er_ lr- s- e - e -ct - o-r -s ro- m -- c -o T e- c- t FAA §702 authority and purge related SIGINT holdings from all databases To avoid a break in coverage other authorities must be sought if the target remains of interest and is an agent of a foreign power e g §704 §705b andjor FBI FISA ∙ D C Compliance detaskings few in context but potential risk is great 81 REL 'TO USA Ji'VEY The number of selectors that are detasked for compliance reasons from collection under FAA §702 authority is small compared with all SIGINT selector tasking as of March _ 2 o1ol U FOUO FAA 702 detasked Selectors compared to all FAA tasking and total SIGI NT Selecto rs I however loss of FAA §702 collection on £ ∙ 3∙ L 8636 P ∙∙∙ potentially high ∙∙ interest selectors ∙∙∙∙∙∙ ∙∙ ∙ · parti _ular J those ∙∙ ∙∙ related to poses a ∙∙ • ∙∙∙ risk when transition to Tte-rn ative coverage is not se atnl ss ∙∙ ' j i 1 b 3 ' ∙∙ ∙∙ U Defining the∙ FAA §702 gap in coverage _ '∙ ∙ ∙∙ ∙∙ TS f 81 OlF The gap in coverage is the collection lost in the time between destasking sele lor from FAA §702 collection authority and initiation of collection under another authority e g §704 §705b or FBI FISA For non FAA §702 coverag_ a higher legal standard individualized probable cause is requi red o secure a FISA order In some cases the Government may not be able ∙∙t9 assemble facts I sufficient to satisfy the probable cause standard ∙ ∙ I TOP SECRE1 $'CO ' ffN1 tOFOR '-l 6 P L 8636 DOCID 4273445 AU100023 'fOP SECR£'fh'C01dfN'f 'NOFORN U Audit Focus 9nl ∙∙∙∙∙∙∙∙∙∙∙∙∙∙ U Audit universe of FAA §702 detaskings 'f8 SI tfF To determine the extent of the coverage gaps we identified every Digital Network Intelligence · DNI and Dialed ∙∙∙∙∙∙ Number Recognition DNR selector that was detasked to comply ∙∙ i 3 rp ∙L ∙∙∙ a 6 __ 36 with FAA §702 after enactment of the FAA in July 2008 By ex∙arrrining j tasking records and SV's PAA FAA Incidents database we ident ified∙D relevant detasked -· - ·- · J i · - · € · · · · · · · ··· · ·- · · · ·- r- x · @ I r e i j · ·Th ·e ·se ·- e lect o rs ∙were∙ drawn ∙ ∙∙∙∙∙ ∙ _ b 3 50 usc 3024 Jrom∙∙i __ Uf Fo Go ontribution §IQ tc J of collection under FAA au thority reporting - 6 SI REL ∙ rO USA FVBY From September 2008 to March ∙ 201 o FAA §702 collection con tributed to an increasing perce f tar · f5 · ' ' ' of 0 'fef 5' cff t i n 'g' · · o ve ta 1J · the i ncrease · wa s Jrom EJ pereentto l i∙ 3 P L S 36 percent ∙ 1 t REL _ f' Q U A P erce - ge FVEY oOReports with Contributions from FAA September 2008 March 2010 ∙∙ 8 SI 'REL TO lJO r F'o' Y TOP SECR£1ht 01diN'fi7'NOFORt•l 7 DOCID 4273445 AU100023 'fOfl 8ECfff 't»'CO i'vfl N't 'NOt'Oftl' l 1 3 P L 8636 U FOUO Audit sample focuses on0DNI selectors Fr I l the uni T ers e oflki etasked 8 81 REL 'fO USA F'IE' IDNI s ors for l gap analysis see Appendix B for represented the large ·' i · · _ scope and methodology D I sel ctors m the sample 93 percent In o f 3 P i f6 ∙3∙6∙ r n Jonty · of FAA §7 Q c l taskmgs ∙ ∙∙ ∙ additi m ∙CJs electors ac'Coilrtted for O percent of tasked FAA DNI FAA 702 S I t b C rff f ∙ ∙∙ § 702 DNI § e ec ors y e 1 1ca 1on ∙∙∙∙∙∙ ∙ ∙ ∙ ∙ ∙∙ selectors as ∙ ∙ as of March 2010 indicated in the ∙∙ ∙∙ adjacent diagram ' b 1 ∙∙ The large quantity b 3 P L E and M askings b 3 50 usc ∙ ∙ deh i s ings ∙ co upled with the '∙ significant ro le of FAA §7 02 on D ∙∙∙ ∙repor ting as well as the high risk tha t a gap in∙D cover ge poses prompted our focus ori O DNI detaskings DNI and D - - 1 5 J dentffied ' ' ' ' ' '''''∙ detaited selector byselector L ∙ U Effective Collection Priority S 81 REL 'fO FV Y To understand better the priority of tasking and ∙ ∙ forwarding of collection ∙ fo∙r these ∙c J selectors we obtained the ∙ ∙ Effective Colleclio'fi Ptiority ∙ EC P ∙ oHhe ∙D selectors under review h 0 _ 3 86 36 ' 'ECP∙ is de riv ed from two values national SIGINT riori b p L and collection ' d ' e'ffce · ∙ EGP valu range from ine w e 'i 'ng t L o_n_e th_r_o_u_g 'hn 'i th one b he 'h l ' ghes t priori tY∙ ∙ Fo 'i• the D selectors that we identified the average ECP was 2 52 indicating that these selectors are of high priority U A U Effect of Gaps on SIGINT Collection and Reporting T I OTV ' fi ' Tl' O To determine the effects ofFAA §702 detasking on E Hec ti QP n d re p or ting w e analyzed the 0 selectors Qrf 'JT ' '''''' ∙ 3m onth ∙ period Fehruary ∙ 2009 ∙∙to∙ March ∙ 2 010 ∙ ∙ 1 I during a ∙ 1∙ b 3 _' i ∙L S 636 ∙∙∙∙∙∙ 'fOfJ 8ECltE'f»'COlvffNf Jlf•l0t'ORN 8 36 3024 i DOCID 4273445 A U100023 _ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙' ' ∙ ∙∙∙∙ ∙∙ ∙∙ ∙∙∙∙ ∙∙ ' f f Il b p P L ∙∙∙∙ U DCollection 8636 ' '• ' £ ' · · Coverage Gap Analysis f1Ur ∙ I I ∙ • ' · T 1L • ∙∙∙∙∙∙∙∙∙∙∙∙∙∙ b '∙ 3 P ∙ L g∙• ∙a L U JEQ UOt Time de lay poses risk on producti ve selectors j X S Ij_7' r r f 71f · t·Irt n nr f -il-l i l r ∙∙ ∙∙∙∙• ∙∙ T _ ∙∙∙ ∙∙∙ ∙ '∙ • TOP E C RE1 $ '•fFN10' • 9 J OFORH I DOCID 4273445 AU10 0023 bTTl ∙∙∙ b 3 -P L · ·- i 3'6' 36∙∙ U Minimal delav on some hiahinterest selectors I'T'C 'C T I l 1 T 1' ' _ ···· ∙∙∙∙∙∙∙ ' '_ D · 1 ' ' bJ 3 it L 8636 b ∙∙ 3 so usc ∙3o2 4 i ∙ • ∙∙∙∙∙∙∙∙∙ ∙ ∙ ∙ _ ∙∙∙∙∙ __ _ ∙∙∙∙∙∙∙∙∙∙ ∙∙ ∙ ∙ ∙∙ • ∙ ∙ ∙∙∙ ∙∙ ∙ ∙ _ 1-------------------------r-- --1 cou ld dro Jipeci f U Majority ofnse ∙lectcffs ' b l ∙a6 36 b 3 _ T£ 1 Hq - - - · collection - ------------------ - ∙i ∙ t b 3 so usc 3o∙2∙4 i ∙ TOP SECR£Th'CObffN1WNOFOR V 10 b 3 P L 8636 I DOCID 4273445 OrORN TOP SECR£'fh'COi'YffN'fJ 'N U Selectors not Retasked r T •• Reason Sel ector Was not Retasked ' b' ' l' ∙∙∙∙∙∙∙ _ b 3 P r · - a 6 3'Ei ∙∙•∙∙ AU100023 ∙∙∙∙∙ ∙ I n No of 1 Percentage of Total Total ∙ ·· I 100 00% Te SI NF U Lack of Systematic Process I∙∙ I Produc tion Center has faced 'b 3 P L 8636 U I Tf ' f O I f f UF I _ I challenges in achieving seamless coverage of targets while b 1 maintaining compliance with FAA §702 requirements - · lr------ 1 b 3 P L 8636 ∙∙∙∙∙ ∙∙ ∙∙ ∙∙ ∙∙ h f1 __ l FOUO f o ∙ ∙ ∙∙ 24 i b 3 P L 8 'F s ·74 4·s · r f n F J r·l--------'------------- ∙ ∙ ∙∙ ∙ ∙∙ ∙ U Need to∙r consistent process ' ' • T •ur ∙1 • • I 2 U_If_O_ I --------------------------i _ f U_OJ 1 I · ' TOP SECRET $'Ca1tf FNT fNOFOR'l 11 b 3 -P L 8 DOCID 4273445 AU100023 ∙∙∙∙∙∙∙∙∙∙ ∙ b 1 b 3 P L 8636 b 3 50 usc 3024 i t t fFS z' EH z' PiF j Gap I No of Selectors b 3 P L 8 I Percentage ∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙ Total t 100% I t 'P b 3 P L 8636 I II I I I f 1 f fi' TU ' NF I 1 '' 'S 'b ta PJ · as · · 3s S · ' ' b H b ' 3 l P L 8636 After the Agency detasks an FAA §702 selector ∙∙∙∙∙ b 3 18 usc 798 b 3 50 usc 3024 i 2 TS SI PfF TOPis can directly no tify L I ______ · · I ∙ ∙ ∙ ∙∙∙ I I '' l p 1 b f3 P L 8636 3 TS 8 11 PfF After normal duty hours NSA's J I 4 TS 81 0 lF Agency analysts can send I TS SI HF I TS 8 1 PlF In addition in September 2009 at the reques of the NS Director an Emer genc y Authorizatia C r l p t of b 1 Operatwns was developed _ _l and the Office of J 3 P L 86 _36 General Counsel OGC to outlme a detailed process for maintaining coverage L l ' 3 S Slh'R£L TO USA FVEY I TOP SECM11 $'CO ' ' ffN1» 12 1 0FO ' ∙∙∙∙∙∙ b 3 P L 8636 b 3 50 usc 3024 i DOCID 4273445 AU100023 U FOUO Lack of understandin TS SI f UF of the handoff rocess 6 1' b 3 P L 8636 ∙ b 3 50 usc 3024 i U FOUO f'T'C_ Case studies 'T I ' -' I ∙∙ ∙ _ b 1 b 3 P L 8636 b 3 50 usc 3024 i L 1 1 ' ' f'T'Q C'T CH · 'DDT ' '8 ' '1V T C' A ··· ' Informal but nearly seamless r 1 DV I I -- · · -e ∙∙ b 1 b 3 P L 863 6 b 3 18 usc 79 b 3 50 usc 30 ' ' • J ∙ I I I ' · I ∙ ∙∙ b 1 b 3 P L 8636 b 3 50 usc 3024 i tTS Sim n I Selectors Associated w i h I L __ ____ __ _ _ _ r b 1 _ _ l ' ' u u u u _ _ u Selectors b 3 P L 8 _ ∙ 6 HT b 3 P L 8636 '4 ----------------------- 1tflN1i$lNOFORN TOP 8ECRE1 $l€0 13 TS 7i 'e I ' i 'n F DOCID 4273445 AU100023 TSl 01 l PlF NSA the Cen tral Intelligence Agency and the FBI 1 ∙∙∙ ∙∙∙∙∙∙∙∙∙ b -P L - 8iF36 · · ∙∙ ∙∙∙•∙∙ ∙∙∙∙∙∙ ∙∙∙∙∙∙∙ ∙ • ∙ ∙∙∙∙ _ ___ _ ∙ ∙ 2 rl 1 i '' 'I' ' Y I TS 81 Plf 1 ∙∙∙∙∙∙ ∙∙∙∙ ∙∙∙•∙∙ ∙∙∙∙∙∙ ∙∙•∙∙∙ '6 ff • b 3 P L 8636 b 3 50 usc 3024 i · ∙∙∙∙I TS Il l '1 -· - - - - - - - - i d witn L l _________ _ b 3 P L 86 36 •∙∙ t'fS I SI I Nfil These selectors had been laced ∙ under FAA §702 coverage ∙ b 1 lbecause th ey ie re used by several persons associated with b 3 P L 8 -A H H ' - '¥-¥±'3¥-t ∙∙∙ ∙ b 1 b 3 P L 8636 b 3 50 usc 3024 i I I TS 81 Pi F analysts ∙initially did n6fknow ¥ho to c'oi iact b 1 about obtaining alternative coverage and were not cl _ar ahout b 3 P L 8 wh at cou ld be obtained from FAA §705b tasking and how th is Ulfi ately tasking the analysts I I 4 S h m LdT O U S A P g y J L '' - - - - - - - - - - -- j - b 3 P L 8 TOP eECM21 $'CO ' flN1 5'NOFORN 14 DOCID 4273445 AU10 0023 were provided guidance in te rnally I I ∙ ∙ i i i · ∙ ∙ ∙ ∙ ∙ ∙ ∙ _ bl 3 P L 8636 b l 50 USC 3024 i ∙∙∙∙∙∙ ∙ ∙ ∙∙ • ∙ ∙∙ ∙∙ • • I 'To v · · ·rl 1 T v ' occur because not all analysts m the office are familiar with these new procedures l ' ' ' ' ∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙ ∙ l j - I J J ' J _ '- v L i m it e d f e ed b f 1 • 1 1 n∙ ∙ I - -r - r- 1 ' - - e-le- _ c- t-or- · -A s c i a·- -· - · -w-it-h- __3 v ∙∙ ∙ b 3 P L 8 't Hf ' b ' -P L 8636 b 3 so usc 3024 i k an - - ' b 1 ' __________ l I I __ __ T I fj IfF ll o 1 1 1 • 1 ID initia ted j 0 5 SI SINREL USA f'o' E'f sv _ s es comphance w1tlt the law ∙ ∙∙∙∙∙∙∙∙ ∙∙∙∙•∙∙ ∙∙∙∙∙∙ b 3 P L 8636 hortlv after taskine on the se lector had been ∙∙I b 1 b l3 F L 8636 b l - 0 usc 3024 i · L-1 ___ _ Ito monitor tasked selectors to ensure foreignness and 'f'OP SECR£'f J'COltffN'fi7'NOFORt• 15 DOCID 4273445 AU100023 • ∙∙ ∙ ∙∙∙ I ∙∙∙∙∙ ∙∙∙ ∙∙∙∙∙∙∙∙ ∙∙∙∙∙ 1 b -f t- 8 -36 b l so u c 3024 i ∙∙ ∙ ∙•∙∙∙ · ∙∙ ∙ ∙∙ ∙∙∙∙ ∙ ∙ ∙∙∙ ∙ ∙∙∙ ∙ Ut lsyqqest jmproyements h f3 · f L 86 3 TS 1 18 11 I iFJ _i ' ' ' ' ∙ ∙ agreed that a standardized process would improve the timeliness I I They also concluded that the process should be strengthened and SU H ested other improvements to the current system ∙ ∙∙ ∙∙∙ •' ∙∙∙∙∙∙ ∙ ∙ ∙∙ _ b 1 ∙∙∙ • ∙∙ Recommendation ∙∙∙∙∙∙∙∙∙ ∙∙∙ •' b 3 P L 8636 b 3 50 usc 3024 i ∙ L r 1 Establish a standardized process for when it is determined that h-o-u TIId c-o-n' ' 't _c_o_v_e_r_a_g_e_s T• m_u_e__ af'ter selectors are d etas ked from FAA §702 collection ACTION SID with OGC U Management Response CONCUR U f FOUO O _ b 3 P L 8636 and ∙OGG con∙cut with OIG''s recommendation Corrective aytion js under way and wW be completed as soon as possible 1 -------------- TOP SECMJ1 $tcO fiN1j IOFOR '-l 16 DOCID 4273445 TOP AU100023 SECR£Th'CO ffNT 'f•lOFOftN Successful completion within this timeframe is con tingent upon direc t involvemen t from SV and Sl as they are owners of mission components that are direc tly tied to the transition process see Appendix C for full text of management comments U OIG Comment U Planned actions meet the intent of the recommendation U Loss of Collection ∙∙ _ · 1 I 'fO USA FVBY We also grouped the o 1 R L reviewed by the reason for detasking •'T'c · ·· ∙∙∙ ∙ ∙ I CT 1 1 Tt ' ∙ · electors Circumstances of Detasking ∙∙ ∙∙ _ ∙ b 3 P L 8636 i r _1 TS SI N Ii' C T I · - b Jr------------------------ ·J • ' • U Significar tce ofl • y · r D I ------ --------- ∙ TOP SECR£'f 'COldfNt»'NOFORt•l 17 b 3 P L 8636 DOCID 4273445 AU100023 ∙ ∙∙∙∙ I ∙∙∙ ∙ ∙∙∙ ∙∙∙∙ -··· ∙∙ ∙∙∙∙ b 3 P L 8636 U FOUO Strict guidance on detasking 01 1 JJ J v v o n v L I Strict guidance from DoJ and OGC ∙∙ ∙∙∙∙∙ ∙∙ ∙∙ __ ' ····· 4 J ∙∙∙∙∙∙∙∙∙ tf ∙∙ ∙∙∙∙∙ ∙ '' 'T '--' _ I 11 lT ' ' '4 1 __ b 3 P L 863G b J ' SO USC 3014 i ∙ _ ∙∙∙ ∙ U Action taken TS Sl W¥' I ∙ l the P RNSA ∙al6rijfwiiliwtlie _ ' ∙ b 3 P L 8636 Attorney General and the acting Direcfi k of National Intelligence filed with the FISC FAA §702 certification renewaJ d ocUJ nents related to targeting and minimization procedures fo tn e ll ∙∙ ∙∙ ∙∙ _ ∙∙ _ ∙ ∙ ∙ ∙∙∙∙ ∙∙∙ __ ∙ j ∙∙NSA learned that the FISC was 'fS SI lFJI concerned with the proposed changes to the minimization procedures DoJ and NSA are exploring alternatives to address the matter while continuing to operate under the existing procedures TOP SECRETh'COl fFNf 'NOFORN 18 DOCID 4273445 A U 100023 U ACRONYMS AND ORGANIZATIONS -- - - ----- ---------' I CIA I ∙∙ n U n ' Central Intelligence · ·gl l ∙∙ J ' U ∙Director NSA U I FOUOl Digital Network Intelligence DNI DNR DoJ ECP FAA FBI FISA FISC I SV4 TOPI USP ∙∙∙ · ∙∙∙∙∙∙∙ _ · i i i i ∙ U O f fi -ce -- o TfG en_ e_ r_a 1 C o -u_n _s el ---------- 1∙ U Protect America Act U Signals Intelligence Directorate U Signals Intelligence U I fFOUOj Signals Intelligence Directorate Oversight and Compliance U FOUOj Signals Intelligence Directorate Oversight and Compliance FISA Authorities U I fi'OUO Targeting Office of Primar y Interest U United States Person 19 b 3 P L 86 36 U Dialed Number Recognition ∙∙∙∙∙∙•∙∙∙∙∙•∙∙∙∙∙•∙∙∙∙∙•∙∙∙∙∙•∙ U Department of Justice U Effective Collection Priority U Foreign Intelligence Surveill ance Act of 1978 FISA Amendments Act of 2 008 U Federal Bpreai i f Investigation U Foreigfi intelligence Surveillance Act of 1978 fU lforeign Intelligence Surveillance Court u l OGC P AA SID SIGINT SV Agency DOCID 4273445 A U100023 U This page intentionally left blank TOP SECR£1 $'CObfFNTh'NOFOR ' r 20 DOCID 4273445 TOP SECR£Ti$lCOAfl1·lTj OFORZV U APPENDIX A U About the Audit TOP SECR-E'fi 'COltfl'NVfJ 'NOfOltN' 1 AU100023 DOCIID 4272341185 AW U Thi$ pm intan mm i y left blank DOCID 4273445 'f'OP SECR£'f 5'C0 dfNinlNOFOR V A U100023 U ABOUT THE AUDIT U Objectives U The audit objective was to document the circumstances and the extent of dropped Signals Intelligence SIG INT collection as a result of Foreign Intelligence Surveillance Act of 1978 FISA Amendments Act of 2008 FAA §702 restrictions U Scope and Methodology U Conducted from February to August 2010 the audit examined the gaps in coverage when a selector is required to be detasked for compliance with FAA §702 and the measured effect of the lost coverage U FOUO We reviewed current policies and laws pertaining to FAA §702 We obtained access to the Protect America Act PAA FAA Incident database and reviewed reported incidents from 10 July 2008 when the FAA became law through 4 March 2010 and documented actual instances when SIGINT collection was stopped to comply with §702 See Appendix C Data Analysis for our data sources U SID Oversight and Complian ce U j F OUO To gain an understanding of the Agency's process for documenting and reporting incidents and violations we met with the SV staff We obtained for our analysis information from SV's PAA FAA Incidents database on selectors that were detasked because ofF AA §702 restrictions U Office of General Counsel U f j¥0U Ot We met with the OGC FAA liaison to gain the overall legal perspective of the implementation of FAA §702 We also met with the Acting General Counsel to discuss the nature of collection restrictions that are inherent in NSA's legal authorities In addition we discussed whether the current law is sufficient for NSA to achieve its mission goals 'f'OP S£CR£T $'CObfFNThlNOFOR'l 3 DOCID 4273445 AU10 0023 U L ___________ __ leadership in the Ito gain an understanding · of the legal policy and compliance constraints in the I analytic environment specifically related to · ∙ ∙ ∙ ∙ 1 b • 3l P F - 6 36 FAA §70 2 Cas e s tuctJ § r g r ing0 selectors that were detasked ∙ because of FAA §702 restrictions ∙∙∙we'I'e ccmducted ∙ lwhen a selector was detasked was discussed with nalysts We obtained the analysts' opinions about the effect of collection on their work including specific benefits and obstacles of the FAA §702 authority ∙∙∙∙∙∙ru F OUO We met with technical ∙ ∙ ∙∙I b I I U FAA implementation leads U f FOUO We met with the Analysis Production FAA leads who are charged with overseeing working groups which are addressing problems with carrying out work under the FAA They outline efforts on analytic training and coordinate with the Department of Justice OGC and SV t IIC liiDCI Tf ' I IC' A tr I T I I £If I lE · I I ∙∙∙ ∙ ∙ · ' ' · l i 'i l p L 8 636 3 3024 b SO USC i ∙ U Tasking tool and data repository IV II FQU s2 gli i t pe rs o n n e l ------ Ei j · b l -P databases to assist in our review In addition we met with the S metrics team l ∙∙ personnel and a representative from SIGINT Strategy and ∙∙ Governance to gather additional data concerning tasking ∙gaps collection prioritization and qualitative measures related to the FAA §702 selectors of interest ∙ I' U Training U FOUot We took the Legal Compliance and Minimization to certain Procedures USSID 18 training to obtain c'C ess databases In addition we attended D raining U Government auditing standards U We conducted this performance audit in accordance with generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions according our audit objectives We believe TOP SECR£1h'€01fffNf'j't•llOFORN' 4 86 6 L 3 DOCID 4273445 AU100023 TOP S£CR£Thl£0 dfNT 5'NOf'ORN that the evidence obtained provides a reasonable basis for our findings and conclusions according to our audit objectives U Prior Coverage U The Office of the Inspector General has not performed any previous audits or inspections on FAA §702 U Use of ComputerProcessed Data U To perform this audit we used data that originated from th l∙the SV4 PAA FAA ltRidehtif 1 f b 3 P L 8636 I raji fj databases We used the data to conduct a gap analysis on selectors that were detasked for FAA §702 compliance reasons We did not determine the validity of these databases however we validated the data across multiple sources to ensure an accurate depiction of the data as used for our analysis U Management Control Program U j ff'OUO As part of the audit we assessed the organization's control environment pertaining to the audit objectives as set forth in NSA CSS Policy 7 3 Internal Control Program 14 April 2006 We found that SV4's 2010 statement of assurance reported that a lack of upgrades of Information Technology systems and software application and lack of training and staffing could impede the SV4 mission TOP SECRE1j$l£0 flNTh'NOf'0R 'r 5 DOCID 4273445 AU100023 U This page intentionally left blank 'f'OP 8ECR£'f»'C01 ftNT j'l TOFORN 6 DOCIID 4273444455 ARM-0023 Data Analuga s DOCID 4273445 AU100023 U This page intentionally left blank TOP SECR£1j$€0hffNTi$'NOFORN 2 DOCID 4273445 AU100023 U DATA ANALYSIS U Identification 6 3 -P t · s - 36 of Detasked Selectors We used the SV PPAAIFAA incidents database and the of selectors tha t were detasked to maintain compliance with FAA §702 L _ _j as sources ∙ ∙∙∙∙∙ U FOUO SV4 PAA FAA Incidents database UI IP'OUO We examined the SV4 PAAI FAA Incidents database which contains a record of reportable incidents under the PAAIFAA A reportable incident under PAAI FAA is one of the following U f OU O The conduct of any SIGINT activity collection processing retention or dissemination using PAA collectors in a way that contravenes the terms of the PAA or the terms of the specific certification under which you are operating 6 This includes any activity that runs counter to the Director's affidavit or the associated exhibits that describe the process for determining foreignness the minimization procedures or the targets authorized for collection under the certification U Th e conduct of any SIGINT activity using PAA collectors without having a certification in place to cover the target being collected b 1 3 -P L 8636 S SI REL TO US t FV SY We reviewed the records in the SV PAAIFAA Incidents database from 10 July 2008 the inception 'Qf FAA to 4 March 2010 and determined that there were a total of0 incidents U I FOUO The records in the database are ca tegorized by incident type This allowed us to determine those that met the criteria for our review of detaskings related to compliance The relevant inciden t types for further review are b il' · ∙∙ H f Q ' m oL 241il EL · 1 isi ii fJg 1'' 'fO USA F fBY Roam ers into the US j£1 R SL TO USA FYEY Targets identified as a USP after tasking under §702 U I F OUO Incident types such as analyst error and tasking error did not relate to detasking to maintain compliance with §702 therefore we eliminated these types of records from our review 6 U PAA was the predecessor to FAA 3 DOCID 4273445 WW Ufi Fa'Uejl I 35-36 WI lie the targeting tool used to submit and manage Digital Network Intelligence targeting requests To ensure that we obtained records of all detaskings related to compliance we requested froml tasking records a record of detaskings for any of the three following reasons 1 User is a USP 2 User is entering the United States 3 User is in the United States Inf-E314 The main purpose for requesting d-etasking records from was to search for selectors that were detasked citing a reason user is entering the United States and that were not captured as incidents in the SV Incidents database because they were detasked before the user actually roamed into the United States 86-36 U Audit universe We compared the results of the query with the selectors identified in the review of the Incidents database and identified additional selectors that were detasked for compliance purposes WW From our review of the SV Incidents andl ldetasking records we identified a total universe 35-35 35-35 ofl unique selectors tha were detasked for compliance reasons The detaskirigs covered the FAA 702 certifications I I We were able to identify both detasked DNI and Dialed Number Recognition selectors from the FAA Incidents database and detasked DNI selectors from 5'35 detasking records The breakout of the selectors are detailed in the thus-5 USC 302461 following table 200 therefore our search within delasking records was performed for the date range February 20% lo 86-36 1 Uf'mcldid not formant jug ads 1 reason eld until 1111 11pgrade was performed March EIJIU DOCID 4273445 'f'Ofl SECfff'f 'COMthT T 'NOFORN AU100023 C FG 0 U If6t ij Detasked Selectors by Source and Type v Source ∙∙ ∙∙ ∙ §702 Selector Type Type Time Frame Description SV4 PANFAA Incidents database Compliancerelated detaskings since July 2008 SV4 PANFAA Incidents database Compliancerelated detaskings since July 2008 SV4 PANFAA Incidents database Compliancerelated detaskings since July 2008 SV4 PANFAA Incidents database Compliancerelated detaskings since July 2008 D detasking record ∙∙∙∙∙∙D detasking record i I 9 0 I REL TO USA F11B'Y ∙∙∙∙∙ b 1 b 3 P L 8636 b 3 P L 8636 201 0 Compliancerelated ∙∙ February detaskings since Febru9JY∙∙∙ 2009 to March 2010 2009 • ∙∙ February Complian ce'telated detask ngs 'since February 2009 to 2009 March 2010 I Total '∙ ∙∙∙ July 2008 to March 2010 July 2008 to March 2010 July 2008 to March 2010 July 2008 ∙∙ to MarcJ l∙∙∙ No of Detasked Selectors U Audit Sample for Gap Analysis 't'O USA FVEY The focus of our gap analysis was on S eL FA AL__J selectors that were de tasked for collect ion for compliance r∙easons under the 0 cer tification from February 2009 to March ertificat ion ∙∙ 2010 f e ∙Concentra ted on the selectors f g_rn the Q b ecau ∙se of the signifance Ctbe FAA§702 collection inclu t inf the ∙∙∙∙∙∙ number of F L§ 702 taskings and the key ro j t plays in regarding the time ∙∙∙∙∙∙ ∙∙∙ SIGJNT p roduct i fl ∙ W e also ∙based our dedsions · · ∙ r me f9 Y · r e V le'iv and the f wus∙∙otQ selectors on of the availability · · · '1 1y ∙ ∙ ∙ ∙∙ · ' · f ' ords n Ge s _a r y to conduct the analysis and the majority of the $ 6 36 '· · - b l P L ∙∙ ∙∙ t · · to o J · er t 1 s · J t SJ l s · at g ∙ 1 because of a lack traffic or tasking information or both S SI RBL 'f'O USA FVBYj ∙∙ou ranaly j_s covered both time gaps g ps in cover ge in days and collection c'ov'erage g tP Jpro i 'ected m1ssed collection as a result of the loss of coverage for the ∙_ ∙ ll selectors _ L __ ∙ ∙ b 1 L__j '-' '' n J JJ J • _'' vvn · · vJ J Database Type SV4 PAAJFAA Incidents database ∙•∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙ b 3 P L 8636 ' b 3 P L 8636 • §702 Selector Type Selectors Reviewed ebruary 200$ to March 201 Q • detasking records Total 'f'OP 8ECRET 'C01 WfNf 't lOFORN 5 DOCID 4273445 AU10 0023 U FOUO Records reviewed U I l fi'OUO To measure the extent of the gaps associated with detasked §702 selectors we evaluated multiple sources 'ro 'f ___ __ ___ informa tion This information was re uested from SV 1and ∙the 82∙ e als o - n v iew d Jh followin databases ∙∙∙∙∙∙∙∙ ' b 3 P L 8636 I I L • U fFOUO j702 tisking history U I fFOU J '∙ records were used to determine the dates of cove ag for the selectors The data included the dates the for Executive Order i eh i ctors were t asked and deta e Q in O ∙∙∙ 12333 and §702 coverage ∙∙∙∙∙∙∙∙ ∙∙∙ I ' U IFOU O Data were r q 9 ted from ∙∙∙∙ ∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙ • U IF QJJO I --· lon the tasking t he l and d etasking ∙on h e se lectors This allowed us to draw a 1 P 1 l data to determine the Effective Collection ∙ 'Pr io ri Y' of each of the selectors ∙ A f i · · · · · d r J g n et e f s 7 r ∙∙∙∙∙ e - s · o I oA u ec d ts ∙∙∙∙∙∙∙∙∙∙∙∙ • U l JEL r · ------- FVEYlJ data were requested for determination of the number of P teces of traffic or traffic hits I This c9 1J J G9 p e r day r elated te∙ §702 1 '6 flf ∙ traffic allowed us to determine how active the selectors were in b 3 P L 8636 e g a rc C t o traJfic c oUected∙L ___ __ b 3 50 USC 3024 i From this information we were able to project the potential ∙∙ collection that was lost during gaps in coverage related to §702 ∙∙ '∙∙∙∙∙ compliance It also provided us the ability to determine how ∙ '6 3 • U OUO Purged records U I FOUO Purge requests from SV4 to database managers were F P I 8 6 eva luatect∙∙forrecords related to the group of0 selectors in the atabase The purged records in effect represent a gap 1 in collection coverage 'f'OP SECR£Th'COltfflVTi5' ••rOFORN 6 DOCID 4273445 AU100023 • U FOUO §704 §705b tasking 8 SI REL 'TO USA f'Tv BY Repor ts were generated from D and records reques ted from SV regarding §ZQ4 f705b au t hori zations to de termine if any of thy L_j de tasked §702 ' b 3 P L 8636 selectors were subsequen tly approv d · mder those authoriza tions ∙∙∙ ∙∙ b 1 b 3 P L 8636 TOP SECR£1j$l£0bfFNT j'NOf'ORN 7 DOCID 4273445 AU100023 U This page intentionally left blank 'f'OP 8ECR£'f»'COMtN'fij'l•lOFORN 8 DOCID 4273445 AU100023 U APPENDIX C U Full Text of Management Comments TOP S£CR£T $l£0l fFN1 f •IOf'ORN 1 DOCID 4273445 AU100023 U This page intentionally left bl ank TOP SECR£1j$€0 ePHNTjj'l'l0f'ORtv 2 DOCID 42 73445 AU100023 U 51 D and OGC Management Responses ffiP Sl CU ltiC hVIIIQ i JINOI∙URN SECURITY CLASSIFICATION NSA STAFF PROCESSING FORM TO i EXREG CONTROL NUMBER I 20108956 OIG THRU KCC CONTROl NUMBER ACTION l 0 APPROVAL o a SUBJECT U SID Response to Draft Audit Report on the FfSA Amendments Act 702 Derasking Requirements SIGNATURE EXREG SUSPENSE I 5 Nov 2010 KCC SUSPENSE ELEMENT susPENSE INFORMATION DISTRJBUTION SUMMARY PURPOSI UI To provide the SID response to the draft repot1 on FISA Amendments Act FAA 702 Detasking Requirements AU100023 BACKGROUND U Ir OUO The Audit was initiated at the request of DlRNSA The Audit objective was to document the circumstances and the extent of dro ed SIGINT collection as a result ofF AA 702 restrictions The draft Audit re ort was rovided ro ∙∙ DISCUSS ION U ret f8tTh e a mnent T' ll4 is the consolidated SID 1 and OGC response to the subjec _ r eP · tie L____J f eg d t t_J' or their response to this t skcr ∙∙ · •• 'i · · ' b • ∙∙∙∙∙ ∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙ 1 b 3 P L 8636 b 3 P L 8636 b 3 50 USC 3024 i Thi SPF may be downgraded and marked SECI ETIICOMTNT INOFORN upon removal of end v COOROINATIONIAPPRO OFFICE SID OIR S02 S2 O iC I ORUiiNATOR I l h JD r I TlLI h l IO ∙ --·- VA SECURE PHONE NAME AND DATE OFFICE SECURE PHONE NAME AND DATE H tbH3 P L 8636 ∙∙∙∙∙ ' ∙∙∙∙∙ 1 ∙∙∙ ∙∙∙∙∙ ∙∙ ∙∙ 63 335 ai1 7i i li iQ 10∙∙ teoiaiVttf JOt ro ∙∙ ∙∙∙∙ ∙ 9633121 9634093 ORG FORM A6796T REV FEB 2005 Suoersodos M796 NOV 96 whoch obsolet• I NSN 754 FM- 1 5465 I S023 I PHONE IS•eute 9665590 I DATE PREPARED SECURITY ClASSIFICA TION TOP 6ECft£T lCOMfNTh'HOrOR H Derived Fr om NSNCSSM 152 Dated 20070108 Declassify On 28828 I 88 TOP SECR£Thl£0lrf1N't'jj'NO ORN 3 I 1 15 2010 DOCID 4273445 AU10 0023 I U SUMMARY U FOUO As requested this correspondence provides the Office of L '1 and Offi'ce of ∙Generai∙ Cou ns rs · OGCrstate -me ' rits 6f bj 3 P L 8636 concurrence or nonconcurrence with the recommendation contained in the Office of Inspector General's OIG's draft audit report on the transition gap NSA encounters when targets of Foreign Int el l igence Surveillance Act FISA Amendments Act FAA §702 collection must be detasked from th is collection ∙and author ity This memorandum also prov id es OIG with the results ofO OGC's review of the draft report for factual accuracy II U CONCURRENCE WITH RECOMMEN DATIO N SIH Fr Recommendation ------ '----------- Establish a process for _NSAa l_ _____ cov e rage _ t or- · ac co - nts detasked from FAA 702 ∙∙∙∙∙∙∙ · ·--··-· b 1 col lection U Lead Actionee SID with OGC U Concur NonConcur b 3 P L 8636 b 3 50 usc 3024 i Estimated Completion Date O ∙and OG9 G onc ur∙ w itfi • ∙co' J P L 8636 OIG's recommendation Corrective action is underwgy and ∙wilfb'e c mpleted as soon as possible s ·uc · ces st l completion w i th in this timeframe is contingent upon direct involvement from SV and S1 as they are owners of mission components that are directly tied to the transition process I T l l l l F Comment Although there is a current process for the Signals Inte l l igence Directorate SID overage of targets of interest OGC does not dispute OIG 's substantive finding that the current process does not appear to be universally understood by SID 'sl J personnet Jp response to th is f ind ing and re o mmendat1on · - OGC ∙ah d indiy id u als∙ fro ril tc on impr_o ying t le ∙cGrreht · p ·r cess includeOpers ∙onner are rking coverage of l -t r fefs · th ·at must be d ' r ppeg from col lection∙ ∙∙∙oGQ _and SIDQ petso nnel have alread init_ i a ·t d · discussions I l slo FAA 702 to 6 3 -P L 8636 I I establish a clearer procgss for NSA 6oveh ge for selectors d ' tasked from FAA 702 c 'i l -ect i o n OGC and p ·ersonne l· nav - begun drafting a comprehensive standard operati ng ∙prpcedure SOP for a · a l ysts to follow wt l n a approp late · · The SOP 'jyill u_d_ e_a_q_u ckrefer_e_n d_e_a_n_d_c_h_e-ck-l ls__ l for ∙anaJysts OGC w i II ehgage L a1 s_o_i_n_c _l _i ce_ g_u_i with the Department of Justice Do J I TOP ECRE1 ¥CO 'IlNT 4 las 6 3 P L 8636 O OR V b 1 b 3 P L 8636 b 3 50 usc 3024 i DOCID 4273445 AU100023 necessary to ensure that the new process addresses OIG's finding and recommendation - l p 8 -36 sessi6ns lor ∙ ∙ TSf SI It IF In the short term 0 oftraTni iig has∙∙∙rnitrated∙∙a serie∙s∙ 1 3 P L 8636 b 3 50 Os c 24W _ be s of the division and branch leadership teams to raise awareness of the The purpose of the ∙∙∙∙∙∙∙∙proce ss∙ ∙ ∙ tr ·i il' ing is to establi sh brancb and division level Points of Contact POCs who wi ll l process Additiona l Video be able t∙o∙ as$_ist analysts through th Teleconferendng Center VTC sessions w ill be schedu led to include the extended ∙∙ enterprise ∙∙∙∙∙∙ 6 3 'P L 6-36 ∙∙∙∙∙∙∙∙∙ ∙∙ T SHSI dF Finally an email alia has been created that incl udes techn ical and policy e p · e rfS · inD The purpose f't hi group is to assist the division and branch process Members of the POCs as they wo rk with the analysts on thel group wi ll al so ensure that timely resolution is reached for selectors detasked from FAA 702 III U D REVIEW ∙FOR∙ FACTUAL ACCURACY _ ∙∙ b 3 P L 8636 U fOUQj OIG Comment The OIG does not agree ' i ith the Jth a ll suggested changes were due to inaccuracies or misleadi_n g ∙statements In most cases these suggested changes were based onOinlerpretations of the repopt and new information We made the appropri ate changes to update and Jarify areas of the report SHSI It F The following l ists areas of the report where 0 f'dentified factual inaccuracies or misleading statements that should be corrected in the final version of OIG's report on th lg p NSA encounters when targets of FAA 702 col lection must be detasked from fhis collection authority These factual inaccuracies do not affectO concurrence w ith the report 's recommendation that SID and OGC establi sh a new p rocess ∙ 1 1-tar ge t th _ t must be dropped Jrom FAA 7 92 colfection The following constitutes o speCifiC suggeste d 2f g os · · ∙ ∙ I 1 U Correction · 1 b f1L b 3 P l - 8 -36 b 3 P L 8636 b 3 5o usc 3o24 i ∙ 11 1 1ff jf ∙∙∙∙∙ Highlights Section page i On page ' i' in the Hi gh li9hts∙•• · s ct1on t he ∙∙∙∙I report contains a sentence that says l __ ___ _ _____ _ _ _ _ _ _ ∙ 1 TOP SECR£1j$l£0bfFNT0'NOf'ORN 5 DOCID 4273445 AU100023 8 181 lt JF' Comment This statement implies that NSA would have been able to obtain probable cause on all of those selectors and would have been able to transition to another authority Believe we should clarify that we cannot transition all selectors in all circumstances - · · · - ' U Correction 2 ∙∙∙∙∙∙∙∙∙ leove rag -E i t page U _ge 'fh · ∙•∙∙∙ b 3 P L 8636 ∙∙ FINDING top 81181 t JfZjGaps inl of the page it states the Agency has experiencedL_f ∙overage gaps when transitioning from FAA702 to another authority Comment This statement implies that NSA should be able to transition to another authority in all instances This is not the case Believe we should clarify that we cannot transition all selectors in all circumstances While the need for a higher legal standard is mentioned on the bottom of page 6 believe we need to be up front with the fact that some selectors will not transition 8 181 F U Correction 3 Effective Collection Priority ECP page 8 This section states that the average ECP was 2 52 indicating that the average ECP was 2 52 indicating that these selectors are of high priority 81 SI dF S SI lt JF Comment Believe we need to add context to this statement We would imagine that most if not all ∙has i i'n b 3 P L ECP that falls into the 13 range Probably all on the ECP 8636 selecto rs ∙are of high priority based U Correction 4 T81 81ff dF Selectors not retasked page 11 The table at the top of the page indicates thatl ∙∙ b 1 j b 3 P L 8636 Comment We think it is important to add a footnote that indicates that the analysts were told that they did NOT have to perform thorough research to try to recall why the selector was not retasked Below is an excerpt from an email exchange between 01 9od0indicating that the analyst did not have to perform research if they did noi remember why the selector was not retasked T8 1811 F ∙ ∙∙∙∙∙∙ ∙∙∙∙∙∙ b 3 P L 8636 6 DOCID 4273445 AU100023 TS SI lfqf We agree with your assertion that the analysts simply note that they do not recall what happened to the selectors if they cannot remember Our intention was not to require people to spend hours trying to recall information to answer our survey which is why there is a don't recall option in the first questiorl 1 3 -P L 8636 b l 50 usc 3024 i U Correction 5 '· · T8 SI F I U Correction 6 TSff81 ftqF Need for consistent process page 11 The document states that b 1 b 3 P 'L 86 36 b 3 50 usc 3024 i T8 181 H F Comment We think it is important to note that some selectors will take longer to transition compared to others b ased on the circumstances The probable cause standard is higher than the standard associated FAA 702 tasking This statement implies that we should always be able to transition quickly It may take time and a lot of back and forth between lbefore∙∙we ∙∙∙ b 3 P L 8636 reach the probable cause standard We realize this is addressed in the Case Studies on page 13 but we think it should be stated up front U Correction 7 8 81 REL Footnote 3 page 14 States thatl -------------- 1 rrs l l r Comment I 86 36 b ∙f P L ∙∙∙ 1 b 3 P L 8636 TOP SECR£1j$l£0bfFNT $'NOf'ORN 7 DOCID 4273445 AU10 0023 b 3 P L 8636 U Correction 8 TS 81 t JF First Parag raph page 15 The analysts also may not have been I L 4P ∙ TSHSifftqF Comment I l 1 3 -P L 8636 3 50 usc 3024 1 I U Correction 9 TS SifftqF Action Taken page 18 This section discusses the new procedures which are supposed to provide relief on som l seenarins∙ _ ∙w b 1 ∙ TSI SII F Comment Unfortunately ∙ b 3 P L 8636 Were ∙ ∙ ∙∙ ∙ b 1 b 3 P L 8636 provisimi's 7 removed from the new procedures so we w1 ll not see an rel1ef based on the new procedures OGC wou ld have details on exactly what occurred and where we stand III U OGC REVIEW FOR FACTUAL ACCURACY U FOUO OIG Comment The OIG does not agree with the OGC that all suggested changes were due to inaccuracies or misleading statements In most cases these suggested changes were based on OGC's interpretations of the report and new information We made the appropr iate changes to update and clarify areas of the report S SI ftqF The following lists areas of the report where OGC identified factual inaccuracies that should be corrected in the final version of OIG's report on the transition gap NSA encounters when targets of FAA 702 collection must be de tasked from this collection authority These factual inaccuracies do not affect OGC's concurrence w ith the report 's recommendation that S ID and OGC establi sh a new process targets that must be dropped from FAA 702 collection The fo ll ow ing constitutes OGC's specific ∙ suggested corrections TOP EC Rf T $1 0 'NOFORN 8 b 1 b 3 P L 8636 b 3 50 usc 3024 i DOCID 4273445 U Correction 1 ∙∙ 81 S I AU10 0023 TOP SECR£Th'CO fl NT 'NOFORN ∙ cb 1 b 3 P L ∙ Highlights Section page i _ Onpa∙ge∙∙ i∙' in the High lights'j report contains a sentence thatsays∙tt1e issue of a lis currently under review by DoJ This statem nt factually incorrect In July 2010 DoJ attempted to persuade the Foreig Survei llance Court FISC to al low tasking to continue under one versi n I 8636 ∙∙ sectio · the l ∙ is Intelligence of the but the FISC ------------------------------------------------ refused to accept the proposed change to NSA's FAA targeting and minimization procedures that the Government proposed to addr ess this probl em OGC's understanding is that the FI SC concluded such a change would confli ct with statutory restrictions contained in the FAA legislation itself Therefore DoJ is no longer reviewing this i ssue in the manner mentioned in the draft report Instead DoJ is reviewing two different draft legislative proposals that attempt to cl ose the transition gap One proposal was drafted by NSA and the other proposal was prepared by DoJ's National Security Divisi on I ∙∙∙ ∙∙ ∙∙∙∙∙ ∙∙∙∙∙ b 1 b 3 P L 8636 U Correction 2 8 fSI P JF Introduction On page 2 the Introducti on section of the draft report contains the following sentence '6 1f u ∙∙∙∙∙ ∙∙ u · · ·· · · Sfi'SF f Fr 0 L 24 i underFtSC ∙docket ∙∙numbed known as the Raw Take __ Sharing Order dated July 2002 NSA is able to receive FBI FISA collection U As drafted lhissertence is factually inaccurate The sentence should be revised to read ∙∙∙∙∙∙∙ SffS I t F known as the Raw Take Under FISC docket - ber l Sharing Order dated July 2002 NSA is able to receive most FBI FISA col lection directed against the FBI's counterterrorism targets TOP 8ECR£T $'€Ol fFNTA olO OR 9 ZV DOCID 4273445 AU100023 U Correction 3 S fSI It F TOP S£CRE'fjj'COl Yn'NOr0t t J b 3 P L 8636 Finding that Gaps inDrarget Coverage Exist Page 6 of this section of the draft report contains the following sentence SHSI ffqf To avoid a break in coverage other authorities must be sought if the target remains of interest and is an agent of a foreign power §704 §705b and or FBI FISA This sentence is inaccurate as drafted since it implies that the listed authorities are the only possible authorities available to resume coverage The sentence should be revised to read SI SI JJ 8 SiffPqF To avoid a break in coverage other authorities must be sought if the target remains of interest and is an agent of a foreign power e g §704 §705b FBI FISA etc U Correction 4 SifSI Jj b 3 P L 8636 Finding that Gaps inDrarget Coverage Exist Page 6 of this section of the draft report contains the following statement For nonFAA §702 coverage a higher legal standard individualized probable cause is required to secure a FISA order I SHSI dF I l S SI Pqf Although the statement is accurate as drafted for completeness Otq may wish to note that in some cases the Government may simply not be able a assemble facts sufficient to satisfy the probable cause standard b 1 b 3 P L 8636 U Correction 5 TS SI IfqF Discussion of lack of process ron pages 15 to 16 of this section of the draft report there is a discussion of the delay experienced in regaining coverage of selectors associated witt 1 L 1 I∙ $_ince t _e p6rt says •∙∙• • _ ·· TOP 8EJCRE1j$'€0AffNT 5'1••rOFORN b 1 10 ∙∙∙∙ b 3 P L 8636 b 3 50 usc 3024 i DOCID 4273445 'b '1 ' b 3 -P TOP AU10 0023 SECR£'f 'CO 'f»NOF01 tN NSA had to detask the account _once theAgency l earned∙∙that l I L · s6 6 b 3 50 usc 3024 U Correction 6 Discussion of Strict guidance on detas J ing - I On pages 17 to 18 the draft report states tb at DoJ and' OGC have pr ov ided st rict 11 r I I Although guidance to de_ 9Sk accurate as drafted the report impli §JhatOoj · and ' 6GC have discretion to alter the guidance Therefore the · · drat t r-e ·p ·o · rt ' s discussion of the l egal advice provided by DoJ and OGC on the de ' · tasking ofl l is extremely misleading A lthough this section of the f6 1 t o ' · · r afLr epgr _ notes that the FI SC has expressed concern about the modifications 6 36 It o NSA 's FAA 702 targ eting and b -P t ' 'th G 9vern · ent p- op · os · ed mini iz anon - proced ·res 'Hiereport fa i l to note that the Court's concern was with ∙ ∙∙∙∙ ITss∙ue∙ QQC's underst · ndTi1'g ·- is∙that th e J 9 urt concluded that even the modest changes propo ∙s∙ed to address one aspe cfoft he were ---------------------------------------------------- incompatible with the cur rent statutory framework Moreover for compl eteness the report shou ld al so note that even if the statutory language is changed there may be Fourth Amendment problems w i th maintaining electronic surve i l lance of a U S person or a person located inside the United States on anything l ess than a fo rmal probable cause determination I ∙ ∙ thel 1 TOP SECR£1 VCOl•fFNTh'NOf'OR ' 11 DOCID 427M DOCID 4273133 NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE Further dissemination of this report outside NSA is PROHIBITED w ithout the approval of the Inspector General U Report on the Special Study Assessment of Management Controls Over FAA §702 ST110009 Revised and Reissued 29 March 2013 b 3 P L 8636 Classified By l Derived From NSA CSSM 152 Dated 20070108 Declassify On 28388381 pp roved for Release by NSA on 021120 16 FOIA Case# 80120 litigation 'fOfl f Cttf'f 1 J'TqO fi' OfUq ∙j DOCID 4 273133 U OFFICE OF THE INSPECTOR GENERAL U Chattered by the NSA Director and by statute the Office ofthe Inspector General conducts audits investigations inspections and special studies Its mission is to ensure the integrity efficiency and effectiveness ofNSA operations provide inte lligence oversight protect against fi∙aud waste and mismanagement of resources by the Agency and its affiliates and ensure that NSA activities comply with the law The OIG also serves as an ombudsman assisting NSNCSS employees civilian and military U AUDITS U The audit function provides independent assessments ofprograms and organizations Performance audits evaluate the effectiveness and efficiency of entities and programs and their internal controls Financial audits determine the accuracy ofthe Agency's financial statements All audits are conducted in accordance with standards established by the Comptroller General of the United States U I NVEST I GATI ONS U The OJG administers a system for receiving complaints including anonymous tips about fi∙aud waste and mismanagement Investigations may be unde1taken in response to those complaints at the request of management as the result of irregularities that surface during inspections and audits or at the initiative ofthe Inspector General U INTE LLIGENCE OVERSIGHT U Intelligence oversight is designed to insure that Agency intelligence functions comply with federal law executive orders and DoD and NSA policies The IO mission is grounded in Executive Order L2333 which establishes broad principles under which IC components must accomplish their missions U Fl ELD I NSPECTI ONS U Inspections are organizational reviews that assess the effectiveness and efficiency of Agency components The Field Inspections Division also partners with Inspectors General ofthe Service Cryptologic Elements and other IC entities to jointly inspect consolidated cryptologic facilities TOP SECRET fSf IHOf OR1 DOCID 4273133 OFFICE OF THE INSPECTOR GENERAL NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE 29 March 2013 IG 11526 13 TO DISTRIBUTION SUBJECT U Revised Report on the Special Study Assessment of Management Controls Over FAA §702 ST110009 ACTION MEMORANDUM 1 U I FOUO This revised report summarizes the results of our special study of management controls that ensure compliance with Section 702 of the Foreign Intelligence Surveillance Act FISA Amendments Act of 2008 FAA §702 and the Targeting and Minimization Procedures associated with the 2011 Certifications It reflects changes made based upon additional information provided subsequent to the release of the original report on 8 November 2012 The report documents our analysis findings and recommendations for improvement It also notes other areas that merit attention 2 UI FOUO In accordance with NSAICSS Policy 160 NSA CSS Office ofthe Inspector General and IG 11358 12 Followup Procedures for OIG Report Recommendations actions on OIG recommendations are subject to monitoring and followup until completion Consequently we ask that you provide a written report concerning each OPEN recommendation in the following circumstances when your action plan has been fully implemented or has changed or if the recommendation is no longer valid The report should provide sufficient information to show that corrective actions have been completed If a planned action will not be completed by the target date please state the reason for the delay and give a revised completion date Reports should be sent toJ Follow Up Program Manager at email DL D l _Followup AJ IAS D 1 I 3 U I OUO - We appreciate the courtesy and cooperation extended to our staff through put the special study For additional information please contact ∙∙lon 963 1422 s or via _ l til at l I c 6- 6 ∙∙∙∙∙∙∙∙∙∙∙∙ ∙ ∙∙ a s A£ Inspector General I DOCID 4273133 8 P F DISTRIBUTION DIRNSA SID T Shea NTOC R Ledgett TD L Anderson DOC J DeLong OGC R De ADET J Majoros cc Exec DIR F Fleisch CoS E Brooks SID DDIR R Moultrie DDCR t 1 ∙∙∙ ' bLIAISON ' gt i er DL ntocreg g o ∙ b 3 P L 8636 b 6 1 D11 D12 D13 D14 TOP SECRE1iVShVN01'•0R l DOCID 4273133 'fOP SECR ET Sih'HOF OffiJ U TABLE OF CONTENTS U EXECUTIVE SUMMARY iii I U INTRODUCTION 1 II U FOUO FINDINGS RESOLVED DURING THE REVIEW 11 Ill U iFOUO FINDINGS 13 AND RECOMMENDATIONS U FOUO FINDING ONE PERFORMANCE STANDARDS PERFORMANCE METRICS AND C OMPLIANCE ENFORCEMENT MEASURES FOR TARGETING AND MINI MIZATION PROCEDURES ARE INCOMPLETE 13 i g o w t 7 6j tY ∙ I I DING TWO CER'rAIN FAA §702 SELEC Rsj FINDING THRL · · · · - - - - - - - - - - - §i -- I - - - · · · · · 19 PROCEDURES AND NSA POLICY ARE N OT FULLY ADDRESSED 21 U FOUO FINDING FOUR SOME DOCUMENTATION S UPPORTING FAA §702 RESPONSIBILITIES HAS NOT BEEN KEPT UPTODATE AND REQUIRES REORGANIZATION ACROSS NSA WEB PAGES 25 U FOUO FINDING FIVE INCREASED AUTOMATION OF PROCESSES SUPPORTING FAA §702 IS NEEDED TO ENSURE COMPLIANCE AND REDUCE ERRORS 29 U FOUO FINDING SIX THE FAA §702 CURRICULUM NEEDS TO BE UPDATED AND THE TR AINING REQUIREMENT ENFORCED 35 IV U OBSERVATIONS V U if'OUO SUMMARY OF RECOMMENDATIO VI U ABBREVIATIONS NS 39 41 AND ORGANIZATIONS 45 APPENDIX A U About the Study APPENDIX B U Control Requirements and Management Controls APPENDIX C U Full Text of Management Response 'fCW ECR E'f fSf fi Of OiUJ I DOCID 4273133 U This page intentionall y left blank TOP e CRET 11 ii KW O T DOCID 4273133 TOP SE CRETHSf t OF ORt U EXECUTIVE SUMMARY U Overview 'f'S I 81 In F The Nat ional Security Agency I Centra l Security Service NSAICSS conducts activities under the authority of Se ction 702 of the Foreign Intelli gence Surveillance Act of 1978 Amendments Act of 2008 FAA §702 a key sou r ce of information on foreign targets Since FAA's inception ep y ting based on FAA §702 collection has grown from an average of r e por t per month to more than FAA §702 reports are sourced from collection ∙∙∙obtained with the assistance of ∙∙∙∙∙ U S commun ications service pro v iders ∙ ∙ The -maJq r Y of the · c oll -tio Q lis from lntex ne t S rvi P r Q Y sl e J J3 I M t raffic ∙ ∙ and t J ∙∙∙∙∙∙∙∙ remamder telephony and upstream Internet tJ C i r _§J j t O n e d Jrom • ' b 1 b 3 P L 86 _36 lth e∙Irrternet backbone I I I I U I FOUO For the Agency to retain this important tool in support of its mission it must ensure comp lian ce with FAA §702 NSAICSS has implemented polic ies and contro l procedures including tra in ing access control multiple levels of review and oversight This system of contro ls is designed to provide reasonable assurance of comp liance with the statute and FAA §702 targeting and minimization procedures that form the basis for the affidavits made by the NSA Director concerning the Agency's use of the authority UI IF OUO The findings represent improvements needed to the overall contro l environment in which the FAA §702 authority is used In a later r eview the Office of the Inspecto r General will conduct compliance and substantive testing to draw conclusions on the efficacy of the management controls - - - -· b 1 8 · · Lfi F I ------------------------- U Highlights UI jFOUO Although the OIG did not identify areas of noncompliance with the targeti ng and minimization procedures we identified six areas in which contro ls over comp lian ce with FAA §702 should be improved U FOUO Assessment of performance against compliance standards Establishing accountability for compliance requires clear performan ce standards measurement of actual performance against those standards reporting resu lts and implementation of corrective action These processes are not fully developed 'fOP SECRE'f fSf fi Of Ill ORt DOCID 4273133 'fOf f C t t l r- rtt ' r- te c C t l l 1L T 7'Sl IN OF URN ______________ _ll _______ 'bj 1 '∙ ∙ b 3 P L 86 JS b 3 50 usc 3024 i TG I GII P F Dissemination process A review ofF AA §702 sourced seria lized dissemination does not include steps to verify that when MCTs were used to support what is be ing disseminated the multip le comm unications ti∙ansaction MCT documentation required was prepared in accordance with the min imization procedures • U FOUO Documentation deficiencies Some internal Standard Operating Procedures and other inte rna l FAA §702 guidance have not been kept up to date and require reorganization by subject across interna l NSA web pages ' ' ' · b 3 P L 8636 U J l G Ucnl lwould improve purge execution training comp liance and product ion of comp liance alerts U FOUO Training update and enforcement Adjudicators personne l responsib le for ap proving targeti n g requests do not have a documented standardized version of their training for reference In addition to the ini tial FAA §702 training required before accessing FAA data analysts are now required to take a new FAA §702 ap pl ications course on com pliant targeti n g requests and targeting maintenance However the req uirement for the applications course is not yet enforced U Management Action U j j FOUO Signals Intelligence Directorate personne l agreed with the Inspector Genera l recommendatio n s and the p lanned actions meet the intent of the recommendations TOP SECRET lSI hHOf l l QR T DOCID 4273133 'fO l SECR ET fSV fOF OiUJ I U INTRODUCT ION U Background U Sources of Section 702 Foreign Intelligence Surveillance Act FISA Amendments Act of 2008 FAA §702 collect ion ∙∙∙∙∙∙H 3 P L 8636 bii1i ∙ TSJ Si ffnF FAA §702 data is com posed of Digital Netwoik Intelligente DNI and Dia led Number Recognit ion DNR 9ata ∙∙∙∙ DNI is Signa ls ∙ Inte lligence SIGINT received from lnt ern ef Se rvi ce Providers ISPs with the FBI the PRISM program ∙∙ assista n ce of the Federal Bur a u · of'l westigation and from 'ii stream collection Anal sts submittinrr I FAA §7 ta ing ∙cim DNR data is o tame 1a mtercep o e te ep one - uthon py to a cqm re commumcations to from or m networ ∙ ∙∙∙∙ N SA ha s the case of DNI collectiorf from L about tasked se lectors b 3 P L ss 36 ∙∙∙∙∙∙∙∙∙∙ I U Requirements of FAA §702 g OlF The target of collection mus t be a nonU S pe rson USP who is reasonabl y believed to be locate d outside the United States and possesses is ex ected to receive a nd or is like to c ommuni cate foreign intelligence ∙ FAA §702 Certifications ∙∙∙∙∙∙ ∙∙∙∙∙∙∙ ∙∙∙∙∙ ∙∙•∙∙∙ ∙ ∙ L 1 b 11 b 3 P L 6-36 b 3 50 us ·c ·- 30 4 i ∙∙∙ 8 P F FAA §702 requires the Attorney General to ado pt targeting and minimization procedures in support of the statute The targeting and minimiz ation procedures are documented in each Certification DIRNSA's affidavit for each certification provid es information regarding how the Government will implement t hose pro ce dures and states that l 1 3 P L 8636 nnl • S I 3 50 usc 302 ------------------------------------1 TOP SECR ET fSf fi OF I ORt DOCID 4273133 'fOF SEC'ftE'fh'SVfHOF ORN Reasonable procedures are in place to ensure that acquisition under the Certi ficat ion is limited to targeting nonUSPs reasonab ly believed to be located outside the United States Targeting procedures are reasonably des ign ed to prevent the intentional acquisition of domestic communications 2 Acquisition is for the purpose of obtaining foreign inte lligence information within the scope of each Certification NSA will follow specific minimization procedures NSA may prov ide the Centra l Intelligence Agency CIA and the FBI unminimized communi cations acquired through this authority U Independent measure of compliance performance S ffP The Agency's comp liance with FAA §702 is subject to bimonthly review by the Department of Justice DOJ and the Office of the Direct or of National I ntelligence ODNI who review disseminations queries of U S person identifiers compliance inciden ts and the targeting requests for all n ew and retasked selectors for the period as well as the supporting information for a sample of the selectors These entities have reported a very small number of errors U Objective and Scope of Review U j jFOUO The objective of the OIG review was to assess the adequacy of management contro ls to ensure reasonable compliance with FAA §702 This analysis was based on review of published and draft guidance and certain controls in systems supporting application of the authority We also interviewed managers and analysts responsible for targeting approval and oversight subject to FAA §702 requirements Testing of the contro ls iden tified will be the subject of a later review U Standards of Internal Control U We assessed management controls against the Government Accountability Office's Standards for Internal Control in the Federal Government November 1999 which presents the five standards that define the minimum level of quality acceptab le for management contro l in government Con trol Environment Risk Assessment Control Activities Information and Communications and Monitoring U Internal control or management contro l comprises the plans methods and pro cedures used to meet missions goals a nd objectives It provides S ' SJ ff Don1estic coJnmunications according to Section 2 of the FAA §702 Minimizatio n Procedures are all communications other than foreign communications including those in which the sender and all intended recipients at the time of acquisition Foreign communications must are reasonably believed to be located in the United States have at least one communicant outside the United States 2 DOCID 4273133 TOP SE CRETh'SI NOF ORH reasonable assurance that an entity is effective and efficient in its operations reliable in its reporting and comp liant with laws and regulations NSA CSS Policy 73 Managers' I nternal Control Program 14 February 20 12 advises that eva lu ations of internal contro l consider the requirements outlined by the GAO standards The Office of the In spector General OIG evaluates management control against the standards U Targeting and Minimizat i on Procedures Basis for Compliance U Target ing 8 SI lF The target ing pro cedures specify that NSA will make a determination about whether a person is a non United States person reasonably believed to be outside the United States in light of the totality of the circu mstances based on the information available with res ect to that ∙∙∙∙∙∙∙ '6 1y ∙∙ ∙∙∙ ∙∙∙∙∙∙∙∙ ∙∙∙∙∙ With respect to the foreign intelligence purpose or e targetmg e procedures require NSA to assess whethe r the tar g possesses and or is likely to commun icate foreign intelli gence inforn1 'ation J mcerning a fore ign power or foreign territory With respect to documentat Torr ∙∙«aqa lysts who request task ing will document in the tasking database a citation or c itations to the informat ion that led them to reasonably believe that a targe te∙d pers n is located outside the United labout which States as well as id entify the foreign po · i' er t they expect to obta in fore ign intelligence info rmation pursuant to the proposed targeting b 3 P L86 36 S f ffP The subm itted targeting request is then sub ject to an adj udi cation review by specially traine _p ersonnel l _ ····· ' b ∙ ∙ I ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ b 3 P L 8636 b 3 50 usc 3024 1 ∙ ∙∙ b 1 b 3 P L 8636 User of the se lecto r is th e intended foreign intelligence target 3 DOCID 4 273133 TOP SECR ETh'8tm«W Oru Target remains appropriat e under the Certification cited in tasking and Target r ema ins outside the United States and or there is no information to indi cate that the targe t is inside the United States S NptThe OnGoing Target Review section of the OTR Guidance states Ito gphold that analysts musd that there has been no change in the target's status that would require ∙∙∙∙∙∙∙ b 1 adjustment to maintain NSA's compliance At least every 30 days the review should confirm that the b 3 P L 8636 Selector remains associated with the intended target Target remains appropriate to the Certification cited Target remains outside the United States and or there is no information to indicate that the target is inside t he United States and Type of data be ing obt ained is no t routinel y of a type that is subject to immed iate destruction requirements i e domestic communications S JHF Information that demonstrates a change in any of these factors might require detas king the selector destro ying or otherwise handling collected traffic in accordance with the minimization procedures and notice to the Agency's ove rseers U Oversight and report ing U FOUO The Agency must Train those targeting and those approving targeting or accessing FAA §702 infor mation Ensure that FAA §702 raw traffic is stored only in authorized reposi tories and is accessible only to those who have had the proper training and Conduct spotchecks of t argeting decisions intelligence diss eminations and queries of data repositories for compliance U Min imizat io n U FOUO The minimization p rocedures are designed to protect USP information during acquisition processing retention and dissemination of information obtained by targeting non USPs reasonabl y believed to be located outside the United States They require tha t the Agency ensure that Acquisition is conducted in a manner designed to the greatest extent feasible to minimize the acquisition of informa t ion not relevant to the au t horized purpose of t he acquisition Personn el exercise reasonable j udgment in determining whether informa tion acquired mus t be minimized and des t roy inadvertently 4 DOCID 4 273133 l'OP SE CREl' Sl HOF ORH acquired communications of or conce rning a USP at the earliest pra ctica ble point in the pro cess ing cycle unless the data can be retained under exception provisions detailed in the minimiza tion procedures and Report s based on communications of or conc erning a USP may be disseminated if the identi ty of the USP is dele ted and a generic term or symbol is substituted so that the information cannot reasonably be connected with an identifiable USP Otherwise dissemination of intelligence reports based on communi cation of or concerning a USP may be made to a r ecipient requiring the identi ty of such person only for the performance of official duties but only if meeting certain criteria U Co ntrol Env i ro nment U Reliance on manual co ntrol s U I FOUO A significant number of the procedures and controls established to ensure compliance with FAA §702 and NSA's courtapproved targeting and minimization procedures are manual Thus training supervisory reviews and oversight are critical elements of the control structure Modifications to the systems relied on for targeting collection and processing continue to Improve the ability to purge information when required Iden tify and pre vent instances of over collection and Improve efficacy and efficiency of processing and oversight U FOUO R ealignm ent of respons ib i l ity U SID has restructured operations to better manage FAA §702 processing and compliance S lf EH7'J'PH l ll r esp onsib ilizy for adjudicati ng FAA§7021 ∙∙∙∙∙∙ ∙∙∙∙∙∙∙•∙ ∙∙ ∙ __ on I ' v • II ∙∙∙∙∙ ∙∙∙∙ ' ' '' ' I assumed I • U I FOUOj S2 Mission and Compliance performs functions supporting use of the authority as well as additional oversight of FAA §702 processing and compliance SV continues to perform much of the direct oversi _ 9 ft rgeting - l t oor ' l∙assubied responsibility fro _m_S V b 3 P L 8636 5 DOCID 4273133 'fO SECR E'fh'St i JOf ORH o Execution of purges related to FAA §702 incidents removal from data repositories of records ineligible for retention under the authority o Implementation of a purge adjudication process to better ensure completeness of purges o Development of processes and too ls to enhance compliance while reducing the burden on analysts o Training and oversight of targeting adjudicators and o Preparation of additiona 1 management measures including metrics to improve accountabi lity U Continued process improvement TS 81 f fF The Agency has undertaken several reviews of NSA systems and processes as well as the data acquired from communications providers and other Agency sources under FAA §702 authority in response to compli ance incidents and questions raised by the Foreign Intelligence Surveillance Court FISC These reviews and other efforts to impro ve comp lian ce and efficiency of operations have resulted in several changes to the processes and controls supporting the Agency's use of the authority 8 HF SID cont inue s to take steps to impro ve FAA §702 comp lian ce In addition to FAA §702 training that focuses on lega l requirements for use of the authority a new cou rs e FAA 702 Practical Applications g released l j iiill3J Pi ss as _ I j SID continues to make changes to the targeting tool to su pport co pliance and increase efficien cy see Findings Resolved During the 1 1 ∙ b 3 P L 8636 6 3 p L J -3s · · _w P∙ 9 ∙ Project ∙ ∙ ∙∙ ∙ ∙ SID c mp f eted the L errors in targ etfrt ·0fr · r-e qu t Thef most s1gmhcant gaps ∙ ∙ ∙ ∙ ∙ ∙ ∙ ∙ ∙∙∙∙∙∙ t9 ·edfiuce identi t d included a lack o standardized ∙∙ eedb a to targetincr roval ∙ ' ∙ ∙ ∙ ∙∙ ∙∙∙ anal sts ' •'for the reasons tarcretincr re uests failed f Jf t · · a · ins ufficient n i a ·n gement reporti ng of denied targeting ∙ ∙∙∙∙∙∙∙∙∙ r equests and the need to ' ih er se acco untab ility and compl iance for targeting Corrective actions in c1udj ng standard ized denial reasons management re ortin g of denial metr i'cs∙∙ j were implemented Thes L e a c ∙tJ on u_ce s re d_ drav er_a_c_e r _ __ ∙ weekly d emals of tar etin re uests by 24 ercent I ' - ----- - - -- --- -- ------ ∙∙ improved L ------------------------ 6 DOCID 4273133 TOP SE CRET SII HUf' OltN complian ce with required inte rn al procedures for se lector management and reduced the risk of incidents U Definitions U Annual Contribution Evaluation ACE The Agency's performance manag emen t system based on estab lished individual performance objectives and performance elemen ts s II Pl F Adjudica tors Pers n l Lr-- - _ - r ' 3 P L 8636 I 1 wit h ∙re∙sr orisibility for reviewing and a pproving FAA §702 j targeting reqrtle_s_t_s_ UI POUO -- -- -- -------- -- -- which prov ides au thorization attributes and access control services to enterprise programs and projects '6R1f · T8 Slf f F Digit al Network Intelligence DNI SIGINT detived from communications in volv i ng lnterne t hased selectors 1 l∙ _ ·- b 3 P t ∙ ∙8636 b 3 50 usc ∙3024 il I I ∙∙ 8 81 OlF Dialed Number Recognition DNif Co lh' dfon ∙ pro∙cess D from telephony systems ∙ I I U Foreignness Assessment and documentation supporting the determ ination of reasonab le belief that a target is not a United States person and is outside the United States I I U I 1 Tj'OUOi A corporate complian ce tool that serves as a stream li ne d access cont ro l mechanis checks that _ individ' uals meet the ne cess ary II lission trru nmg and clearance required for initial account access t9 S1G'iNT tools and databases ∙l I ∙∙∙ ∙ u 10 ∙ v v ' H ∙∙ ∙ ∙∙ ∙∙ _ -· · ∙∙∙∙∙∙ ∙∙∙ ·· · · ' · _P L 8636 ∙∙ ∙∙∙∙ ∙∙ ∙∙∙ ∙∙∙∙∙∙ ∙∙∙∙ • ∙∙ · · ∙∙ ∙∙ ∙•∙ ∙∙∙∙∙ ∙∙∙ ∙∙∙∙ ∙ ∙∙∙ ∙∙ UI IFO UO Mast r rge · • st MPL NSA's central record of SIGINT collecti on includiiig · re o rds deri v ed from that collection which NSA has purged The list includes i that h ave been marked for purge or have been purged from ∙j systems that ru ∙e used in sourcing traffic for SIGINT reporting I I TOf' SECRETtS'8DS1a 'OFO Jl l 7 I I DOCID 4273133 TOP SECRET Sfh'HOF ORH TS 81 HP Multiple Communic ations Trans acti on MCT Traffic containing more than one discrete communication This traffic might contain discrete commun ications that are not to from or about tasked selectors Upstream collection might contain both discrete and MCT traffic and could include MCTs of non targeted individua ls that contain a tasked selector U f' · FlEO U O l b l3' J - tetrievai o S y stem f A _ d a Jt a base repository that provides storage and con tent It is a raw SIGINT storage ' '''' lt t •l NSA's mechanism f or S - -IG · - l N ' T - a IOI SIGINT storage system and ret J ieval It is a raw 'fS SI HF PRISM PRISM refers to the portion ofthe FAA 702 collection architecture wherein individual electronic conununica tion service providers 1 · · • •' ' ' ∙ rovi f e J nternet -· conHnunieat i o -ns · l -- ---- -- ---- --- --r----------1 b ∙∙ ∙that in∙ O enel ar · n'e liostect ∙bythe b 3 P L 8636∙ ∙ _ b 3 50 usc 3024 i ' ' · · · · ' · __ ' • b 3 P L 8636 ∙ ______________________ ___ U Purge The ondemand removal of data items rendering them unrecoverable through standard mission data access mechanisms I ul I r CD l U ·r ' ∙∙ ∙∙ ∙∙∙ I ∙∙∙∙∙∙∙∙ ∙∙∙∙ U If FOUO R aw SIGINT Any SIG INT acqu ire d either as a resul t of ' L 86 _36 search and development or as targeted colle ction operations against a foreign intelligence target before the information has been evaluated for __ ∙ ∙ foreign intellig ence and minimized in accordance with the applicable set ∙ ∙ ∙∙∙∙∙ ∙∙∙ ∙ ∙• ofmin imization procedures ∙∙ ∙ ∙ ∙ ∙ ∙ ∙ · · Ou o d ∙ ∙ r------------- A contro lled information ∙∙∙∙I D anagem enf∙∙syS _tem which is the authoritative data source for a given managed data element and is governed in accordance with c n guration Policy∙ · SA C$S I ∙ A SID oruanization that ∙∙∙∙∙∙∙∙ Ul leads ∙planning and acquisition efforts fo_'_________ ___ collection of intelligence I I A SID U 1f FOuofl initiative wliose obJective was to reduce targeting errors thereby improving processing efficiency and comp lian ce for FAA §702 tl'ansactions 8 DOCID 4273133 l'OP SE CREl' Sl HOF ORH NSA's inter ception of Inte rnet llo cated on the u nited ∙∙ States' Internet backbone conduc te d with the assistance of electronic b 3 P L ' 86 3 b 3 50 usc 3024 i communi cations service providers who are located inside the United ∙∙sta es and have been served with FAA §702 dire ctives This coll ection method is distinguished from othe r coll PRISM FAA §702 DNI ection TS 81 f f Upstream Collection froml 'b y HHHHHHHHHHHHHHHHHHHHHHHHHHHHeommun ie ations acqu ired O 1 ∙∙∙∙∙∙∙ b 3 P L 8636 The targeting tool for submitting DNI and DNR targeti ng compliant with FAA and other SIGINT author ities H S f S iffHP TOl SECltE 'f1 8iW tftJFtntN 9 DOCIJD 427311333 U This page intramimm yy left blamik 10 DOCID 4273133 II U lFOUO FINDINGS RESOLVED DURING THE REVIEW _ U FOUO Incompatibility between Assigned Au o r i lies 1 I land Compliance - - o _y QJs for ∙FAA §702 L ' ∙∙ ∙∙ S J NF · One ofth primary NSA internal control mechanisms that ensure C'o mpliance with FAA §702 Targeting Procedures is the adjudication of ∙∙∙∙∙∙∙∙ ∙∙ targeting requests before tasking This review confirms that the target and associated selector are tasked under the proper FAA §702 Certification the target is not a USP the target is outside the United States foreign and the determination of reasonable belief of foreionness is orooerlv suooorted An 8636 b _ _3 - P L ∙ •∙∙∙∙ U j j VOUO SV was aware of this gap between the NSA requ ired internal t 6 3FP b 86 3 6 ∙ ∙∙∙ rol and im lementation of the internal contro l within the tool and it ∙ ∙ ∙ ∙ was r e S Q lved ---- -- -----------r---------------------------------- ∙•∙ SHNF In creased Risk of FAA §702 No - - pi i · a il'c∙e f orl _c_t_o_r_s 1 ___ LIT_a_s_k_e_d_ S_e_ le _____________ -- Sf N F To support compliance with FAA §702 automated OTR notices that a required r eview of target communi catio ns is due are gener ted l I I and sent to analyst§ ∙ I ∙∙ lbi L --------------------------- 1 M ∙∙ ∙∙ LV • Jl ∙∙ ∙∙∙∙∙∙ ∙∙∙ T tll 7'ftJFtntl¢ TO'P S'f t ttP 1l 11 DOCID 4273133 TOP SECRET SII OF O J U This page intentionall y left blank 'f'O P5'ECltE f1 8i' WOFOttN 12 DOCID 4273133 'f O SE CitE'f Sll tq'Of Oru Ill UNFOUO FINDINGS AND RECOMMENDATIONS U FOUOi Fl NDI NG ONE Performance Standards Performance Metrics and Compliance Enforcement Meas ures for Targeting and Minimization Procedures Are Incomplete UIIFOUOj Establishing accountability for compliance requiresclear performance standards measurementof actual performance against those standards reporting results and implementationof corrective action These processes are not fully developed U Eleme nts of an Eff ect i ve Complia nce Ove rsight Progra m 'bj 3 NSA has estab lished a pretasking process that includes reviews of g IF targeting requests for compliance with the targeting procedures The targeting request must be ap proved before the se lectors are released for P c · 36 tasking ∙and ∙collection ∙∙l I ----------------------------------------------- U j J FOUO Effective compliance oversight requires the devel opment of measurable standards against which actual performance can be assessed Comparison of performance against these standards must be repor t ed regu lar ly to management for timely review and follow up action Together these elements provide the means to establish accountabi lity and initiate action to improve comp liance U Shared Responsibility for Oversight S Iqlf Monitoring comp liance with FAA §702 targeting and m inimization procedures has become a shared responsibility within the Agency Before 2010 SID SV had prima ry responsibility for monitor ing the A encv 's application of FAA §702 authg r ity l ∙∙∙∙∙ ∙∙ ∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ b 1 b 3 P L s6 36 S H fr' As personne l outside SV assumed more of the respons ibil ity for l∙traip _ed new adjudicators adjudicating FAA §702 targeting requests ∙∙∙∙∙∙∙∙∙ 13 ∙∙∙∙∙ b 3 P L 8636 DOCID 4273133 TOf ECU T fSf tfOF OIUJ and assumed oversight of the targeting queue Statistics on the targeting queue provide an assessment of the timeliness of the adjudication process and th e means to evaluate the a dequacy of th e number of adj u dicators given the volume of target ing reque_stsA I b f ∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙ _ • • ∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ ' '' ∙ b JH L 8636 ∙∙∙ ∙∙ ∙∙ ∙∙ A lt - -h-o -u -gh -- t - -h-e -se 1-----------------------1- - ___ ___ L- ------------- -- r----- ------ statistics mtorm management ot the overall processmg of targeting requests they do not prov ide qualitative information regarding the accuracy of target requests submitted and approved and comp liance with the targeting procedures ∙ b 3 P L 8636 U I j FOU O SV's continu ing oversi ght of analyst and adjud icator per formance is effected through reviews of targeting requests see Finding Th ree participation in bimonthly overseer reviews and ma mtgement of FAA §702 incident reporting Errors identi fied in targeting ∙∙1 equests are 1∙ After overseer 60 communicated to the analyst adj u dicator and I day reviews SV prepares feedback briefings to inform adjudicators of overseer findings The briefin gs al so provide metrics on the reasons for denial of targeting requests trends identified in SV's review and guidance on FAA §702 targeting procedures Incident reports are also ana lyzed to ident ify trends that m ight require action SV's overs ight provides a critical assessment of comp liance with FAA §702 independent of those requesting targeting This feedback however is not p rovided to the managers res ponsible for the targeting analysts and adjudicators U Development of FAA §702 Compliance Metrics '' ' '' b 3 P L 8636 ∙∙∙∙∙∙∙∙ ∙∙ U I FOU O S2 Comp liance FISA Staf J r · i i - des some - ' etr i cs for FAA §702 processing and comp liance i nclud ing weekly re ports' on the targeting request queue 1 I' ∙ ∙ I The process to esta bli sh com plete standards and measu res for assessment of comp liance continues U I F OUO To support effective monito ring of the Agency's use of FAA §702 authority metrics must be Based on clear and consistent expectations of performance for all targeting ana lysts and adjudicators with in the Agency and -I ∙∙ J Ul ___ ______________ TO·P SECltE T1V ibVNOFOttN 14 I DOCID 4273133 TOJl E CitE'fi SI HOF ORti Generate sufficient detail to facilitate targeting analyst action by the adjudicator or ∙∙∙∙∙∙∙∙∙ b 3 P L 8636 l i · s · t associated U I j ¥0 1 10 The development of these metrics by l with the Comprehensive Mission Complian ce Program a group of NSA initia tives to achieve reasonable assurance that the SIGINT and Information Assurance missions are conducted in accordance with the laws and policies that protect USP privacy The program includes monitoring and assessments including trend analysis U Incomplete Implementation of Processes to Ensure Ta rgeting Proficiency and Compl i ance Accountability UI IF OUO In 2010 SID comp _l J d thel project a Lean Six Sigma project to reduce t argeting ∙ eiTors and imp rove proc essing efficiency and cogq liance loi FAA transactions The ro'ect team com rised ersonnel · · r- _r _ _m_ _ ____________________ b l3J p 86 3 ' ∙ '1' ' - - - - - - - - -- - -' Although seve ral of the recommendafiori s' T fom∙ have heen iOlRlemented recommendations tha t focused on accountabi lity for targeting u ·r ·a - cy · have∙∙ n ot ∙ The l study recommended for FAA analysts L ' Employee performance review objectives for compliance with targeting requirements Periodic metrics to leaders in organizations responsible for targeting original focus was on denial metrics for FAA §702 targeting requests and Progressive measures to impro ve com plian ce with targeting standards including removal of FAA §702 targe ting authority ∙∙∙∙∙ ∙ b 3 P L 8636 actiQns are U I F OUO Although not addressed by the l l study ·- i -i ar needed to assess monitor and remediate the quality of targeting reviews conducted by adjudicators U If FOUO To measure and increase targeting proficiency oLthe work force including targeting under FAA §702 authority SID ri ∙has developed the Targeting Wor kforce Readiness Standard WRS tional Job Qualification Standard JQS for all Agency pe rsonnel involved with targeting Its purpose is to estab lish the standa rd targeting tasks along with the knowledge skills and abilities necessary to com plete the tasks at a defined proficiency leve l 4 The standard is supported by train ing and assessment plans standard tests and onthejob training evaluations The WRS is under review and not fully implemented Associated development 1 U J fOUO A functional JQS defines the standard of performance for a broad SIGINT function such as targeting or reporting and crosses skill communities work roles and personnel types It applies to civilians and contractors as well as military personnel The functional JQS once completed at the specified proficiency level accompanies the individual across PLs and SID T P EGREF 'ih WOPOtO'¥ 15 DOCID 4273133 I Ol' f Cft E'T 91 ffOf ORN plans and a means to track progress are being created within th e Associate Directorate for Education and Training 's ADET Enterprise Learning Management ELM arc h itecture and include much of the required training classroom and onthejob for FAA §702 targeting analysts to achieve full proficiency Implementation of the WRS and asso ciated training and assessments will provide a means to achieve accountabi lity for com pliance with targeting requ ir ements and ens u re trai nin g standardization and enforcement Development of FAA §702 metrics based on the WRS proficiency standards would support the performanc e measurement compone nt of the WRS U JFQUQ RECOMMENDATION 1 U FOUO Establish for FAA §702 targeting analysts and adjudicators ACE performance objectives based on completion of a specified proficiency level of the Targeting Workforce Readiness Standard and ELM training plan Sf I' JF ACTION I 1 U Management Response ∙∙∙ ∙ b 3 P L 8636 1are∙∙pre par ing an ELM plan for U f FOUO AGREE SID target analysts and adjudicators The ELM plan will be broken down into proficie ncy levels thereby allowing the anal yst to register for the correct tra inin g as stated in the ACE objective The ELM plan for th e Tar geting Workforce Readines s Standard for FAA §702 will be comp leted 1'_ 1 fo r i ll Nati onal Cryptologic Schoo l N CS courses Enfor qed registratiori iil the E I M program and targeting proficiency sta stics to the individual level as weifas ∙eom pletion rate of any reguired FAA §702 training NCS courses will be co'lnpletedl St uctured on ∙ ∙∙∙∙∙ ∙∙ ' the job training will be phase d in U Status OPEN ∙∙∙∙ ∙ ∙ U Target Com pletion Date ∙∙ o b 3 P L 8636 I I I I∙∙∙∙∙ ∙∙ U OIG Comment U j jFOUO Planned action satisfies the inte nt of the re commendation 'f P 5'ECttE'f 7'8fl7 'N0r Rll 16 DOCID 4273133 'fOP SE CltE'f Sl tffi f OIU U IFOl fOt RECOMMENDATION 2 U FOl fO Develop metr ics and management reporting to U IFOUO Measure targeting analyst and adjudicator compliance with FAA § 702 targeting and minimization procedures and U JFOUO Support analysis of trends indica ti ve of changes needed in training or guidan ce U fFOUOi Coordinate th is process with the Com prehensive Mission Compliance Program F I ACTION I U Management Respon se 9 3 P L 8636 ∙∙ • ∙∙∙ l · a ·part of the 8 Pl F AGREE SID Lean Six Sigma Team Participants will assess the feasibility of developing metrics to evaluate detargeting trends and process deficiencies Fina l imp lementation will depend on technical capabil ities and deployment schedules U Status OPEN h 3 P L 8636 U Target Completion Date I U OIG Comment U I It 9t J9 Planned action satisfies the intent of the recommendation 17 DOCID 4273133 TOP SECR ET SII OF ORti U This page intentionall y left blank '0POfO'l 'f'O'PSECRE 'f $ ib$'1 18 DOCID 4273133 TOP SE C RETHSI UOF ORH SH NE FJ N DJN G T W O Certain FAA §702 Selectors ∙ g i6 b -50 I ∙∙ ∙∙ ∙ ∙ us c · 302 L ' i ∙∙∙∙ I T$#SiHiVFII SHt4Ft Verification that A uthorized Se l ecto rs A re on Collection I'T'O I ∙∙∙∙∙∙∙∙∙ ∙∙ Ot • 1 rr l ∙ I ∙∙ b t1f ' ••∙ b l 1 L 8636 b 3 5o∙u sc 3024 i ∙∙ ∙ ∙∙∙∙ ∙ I S SI N If II F 'fS SI J N F The OIG's Report on the Assessment ofManagement Controls to Implement the Protect America Act PAA of2007 ST080001 7 April 2008 1 D J _ l J b - L 8636 b 3 0 usc 3024 i rr t ' e n ' r n I ∙∙1 • V ffV• ff'•J t 1 b 3 J L 8636 b ' -f 0 usc 3024 i 19 DOCID 4273133 TOP SBCRET fSI HOf' OltN ∙∙∙∙•∙∙ ∙∙∙∙ ∙_ ∙∙∙∙ ∙∙ ∙ ∙∙ I __ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙ - · 6 1l ∙∙ b 3 -P L 8636 b 3 50 usc 3024 if ∙∙∙∙ h hF · ∙∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙ U lF6U t RECOMMENDATION 3 ' I Jf1 Q 1'1' nn∙ I ∙∙n b 3 P L 86 36 ∙∙ b 3 50 usc 3024 i U lP'6U9t ACTION I b 3 P 8636 U Management Response v r v• ' AGREE∙ I ∙∙∙ ∙∙∙∙∙∙ ∙∙∙ b 1 b 3 P L 8636 b 3 50 usc 3024 i U Stat us OPEN U Target Completio n Da te I 1 U OIG Comment b 3 P L 8636 U I F8Y8 Planned actio n satisf ies th e in tent of th e rec omme n dation TaP SECREJ 'J s 4 '0PO A 20 ' ∙∙ DOCID 4273133 TOP SE CRE T S I t O F ORH UNFOUO Fl NDI NG THREE Oversight Requirements of FAA §702 Targeting Procedures and NSA Policy Are Not Fully Addressed TStiSfHNF SV oversight of FAA §702-sourced dissemination has not been modified to address requirementsfor multiple communication transactions SV is implementing a new process for oversight of audits of FAA §702 database queries U IPOUO Ove rsight of FAA §702 Disse mi nat i on S OfF The FAA §702 targeting procedures associated with the 2011 certifications require that SV perform periodic spot checks of intelligence disseminations to ensure compliance with established procedures SV performs spot checks of both serialized dissemination and dissemination of evaluated minimized traffic T I Hfi' FAA §702 minimization procedures establish unique requirements that analysts mus t implement This includes the requirement that analysts document steps taken to verify that discrete communications within collection containing MCTs are eligible for dissemination SV's spot check of serialized dissemination does not include steps to verify that when MCTs were used to support what is being disseminated the MCT documentation required was prepared in accordance with the minimization procedures l ∙∙∙∙∙∙ ∙∙∙∙∙∙∙4∙∙ bJ 3 t P L 8 6-3 21 DOCID 4273133 4 U TF'Ol f RECOMMENDATION TS ISI fNF Although not required by the minimization procedures SV should incl ude in the spotcheck of serialized disseminations of FAA §702 sourced material procedures to evaluate analysts' compliance with the documentation requirements pertaining to dissemi nation based on discrete communications w i thin MCTs The spotcheck should also evaluate proper 'b 3'fP L 86 3s ∙∙∙∙∙∙ ∙ ∙ use ∙ofl lper NSA policy U f81 19t ACTION sv U Management Response I r AGREE I · · ∙∙∙∙∙ · ··-· · ···· ········ ∙ ∙ f '' b 3 P L 8636 lto nrodif Ythe methodology a nd∙∙∙process for spotcheck ing dissem inations of FAA §702 sourced I ate∙rJ al ∙∙ U Status OPEN U Ta rget Completion Da te I I∙∙∙∙∙∙∙∙ U OIG Comment U j jFOUO Closure of this recommendation will be evaluated upon receipt of documentation supporting the action taken U Oversight of Ta rgeti ng Decisions 8 NF FAA §702 targeting procedures require that SV con du ct ongoing oversight activities and make any necessary repor ts including those relating to incidents of noncompliance with the FAA §702 targeting procedures and ensure that necessary coiTective acti ons are taken to address any identified deficiencies SV ach ieves oversigh t of targeting de cis ions through several means 1 ∙∙ ∙ ∙∙ b 3 P L 8636 1 SV's review includes ana lysis of the adequacy of e tar geting requests ∙∙ th f Q r _igpn es s s upp o rt for thes 'b i b 3 -P L - 86 6 b 3 50 usc '3024 i ∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙ selectors nominated b the CIA 6 '3 iii 8s 3s · ---------------------------------------------- TOe SECltE fi 'Sii 22 7'NtJ F mv DOCID 4273133 Tffll E CitE'f Slh't OF OffiJ imp lemented its own process for nominating selectors adjudicated by SV These are also sele ∙ctO'fs bef o r 'l f 3 -P L SV reviews sendina them to the overseers biweekl 8636 SV evaluates the targeting request for incopsist encies or inacc urajcies and might review the sources cited to s u∙ ∙ ort foreianness if SV i questi on s information A full review including sources supporting foreignness is conducted for all targeting reques ts se lected for review by DOJ I 0 D N I I of the____ b 3 P L 8636 Supporting documentation was reviewed fori targeting r eques ts subm itted for a recent revtew penod S HF Together these processes give SV a perspe ctive on the qu ality of the FAA §702 targeting and adjudication processes j I I I u u ' u u b 3 P L 8636 UI I FOUO An assessment of comp liance with the targeting pro cedures based on SV's reviews of target ing requ ests is not reported to managemen t Such reporting would aid in identifi catio n of t rends analysts and adjudicators whose performance demonstrates a need for additional training and authoritative guidance in need of impro vement RECOMMENDATION 5 U If8 U FOYO Periodically provide management an assessment of targeting analyst and adjudicator performance aga inst the legal and policy requirements for FAA §702 targeti ng based on SV reviews of targeting requests Coordinate w ith FAA §702 metr ics reporting see Recommendation 2 ACTION U f F9 9 U Management Response U FOUO AGREE Per the requ irements of Recommendation 2 j _ _ l e metri cs for management's assess ment r l wil inc _ p rp _ U Status OPEN U Targe t Completion Date I r b 3 P L 8636 U OIG Comment U I F8t 8 Planned a ction satisfies th e intent of th e recommendation 'f'O P5'ECltE'f1WtfJ 'N0Ff J1tH 23 sv I DOCID 4273133 U Oversight of FAA §702 Raw Traffic Repositories U I jfi'OUO The FAA §702 targeting procedures for the 2011 certifications require that SV conduct per iodic spotchecks of queries against repositor ies containing unevaluated and unminimized FAA §702 traffic All queries of databases containing raw SIGINT content are subject to daily review by auditors assigned to each targeting analyst Under U S Signals Intelligence Directive USSID CR 1610 Section A2 9 auditors must be trained in accordance with SV standards or meet with SV for a briefing on auditor responsibilities before conducting audits USSID CR 1610 a lso requires that SV conduct super audits of all interactive raw SIG INT database systems U I FOUO Daily audits of queries assess compliance with FAA §702 query requirements Oversight of the audits is necessary to ensure that they are proper ly and cons istently executed However such reviews are not performed with regularity SV has piloted and will soon fully impl ement a new super audit process that will examine the justifications for queries and evaluate query terms for foreignness using various Agency databases U IFQl I9J RECOMMENDATION 6 U IFQYQ Implement the super audit process and provide periodic feedback to FAA §702 auditors a nd their management on the quality of audit performance U FQl IQJ ACTION SV U Management Response UI FOUO AGREE SID I SV has fully implemented the super audit process for FAA 702 SID requests closure of the recommendation U Status OPEN U OIG Comment U 1 FOUO Closure of this recommendation will be evaluated upon receipt of documentation supporting the action taken F ftH TtJ'P SECJtE Tl'18117' ¢0 24 DOCID 4273133 TOP SE CR E'fi SII tqOf tUq U FOUO FINDING FOUR Some Documentation Supporting Use of FAA §702 Authority Has Not Been Kept UptoDate and Requires Reorganization Across NSA Web Pages UIIFOl JOj Guidance supporting compliant use of FAA §702 authority is maintained in several locationsand is not fully organized by subject Som e of the guidance is outdated Two Standard Operating Procedures SOPs provide differing guidance on the adjudication process SOPs for some oversight functions havenot been developed U Maint enance of FAA §702 Gui dance ∙∙∙ U I FOUO Part of the function of NSA's SOPs and other forms of guidance on FAA 702 is to ins truct analysts and adjudicators in the proper use of FAA §702 authori ty Included in the guidance are such topics as targe ting J dissemination incident reporting and the requirements _ ∙I for approval of FAA §702 targeting reques ts bJ 3 P L 8 -3∙∙∙∙∙∙∙•∙∙•∙ 6 '6 '3 ∙p L # - -· ∙∙∙∙∙ ∙ U F QUO These instructions are found in several places including the FAA sv ∙∙andl I web pages the sv SharePoint site and web pages maintained by individual S2 product lines It is unclear whether some of the guidance is current because it refers only to P AA the prede cessor to FAA In addition much ofthe information on the FAA web pag e is presented as tips or appears in memo ran dum form making it unclear whether it carries the same degree of authority as the SOPs U FOUO The FAA web page which should be the primary source of aiithotita tiv t r guid ance is owned ∙ by∙ the l SID's FAA §702 Implementa ti d 'hra s p 'Tlan n tn to on Le_a rbe en g __ _ update the guidance on this site but oth er priorities such as support for the 2011 FAA §702 Certification renewals required attention ∙∙∙∙∙∙1 I U Targeting Rev iew Two SOPs S H OIF Two SOPs that provide guidance for adjudication of FAA uests have been issued SV r e ar ed ∙∙the 25 DOCID 4273133 TOP SECR ET fSf fN'Of ORH and common errot 'S∙∙∙∙ It lists the roles and responsibi es b P' l S ' ' contrast the∙∙soP Tlhlished∙ by t u -------- - ------- J ∙ · · · ∙∙∙ ∙∙ for targeting ana lysts releasers and adjudicators reviewing FAA §702 targeting activities but does not pro vide a detailed description of the review ∙∙∙∙∙∙ ∙ requirements Responsibility for training adjudicators now resides in I which should establ ish the authoritative guidance to support that ∙∙∙I training U SOPs for Oversight Activities U I fFOUO SOPs are key elements of a system of management controls They establish performance expectations necessary to achieve corporate objectives includ ing co mplian ce w ith established author ities U I FOUO The Agency's use of FAA §702 authority is subject to monitoring by SV S2 Mission Support Staff and Agency personnel who oversee targeting ana lysts including adjudicators As noted already guidan ce for targeting ana lysts and adjudicators has been developed by SV and S2 Mission Support Staff It is important for the oversight functions to have documented procedures to ensure consistent execution of these functions despite staff turnover Responsibilities for FAA §702 oversight have changed significantly 8 f JF in the pas t year SV performs reviews that sup port assessment of g - _ Hanee ∙∙with the autho ∙ri c om b 3 50 3 6 usc 3024 i b a · ur sJ r- t- a-r -ge- ti- n g lnd 1ssemmatton y D J DNI and manages incident report investigation and follow up As personnel outside SV have accepted responsibility for review and approval of a significant portion of the targeting requests including adjudicators across the Agency the FAA Impl ementation Team has assumed r espons ibility for tra ininp and oversight of adjudicators and l n s implemented the purge monitoring the targeting process L adjudication process to improve the completeriess _and accuracy of purges of FAA §702 data SOPs for these oversight functions hav e_not been fully developed ∙∙ ∙∙ b 3 P L 8636 U Role of the Rules Management Pr ocess U I fFOUO As par t of NSA's Comprehensive Mission Compliance Program hs to gather ' organize the role of the o oocl maint_a inr∙∙and p rovid e access to the information contained in external ∙∙∙∙ authorities NSAICSS policy and compliance standards which govern NSA ∙∙∙∙ mission activities The FAA §702 guidan ce should be maintained within this ∙ framework b 3 P L 8636 26 DOCID 4 273133 'fOfl SE CR E'f Sl t OF OffiJ U fFOUO RECOMMENDATION 7 U FOUO In accord with the Rules Management framework establish a proce ss to maintain authoritative guidance suppo of FAA §702 autho ri ty rting com pl iant execution • U JFOUO Organize the infor mation to facilitate research by top ic • UI fOUO Coordinate changes in guidance • and with required traini ng 1 3 F L 8636 U IFOUO Establish a single SOP as the guidance for adj udicat ion of all FAA §702 targeting requests U FOUO ACTION ∙ I 'I U Management Response U I IFOUO AGREE The following activities are in progress lare developing and updating a single SOP for • ∙ 1 ∙∙∙∙∙∙∙∙ oversigh t adJUdication and targeting FAA §702 functions and ∙∙∙∙∙∙∙∙ training • J Jwlr___ _______ ___ jis populating FAA §702 · · · · ∙∙∙∙ documentation mto a reposttory In Octo 9 r 20 1 2 sm∙D _ to discuss the process ∙∙∙∙∙ ∙∙ ∙ ∙ 1 ∙∙ ∙∙∙∙∙ - 8 tl A he l and p ro gress ' ' ''' ' ∙with ___ __ Ito organize the go FAA and ∙∙1 jFAA web pages ∙ · Guidance changes that require upda tes to NCS c ourses within ∙∙∙∙ ∙∙∙∙ · · · the R SK series will be requested via a New Learning Solution In lwill be the originator upon coordination with ∙∙∙ ∙∙∙∙∙ such ci se l ∙∙∙∙s v In add itio n ∙i I see Recommendation 1 will manage to the Targeting Workforce Readiness Standard and ELM chatige tra ining plan _ U Status OPEN ∙∙ ∙∙∙∙∙ U Target Completion Dat ed t j _ · · · · s v wil ·cullaborate ∙_ ∙_ _s ∙_ _ _ ∙_∙_ _ _∙ ∙ ∙_ ∙ 82 1 l U OIG Comment U I I 1LQU9 Planned action satisfies the intent of the recommendation TO·P SECltE T1H'ih$'NO FOttN 27 DOCID 4273133 I UP SEC T 7 1 ft Of Offii U This page intentionall y left blank 28 DOCID 4273133 U FOUO Fl NOI N G FIVE Increased Automation of Processes Supporting FAA §702 Is Needed to Ensure Compliance and Reduce Errors SttS I tNF The process for purge adjudication and execution relies onmanual procedures that might result in incomplete and untimelyprocessing Eligibility for access to FAA §702 raw traffic databases isnot verified after user accounts are established Notices supporting required reviewsI not 1are automated b 1 b 3 P L 8636 b 3 50 usc 3024 i U Purging of FAA §702 Records U I FCUO The Agency identifies communications that must be removed from i ts systems by making a determination that content does not meet the standards for retention Such records are ineliO'ible as sources for AO'enc reporl t O eb f y are a e t ∙ ∙ e∙∙ li · · · § T si · f n r ems tha i a ep i r sa r i or f 0 ∙ ∙∙∙∙∙∙ ∙∙∙ prevent ini'proper us e Q f puige'd ∙ records ∙ to a report are all re c o r 4 Urced ∙∙ ∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙ · ' Checked against the MPL ' iii 'feaJ time w h n t report i's 'rele'ased The for deleting records from ilieir ∙∙system b a on an ∙ lare r sponsible ∙∙ ∙∙∙ ∙∙∙∙∙∙I ∙∙∙∙∙∙∙∙ Execute Or ler W _ ich is an authoritative request to remove data i'oii i' the D ∙1 I Completenes ∙s eLtl J e MPL as a register of records purged and full removal of records from tfie are critica l to compliance D I ' 'il '3 U I IFOUO FAA §702 records that analysts identi fy for purge are subject to I The review prov ides assu rance that adjud ication by persom J eLinj r ecords ' J l ject - t f'j fi irge are com pletely id enti fied It a lso avoids purg ing _ records eligible for retention because they were collected under autho r ities in ad ditio tl F M § 7 G 2 I l als o c o o rdinates l Ito execute the purge order · 1 __ ________ ___ · · ' I i ' 86 36 U I l OUO The adjudication process is manually intensi ye ∙∙∙ ∙∙ ∙∙∙∙∙ ∙ ∙∙ ∙∙ ∙ ∙∙ ∙ ∙ persont L a_ p_ p_ r_o_p_r ' ia ' _t _e _ s_y_s -te_m _ s _a_n_d c onducf ∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙••∙∙•∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙ • 6 ' ∙∙error ∙∙∙∙ ∙∙∙ el issue ' i llow- · the execute order to the up without au tom a ted support 1 The manua l process ts subJect to ∙∙∙∙∙ ∙•∙∙∙∙∙∙∙∙∙∙∙∙•∙∙∙∙ I Lack of automation to comp lete me purge crea tes me opportunny tor incomplete or untimely TOf'SECRE T $$$'ll0lr OltlV 29 DOCID 4273133 TOP SECR ETHSflt HOF OiUJ proc _$ sing · · l ' t i - 86 - 3 L U I FOUO No instances of inapp ropr iate reporting were identif ied dur ing this review which did not include testing U FOUO RECOMMENDATION 8 U FOUO Increase automation of the purge adjudication and execution processes to support complete and timely execution U Foue ACTION 1 U Management Response •' ∙∙'I • b 3 P L 8636 U I FOUO AGREE SID outlined a threephased approach to deve lop re qui rements for automation to improve purge process effidency plan a schedule of work and implement the new capabilities se'e Appendix C for ∙ the detailed response U Status OPEN ∙ U Target Completion Date I U OIG Comment U I 1 £ QUO Planned action satisfies the intent of the recommendation U FOUO Access Cont rols over FAA §702 Raw Traffic Databases b 3 P L 8636 8 PlF The FAA §702 targeting procedures assoctated wtth the 2011 ∙ certifications require that SV establish processes to ensure that raw traffi is accessible only to those who have h ad the proper tra ining Raw traffic derived from FAA §702 coll ection is maintained inl To obt ain a user account and access these databa L t b_e se_s_ _u_s_e_r_s_m_ u_s ___ obtain the assigned to an app Y c Lmissi on l l t - · r _qg _h d for the database I and take ∙ 1 fe guired tra ining When all of these requirements have been met ' ' ' ' o · _ b 1 1 I an automated notice that ' h f ' b 3 P L 8636 bl Th th a t users h ave permtts esta 1s ment o an account IS process ensures a mission need to access the information understand the restrictions for handling the data and have been properl y trained in FAA §702 · · ' ' ' b 3 P L 8636 requirements ll not ' P ·d · r - - · idt rmation jdlres U 1f FOUO j∙does not verify that persons after acc oun ts have been - _ta blished accessing FAA § 92 raw 'fraffic databas es continue to meet eJ fgibility criter ia ean∙ l e used to verify this in formation l'began using I I lV QFQ RN TQ P SECRE f «SI t 30 DOCID 4273133 TOP SE CRETh'Sf tJOF OiUJ lfor this pur p_9 se l _ - J - l estab lished ∙∙1 ∙∙ ∙∙∙∙∙ U Q iJ o ·s · rvices s for ∙L I ___ Jihave no t been ∙∙∙∙∙∙∙ l - f rov id es author ization attributes and access contro l to NSA enterprise programs and projects NSAICSS Policy 631 A uthentication and Authorization Services on NSANet Resources 26 July 6 ' 3FP ∙ t 6 2QJQ ∙ ce q l i f eS that alL l e g Y data repositories and a pplications be · l · ei i 6 i e ·a · Accar¢i P g the ii9 U Y · system is enabled when it utilj es attributes about the us∙er∙ obtairi tfro m· --- T ' app lies authori tation le cisio ns based on those attributt ∙s ∙ The su ' a Js Usage Guide states thai a∙ utho rization is based on privileg es he ' ld ch ∙∙∙ security clearances training comp lete∙d •l ∙∙ ∙ ∙ ∙ I l I J L U I IFOUO Failure to ve rify user attributes that qualif y for raw SIGINT access increases the risk of inappropriate access to FAA §702 raw traffic databases al though no such inappropriate access was identified by the OIG during this study U IFOI fOt RECOMMENDATION 9 U lFOUO Establish for repositories of FAA J _0 2 data l I I means Y Xify that usets remain eligible for access I ∙ 'il '3 i -· as · 3ff ∙ UffFOUOt ACTION ∙I U I j FOjO I AGREE J P qm g · I U Management Response I manages the mapping of a ccess contro ls 702 Ito re12ositories Elirribili tv to access FAA data ∙ is updated l'J P d r e fl ected in I lare ab le to restrict access accord ing to a user's eligi bility · · $tatus This control was previously hand led at a system level but is now an a · g · e · d by I I SID requests closure of the recommendatiOn U Status OPEN U OIG Comment ∙∙∙∙∙∙∙∙∙•∙• '' ' ''' ''t' 'l∙l''n nl t 3 I ' 86 3 U I fFOVO Closure of this recommendation will be evaluated upon receipt of documentat ion su pportin g the action taken SN F b ∙ 1 ∙∙∙∙∙∙ I Required Reviews of FAA §702 Selectors Under FAA §702 author ity analysts are required before tasking to deter ine that t e intended target i a nonUSP reasona l y b 3 50 USC 3024 i beheved to be outs tde the Umted States and confum that the person ts appropr iate for targeting under FAA Cert ifications After taski n g is initiated and collection begins the targeting pro cedures require NSA to conduct pos t targeting ana lysis designed to detect those occasions when a person who when targe te d was reasonably believed to be located outside the United b 3 -P L S 86 _36 l F se l ctors 31 DOCID 4273133 TOP SECRET fSJ 11 JOf' lt M States has entered the United States and will enable NSA to take steps to prevent the intentional acquisition of any communication as to which the sender and all intended recipients are k no wn at the time of acquisition to be located in the United States or the intentional targeting of a person who is inside the United States S OlF To ensure com plianc e with these requirements the Agency has impl emented the Obligation to Review OTR process which establishes standards for posttas king reviews Initi al target ver ification must be complet ed within five days of receip t of communications for the tasked selector Analysts must confirm that The user of the tasked selector is the intende d foreign intelligence target The target remains appropriate under the Certification c ited in tasking and is not a USP and The target remains outside the United States or there is no information to indi cate that the target is inside the Unit ed States S tfF After the initial verification analysts must review sufficient information to ver ify that no change has occurred in the target's status that h would affect eligibility for targeting NSA's internal guidance directs that 1 P ·- -- - fuis re v i W i be done at least every 30 days In addition to the 8 g -so Js i requirements f or'i ' View l I analysts must d termine whether the collection obtamed IS routinel y of a type that m tght reqmre prompt des truction e g domestic communications s 24 Automation has been implemen ted to support compliance with Sf SI f fF the OTR requiremen t s ∙ _ ∙∙∙∙∙∙∙•∙ 6 1 ∙∙ b P L 86 36 b 3 so • · us _c 3024 i ∙∙ ∙∙∙∙∙∙∙∙∙ S I SI I l'fl ∙ __ _ '1 l ____ _____ 5 U fOUO Guidance to Analysts on Obligation to Review Data Under Protect America Act and the FISA Amendments Act on the FAA web page 32 DOCID 4273133 TOP SE CRET Sl HOF ORN b 1 · ···· · ·· ····---····- ∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙ b 3 P L 8636 b 3 50 usc 3024 i U IFOUO RECOMMENDATION 10 • Improve accountab ility for compliance with NSA's internal OTR requirement · I ∙∙∙∙ b 1 r ∙ b ' 3 b 3 ∙ 8636 5Q u $C · -3Q 4 i f L ∙∙∙∙∙∙∙∙∙ ∙∙ ∙∙∙ ∙∙∙∙ • ∙∙∙∙∙∙∙ ∙∙ ∙∙∙ ∙∙ _ ∙ ∙∙ l l v l f I t ' l r ∙∙∙∙∙ I UO QUO ACTION '0 Manageme o t Response H'3 I I U Target Comp letion Date I I ∙∙∙∙∙ - U OIG Comment I U 7'F888 j Planned action satisf ies th e intent of the recom m endatio n 33 I AGREE SID rep orts tha t the re quirei ii ertts ∙l I U Stat us I OPEN P L 8636 ∙∙∙∙∙∙∙ are com pleted I '6 3 P L 8636 DOCID 4273133 U This page intentionall y left blank 1uP Sl CttE f'I 'Si rOFOfHI 34 DOCID 4273133 TOP SE C RET HSII J OF OR P'l U IFOUO FINDING SIX The FAA §702 Curriculum Needs to Be Updated and the Training Requirement Enforced U IPOUOJ Although the new FAA §702course significantly improved training content additional subjects should be considered and the trainingshould be enforced An online resource supporting adjudicator training is needed U Analyst Training U SID has significantly improved training for FAA § 702 U FOUO All personnel with access to FAA §702 raw traffic databases must take the training course FISA Amendments Act FAA Section 702 OVSC 1203 which provides studen ts with an understanding of the lega l policies and minimization procedures for this authority '6 3FP c ss 3s∙∙∙∙ ∙ ∙ ∙ ∙∙∙ ∙ ∙ S 0114 FAA 702 Practl c'iiifApplications ∙ ____ _ The c ur se is part of the l which 1s estabhshmg common ∙ 1 standards and processes for SIGI NT targeting and creating training and competency assessment mechan isms to support those standards FAA 702 Practical App lications will provide a too l to improve analys t understanding of how to app ly FAA §702 including clear examples of documentation that meets the legal and policy requirements and exercises in the use of the princip les Topics covered in the training include targeting requirements sele ctor research documentation required to support the target ing decision approva l of targeting requests analyst obligation to review c ommunications to verify that selectors continue to meet targeting requirements and incident research and reporting L I teaches application ofF AA §702 auth rity ' U FOUO FAA 702 Practical Applications does important to co mpliance with FAA §702 not address certain topics 'fS SI 1 N F FAA 702 Practical Appl ications focuses on targeting and target maintenance Certain matters were not included in the scope of the course including hand ling of incidents resu lting from improper minimization dissemination hand ling and site tasking Based on interviews with SID personne l and OIG review of the course other matters should be cons idered for addition to the course Explanation of the reasonab le belief standard Reporting including the new procedures required for hand ling MCTs Query requirements and Procedures for sharing FAA §702 derived in formation with in the Agency and disseminating FAA §702 derived infor mation to customers 35 DOCID 4273133 TOP SECR ET fSf fq Of ORN U ffO UO FAA 702 Practical Applications is not enforced for targeting under FAA §702 authority U I FOUO According to S2 officials completion of FAA 702 Practical Appli cations is required for analysts who h ave access to data derived from FAA §702 collec tion The course offers mor e detailed training in the application of the authority and the potential to improve targeting efficiency and compl iance with FAA §702 However the requirement to take the course will not be enforced until ADET modifies the content to address ∙ ∙∙∙ defi ciencies ∙∙identi fied by I I SID Operations personnel plan to begin b 3 P ∙L SS e P f rcing the requirement for all ana lysts with access to FAA §702 information I U Adjudicator Training 8 Sif nF Adjudi cators verify that targeting requ ests meet FAA §702 'tij '-P L ∙∙∙ compliance standards before tasking A sianificant trainina effort was undertaken I S -36 ∙∙ ∙∙∙∙∙∙ ∙∙ ∙∙∙ fbut a standardized online resource is needed to support current '- an-t ' d t u tu _r-· e_ adjudicators An onl in e co urse would provide the basis for per formance standards support consistency of training and serve as a read y reference when questions arise U lFOUO RECOMMENDATION 11 U I fOUQ1 Modify the FAA §702 curriculum U JFOUO Include additional training on incidents e g from improper minimization dissemination reporting requirements unique to FAA §702 query requirements sharing of FAA §702derived information and an explanation of the reasonable belief standard U FOUO Update FAA702 Practical Applications and enforce the requirement for all FAA §702 analysts to complete the course and • UHFOUO Document the adjudicator training and make it available for reference U FOUO ACTION I ∙∙∙∙∙ ∙∙∙∙•∙ ∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙ b 3 P L 8636 TQ P 8EC ET S'8fiS'l'l0rf Htlr 36 DOCID 4273133 U Management Response ∙∙∙∙∙ ∙∙∙∙∙ 'Hj ∙∙ ∙∙ UI I FOUO AGREE OVSC1203 SV will work with ADET to upda te th e FAA §702 OVSC 1203 course to r eflect the amended Targeting and Minimization Procedures that the Forei gn Intell igen ce Surve illa nce Court approved in September 2012 lwill publish training slides onto the S2 FAA §702 Targeting I Review Guidance web page and work with ADET to update OV§_C 1203 D 1 ∙∙ I _ CRSK 1304 __1305 up∙d'ates to FAA702 Pra ctical Appl ications _ ∙∙∙ C RSK1 304T ·a ld FAA702 Adjudicator Training CRSK 1305 were I In addition enforced registration in the ∙∙ completedl ELM program and targeting p r oficiency statistics to the individual level as P - k - -· - w l - aS £Q J P t _ tion rate of any reguired FAA §702 traini g N C_S _cou r es wtU - h __ omplet e d - j Stru ctured ontheJob trannng wtll be phased in U Status OPE i'r ∙ U Target Completion Da te IL ------- 1 U OIG Comment I U I FOUO Planned a ction satisfies the intent of the recommendation U Conclusion U I fFOUo NSA has designed a system of management controls includin g training policies pro cesses procedures systems and oversight to ensure compl iance with FAA §702 Our recommendations suggest ways to improve the overall contro l environment in whi ch the FAA §702 authority is used U This review examined the design of the cont rol s Compliance and substantive testing needed to draw conclusions on the efficacy of the managemen t controls will be co nducted in a later review TfJ P SECltE 'fWSb$'NfJPOtO'¥ 37 DOCID 4273133 U This page intentionall y left blank TOf' SEC R£T $i% $'A'OF lt t' 38 DOCID 4273133 TOP SE CRET Sl HOF ORN IV U OBSERVATIONS U FOUO Procedures to Improve Representat ions to the FISC U I FOUO In an operation as diverse as NSA where a multitude of legacy systems are involved in processing and compliance unde r a given authority it is understandab le that var iations might exist in systems and manua l procedures involved in the appl ication of author ity under FAA §702 These var iations have the poten tial to create com ytiance concerns when standards NSA expanded its are mandated for 1 l r§ of an auth rity ∙∙_ u ∙s e∙ ifVerifi cati'on of Accuracy VoA procedures to NSA's FAA 702 Minimization Pro ce dures and Affidavits N SA's VoA procedures are to be b 3 P L 8636 applied to written representations that describe NSA's acquisition process ing retention ana lysis and dissemination and form the basis of a legal opinion a FISC Order or an Exe cutive Branc h decision or authority The purpose of a VoA review is to increase confidence that t he representations made to externa l entities are accurate and based on a shared understanding among operationa l te chni cal legal policy and compliance officials The VoA pro ce du res require all fa ctual statements with in the declarati ons to be verified Subject documents mus t be reviewed by authorizing individuals identified by senior leaders within the Dire cto rates I U I IF OUO Additiona l t raining m a intenance of clear and updated guidance and continued implement ation of the VoA procedures will provide an increased level of confidence in obtaining a consistent understanding of Agency pro cesses and in the accuracy of representations made regarding these processes to outside authorities see Recom mendations 7 and 11 U IFOUO Effect o l∙o n 9ompliance ∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙ with FAA §702 ∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙ I ∙•∙∙∙ ∙•∙∙∙ ∙•∙∙∙ ∙•∙∙∙ 3 P L 8636 'ftJ P J'ECltE T Si%S' 'l Ff J RN 39 DOCID 4273133 'fOP SECRET fSfiR'tOF ORH U FOUO Effect of Manual Entry of Information on Targeting Requests Sf PlF A significant requirement for processing targeting requests under FAA §702 authority is the documentation of support for analysts' determination that the target is outside the United States and is no t a USP bHtr ∙∙∙∙ b 3 P L 8636 b 3 50 usc 3024 i g OlF Before the targ eting request is approved adjudicators review the sources documented in the targeting request that support the foreignness of the selector ∙I -··· - ∙∙∙∙∙∙∙∙ b l 1 ∙∙ b 3 P L ss 3s b 3 50 usc 3024 i TOf'SECR£ T S'Sfi$'N0Ff Rft' 40 DOCID 4273133 TOP SE CRETHSI NOF OR H V U lFOUO SUMMARY OF RECOMMENDATIONS U FOUO RECOMMENDATION 1 UI FOUO Establish for FAA §702 targeting analysts and adjudicators ACE performance objectives based on completion of a specified proficiency level of the Targeting Workforce Readiness Standard and ELM training plan 51 NF ACTION '' U Status OPEN b 3 P L 8636 U Target Completion Date I 1∙_ U FOUOt RECOMMENDATION 2 U FOUO Develop metrics and management reporting to Measure targeting analyst and adjudicator compliance with FAA §702 targeting and minimization procedures and • Support analysis of trends indicative of needed changes in training or guidance U FOUO Coordinate this process with the Comprehensive Mission Compliance Program SffNF1 ACTION U Status OPENI U Target Completion Date I ' b 3 P L 8636 ∙ b U FOUO RECOMMENDATION 3 b 3 '·P b 3 -50 L 8636 ' U c 3024 i ∙∙ J fTSh'Sih'PdF I ∙∙∙∙ U FOUO ACT ION I 1 _ ∙ b 3 P L 8636 U Status OPEN L' U Target Completion Date I I U FOUO RECOMMENDATION 4 TS SIHNF Although not required by the minimization procedures SV should include in the spotcheck of disseminations of FAA §702sourced material procedures to evaluate analysts' compliance with the documentation requirements pertaining to dissemination based on discrete communications within MCTs The spotcheck should also evaluate lper NSA P i Y proper use ofl _ _ U F'OUet ACTION SV 8636 · · b 3 -P L U Status OPEN U Target Completion Date I∙∙∙∙ U OIG Comment Closure of this recommendation will be evaluated upon receipt of documentation supporting the action taken I TOP SECRE Tl$'9b 'Nf F JttH 41 DOCID 4273133 TOP SECRET Sfh'HOF ORti U FOUO RECOMMENDATION 5 U IFOUQt Periodically provide management an assessment of targeting analyst and adjudicator performance against the legal and policy requirements for FAA §702 targeting based on SV reviews of targeting requests Coordinate with FAA §702 metrics reporting see Recommendation 2 U FQUO ACTION SV U Status OPEN U Target Completion Date I p L 86 36 I ∙ ∙ b 3 ∙ ∙ U t'FOUO RECOMMENDATION 6 Implement the super audit process and provide periodic feedback U IFOU auditors and their management on the quality of audit performance to FAA §702 U FOUO ACTION SV U Status OPEN SID SV reports the super audit process is fully implemented for FAA 702 U OIG Comment Closure of this recommendation will be evaluated upon receipt of documentation supporting the action taken U FOUO RECOMMENDATIO N 7 UNFOUO In conjunction with the Rules Management framework establish a process to maintain authoritative guidance supporting compliant execution of FAA §702 authority • Organize the information to facilitate research by topic • Coordinate changes in guidance with required training and Establish a single SOP as the guidance for adjudication of all FAA §702 targeting requests U FOUQ ACTION ' ' U Status OPEN U Target Completion Date _ l ∙∙H ∙∙∙∙H∙∙∙∙∙∙∙ H L l ____ U FOUO RECOMMENDATION 8 U iFOUO Increase automation of the purge adjudication and execution processes support complete and timely execution a u N ------ I L1 U Target Completion Date I U FOU to H HH∙ b 3 P L 8636 RECOMMENDATION 9 U FOUO Establish for repositor ies of FAA §702 data l means to verify that users remain eligible for access U FOUO ACTION I 1 H 'b 3∙ P L 8636 ∙∙ 1a b 3 P L 8636 U Status OPEN SID reports that actions have been taken to resolve the recommendation and requests its closure U OIG Comment Closure of this recommendation will be evaluated upon receipt of documentation supporting the action taken 42 DOCID 4273133 U FOUO RECOMMENDATION 10 U IfiOUO Improve accountabili I ty for compliance with NSA's internal OTR requirement ------------- U FOUO ACTION ' 1 U Status OPEN U Target Completion Date ∙∙∙∙ b 3 P L 86 36 ∙ ∙∙∙∙ ∙ ∙∙∙∙∙∙∙ ∙ ∙ I I ∙∙∙∙∙∙∙∙∙∙ 1 b 86 36 b 3 P L b 3 50 usc 3024 i U IFOUOtRECOMMENDATION 11 UI FOUOtModify the FAA §702 curriculum • UI FOUO Include addit ional training on incidents e g improper minimization dissemination reporting requirements unique to FAA §702 query requirements sharing of FAA §702derived information and an explanation of the reasonable belief standard • U FOUO' Update FAA702 Practical Applicat ions and enforce the requirement for all FAA §702 analysts to complete the course and • U IfOU Document the adjudicator training and make it available for reference UI FOUO ACTION U Status OPEN '' U Target Completion Date L l ______ ∙ ∙∙ ∙ ∙ ∙ TfJ P SECltE 'f $' J lJ NOPOfb'¥ 43 - ∙ b 3 P L 8636 DOCID 4273113333 U Thigs pm leftt blamik 44 DOCID 4273133 TOP SE CRETNSI OF VI U ABBREVIATIONS O J AND ORGANIZATIONS U ADET Associate Directorate for Education and Training U CDW Corporate Data Warehouse S fNF CIA Centra l Intelligen ce Agenc y U DIRNSA Director of NSA 8 SI OlF DNI Digital Network Intelligence 8 SI P F DNR Dialed Number Recognition U DOJ Department of Justi ce U ELM Enterprise Learning Management U FAA Foreign Intelligence Surveillance Act Amendments Act U FBI Federa l Bureau of Investigation U FISA Foreign Intelligence Surveillance Act U FISC Foreign Intelligen ce Surveillance Court U ISP Internet Service Provider 'PS Sl P•F MCT Multiple Communications Transactions U MPL Mast er Purge List U NCS National Cryptologic Schoo l S OIF NTOC NSA CSS Threat Operations Center Office of the Director of National Intelligence U ODNI Office of the Director of Compliance U ODOC Office of General Counse l U OGC Office of the Insp ector General U OIG U OTR Ob ligation to Review U PAA Protect America Act U P L ---------- P r o d u ct L in e -------------- U ∙ U S-0_2 ____________ S_I_G_ P_o h c _y _ a_n_d C-o -rp _ o_r _a -te -- Is _s_u_e___ s Staff IN _T ___ ∙∙∙∙ ∙∙ ∙ t i j c U _ S 2 __________ S I D _ An al 'y U I s i s_a n r o d u c ti d P o n _ ____ ___ U - ss - 3s u 'f ∙ ∙ ∙∙∙∙ U ∙∙ ∙∙∙∙∙∙∙∙∙ U L S - 3 ----------- ∙∙ ∙ ∙ ∙∙ bl U a S ID ------------ S t-gn---- - -s- I- -n- -te lT ''Ig_e_n_ U SIGINT JJ SOP S I' D D- -ir_e_c- -to_ r _a - t- e -- - fo -r - D - a- t a- A- - c-- u- i -si ti ' o_n __ c_e D Ir -e-c t- - o -r -at - - e-------- Signals Intelligence Standard Operating Procedure E IL _____ ___ 1 ∙∙ U SV _ U TD SID Oversight and Comp liance Technology Directorate tJ ------------------ ------------------------ V' U U U U P -------- u p e_r_s on' U USSID United States Signa ls Intelligence Directive TO ' SECR£ TIH'itJ 'NOFf JftH 45 DOCID 4273133 'fO u D ∙∙ U VoA SECR E'fh'St i JOf ORH h 3 P L 8636 1 ∙ ' '' ' Verification of Accuracy TOf'SECRETtSl%$'l' 0FO Jl l 46 DOCHD 4273HEB U A U About the sandy DOCID 4273133 'fOJl f i CMl ISI iNOF URN U This page intentionall y left blank 'fOP 8ECR E'fh'8IHHOF ORN DOCID 4273133 'fOP SE CRE'f SI t OF OiUJ U ABOUT THE STUDY U Objective U I FOUO The objective of this study was to assess the adequacy of management controls designed to provide reasonabl e assura n ce of comp liance with Section 702 of the Foreign Intelligence Survei llance Act of 1978 FISA as amended by the FISA Amendments Act of 2008 FAA §702 U Methodology U I fFOUO This study was conducted from March 20 11 to February 2012 and was based on review of published and draf t forms of guidance review of certain controls in systems supporting application of the authority and interviews with managers and analysts responsible for targeting approval and overs ight subject to FAA §702 requirements This report of the study's findings also incorpo ra tes information that was provided subsequently prim ari ly with res pec t to Finding Thr ee Testing of the controls identified will be the subject of a later review U I I FOUO The study was conducted according to the standards of the Council ofth e Inspectors General on Integrity and Efficiency Quality Standards for Inspection and Evaluation January 2011 We believe that t he information derived from interviews and the documen tat ion reviewed pro vides a reasonable basis for our findings observations and conclus ions accord ing to our study objectives U Use of ComputerProcessed Data U The use of co mputerpro cess ed da ta was not necessar y to perform this audit U Prior Coverage U IFOUO AssessmentofManagement Controls to Implement the Protect America Act PAA of2007 S OfF The Assessme nt of Management Controls to Implement the Protect America Act of2007 found that additional contro ls were needed to verify t hat only authorized se lectors were on coll ection and that tasked selectors were producing foreign intelligence on the expected targets The study also identified the need for more rigorous controls to increase the rel iability of spot checks for PAA compliance PAA was the predecessor to FAA A1 DOCID 4273133 Act FAA §702 Detasking U fFOUOj Auditofthe FISA Amendments Requirements S Pl FtThe 0 G Audit o the FISA Amendments Act FAA §702 Detas king Requirements and that the Agency loes ∙not have a ts ltenr t pro_c_e_s_s a s ' e am L c_o_n_s lt_o_e_n_s_ure ' ' less trans i tjon ∙Hom FAA §7 02 autho r ity to FBI FISA ∙∙ ∙∙∙∙∙∙ ∙∙∙∙ b 1 b 3 P L 8 636 A-2 DOCID 4273133 TOP 8ECR£ 1 8 i1 7 i j f fJtU'V U APPENDIX B U FAA §702 Control Requirements and Management Controls TOP 8 B C RET Sf tOF OR l l DOCID 4273133 TO P 8ECR£ 'Ft't'81J 'NOFOitH ST-11-0009 U This page intentionall y left blank 'TOP 8ECRET fSf NOF OR H DOCID 4273133 T ' S E CRE'ft 'Silll'idl U FAA §70 2 CONTROL REQUIREMENTS ORIV AND MANAGEMENT CONTROLS ' b 1 b 3 P L 8 63 6 S II j Many of the internal control requirements are established by the Affidavit of the Director of NSA submitted for each Certification Exhibit A to the Affidavit and Exhibit 8 to the Affidavit targeting procec ures e process or etermmmg at a person Ex 11 It A esta IS es e Agency s FAA L r tar g et e under Section 702 of the Foreign Inte lligence Surve illance Act FISA Amendments Act of 2008 FAA §702 authority is a non U S person USP reasonably believed to be located outside the United States required posttargeting ana lysis to ensure that the Agency does not intentionally target a person known at the time of acquisition to be in the United States and does not result in intentional acquisition of dom estic communications requ ired documentation of the foreignness determination compliance and oversight and steps required for departure from the procedures Exhibit 8 contains the minimization procedures to be used for information collected In addition to the control requirements estab lished by the affidavits and exhibits the Standards for Internal Contro l in the Federal Government provide a general framework of controls that should be incorporated into daily operations U This document provides a summar y of the internal controls in place to meet these requirements B-1 DOCID 4273133 ST-11-0009 Assess m ent So u rce Con tro l Objecti ve• Control Desc r iption Good U TARGETING PROCEDURES 1 I U Determination of Whether the Acquisijion Targets NonUSPs Reasonably Believed to Be loca ted OUtside the United states U Exhibit A SA determines whether a person is a nonUSP reasonably believed to be outside the United States in light or the totality or the circumstances based on the information available with res t to the rson l NSA analysts may use Information from one or more of the following to make that determination I I I lead information Research in NSA databases available reports and collateral information I Targeting Requirements I I i II J hhe selector tasked and support for the reasonable belief of foreignness is also required Targeting Rationale TAR Statement is also requir ed and documents why targeting is requested and must indicate the tie to a foreign intelligence purpose specific to the FAA Certification under which targeting is requested The I I SI SI 14F Releaser review Signals lntellioence ISIGINn Directorate Qr oduct l ine Pl personnel review I argeting Requests for overall com 1ance WI e c osen ation before releasinq ij for ad ' ud i tion Adj u dicat i on All targeling requests submitted under FAA §702 Certifications must pass this review for accuracy of processing and compliance with FAA § 702 requirements It includes the appropriateness of the target to t he ctlrtification Vtlrification of the support for reasonable belief of foreignness confirmation that the most recent∙foreignness support is used and that the information supports the non USP status of the targe t See recommendation 11 regarding determination of a single Standard Operating Procedure SOP for adjudication b 1 b 3 P L 8636 b 3 50 usc 3024 i TOP I C i tE f t Sit 1 ' j FB RN B-2 It Ad eq uate Needs Improv ement DOCID 4273133 Assessment Contro l O bj ective• 2 Control Oesc r i ption Source U Determination of Whether the Acquisition Targets NonUSPs Reasonably Believed to Be located Outside the United States continued Good U Special Processing iBH1 l The Central Intelligence Agency CIA has its own nomination process Reauesls are reviewed for FAA 702 comoliance bv NSA person nell li b 3 P L 8636 b 3 50 usc 3024 adjudlcatoon rev1ew I 1 v pe orms tne I Tasking Requests The FBI implemented its own nomination process subsequent to the field work on this study c J FB I 3 To acquire communications about the taraet that are not to or from the target NSA will U ExhibH A Ito ensure I that the person from whom n seeks to obtain foreian intelliaence Information is located overseas I JNSA Will direCt surve11iance at a party to the communication reasonably believed to be outside the United States 4 I U Assessment of the Non∙ USP Status of the Target b 3 P L 8636 I I P filters are used to ensure that one end of collected communications for DNI selectors is foreign see special requirements for Multiple Communi tions Transac tion$ MCT$ Min imiz- tio n Procedures row 4 r It b 1 b 3 P L 86 6 b 3 50 usc 3024 i U Exhibit A U See Targellng Requirements rows 1 and 2 I nf orm atio n that NSA examin es to determine whether a target is reasonably believed to be located outside the United Slates m ight also bear on the nonUSP status of the target For example b 3 P L 8636 Adequate it rtJfJ $ECft£'fl5'fJN'Hf JF RN B-3 Needs Improvement DOCID 4273133 TOP SECRET i$'SM'NfJFfJIM b 1 b 3 P L 8636 b 3 50 usc 3024 i ST-1 1-0009 Assessment Control Object i ve• 5 USP To Prevent inadvertent tarQetinQ of a Contro l De scr ipti on Source U E h i b it A I I I Good l t f b liAf nf i The adjudicator's reView verifies the reasonable bel1ef of loretgnness and that there is no contrary information concerning the target's L SP status ∙∙' ∙ b 1 lh 13 P l 8636 B-4 It I Adeq uate Needs Improvement DOCID 4273133 Assessment Contro l Object i ve• 6 of the Foreign Intelligence Purpose of the Targeting Assessment iSf11HFt To assess whether the target possesses and or Is likely to communicate f oreig tn elli e information related to a foreign power Con trol Oesc ri ption Source nr U Exhibit A TAR Statement documents why targeting is request ed and must indicate the tie to a foreign intelligence purpose specific to the FAA Certification under which targeting is requested This is subject to adjudication The NSA considers information a u se ec or g ∙ b 3 ∙P L 8636 b 1 b 3 P L 8636 b 3 50 usc 3024 i T9P 8ECR£'FMi M t'f1Pf1R1'1' B-5 Good It Adequate Needs Improvement DOCID 4273133 ST-1 1-0009 Assessment Control Object i ve• 7 Control Descr ipti on Source II UIIFel fe7 POST TARGETING ANALYSIS BY NSA U Exhibit A Post targeting analysis is design ed to detect when a person who When targeted was reasonably believed to be located outside the United States has since entered the Unfted States and will en able NSA to take steps to prevent intentional acquisition or communication in which the sender and all intended recipients are known at the time of acquisiti on to be located In the United States or the Intentional targeting of a person who is in the United States Such analysis may include Good Ad eq uate Needs Impro vement iSffl'll'tN SA's Internal Obligation to Review OTR policy requires analysts to perform reviews as follows Initial collection must be reviewed within 5 days to verffy that the user of the selector is the intended foreign intelligence target the target is appropriate to the FAA Certification under Which ft is tasked and the selector is not in the United States or a USP Collection must be reviewed at least every 30 days to affirm the target's foreignness and nonUSP status and verily that information obtained is not or a type to requi re immediate destruction e g • domestic communications o 1 b 3 P L 863 ' o 3 50 usc J 24 i ' i I I I L b 1 b 3 P L 8636 b 3 SO usc 3024WJp SECR£'f 'SM'i '''BF'Bfi JV' B-6 r • DOCID 4273133 Assessment Control Objecti ve• 8 Ill U DOCUMENTATION U Exhibit A tei 'HftA nalysts who request tasking will document in the tasking database a citation or c at i ons to the information that led them to reasonably believe th at a targeted person is located outside the United States Before tasking is approved the database entry lor that tasking will be reviewed to verily that the database entry contains the necessary citations A citation is a reference that ident i fies the the r rm t i o I source n e c al will ma1ri am I on WhiCh NSA alvs ts Good targeting requests submitted under FAA §702 Certifications are subject to review by an adjudicator lor verification of compliance w h requirements including appropriateness of the target to the Certi fication support lor determination of foreignness and USP status and foreign intelligence purpose The adjudicator is responsible l or ensuring that the support lor reasonable belief of foreignness is documented in a database maintained by SID SV II 9H'NFt The targeting system requires the analyst to choose from a menu of foreign intelligence purposes specific to each FAA §702 Certification Once the certification is chosen the analyst must select a f ' ' associated h that certification II t _ is not in the menu the select or cannot be tasked under FAA authority 111ec J I ble hoSe v Uena responsible lor conducting oversight to t e and review the informati on that led NSA analysts to conclude that a target is reasonably believed to be located outside the United States n Control Oescri ption Source b 3 P L 86 36 also will identify the foreign power lab iut which they expect to b 1 b 3 P L 8636 b 3 50 usc 3024 i Jl- o ot a '•n ' r co r 'e 'IQ n '• nt 'ee rl i g ence 9 IV U OVERSIGHT AND CO MPLIANCE SV with NSA's OGC v l develop and deliver training to ensure that personnel U re$pon$i ble for pp r oving t rgeting of person$ under FAA §702 as well as analysts with access to the acquired foreign Intelligence Information understand their responsibilities and the procedures that apply to this acquisition U ExhiM A Adjudicators are subject to the same t raining requirem ents as analysts They also have received in∙person training on the targeting review process Documentation standardizing the information provided U in this training has not been made available online f or reference by the adjudicators SV and OGC developed the FISA Amendment Act FAA Section 702 course OVSC1203 when FAA was impl emented It focuses on the legal requirements of FAA U U A new course FAA 7 a l Applications∙ CRSK1304 was made available It provides analysts h detailed exampl es of use of the authority e requirement for s completion is not yet enforced see Reco mmendation 11 b 3 P L 86 36 'f F8ECR£'f i'SMS'W1P€JR ¥ B-7 Adequate Need s Impro vement DOCID 4273133 ST-11-0009 Assess m ent Con trol O bjective• 10 Control Desc r ipt ion Sou rce U SV has established processes lor ensuring that raw trallic is labeled and stored only in authorized repositories and is accessible only to those who have had the proper training U Exhibit A ' 3 P L 863 Good Adequate Needs Improvement collection stores must be compliance certified before they can be used to process or store FAA §702 data U All FAA §702 systems are certified lor purge and access functions U AII U To obtain access to the FAA §702 databases indMduals must have an approved mission entered inl by their suoervisor appropriate clearances supeiVlsor must requ est in the System and required training verv1ew Of Intelligence A U1nontles USSID 18 Legal Compliance a nd Minimization Procedures and OVSC1203 Bl'ISh'I'UFj Requests lor analysts' access to I l Ontatntng Ff A §702 data OUSt oe suomtnea oy an access sponsor access must be approved by thec J owner U SV reviews requests lor compartmented accesses verifying that the analyst has required training and an appropriate justification for access e g includes mission unction targets requiring FAA access I I d e not able lo veilfy an account hoidePs conbnu1ng eilgtbtilty to access FAA §702derived collection Eligibility is determined when the account is established Compliance with annual requirements to update tralnjng i§∙Do t Jerified at sign on alter aSSP' 'P' thit was c om eted lor in a system update see Recommendation 9 sr∙up b 3 P L 86 36 B-8 ∙ _ • iw 6 1 o 3 P L 863 o 3 51 u sc J 24 i DOCID 4273133 Assessment Contro l Ob ject i ve• 11 U SV will conduct oversight activities and will make necessary reports including those relating to incidents of noncompliance to the NSA Inspector General and OGC Con trol Oesc r i ption Source U Exhibit A Good Adequate Needs Improvement U Incident Reporting see row 13 1 SV performs the following oversight activities lnewly tasked or retasked before sending to DOJ and Office of the Director of National Intelligence ODNI biweekly tef1Nf7 SV will also ensure that corrective actions are taken to address identWied deficiencies To that end SV will conduct periodic spot checks of targeting decisions and intelligence disseminations to ensure compliance with established procedures and conduct periodic spot checks of que ries in data repositories I Review targeting support l or the bulk of items requested by DOJ ODNI f or the 60day review I I support is insufficient v wnltouow up wnn tne adJUOicator eting analyst l or additional support or corrective action i ncluding possible detasking __ b 3 P L 8636 0 1 b 3 P L 86 3 b 3 50 usc 3 24 i I It ∙Spo t check serialized reports based on FAA §702 information rellQr S containing USP identifiers and evaluat ed minimized tralli C I ng oo discrepancies Provide record of all FAA §702 derived dissemination lor review by DOJ ODNI and follow up on any issues identified in their review SV 's soot check of serialized disseminations does not include procedures verfficat1on or an lys t s · compliance vntn the mtntmiZalion procedures' documentation requirements for dissemination derived from MCTs see Recommendation 4 ∙ b 3 P L 8636 Oversight of Queries All queries are reviewed daily by auditors in the SID production centers SV has not conduct ed reviews of auditor performance consistently see Recommendati on 6 12 UJtF61 1ei DOJ and ODNI will condu ct oversight of NSA's exercise of FAA §702 authority which will Include periodic reviews by DOJ and OONI personnel to evaluate the implementation of the procedures Such reviews will occur at least once every 60 days U Exhibit A SV coordinates bimonthly reviews by DOJ ODNI of targeting and dissemination including responding to questions raised and providing feedback sessions to adjudicators on the overseers' findings U Fet ej DOJ performs reviews every 60 days covering all tasking and dissemination for a twomonth period Every 15 days SV sends a document to DOJ lor each certnication one each lor DNI and ONR listing all the k y fields lor the review II It ∙∙∙∙_ _ _ _ o1tne selectors cnosen tor reVIew material l or each selector TtJ'P EC ftt 'f 'fi lt NfJ B-9 v ∙DOJ sends NSA a spreadsheet must gather all supporting F tJ R N ∙∙∙ b 3 P L 86 DOCID 4273133 ST1 10009 Assessment Control Object i ve• 13 U NSA will report to OOJ and OONI incidents of noncompliance with these procedures by NSA personnel that resun in the intentional targeting of a person reasonably believed to be located in the United States the intentional targeting of a USP or the intentional acquis i o n of communication in which the sender and all intended recipi ents are known at the time of acquisition to be located within the United Stat es Control Descr ipti on Source U Exhibit A Good Ad equate U Incident Research Reporting U SV and the targeting team research POtential incidents jointly SV maintains records of the incldents 'r ' I lin a SharePolnt aataoase v manages the loi Owup process to produce the required notice to OOJ OONI w ithin 5 business days of confirmation of an incident • ∙∙ b 3 P L 86 U NSA will provide such reports wit hin 5 business days of learning of the incident I 1 b 1 L1 OGC reviews the incident and uHimately determines w he t her meets the c r eria for reporting to DOJ ODNL For incidents of non compliance m h procedures e g failure to appropriately de task a selector over ollection NSA must explain why it happened and what steps were taken to remediate the ma«er e g purge data provide addhional training DOJ detennines whether the ma«er must be reported to the FISC in accordance with Rule 13 b of the FISC Rules of Procedure UHFe le7 The Target of Primary Interest TOP I provides SV w h the parameters lor necessary purge o o ll ct o n sy enters his jn he incident record in Share Point s2 r l ses this inlonnation to i n i a I purge process venfymg th at jthe i5tramet ers include all affect ed collection m hout ouraino inform ation eliaible for retention I e e II Information acquired by intentionally targeting a USP or a person not reasonably believed to be outside the u n ned States at the time of such targeting will be purged from NSA databases U Needs Impro vement I I I' ne purge process eri p 'ro 'c ' ea es a 'e 'a n sKo l incomplete or untimely L r ' 'oe s ' ' ∙ on ' 'm a n 'u 'ar r 'ou 'r ' tra cr e ' ' purge executi on see Recommendation 8 · b 3 P L 8636 B1 0 b 3 P L 8 36 b 3 50 US 3024 i DOCID 4273133 T f' SECR£T 'fj' $'1 F fflRl¥ Assessment Control Obj ecti ve• 14 15 NSA will report to OOJ and ODNI incidents of non∙ compliance including over ollection by any electronic communication service provider to whom the Attorney General and Di rector of National Intelligen ce Issued a directive under §702 Such report will be made within 5 business days after determining that the provider has not complied or does not intend to comply with a directive I n the event that NSA concludes that a person is reasonably believed to be located outside the United States and after targeting learns that the person is inside the United States or if NSA concludes that a person who at the time of targeting was believed to be a non∙ USP was in fact a USP it will take the following steps 1 Terminate the acquisition without delay If NSA inadvertently acquires a communication sent to or from the target while the target was locat ed inside the United States including communication in IM ich the sender and all Intended recipients are reasonably believed to be located inside the United States at the time of acquisition such communication will be treated in accordance with the minim i z tio n proced ures 2 Report the incident to OOJ and OD NI within 5 business days Cont rol Oesc r i ption Sou rce U Exhibit A U Exhibit A T n 31ii14r Per OGC the same incident reportinQ process is used for matters involving providersQin cident reports as a resutt of prb der error have been filed with the Fl c _ _ Need s Impro vement Adequate Good _ _ - ti I 9fi61J 'UF It is the analyst's responsibility to follow up onl information from review of traffic and detask all related selectors promptly if the target is in the United States or identified as a USP the primarv user is not the target An incident is initiated ntihcatio' of roainino or a rev1ew of collection The target1ng team works with SV to document the incident lnformatii n captured in the Incident Report database includes the detasking date whether other sel ectors associated with the target were detaske d and parameters for purge of communications collected that are ineligible for retention SV follows up with PL personnel to ensure that the incident record is complete including entry of∙ purge criteria 1 c ent o ehic i or management ensures thatl haridled t imely_ _ re Qardless of ana absence I p respons1o1e tor time y ouowup l t I turnover o r Note lmplement lt ion oil lwill add controls over the process including a requirement for PL management to document their review that the incident record is complete b 3 P L 86 r U See Row 13 Incident Reporting T9P 8ECR£r 5'SM '' f1Pf1Rl'l' B11 I ∙ J b 1 b 3 P L 8636 i b 3 5 usc 3024 r f I I I I ti ∙∙∙ b 1 b 3 P L e 36 DOCID 4273133 TOP SECRETA' SIAS lf -F fJRAr ST-11-0009 Ass essm ent Con tro l Objecti ve• 16 V U DEPARTURE FROM PROCEDURES Control Desc ript ion Sou rce U Exhibit A I f to protect against an immediate threat to national security NSA determines that must take action temporarily in apparent departure from these procedures and is not feasible to obtain a timely modification of these procedures from the Attorney General and Director of National Intelligence NSA may take such action and will report that actMty promptly to DOJ Under such circumstances NSA will continue to adhere to all or the statutory limitations set forth In the Act Good Adequate According to OGC such actions would be coordinated by that department and involve personnel at the highest levels of the Agency DOJ OONI would be notified No specific procedures or controls have been developed Needs Improvement U 1 U MINIMIZATION PROCEDURES 1 Ill U Acquis ion and Processing Gene ral a Sii Sin i4F Acquis ion or information by targeting nonUSPs reasonably believed to be located outside the United States pursuant to FAA §702 will be ellected in accordance with an authorization made by the Attorney General and Director of National Intelligence and will be conducted in a manner designed to the greatest extent possible to minimize the acq u is i on or Information not relevant to the auth orized purpose or the acqu i s i on U Exhibit B Section 3 targeting and adjudication processes foreignness criteria TAR etc rows 1 through 6 of Targeting Procedures See 1 II b 1 UI manaaes overcollection events II FAA or §75 they may stop collection I ' ' b 3 P L 86 6 query procedures define specific requirements lor use In query selection terms D aily a u d s or queries broad queri es excessive targe 1ngj B12 I identffy overly b 3 P L e 36 b 3 50 us c 302 DOCID 4273133 Tf ' E SCRE T VSMS' fJfYJRN Assessment Con t rol Obj e ct i ve• 2 b U Monrtoring Recording and Processing U Exhibit B Section 3 1 SHel iiJF Personnel will exercise reasonable judgment in determining whether information acquired must be minimized and will destroy inadvertently acquired communications of or concerning a USP at t he ea iest practicable point in the processing cycle at which such communication can be iden tHied either as clearly not relevant to t he authorized purpose of the acquisition e g the communication does not contain forei gn intelligence information or as not containing evidence of a crime that may be disseminated under these procedures b 3 P L 8 Adequa te Need s Impro vemen t U Fe 16' The FAA §702 t raining course OVSC1203 specifies the steps analysts are to take to analyze communications for eligibility for retention II proVIaes a reclton tor retention destruction on the basis me arget was outside the Un rted States at the time of co lection and whether the communication is foreign or domestic 1 - ft nemer f6HNF7 Unless an incident is reported from improper acquisition As a communication is reviewed analysts will determine whether ft is a domestic or foreign communication to from or about a target and is reason ably believed to contain foreign of such communications there is no review process to ensure that analysts iden t y and destr oy them as r equired The cost of such control would be prohibrtive The requ irement is that all identified issues of improper collection be reported to SV and an Incident lnrtiated Performance standards and analysis of actu al versus expect ed performance could improve accountabilrty f or compliance see Recommendations 14 intelligence information or eviden ce of a crime Only such communications may be processed All other communications may be retained or djssemjnat ed only in accgrdance w jtb wocedures II II b b P L 863E b 50 usc 3 24 i U Examination of retention controls was not included in this review U Exhibit B Section 3 4 I Good l'S 'ISI HIIF Except for Internet transaction from upstream collection such inadvertently acquired communications of or concerning a USP may be retained no longer than 5 years from the expi ration date of the certification authorizing t he collection 3 Con t rol Oesc r i pt ion Sou rce I provides direction for retention destruct ion on the basis or whether the target was outsi de the Unrted States at the time of collection and whether the communication is foreign or domestic This is covered in detail in OVSC1203 the required FAA §7021raining U See also Obligation to Review row 7 of Targeting Procedures I U IFel let Parameters for purge or collection associated wit h an incident are provided to SV by the TOP I and recorded in the incident record In SharePoint 52 Purge and Pretasking Compliance uses this to initiate the purge process verffying that all affected collecti nn i identified Without ouroina inrnrmotinn elioible l or retention r 1 v penorms IOIIOW∙UP that Purge and Pretasking Compliance h as updated the incident record with the status of purge completion The purge process relies on manual procedu res that create a risk of incomplete or untimely pur ge execution see Recommendation 8 p 3 P L 863 plo ver y SV works wi th TOP Is to prepare destruction waivers for objects that meet purge crrteria and contain significant foreign intelligence value or evidence or a crime or threat of harm The Destruction Waiver must be approved by DIRNSA T9P SECR£r i'f N 5 1'f1F RN B13 iii DOCID 4273133 ST-11-0009 Assess m ent So u rce Con tro l Objecti ve• 4 Ill b S TGVGI ' ti F Processing of Internet Transactions Acquired through NSA Upstream Collection Techniqu es a TG GI f tlf NSA will take reasonable steps after acquisnion to identi fy and segregate through technical means lnlernet transactions that cannot be reasonably identnied as containing single discrete communications in which the active us er of the transaction i e the selector used to send or receive the Internet transaction to or from a service provider is r easonab l believed to be located In the Unned States U Exhibit B Section 3 Ill b S b T6 ' 611 t lF NSA analysts seeking to use a discrete communication wnhin an Internet transaction that contains multiple discrete communications II assess whether the discrete communication 1 is a communication in which the sender and all intended recipients are l ocated in the Unned States and 2 is to from or about a tasked selector or o t he se contai ns foreign Intelligence information Ill lb ll5l b 3 Good Ad eq uate Needs Improv ement 'f3i il l i ti4F The Technology Directorate developed procedures to analyze upstr eam col lection Data permitted f or use by analysts must have the active user sender or r ec i p i e the target or be outside the United States currently approximately of upstream collection Data is sequestered when ihe active user is reasonablv believed to be in the unned States l I There is no training on use of MCTs at this ti me see Recommendation 11 ∙ ∙∙∙∙ b 1 I b 3 P L 8636 b 3 50 usc 3024 i I a 1 ffG ' 61 t lfi Such segregated communications v l be retained in an access controlled repository accessible only to NSA analysts trained to review such transactions f or the purpose of identifying those that contain discrete communications in which the sender and all intended recipients are reasonably bel ieved to be located in the United States 5 Control Desc r iption ti Efforts are ongoing to develop procedures for removing data from sequestration and special training for analysts who I process this data no recommendation in process U U Exhibit B Section 3 Prt'V' tl are tit o m nt tl for use of uostream collection ti rra1n1ng on application or tnese_proceaures nas not oeen aeveropea see Recommendation 11 b 1 b 3 P L 86 36 lbl l3l50 usc 3024 il 1'8 8ECR£TiVf 'MUfJF RN B-14 DOCID 4273133 Tf P RECR£TA'SI AS lf F@RN Assessment Contro l Ob ject i ve• 6 Ill b 6 'f 3l 1 S i ii14 Magnetic tapes or other storage media containing FAA §702der ived communications may be queried to ide nt y and select communications for analysis Query terms used will be limited to selection terms reasonably likely to return foreign intelligence information Identifiers of an identifiable USP may not be used as terms to identffy and select for analysis any Internet communication acquired through NSA's upstream collection techniques S Sii 14F Any use of USP ide nmiers as terms to Identify and sel ect communications must first be approved in accordance with NSA procedures NSA will maintain records of all USP identifiers approved for use as selection terms 7 Il l c U Destruction of Raw Data acquired under FAA §702 authoriti es other than through upstream collection that do not meet the retention s tandards set forth in these procedures and that are kn own to contain communications of or concerning USPs will be destroyed upon recognition and may be retained no longer than 5 years from the expirat ion date of the certification authorizing the collection · Commun i ca t ions Con trol Oesc r i ption Source U Exhibit B Section 3 Good Adequate Needs Improvement on queries of FAA Databases states that NSA may not use USP names or i dent i ers as selection terms When reviewing collected FAA §702 data Guidance U If6l le1 Queries are subject to review by auditors in the 52 production centers to verify th at the query has a foreign intelligence purpose within mission scope and reasonably excludes protected data U Reviews or the audits performed by PL personnel have not been regularly executed by SV to ensure quality of the audit process see Recommendation 6 b 1 b 3 P L 8636 b 3 50 sc 3024 i U ExhiM B Section 3 a b 3 P L 86 36 I 1 provides direction for retention destruction on the basis II of whether the target was outside the United States at the time of collection and whether the communication is foreign or domestic This is also covered in detail in OVSC1203 the required FAA §702 training U See also Obligation to Review row 7 of Targeting Procedures A matrix of scenarios reasons purge action is required is documented for authorities including FAA §702 Purges are identified as part of the incident investigation process SV and the TOPI capture the purge parameters in the incident record on the SV SharePoint site The purge adjudication team P lrforms research to ver v completeness of items identified for ourae JPurge II aaJUotca oon ana execu ton ts manua ana suo eCI o error a ec tng completeness and timeliness see Recommendation 8 are responsible for detettng records from their system on the basis of a Purge Execute Order to prevent improper use of purge records to support reporting I f91 SI 114Fl l b 1 b 3 P L 8636 b 3 50 usc 3024 tU Retention outside scope TQP J'BCRE 'FMi M 'I'fJ PB Uf B15 ∙∙∙ 3 P L 86 I U Fetlet Purae Process I a 6 DOCID 4273133 ST-1 1-0009 Assessment Control Object i ve• 8 · · Internet transactions that are acquired through NSA's upstream collection and do not contain information that meets the retention standards set forth in these procedures and that are known to contain communication of or concerning USPs will be destroyed upon recognttion All upstream collection may be retained no longer than 2 years from the expi ration date or the certification authorizing the collection The Internet transactions that may be retained include those that were acquired because of limitations on NSA's abiltty to filter communications U Exhibit B Section 3 lll d U Change in Target's Location or Status U Exhiott B Section 3 · Control Descr ipti on Source b 3 P L 863E Good Needs Impro vement Ad eq uate U See also Obligation to Review row 7 of Targeting Procedures I provides directi on for retentoonidestruct1on on the basis of whether the target was outside the Untted States at the time of collection and whether the communication is foreign or domestic This is also covered in detail in OVSC1203 the required FAA §702 training U if6t l67 The need to purge communications is identified as part of the incident investigation process SV and the TOPt capture the pur ge parameters in the Incident record on the SV SharePolnt stte The purge adjudication team performs research to verily completeness or ttems identified for purge Purge adjudication and execution is manual and subject to err or affecting compl eteness and timeliness see Recommendation 8 li b 1 b 3 P L 8636 b 3 S usc 3024 i U Retention outside scope 9 In the event that NSA determines that a person reasonably believed to be located outside the Untted States and aft er targeting the person learns that the person is inside the United States or if NSA concludes that a person who at the ti me of targeting was believed to be a no USP is in fact a USP the acquisition from that person wilt be termtnateCI WithOut Cletay 3i l3tni4Fj Communicati ons acquired through the targeting of a person who at the time of targeting was reasonably believed to be located outsi de the United States but was in fact located insi de the United States at the time such communications were acquired and any communications acquired by targeting a person who at the time of targeting was believed to be a nonUSP but was in fact a USP will be treated as domestic communications U See also Obligat ion to Review row 7 of Targeting Procedures Detasking guidance states that analysts are responsible lor detasking a selector upon review of content indicating that the sel ector is used by a USP confirmation that the selector is beim used bY an individual in the United States U See row 7 for purge procedures rtJtJ J ' ECft£'fi ' M'f'l B16 ' ereR I' 1 b 3 P L 863 b 3 50 USC 3 24 i It DOCID 4273133 TtJf' SEeR£TtS'5 bSS'lfJF9RA' Assessment Contro l O bj ective• 10 IV 071'1f't Acquisition and Processing Attorney Client Communications Source U Exhibit B Section 4 As soon as it becomes apparent that a 1 ' communication is between a person whO is known to be under criminal indictment in the United States and an attorney who represents that individual in the matter monitoring of that communication will cease and the communication will be identified as an attorneyclient communication in a log maintained for that purpose The relevant portion of the communication containing that conversation will be segregated and the National Security Division of DOJ will be not ifled In add ition all proposed disseminations of information constituting USP attorneyclient privileged communications must be reviewed by OGC before dissemination 11 V U Domestic Communications fFBHBih'UF A communication identified as a domestic communication will be promptly destroyed upon recognition unless DIRNSA or Acting DIRNSA specifically determines in 1vriting that it meets certain criteria e g contains significant foreign intelligence evidence of a crime Con trol Oesc r i ption OGC reports that no instances of such collection have been 1 identified to date by NSA analysts and therefore no log h as been initiated Such instances would be rare e g it would occur only if a person reasonably believed to be outside the United States targeted by NSA Is known to be under Indictment In the United States and NSA intercepts a communication between the target and an attorney representing that foreign person in the U S legal proceeding U Exhibit B Section 5 Communication that is determined to be domestic does not have at least one communicant outside the United States will be promptly destroyed upon recognition unless DIRNSA specifically determines in writing that the communication may be retained SV works with TOPis to prepare destruction waivers This process is monitored as part of the followup on Incidents and purges U Exhibft B Section 6 T aSIHI4F Communication resulting from the targeting of a person who was reasonably believed at the time of targeting to be a nonUSP located overseas but is later determined to be a USP or a person in the United States will be promptly destroyed upon recognition unless DIRNSA specifically determines in writing that the communication may be retained SV works with TO Pis to prepare destruction waivers This process is monitored as part of the followup on incidents and purges Good Adequate N A li 8HSI FtiF If a domestic communication indicates that a target has entered the United States NSA may advise the FBI of that fact 12 VI U Foreign Communications of or Concerning USPs a U Retention Foreign communications of or concerning USPs may be retained only if necessary for the maintenance of technical databases if dissemination of such communications wit h reference to such USPs would be permitted under subsection b or if the information is evidence of a crime and is provided to appropriate federal law enforcement authorities Tel' 8ECR£'F S'6'J VA 'fJH JifN B17 li Needs Improvement DOCID 4273133 ST-11-0009 Assess m ent Con tro l Objecti ve• 13 VI b U Dissemination A report based on communications of or So u rce U Exhibn B Section 6 concerning a USP may be dissem inated in accordance with Section VII or VIII if the identity or the USP is masked OtheiVtise dissemination of intelligence reports based on communications or or concerning a USP may be made only to a recipient requiring the identity of such person lor the perfonnance of official duties th at meet certain criteria 14 VI c Provision of Unminimized Communications to CIA and FBI Control Desc r iption Good U II'OI tej This restriction on dissemination is not unique to FAA §702 and is consistent with procedu res required by Executive Order E O 12333 U Exhibn B Section 6 NSA may provide to the CIA and F BI unminimized communications derived from FAA §702 collection VII U Other Foreign Communications U Foreign communications of or concerning a nonUSP m ay be retained used and disseminat ed in any form in accordance with other applicable law regulation and policy It b 1 bH3iP L 8636 ' ' ' ' 1 I 15 Ad eq uate i sc uss i on of FAA §702 collection wnh CIA FBI If IC analys ts l It have their own copy of the data provided through CIA nomin ation or FBI dual route NSA analysts may discuss the information with them They may not provide copi es of the information to IC personnel This is addressed in required NSAICSS Policy 111 Information Sharing U ExhiM B Section 7 U Fel let Dissemlnation Is handled In accordance wnh the Foreign Intelligence Surveillance Act Amendments Act of 2008 the Minimization Procedures Used by the National Securny Agency in Connection vtnh Acquisitions of Foreign Intelligence Information Pursuant to Section 702 of the Foreign Intelligence Surveillance Act of 1978 as Amended DoD Regulation 5240 1∙ R Procedures Governing the Activities of DOD Intelligence Components That Affect United States Persons and the Classified Annex to Department of Defense Procedures Under Executive Order 12333 'f'B SECR£T i'f NMW1P€JRN B18 It Needs Improv ement DOCID 4273133 Assessment Control Objective• 16 Collaboration with Foreign Governments a Procedures lor the dissemination of evaluated and minimized information Information acquired under FAA §702 may be disseminated to a foreign government Other than in cases lor linguistic assistance by a foreign government Section VIII b dissemination to a foreign government of informati on of or concerning a USP may be done only in a manner consistent with subsections VI b and VII rows 13and 15 VIII Control Oesc ri ption Source U Exhibit B Section 8 _ Sharina Evaluated and Minimized Good Adequate Needs Improvement b 3 P L l Fv• h t O and minimi7er1 1 1 1 I Procedures lor technical or linguistic assistance Communications that because of their technical or linguistic content may require further analysis by foreign governments to assist NSA in determining their meaning or signfficance NSA may disseminate items containing unminimized FAA §702 information to foreign governments lor analysis under certain restrictions « b b 1 b 3 P L 8636 b J 50 JSC 3024 i The_provision lortechn icalllinlluistic assistance Documentation is developed case by case Consideration snoUia oe given to documentation of this process U MANAGEMENT CONTROLS B19 DOCID 4273133 ST-11-0009 Assess m ent Con tro l Objecti ve• So u rce Control Desc r iption 1 U Activities must be established to monitor performance measures and indicators Controls should be aimed at vali dating the proprtety and integrijy of organizational and individual performance measures and indicators U Standards lor Internal Control in the Federal Government U Annual performance objectives l or compliance vMh FAA §702 requirements associated policy and SOPs have not been established see Recommendation 1 2 U Information should be recorded and communicated to management and others within the entity who need ft and in a form and within a time frame that enables them to carry out their internal control and other responsibilities U Standards lor Internal Control in the Federal Government U Comparison of actual performance to established standards lor compliance activities associated wi th FAA §702 are incomplete see Recommendations 2 4 5 and 6 3 U Internal control monitoring should assess the quality of performance over time and ensure thai findings are resolved It includes regular management and supervisory activities such as ongoing comparisons and reconciliations to ensure that controls are functioning properly U Standards lor Internal Control in the Federal Government 4 U Access to resources and records should be limited to authorized Individuals U Standards lor Internal Control in the Federal Government Good Ad eq uate Needs Improv ement ti ti b 1 b»3 P L 8636 b 3 50 l sc 3 share FAA §702 information with other NSA analysts steps must be taken to ensure that the individual h as the proper clearance This information is not addressed in the required FAA §702 training and guidance is not included on the FAA web page see Recommendation 11 U To TrJ M CttEf M YNtJFfJ RN B20 ti DOCID 4273133 ' f P E C ttE T11Sl i7v F RJV U APPENDIX C U Full Text of Management Response TOP 8ECR ETHSV HOf OKJq DOCID 4273133 TOP tiECR E Tt7Sh51 0 FORl ST-11-0009 U This page inten tionall y left blank TOP SECR TNSV fOf OR ti DOCID 4273133 SIGNALS INTELLIGENCE DIRECTORATE memorandum 22 February 2013 FROM Signals lntelllgence Directorate SID TO Office of the Inspector General OIG ATTN L------ ·· ∙∙∙ _ b 3 P ∙ L ∙ 8636 SUBJ U ffltffltSI D Response to the Revised Report on the OIG Assessment of Management Controls Over FAA 702 ST ∙11∙0009 U The purpose of this memorandum is to provide SID's revised response to the subject report which includes updates to corrective action plans content adjustments and technical miJmtiae to ensure accuracy U IfFOOet Sl Dr eviewed the revised report in its entirety The attached response acknowledges SID's agreement with eleven recommendations and provides revised corrective action plans points of contac and target completion dates as rteeded M 11loM The SID consolidated response is attached to this memorandum Please L' S022r966 5621 s i ymdmv ' a ny_qu _e _gions _ Deputy Chief of Staff for · · · -·· SIGINT Polley and Corporate Issues S02 Encl a s TOP 8ECR£T SSfJVHOFORll b 3 P L 8636 DOCID 4273133 T P SECR E 1W5'1 Wi0FOR N ST1 10009 'FOP S£€Rffi'i SI fNOf OI eN NSA CSS OFFICE OF lNSPECT'OR GENERAL U OFFICE OF INSPECTOR GENERAL OIG DRAFT REPORT Assess ment of Management Controls Over FAA §702 Management Response to Draft Report Office of Inspector General Reports the U In accordance with IG11357 12 Coordinating purpose of the draft coordination phase is to gain management's agreement or disagreement with report findings and recommendations The SIGINT Directorate SID has been extended an opportunity to review and comment on the revised report to ensure contextual accuracy U The following matrix includes SID's consolidated revisions to management's action plans where applicable Rec No Agree or Disagree Act i on Completion date Management Response U the recommendation Th and c Ja re currently prepanng an ELM plan for Target Analysts and Adjudicators Thls plan Will Include FAA 702specific training f U POC U 1∙∙∙ k 9630561 Revised Man tSHNFt SID 1 I with SV ∙analysts and adjudicators The ELM ∙∙∙∙∙∙∙ Agree∙∙∙ I∙ Re DOnse are ' U 1 prep r i ng an ELM plan for target plan will be broken down into proficiency levels thus allowing the analysts to register for the correct training based on proficiency level as stated in the ACE objective The ELM plan for the Targeting wor1 force readiness standard for FAA 702 w111 be completely for all NCS courses Enforced reg1stration in the ELM program andtargeting proficiency statistics to the individual level as well as completion rate of any r equ r ed FAA §702 trauj g INCS coyrsey w 111 be complete Structured OJT trainmg Will be phased in '∙ ∙ ∙ 1 3 P L 8636 I I I Derived From NSA CSSM 152 Dated 20070 108 Declassjfy On %8376661 TOP 8 SGR£Tf Sll iOFORPl DOCI D 4273133 'FQP BECRBT 8 ' iVOf'OR ii ST-11-0009 Re VIi d Ta yrcompletlon I Date Revised POC 2 v tb t 9696728 wiUt lwill work las part of the SID Lean Six assess Te am Participants will ∙ ∙ Sigma the feasibility of developing metrics to u ate detargeting trends and p ess deficiencies Final ∙ impleli'lentation will be dependent on ∙∙ technical capabilities and deployment ∙ I U F9t l9 1 ∙ 3 ·P L _chedules Agree ∙ ' U POC I I I U 963 0561 Revised POC u l 1969 6729 I Oversklht Compli ance SVI I I 3 Ut J U 3kP L _6'• ∙ - - - ' · I I I I 769 tt Tnn t Comoi trOii Date ∙∙ r _ l l I ' • U SV with OGC J449 ∙ ∙∙ ∙ ∙∙∙ ∙∙ ∙ ∙∙∙ • · ' 4 IWill convene to establtsh tech meal procedures to implement a reconciliation process Agree ' ' kto I I SID SV will collaborate withL land OGC to establish a methodology and process for spot checking disseminations of FAA 702∙ sourced material dependent on the volume of dissemination II Agree U U 2479 TOP C I T Slf NOrORIQ 966 ∙∙ i5l 1 b 3 P L 8636 b 3 SO USC 302 DOCID 4273133 TOP 8£CR£ 1W8illhY JFttltltf ST110009 ST-11-0009 BeVJ il l ll4iDIII IIIliiD Ra•a n II SIO SVw il r OGC to modify the odology and process for spot checking dissemination of FAA §702 sourced material and RAvi u d Tartu t Como lotion I I ' Date U Per the requirements of 5 Agree U SV U 2479 6 Agree U SV ∙ Recommendation 2 SID SV will incorporate metrics for management's assessment U POC SV 966 U 2479 I ∙ b 3 P L 8636 I - U Jf et1eTSID SV has fully implemented the super audit process for FAA 702 SID requests closu re of the subject recommendat ion U POC Request Closure V 966- ∙ The followmg activities are currently in progress _ ∙∙∙ ∙∙∙∙ M E 7 p sv ' ith ODOC • 6 36 SID SVJ la re developmg and updating a single SOP for oversight adjudication and targetmg FAA 702 functions nd tral o I curren ly popu a lng l is · oir n ∙ ∙ I Agree∙_ ne Jo I ∙ I 01scuss tne process a no progress • SV will collaborate wi th 52 and rJ to organize the go FAA andl J AA web pages U U 5597 66 Revi§ ls Mi ni SJ IIl l Rg QQnsg U Add bu llet #4 Guidance changes that require updat es to NCS courses w1th1n the CRSK senes will be 'fOP 9BORB'P ' Si 'llOFORfl I DOCID 4 273133 TOP S£CR£fP ' ' ' 'l''€liOORll t ∙ _ ∙∙∙ 'b 3 P L 8636 • ST-11-0009 requested v i a New eammg Solution In such case ill be the onginato upon j ordlnatron with SV In addition see recommendation 1 will manage changes to Targeting Workforce Readiness Standard and ELM training pl an ∙∙ 11 T _ Comolet TOn Date ∙∙∙∙∙ ∙∙ I ∙∙ ∙ Revised POC ∙∙ Il l I 9631109 U Phase 1 Req uirem ents Gatheri ng • Con uct te h r jcal exchanre sess1ons wrth developers • 1 ∙ • r ∙∙∙∙∙∙∙∙ ∙ ∙∙'∙∙ ∙∙ b 3 L 86 36 ∙∙∙∙∙∙ ∙ ∙ 8 U S S J Agree ∙ _ ∙ ∙ • ∙ • ∙ ∙• • ∙ 1 ic o e rnge g rnc bnerngs of the purge process and requirements Document recommendatrons for spec1fic areas where automation will improve process efficiency Update the compliance steering group on automation requirements and existing gaps Utiietfet Phase 1 Deliverable Report documenting reviews and technical exchanges with c J This will Include an implementation plan lUI Targ et Com eletlon I I U IF6t16 1 Phase 2 Plann ing Phase Per the development and implementation plan create a schedule of work required to Increase automation of the purge adjudication and execution processes U Phahfellverab le Coordinate with o document a schedule llme lrne w1 h specrfic completion tasks requ1red to enhance this capability per the Implementation plan 7'0f SDORE'f'i Sif N'OPORfl TOP SECR£1W8b$'H8FORN I DOCID 4273133 ST110009 ' 'Sb' lf0t'8R JY lOP 3ECR -ET ST-11-0009 IU tt et tel Phase 3 Development Implementat ion _ Vorl wittC to develop the new ∙∙ capability per Phase 1 and 2 Phase 3 Deliverable U Complete the development and provide a final report to OIG defining results ∙∙ ∙∙∙ U POC U 963 561 _ ______ ___ b 3 P L l U POC U _ ______ ___ 963 561 9 U S S J Agree · Revised Man£r ment p esoonael manages the U Sl mapping of access controls through Jo repositories I ∙∙∙ ∙ Eligibility to access FAA §702 data Is U SID requests closure or the recommendations Deliverable Update The SID Data Manager can provide documentat io n to enable clos ure of this recommendation TOP SEORDf' 81 PCOFORPi 'fOP YECR£ 'fl78ri7'NOFO'RN Request Closure DOCID 4273133 ST-11-0009 RevJud POC ' ∙ 19633004 i ' l' _ · · · ∙∙ ∙∙∙∙∙ I Ul Subbullet #1 er ONI OTR guidelines the requirements of subbullet #1 are comoleted l I U I 969 729 1 ∙∙∙∙''jl' ' b 3 P L 6-36 _ ∙∙∙∙∙ ∙∙∙∙∙∙ ∙∙∙∙∙∙ ·- ··· ∙∙∙∙∙ •' 10 I I fUlSID I 'I Agree lUI Subb ullet #2 Thtj I oroaniz 3tions∙are currenuv aeveloping • U POC ∙∙∙ b 3 P 8_ - 36 UJH etfetl 9630561 Bevi S ·· - eocl U 6729 • ∙ 11 L i _ ADET ∙ ∙∙ b 3 P L 8 I I --- I I I 1969 1 2 U Sub - bullet Sl eferred to SV SV will work with ADET to update the following ∙course FISA Amendment Act FAA Section 702 OVSC1203 to reflect modified Targeting and Minimization Procedures that are currently pending the Foreign Intelligence Surveillance Court ruling l J Sub-bullet 3 Slgw ill pa6Jish training slides onto the AA 702 Targeting Review Guidance webpage and will work w 1th ADET to develop a course to replace bnehngs and informal training sess1ons U POC U 'FOP BEC lfi ii NOf OKf I I ∙ b l1 b 3 P L 8636 ∙ b 3 50 usc 302 •' I The analyst must assess traffic ana respond to three supporting questions I I I DOCID 4273133 'f P 8ECJtE 1WSi J'N ORH ST- 11-0009 ST-11-0009 19631109 3 1d SV 9662479 ∙ I ∙ ∙ Bevised Management Re§gonse U If'Ot tO OVSC 1203 SV will work with ADET to update the F AA §702 OVSC1203 course to reflect the amended Targeting and Minimization ∙∙ ∙' Procedures that the Foreign Intelligence Surveillance Court a in ∙∙ September 201 SI ∙ will publish ∙ ∙∙ tr i Ding sHdes onto the S2 FAA §702 ∙∙ ∙∙ ∙ ∙∙∙∙∙∙∙∙∙ Targeting Review Guidance webpage ∙ and work with ADET to update OVSC ∙∙∙ ∙∙∙∙∙ ∙∙∙∙' - · l n 3 - ∙ '∙ P L ∙∙ • ∙ ∙ '∙ I 86 36 U CRSK 1304 1305 Updates to FAA §702 Practical Applications CRSK 1304 and FAA §702 Targeting Adjudication CRSK 1305 were completed in December 2012 In addition enforced registration in the ELM program and targeting proficiency statistics to the individual 1evel as we ll as completion rate of any ∙∙ ∙••∙∙ ∙∙ ∙∙ ∙∙∙∙ ∙∙ ∙ ∙∙∙ • ∙∙∙∙ ' ∙ ∙ ∙ • • '∙ ∙ ∙ I req'u1refl88 § er lr u ctu re phased in ioi oa ' S trammg Wlf be '• Reyised Tarnet CoT pletion Date ∙I 'FOP 9DORB'f 9l UOPORN I DOCIID 4273133 U This pm intantmm lly left blamik 56633 4273113333 DOCID 4273474 NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE U FOUO Implementation of §215 of the USA PATRIOT Act and §702 of the FISA Amendments Act of 2008 ST140002 20 February 2015 U This report might not be releasable under the Freedom of Information Act or other statutes and regulations Consult the NSA CSS Inst ector General Chief of Staff before releasing or posting a ll or part of this repor1 b 3y ∙P L ∙ 86 36 ∙ ∙· cliissifiea· By - __ _ Derived From NSAICSS Manuall 52 Dated 30 September 2013 Declassify On 2fJ 4f fJ22fJ T9P S£CR£1 S'Sf lNfJF9RN pp rov ed for Release by NSA on 021 12016 FOIA Case # 80120 litigation 1 DOCID 4273474 1UP SECRE11 SV lvOfURN U OFFICE OF THE INSPECTOR GENERAL U Chartered by the NSA Director and by statute the Office ofthe Inspector General conducts audits investigations inspections and special studies Its mission is to ensure the integrity efficiency and effectiveness ofNSA operations provide intelligence oversight protect against fraud waste and mismanagement of resources by the Agency and its affiliates and ensure that NSA activities comply with the law The OIG also serves as an ombudsman assisting NSA CSS employees civilian and military U AUDITS U The audit function provides independent assessments ofprograms and organizations Performance audits evaluate the effectiveness and efficiency of entities and programs and their internal controls Financial audits determine the accuracy of the Agency 's financial statements All audits are conducted in accordance with standards established by the Comptroller General ofthe United States U INVESTIGATIONS U The OIG administers a system for receiving complaints including anonymous tips about fi∙aud waste and mismanagement Investigations may be undertaken in response to those complaints at the request of management as the result of irregularities that surface during inspections and audits or at the initiative of the Inspector General U INTELLIGENCE OVERSIGHT U Intelligence oversight is designed to ensure that Agency intelligence functions comply with federal law executive orders and DoD and NSA policies The IO mission is grounded in Executive Order 12333 which establishes broad principles under which IC components must accomplish their missions U Fl ELD INSPECTIONS U Inspections are organizational reviews that assess the effectiveness and efficiency of Agency components The Field Inspections Division also partners with Inspectors General ofthe Service Cryptologic Elements and other IC entities to jointly inspect consolidated cryptologic facilities 'fOP8-ECREf J'Si lil fJFfJRltt DOCID 4273474 • ' ST140002 NATIONAL SECURI1Y AGENCY CENTRAL SECURITY SERVICE j 'fOr SECR E'f' 181 INOF'ORN OFFICE OF THE INSPECTOR GENERAL __ Jt ' •' x a ∙ ' ' 20 February 2015 IG1176315 ReIssued TO DISTRIBUTION SUBJECT U FOUO Report on the Implementation of §215 of the USA PATRIOT Act and §702 of the FISA Amendments Act of 2008 ST 140002 1 U FOUO Attached please find the report on Implementation of §215 ofthe USA PATRIOT Act and §702 of the FISA Amendments Act of2008 as requested by me mbers ofthe Senate Committee on the Judiciary 2 U In September 2013 ten members of the Senate Committee on the Judiciary requested a comprehensive independent review ofthe implementation of §215 of the USA Patriot Act and §702 of the Foreign Intelligence Surveillance Act FISA Amendments Act FAA of2008 FAA §702 for calendar years 2010 through 2013 In January 2014 NSA 's Office of the Inspector General OIG and staff members of the Senate Committee on the Judiciary agreed on the scope of a review the OIG would conduct on NSA's use of both authorities 3 U The following is the NSA OIG's report on both authorities which will be sent to the ten members of the Senate Committee of the Judiciary who requested the review the Chairman and Ranking Member of the House Committee on the Judiciary the Chairman and Vice Chairman of the Senate Select Committee on Intelligence and the Chairman and Ranking Member of the House Permanent Select Committee on Intelligence 4 U tf'OUO We appreciate the cooperation and courtesies extended to our personnel throughout the review I AR Inspector General U This report might not be releasable under the Freedom of Information Act or other statutes and regulation s Consult the NSA CSS Inspector General Chief of Staff before releasing or posting all or part of this report TOP 8ECRET SIHNOF'ORN DOCID 4273474 'i'Of SECltE'i' SI tNOFORN 7 T · ' OGC Raj De I ST140002 ' _ ----------- _j ∙∙ AIG 1 ∙ ∙ f t ∙n∙ •n CLPO Rebes ca Richards ' ∙∙ ODOC atherine AucelJa ∙∙ f t UUT f _ I n so s 1 4 ∙ Jiiilii ' ' I Bauma S02 frontoffice ALIAS ffllnf1 ∙ l• _ slr4r' _ 8 1 ∙ s 1s s2 ' ' s2 o3L r' S' s2b iL 0 •r - - · - ∙ r l 83 · • t J ' S5 ' S3l3 · ∙ ∙ ∙ ∙ S35409 ∙ $3 ∙ ∙ 5411 ∙fij -·· _ ____ ∙∙ V $ 3542 $3 543 · ---- ---- DL BMD_ Weekly ALIAS STCl DL SIDIGLIAISON DL TO REGISTRY DL TD_Strat_Ops_Grp DL D COMPLY TASKER DL d_gc_registry DL d lao tasker IG D Ir G _ ___ Dll I Dll D12 D13 D14 TOP SECRETH81HNOFOR l _ DOCID 4273474 TOP SEC RET SI INOFOR N ST 140002 U TABLE OF CONTENTS I U INTRODUCTION ii U REASON FOR R EVIEW ii U OBJECTIVES ii II U SECTION 215 OF THE USA PATRIOT ACT 1 U BACKGROUND 1 U METHODOLOGY AND SCOPE 2 U BR FI SA PROGRAM CONTROL FRAMEWORK 3 U BR FI SA PROGRAM INCIDENTS OF NONCOMPLIANCE 56 U NSA USE OF THE BR F ISA AUTHORITY 63 Ill U FAA §702 70 U BACKGROUND 70 U METHODOLOGY AND SCOPE 71 U FAA §702 PROGRAM CONTROL FRAMEWORK 72 U FAA §702 INCIDENTS OF NONCOMPLIANCE U NSA USE OF THE FAA §702 AUTHORITY 136 1 43 IV U ABBREVIATIONS AND ORGANIZATIONS 150 U APPENDIX A ABOUT THE §215 AND FAA §702 REVIEW 153 U APPENDIX B BR FISA PROGRAM CHANGES 20102012 157 U APPENDIX C BR FISA PROGRAM INCIDENTS OF NONCOMPLIANCE 2010 THROUGH 2012 159 U APPENDIX D FAA §702 PROGRAM CHANGES 160 'fOP 8ECRE'f h'Sif i'IOFOR t ' DOCID 4273474 TOP SECRET 81 NOFORN ST140002 I U INTRODUCTION U Reason for Review U In September 2013 ten members of the Senate Committee on the Judiciary requested a comprehensive independent review of the implementation of §2J 5 of the USA PATRIOT Act and §702 ofthe Foreign Intelligence Surveillance Act FISA Amendments Act FAA of2008 for calendar years 2010 through 2013 U Objectives U In January 2014 the National Security Agency Central Security Service's NSA Office of the Inspector General OIG and Committee staff agreed that the NSA OIG would review NSA's implementation ofboth authorities for calendar year 2013 The study has three objectives U Objective I • U Describe how data was collected stored analyzed disseminated and retained under the procedures for §215 and FAA §702 authorities in effect in 2013 and the steps taken to p rotect U S person information • U Desctibe the restrictions on using the data and bow the resttictions have been implemented including a description of the data repositories and the controls for accessing data • U Describe oversight and compliance activities performed by internal and external organjzations in support of §21 5 Foreign Intelligence Surveillance Court FISC Orders and FAA §702 minimization procedures U Objective II • U Describe incidents of non compliance with §215 FISC Orders and FAA §702 Certifications and what NSA has done to minimize recurrence U Objective III • U Describe bow analysts used the data to support their intelligence missions U ffOUO Our study ofNSA's implementation of §2J 5 and FAA §702 authorities was based largely on program stakeholder interviews and reviews of policies and procedures and other program documentation For this review the NSA OI G documented the controls implemented to address the requirements of each authority however we did not vetify through testing whether the controls were operating as described by program stakeholders TOP 8ECRET SI OFORN II DOCID 4273474 ST 140002 I OP S C R E T 1 N OfOft N II U SECTION 215 OF THE USA PATRIOT ACT U Background U Business Records Order gr · -- -· U Since May 2006 the Foreign Intelligence Surveillance Court FISC has authorized the National Security Agency Central Security Service's NSA bulk collection program under the business records provision of the Foreign Intelligence Surveillauce Act FISA 50 U S C §1861 as amended by §215 ofthe USA PATRIOT Act legislation enacted by the U S Congress and signed into law by the President From its first authorization in May 2006 through December 2014 the program has been approved 40 times under Business Records BR Orders issued by 18 FISC judges tb e ie - Orders issued by the FISC N A ·eceives ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙cTsN_Sif HF Pu_rsuant to certam call detail records or BR metadata ∙from Du s telecommurucat10n s b 3 50 usc 3024 i providers NSA refers to the series of BR Orders approved by the FISC as the BR Order and the control framework NSA bas implemented as the BR FISA program U The BR Order requires that providers produce to NSA certain information about telephone calls principally those made within the United States and between the United States aud foreign countries This information is limited to BR metadata which includes information conceming telephone numbers used to make and receive calls when the calls took place and how long the calls lasted but does not include information about the content of calls the names of the participants or cell site location information CSLI U The BR FISA program was developed to assist the U S government in detecting communications between known or suspected terrorists who are operating outside the United States and communicating with others inside the United States as well as communications between operatives within the United States The BR Order authorizes NSA analysts to query BR metadata only for identified counterterrorism purposes The BR FISA program includes oversight mechanjsms to maintain compliance with the BR Order and external reporting requirements to the FISC and Congress U BR renewal process U Approximately evety 90 days the Department of Justice DoJ on behalf of the Federal Bureau oflnvestigation FBI and NSA files an application with the FISC requesting that certain providers continue to provide calling records to NSA for another 90 days If the FISC approves the government's applications to renew the program the Court issues a primary order delineating the scope ofwhat the providers must furnish to NSA and the provisions for NSA's handling ofB R TOP SBCRBTHSI NOFORN 1 DOCID 4273474 TOP SECRETf Sf NOPORN ST140002 metadata The FISC issues secondary orders separately to each provider directing them to deliver an electronic copy of certain calling records to NSA daily until the expiration of the BR Order U Methodology and Scope U Our review ofthe BR FISA program control fi∙amework incidents of noncompliance and NSA's use ofthe authotity to support its countertenorism CT mission was based largely on BR program stakeholder interviews and reviews of policies and procedures and other program documentation For this review we did not verify through testing whether the controls were operating as described by BR program stakeholders However we tested controls oftbe BR program during previous NSA Office ofthe Inspector General OIG reviews see the Oversight section for a list of those reviews '6 3 P L · 86 - 36 ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙ U 'Our ∙study foc us 4 on tbe processes and controls m place m 2013 We used BR ∙∙ ∙∙∙ Order 13158 approved hy'tt1e FISel ∙ land compared the requirements listed in that Order with the processes and controls NSA used to maintain compliance with that Order In addition we documented the changes implemented in tbe BR FISA program following the President's directives in 2014 I U Presidential directives affecting queryi ng controls in 2014 U On 17 January and 27 March 2014 the President of the United States directed that NSA implement the following changes to the BR FISA program I U JfOUO Submit selection terms to the FISC for reasonable articulable suspicion RAS approval see Querying section for RAS discussion Before 17 January 2014 RAS selection terms were approved by the Chief or Deputy Chief ofNSA 's Homeland Security Analysis Center S214 or one of the twenty specially authorized Homeland Mission Coordinators HMCs as the BR Order required and NSA's Office of General Counsel OGC performed First Amendment reviews for selection terms associated with U S persons USPs 2 U KOUO Restrict contact chaining to two hops fi∙om seed selection terms see Querying section for contact chaining discussion Before 17 January 2014 tbe BR Order authorized appropriately trained and authorized NSA analysts to query to three bops however NSA guidance restricted those analysts to query BR FISA repositories two hops from seed selection terms and one additional bop three bops from seed selection terms with Analysis and Production S2 management approval 3 U Store BR metadata in provider controlled repositories and not in NSA repositoties Once implemented NSA will submit FISCapproved RAS selection terms to providers for them to query their repositories Providers will provide to NSA only the results ofthose queries TOP SECRET 81 NOFORN 2 DOCID 4273474 TOP SECimT Sf NOI OftN ST 140002 U FOUO NSA implemented the first two directives by February 2014 The third directive storing BR metadata in provider reposit01ies and obtaining only those query results from providers will require Congressional approval of a new statute for the production of business records which had not been implemented before this report was issued U IFOUO The following sections describe how the BR FISA program control framework complies with BR Order 13158 including the changes implemented following the President 's directives in 2014 the 2013 BR FISA program incidents noncompliance and NSA's use of the BR FISA authority of U BR FISA Program Control Framework U f'OUOJ The BR FISA program control framework describes how NSA collects samples stor es accesses queries disseminates and retains BR metadata and the oversight mechanisms to comply with the BR Order This section summari zes the provisions of the BR Order and the controls implemented for each phase of the BR FISA production cycle U Collection - - U Provisions of BR Order 131_S 8∙∙∙∙∙ ∙∙∙∙ T 'IEQ The IRGrde r ire c J u S · ∙∙∙∙∙∙∙∙∙∙∙ •∙∙ b 1 b 3 P L 8636 b 3 50 usc 3024 i ∙ ∙∙ ∙∙∙ telecommunication s providers to provide at1 electron ic copy of certain call detail records herein after referred to as BR metadata The BR Order defines BR metadata as comprehensive communications routing information including but not limited to session identifying information e g originating and terminating telephone number International Mobile Subscriber Identity IMSI number and International Mobile Station Equipment Identity IMEI number trunk identifier telephone calling card numbers and time and duration of call 1 BR metadata does not include the substantive content of communications the name address or financial information of a subscriber or customer or CSLI U Data received from providers ∙∙∙∙∙ fTS ---- b 3 50 usc 3024 i NSW W I --- -------------------- L' 1 U The IMEI number is a type of metadata related to mobile telephony It is permanently embedded in a mobile telephone handset by the manufacturer and generally is not changeable by the user In most instances the IMEI does not travel with the Subscriber Identity Module SIM card in contrast to the IMSI number which does The IMSI number is another type ofmetadata related to mobile telephony It is a ISdigit number used to identify a customer IMSI numbers are permanently stored on SIM cards allowing a user to plug a card into any mobile telephone and be billed correctly Calling card numbers are numbers used for billing telephone calls A calling card number may be a telephone number as the phrase is commonly understood and used plus a personal identitkation number or may be another unique set of numbers not including a telephone number TOP SECRETHSI i'IOFORN 3 DOCID 4273474 'f'Ofl SECKE'f' 81 NOFORN ST140002 ∙ I ' _ _ ' ∙IJ l nT f l IT ' ∙∙ ∙∙∙' ∙ ∙∙ ∙∙∙∙∙ ∙∙∙∙∙∙∙ ∙∙∙ ∙ ∙∙∙∙ ∙ ∙∙∙ ∙∙∙∙ f · '· - _ 8636 Q -P L K OUSC3024 i ∙∙∙ ''∙∙∙∙ ∙ 0 1 - -- · y · ·t · ··- ∙ ∙∙∙ _∙∙∙ ∙∙ ∙∙∙∙∙∙ '• ∙ _ ∙∙ ∙∙∙ ∙ I ∙ T SN SI a 1 L 1 _______ ______ 2 U tretffi A SCJF is an accredited area room or installation incorporating physical control measures e g barriers locks alarm systems armed guards to which no person has authorized access unless approved to receive the particular category of sensitive compartmented information and has a need to know the sensitive compartmented information activity conducted therein b 3 P L 8636 3 U ·- ontact chain shows that selection term A communicated with selection term B their first and last contact dates telephony type and the total number of communications between selection terms A and B _∙ _l _____________ _ l∙∙• '''' _' ____ '_t_ L l __ TOP SECRE'fHSI NOFORN 4 b 1 b 3 P L 8636 b 3 50 usc 3024 i DOCID 4273474 TOP SECRETh'Sf NOfOftN ST 140002 •∙∙∙∙ ∙∙∙ TS Sl ft jf Figure 1 illustrates the BR metadata dataflow from the provider to NSA 2013 and the various BR metadata repositories in ' 1 ll 3 P L 8636 b ' -50 usc 3024 i TSHSIHNF Figure 1 BR Metadata Dataflow and Repositories T Pil ubiF ∙ • T6 f9h' t4F ___ _J provide all BR metadata for communications between the United States and abroad or wholly within the United States including local tele hone calls The BR Order does not re uire -t1rtif7 ± 1 SlJi ffi 1 1Lll ---- __ L 1 ' 'fM3tm4f b ' 1 ∙∙∙ ∙∙ b l L 8636 b 3 50 U sc 024 i ∙ ∙∙ I ∙ I ∙∙ TOP SECR-ETHSI r OFORN 5 DOCID 4273474 'fOP SECRE'fi SI INOFOR N ST140002 BR metadata ∙∙∙ f i i ∙ •∙ _ tbH1 ' 3 -P U Table 1 BR FISAL1 --- L 8636 b -5 0 USC 3024 i T 7i 31ii ∙ 86 36 3 ∙ b P L 4 F ∙ ∙ ___J ----------------------------- ∙ ____________________ ∙ ∙ ∙ •• ' I Tet etii 14F I • ' U Metadata Sampling U Sampling to verify BR metadata integrity I U 11'000 l NSA' sD ata Integri l is t As j k - ' 11 3 -P the BR FISA program DIA responsibilities include 6 U fOUO The BR FISA Authority Lead is responsible to the NSA Director and the Director of the Signals Intelligence Directorate tor implementation of FISC BR authorizations by the NSA organizations responsible tor the collection processing and analysis ofBR metadata under U1e BR Order 'fOP SRCRE'fi SI NOI OltN 6 L 8636 DOCID 4273474 TOP SECR£T ISI IP' OFORN ST 140002 • UIJ'FOU01 Verifying that BR metadata is correctly ingested processed and formatted into chains • U Fouoj L · - • U fOUO I lb 3 P _L 8636 • S W j • W ------ j I∙ ∙ ∙∙∙ ∙ ∙ ∙ ∙ ∙ ∙∙ • W'W ∙ '6 3 P L 8636 b 1 b 3 P L 8636 ∙∙∙∙∙∙ ∙∙∙ 6 3 P L 8636 -------------------------------------- 925 Sf iNf NSA bas two types of controls to monitor data received fiom the ∙ h e · · fi r st ∙i sL ___ J pro vid b 1r ∙ ∙ ersanct ∙ main ta i n compliance witb the B R∙Order _ · b e ·fOu i · · h blm g ft q - e r- _se_c_o_n_d∙_∙ is_ 3 __ __________ b · · P t · · · · · I - 1 ∙ JL __ ∙∙ _ I b 3 P L 8636 han es are project L - ---- - -' team runs tests to ve1ify that ∙ b nges have been implemente and ∙ph vides tbe test results to the DIA team to vahdate thatthe changes hav been made∙ ∙ ∙∙ ∙∙∙∙∙ ∙∙∙∙∙ ∙∙ ∙∙ U 'fOUO Sampling DIAs run lr---------- J q n ri s on the B 3 rrretaci a to answer five questions as part of tile sampling process COlltrofS Q_ oinpli'apce VerifY∙∙C_ with the BR Order ∙ ∙∙ ∙∙∙ - ∙ ∙ 7 U ffi'Be7 The standard tormat is · · ∙ ∙ ·ft 6' 3 P L 8636 'fOP S ECRE'fh'SI NOFORN 7 DOCID 4273474 'fOP SECttE'f SI NOJi'OltN ST140002 1 TS 81 ftW Did the BR metadata contain credit card numbers 2 U FOUO Did NSA detect CSLI in thel '--------___ l identification field ∙∙∙∙∙ 3 U Did the BR metadata record structure adhere to e pecfations · · l6 1 ∙ b 3 P L 8636 ∙∙ ∙ ∙ ∙∙∙∙∙ 4 U Did the BR metadata record content ad bere∙ fo expectations I l adh to expectations 5 U FOUO Did U The sampling results are submitted to NSA's Office of the t itector of Compliance ODOC in weekly BR FISA compliance reports ∙ ODOC compiles the information with other compliance reports and provides it to the Director of Compliance for review The BR FISA Authority Lead suii unarizes the weekly BR FISA compliance reports for the DoJ National Secutit y Division's NSD review before quarterly compliance review meetings see Oversight section TSHSM W I I D IAs samee thd known to have contained b 1 ' · · · re _ i t c · P MWl r 1 9 P r f -l i ¥ P - - l _ i ·e · u ifi atio n n m bers The b ' 3 2 P 1 5 8 6 BR Order does not∙∙authonze NSA tQ E 9 - - us tom e r financral∙∙rnfonr ratron ∙∙l b 3 5_0 usc · 3 o 4 f ∙l I DIAs sample all BR metadata' re'cotds for thel khat could ∙ ∙∙ ∙ ∙ ∙∙ ∙∙∙∙∙ ∙ Th m lin a f BR metadata is performed to identify for credit card nu mbers ∙∙ ∙∙ ∙∙ to screen_ are identified DIAs test to ∙∙∙ ∙ ∙∙ •∙∙ ∙∙ ∙ ∙ Credit card numbers I TSf SV UL ∙∙∙ DIAs ideutif them as credit card numbers and forward them to b 1 b 3 P L 8636 ∙∙ IAs Aetennine whether the credit card gested intor L __ L n_u_m be rs_ w_ere in __ _ and noti les stakeholders including DoJ NSD __ _______ __ ∙∙∙∙∙ c ' ' ' · ∙ ∙∙ b P L 3 f To demonstrate the number of files and BR metadata records that are TSh'Sf tc sampled daily for credit cards the OIG randomly selected for review Table 2 TOP SB CRET H SI 1 8 0FOR ' _ 86 36 DOCID 4273474 'fOP SECRE'fi SI INOFOR N ST 140002 U Table 2 0sampling Metrics for Credit Cards T91tSihl ll' ∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙ ∙∙∙ ∙∙∙∙∙∙∙ ∙∙∙∙∙•∙∙∙∙∙∙∙•∙∙∙∙∙∙∙•∙∙ b 1 b 3 P L 8636 b 3 50 usc 3024 i Tei 81 IPJF ∙ U Table 3 L I __ _ I · s ·a · mplln ·g · M· trics for Credit Cards FSHSI JtlF FS 181 JtlF 'T'n t ny ll_ l '' 1 o J o n Tn 1 ∙∙' 'I ∙∙ ∙∙∙ _ ∙∙ ∙∙∙ ∙∙∙∙∙ ∙∙∙ '6 ·· · · · b 3 P L 8G 36 b l Sp usc 3024 i J Cell∙∙site IQ - -ion information CSLI DIAs test thel ∙ ∙ ∙ to ve i tha it doeS ∙'tlot∙cont tiP _ _ LI because the BR Order prohibits ∙∙ NSA ∙om recetvmg thts data The DIAs santple∙l b 3 P L 86 36' · ∙ I ∙ L the - - - - - - - _-_-_- I DIAs have identified no CSLI data in I lfi e- d- - si u _e_o_p erationall ce it becam __ ∙∙ 1 3 P L 86 _36 TSI Slh W Record structur · · The PIAs sample BR metadata records each feed to test whether the BR me tad ata ·- r cord structure has ch ed __ _____ TOP SECRETh'SI NOFORN 9 ∙∙∙∙ ∙ ∙∙∙∙∙∙ ∙∙∙∙ ∙∙ ·- - - - - · · b 1 b 3 P L 8636 DOCID 4273474 'fOP SEC RET SI I OFOR N ST 140002 ∙∙ 6 ∙∙∙∙∙•∙∙∙∙ ∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙ b · P L 8636 ∙∙ l∙lf any tests show differences a warning message is generated for the DIAs to address Changes in BR metadata record structure are very rare but if identified the provider is contacted to determine whether the change is permanent or a onetime processing anomaly ___ ' U fFOUO BR metadata record content DlAs review the BR metadata record ________ content for each feed ∙∙∙ A ceo rding∙ to the DIA s ___ · are v iy ·· excejifious U ff OUO Table 4 shows the percentage ofthe Q 9fie record structure and content during 2013 ∙ ∙∙ ∙∙ U fFOUO Table TS 4r-1S ct iare ' b' 3 P L 8636 ∙∙∙∙∙ ∙∙ ∙ ∙∙∙∙∙∙ a ·r · · BR metadata amp i ·· -e centages for BR Metadata Record u re and Content Testing i l# l 6 1f ∙∙∙∙ b 3 P L 8636 b 3 50 usc 3024 i TSHSif 'tJF 'fSHS ∙ '∙ ' i i or l h' W Data feed volumes DIAs monitor data fe Q Y olumesQ anomalies by reviewigg tbe · l Tstatus Report which lists for ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ each fee d the∙∙n1inilier o f raw BKnietadat a records l I received and the n rilh r ti±l ecord rl I ∙ b 3 FP L 8636 ∙ ∙∙∙•∙∙∙•∙∙ • ∙∙∙∙∙∙ ∙∙∙∙∙ •∙∙ ∙∙∙∙∙∙∙∙ U ALOOO Table 5 shows the number ofBR metad ∙ ∙ I I · co · ras · received 0 1 b 3 P L 8636 8 U i'OUO BR metadata record content is distinct l i om the content of communications BR metadata record content does not contain the content of communications defined in 18 U S C §2510 as the substance purport or meaning of a communication 'fOP gE CitE'f' f gf fN 10 OFOlt DOCID 4273474 TOP SECitE'f' h'Sf NOFORN ST 140002 U Table 5 Total Number of BR Meta data Records C i I T nSIII 1 D ' 14F ∙∙ ∙∙∙ ∙∙ ∙∙ · b 3 P L 8636 TSH81f f • ∙∙ F U Table 6 summarizes the provisions ofB R Order 13158 for collection and the b 1 b 3 P L 8636 b 3 50 usc 3024 i controls NSA implemented to maintain compliance U Table 6 Collection Provis ions and Controls fSJ SI Jf4f Provision II Control Provide Daily BR Metadata Records TSHSIHt4F I lmonitod problems DIAs monitor data feep ∙volume H U NSA Only Receives Authorized Data Parser rules re de ign ed · t prevent unauthorized TSHSIIs' IF data from being ingested into op erational systems DIAs sample data j l to detect unauthorized data TS I S I i'I F ltor data flow J or anomalies II T ' 61#NF b 1 b 3 P L 8636 U Repositories U Provisions of BR Order 13158 U NSA will store and process BR metadata in repositories within secure networks under NSA control U NSA repositories that store BR metadata U 'FOUO All NSA systems that store and process BR metadata are certified as secure through an accreditation and certification process and are in NSA controlled SCIFs During 2013 the following systems stored and processed BR metadata 't 3'FP c ∙as 3s · §' i ' 'r · '8 'u ' I ∙∙∙∙∙∙ ∙∙∙∙∙∙∙ I is the corporate contact chaining __ l 1 dat base l b 1l b 3 P L 8636 __ b 3 50 usc 3024 i TOP SECRB THSI t rOFOR t r 11 DOCID 4273474 'fOf St CRETHSI INOFOR N ST140002 orate database ∙•∙∙∙∙•∙•∙∙∙∙•∙∙∙∙•∙ ∙∙∙∙∙∙ ∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙ ∙∙∙∙ '∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙ · · · U FOUOf ∙ ∙∙∙∙∙•∙∙∙ ∙∙∙∙∙ ' ∙∙∙ __ and bas tbe sarrie ∙∙∙∙ ∙∙∙∙∙∙∙∙I is t e and softwat · ha r ware ∙∙∙∙∙∙∙∙ _ contingency s y te i iJor I e · a L I ___ ____ • SHREL TO USA F r · L y L I i ∙∙∙∙∙∙∙ · ∙∙∙∙∙ is Jhe system backupJ ∙ t6 ' '1f -- _ ___ _________ ____J l l i l ∙ cu1 JFouo i k P -•' ' ' C'C • · i3 pes are m rnmtned at I BR The I are saved to tape backup metadata electrorucally st9 x d ml l d y mfor the BR FISA program is software b 3 'P L 86 36 · U ff O U e · systems move BR metadata between NSA systems fCNREL TO USA PIE¥ How i fQr m a tio n Js stored inl F' ∙ ∙1 ' ' '''' Sfi I I 'S l HRE' IS · f'g' js · A are the only operational databases used to store BR metadata for intelligence analysis As previously I mentiop_ed 1 b 3 P L 8636 ∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙ I data distribution • • 1 b 1 b 3 P L 8636 TSN S W W I ∙I ∙∙∙ ∙∙∙∙∙ ∙∙•∙∙∙∙ ∙∙∙∙ ∙∙∙∙∙∙ ∙ ∙∙∙∙∙∙∙ ∙∙∙∙ ∙∙∙∙∙∙∙∙ ∙ ∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙ ∙∙∙ ∙∙∙∙∙∙∙ ∙∙∙∙∙ ∙∙∙∙∙ ∙∙∙ • • oc • • '• b 1 b 3 P L 8636 b 3 50 usc 3024 i h 3 P L 8636 9 U feY L ----------------------------------------------------- 'fOP SECR e'fh'SI I r OFOR 12 N DOCID 4273474 'fOP S C ST 140002 RE'f 91 N O P OR N U JFOl IO Figure 2 _I _______ ·· ··· ___ I∙∙Architecture∙s∙ ∙∙∙∙∙∙∙ 6 3 P L 8636 ∙∙∙∙∙∙∙∙∙∙ b 1 b 3 P L 8636 b 3 50 usc 3024 i TS 81 J l F ∙∙∙∙∙∙∙ ' 1-r · oJ b - PJ - 6 - 36 b 3 18 USC∙∙79 8 b 3 50 usc 3024 i ∙∙ ∙∙ f'T'C' II C' 'T • ' ' ' ''• ' ∙ ∙∙r _ 1 ' 1 11 11 ∙ U NSA system accreditation and certification processes I U FOUO Accreditation I TS is responsible for managing the risk on all NSA networks and the computer systems and devices connected to those networks TS responsibilities include _ b 3 P L 8636 10 U A relational database stores data in tables using a standardized data format This allows similar information to be organized and queried on the basis of specific data fields TOP SBCRE'f SI NOFOltN 13 DOCID 4273474 TOP SEiCRET I SJ fN OfOR N ST 140002 • the development of U fOUO Guiding prioritizing and overseeing information assurance programs necessary to ensure protection of information systems and networks by managing the NSA Information Security Program • U ff OU Or Serving as the NSA Director's Authorizing Official to accredit all NSA information systems • U f OUO Conducting information systems security and accreditation and risk management programs and • U fOUOJ Establishing maintaining and enforcing information systems security policies and implementation guidelines for NSA U f OUO Accreditation is the official management decision to permit operation of an information system in a specific environment at an acceptable level of risk based on the implementation of an approved set of technical managerial and procedural safeguards U ff OUO When accrediting systems TS uses a risk management framework to determine the appropriate level of risk mitigation needed to protect systems information and infrastructure The framework comprises six steps • U Categorize the information and information system • U Select an initial baseline of security controls and tailor as appropriate for the system data and environment • U Implement and build the secmity controls in the information system • U Authorize the operation of tbe information system accept the risk and • U Monitor continually and assess the effectiveness of the security controls U FOUOr Before a system is authorized to be put on a network it must go through the accreditation process and be approved by TS Table 7 lists the dates through which the BR repositories are accredited U Table 7 Dates through which BR Repositories Are Accredited 0 fREL TO US Ac FY EY l t Repository 11 Accredited Through b l1 ' ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ b 3 P L 8636 G#REL TQ Ui 1 1 Jft' 1i ¥ U FOUO Certification In addition to the TS system accreditation requirement all systems containing FISA data must be certified byl ICTV I Y - T 4 is t e NSA authority f r certification of systems to ensure they are compliant th the legal and policy regulations protecting USP ptivacy I 'fOP S CR-E'f 81 14 N OI Olt N b 3 P L 8636 DOCID 4273474 TOP SEC R£T SI INOFOR N ST 140002 U O UO I I TV began certifying FISA systems including the repositories that_ c01ifain BR metadata to ensure that they comply with USP privacy protection _ l the NSA corporate database for registration of TV developed It is NSA' s ___ ∙∙ ∙∙ N_S A∙systems and their compliance certification and data flows _ ∙∙ ∙∙∙ ∙∙∙∙∙authoritative source for all compliance certifications TV's certification process · ---· ∙∙∙∙∙∙∙ evaluates system controls for maintaining compliance in the following areas purge data retention and aging off data access querying dissemination data tagging ∙ b 3 P L 86 36 targeting and analytical processes U fFOUO To be certified to handle FISA data systems must be certified by TV as part ofthe Compliance Certification process Table 8 shows the TV4 certification dates for repositories that contain BR metadata I ry U Table 8 Certification Dates for Repositories Containing BR Metadata ei REL TO t JGA FVE¥ l m- I II Dale Certified 8636 ∙∙∙∙∙∙∙ ∙∙∙ L----------------------------------------------- O E L T O U A V t U Table 9 summarizes the provision of BR Order 13158 for repositories and the control NSA implemented to maintain compliance U Table 9 BR Repository Provision and Control U uiouer Provision NSA will store and process BR metadata in repositories within secure networks under NSA control Il l Il l Control All BR FISA systems are certified as secure through NSA's system accreditation TS and certification process TV4 and located in NSA controlled SCIFs U Fei JSt U Access and Training U Provisions of BR Order 13158 U BR metadata shall carry unjque markings such that software and other controls including user authentication services can restrict access to authorized personnel who have received appropriate and adequate training with regard to this authority NSA shall resttict access to BR metadata to authorized personnel who have received appropriate and adequate training U Appropriately trained and authorized technical personnel may access the BR metadata to perform those processes needed to make it usable for intelligence analysis The Court understands that the technical personnel responsible for NSA's underlying corporate infi∙astructure and the transmission of the BR metadata from the 'fOP SECRE'f h'SI 1 0FOR I 15 DOCID 4273474 'fOP SEC R-BT H S I IN O F OR ST 140002 specified persons to NSA will not receive special training regarding the authority granted herein U NSA's OGC and ODOC will further ensure that all NSA personnel who receive query results in any form first receive appropriate and adequate trainjng and guidance regarding the procedures and restrictions for the handling and dissemination of such information NSA will maintain records of all such training U OGC will provide DoJ NSD with copies of all formal b1iefing and or training materials including all revisions used to brief or train NSA personnel concerrung this authority U Restricting access to BR metadata to authorized personnel f FSf Sii 't F' The Signals Intelligence Directorate 's SID Office of Oversight Compliance SV verifies semiweekly that persons authorized access to BR metadata maintain the required credentials The trairung required for the se t w 9 £t e 9entials is listed in the Appropriate a iid Adequate Trairung heading of this section ∙ · ' yb - 1 I CJ I Tederi'fiaf slg ifi TSHSfh't$F Thel th · - - · i ividual has_ Pe en · ade ·L and appropriately trained discussed below with regard to the B RFISA program and provides the authorization to view the results ofBR metada a ∙∙∙q ueries in any form including wlitten and oral summaries of results ldoes not provide access to the BR metadata in the bulk metadata BMD repositories or authorization to query the data 86 36 I ∙las TSHSlHNr Table 10 shows a breakdown of the number of personnel withl of31 December 2013 by affiliation ∙∙∙∙∙∙∙∙∙∙ ∙∙ t 1 __ ∙I by Affiliatio TSf Sif NF Table 10 Number of Personnel with L l_ _ ∙ _ • T 311 31 If4F Affiliation ∙∙∙ NSA Civilians t1 NSA Military tl 3 P L 8636 _ i ∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙ NonAgency Civilians Contractors Total TS f S I If F TSf Slf Nfi' Table 11 shows a breakdown ofthe number ofpersonnel withl of31 December 2013 by work role 'fOP SE CRE'f h' Sf f i'I 16 OFOR ' las DOCID 4273474 TOP CR-ET 181 0FOR N ST 140002 TSHSiffNF Table 11 Number of Personnel with --f f T S · 111'11J Ji'm ∙∙ I ∙∙∙ 1 1 b 3 P L 8636 lby Work R le F'T Work Role II Number of Personnel Analyst Oversight Leadership ∙ ∙ Staff Technical Contractor Total Ti ustu t IF ∙∙ b 3 - T NSIHtH Jhe l ler · dential P L J 6-36 signifi thartrperso n authorized to access BMO rep∙ositor ies and is∙tbe first step in obt ainin g the ability to i1Se fo perform qu et i gll 11 t BR metadata l I J SonJy ∙∙∙∙ ∙∙∙∙ authorized fer∙∙specific 'intelligeiice ∙∙an alysts working CT targets described in the BR ∙ Order and technical personnel who maintain the systems t hat process and store BR b 1 b 3 P L 8636 metadata The BR FTSA Authority L ead is the ultimate authority for deciding which organizations are authotized to access BR metadata repositori es I I ∙∙∙∙∙I I TS SIHtW Table 12 shows a breakdown ofthe number ofpersonne1 withl as of 31 Decemb er 2013 by affiliation and work role L ------- TSHSI fNF Table 12 Number of Personnel with'1 -- by Affiliation and Work Role T JI III ······· ' b 1 b 3 -P L l f F Affiliation and Work Role II II Number of Personnel NSA Civilians Analyst Oversight Technical Tot al NSA Military Cont racto rs Technical Total 'f I I to1 l l il41 I T 8 ' Uf In a q tion if an individual needs to query BR t adata · usiti f 'the intelligence analyst contact chaining tool a Division ∙∙∙∙∙∙∙ ∙∙∙ C hief ∙n eputy Division Chief Branch Chief or Deputy Branch Chief must submit to b ' ' i ∙ m SV a written request that the individual be given query access If the individual is iri all 'fraiiiin ran∙d ∙holds∙thef credentials sv sends an 3 86 36 b P L email to thel heam a d requests that the person be added to the current b 3 P L 8636 _ · l is U Fet 7fl l - - __ -r- ∙ ∙ _ _ metadala in _l ___ _ f ∙∙∙ ∙∙∙∙ 11 'fi g hical user interthce analysts use to query data including BR 'fOP SECltE'f SI NOfOltN 17 8636 DOCID 4273474 TOP S CR-ET h' SI 1 - I 0FOR N ST140002 I luser Group in administrator verifies the P - T e l person's credentials and training at h t ∙ ∙ n J the user gro p and notifies SV when complete Upon completion utciptatica J ly sends an e mail to SV indicating that the person bas been a e to t Je user gi oup rl l S _dditional management control helps ensure that only appropriately trained ahtFauthprized personnel are able to execute queries ' b 3 P L 8636 ∙∙ ∙OU∙ t be ---' ∙∙ U FOUO Tab Ie 1 -- S - 9 fJ Il n umber o£ personnel Use't'Gfotip ∙ with q uerying capability as of 31 December 2013 L l b 3 P L 8636 U Table 13 Number of Personnel with Querying Capabi lity as of 31 December 2013 ∙ U I Work Role Number of Personnel ' ∙ Analysts Technical Total U T t gg ' W Receiving query results NSA personnel who receive query results are required to receive training and guidance regarding the procedures and restrictions for handling and disseminating such information Before analysts send BRunique query results containing USP information to another individual they must first confirm that 13 the recipienshasthel credentiaL Sharing BR-uniq e query esults USP in T ti it _ l t tb redential would c ntainirig i 11 4j vi d u al withou ∙V1olatethe BR'Ofder and reqmre notlce to the Court · b 1 b 3 P L 8636 U Training re cords The BR Order requires that NSA maintain records ofBR training NSA's Associate Directorate for Education and Training ADET Enterprise Leaming Management database is NSA's source system ofrecord SSR for maintaining training completion records for all required training U Figure 3 shows the categories of individuals authorized access to BR data ∙∙ ∙ ∙∙ lQ 3∙kf L 8636 • ∙∙∙∙ ∙∙ ∙∙∙∙∙∙∙∙∙∙ '• ∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙ ∙•∙∙∙∙ U ff6tt0 1 lrsNSA's Corporate Authorih tion Service Port l and access control services to NSA programs and projeci's 12 13 U j l f · fhch pr i'des autbgrization attributes ∙∙∙ ∙∙ 1 I I TOP SEC RE TH SI 1 18 0FOR ' DOCID 4273474 ST 140002 'fOP S CRE'fh'SI NOf OftN U FOl JO Figure 3 Access to BR Information Determined by Credentials Maintained by BR Stakeholders · ___ · b 1 b 3 P L 863 he ______ a T o o b t ai a t TSHS fh'Hr Obtaining the creder n ti a l a request must be submitte L in the ' 1 NSA' s __ c q rporate∙ aed∙entTaling system A request mt t contain the name of a v lia ·sponsor who cu nently holds th req ested credenti l The Assod · ' 3 -P L _ ∙∙ 86 36 Q revtewsl - l qu sts tot Directorate for Secunty and Countenntelhgence b 1 security concerns If approved the request is forwarded tg SVJo rfinat ∙adjudication b 3 P L 8636 ∙∙ SV verifies that the individual is cunent on the required explained below · 't ainl ig ∙∙ u des a valid missignju sfificatio11 ∙ are met r quirements and that the request i nc1 If all ∙∙∙∙ ∙∙∙∙∙∙∙∙∙ SV approves the credential inl lf6r 'ent_ry inn I∙∙∙∙∙ ∙ ∙ · fi S £1 W cunent on Maintaining the crec tential To ensure that personnel remain trruhiQg SV runs I report several times a week that lists all the personnel with thel credential and their trairung status ∙which is color coded green cunent red expired If someone's OVSCl 000 or OVSCJ J 00 training has expired SV notifi es that person by email that∙∙training must be completed If OVSC1800 or OVSC1205 0VSC1206 has expired access is revoked immediately Access is not restored until a newl ∙request is submitted and all training is cunent If an individual's training expires and the credential bas been revoked thjs would not violate the BR Order However if someone accesses BR metadata but has not completed the required trairung this would violate the BR Order because the person has not been appropriately and adequately trained The violation requires notice to the Court 14 11 ' U ffOUO The Court understands that the technical personnel responsible for NSA's underlying corporate infrastructure and U1e transmission of the BR metadata ii∙om the specitied persons to NSA will not receive special training regarding the authority granted herein TOP SECRE'fh'Sif i'IOFORN 19 DOCID 4273474 TOP SEC R£T SI I t OF OR N ST 140002 U FOUO Appropriate and adequate training NSA CSS Policy 123 Procedures Governing NSAICSS Activities That Affect U S Persons 30 July 2013 requires that Agency personnel civilians military military reservists integrees and most contractors complete intelligence oversight 10 training annually TS SI W In addit 911 - t Q g u alify for∙ t h and comply redential with∙ therequi'fei iieiits of the BR Order persons must have completed specific training courses within the last 12 months All courses are developed by NSA 's ADET in b 1 conjunction with the OGC mission subject matter experts and mission compliance b 3 P L 8636 professionals • U f OUO OVSC IOOO NSA CSS Intelligence Oversight Training the Agency's core IO course is provided to the workforce to maintain a high degree of sensitivity to and understanding of intelligence laws regulations and policies associated with the protection ofUS P privacy rights during mission operations Personnel are familiatized with the major tenets ofthe four core IO documents Executive Order E O 12333 as amended Depm∙tment ofDefense DoD Regulation 5240 1R Directive Type Memorandum DTM 08052 and NSA CSS Policy J 23 OVSCI 000 is web based and includes knowledge checks for proficiency 15 • U ff OUO OVSCllOO Overview ofSignals Intelligence Authorities the core SIGINT IO course provides an introduction to various legal authorities that NSA uses to conduct its operations Upon completion personnel should be able to identify applicable surveillance authorities at a high level define the basic provisions of the authorities and identify situations and circumstances requiring additional authority OVSCJ J 00 is web based and includes knowledge checks for proficiency All personnel in the U S SIGINT System USSS working under the NSA Director's SIGINT authority with access to raw SIGINT m∙e required to complete OVSCJ I 00 every 12 months • U FOUO OVSC1800 Anal ytic and OVSC1806 Techn ical Legal Compliance and Minimization Procedures advanced SIGINT IO course that explains policies procedures and responsibilities within missions and functions ofthe USSS to enable the protection ofUS P and foreign partner ptivacy rights Upon successful completion NSA analysts with mission requirement s to access raw SIGINT databases will have met the additional training requirement imposed by SID OVSC1800 and OVSC1806 are web ' ilj 3 ' FP t ' s 3s based • an d 5 P C 9 C P e ams Personnel who do not p fsnbet est∙after∙Q ∙II I attempts must e remedial training All personnel in the USSS working under the NSA Director's SIGINT authority with access to raw SIGINT are required to complete OVSC 1800 or OVSC 1806 every 12 months 15 U 'fOUO E O 12333 United Stales lnlelligence Activilies DoD Regulation 5240 1R Procedures Governing the Activities ofDoD Intelligence Components That A fecl US Persons DTM08052 DoD Guidance for Reporting Questionable Intelligence Activities and Significant or Highly Sensitive Mailers TOP SBCRET HSI i'IOFOR 20 DOCID 4273474 TOP SECRETh'SI INOfi'OftN ST 140002 • U I'FOUO OVSC1205 Analytic and OVSC1206 Tecbn ical Special Training on FISA advanced IO courses that present legal policies surrounding the FISC Orders and RAS standards pertairung to specific CT focused programs OVSC1205 and OVSC1206 are web based and include competency exams with a minimum passing score of 90 percent for OVSCJ205 and 89 percent for OVSCJ 206 a higher proficiency threshold than other courses because BR FISA data has a greater probability of contairung USP information Personnel who do not pass the test after one attempt must complete remedial training All personnel with access to the BR FTSA program are required to complete OVSCI205 or OVSCI206 every 12 months U f'OUO DoJ NSD review of training material As the BR Order requires NSA's OGC provides DoJ NSD copies of the material e g OVSCI205 and OVSCI206 training courses used to train NSA personnel on the authority OGC most recently provided DoJ NSD copies of revisions to the training materials in February 2014 NSA had revised the training materials because of the 17 January 2014 program changes which incJuded the twohop limitation and FISC RASapproval process U Access requirements for technical personnel to BR repositories U f'OUOJ The BR Order states that appropriately trained and authorized techllical personnel may access the BR metadata to perform those processes needed to make the data usable for intelligence analysis The following describes the repositories and systems and the access requirements for techujcal personnel ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙ ········ titf ∙∙∙∙∙∙∙ · ∙∙∙∙∙ b 3 P L '8636 b 3 50 usc 3024 1 ' • ∙ • TS Si i ∙ ∙ OUO Backup tapes are securely stored in a locked cabinet inside a restticted access room at a secure personnel L__j tacility and are only accessible by - s j _gnated l ∙∙∙∙∙∙∙∙∙∙ ∙∙∙ TOP SECRBTHSI NOFOltN ∙∙∙ b 3 P L 8636 21 DOCID 4273474 'fOP SECitE'f h'SI NOPOR N ST140002 • TSNSM't f I ∙∙∙ ∙∙∙∙∙ I ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙ ·· · ···· ' 'b _6 b 3 P L 8 6 3 6 · b 3 50 usc 3024 i I • ∙∙ ∙∙∙ • U fi'OUO NSA 's Corporate Infra stru cture Technical personnel responsible for maintaining NSA' s underlying corporate infrastructure and transmission of BR metadata to NSA e g corporate I personnel and SharePoint system administrators are not required to receive special training regarding the BR program U Access requirements for analysts to query BR - repo _itones ∙∙∙ f b 3 P L 8636 l ∙ ∙ j ∙ TSNSINHF To query thel · · hii b ase using analysts including DIAs must _ - H te d _ luser Grou in 1 _ q n Jh f The pr e ss Jo beadd∙ed t6 the us gx9 ilp · W as discussed inthe L __ _ SlS l o i iifol ∙ I using their public key infrastructure • ' ' ' ∙ W1 leti'' anal ∙ bJ 'tJ · pa _'Vord ve'fi'fies that the anal st s are listed on the b 3 P ∙L • s 3 6 ' ∙ and the Y liave ∙ ∙ · the I a t tree requrrements are met t e mode inl and query BR ersotmel had the ability to run queries on I L - --- ---I 'T' - ---- r - -r- --------- ∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙ U iq OU0 1 Table 14 summarizes the∙ pro - vi ions ofBR Order 13158 for access and training and the controls implemented by NsA∙toIJ J aintain compliance ∙∙∙∙∙∙∙∙ ∙∙∙∙∙ ∙ ' b 3 P L 8636 •• • • • • •••• 17 U fOUO l I TD ted1nical · e l •• system accesses tol 4 · · - · wereterminated U PKI is used to authenticate users on NSA networks PKI binds oublic kevs with us s · o f · a · ai · gita l 18 certificate authority I 'fOP S E CR-BT H SI N OFOR 22 ∙∙ ∙∙∙∙∙1 ∙∙ ∙∙ DOC ID 427347 4 WW tbit - 35 35 U Table 14 Access and Training Provisions and Controls U Access to ER metadata shall be restricted personnel with acce to authorizad personnel who have received metadata most be approved for appropriate and adequate training credential All personnel wit ccess to the EMU repositories must have thebredential All personnel who query the BR metadata in the EMU 35-36 repositories must have the credential and be on the All personnel with th credential must complete appropna an a equate training veri ed and monitored by EU U Appropriately trained and authorized WTechnical perso the technical personnel may access the BR BR metadata must have the metadata to perform those processes needed credential and must have completed appropriate to make it usable for intelligence analysis and adequate training veri ed and monitored by 5V U Technical personnel responsible for U Technical personnel responsible for undenying corporate infrastructure and underlying corporate infrastructure do not receive the transmission of the BR metadata from the special training regarding the BR program speci ed persons to NBA will not receive special training regarding the authority granted herein- 86 36 U DGC and will further Before an analyst sends BR unique ensure that all NBA personnel who receive query results containing USP information to another query results in any form rst receive individual the a at con rm that the appropriate and adequate training and recipien 'redentiaI- An individual guidance regarding the procedures and with th credential must complete and restrictions for the handling and remain current on required training which includes dissemination of such information- training and guidance on handling and disseminating such data- U NBA will maintain records of all such ABET Enterprise Learning training Management database is SSR for maintaining training completion records U DGC will provide N30 with copies of UH-FEES OGC provides BR FISA training all formal brie ng andior training materials material to Bad N80 for review before modifying including all revisions used to briefltrain material in the DVSC1205 and OVSC1206 training NSA personnel concerning this authority courses U Querying thus-PL air-as U Provision of ER Order 13-158 NSA may access BR metadata for purposes of obtaining foreign information only through queries ofthc BR metadata to obtain contact 23 DOCID 4273474 TOP SECRBT 81 IN OFOR N ST140002 19 A seed is a selection chaining information using selection terms approved as seeds term approved for querying BR metadata All selection terms to be used as seeds with which to query the BR metadata must first be approved by the S214 Chief or Deputy Cbjef or one of the twenty specially authorized HMCs in the SID Analysis and Production Directorate 20 Approval shall be given only after the designated approving official has determined that based on the factual and practical considerations of everyday life on which reasonable and prudent persons act there are facts givina rise to a RAS that the selection term to be ueried is∙ ∙•∙∙∙∙∙ •∙∙∙∙∙∙∙ hereafter the Foreign Powers Ifthe selection term NSA 's OGC must first determine that lsolely on the basts of actiVIties that are protected by the Ftrst b 3 50 usc 3024 1 ' Amendment to the Constitution 21 RAS approvals shall be effective for 180 days for any selection term reasonably believed to be used by a USP and one year for all other selection terms ∙∙∙∙∙ ∙∙∙ ∙∙∙∙ b tr · ' ' · · · a o - - - 1 -i ved to be used by a USP the b l -P L - 86 36 the USP ts not regarded as l I I U lFOUO Furthermore queries of the BR metadata using RAS approved selection terms mai' occur either by manual analyst query or through the automated query process 2 Contact chaining que1ies of BR metadata wiJI begin with a RAS approved seed and will return only that metadata within three bops of the seed 23 ∙∙∙∙∙∙∙∙ U If'OUO The tem1 s t i on terins ineludeslM is not limited to identifiers Tbe term identifiers means a ∙∙∙ tele hone number as that term is commonly understoo'd an∙a∙ used 19 20 ∙∙ TSI Sh'f fF' Selection terms that are the subject of electronic surveillance authorized b the FISC based on the FISC's ftndin of robable cause to believe that the are used b including those used by USPs may -- ---- ---- -- -- -- - be deemed approved for querying for the period ofFISC wthorized electronic surveillance without review and 1 approval by a designated approving official On 26 Fe brtwry 2014 NSA began sending selection terms to the FISC for RAS approval to comply with the President's directive of 7 January 2014 On 28 February 2014 the FISC approved RAS tor the ∙first two selection terms under this new process 21 U The First Amendment to the U S Constitution prohibits making any law abridging the freedom of speech infringing on the freedom ofthe press inter'terin g with the right to peaceably assemble or prohibiting the petitioning ∙the BR Order no longer requires that NSA's OGC perform a First for a government redress of grievance Amendment review of selection terms used by USPs for nonemergency RAS requests the FISC performs those reviews This change was mad -· following the President's directive on 17 January 2014 which requires that NSA submit selection terms to th FISC for RAS approval 22 TSI Sil W The autop1a ied query process was initially approved by the FISC in the 7 November 2012 Order that amended docket number BR 12178 Although approved NSA never implemented and is no longer authorized to use the automated query process since it withdrew its request to do so in the renewal applications and declarations that support th BR Orders approved by the FISC beginning with BR Order 1467 dated 28 March 20 14 23 U fOUO The first hop from a seed returns results including all selection terms and their associated metadata with a coniact and or connection with the seed The second hop returns results that include all selection terms and their associated metadata with a contact and or connection with a selection term revealed by the first hop The third hop∙∙ returns results that include all selection terms a nd their associated metadata with a contact and or connection with a selection term revealed by U1e second bop On 29 January 2014 NSA's software system controls were modified to limit the number ofhops from seed selection terms to two to comply with the President's directive of 17 January 2014 TOP SECRET b 1 b 3 P L 8636 b 3 50 usc 3024 i 4' SI OFOR 24 l DOCID 4273474 TOP SE CRET ISI INOFOR N ST 140002 Appropriately trained and authorized technical personnel may query BR metadata using selection terms that have not been RAS approved to perform processes needed to make the BR metadata usable for intelligence analysis and may share the results of those queties with other authorized personnel responsible for these purposes However the results of such queries may not be used for intelligence analysis purposes NSA must ensure through adequate and appropriate technical and management controls that queries ofBR metadata for intelligence analysis purposes will be injtiated using only selection terms that have been RAS approved U Presidential directives affecting querying controls in 2014 U On 17 January 2014 and 27 March 2014 the President ofthe United States directed that NSA implement the following changes to the BR FISA program I U lFOUO Submit selection terms to the FISC for RAS approval Before 17 January 2014 selection terms were RAS approved by the S2I4 Chief or Deputy Chief or one of the twenty specially authorized HMCs as the BR Order required and OGC performed First Amendment reviews for selection terms associated with U S persons 2 U fFOUQ1 Restlict contact chaining to two hops from seed selection terms Before 17 January 2014 approptiately trajned and authotized NSA analysts were authorized to query to three hops however NSA guidance restricted those analysts to query BR FISA repositories two hops from seed selection terms and one additional bop three bops from seed selection terms with S2 division management approval 3 U FOtJO Store BR metadata in prov ider controlled repositories and not in NSA repositories Once implemented NSA will submit FISCapproved RAS selection terms to providers for them to query their repositories Providers will provide to NSA only the results ofthose queries U fOU0 1 NSA implemented the first two directives by February 2014 The third directive storing BR metadata in provider repositoties and obtaining only those query results from providers will require passage of a new statute for the production of business records which had not been enacted when this report was issued U FOUO The remainder of this section documents the control framework in place for querying BR metadata in 2013 including the changes implemented by the President's directives in 2014 U Determining seed selection terms for requesting RAS approval U FOUO Analysts working CT missions focus on lead selection terms which can be detived from multi le sources ∙∙∙∙∙ 6 f3 P L 8636 ∙∙ wid ·g o ftradecraft Analysrs ∙appfy a _ terms to pursue RAS approval 1 in determining which selection TOP SECifB'fh'SI N OFOlt N 25 ' I i r DOCID 4273474 'fOP S CRE'f f 9 1 N OFOR N ST140002 ∙∙∙∙∙∙∙∙ ∙∙∙•∙∙∙ b 3 P L 8636 6 _P · L · - · · UJI FOUO Analysts making determinations whether selection terms are eligible to be used as seeds under the BR FISA authority must consider all the facts they know or reasonably can know before submitting requests for RAS approval Looking at the totality ofthe circumstances analysts evaluate whether there is a RAS that the selection terms are used by persons associated with one ofthe terrotist organizations in the BR Order The level of proof demanded by the RAS standard is less than a preponderance of the evidence or probable cause U ffOUO Nonetheless the RAS standard requires more than a mere hunch or uuinformed guesswork Analysts must have an articulable reason supported by at · a 6 -3 6 least one source for suspecting that the person using the selection tetm is associated ∙ witlf One∙ofthe terr orjst organizations in the BR Order Sources used to justify RAS ∙∙∙ ∙∙ ∙∙∙ re uests include but e - noi 1imited to ∙∙∙•∙∙∙•∙∙ ∙∙ _ _ ________ _ T I ' T - h- -e RA S- -- s -ta - n d a -rd ' is - t- -h -e _ s_a _m_e_ fl o-r_ s _e le -c - ti -on- t -et _m _ s_ J associated with USPs and foreign persons Analysts electronically submit T S I SI Wj 1NSA's RAS reguestsinl lhas required fields for analysts RAS selection te tiD J P anag_ me n t s ysterii -1 ' ' to enter'jU'sfit12aHO ·s - for RAS requests user nationalities and user ties to at least one 3 i p a e _36 o f tbeJ rr qr - - anizations in the BR Order Analysts save the supporting docu m t ation for RAs∙reqaests∙ inl for review by designated officials · - ·As -· mtho d ed -- by - the BR Order if selection tetms are subject to ongoing FISC ·l authotized decfron lbased on a finding of probable ic s iye Iran ce cause that the selection terin∙isuse L_or about to be used by persons associated with one of the identified foreign powers ∙NSAmay se the selection terms to query the BR metadata without obtainjng RAS because pro bable caw - a hjgher standard has already been met In these cases entries are still submitted through along with supporting documentation and HMC and possible OGC review if a ∙ ll 1 ∙ ∙ selec io ter i$ s qci e w_i _ _ a U __ o Jd a so be _ re _ uired Ac ording to -P b 3 P l · s 6 3E t - _a_maJonty of the selectiOn terms submttted for RAS approval aredenved fromr r Lisc - 24 i l b 3 0 _ I I ∙∙∙• I ∙ I I __ __________ ___ list in ∙∙ ∙ TSHSIHNF Maintaining ∙the TS f Sf ' ff I 24 U lf RAS requests are based in part or in whole on NSA SIGINT NSA performs a purge verification check for the selection term when the request is submit1ed to ensure that the selection term had not been submitted for ondemand retroactive or reactionary removal of data ti∙om NSA SIGINT system repositories The purge verification field must be tilled out when creating a RAS request and must be conducted no more U1an 24 hours before submission 'fOP S CR e'f h' Sf r OFORN 26 L 8636 DOCID 4273474 'fOP S ST 140002 CRE'f f 9 1 N OFOR N 'b 1J b 3 P L8636 b 3 50 usc 3024 1 TSf SfHt fF RAS can be met only on selection terms associated with the terrorist I Those would include organizations listed in the organizations li§J d F _S C apprb v ed BR Order or based on IC reporting and determined by NSA's OGC a terrorist oroanization in the FISCa roved - - iq ∙ ∙∙ __ b 3 P l - 8 6 3 6 _ ___ _ L _____________________ · · · - ∙∙∙∙∙∙ ∙ ∙ _ ∙ _ ∙ ∙ ∙ ∙∙ ' b 1 b 3 P L 8636 b 3 50 usc 3024 i · · ·· ·-··· -······-· Oll y 'indivi duals ssigned - the tetTotist organizatio∙n ll st ∙in I NSA p I T S A ' SIH role can maintain the were assigned this role r _onnel ∙ 1 b b 3 P L 8636 I which NSA implemented in June 2010 provides the l framework f r nominating justifyinfo revie g approving and hsapprovmg _has bmltm safeguards to ensure RAS for selectiOn t rms A ∙∙∙∙∙∙∙∙that RAS approved se ection 'teaiIs comply with requirements of the BR Order e g reqt t_i_r ed RAS approvals documented only approved terrorist organjzations used _ I also ∙∙∙∙ Jor --RAS maximum time limits not exceeded f MS approvals d ∙∙ _ serves as the c tu JhoritativesourceforRAS approved selection terms and exports the ∙ ∙ie ims to other systems in the BR control framework ∙ ∙seredion b ∙3hP L 8636 ∙∙∙∙∙∙∙∙ ∙∙∙∙∙ ∙∙∙∙∙∙∙ ∙∙∙∙∙∙ s st _I'l · co trol U RAS approval process2013 U FOU0 1 In 2013 the RAS approval process included certain mechanisms NSA usecflo∙∙determine whether selection terms were associated with one of the terrorist organizatio s · ittl I before BR authorized analysts could use the selection terms as seeds to query BR metadata Consistent with tbe BR Order all selection terms used as seeds for querying BR metadata were first approved by the S2I4 Chjef JJ 1 b 3 P L _8_6_ 36 _______ _ ∙ 25 TS fSh' tW ln Mav 2012 DoJ NSD stated that 1t was generallv acceotable for NSA's OGC to determine based onlrrenorti1w hn addition with the condition ofRAS being met NSA can include L ∙∙ · Dfu thcr s ted J that OGC must rev s t thosc dctenu uahous every months ∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙ ∙∙ ∙∙∙∙∙∙ - - - - ∙∙∙∙ ∙ 'fOP gECitE'f'f gf fNOFOit'N ∙ ∙ ∙ 27 b 3 P L 8636 I b 1 b 3 P L 8636 b 3 50 usc 3024 i DOCID 4273474 'fOP SECRE'fi SI INOFOR N ST140002 or Deputy Chief or one of the 20 specially authorized HMCs If selection terms were reasonably believed to be used by USPs NSA' s OGC determined whether the USPs were regarded as associated with one of the ten01ist organizations named in the BR Order solely on the basis of activities protected by the First Amendment Figure 4 illustrates the RAS approval process in place during 2013 U Figure 4 RAS Approvals Needed Before Querying BR Metadata in 2013 U FOUO 0 NSA analyst seeks approval to query the BR rnetadata using the sel ction suspected of being associated with a designated terrorist organization - Is there a reasonable articulable suspicion that the · individ al U ternt of an Individual is associated with a NO STOP PROCESS design ted terrorist organization YES Homo Dnd Mission Coordinator HMC ven4es U11s step CONTINUE PROCESS Is the selection term associa t ed with a U S pers∙on NO YES NO Is the susp icion of associa tion w ith a _ d e signated i errori st organ ization ba sed solel y o n a ctiviti es p ro tected by the First Amend m ent CONTINUE PR YES STOP PROCESS CONTINUe PROCESS NSA Olf ee ol Geneml Counsel step verfft9SI 1JS G After analysis NSA issues a r eport if appro 'priate U U fFOl J01 Table 15 summarizes the RAS selection terms approved in 2013 b 1 U Table 15 2013 RAS Approvals b 3' P L 8636 b 3 50 JSC 3024 i FSHSIIItlF Approved Approved • U Data includes RAS selection terms that were approved more than once in 2013 t U fFetl Data only includes unique selection terms approved during 2013 it excludes multiple RAS approvals for the same selection terms in 2013 TSI 01Hf4F U HMC review process2013 U fFOUO After RAS approval requests are submitted i nl J automatic email notifications are sent to HMCs alerting them that requests are_ iivailable for review Depending on the ranking assigned to RAS approval requ sts in reminder emails are sent afterl jfq r emergency requests j o ∙ _ __ _ _ ' TOP SEER e'fh'SI NOFOitN 28 ∙ ' L 1 '∙ ∙ ∙∙ b 3 P L 8636 DOCID 4273474 TOP SECRET Sf NOf OftN ST 140002 request lfor priority requests _ P d - l _____ __ lfor routine requests IDvf Cs verify that ∙∙∙ ∙ _ • ∙∙ · · ∙∙ ••∙∙∙∙∙ ∙∙∙∙∙∙ ∙∙ _ ∙∙∙∙∙∙ ∙∙∙∙∙ • U IFQ UOfJustification s sufficiently and accurately document user ties to the ∙∙ selec'tion terms submitted for RAS approval ∙∙∙∙∙∙∙∙∙∙ • U FOUO Justifications clearly support user ties to one ofthe terrorist ∙•∙∙∙∙∙∙∙∙∙∙∙ organizations listed _ b 3 P L 8636 ∙inl I • U fFOUO RAS requests are supported by credible source documentation • U f OUO Source documentation is current and has not been superseded by other intelligence RAS requests contain time restrictions if selection terms are or were associated with users for only a specific and limited time and • UNFOUO If SIGINT is used as justification for RAS approval requests analysts performed purge verifications when requests are submitted U fFOOO IfHMCs determine that the documentation requirements have not been met and the RAS standard bas not been not satisfied analysts are notified of deficiencies and asked to provide additional information HMCs denote denied RAS requests as Pending until adequate y docum p t ed inl If the documentation requirements re met ∙and ∙the RAS standard has been satisfied HMCs change tbe t tus o fredue from Pending 'Jg ' Approved · inl F6 l∙documeiiCrurst atus changes and edits of the original RAS · 9 -PgeJ s j p l I sts '6 ' 3 ' ' · · • · h f t o s t ie c ea it -i f nated app ro i t s O GC approve selection terms used by USPs before completing the RAS approval process Figure 5 illustrates the RAS standard U JFOUO Figure 5 RAS Standard ∙∙ ∙∙∙ ∙ ∙ ∙ ∙ ∙ ∙ ∙ ∙ ∙ ∙∙l i I I • i Ti i i' J j ∙∙∙∙ b 3 P L 8636 26 U I Some BR tr ained - nd authorized analysts can approve RAS requests and query BR metadata lsistem controls prevent persons from submitting and approving their own RAS requests However TOP SBCRBTHSI NOFOR N 29 DOCID 4273474 TOP SECimT Sf NOI OftN ST 140002 U OGC First Amendment review of seed selection terms associated with USPs2013 U fFOUO NSA is prohibited from establishing RAS on a USP selection term based solely on activities protected by the First Amendment In 2013 RAS requests containing selection terms associated with USPs were forwarded to the NSA OGC for I sent automated email notifications to a First Amendmen J view d des ignated OGC ∙attorneys until a First Amendment review was completed OGC ∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙reviewed the RAS requests and source documentation as well as the RAS decisions · 'ti i tP L S -3 6 made by HMCs and determined whether NSA intended to target individuals based _ ∙∙∙∙∙∙∙∙∙∙∙ solely on activities protected by the First Amendment If there were indications that ∙∙ ∙ ∙ ∙ ∙∙∙∙∙∙∙ RAS requests∙were l ed solely on such activities OGC would deny the RAS request I Once OGC bas approved RAS requests denoted as Disapprove d in I the selection terms are authorized for use as seeds for querying inl However a series of system updates must be completed before analysts can guery BR m tl l da ta using ne wly approved seed seleotiou∙terms∙ ∙l bH1r∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ 1 I b 3 P L 8636 U Controls for querying BR metadata using only RAS approved seed selection terms within the authorized number of hops U A ' O l 91 · l I tracks the status of selection terms and for an Approved stat us∙∙ the expiration of the RAS approval The BR Order specifies that RAS ∙∙∙approvals shall be effective for 180 days for selection terms reasonably believed to be ∙∙∙∙∙∙∙∙ used by USPs and one year for all other selection terms However NSA out of an ∙∙∙∙∙ abundance of caution used a more restrictive RAS expiration policy in 2013 ∙∙∙∙∙ JJ -P L - 86 36 90 days for selection terms used by USPs and 180 days for selection terms used by ∙ ∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙ for elgii p efscfns∙ 2 7 _1 I is configured to automatically change the status of ' x n terms from Approved to Expired when expiTation dates NSA et ∙∙∙∙∙•••∙•∙∙∙∙∙∙ ∙∙∙∙ ∙∙∙∙ • · ∙∙∙ ∙∙∙ ∙∙∙∙∙∙∙ ∙∙ ∙∙∙∙∙∙∙∙ ∙∙ ∙∙∙ U fFOUO I J that analysts use to query data in Its the graphical user interf ce including BR metadata When launching analysts with I I 27 U ffOUO was recon∙figured so that selection terms used by USPs expired in 173 days and 358 for all others NSA made this change to avoid burdening tbe FISC which began approving RAS for selection terms as the President had directed with more frequent reauthorizations than the BR Order requires 'fOP SECifB'fh'Sf N OFOR N 30 DOCID 4273474 TOP SECRE'f'h'Sf INOI OltN ST 140002 b 1 _ ∙∙ appropriate credentials have the ootion ∙ ∙aiia1vsrs sd'ectthe l to include BR metadata in their queries If b 3 P l 8 -36 I ∙∙∙ ∙∙∙∙•∙∙∙∙∙ '• _ ∙∙∙•∙∙ T S NSIH W When ∙in el lmod eo fl I analysts may onJy use a RAS approved selection term Q query ∙ Bifmetadata The term used to initiate a query of BR metadat is r eferted to as a seed because it is used to produce a chain of J letaclaurcontacts known as contact chaining When analysts submit seed selection middleware called r m for q ry KJ tSipg _l anot her ∙part o ' ' ' '· e 'hmphatic Access Restriction EAR checks whether d1e selection terms appear as ' b 3 P L 8Et 6 1 I tables 28 The EAR through mternal software ln · the ∙ ∙ ' - Apprgyed _system controls · ensures ∙∙ ∙∙ ∙∙ t at contact chaining is restricted to seeds that are RAS apptoveg_ by preventing n - RAS approved l ection terms from being used as seeds ∙∙∙∙∙∙ e g expired ∙∙ for condu Ctl'ng q _ U l chaining analysis of BR metadancinf ·- o mmissioned ' · disappr d selection te1 ms terms that have never_ been entered mtol If selection∙ terJ s submitted by analysts for querymg of BR metadata appear as Approved in ∙the tables the EAR allows queries to perform The EAR preve nts queries from performing when the selection terms do not appear as App roved I I I I U FOUO In 2013 the EAR software system controls also restricted the number of 29 hops to three from the seed for contact chaining as the BR Order authorized However if analysts after reviewing the first two hops results wanted to perform contact chaining out to a third bop from the s eed selection term SID policy required that they fust obtain S2 division management approval NSA relied on analysts to comply with SID policyno system control was in place to prevent analysts from querying out to three hops without S2 division management approval U q OUO To understand how contact chain ing was performed and the system controls implemented by the EAR to only allow querying using RAS approved seeds and within three bops of the seed selection term in 2013 it is helpful to review an example b 1 ∙ b 3 P L 8636∙ S $ _b' REL TO USA FVEY Seed selection term Areasonably believed to be used by a foreigii jYerson o 1 r-st - e -n m - en ' t _ r_e ' ' t u- s-e - was RAS appro vL e _ y _ a_n r 7 l ' n-ew w a s t equ ' 't re T 'reca selection tej A the eed was not used by a U S person The analyst entered selection J e n n A into to perform contact chaining analysis one hop from the seed The _ ∙ EAR au toma tica Uy cheeked∙ the I tables to determine whether ' ' ' ' b -3 P B 3 I I Ts l Sh'R f i N SA i 1r i li i E'A · R l Be tore Jb e § rei ied on analvtic due diligence to query I release BR 'inetadata W i_t l only RAS approved sel Li2 term C'Afted I using ho prevent ql'id'ies it in June 2010 the EAR was reconfigured to use data froni selection terms that were not RAS approved including USP selection terms that OGC had not reviewed 29 TSHSII Hf On 29 January 2014 NSA modified the EAR sotlware system controls to reduce the number of hops from the seed to two to comply with the President's directive of 17 January 2014 28 I TOP SECRETHSI NOFOR t ' 31 I DOCID 4273474 fOP SRCRE'f HSI INOFOR N ∙ ∙ b 3 P L 8636 ST140002 selection term A was RAS approved Because it sh9 ed as RAS approved the EAR the query fBR etadata i First hop queries returned all 'b jr ∙∙∙ _∙∙∙∙∙∙∙∙∙∙∙∙∙∙ allow d b l P L ∙∙ ∙ selectwn terms Y l m the BR repos1tory and assoc1ated metadata that had a 86 _36 b 3 18 ∙USC 798 contact or connectiOn witlffhe seed∙ ∙l b 3 -so · usc · 3 o 4 i ∙∙∙ ∙∙ ∙∙∙∙∙ ∙•∙ ∙ Pf the analyst tried to query beyond the third bop or query usmg a select10n term tbat bad not been RAS approved the EAR would have prevented the action ∙1 U EAR bypass TSf SfH W B a s itcan I for system updates to complete takel before ∙aRAS a pproved selection t erm can be used for querying BR metadata an EAR bypass was implemented for emergency situations If an analyst with a RAS b 1 approved seed selection term and S214 management approval determines that b 3 P L 8636 immediate querying ofBR metadata using the RAS approved seed selection term is necessary to obtain timesensitive results to respond to an emergency S2I4 informs designated OGC SV and ODOC personnel ofits intention to bypass the EAR software s stem controls After this notification S2I4 management contacts the team requesting that designated analysts be temporarily added to the ∙ user group This allows the analysts to select the ∙∙∙•liF ' ii ∙ bY P S Qpti J i n thereby bypass ing the EAR software system controls for b ·L - · op r e t c i n s an c eck s ofRAS' selettiOff'tertJJS' against thq ∙ ∙ ∙ ∙∙ ∙ · -tabJ s · AnaJ S t wjrh ∙manu a l cks by direct onsite supervisor oversight ensure that q'iieries pJ £f i11ied in∙the byp _ s · m ode · do no t e x ee hops before ∙∙∙ ∙∙∙ ∙ ∙ ∙∙∙∙∙∙ ll ops on and after l 7 J nuary 2014 ∙∙ Th 17 January 2014 ∙onwo team s hould g removed t he user group ∙∙ ∙∙ ∙∙∙ is notified when the analyst∙s immediately ∙ ∙ J I following NSA s r ponse to an emergency situation or after pormal system updates have completed to all o' ¥' queryi using the RAS appro red selection terms No NSA personnel were included u ilhe user group∙j L 1 inl I I from I U Querying by trained and authorized technical personnel for testing purposes only S Sf tW The BR Order allows authorized NSA technical personnel to access the BR metadata including throuah ueries to make it usable for intelliaence analysis This includes erformin and maintaining records to demonstrate compliance with the BR Order I Iowever technical personnel do not share the results ofthese ueries with anal sts Tests of BRm r£ rm as the BR' Order allows f tec 1 cal per n -- - y - a l im it -ed- -- n-u -m- - b-e -r o h -o appe_ I Onl hu so_n_n_e 1 w ru_∙ i tbel TOP SECRETHSI NOFOR t ' 32 b 3 P L 8636 DOCID 4273474 'fOP SECKE'f f Sf N OPORN ST 140002 b 1 b 3 P L 8636 user E Y P · inl l can query BR metadata usinf non RA pproved selection _user gro''p IS used only by terms m operational da t _ - e s The l - personnel t fbnical S 1 audits all que1ies performed using query tools by technical and mission personnel to ensure comf iance with the BR Order authorized _ 'l 3 1 5 J 3 NSA technic'hl 'pers'onnet wete in the ∙ I ∙ 1 l user∙group0 U RAS approval process2014 T SHSJH i F On 17 January 20 14 the President directed that NSA implement changes in how it operates the BR FISA program NSA must submit selection terms to the FISC for RAS approval and limit contact chaining to two hops from the seed selection terms Before 17 Jauuaty 2014 RAS selection terms were approved by the S2I4 Chief or Deputy Chief or one of the twenty authorized HMCs as the BR Order requiredrand contact chaining was allowed ∙ out to three hops∙ ∙ I b 1J · · b 3 P l 86 36 ∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ d_m_e_asu_r_e_ -on 2 3 J - an_ u_a_ry 2' 0 ll l ∙ -J ' ∙∙ i 1 A s_a_n_a_d d e l4 a pproved status were changed to Revalidate inl ' - te -rm- s in- au -A IR A S - s 'el e -ct io _n__ ____ 130 b 3 P L 8636 U fFOUO In the weeks following the President's directives through a mot10n to amend BR Order 1401 the FISC approved on 5 February 2014 tbe following U The government may request by motion and on a casebycase basis permission from the Court for NSA to use specific selection terms that satisfy the RAS standard as seeds to query the BR metadata to obtain contact chaining information within two hops of an approved seed for purposes of obtaining foreign intelligence information In addition the Director or Acting Director ofNSA may authorize the emergency querying of the BR meta data with a selection term for purposes of obtaining foreign intelligence information within two hops of a seed if l the Director or Acting Director ofNSA reasonably determines that an emergency situation exists with respect to the conduct of such querying before an order authorizing such use of a selection term can with due diligence be obtained and 2 the Director or Acting Director ofNSA reasonably determines that the RAS standard has been met with respect to the selection term In any case in which this emergency authority is exercised the government shall make a motion in accordance with this amendment to the BR Primary Order to the Court as soon as practicable but not later than seven days after the Director or Acting Director ofNSA authorizes such query U fFOUO In response to these new requirements the NSA BR control framework changed • U q QUO RAS approvals submitted to the FISC NSA no longer approves RAS for selection terms except in emergency situations HMCs or the S214 Chief or Deputy Chief previously approved RAS They now perform b 3 P L 8636 DOCID 4273474 TOP SECRET h'SI NOFOR N ST140002 only first level reviews to determine whether RAS requests are adequately documented and supported by creditable source documentation in I Analysts follow the same preliminary procedures as before for determining whether select ion terms are used by persons who are reasonably believed to be associated with one of the terrorist organizations listed in the ∙∙ BR Order and for documenting RAS req11 sts in I I After reviewing ∙∙ the supporting document qn HMCs send RAS requests back to analysts to make addi jQnal changes as needed deny RAS requests or formally endorse I to them ∙ Thily RAS requests endorsed bY f l MG$ a re submitted∙∙inl ∙ OGC for secondleveheview∙ rega'rdiess of whether selection terms are used 'b ' 3 P i ' 86 36 by USPs or foreign persons •' U FOUOJ OGC no longer officially performs First Amendment reviews of selection terms used by USPs for nonemergency RAS requests the FISC performs those reviews OGC now performs second level reviews ofRAS requests source documentation and endorsement decisions by HMCs to provide greater assurance that the FISC will not reject RAS requests because of insufficient documentation or First Amendment concerns for selection terms used by USPs OGC reviews HMC endorsements during RAS verification meetings at which HMCs present evidence supporting the RAS justifications for review by SV OGC and the S2 Declarant usually the S214 Chief or Deputy Chief who signs the eventual motions seeking FISC approval of the selection terms This group known as the RAS verification panel chaired by SV confirms that representations in RAS requests are accurate If the RAS verification panel endorses the RAS requests OGC submits them to DoJ NSD for review and submission to the FISC for approval At each level of review by HMCs OGC the RAS verification panel and DoJ NSD all questions concerns and requests for additional information must be satisfied before DoJ NSD submits the requests to the FISC The FISC makes the final determination of whether the RAS standard bas been met for each request and notifies DoJ NSD of its decision to approve or disapprove requests After OGC has been notified by the DoJ NSD ofthe FISC decision OGC enters the date ofthe decision saves the supporting court doc umentation _ and upda tes the dispositions ofRAS requests _ inL I as Approved or Disapproved 31 FISC approvals are effective for 180 days for selection terms used by USPs and one year for all ' 'b ' 3 PJ ∙ S6 3 others However NSA established slightly more conservative expirations in I 173 days for selection terms used by USPs and 358 days for all ∙ I others Figure 6 illustrates the nonemergency RAS approval process TSl 31 S II W I U ffOUo ∙l is the system of record for storing documents relating to NSA authorities including BR Orders for the BR FISA autl1ority TOP SEC RE TH SI 1 34 0FOR ' DOCID 4273474 TQP S C ST 140002 R-ET h' SI N OFOR N U Figure 6 Non Emergency RAS Approval Process U ii OUO t Analyst Creates Request y I R B«euationJ I Rellllltdation _1 ∙ HMC Review I I f J 4 1 NSAOGC 1 Review ' I ' 5 DOJ Review ' i f 3 J NSAOGC is 7 7 notlfiedot FISC's de c•slon HMC initiate liAS Venfiatlon SV HMC OGC and SZ Declarantl 6 FISC I Reviews and makes Oetununat Jon I b 3 P L 8636 U FOUO • U FOU0 1 Emergency RAS appro vals Under the BR Order the NSA Director DIRNSA or Acting DIRNSA can approve RAS for selection terms for querying BR metadata within two hops ofthe seed selection term only after the RAS standard has been met and only when responding to emergencies When submitting a RAS request for emergency approval analysts document the request and justification for emergency approval in 1 l An HMC performs a firstlevel review and requests additional infonnation f rom the analysts as needed and denies or endorses the ∙∙∙∙∙∙∙∙ ∙∙∙ emergency RAS request If the HMC endorses the RAS verification panel is ∙∙∙∙ immediately convened to review the supporting documentation and justification for requesting emergency approval If the RAS request contains a rt J P L 8636 · - · · · selection term used by a USP OGC perfonn s a First Amendment review to ∙ ∙∙∙ ∙∙∙∙ ∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ determine that the basis for seeking RAS is not solely based on activities protected by the First Amendment If the RAS verification panel concurs with ∙∙∙ ∙∙ ∙∙∙∙∙∙ ∙∙∙∙ the HMC' s endorsement and OGC concludes that there are no First ∙∙∙ Ameudment concerns the S2 Declarant BR FISA Authoti ty Lead SV and ∙∙∙∙∙∙∙ OGC - ll Qri ef the DIRNSA or Acting DIRNSA who determines whether an em rgency shua_tion exists and the RAS standard bas been met and the RAS determi nation is n'ol b sed solely on First Amendment protected activities U fFOUG Jf the DI ' SA q r Acting DIRNSA approves the emergency RAS request OGC''saves the appro 'abqpcu mentation and changes the disposition ofthe RAS request to Approved ' Bl ∙∙∙ land notifies DoJ NSD ofthe eme r ency RA approv If immediate query in is required S2I4 c_oordrnates addmg the designated analysts I user group to theL l see Querying ' se _ion for EAR Bypass roc e du r s Otherwise in I Jfor a senes of system the destgnated analysts must wmr1 updates to complete before querying BR metadata using the emergency approved selection term U FOUG The BR Order requires that witbjn seven days of the emergency RAS approval DoJ NSD ftle a motion with the FISC on behalf ofNSA TOP SBCRETHSI 1 0FOR N 35 DOCID 4273474 TOI' SECttE'f' h'SJ NOFOR N ST 140002 concerning the emergency authorization Ifthe FISC grants the motion OGC enters the date the FISC approved the RAS request and records the supporting cou rt documentation I If the FISC denies the motion NSA will take remedial action including actions the FISC bas directed Figure 7 b 3 P L 8636 illustrates the emergency RAS approval process iq U Figure 7 Emergency RAS Approval Process l LJ U fffltl6t 1 Analyst Creates Reques t I I Lr HMC Review 11 l s I __ 41 Review NSA OGC S2 Staffs Request I ' 3 I HMC inltlates RAS 1 sj NSAOGC documents aoo roval in 1 Uon I tWv•IUua tqn b 3 P L 8636 ∙∙ ∙∙ ∙∙∙∙' - 10∙ 1 ∙ ∙∙∙ I HMCcreates new re quen In I 11 16 ' J I Verification SV HMC OGC and S2 Declaran t I OIRNSA Re v1e ws a nd makes Oetennlnatlon l Exvi ∙ 1l' FISC Notiflcat ion and Review ' ' 1 I L 1 DOJ Nottflc tion and Review UI FOUO '6 1 ∙ ∙ I the DIRNSA approved the first Q m LTO USA fPvfYrrry l and only selection term for emergency querying sin e receiving tbj new b 3 P C 8636 mandate from the FISC on 5 February 2014 A motton was filed w1tb the fl§C within seven days of the DIRNSA's approval ofthe emergency RAS requ esr 1 I the FISC approved RAS for the select ion term • U fOUO Tw ohop r estriction for con tact chaining On 29 January 2014 NSA modified the EAR software system controls to restrict contact chaining to two bops from seed selection terms as the President bad directe d Before 17 January 2014 autbotized NSA analysts could query BR FISA repositories two hops fi∙om seed selection terms and one additional hop three hops from seed selection terms with S2 division management approval U Table J 6 summarizes the provisions of BR Order J 3158 for querying BR metadata and the controls NSA implemented to maintain compliance 'f OP SECRE'fh' Sf f i'I 36 OFOR ' DOCID 4273474 ST 140002 'fOP SECH'f Sf N OI OftN U Table 16 Querying Provisions and Controls U I' Provision Control Seed selection terms must be approved by a designated approving official and also reviewed by OGC if the selection term is used by a USP before querying BR metadata for intelligence analysis purposes lqontrols ensured that one of the In 2013 1 22 designated approving officials approved RAS for selection terms and if use d by USPs OGC performed a First Amendment review ∙Selection terms were added to the RAS Approved List only after the required approvals were documented inl Approvals shall be given only after the designated approving official has determined that there are facts giving rise to RAS that the selection term to be queried is associated with a Foreign Power r I lstor s supporting documentation for justifying RAS ifi llsomaintains the authoritative Jist of lf q _c ei n p wers l NSA shall ensure th rough adequate and appropriate technical and management controls that queries of the BR metadata for intelligence analysis purposes will be initiated using only a selection term that has been RAS approved · - '∙ b 3 P · 8636 ∙∙∙∙ EAR restricts contact chaining to only those seeds that are RAS approved by preventing all non RAS approved selection terms e g expired disapproved from beinp used as se ds for conducting contact chaining ∙∙ RAS approvals must not exceed 180 days -- _ automat changes the status of RAS ically for selection terms reasonably believed to approved selection terms from Approved to Expired be used by a USP and 365 days for all when expiration dates set by NSA are exceeded In other selection terms 2013 expirat ion dates were set for 90 days for selection terms associated with USPs and 180 days for all others Results of contact chaining queries must not exceed three hops from seed selection terms In 2013 the EAR limited the number of hops to three from the seed selection term for contact chaining § Technical personnel may query the BR metadata using selection terms that have not been RAS approved to perform processes needed to make it usable for intelligence analysis SV reviews all query records for compliance with the BR Order U On 26 February 2014 NSA began sending RAS requests to the FISC for approval to comply with the President's directive of 17 January 2014 On 28 February 2014 the FISC approved RAS for a selection term under this new process and NSA began the process of manually entering intol h_he dates that the FISC approved RAS for selection terms was updated to require that FI$C approval dates be inputted into it before adding seleCtion terms to the RAS Approved List ∙ t U 1F61 161 The AR relies on RAS approved selection terms to l e∙ accurately entered by authorized personnel manually intol l in 2014 NSA discovered instances of RAS approved selection te'r rns that were inaccuratt9IY entered intqJ by authorized personnel In response NSA implemented a twoperson review for acc racy of RAS approved selection terms manually entered intd ∙ ∙ ∙∙ l the expiration d t s · I'J r-l were changed to 173 days for U JFe YO l selection terms used by USPs anq 358 d ys for all 6ther's § U 1 'he EA R sotty a f system controls were modified to limit the number of hops from seed seleclld ii terr ns to tWo∙to comply with the President's directive from 17 January 2014 ∙ ∙ - l I I I I 1 U b 3 P L 8636 37 DOCID 4273474 TOP S CitE'f Sf N Ofi'Olt N ST140002 U Sharing and Dissemination U Provisions of BR Order 13158 U ff OUO Sharing Results of intelligence analysis queries of BR metadata may be shared before minimization for intelligence analysis among NSA analysts subject to the requirement that all NSA personnel who receive que1y results in any form first receive appropriate and adequate trainjng and guidance regarding the procedures for handling and disseminating such information - 3J P L U FOUO Dissemination NSA shall apply the minimization and dissemination requirements and procedures of Section 7 ofU S Signals Intelligence Directive USSID SP0018 to any results from queries of the BR metadata in any form before the information is disseminated outside NSA in any form In addition before disseminating USP information outside NSA the DIRNSA the Deputy Director or one oftbe officials listed in Section 7 3 c ofUSSI D SPOOJ8 i e Director ofSI D Deputy Director of SID Chief oflnformation Sharing Services SIS Deputy Chief of SIS and the Senior Operations Officer ofthe National Security Operations Center must determine that the information identifying the USP is related to CT information and it is necessary to understand the CT information or assess its importance CT nexus Approximately every 30 days NSA shall file with the Court a report that among many things includes a statement of the number of instances since the preceding report in which NSA has shared in any form results from queries of the BR metadata that contain USP information in any form with anyone outside NSA 8636 ∙∙∙∙ ∙' _ ∙ _ ∙∙ U Sharing BRun ique information with authorized NSA personnel ∙∙∙∙∙ ∙∙ ∙∙ 'fS SINtij NSA refers to sharing as providing query results internally to ∙ ' appropriatel and authorized NSA personnel Sharing restrictions in the BR trai Q d Order pnly apply HR nique query results of a USP BR unique is a term used by NsA' ∙that refers to cont acts with in a chain solei derived from BR Oral metadat'a or written eptctlOtJ S marupu atwns an summanes are a so query resu ts U ess BRunique querf results contai ing USP ∙∙ ready i_ncluded in · a ·- di _ssemin te r p rt 1pformat1on are only sharep with mdJvJduals who have the BR redent1al manually check st eholders to confirm that recipients havel before sharing BRunique USP information in any form BR stakeho lders also enstit that documents or files containing BRunique USP information are only stored in acc'e sscontrolled personal or shared network locations accessible only t o BR cleared ∙ personnel and that BRunique results containing USP information di played in the wdr place are not visible to analysts who do not have 1 ∙ ∙∙∙∙ b 1 to I I I u • I l fT rn u ∙u Jl ' V' TOP SE CRB TH SI r OFOR 38 r lbH3 P L 8636 1 DOCID 4273474 TOP SECRETHSI fNOFORN ST 140002 ∙∙∙∙∙∙ ∙ ··· ∙∙•∙∙∙ ∙∙∙∙•∙ b 3 P L 8636 U Disseminating BRunique i nformation U Dissemination is the sharing of information outside NSA The BR Order includes two provisions for disseminating information the CT nexus requirement and the dissemination tracking requirement • U FOUO CT Nexus Requirement The CT nexus requirement applies only to disseminations ofBR query results containing USP information The dissemination provisions of Section 7 3 c ofUSSID SP0018 must be followed If query results include USP information unique to BR metadata and the analyst needs to disseminate that information to an external customer such as the FBI then the CT nexus requirement must be met before disseminating information in any form However if query results contain does not apply only foreign person information the CT nexus requirement when disseminating BR information The remainder of this section focuses on disseminating USP information derived from BRunique metadata TSHSL ' W In accordance with USSID SP0018 ifunminimized USP information is to be disseminated one of the designated approval authorities must determine that the information is necessary to understand the foreign intelligence in the report before the information is released Tbis applies to all disseminations of unminimized USP information under all NSA authorities The BR Order further requires that one of the approving authorities confinn that the information identifying a USP also relates to CT information and is necessary to understand the CT information or assess its importance SJ S stated that most disseminations of USP information detived fi∙om BR metadata b 1 ∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙ b 3 P L 8636 b 3 50 usc 3024 i I U rOUO There are two categories ofBR disseminations Published di ssemi natiqns I I l an d - o- t- b- -er --- - dt - s -se _m i o- -at io_ n_ s e - g- - o gs to_r_e_c ip ien_t_s ra 1 b ti e fin ___ external to NSA such as the FISC who are not receiving the information as ·• ' ' ' · part of their lawful executive or legislative oversight function 'IJ l P · · · · · · • • • o •' ' U F 8 UO I lt ports are used to disseminate SIGINT information that responds to special C requirements ∙∙ ∙∙∙ • reports are disseminated in a limited distribution to customers empowered to act on the information and to additional customers who have an operational need toknow e g FBI NCTC Central Intelligence Agency CIA O ffice of the Director ofNational Intelligence ODNI 1 - ----- ---- -- ----- - --' ' -- ---------- 39 DOCID 4273474 TOP SECRETh'SI I OFOR N ST140002 o U ifOUO RFis are requests by customers e g FBI for information from NSA RFis are usually requests requiring onetime specific responses o U FOUO topic or event l∙are∙ IGINf reports tbat gener allY foc IJ $ 911 0 1 1 · B -P L 8636 variety of collection authorities to a wide aud _ e nee · · However I are not used to disseminate USP inforD J atiot unique to BR met a c t at a -- ' ∙∙∙∙∙∙∙∙ U FO UO After one ofthe approving authorities listed in Section 7 3 c ofUSSI D SP0018 bas approved the dissemination ifUSP information unique to BR metad i i 11cluded it is usually combined in anJ with inforniafiO'ti rrom other collection authorities to provide a more I t t i 86 36 0 Ji ri e r summar · - s ' s t ks the idT e eof distributed widely and sends separately an Identities Release Memorandum only to those parts of the IC that need to know the person's ∙ ∙ ∙ ∙ ∙ ∙j identity 3 Only th e recipients within the IC who receiv both the ∙ and Identities Release Memorandum can determme the USP identity and then only after submitting a formal justified request that has been approved by one of the officials listed in Section 7 3 c ofUSSID SP0018 '∙∙ ∙∙∙∙ ∙∙∙ ∙∙ ∙ · ∙ ' '' ' b 3 P L 8636 f U fl'OUO Dissemination ofBR information occurs most f n in l __ - ___ reports SJ S stated that even when NSA disseminates ∙information using RFis correspondiug rl repgrts follow To formally document the 31 Jh L ·ihe information requested by one IC customer dissetl l Jnatio1L bu importanfio other IC customers to be released through a slightly wider aibeit highly controlled distribution Table 17 summarizes the BR reports disseminated in 2013 32 U JfOUQ7 Masking is the process ofusing generic identification tenus in place ofUSP names titles or contextual identifiers so that the person's identity is not revealed in written or oral disseminations 33 U tf 'ffl ffi S214 confirmed tl1at all RFis containing BRunique information have been followed up wi_ ll reports j ∙ L J j _ OP SB -ClfET#81 Ii fQFOR 40 _ b 3 P L 8636 r DOCID 4273474 bust-PL 86-36 mist-PL 66-36 86-36- hunso use 3024 461W U Table 17 BR Reports Disseminated in 2613 than 86 36 di- 13 BR Reports Disseminateo Total Selection Terms Reported Derived from BR Total BR Unique Selection Terms Reported Total US Contacts Reportedr There were l'additional disseminations in oral presentations The NBA Director briefed the SSCI land NSA made a presentation to the FISC The SIS Chief or Deputy Chief two of the approving authorities designated in USSID SPOOIE reviews the majm'ity of the requests for disseminating USP information for all NSA authorities including these unique to ER Dissemination requests are approved usually the day they are received Senior Operations Of cers SOD in the National Security Operations Center NSOC are also authorized approvcrs for disseminating USP information and typically review and approve dissemination requests submitted after hours or in emergency situations oar-Been fo F'E IS maintains disseminated reports I signed in an access-controlled SIS network folder Disseminations approved after hours by the 800 s are formally documented normally the FJEEIIJI - J- 3 66 36 1' 4 DOCID 4273474 ror S£Cttl'l'f Sf N OPORN ST140002 following business day by Sl S The NSOC Senior Reoortina Officer notifies SIS of these disseminations∙ J I 'b 3 p l _ s6-36 ∙∙∙∙∙∙∙ ∙•∙∙∙∙∙•∙∙∙∙∙ ∙∙∙∙∙∙ U fOU8 b tal b riefings that include USP information derived from BR unique metadata to olfioial outside NSA occur less frequently Normally these briefings are provideci byNS_A leadershjp who are approving authorities for disseminating USP information ∙1ii'lderJJSSID SP0018 All other BR before stakeholders coordinate approvals with one' Ofthe a pr f vin1 authorities presentmg mformatwn outstde NSA The CT d1vts1011∙∙ tracks oral btiefings only and Sl Sand S214 track aJI disseminations o US P information published and oral which are included in the 30day reports filed with the FISC as the BR Order requires b _ • TS SI Hf Dissemination Tracking Requirement The second provision oftbe BR Order that applies to USP information is the dissemination tracking requirement regarding BRunique information NSA tracks and reports to the FISC every instance in which NSA disseminates USP information derived from BR metadata 36 Approximately every 30 days OGC requests fi∙om Sl S and S2I4 the number of disseminated reports containing USP information L • - 36 ∙∙∙ ∙ ∙∙ ∙∙∙∙∙∙∙∙ d r iv ed from BRuni ue metadata for in ut into the 30da re orts filed with ∙∙∙∙ ∙∙∙∙∙∙∙∙∙•∙∙ ∙∙∙ Although no longer required to track disseminations offor eign person information S2I4 continues to track all disseminations ofBRunjque information Dissemillations were tracked manually until l l NSA's corporate dissemination tracking tool was implemented Since then all disseminated re orts containjn BRunique inforqtation _ have b 1 been tracked in completed he _vpload of b 3 P L s6 3 urrent and past BR disseminations into ∙∙ ∙ D · ∙ L 1 I I b 3 P L 8636 U 'FOUO Table 18 summarizes the provisions ofBR Order 13158 for shari ng and disseminating information derived from BR query results and the controls implemented by NSA to maintain compliance 36 TSI Slh'NF Since 3 September 2009 BR Order 0913 NSA has been exempt from reporting in the 30day reports to the FISC BR disseminations to the executive branch for oversight On 3 January 2014 the date the FISC approved BR Order 1401 this reporting exemption was further extended to include BR disseminations to U1e legislative branch for oversight 'fOP S ECRE'fh'Sff i'IOFORi'l 42 DOCID 4273474 TOP SECRETf Sf NOPORN ST 140002 U Table 18 Sharing and Dissemination Provisions and Contr Pifi ∙∙∙∙∙∙∙ 'f' I S1f' l li i ttJ 14ltl' r 'r II Provision CQntrOf 0 3 P L 86 3 6 ∙∙∙' U Results of intelligence analysis queries fTC Cih'tJF B 3 stal eholders manually check of the BR metadata may be shared before ∙NSA's corporate authorization services minimization for intelligence analysis tool to confirm that recipients hay el lbefore purposes among NSA analysts subject to sharino BRunioue ouerv re sulfs of a USP in anv the requirement that all NSA personnel form J L who receive query results in any form first receive appropriate and adequate training and guidance regarding the procedures •' and restrictions for handling and disseminating such information ∙∙∙ • ∙ ∙ ∙•∙∙ ∙ ∙∙∙∙ ∙∙∙∙∙ I ∙•∙∙∙ ∙•∙∙∙ b 1 b J P L 8636 ∙ ∙∙ • ∙∙ I U Before disseminating USP information outside NSA the NSA Director the Deputy Director or one of the officials listed in Section 7 3 c ofUSSID SP0018 must determine that the information identifying the USP is related to CT information and that it is necessary to understand the CT information or assess its importance One of the designated approvers usually the S1S Chief or Deputy Chief verifies that the CT nexus has been met before disseminating USP information in any form The approving documentation is independently maintained by S1S for internal recordkeeping and for external review by overseers U Approximately every thirty days NSA shall file with the Court a report that among many things includes a statement of the number of instances since the preceding report in which NSA has shared in any form results from queries of BR metadata that contain USP information in any form with anyone outside NSA U fFel le7 S1 S and S214 independently track the number of disseminations since the preceding report in which NSA has shared in any form results from queries of BR metadata that contain USP information in any form with anyone outside NSA ST tracks oral disseminations only This data collectively is provided to OGC for input into the 30day reports filed with the FISC U Ti ii NF U Retention U Provisions of BR Order 13158 U The BR Order requires that BR metadata be destroyed no later than five years 60 months after its initial collection b 3 P L 8636 U NSA' s BR ageoff process TS SlHtW To remain compliant with the five year retention requirements NSA comnleted its first BR aaeo ffi l Mav 2011 1 • ∙∙∙∙ •' • TOP SECRETHSI NOFOR t ' 43 · ······ b 1 b 3 P L 8636 DOCID 4273474 4-0002 than bli3l-P-L- 35-35 Based on guidance from OGC BR retention compliance is determined using the date when records are received from providers not the call communication date Record receipt date is the date on which providers electronically deliver BR metadata to NSA - Call communication date is the date on which atelephone call is made front one selection term to anotherd i Timing differences with call communication dates and record receipt dates essences-I 66-36 bN3 -18 use 793 bust-50 use 3024p I Because of these differences NSA tracks record receipt dates for BR metadata to document compliance with the BR Order I I ibitu 66-36 bust so use 3624 Quarantine process bilil 36-36 hum 13 use 793 bust-so use 3024p tUh FErb B-t In September ZINE the Do Civil Division directed NSA to preserve all records relating to the collection ol BR metadala under the BR FISA program as a result elicivil lawsuits against NSA To comply with the preservation order NSA did not age-oil'dala with record receipt dates exceeding months in RUM This data was saved ilt partitions within NSA system repositories inaccessible tUl Selection terms also relcr to used It dialed number recognition telephone numbers 44 DOCID 4273474 'fOP SECH'f Sf NOI OftN ST 140002 U 2013 ageoff 'fSf SINNf I ---------------------------------------------- b f b P L 8636 U IFOl JO Table 19 2013 BRAgeOff Procedures b 1J b 3 ·P L J - 6 ∙∙∙∙ TSHSiffi4F U Changes that affected the 2014 ageoff U FOUO ln September 2 013 DoJ' s Civil Division directed NSA to preserve all records relating to the collection ofBR metadata under the BR FISA program as a result of civil lawsuits against NSA This affected the ageoff performed during 2014 BR metadata that would have be en aged off to comply with the BR Order was 'fOP SECRE'fh'SI 1 0FOR I 45 DOCID 4273474 'fOP SECRE'fHSI fNOFORN ST140002 retained to comply with the preservation obligation This data was saved in partitions within NSA system repositor ies inaccessible to analv$ts J ∙∙ ∙∙∙ ∙ · U f'OOO On 12 March 2014 the FISC granted the government's motion for '6 1 ' ___ temporary relief from the five year destruction requirement pending resolution of the p res rvaJ - 1 -i ation filed by plaintiffs 39 As yermitted by the B 0 rder analys s b 3 P L 8636 ∙ contmue to acceSS for mteUtgence purposes r e L h epOSlt9 r y that con tams BR metadata rece i ve on or aftel lhe 010 retention cutoff date usii'i'g∙∙onlb J P L _ 86 36 RAS approved selectwn terms I - ' ' ' ·1 b 1' b l l _ c ∙ss36 b 3 50'USC 3024 i ∙∙∙ ∙∙ I 1 -------------------------------------------------- 1 _ b -P L Jl636 b 3 SO usca Q 4 i 39 I C • · I ∙∙∙ t ∙∙ ∙∙ '•∙ TOP SBCRBTHSI NOFORN 46 ∙∙ ∙ DOCID 4273474 TOP SECRE'ff Sf NOf OftN ST 140002 CNREL TO USA F'IE'f Table 20 1 '___ before and after data comparison I∙∙ b 3 P L 8636 b 1 I U fFOUO Table 21 summariz es the provision of BR Order 13158 for retention and the control implemented by NSA to maintain compliance U Table 21 Retention Provision and Control U IFeW Provision II BR Metadata must be destroyed no later than five years after its initial collection Control See Table 19 for the procedures performed to ageoff BR metadata to comply with the BR Order in 2013 II U 1 U Oversight U Provisions of BR Order 13158 U NSA's OGC and ODOC will ensure that personnel with access to BR metadata receive appropriate and adequate training and guidance regarding the procedures and restrictions for collection storage analysis dissemination and retention of the BR metadata and the results of queries oftbe BR metadata NSA' s OGC and ODOC will further ensure that all NSA personnel who receive query results in any form first TOP SECRE'fh'Sf NOFOR 47 DOCID 4273474 'fOP SECRE'f HSI INOFOR N ST 140002 receive appropriate and adequate training and guidance regarding the procedures and restrictions for handling and disseminating such information NSA will maintain records of all such training OGC will provide DoJ NSD with copies of all formal briefing and or training materials including all revisions used to brief train NSA personnel concerning this authority U NSA's ODOC will monitor implementation and use ofthe software and other controls including user authentication services and the logging of auditable information referenced in the previous paragraph U NSA will ensure that au auditable record is generated whenever BR metadata is accessed for foreign intelligence analysis or accessed using foreign intelligence analysis query tools U NSA' s OGC will consult with D oJ NS D on all significant opin ions that relate to the interpretation scope and or implementation ofthis authority When operationally practicable such consultation will occur in advance otherwise DoJ NSD will be notified as soon as practicable U At least once during the authorization petiod NSA's OGC ODOC D oJ NSD and any other appropriate NSA representatives will meet for the purpose of assessing compliance with the Court's orders Included in this meeting will be a review of NSA' s monitor ing and assessment to ensure that only approved metadata is being acquired The results ofthis meeting will be reduced to writing and submitted to the Court as part of any application to renew or reinstate the authority U At least once during the authorization period DoJ NSD will meet with the NSA' s OIG to discuss their oversight responsibilities and assess NSA's compliance with the Court's orders U At least once during the authorization period NSA's OGC and D oJ NSD will review a sample of the justifications for RAS approvals for selection terms used to query the BR metadata 40 U NSA oversight U FOU0 1 In addition to the oversight requirements listed in the BR Order NSA performs additional oversight not required in the Order to ensure compliance The organizations and the oversight performed are described next U FOUO BR FISA Aut hor ity Lead is the focal point for the BR FISA program within SID reporting to the CT Associate Deputy Director who reports to the SID Director The BR FISA Authority Lead's responsibilities include 40 U fFOUO As of28 March 2014 BR Order 1467 the FISC no longer required OGC and DoJ NSD to conduct periodic reviews ofRAS approved selection terms The government sought this change as a result of the President's directive of 17 January 2014 that NSA submit selection terms to the FISC for RAS approval TOP SECRET HSI NOFOR N 48 DOCID 4273474 TOP SECRET f Sf N OFOR N ST 140002 • U iFOUO Chairing weekly BMD meeting • U f OUO Ensuring appropriate program direction and proper program functioning • U FOU O Signing NSA's declarations to the FISC during renewal and • U FOUO Ensuring that the BR authority is used as described in the BR Order U FOUO Weekly BMD meetings are held to discuss BR FISA program activities to ensure compliance with the BR Order They include representatives fi om OGC ODOC TV SV GTO DIAs TD CountertetTorism Production Center S2I OIG and other organizations involved in the BR FISA program Agendas and notes are maintained for each meeting U iFOUO Authorities Int egra tion Gr o up AIG reports directly to the Deputy DIRNSA The AIG works directly with SID and Information Assurance Directorate authority leads includiog the BR FISA Authority Lead and holds weekly meetings with the authority leads and corporate process leads e g TD OD OC OGC U 'fOlJOj The AIG focuses on the activities for each authority both internal and external to ensure that they are coordinated and integrated across NSA The AIG acts as a forcing function within NSA facilitating discussion among the Directorates to promote a better understanding ofhow decisions affect the various authorities The AIG updates the Deputy DIRNSA quarterly on each authority U ODO C In 2009 NSA created the position ofDirector of Compliance to improve the Agency's ability to keep NSA's activities consistent with the laws policies and procedures designed to protect USP privacy during SIGINT and information assurance missions ODOC has specific functions with the BR FISA program outlined in the Order The Assistant Director for Special Compliance Activities is ODOC 's representative to the BR FISA program Some ofODOC's responsibilities include • U Involvement in all decisions related to the program • U Participating in weekly BMD meetings • U Updating BR FISA program training material • U Participating in quarterly compliance meetings with DoJ NSD and • U Leading the verification of accuracy VoA process U fO UO The BR FISA program has been designated a special compliance activity SCA since 2009 that is an NSA mission activity determined to require additional tailored compliance safeguards to ensure the protection ofUS P privacy When an activity is identified as an SCA ODO C becomes active in all aspects of implementing the SCA until it is determined that it is sufficiently underpinned by the Comprehensive Mission Compliance Program and significant risks have been TOP SBCRET h'SI NOFOR t ' 49 DOCID 4273474 'fOP S CRE'ff 91 NOFORN ST140002 mitigated The Comprehensive Mission Compliance Program provides a framework and strategy to organize govern and resource compliance activities across NSA • U fOUO NSA's external overseers e g DoJ NSD FISC Congress have a heightened sensitivity about an activity or the means by which NSA is executing an activity • U f'OUO NSA' s legal policy compliance or oversight elements determine that an activity requires attention to understand the application of compliance measures and potential risks or • U f OUO NSA identifies an activity or process that may be out of sync with oversight and compliance regulations and policies thus making NSA vulnerable to compliance incidents U fFOUO Recognizing the critical importance of the completeness and accuracy of documentation filed with external entities ODOC developed linebyline accuracy procedures known as VoA These procedures provide greater assurance that the representations NSA made to external overseers are accurate and based on a shared understanding among operational technical legal policy and compliance officials NSA uses the VoA process during the application process to the Court when requesting renewal ofthe BR Order U fFOUO OGC has specific functions with the BR FISA program outlined in the Order One requirement is that the OGC consult with DoJ NSD on all significant opinions that relate to the interpretation scope or implementation of the authority The lead OGC BR attorney assigned from January 2013 to September 2014 stated that OGC consults with DoJ NSD on all significant opinjons OGC saves all cotTespondence discussing significant legal opinions with DoJ NSD in an access controlled network folder U fFOUO f In 2013 NSA OGC met with DoJ NSD at least once during each BR authotization period to review a sample of the justifications for RAS approvals for selection terms used to quety BR metadata However as of 28 March 2014 BR Order 1467 the FISC no longer required OGC and DoJ NSD to conduct petiodic reviews of RAS approved selection terms The government sought this change as a result of a January 2014 presidential directive under which NSA began submitting selection terms to the FISC for RAS approval U f'OUO In addition to the OGC's oversight requirements listed in the Order the OGC defined its BR FISA pro gram responsibilities as • U f'OUO Addressing all legal questions fi∙om BR FISA program stakeholders • U ffOUO Coordinating all interaction with DoJ NSD 'fOP SECRBTHSI NOFORN 50 DOCID 4273474 TOP SECttET Sf NOfORN ST 140002 • U f'OUO Coordinating the ftling of30da y reports and renewal documents • U f'OUOj Leading quarterly compliance reviews with • U FOUO Performing First Amendment reviews for USP RAS approval before 17 January 2014 • U f OUO Coordinating RAS requests and submitting them to DoJ NSD for approval by the FISC on and after 17 January 2014 and · · · · · tSI W - Approv - ing- · t V -addi - tions DoJ NSD ofl _ _______ __ l to U FOUO SV implements the SIGINT compliance program across NSA particularly withjn SID enabling the SIGINT mission to operate in compliance with laws policies and other guidance SV provides guidance across the global SIGJNT enterprise manages compliance incidents mom tors compliance in high risk areas resolves problems and verifies compliance through site visits audits and managing the SIGINT Intelligence Oversight Officer program 1 TSNS1 4 t SV performs two main oversight functions for the '6 l1 ∙ BR FISA program b 3 P L 86 36∙ manaaina access b veri ing training requirements semiweekly for persons who have the redential and for persons included in the FISABR user and 2 auditing all BR que1ies performed using query tools by gro p in compliance with the requirements of the BR ∙uiission and techmcal personnel to vetify Order SV's process for verifying training and managing access can be found in the ∙∙∙∙•∙∙∙∙∙ b 3 P L 8636 Access and Training section 'T'Sh'Sf NF As the BR Order requires whenever BR metadata is accessed for foreign intelligence analysis or accessed using foreign inteJligence analysis query tools an auditable record of activity is generated Although not required by the BR Order NSA audits all query records SV verifies that only authorized personnel with the required credentials queried BR metadata selection terms used to query BR metadata for intelligence analysis were RAS approved at the time of the query and queries for intelligence analysis remained within the authorized number ofhops fi om RAS approved seeds as the BR Order requires For the last two checks SV verifies manually that the EAR software system controls are working as intended SV stated that it bas never found an instance of the EAR l b 3 P L l allowing anoncompliant query to complete In 2013 audited au l BR query records for that year sv I b 1 b 3 P L 8636 U Additional SV responsibilities incl ude • U Ensuring that SID incident reports are entered tim ly into NSA' s corporate incident reporting database • U Assisting in the development of oversight and compliance courses ' • TSh'SIN W Providing BR query statistics and l monthly metrics reports provided to SID leadersbjp TOP SECR£THSI 51 r OFOR ' lcredentialing data for DOCID 4273474 TOP SECRETf Sf NOFORN ST140002 • UIJ'FOUO Maintaining the content and access to the SV BR SharePoint site for st01ing BR FlSA program documentation • U fFOUO Performing VoA for statements assigned to SV in the BR Declarations and • lf tWl Approving witi L · l l ' 'ons o _ ' bi I U fFOUO In 2013 SV also assisted DoJ NSD in its periodic review of -P L approved selection terms used for querying BR metadata SV provided DoJ NSD with RAS justifications and supporting documentation for each review As previously mentioned in the OGC Oversight section the periodic reviews ofRAS approved selection terms were discontinued pursuant to BR Order 1467 28 March 2014 86 36 U fOUGj TV is responsible for identifying assessing tracking and mitigating compliance risks including USP privacy concerns in NSA mission systems across the extended enterprise including systems that hold BR metadata TV manages the system compliance certification process continuous compliance monjtoring and technical compliance incident management and conducts training and awareness for technical personnel TV attends the BMD weekly meetings and performs VoAs for areas assigned to it in the BR Declarations U FOUO OIG conducts audits special studies inspections investigations and other reviews ofprograms and operations ofNSA and its affiliates OIG oversight includes • UNFOUO Performing audits and special studies of the BR FISA program • U fOU O Meeting with DoJ NSD at least once during each BR authotization petiod to discuss oversight responsibilities NSA' s compliance with the BR Order the status ofOIG reviews and important developments affecting the BR FISA program notes from these meeting are documented in b ∙∙ 3 P I 86 3 1 I • U f FOUO Receiving notification of incident reports for all NSA authorities including BR FISA saved in the Agency 's corporate io cident reporting database • U FOUO Reviewing Congressional Notifications and notices filed with the FISC of incidents of non compliance with the BR Order • U fOUO Preparing Intelligence Oversight Quarterly Reports in coordination with the DIRNSA and OGC that summarize compliance incidents for all authoriti es occurring during quarterly review periods and forwarding the reports to the President 's Intelligence Oversight Board through TOP SECRETHSI 52 r OFOR r DOCID 4273474 'fOP SECKE'f Sf INOfi'OftN ST 140002 the Assistant to the Secretary of Defense for Intelligence Oversight ATSD IO 41 • U fFOU01 Performing IO reviews during OIG inspections ofjoint and field sites • U fOU01 Attending weekly BMD meetings for situational awareness • U f OUO Maintaining the OIG Hotline and responding to complaints of violations of law rule or regulation the OIG also investigates allegations of SIGINT misuse by NSA affiliates operating under the DIRNSA SIGINT authority and • U FOUO Reporting immediately to the ATSD IO a development or circumstance involving an intelligence activity or intelligence personnel that could impugn tbe reputation or integrity of the IC or otherwise call into question the propriety of an intell igence activity UNfOUO The OIG reviews management controls maintains awareness of compliance incidents and stays informed of changes affecting NSA authorities including BR FISA OIG reviews of the BR FISA program allow it to independently assess compliance with the BR Order Since 24 May 2006 the date the 01iginal BR Order was signed the OIG bas completed five BR FISA program reviews Table 22 summarizes OIG reviews oftbe program U Table 22 OIG Reviews of the BR FISA program U fFe le7 Date n lssuiHill I 9 C I o · Assessment of Management Controls for Implementing the FISC Order Telephony BR ST060018 Reviewed collection processing analysis dissemination and oversight controls NSA Controls for FISC BR Orders ST 100004 Reviewed querying and dissemination controls summarized pilot test results for January through March 2010 05 25 11 Audit of NSA Controls to Comply with the FISC Order Regarding BR ST 1 00004L Reviewed querying and dissemination controls summarized the monthly test results for 2010 10 20 11 Audit of NSA Controls to Comply with the FISC Order Regarding BR Retention ST 110011 Verified ageoff of BR FISA metadata in 20 11 to maintain compliance with the 60 month retention requirement of the BR Order 08 01 12 NSA Controls to Comply with the FISC Order Regarding BR Collection ST120003 Reviewed collection and sampling controls for ensuring that NSA receives only the BR FISA metadata authorized by the BR Order 09 05 06 05 12 10 This report summarized monthly test results of the BR querying and dissemination controls during 2010 U U Fe let 41 U I'FOUO In 2014 the ATSD IO was changed to the Office ofthe Senior DoD Intelligence Oversight Official 'fOP SECifB'fh'SI NOFORN 53 DOCID 4273474 fOP SECREl'I 81 INOFOR N ST140002 U External oversight U DoJ NSD is the liaison between NSA and the FISC for the BR FISA program DoJ NSD oversight includes the following • U Coordinating 90day renewal applications • U fOUO Providing guidance to NSA OGC on all signjficant legal opinions relating to the interpretation scope and implementation of the BR authority • U fOUO Reviewing NSA briefings and training transcripts to ensure that they accurately describe the requirements of the BR Order before NSA incorporates material into its training program e g OVSCJ 205 OVSCJ 206 • U FOUO Meeting with NSA's OIG at least once during each BR authorization petiod to discuss oversight responsibilities and NSA compliance with the BR Order Proposed initiatives and other important developments affecting the BR FISA program are discussed with the OIG • U Meeting with NSA' s OGC ODOC and other NSA stakeholders at least once during BR authorization periods to assess compliance DoJ NSD meets with OGC ODOC and the BR FISA Authority Lead to review the Quarterly Compliance Report that summarizes the results of weekly tests NSA performed to ensure that NSA is receiving only auth01ized data DoJ NSD submits summaries of these meetings in writing to the FISC as part of applications to renew the authority TSHSli NT' In 2013 DoJ NSD met with NSA OGC and SV at least once each BR authorization period to review a sample of the justifications for RAS approvals for selection terms used to query BR metadata For RAS selection terms approved in 2013 DoJ NSD sampled 100 percent of the USP RAS selection terms and 20 percent of the foreign RAS selection terms As mentioned in the OGC Oversight section DoJ NSD and OGC's periodic reviews ofRAS selection terms were discontinued pursuant to BR Order 1467 dated 28 March 2014 NSA now submits selection terms to the FISC for RAS approval to comply with the President's January 2014 directive Table 23 summarizes DoJ NSD sampling ofRAS selection terms approved in 2013 6 b g · i a 6 36 TS f l t4FJ U FOI IO Table 23 DoJ NSD Sample of RAS Selection Terms Approved in 2013 20'% ∙ • U Estimate calculated using DoJ NSD sampling methodology sample 20 percent of foreign selection terms for review t U Data includes RAS selection terms that may have been approved more than once in 2013 TSHSI If4F fOP SECiffil'h'SI INOFORH 54 DOCID 4273474 T l' S£Ctt1'1T SI N f 0lt N ST 140002 OD NI representatives attend DoJ NSD meetings with NSA's OGC ODOC and the BR FISA Authority Lead to review the Quarterly Compliance Report Although ODNI does not have a formal role described in the BR Order it participates in its general role as an overseer of IC activities U O U O G'fREL TO USA f Vg¥ FI SC is the approving authority for all renewals amendments reinstatements of the BR authority and starting in February 2014 RAS for selection terms NSA submitted The FISC approves the BR P1immy Orders that authorize NSA to acquire bulk BR FISA metadata and the BR Secondary Orders that compel providers to provide daily bulk BR FISA metadata to NSA for the duration of the Order The FISC performs oversight by receiving filings ofRule 13 a Notices Correction ofMaterial Facts and Rule 13 b Notices Disclosure ofNonCompliance by DoJ NSD on behalf ofNSA The FISC also reviews the 90day renewal applications and 30day reports that NSA files The 30day reports document NSA application ofthe RAS standard no longer applies after March 2014 NSA's implementation and operation oftbe automated query process no longer applies after March 2014NSA never implemented the process and withdrew its request to do so NSA's description of significant changes in the way in which the BR metadata is received from providers and significant changes to the controls NSA has in place to receive store process and disseminate BR metadata and the numb er of instances since the preceding report that NSA disseminated in any form USP information outside NSA The 30day reports also include NSA's attestation that the CT nexus was completed and disseminations were approved by a designating approving authority before disseminating USP information de1ived from BRunique metadata U Table 24 summarizes the provisions of BR Order 13 J 58 for oversight and the controls implemented by NSA to maintain compliance U Table 24 Oversight Provisions and Controls U I'fet10t Provision II Control NSA's OGC and ODOC will ensure that personnel with query access to BR metadata receive appropriate and adequate training and guidance regarding the procedures and restrictions for collection storage analysis dissemination and retention of the BR metadata and the results of queries of the BR metadata NSA's OGC and ODOC will ensure that all NSA personnel who receive query results in any form first receive appropriate and adequate training and guidance regarding the procedures and restrictions for the handling and dissemination of such information II See Table 14 Access and Training Provisions and Controls NSA will maintain records of all such training OGC will provide DoJ NSD copies of all formal briefing and training materials including all revisions used to train NSA personnel concerning the authority 'fOP 8ECRE'f h'SI t 'OFOR N 55 DOCID 4273474 TOP SECRETh'SI INOfi'OftN ST140002 NSA's ODOC will monitor implementation and use of software and other controls including user authentication services and the logging of auditable information referenced above SV performs 100 percent audits of queries performed using query tools by mission and technical personnel to verify that only authorized personnel who have the required credentials queried BR metadata selection terms used to query BR metadata for intelligence analysis purposes were RAS approved at the time of the query and queries for intelligence analysis purposes remained within the number of authorized hops from RAS approved seeds NSA's OGC will consult with DoJ NSD on all significant opinions that relate to the interpretation scope and or implementation of this authority NSA OGC confirmed that NSA has always consulted with and received advance approval from DoJ NSD and the FISC before implementing significant changes to the BR FISA program NSA OGC saves all correspondence with DoJ NSD in an access controlled network folder At least once during the authorization period NSA's OGC ODOC DoJ NSD and any other appropriate NSA representatives will meet to assess compliance with the Court's orders Included in this meeting will be a review of NSA's monitoring and assessment to ensure that only approved metadata is acquired The results of this meeting will be reduced to writing and submitted to the Court as part of any application to renew or reinstate the authority DoJ NSD meets with OGC ODOC and the BR Lead to review the Quarterly Compliance Report which summarizes the results of weekly tests performed by NSA to ensure that it is receiving only the BR metadata authorized by the Order DoJ NSD submits summaries of these meetings in writing to the FISC as part of the applications to renew the authority At least once during the authorization period DoJ NSD will meet with the NSA's OIG to discuss their respective oversight responsibilities and assess NSA's compliance with the Court's orders NSA OIG meets with DoJ NSD at least onpe during BR authorization periods to discuss∙ oversight responsibilities and NSA's compli nce with the requirements of the Order Notes from I these meeting are documented in I At least once during the authorization period NSA's OGC and DoJ NSD will review a sample of the justifications for RAS approvals for selection terms used to query the BR metadata In 2013 NSA OGC and SV met with DoJ NSD at least once during BR authorization periods and review a sample of the justifications for RAS approvals for selection terms used to query the BR metadata • 3 -P l • As of 28 March 2014 BR Order 1467 the FISC no longer required OGC and DoJ NSD to conduct periodic reviews of RAS approved selection terms The government sought this change as a result of the President's January 2014 directive under which NSA began submitting selection terms to the FISC for RAS approval U ff'Ot10j U BR FISA Program Incidents of Non Compliance UNFOUQ1 FISC Rules ofProcedure require that NSA report con∙ections ofmaterial facts and disclosures of noncompliance with FISC Orde rs NSA also must determine whether Congressional notifications are required Our review focused on the process for identifying and reporting incidents of non compliance the incidents reported in 2013 to the Court and other external overseers and the controls NSA has instituted to mitigate recutTence of compliance incidents TOP SBCRETHSI i'IOFOR 56 8636 DOCID 4273474 TOP SEiCR£TH81 I t OFOR N ST 140002 U FISC Rules of Procedure U The FISC Rules of Procedure 1 November 2010 adopted pursuant to 50 U S C § 1803 g govern FISC proceedings Rule 13 Correction ofMisslatement or Omission Disclosure of NonCompliance is the procedure that NSA follows when notifying the Court through D oJ NSD of BR FlSA misstatements and compliance incidents U Rule l 3 a Correction of Material Fac ts 1 f the government discovers that a submission to the Court contained a misstatement or omission of material fact the government must immediately in writing inform the Judge to whom the submission was made of 1 U the misstatement or omission 2 U necessary corrections 3 U the facts and circumstances relevant to the misstatement or omission 4 U modifications the government bas made or proposes to make in how it will implement any authority or approval granted by the Court and 5 U bow the government proposes to dispose of or treat information obtained as a result of the misstatement or omission U Rule 1 3 b Disclos ure of Non Compliance Ifthe government discovers that any authority or approval granted by the Court bas been implemented in a manner that did not comply with tbe Court's authorization or approval or with applicable law the government must immediately in writing Ulform the Judge to whom the submission was made of 1 U the noncompliance 2 U tbe facts and circumstances relevant to the noncompliance 3 U modifications the government bas made or proposes to make in how it will implement any authority or approval granted by the Court and 4 U how the government proposes to dispose of or treat information obtained as a result of the noncompliance U Identifying and Reporting Incidents of Non- Compliance U Identifying incidents of noncompliance U q 'OU01 NSA typically discovers incidents of noncompliance with the BR Order during its operation of the BR FISA program Because of the program' s sensitivity suspected anomalies are reported out of an abundance of caution Training a pillar of the compliance framework provides a heightened sense of awareness for personnel to identify potenti al violations of the BR Order A second pillar monitoring and assessment includes manual and technical controls to detect abnormalities A weekly BMD meeting attended by BR FISA program stakeholders provides a forum for addressing potential problems U f' OUO When a possible incident is discovered it is communicated to the BR FISA Authority Lead O GC ODO C SV and if appropriate TV and S2 BR FISA program stakeholders meet to discuss the facts and determine with O GC's concurrence whether a potential violation of the Order bas occurred If OGC believes an incid ent has or may have occurred even if all tbe facts have not been TOP S E CRBT H SI N 57 OFOR ' DOCID 4273474 TOP S'gC RET h' SI I O F OR N ST140002 gathered preliminary notification to DoJ NSD is made shortly after notice to the DIRNSA other NSA leadership BR FISA program stakeholders and OIG Upon receiving initial notification from OGC DoJ NSD starts drafting a preliminary notification to the Court U F000 7 Once the facts have been gathered and OGC has made an initial determination that a violation of the BR Order has occurred OGC finalizes a notification ofnoncompliance and forwards it to DoJ NSD which makes the final determination as to whether there has been an incident of non compliance that must be reported to the FISC IfDo J NSD determines that an incident has occurred it prepares a draft notification to the Court coordinates the notification with NSA finalizes the draft and files the notification with the Court U f'OUO DoJ NSD often files a preliminary notification with the Court and if needed will follow up later with additional notifications In some cases the preliminary notification of an incident serves as the fmal notice More than one notice to the Court to address an incident is typically required when at the time of the preliminary notification • U F OUO NSA does not have all the facts the Court needs to fully understand or address the incident or • U f'OUO Remedial followon action may be needed U i 'OUO For the four incidents ofnoncompliance first reported to the Court in 2013 two required additional information therefore final notices were filed separately One of the incidents included a notice of material misstatement because NSA h ad previously filed a declaration to the Court that contained inaccurate information U Congressional notifications U FOUO In addition to the requirement to notify the FISC DIRNSA has a statutory obligation to keep the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence fully and currently informed of all significant intelligence activities 42 NSA resolves doubts about notification in favor of notification In addition to notifying Congress and the Director ofNational Intelligence DNl DIRNSA must notify the Undersecretary of Defense for Intelligence USD l and other USD I staff as USD I guidance directs For all BR FISA incidents of non compliance reported by Congressional notifications to the intelligence committees NSA also notifies the Senate and House Committees on the Judiciary U f'OUO NSA's Legislative Affairs Office LAO manages NSA 's liaison with the Congress and DNI DoD the IC and other U S government departments and agencies regarding matters of concern to the Congress LAO is NSA's focal point for 42 U See 50 U S C §3091 as implemented by Intelligence Community Directive 112 Congressional Notification 16 November 2011 TOP SBCRBTHSI NOFORN 58 DOCID 4273474 'fOP SECRE'fHSI NOFORN ST 140002 Congressional inquiries correspondence questions for the record and RFis directed to NSA U FOUO NSA Policy 133 Relations with the Congress 22 July 2005 provides guidelines for identifying matters that OGC and LAO must consider reporting to the Congressional intelligence committees under 50 U S C §§3091 and 3092 The guidelines do not constitute a comprehensive list of what must be reported Compliance incidents are assessed under a general guideline to consider for reporting matters that the intellig ence committees have expressed a continuing interest in or which otherwise qualify as significant intelligence activities or failures UHFOU01 NSA works to keep Congressional intelligence committees fully and currently informed about the Agency's activities more than what is required under the guidelines outlined in NSA CSS Policy 133 U ffOUO OGC 's analysis ofthe incidents ofnoncompliance that occurred in the BR FISA program in 2013 resulted in three of the four incidents reported as Congressional notification s U 2013 Incidents of Non-Compliance U FOUO In 2013 NSA reported four incidents of noncompliance to the Court The following are NSA's reports oftbe incidents and the actions NSA took to mitigate recurrence T S H Stil h tilJN o I t ic e o f C o mup li an c e I 1 ∙ ∙ -9 · enrut J ∙ - r - - b 3 P L 86 ∙ ∙∙∙∙∙∙∙∙ I PSJS'ShS'NF l a fNSA · l st conducted a que1y of the BR metadata with a RAS approved US person selection term the US erson is current sub ∙eel to Courtauthorized electronic surveillance∙ e j T q- t- te -ry - -y ie · e · _ n_e _w_ i e- n t ijz e -rs _ e · ie -ve_ d ' ' ' 1 ∙ '6 1f · · · · ' z · i si ed bjFthe s afffrrU S piirson∙ as ∙rh'e selectionterm The∙ analyst then ∙s ent∙thoseD tasking to an email alias that included NSA b 3 P L 86 36 · U S perso'fl identifiers fo r fi trther persoiirie who hgd not completectih er quired BR me tarjqta training to receive que1y results containing U S per son JI1 ormation The analyst also enleh zi · the c J dentiflers into certain analytic and tasking toohrto w h tq_ NSA personnel without the required BR metadata training have access ∙ TS S'ShS'NF The same day the analyst 's NSA supervisor realiz d thclt lhe0 been shared within NSA with analysts who had not received U S person identifiers had the training required to receive them The supervisor took steps to immediately detask the identifiers delete them from the analytic tools and recall the email message processes which had been successfully completed on or about March 22 2013 The analytic and tasking tools had returned no collection or results and afollowup email was sent to all addresses on the email alias instructing that anyone without the required training should destroy all copies of the original email sent to the alias notification was required for this TOP SBCRETJ SI OFORN 59 -36 DOCID 4273474 TOP SEC RET Sf NOf OftN ∙•∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ b 1 b 3 P L 8636 • •• TS SIHUf Controls put in place to mitigate recurrence The BR Order requires that results of queries ofBR metadata may be shared among NSA analysts for intelligence analysis before minimization subject to the requirement that all NSA personnel who receive query results in any form first rece ive appropriate and adequate training and guidance regarding the procedures and restrictions for handling and disseminating such information Analysts who run queries and obtain results on BR metadata receive annual OVSC 1205 training regarding the rules and restrictions on sharing BR metadata query results Before analysts share BRdetived query results containing USP information they must confrrm that the recipient has the credential to receive BR metadata information Analysts are reminded to vet_i_f Y s pie n C s creden tials To help ∙mitigate recurrence the analyst's supervisor reiterated to the analyst the requirements for sharing BR metadata query results and the portions of the OVCS1205 training related to sharing I ∙∙∙∙∙∙∙∙∙∙ u ST 140002 I I fT8f Sb' Hf ∙∙Noticeo∙f Gompliancelncidend -----------------' b 3 ' P L 8 6 f NSA technical personnel discovered that NSA had inadvertently retained files containing call detail records that were more than five b J p L - 86 36 ears o d Sper Jf c_ally these call detail records which had been produced pursuant to ∙ the Court's Primmji 'Odlers I I These call detail ∙∙ r∙ecm∙ds _were among those used in connection with a migration of call detail records to a ∙∙∙∙ See Declaration Docket Number BR ∙∙∙ new sysie1n ∙∙ Jl57 at 13 n 8 describing migration o frecords to a replacement system The call Ctetqil records could be accessed or used by only technical personnel who had received app1 0 p r ate and adequate training to access call del ail records '5 t1 - ' T$ J J P I l I ToW8 hWFJI NSA technical personnel destroyed the call detail records used in the migration of records that had been inadvertently retained past the retention limit of five years As a result of the destruction NSA is unable to provide an estimate regarding the volume of data destroyed For recovery backup purposes NSA has retained those call detail records used in the migration of records that did not exceed the retention limit and will use those records in accordance with the requirements of the Court's Prima1y Orders TS Sl HF On 7 May 2013 NSA submitted a Congressional notification ofthe compliance incident to the House Permanent Select Committee on Intelligence the Senate Select Committee on Intelligence and the House and Senate Committees on the Judiciary Copies were also provided to Congressional affairs offices at the ODN1 USD I and D ol On 7 May 2013 the NSA OIG notified the ATSD IO of the incident and Congressional notification TSHSI iNT' Controls put in place to mi tigate recurrence In response to this ∙ _ ipcident technical personnel developed a script that searches for ingest and backup file∙s inl servers containing BR metadata older than four years 11 months Before the preservation order if such files were identified the script would send automated reminders weekly for three weeks and then daily until the files had been 'b 3 P l 8636 I TOP SBC RE THS I r OFOR 60 l'l DOCID 4273474 ST 140002 'fOP S CRE'f 91 N O P OR N manually deleted 43 No files matching the criteria have been identified since the il l3 Pi 6 3s · $ C t Ip _ rwas · ∙developed Before ∙ the∙ preservation order thel I database which from ∙lhe l ∙∙ ∙ ∙ ∙ ingest∙s files I servers automatically deleted files before they ∙ ∙∙ ∙ ∙∙∙ r · acbed the fiyeyear mark NSA maintains location resttictions for machjnes and directories that hold BR-m _t data files ∙∙∙∙∙∙∙ TSHSIHNF Notice of Compliance I - idents · · '-------------------------------------------- FS S%WNf9 r l j ni n ar-y NSA informed the NSD·'s Office of Intelligence OJ that in the course of reviewing its formal reporting to f B l f a cl__q q _ p Z ' t nt i ing 6 1 ∙ ∙ ' he F SC it hadjrf e t fi ff t CJ_ S p rso information that b 3 P · _ 8636 zt had notre or ted m th1r da re orts to t71e Court These dissemmatzons∙l I ∙ ∙∙ ∙ For each BR ∙∙∙∙∙ metadata product an authorized official made the required CT determination prior to ∙ ∙d4_semination NSA and OJ continue to investigate the facts and circumstances con cern ing this matter and the DoJ will provide a thorough explanation of this matter to the Cow∙i ∙∙ b 3 P L 8636 -l T 8' S ' ' 8 1 S 'i W J F i n a l · J 9 omplianc ______ f' na n o tice o I I · Incidents af fi led with the Court The notice -- -- -- ---r-- -- indicated that the 4 §§ 1JJ inati ons in total were not included in the thirlyday ' ' ' ''' rrrpo ns beciiziS7Lciuhe time the incidents occurred∙l I NSA relied on a b 1t ' single individual to keep reports of disseminations that occurred during each reporting b 3 P L 8636 'jje'fiod andJQ provide information about those disseminations for inclusion in the thirty day reports inciaiii mently t b disseminations described above were not recorded and as result information about them w iS notinclu d q in the thirtvdav reports Currently as discussed in a notice in this matter filed wilh the Courd I NSA 's Information Sharing Services ISS office maintains records of the CT determinations for each disseminated BR metada ta product containing U S person information NSA 's ISS now also verifies the accuracy of statements regarding disseminations that are included in each thirty day report by confirming that its records reflect the number of disseminations described in each report T S f SM W Along with the final notice a supplemental report to the Court provided additional details and NSA 's attestation that before dissemination the USP information was determined to be related to CT information and necessary to understand the CT information or to assess its importance TS SI Hf On 20 September 2013 NSA subwtted a Congressional notification of the compliance incident to the House Permanent Select Committee on Intelligence the Senate Select Committee on Intelligence and the House and Senate Committees on the Judiciary Copies were also provided to the Congressional affairs offices at ODN1 USD I and Dol On 12 September 2013 the NSA OIG notified the ATSD IO about the incident and pending Congressional notification 43 U ffeY On 21 March 2014 the U S District Court for U1e Northern District of California issued a preservation order against the destruction ofBR metadata TOP SECifB'f SI NOf OltN 61 DOCID 4273474 'fOP SECKE'f Sf NOPORN ST14 0002 Controls put in place to mitigate recurrence In response to this incid _ut l I NSA issued the BR FISA Repor ting Process SOP that documents external reporting requirements and organizational responsibilities ∙∙∙∙∙∙∙∙∙∙∙∙ and defin es a standardized repeatable process for tbe creation coordination and ∙ release of mandatory FISC reports for the BR FISA program The SOP states that as ∙∙∙∙ b _ 3J P L 86 -a 6 ∙part o f incide n L r mediation the BR program committed to refine the manual report ∙ to help automate accounting ofBR process and create a ∙softW'ate∙rool j ∙∙ ∙∙∙ EJ SA disseminations TSI Slh' W I • • • ∙∙ ∙∙ I U FOUb j NSA's corporate dissemination tracking tool was implemented in Dece mber 2013 Before this disseminations were tracked manually Since then all disseminated reports detived fi∙om BR metatada have been tracked in ∙ ∙1 I I NSA notified the NSD 's OJ th a l±Cl ' •m ro• Preliminary∙ I t----- --- 1 NSA recei v Ji lcalT'deiailrecords for t esttifi vurvoses 1 · ' ' 'b 1 b 3 -P b 8 - 6 • ∙∙∙∙ ∙ I I ∙∙∙∙∙∙∙ ∙ ∙∙ l'a San1i · j ∙•∙∙∙∙∙ ∙∙∙∙∙∙ ∙∙ ∙∙∙∙∙∙∙∙ - o i f - Wf'l A b 3 b -50 P L ∙ lcal ∙detailrecords I I Prior to dele red frill its de s tJ uctiO'n the I I was stored at all times on servers accessible only to technical personnel and was not available for intelligence analysis USC 024 i ∙∙ ∙∙∙∙ NSA and Of continue to investigate the facts and circumstances concerning this matter andJhe DoJ will provide a thorough explanation ofthe matter to the Court upon compl'etiO JJ of the investigation '- 8636 ∙∙ 17' m Fioa H fncident ∙l Qj Comp lia nae I znal_flf ti C ∙∙ t f wa_ j Jed'Wi fffllie - et a i 1 'reco rd's∙l '''' '''''''' ' ' ' 1rl 1Ca 71 · ·d b 1 b 3 P L 8636 C ii f L NSA identified tn the samJJle 1 L L L ' ' b 3 P L 8E I On 17 December 2013 NSA submitted a Congressional notification of the compliance incident to the House Permanent Select Committee on Intelligence Senate Select Committ ee on Intelligence and the House and Senate Committees on the Judiciary Copies were also provided to the Congressional affairs offices at the ODNI and USD I On 2 December 2013 the NSA OIG notified the ATSD IO of the incident and pending Congressional notification TS SI £ W TOP SECR e'fh'SIHNOift ltN 62 DOCID 4273474 ST 140002 TOP SECRET f Sf NOFOR N 'fS SliYNfi' Controls put in place to mitigate recurrence NSA filed a Notice of Material Misstatement because in a previous declaration to the Court NSA stated that it bad e p S LJ9 X J c iye s amp1el j records∙l t d h N l 'd ers t a b t lt d'd I S A h d 'fi ∙∙∙ 1∙ a notl 1e d tt1e prov1 10r estmg an t at 1 not want I I b ' ' ' ' ' '' · · b l R CS I inform tion NSAwas nor rb leto ·verify As way 1t performs the VoA on the b 3 -50 ' l J c · 3 f 1 i n illlplementmg control NSA modrfied the ∙∙∙∙∙ d e clar a ion to the Court so that all organizations associated with the BR FISA p o · gr paltiC ip t e in the VoA process and review the entire document The BR Ldtd jpit ated quarterly meetings with stakeholders to compare the HS A Autlio∙rity pre i' ou flnal B i tOr d lth th e J W declaration to identify changes and ensure that the new dec ration is review_ d fO'r iccuracy Since the incident NSA has not received sauipiel recorasl ∙ I I dis ·s ·s-e d ∙J iAs t t th - ' - TS Sl Uf As in the Sampling section l feed daily and weekly to verify that it does not contain CSLI data The PIAs r identified no CSLI data since thel feed became operati oiirul L __ _ I U f OOO The four incidents of noncompliance were inc1uded in NSA's first third and fourth quarters 2013 Report to the intelligence Oversight Board on NSA Activities U f OUO For a list oft he incidents ofnoncompliance from 2010 through 2012 see Appendix B U NSA Use of the BR FISA Authority U f OU t Although no formal process has been implemented to assess the effectiveness of the BR FISA authority NSA asserts that the authority has made valuable contributions to the CT intelligence mission and that it plays an important role for NSA intelligence analysts tasked with identifying potential ten∙orist threats to the U S homeland and U S interests abroad U Methods Used to Assess Effectiveness U NSA's BR FISA program was developed to assist the U S government in detecting communications between known or suspected terrorists operating outside the United States and others inside the United States as well as communications among operatives within the United States The 9 11 Commission identified that detecting and linking such communications as a critical intelligence gap i11 the aftermath of the attacks on 11 September 2001 TS Sl Hf Based on requests from the Senate Select Committee on Intelligence to determine the value of the program NSA and FBI personnel developed in February 2014 the BR FISA Bulk Metadata NSA FBI Process for FBI Feedback plan that describes NSA's responsibility to deliver to the FBI spreadsheets with BR information and the FBI's responsibility to summarize use for NSA The plan called I to categotize selection terms in the BR FISA for FBl's l b 1 report as follows b 3 P L 8636 H SI r OFOR N 'fOP S'ECRET 63 DOCID 4273474 TOP i CR-ET h' SI IN OFOR N ST 140002 • U i'FOUO Not ofinterestselection term is technically flawed or the characteristics make it worthless for research • U lf OUO Known to the FBIFBI is aware ofthe selection term independently • U FOUO Known to the FBI with additional informationF BI is aware of the selection term independently but NSA reporting provides amplifying information to aid FBI investigations • U 'FOUO Unknown to the FBIthe FBI was not aware of the selection term T SHSfh' W ∙∙∙∙∙ ' b 1 '' b 3 ∙∙∙∙∙∙∙∙ offices∙ UnderJlle plan 1 would send BRunique leads to FBI field P L 6-36 ∙∙∙∙∙∙ I U ¥0 U021 b 3 P L 8636 U ¥000 BR FISA program leadership recognizes that there is no process to track program effectiveness They agreed on the need to track effectiveness but were unable to determine how to do so Feedback is difficult to obtain One former BR FISA program leader asked How do you assess the effectiveness of an authority when we don't get feedback from the customer Another limitation on NSA 's abilit to determine the effectiveness of the BR FISA program T g f g l W ∙∙∙∙∙∙ '6 1 ∙∙∙∙∙∙ b 3 P L 86 3 6 ' TOP SECRBTHSI I t rOFOR t r 64 DOCID 4273474 TOP SEiCRETI Sf fNOFORN ST 140002 U Table 25 Selection Terms in Approved Status as of 31 December 2013 by Target Office of Primary Interest b 1 b 3 -P L 86 -3 Ti iL' tJF 6 ' 3FP L s 3 ·- · - -· - U r O U01 1 INSA tmplemented the BR ∙∙∙∙ I FISA Bulk Metadata Monthly Internal Report for SID The report includes • • • U fOU OJ Number of approved RAS selection terms • U f OUO Number ofqueties • U f OUO BMD volume and • U IFOUO Number of personnel by organjzation and work role with program access approved to disseminate USP information and approved as HMCs U Contributions from BR FISA Authority that Support the CT Intelligence Mission U 2013 highlights ffSHSIHHF NSA does not assert that information from the BR FISA program does by itself identify or thwart plots Instead information obtained through the program plays a complementary role within a larger body of intelligence and CT investigations It is impot1ant to note that BR metadata may sometimes be the single source of intelligence However typically acquisition and analysis of BR met adata are designed to fill gaps in information gathered under other collection authorities BR data contributes to By helping close those gaps NSA personnel report that comprehensive efforts to identify and address threats to the homeland The following are highlights from the BR FISA program in 2013 I I • TSh'SII tW I ∙∙∙∙∙∙∙ · ∙∙ I •• 7 ∙∙∙∙∙ TOP SECRETh'SI NOFORN 65 b 1 b 3 P L 8636 b 3 18 usc 798 b 3 50 usc 3024 i DOCID 4273474 TOP SECR£T ISI INOFORN ST140002 ∙ ∙∙∙∙∙∙∙∙ ∙∙∙∙∙ ∙∙∙ ∙∙∙∙∙ ∙∙∙∙ • TSh'SI lW ∙I ∙∙∙∙∙∙∙ 'b 1 ∙∙∙∙∙ b 3 P L 86- b JJ 18 usc ∙798 b 3 50 usc 3024 if U On 2 J June 2013 in response to a request from the House Permanent Select Committee on Intelligence after unauthorized public disclosures NSA provided to that committee and the Senate Select Committee on Intelligence the House and Senate Committees on the Judiciary and tbe Defense subcommittees of the House and Senate Appropriations Committees a list of 54 events in which the BR FISA or FAA § 702 authorities or both contributed to the production of SIGINT and to the IC' s understanding of terrorism activities U Analyst Use of the Authority U FOUO NSA senior management believe that the BR FISA program is important to intelligence analysts tasked with identifying potential tetTorist threats to the U S homeland primarily in support of the FBI by enhancing their ability to detect prioritize and track terrorist operatives and their support networks in the United States and abroad By querying BR metadata intelligence analysts are said to • U ¥0UO Detect domestic and foreign selection terms in contact with domestic and foreign selection terms associated with foreign terrorist organizations 3 -P L ∙∙ 'fOP S ECRE'fh'Sff i'IOFORN 66 8636 DOCID 4273474 'fOP S ST 140002 CRE'f h'SI N Of Oft N • UJ q QUOj Discover selection terms with which the foreign and domestic selection terms associated with foreign tetTorist organizations are in contact and • U fFOUO Detect possible terroristrelated communjcations between communicants inside the United States U Identifying threats U IFOU01 NSA has many sources ofinformation that provide indications of potential terrorist activity against the United States and its interests abroad The best analysis typically occurs when analysts evaluate information obtained from all those sources to dissemjnate to the FBI and the IC as complete a picture as possible of potential terrorist threats Although BR metadata is not the sole source of information available to NSA CT personnel it is a component of the information that analysts rely on to execute threat identification and characterization BR metadata can add to the IC's and law enforcement community's understanding and evaluation ofthreat information and the need to take investigative action U Agility U BMD NSA personnel assert enables the Agency to quickly analyze communications and contact chains Unless the data is aggregated it may not be feasible to detect communication chains that cross communication networks and authotities The ability to query accumulated metadata from multiple authotities significantly increases NSA 's ability to rapidly detect persons who are affiliated with foreign terrorist organizations and might otherwise go undetected U Hops U FOUO When NSA performs a contact chainjng query on a terroristassociated selection term analysts are able to detect not only the direct contacts made by that first tier of contacts but also the additional tiers of contacts out to the maximum number ofpermjtted hops from the seed selection term I b 3 P L 8636 provides a more complete picture of those who associate with terrorists or are engaged in teJTorist activities The ability to look at a network beyond the first hop enables analysts to potentially identify the core of a network focusing and prioritizing resources efficiently against threats U Historical data TSf 81 HFj Another advantage that SID leadership ascribes to the BR FISA program is that the BR metadata is historical I 1 j histg_r cal connecti ns_ are critical to ndersta d g newly tdenuhed targets and metadata∙ may __ contam hnks that are umque pomt1J 1g to potential targets of interest that may ot h erwise ' be · mi sed ∙∙∙∙∙∙ ∙∙∙∙∙∙∙ ∙ I ∙∙∙∙∙∙ TOP S E CRBT H SI t 67 OFOR ' ∙∙∙∙∙ b 1 b 3 P L 8636 DOCID 4273474 'fOP SECRE'f 181 INOFOR N ST140002 U Tradecraft U If OUOJ Analysts report that BR metadata analysis enriches their understanding of the communications tradecraft ofterrorist o eratives who rna be conduct attacks aoainst the United States ∙ _ t ' ∙∙ ∙∙∙ ∙∙ ∙∙∙∙∙ b 3 P L 8636 U Complementary U iq OUO The BR FISA program SID leadership asserts complements information that NSA collects by other means increasing the value to the Agency and linking possible terroristrelated telephone communications between communicants based solely inside the United States As a complementary tool to other intelligence authorities the NSA's access to BR metadata increases the likelihood of detecting terrorist cell contacts within the United States The BR FISA program provides NSA the information necessary to perform call chaining that can enable analysts to obtain a much broader understanding of the target and as a result allow NSA to provide to the FBI and the IC a more complete picture of possible terroristrelated activity inside the United States b 3 P L 8636 U Prioritizing U f'OU0 1 The BR FISA program assists with applying limited a lytic and linguistic resources available to the CT mission I lhave the highest probability of connection to terrorist targets Analysis of BR metadata can help analysts prioritize communications of nonUSPs that it acquires under other authorities because such persons are of heightened interest if they are in a communication network with persons in the United States U f'OUO SID leadership asserts that without the ability to obtain and analyze BR metadat a NSA would lose a tool for detecting communication chains that link to selection terms associated with known and suspected terrorist operatives w hich can '3 t- 6 - 36 · 1ead t o Jh i - tification of previously unknown persons of interest The BR FISA ∙∙ _ pr gram allows efficientd ∙ ∙I potential terrorist activities Any other means that might be used to conduct si'milat aualyses would require multiple timeconsuming steps that would ∙∙ frustrate rapid anaiysis∙∙in e Jerging situations and could fail to capture some ∙ information available througii' BR t P etadata If BR metadata is not aooreoated and retained for a time NSA could not d eiect I I U Fotmer DIRNSA General Alexander testified to the Senate Committee on the Judiciary in December 2013 U Measuring the value ofthe BR FfSA authority by the number of plots exposed to date misses the point and presents us with a false choice The BR FISA authority is similar to an insurance policy designed to make sure that the gap exposed after 9 11 doesn't happen again with perhaps even more catastrophic consequences As with an insurance 'fOP S E CR-E'f h' Si f i'I 68 OFOR ' DOCID 4273474 ST 140002 policy on your bouse you don't determine its value by asking bow many times you've collected on the policy to dateyou want to have it for the possible fire or flood or theft in the future Combined with the limitations on the program the potential benefit in allowing us to uncover the bidden terrorist in tbe U S still provides a unique value consistent with the protection ofprivacy rights TOP SECRE'fh'81 NOf OltN 69 DOCID 4273474 'fOP SECKE'f Sf NOP ORN ST 140002 Ill U FAA §702 U Background U The FAA §702 certifications Section 702 ofFAA Procedures for Targeting Certain Persons Outside the United States other than United States Person s states that the Attorney General and the DNI may jointly authorize for the period of up to one year the targeting of persons who are not USPs and who are reasonably believed to be located outside the United States to acquire foreign intelligence information This authotity is granted on the basis of annual certifications made by the Attorney General and the DNI to the FIS - 1 certifications identify categories offoreign intelligence information ∙sought through this acquisition S W ∙ ∙∙∙∙∙ ∙∙∙∙ f H1 · · ti 3 P L 8 36 ∙∙ ∙∙∙∙ '∙∙∙ b 3 50 usc 3024 if The NSA targeting and minimization procedures establish the processes that the Agency must follow and the requirements that it must satisfy to comply with the limits the statute and the Constitution impose on the use ofthis surveillance The ∙ targeting procedures must be reasonably designed to limit acquisition under the ∙1 IF AA §702 certifications to nonUSPs reasonably believed to be located outside the United States to acquire foreign intelligence information and to prevent intentional acquisition of communications in which the sender and all intended recipients are known at the time of acquisition to be in the United States 45 The purpose ofthe minimization procedures is to establish controls over the acquisition retention and dissemination of nonpublicly available USP information 8 W U FOUO In addition to targeting and minimization procedures FAA §702 requires the Attorney General in consultation with the DNl to adopt guidelines to ensure compliance with the limitations in the Act on acquisition of communications These are documented in Guidelines for the Acquisition of Foreign Intelligence Information Pursuant to the Foreign Intelligence Surveillance Act of 1978 Approved by the Attorney General in 2008 the guidelines reinforce the targeting procedures establish 45 U Acquisition is the collection by NSA or the FBI through electronic means of nonpublic communications to which they are not intended parties TOP SECRE'f h'SI NOFOlt N 70 DOCID 4273474 ST 140002 'fOP S CRE'f 91 NOPORN requirements for application ofthe targeting procedures and establish requirements for obtaining court orders U fFOUO The government's FAA §702 certifications targeting procedures and minimization procedures but not the Attorney General Guidelin es require FISC approval The FAA §702 certifications are accompanied by affidavits from the heads of elements of the IC such as the DIRNSA that describe the Agency's basis for assessing that acquisition will be consistent with statutory authorization and limits U Methodology and Scope U f OUO Our review of the FAA §702 control fiamework incidents of non compliance and NSA's use ofthe authority to support its mission was based largely on FAA § 702 stakeholder interviews and reviews of policies procedures and other program documentation The OIG's Special Study Assessment ofManagement Controls Over FAA §702 revised and reissued 29 March 2013 was also used as a resource That study examined the controls designed to ensure compliance with FAA §702 and the targeting and minimization procedures associated with the 2011 certifications Given the time constraints for the current review and the agreement with staff of the Senate Committee on the Judiciary we did not vetify through testing that all controls were operating as desctibed by FAA §702 program stakeholder s 46 U A OUO Our review focused on the processes and controls in place in 2013 Two documents filed annually with each FAA §702 certification delineate NSA's procedures for complying with the FISA Amendments Act of2008 • U A OUO Procedures Used by the National Security Agency for Targeting Non United States Persons Reasonably Believed to be Located Outside the United States to Acquire Foreign Intelligence Information Pursuant to Section 702 of the Foreign Intelligence Surveillance Act of 1978 as Amended FAA §702 Targeting Procedures and • U Minimization Procedures Used by the National Security Agency in Connection with Acquisitions of Foreign intelligence Information Pursuant to Section 702 of the Foreign Intelligence Surveillance Act of 1978 as Amended the FAA §702 Minjmization Procedures U FOUQ1 For calendar year 2013 the petiod under review different versions of these documents were in effect because of changes made at the annual certification renewal and special amendments to the procedures • U Targeting Procedures o 87' 'tff Procedures approved with the 2012 renewal oftbe authority effective 24 September 2012 through 10 September 2013 46 U I H U07 The NSA OIG has conducted several audits and special studies on the effectiveness of certain FAA §702 program controls 'fOP CRE'f SI NOFOR 71 ' DOCID 4273474 TOP SECRETf Sf NOFORN ST140002 o Sh'HF These procedures were not changed for the 2013 certification renewal and remained effective 10 September 2013 through 28 August 2014 • U Minimization Procedures g - - · · ··· o · f84 Procedures approved for the 2012 certification renewal approved by the FISC 24 August 2012 were effective 24 ∙∙∙∙∙∙∙∙∙ PJ mb 'b Hf ∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ L20 12 tbrough 23 September2013 ∙∙ 1 b 3 -P L · 8 -36 b 3 50 usc ∙3024 i ∙∙∙∙∙ · ·· o U FOUO An amended version oftbe 2013 minimization procedures approved 13 November 2013 added special procedures for assessing ∙ ∙∙∙∙∙∙∙∙∙NSA s ∙ahHliy t o use∙collection∙ received ∙when ∙∙NSA 'sl Post tasking checks were not functioning properly and procedures for handling data collected during a period in 2013 when these checks were not performing as intended I U We also examined implementing procedures and controls for the Attorney General's targeting guidelines U FAA §702 Program Control Framework U iFOUO The FAA §702 control framework describes how NSA targets collects retains accesses queries disseminates and purges FAA §702 data and the oversight mechanisms to comply with FAA §702 certifications including FISCapproved targeting and minimization procedures This section summarizes the provisions of the targeting and minimization procedures and the controls implemented for each phase of the FAA § 702 production cycle U Targeting U Provisions of FAA §702 certifications S 4W The FAA §702 targeting procedures set forth the measures that NSA uses to determine whether a prospective target is eligible for targeting under this authority Each prospective target must meet three criteria The individual must be a non USP reasonably believed to be located outside the United States who possesses or is likely 47 U A target is a person or entity against which intelligence operations are conducted Foreign intelligence is obtained by tasking U1e target's selectors e g email addresses to acquire information pursuant to one ofNSA 's authorities TOP S E CR ET h' SI IH OFOR 72 I DOCID 4273474 TOP SEiCR£T SI INOFOR N ST 140002 to communicate foreign intelligence information consistent with on _g f the · D ∙∙∙∙∙∙∙∙∙∙∙∙∙ FAA §702 certifications 48 ∙∙ ∙∙∙∙∙∙∙∙∙∙ W W The targeting procedures t at e thar · wh NSA proposes to direct surveillance at a prospective target 1jt does only after it has learned something about the prospectiv targec O tihe facilities the individual uses to communicate For example NSA pe rsonnel may examine lead information obtained from a nonNSA element ∙∙ ∙∙ such as tips fi∙om the CIA or FBt I ∙so b t Y 19 1 b l P L 8636 b 3 5o sc 3024 if ∙ ∙ NSA personnel must also assess whether the prospective target possesses or is likely to communicate foreign intelligence information concerning a foreign power a d · h e r the proposed target is appropriate under one of the ∙ _ jFAA §702 certtficatwns ∙∙∙∙ S W ∙ ∙ I U Targeting process overview b 3 P L 8636 U f'OU0 1 To initiate targeting under FAA §702 authority NSA personnel must research the prospective target to determine whether it meets the requirements of this authotity and to identify selectors that will yield communications from the prospective targe t 50 Mission analysts operate within an assigned mission team see '6 3F P L 8 6 36 · · ∙ ·- · · · · - - - s __ nd Tra ng section d follow targeting guidanc_e established by SID Analysts and P to du t19 o n - tbe basts of t4 f A A §702 Targetmg Procedures to ∙ com Jete the anal sis t - i i· i · dt - · r a The TR documents information supporting the targeting decision and L J-s -su -ec t_ t o - a t least two levels ofreview before targeting Additional reviews may be performed by the SID D ata Acquisition S3 office of Targeting Strategy and Mission Integration TSMI and SV U FOUO Mission analysts are responsible for the initial research and identification of potential targets within their organization's assigned missions Analysts must complete a training regimen involving general courses on legal authorities and annual courses on FAA §702 procedures to be eligible to submit TRs under this authority and access and handle FAA §702 data see the Access and Training section U Provisions of FAA §702 certificationseligibility for targeting Sh'HF Foreignness determination The targeting procedures require that NSA personnel examine as appropriate under the circumstances three categories of information to determine whether the intended target is a nonUSP reasonably believed to be outside the United States the foreignness det ermination The 48 U FAA does not define the term reasonable belief but the Act requires that NSA adopt targeting procedures to ensure that FAA §702 acquisition is limited to targets reasonably believed to be outside the United States 49 U Facilities are communication vehicles used by targets including telephone numbers and email addresses NSA tasks these tacilities or selectors to obtain foreign intelligence from approved targets 50 U Selectors are unique identifiers of targets entities against which intelligence operations are conducted such as telephone numbers and email addresses used for tasking initiating SJGINT collection tor the target's selectors TOP SECRETh'SI I t OFORK 73 DOCID 4273474 TOP SEiCR£T ISI INOFORN ST140002 determination is based on the totality of information available about the prospective target's location and status as a USP and may be obtained from any one or a combination ofthese sources E W 6 f 1 t · · b 3' P L 6-36 I a ' - r 1 ∙∙∙∙∙ ∙∙ ∙ · 1 ∙∙∙∙ _∙∙ ∙ ∙ ∙∙ ∙∙∙∙ ' • _ l _S _ _ ∙ ∙ 'fq r 'li '11 ∙∙∙ ∙∙∙ S h # l ∙∙∙∙L1 ____ U FOU01 Foreign intelligence purpose for targeting In addition to the foreignness determination NSA personnel must assess whether the prospective target possesses is expected to receive and or is likely to communicate foreign intelligence pursuant to one ofthe FAA §702 certifications 51 Each certification identifies categories offoreign intelligence see Background at the beginning ofFAA §702 section and specifies activities for which foreign intelligence collection is approved Targeting must also comply with the Attorney General's Guidelines for the Acquisition of Foreign Intelligence lnjbrmation Pursuant to the Foreign Intelligence Surveillance Act of I 978 which reiterates the five targeting activities prohibited by FAA §702 S W • U Intentionally targeting a person known at the time of acquisition to be in the United States • U Reverse targeting that is targeting a nonUSP outside the United States for the purpose of targeting a particular known person reasonably believed to be in the United States • Sf NF Intentionally targeting a USP reasonably believed to be outside the United States • U Intentionally acquiring communications as to which the sender and all intended recipients are known at the time of acquisition to be in the United States and • U Targeting inconsistent with the Fourth Amendment to the Constitution of the United States 51 U Foreign intelligence in formation is defined in FISA as 1 information that relates to and if concerning a USP is necessary to the ability ofthe United States to protect against A actual or potential attack or other grave hostile acts of a foreign power or an agent of a foreign power B sabotage international terrorism or the international proliferation of weapons of mass destruction by a foreign power or an agent of a foreign power or C clandestine intelligence activities by an intelligence service or networ k of a foreign power or by an agent of a toreign power or 2 information with respect to a foreign power or foreign territory that relates to and if concerning a U S person is necessary to A the national defense or the security ofthe United States or B the conduct of the foreign affairs of the United States TOP SBCRBTHSI I 74 r OFORl'l DOCID 4273474 'fOP SECRE'fh'SI fNOFORN ST 140002 U Targeting control procedures S W Target research foreignness ∙∙ ∙∙∙∙∙∙ ∙ ∙∙∙∙ ∙∙ ∙∙∙ • ∙∙ ∙∙∙∙ ∙∙ ∙∙∙∙∙∙∙ •∙ ∙ ∙ ∙∙ ∙ ∙∙ ∙ ∙∙ ∙∙ ∙∙∙ r 'l P b 6 _ 36 U IFOUO Target researchforeign intelligence determination NSA mission ∙∙∙∙∙ ∙∙∙∙ ∙ analysts task targets that are aligned with the National Intelligence Prioriti es ∙∙ ∙ FranJ ework c an be linked to one of the foreign intelligence purposes specified in the ∙∙ approp riate FAA 702 certification and generally are withln the analysts' assigned mission area∙ ∙ I s 3∙1 ∙∙ ∙∙∙ b 3 P L 8636 U IfOUO Targeting request Once mission analysts com lete the research for the propg _ - 9 J r g_ t J4 e y musLde v elop and submit∙ a TR e_a_n T'ys s T ete_rm _ t_n ∙∙∙Identified for an eligible target The TR documents t _ t at Io ns that the prospective targets meet the standards in the targeting procedures Once the TR has been reviewed and approved see Targeting Authorization the selector identified in the TR is used to initiate collection To complete a valid TR mission analysts must compile specific information to demonstrate that based on the totality of the circumstances determined from the research performed there is a reasonable belief that the proposed target is foreign not a USP and not within the Unjted States and is likely to produce foreign intelligence consistent with one of the FAA § 702 certifications The TR must include 52 U Raw data is data that has not been evaluated for foreign intelligence or processed to handle USP identities pursuant to the minimization procedures Metadata is dialing routing addressing or signaling information associated with a communication but does not include information concerning the substance of the communication 53 U The National Intelligence Priorities Framework translates national foreign intelligence objectives and priorities approved by the President into specific prioritization guidance for the IC It serves as guidance for U S foreign intelligence analysis and collection 'fOP SECifB'f SI NOFORN 75 DOCID 4273474 TOP SECRE'ff SI NOf OftN ST140002 • U Fouo l rr P L 8636 ∙ 1 -W- -O-U -8 1 vr I • U Sources supporting the determinati on of foreignness L I 54 U f'OU01 Mission analysts must create permanent documentation ofthe information sources used to establish foreignness Copies ofthe source information are saved in a restricted access SharePoint site SV maintains This repository facilitates approval of the TR as well as internal and external oversight U Qt JQ Th ee system supports targeting compliance as the mission analyst ∙∙ creates the TR The system requires ∙∙∙∙∙∙∙∙∙∙∙∙ b 3 P L 8636 • SHSlt REL TO USA FVE Y Detailed information establishing the fordgnnes s of the selector 1 ∙∙∙1 b f · · · · L ' b 3 P L 8636 b 3 50 usc 3024 i • U FOUOJ Target information including the TAR • U fOUQ1 Completion ofkey fields to document information about the prospective target e g authorized targeting purpose how the individual was determined to be outside the United States basis for expectation that targeting the individual will produce foreign intelligence and • U Identification of the appropriate FAA § 702 certification U fFOVO ThQ b 3 P L 8636 ∙∙∙ system also • U Identifies conflicting data within the TR ∙∙ b 1 b ' 3J P L 8636 • U Captures references to supporting documentation ∙∙ • g t ∙ L TO USA FV£Y I I ∙r ∙ • S t LR l L TO ugA P fE¥ 1 l 54 U Targeting Rationale is a brief justification for targeting a selector intended to explain the connection between the proposed target and a foreign intelligence purpose I f Ma b T SA f E¥ 1 _ ·· I _ ∙∙ ∙∙ b 1 b 3 P L 8636 TOP 8BCRETHSI t OFORN 76 DOCID 4273474 TOP SECRE'f'h 'Sf INOI OltN ST 140002 ∙ b 1 b 3 P L 8636 '_ n Jt 1 ∙ 4 _ --- ∙∙ ___ ∙∙ ∙∙ _ ∙∙∙∙∙∙∙∙ ttiRfr ∙ ∙∙ L 8636 3024 i b l P b f -s fus ∙∙∙ ∙∙ ∙ '• ∙ • I · ------------------------------------------------ ∙ ' ' ∙ J ' L ∙ ∙ I 'T' II T II n T T ' U l • • H I LJ _ ∙∙ 'T f'o T 'J TC' '' u r rr ' A l __ 7 ∙∙∙∙∙∙∙∙ L b ti l -P _L' 86-3 b 3∙ So∙us_c 3024 i ∙∙ ∙ ∙ ∙∙ ∙∙ • ∙ ∙∙∙ • ∙∙ ∙ ∙∙ _ ∙∙ ∙∙∙∙∙∙∙ I - 1 ------------------------------------ ' Tg f gl -H 'fOP 8ECRE'fHSI NOFOR t ' 77 I DOCID 4273474 TOP SEiCR£T ISI INOFORN ST140002 ∙∙∙ ∙∙∙∙ ∙∙••∙ b 1 ∙∙∙∙∙∙∙∙ b 3 P b 3 -- - ±- - 1 - ·H • · l 86-36 _-5o sc 3024 i ∙∙∙ ∙∙ ∙ ∙∙∙∙ • ∙∙ ∙∙∙∙ ∙∙ ∙∙ 1 • U fFOU01 I '3 -P I∙∙∙ I 1 • U fFOUO I I • SH W l IL ________ ____ 1 ∙ ∙ ∙ ∙∙ 1• fb 1 _ b 3 P L 8636 T E h' Sh' P W I ______________________ __ L ∙∙ r----- - J I TS n I I 'SI I 'REL TO us A pi'T£u t1 11 • 1 1 ∙ • ∙ ∙ U Provisions of FAA §702 certificationsauthorization to target U fFOUO Approval to task a prospective target's selectors requires that the TR entry for that tasking be reviewed to verify that it contains the necessary citations to source information that led the analyst to reasonably believe that the individual is a TOP SECRET 81 NOFORl' 78 I ___ _ 'fgJ - '36 · ' b 3 0 USC∙3Q24 i ∙ L 8636 DOCID 4273474 ST 140002 TOP SECRET SI NOFORN nonUSP outside the United States and is linked to the appropriate FAA §702 certification U Targeting authorizationc ontrols U f OUO NSA has implemented a multilevel review process to approve a 11 proposed targeting U If'OU j Releaser review Submitted TRs are first reviewed by the mission releaser Normally the releaser is in the same organization as the mission analyst Releasers must complete the same training courses as mission analysts They examine the TRs for completeness and compliance with the FAA §702 Targeting Review Guidance developed and maintained by the Mission and Compliance staff part ofthe Directorate for Analysis and Production within NSA 's Signals fntelligence Directorate 58 Adjudication ∙∙ the U OUO final tpp roval∙∙ of the TR known as adjudication is a critical control point in tasking ∙∙∙ selectors under FAA §702 authotity and is performed by personnel designated as ∙ ' ∙ _ mis sion adj udicators TRs were initially subject to adjudication by SVbut '1 ___ b 3 P L 8 •36 1 I the responsibility was moved to the mission groups within the SIGINT Analysis and Production organization where specially trained and experienced analysts usually fi om the same organization as the 59 targeting analyst perform adjudication Adjudicators must complete the same courses as other mission personnel as a prerequisite for access to FAA §702 data see the Access and Training section They must also complete a specific course on adjudication and receive onthejob training in their mission office before they are permitted to adjudicate independently Adjudicators receive advice and updated information from the staff of the SIGINT Analysis and Production organization SV and OGC on developments affecting the application of the FAA §702 authority The majority of adjudicators have two or more years experience in adjudication Adjudicator performance is monitored by the Miss ion and Compliance staff in SID's Directorate for Analysis and Production CNREL TO USA FVEY Adjudicators review TRs for accuracy evaluate the evidence in the TR supporting the foreignness of the proposed target examine the TAR statement for tbe individual's foreign intelligence value and verify that the TR supports eligibility for targeting under the specified FAA § 702 certification As part of their TR reviews adjudicators recreate the steps taken by the mission analyst to independently confirm that the supporting data is accurate and that the most current information available is used to support a reasonable belief that the prospective target 58 U As part of the Operavous Sta∙lf for j'he S2 the staff jncludes teams who provide support and oversight I CS203 U md l I of SID's use ofF AA § 702 sue S203A7 ∙ ∙ _ _ ___________ __ 59 ••• •• 11l' l · ∙ b 3 P L 8636 'fOP SECRE'f SI NOFORP'I 79 DOCID 4273474 'fOP SE CHT 1 'q O F OR N ST140002 is foreign Following the same procedure as mission analysts diudica t ' 1 f -· · · · Ito d eterm 1n e b 3 P L 8636 b JF I to rs l P L - 86 36 whether there is supporting or contrary information regarding the foreignness of the individual Adjudicators must complete a series of checks manually or assisted by technology U 1¥9UO l __ ______ __ lfor an initial foreignness determination 60 • TSh'SI REL TO USA FVEY Reviewing_ the database of selectors ∙ ___1 ___________________ f il '1 ' f · 1 b 3 P L 8636 41 hether there was information indicating that the individual was not foreign I • U lfOU07 Accessing the SV4 SharePoint Site to determine whether there is · 1 information that would preclude the cun∙ent tasking request from being app_nwedl b 3 y G g6 3 EL • ' U1 f_O_UrO l _ _ _ rL _ _ _ ∙∙ ___ ------------' ∙ ∙∙ ∙ ∙ ∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙ U O U0 1 If adjudicators are able to confi · - thanhe · prospec ti y J rge t meets the ∙∙∙∙∙∙ FAA §702 requirements for tasking they approve the target's selector 'foi ∙ t askingD However if there is an error or required information is absent in the TR adjudicators must ensure that corrective action is taken before approving the TR ∙ ∙ 1 I TSHSI tJF In most instances if adjudicators identify updated foreignness information they substitute that information in the TR to ensure that the TR is current If adjudicators find an error such as inaccurate foreignness information insufficient evidence to support foreignness or an incomplete TAR statement adjudicators may deny the TR and return it to mission analysts for correction When the TR is corrected the TR goes back to the mission releaser and the mission adjudicator As part ofthe approval process adjudicators upload documentation of the sources su ortina the taraetina decision to the SharePoint site that SV maintains ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙ I ∙∙∙∙∙ ∙∙∙∙ ∙∙∙∙∙ • ∙∙∙ 80 · 'fOP SECifB'f h'SI NOFOR N _ ∙∙ DOCID 4273474 TOP SEC RE'f'f Sf NOfi'OftN ST 140002 bj 1 ∙∙∙∙∙ ∙∙∙∙∙∙∙ ∙∙∙∙∙ ∙∙∙∙∙ b 3 P L 8636 U FOUO' The targeting review process is summarized in Figure 8 U Figure 8 FAA §702 Targeting Review Process FAA 702 Targeting Rellie V I ' rNIO n • - l U t Qt o'lr ' f W1W dllc I'OIK 1 8JttfW' Id Utk¥0i • ec•d fDria•p d i CMft 1 Wh q J'fH AA y U £tqlfii S lmrdl •t• aOIWQIIIKJtrO cmrf t o · · tl fl«thtfl lrYt - 'l t l hHe 't W'ti M fl tRX WW I orG U VI llatkr IV Utoq atU' Sbflw iltttM J'leMdtC'J U Provisions of FAA §702 certificationsapproval agencies of TRs from other U tr'OtJ07 The FAA §702 minimization procedures set forth processes NSA uses for the acquisition retention use and dissemination of information acquired under FAA §702 U if OUO In accordance with Section 6 c of the minimization procedures NSA provides the CIA and the FBI unminimized communications acquired pursuant to FAA §702 for targets nominated by the respective agencies and approved for tasking in accordance with NSA's tar etino rocedures · ∙ Both the CIA and the FBI must handle unminimized communications received from NSA ·S 'ad p ted by the in accordance with their FISCapproved minimization proceq ure Attorney General in consultation with the ODNI --- - _-- -- -- --- ∙∙∙∙∙ ∙∙∙∙∙∙ b 3 P L 8636 r fi f'Tto · ·o t · aa nl'J l-r---------------- I I∙ l tJIL lh'ft· OHHOH ----------------------------J H 'f OP SECifB'f SI NOFOR N 81 1 b 3 P L 8636 DOCID 4273474 'fOP S CRE'f 91 N O P OR N ST140002 U FOUO Controls over approval of CIA and FBI TRs Sh'REL TO USA F¥E Y The CIA and the FBI submit requests for tasking selectors of prospective targets to NSA which reviews the foreignness information and the foreignness justification for the prospective target and approves the selectors for tasking upon an assessment that there is a reasonable belief that the prospective target is a non USP outside the United States and that collection will produce forei on intelli aence information oursuant to one of the aoorove d certifications I I ∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙ f · 1y b p P L 86 36 ∙ • U FOUO Table 26 summarizes the targeting provisions oftbe FAA §702 targeting procedures and the controls NSA has implemented to maintain compliance U Table 26 Targeting Provisions and Controls l Ss' SIH NF Provision Control U Foreignness Acquisition targets only nonUSPs reasonably believed to be outside the United States U F6tffi' The TR documents the support for NSA's determination of the prospective target's foreign ness b 3 P L TG 6 1 REL TO USA F fEY The targeting systemc J enforces completion of required fields including foreignness information identifies conflicting data flags selectors ineligible for _ taskinol I b 1 ∙I l and captures source b 3 P L 8636 information supporting targeting U All TRs are subject to at least two levels of review prior to targeting Additional reviews may be performed by TSMI or SV Reviewers examine available information to validate accuracy of the foreignness determination and that conflicting information has been resolved 63 U An MCT is an Internet tnnsaction that contains more than one discrete communication within it If one of the communications within an MCT references a tasked selector and one end of the transaction is foreign the entire MCT transaction will be acquired tl1rough upstream Internet collection techniques Since this can include discrete communications that do not contain the tasked selector use of such information must meet specific requirements 'fOP 8 CRE'f SI I ' 82 OFOR ' DOCID 4273474 TOP SEC RETHSf NOPOft N ST 140002 lTC' 'r n '1 IC' llr oJ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ b 3 P L 86 3S ∙ b 3 50 usc 3024 i ∙ ∙∙ ∙∙∙ l TC' tlC' f · · - - - _ ' - ' n i r T ∙∙rn ∙1∙∙ · · · fl I I I ∙∙∙''''' I d I I NSA maintains these records in a database of S Sh ' NF NSA will maintain 1 •I t ' ' f St O'r ds of'S lectors I I This tool is used in target ∙I ∙∙∙∙ research by analysts and interfaces with t o identify ineligible ∙∙∙∙ ∙ selectors proposed for targeting The information generated is Jto support reviewed by the adjudicators and any conflicts sho_uld be resolved compliant tasKing New TRs will be compared with these records before the TRs are approved b 3 P L 86 3 6 before targeting U Foreign Intelligence Purpose ofTargeting NSA will assess whether the target possesses or is likely to communicate foreign intelligence pursuant to one of the approved certifications U fF6t le The TAR Statement documents why targeting is requested and indicates the tie to a foreign intelligence purpose specific to the FAA Certification under which targeting is requested This is subject to adjudication U NSA may provide unminimized communications acquired pursuant to FAA §702 to the CIA and FBI 9 IREL TO USA F'lfEY The CIA and FBI may nominate targets and selectors for acquisition subiect to NSA's tarqetinq 1 ∙••' b orocedures l ∙ b 3 P L 8636 JThe CIA ana tt SI nave tnelr own mm1m1zat1on proceaures ror processing the unminimized data that they receive UI FOUO Tasking requests must be supported by citations to the information that led to the analyst's reasonable belief of the foreignness of the target Approval of the TR will include review of the citation The adjudication review includes examination of the U citations supporting the foreignness determination maintained in the SV SharePoint site T II I hi F U Provisions of FAA §702 Certificationsand other Guidance-PostTargeting Review In accordance with the targeting procedures set forth in each FAA §702 certification NSA analysts are required to conduct posttargeting reviews of all selectors tasked under FAA §702 authotity The targeting procedures state that Such analysis is designed to detect those occasions when a person who when targeted was reasonably believed to be located outside the United States has since entered the United States and will enable NSA to take steps to prevent the intentional acquisition of any communication as to which the sender and all intended recipients are known at the time of acquisition to be located in the United States or the intentional targeting of a person who is inside the United States S W TOP SEC R eT H Sf N OFOlt 83 DOCID 4273474 TOP SECRETI SI INOFORN ST140002 U Posttargeting NSA has implemented four procedures to ensure that targeted persons continue to meet the criteria specified in the FAA §702 targeting procedures Sh qf 'b ∙1 b 3J P b 636 b 3 5o_ us · c · -3o2 i ∙∙ ∙∙ ∙∙∙∙∙∙∙∙ SHREL TO USA FVE1' Posttargeting controlsobligation to review NSA has implemented a process called Obligation to Review OtR that bas two provisions The first requires that upon tasking a selector the mission team that initiated tasking must review collection from that tasking within 5 business days ofthe receipt oftbe initial piece of traffic from FAA §702 collection An email notification is sent to mission team members notifying them of the receipt and the 5 day review requirement The mission analyst must review a sample ofthe content ofthe ∙∙cp _lection to determine that ∙ · ∙∙ •• • li The selector is being used by the intended target ∙∙∙∙ ∙∙ • U The gef i s - v lid under the requested FAA §702 certification and ∙∙ • SHR EL TO US2 rvitY I L 1 U FOUO Ifthe reviewing analyst determines that all three requirements have been satisfied thus making the tasking valid under FAA §702 authority no further action is required If any of the thT e re ui rements is not satisfied the selector must be system removed from collection The selector immediately ∙detasked in the 3 86 36 b P L cannot be resubmitted for tasking until all requirements have been satisfied Detasking is discussed further in Monitoring Collection section 8636 - 3 -P l U IFOUO The second provision of the OtR process requires the mission office to conduct an ongoing review of at least a sample of the content from ongoing · - - oUection to ensure that the target continues to meet the critetia for targeting under FAA §702 After the initial review has been com leted a sam le of collection is reviewed ∙ ''t J J l v vur • v 1 l J 1 II Sh'f EL TO USA FV£Y 1 I ∙ ' TOP SECifB'fh'SI NOFOltN 84 ∙ b 1 ∙∙∙ ∙•∙∙ b 3 P l 8636 DOCID 4273474 TOP SECRETHSI NOPOftN ST 140002 ∙∙∙ ∙∙ U FOUO Posttargeting controlsmonitoring collect ion Mission analysts must monitor collection for indications that the target no longer meets the foreignness requirements is not associated with the tasked selector or is not linked to a valid foreign intelligence purpose tied to an FAA §702 certification If it is determined that the target or the selector is no longer appropriate for tasking under this authority NSA will have to take actions that might include detasking the selector reporting a compliance incident recalling intel1igence reports and purging collected communications U $ 0UO If c ti og indicates user of a tasked selector is an ∙∙∙∙∙∙individuar∙wno is not the intended target and is not of foreign intelligence value or is 'i 'i p c 86'36 or may b e - J SP or is in the United States the mission office must immediately remove from co He and identify dio1i 'iHI selectors∙ collection ineligible for retention Additional research may be performed before detasking if there is evidence that the information on the user's USP status or location is not correct Unless there is a strong reason to doubt this information from collection it is presumed valid and detasking should occur immediately If review of collection identifies communications in which the sender and all intended recipients are determined to have been within the United States at the time of collection domestic communications those communications must be destroyed with limited 64 except1ons U If analysis of the collection fmds that the selector is no longer used by the target the selector must be removed from tasking 65 U FOUO Attorneyclient pti vileged communications are subject to special procedures designed to prevent privileged information from being used in prosecution Should review of collection identify communications between persons known to be under criminal indictment in the United States and their attorneys review of the communication must be discontinued and OGC notified for guidance on handling the communjcation 66 64 U FOUO If the domestic communication collected is not related to an incident see Incident Reporting DIRNSA may approve a destruction waiver to allow retention ofthe collection · m v l ∙∙ SffSIHREL I 66 U FOUO Monitor i i i commu cations between a person known to be under criminal indictment in the iJtlited States and an attorney representing iJiiil indi vi dual in the matter under indictment must cease once the relationship has been identified The acquired communicatioil's mustJ e logged and NSD notified so that measures ∙rnay be taken ∙ ∙ to protec1 such communications fi∙om review or use in crinlln'iil proseY utions ∙ ∙∙∙∙ TOP SBCRETh'SI NOFORN 85 b 1 b 3 P L 8636 b 3 50 usc 3024 i DOCID 4273474 TOP SEC R£T SI I t OFOR N ST140002 U F0 007 If authorized collection incidentally acquires a foreign communication of or concerning a USP e g an FAA §702 target is communicating with a USP or about a USP the communication may in general only be retained if the USP information qualifies as foreign intelligence or the information is evidence of a ctime and is provided to appropriate federal law enforcement authorities Domestic communications including communications of a target who has entered the United States must in general be destroyed upon recognition unless D IRNSA or the Acting DIRNSA approves retention of the communication for one of the limited reasons listed in Section 5 ofNSA's FAA §702 minimization procedures b 3 P L 8 636 O subject U fO UO For intelligence collected from upstream Internet collectio to MCTs NSA mission analysts must identify and carefully review collection containing MCTs made available for analytic review While NSA automatically segregates certain MCTs and does not pass them to repositories accessible to analysts there may still be information in some MCTs that is not eligible for retention If a discrete communication within an MCT is not to fi∙om or about a tasked selector but otherwise contains foreign intelligence information and the discrete communication is not to or from an identifiable USP or a person reasonably believed to be in the United States the MCT may be retained to the same degree that a discrete communication could be retained If any portion of the MCT contains a domestic communication the entire MCT must be purged unless there is no underlying compliance incident and DIRNSA approves a destruction waiver U For selectors removed fi∙om tasking all communications collected after the target no longer meets the requirements of FAA §702 must be identified for purging through incident reporting and the purge adjudication process see the Purge section TSf S f Uf Posttargetinp controlsdetection of targets that may have lin addition to analyst review of - - r Jh e United StatesL b ' 'f f' · -selector · com ru ica ions · NSA · has∙∙implemeoted∙l b 3 PL 6 3 o- · · for mdtcatiOns that the user of a tasked selector bas entered the Umted b u i S- _fu_· s_ ∙∙ ∙∙ • ∙ jmmediately detasks the roaming selector and send∙s∙a∙∙message∙ tO' mi's sioi1 analysts notifying them that the selector has been detasked It is the analysts' responsibility to identify and detask additional selectors for the target and develop the information ecessary to produce an incident report Though NSA may not have had prior notice oft4e target's intention to travel FAA §702 may not be used to target individuals in the Unjted States see the Incident Reporting section ∙ S REL TO USA FVE¥ ∙1 ∙ IL ------------ 'fOP 8ECRE'f i 81 NOFOR 86 b 3 P L SE DOCID 4273474 TOP SECRBTHSI 1 0 FOR N ST 140002 ∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ b 1 b 3 P L 8636 b 3 50 usc 3024 C' Jnr T O'T'r T T ' c ∙∙ I I I ∙∙∙∙∙∙ ∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙ b 1f b 3 P L 8636 U FOOO Posttargeting controlsperiodic selector review As discussed earlier NSA is required to regularly confirm that all selectors tasked under §702l continue to meet targeting requirements In addition to these ongoing reviews defaults all FAA §702 targeting to a one year review To maintain acquisition for the target mission analysts must confirm that continued tasking ofthe selector isj expected to acquire foreign intelligence relevant to the FAA §702 certificatiop under which the targeting was executed b 3 P L 86 _36 FA U ff' Oue Table 27 summarizes the posttargeting provisions ofthe FAA §702 targeting procedures and the controls implemented by NSA to maintain compliance U Table 27 PostTargeting Provisions and 91 91 NF Provision U 0 1 1 9 7 Posttargeting analysis is performed to detect when a person reasonably believed to be outside the United States when targeted has since entered the United States This will allow NSA to take steps designed to prevent acquisition of domestic communications or the targeting of a USP SffSIIIREL T9 I JSA FVEY NSA will routinely compare tasked selectors with information collected from II Contro ls Control U Analysts are required to monitor collection to determine whether the target continues to meet targeting criteria including foreignness U Analysts receive obligation to review notices upon first receipt of collection for newly tasked Internet selectors and every thirty days commencing with the date of first collection after the last review The notice is repeated until collection has been reviewed U Annual reviews confirm that a target remains eligible for targeting and continues to be expected to produce foreign intelligence relevant to the FAA §702 certification under which it was approved e m l b I o l leA J l 'l ¥ 1 67 TS fSlh'REL TO USA FYE' I TOP SECRET h'SI NOFOR N 87 1r • 1 b 1 b 3 P L 8636 b 3 50 usc 3024 i DOCID 4273474 'f'Ofl SEC b ' f '''∙∙∙∙ · L 8636 b 'J' P • b 3 50 usc 3024 i ∙ ∙∙ im'f' 1 'lq OFOR ST140002 ∙∙∙∙∙∙∙∙ '' • lor detasking of the selector and purge of any noncompliant communications SifSimJF NSA will routinely compare selectors tasked SNFtEL TO UOA F'o'EY See Table 26 second control ∙∙ -· U ∙∙Automatednotices ares enUo missi on te amS P 9 11 f lr t r c iP t S SI Ir NSA will for in 'li cations that a ' of collection for n∙ewly taske'd lntei'net' sele'clO'fs a'nd every tfilrty' b 3 P L 8E foreign target has entered or days commencing with the date of first collection after the last intends to enter the United review The notice is repeated until collection has been reviewed States I U If NSA determines that a target has entered the United States it will take the necessary steps to assess whether the incident represents noncompliance with the targeting procedures and report such occurrences to DoJ and ODNI and purge related communications from NSA databases as required U See the Incident Recognition and Reporting section U If NSA determines that a target has entered the United States and the target's selectors were not detasked before entry it is reported to DoJ and ODNI as an incident DoJ assesses which incidents represent noncompliance with the targeting procedures and reports such occurrences to the FISC NSA purges related communications from NSA databases as required In some cases DIRNSA may grant a destruction waiver so NSA can retain collection that is otherwise subject to purge U If NSA determines that a target who at the time of targeting was believed to be a nonUSP is in fact a USP it will terminate collection without delay and report the incident to DoJ and ODNI and purge such collection from its databases U See the Incident Recognition and Reporting section As soon as it U becomes apparent that a communication is between a person who is known to be under criminal indictment in the United States and an attorney who represents that individual in the matter under indictment monitoring of that communication will cease and the communication will be identified as an attorneyclient communication in a log maintained for that purpose Annual FAA training requires that such U communications be brought immediately to OGC's attention for further instruction OGC maintains email records o $ uch _ ∙ b 3 P L 8E DoJ nas ag'reed that the communications process used to quarantine these communications is a sufficient process for documenting the information I I S '81 JPJF U Incident Recognition and Reporting U Provisions of FAA §702 certifica tions incident reporting U f'OUOJ The targeting procedures state that NSA will conduct ongoing oversight and report incidents ofnoncompliance to the NSA OIG and OGC and ensure that corrective actions are taken to address deficiencies Reporting is required for incidents of noncompliance that result in the intentional targeting of a person TOP SEC RE THS I i'I 88 OFOR DOCID 4273474 ST 140002 T l' SECimT Sf NOfi'OftN reasonably believed to be located in the United States the intentional targeting of a USP or the intentional acquisition of any communication in which the sender and all intended recipients are known at the time of acquisition to be located within the United States NSA must report these incidents within five business days oflearnjng about them The Agency must purge from its databases information acquired by intentionally targeting a USP or a person not reasonably believed to be outside the United States at the time oftargeting Ifposttargeting analysis shows that the target is inside the United States or a USP acquisition must be terminated without delay Inadvertent acquisition of domestic communications is addressed in the minimjzation procedures see the Purge section NSA also reports incidents of non compliance with the FAA §702 minimization procedures Some examples include incomplete minimization ofUSP information improper queries ofraw data and technical errors that affect systems controls over the data such as retention beyond the required destruction date U Incident reporting controls U fFOUO Training and management communications emphasize the fact that incidents can occur at any point in the collection targeting dissemination access and retention of SIGINT communications and stress the importance of immediate reporting of instances of non compliance Individuals do not have to prove that the activity is noncompliant to report an incident SV works with the mission team that reports the matter to develop an incident report with complete and accurate information If the incident involves a system or a system's performance TV involves all appropriate subject matter experts including SI D SV TD and OGC to assess the situation and evaluate its effect on compliance under the authority OGC informs D oJ and ODNI of incidents that may indicate noncompliance with FAA §702 DoJ in coordination with ODNI makes the final determination whether an incident is reportable to the FISC U f'O UO The O IG receives internal incident reports from SV and TV Notices of noncompliance 13b notices that DoJ files with the FISC are made available to the OIG The OIG uses this information to develop the Intelligence Oversight Quarterly Report which is prepared with OGC and sent to the President's Intelligence Oversight Board through DoD The incidents and notices of non compliance are also used as input to OIG inspections and intelligence oversight reviews U FOUO The annual FAA § 702 training required of all individuals handling information obtained under this authority addresses incident recognition reporting and processing It defines two types ofreportable events incidents ofnon compliance and changes in the target's status U ¥000 Reportable compliance incident An FAA §702 compliance incident occurs when NSA violates FAA § 702 statutory requirements or targeting and minimization procedures or has made materially inaccurate representations to the FISC or has othe1wise not performed in a manner consistent with previous representations to the FISC For example ifNSA tasked a foreign intelligence target reasonably believed to be outside the United States at the time of tasking and later TOP E CR T 81 89 N OFORN DOCID 4273474 TOP SEC RET SI INOFOR N ST 140002 learned that the target planned to travel to the United States but did not detask the selector before the target's entry into the United States this would be reported as a compliance incident U A 'OUO Reportable compliance incidents may also result fi∙om actions taken by communication service providers For example provider error could cause distribution to NSA of communications for selectors not tasked under FAA §702 U fFOUOj Change in target status After tasking selectors associated with a target that meets all requirements ofthe targeting procedures NSA may identify information about the target that was not available when the targeting decision was made This information may show that the target is a USP or is located in the United States making the target ineligible for targeting These changes in target status though not incidents of noncompliance must be reported U fFOUQj Incident reporting and documentation SV has a significant role in reporting incidents of non compliance with FAA § 702 SV developed an operating procedure that addresses the multiple means of incident discovery and the actions SV personnel fo11ow for each There are three primary sources from which SV may identify incidents ∙∙∙∙ ∙ ∙''' ' b 3 P L 8636 personnel • U FOUO Detask notifications produced b yOw '9 e i sion remove selectors from collection A detargeting reas6n is associated with each notification some ofwhich may indicat _ atCincident e g the user of the tasked selector has been identified as a USP • __ ______ __ lt ai · · ts that appear to have roamed into the • U fOUO Communications of incidents reported by analysts query reviewers and others involved in processing or monitoring collection This may include errors by communication service providers Sh'Siffl U L 'fO USA F'fEY For each incident SV works with personnel familiar with the occurrence to create a permanent record including significant detail about the incident and its resolution for example the s e t4 i utended target l j method ∙ofi nddeiif di'scovery detasking information and ∙∙∙∙∙∙∙∙∙∙∙ b t1'C_ ∙ dates of collection to be purged SV creates an entry in the database of selectors associated with targets that have roamed into the United States or have been b 3 -P L- 8 6 _ 36 b 3 50 usc ∙3024 i identified as USPs to identi selectors associated with targets identified as meeting ∙ c rtain criteria aen erates a notice to analysts entering TRs This entry is required when incidents identify l rtarg t located in the United Staies l or a target idebtifie4 s a USP I I b 3 P L 8636 U J'FOUO TV is responsible for overseeing the reporting and mitigation of incidents that affect TD personnel and systems For each incident information regarding the inciden t's root cause and mitigation is gathered and documented There are four primary ways in which incidents in TD are discovered 'fOP S E CRE'f h' Si f i'I 90 OFOR ' DOCID 4273474 I OP SECJm T ST 140002 I N 61 0ft N • U FOUO Technical personnel or analysts find data that is not protected labeled or transferred as expected • U f OUO Audits of queries submitted by TD personnel are reported when they do not comply with the minimization procedures • U fOUO Upon analysis of a system for TV certification instances of potential noncompliance are reported and • U fO UO Technical personnel self report incidents U FOUO SV and TV provide the incident reports to OGC to assess whether the incident is a matter of noncompliance with tbe FAA §702 certifications and targeting and minimization procedures and is reportable to NSA's overseers see the Oversight section U FOUO Incident remediation Several types of activities may be necessary to resolve compliance incidents or changes in status for example detasking selectors purging communications ineligible for retention recalling disseminated reports based upon communications subject to purge correcting system errors and training The actions taken are documented in the incident report and if appropriate the notice of noncompliance filed with the FISC Depending on the magnitude of an incident of noncompliance e g a system error affecting the functioning oftargeting controls the FISC may require supplemental reports on progress in correcting the matter SV and OGC coordinate such reports with DoJ an d OD NJ U F'OUO Table 28 summmizes the incident reporting provisions ofthe FAA §702 targeting procedures and the controls implemented by NSA to maintain compliance The provisions are documented in the oversight and compliance requirements in the targeting procedures U Table 28 Incident Reporting Provisions and Controls UI Fet107 II Control Provision U NSA will conduct ongoing oversight activities and will make necessary reports including those relating to incidents of noncompliance to the NSA OIG and OGC U FAA §702 training addresses incident identification documentation and the process f or selfreporting U FOUO SV and TV document the incident with assistance of the individuals who identified the matter and provide the information to OGC for review OGC in turn f01wards the incident to DoJ and ODNI U NSA will ensure that necessary corrective actions are tak en to address identified deficiencies U The incident report documents measures taken to remediate the incident e g detasking and purge of communications U FOUO NSA will report to DoJ NSD and ODNI incidents of noncompliance including over collection by electronic communications service providers within five business days after determining noncompliance U SV TV and OGC manage the incident reporting process to assure that initial reporting is performed within five business days of the identification of noncompliance U 'fOP SECRE'fHSI NOFORN 91 DOCID 4273474 'fOP SECitE'f Sf NOI OltN ST140002 U Collection that collection ofinformation U NSA's FAA §702 minimization procedures require by targeting nonUSPs reasonably believed to be outside the United States be conducted in a manner designed to the greatest extent feasible to minimize the acquisition of information not relevant for the purpose under which the collection was authotized Steps to assure that acquisition meets this requirement start with target research and approval and the determination that the proposed target meets the criteria for eligibility under FAA §702 NSA has incorporated additional measures in its collection process to comply with this limitation U Collection mechanisms for FAA §702 communications FAA §702 ------- U NSA has two collection mechanisms for ∙∙∙ 6' 3 P L 8636 communications are obtained by the FBI through compelled collection from ISPs and include onJy communjcations to which a tasked selector is a party For upstream Internet collection and telephony collection the communication service providers who control the telecommunications infi astructure over which the communications travel are legally compelled to make available to NSA communications related to tasked selectors Upstream collection of Internetbased selectors may include communications to or from the tasked selector as well as communications in which the selector is referenced within an Internet transaction The latter is called abouts collection because the communication is neither to nor from the tasked selector but about the selector i e the selector is contained within the communjcation Communications acquired from telephony selectors are only to or fi∙om the tasked telephone number i e abouts collection is not a factor U Provisions of FAA §702 certificationsfilters s t 13 t t F f NSA 's FAA §702 tar etin roced - state t - t - _ - · 1 g -P L • • L __ emplo i an Internet Protocol filter to ensure that the person from whom it seeks to obtain foreign intelligence information is located in a foreign country 1 U Collection controls for telephony and upstream Internet communications communications not to or from the target I l t ' j t'T'C' 1 C r 1 l l ∙∙∙∙∙∙∙∙∙ g ·P t 86 6 b 3 50 usc 3' l24 i 'fOP SECitE'f SI NOFOltN 92 _ 86 36 DOCID 4273474 TOP SECRET f Sf N OFOR N ST 140002 ∙∙∙ ∙∙∙ • ∙∙∙ ∙∙ The providers should deliver only communications meeting these criteria to NSA • ∙∙∙ U Provisions of FAA §702 certification sanalysis of selector targeting status lbl J bl_ 3 P · 86 - - _ SIIREL TO USA FVEY NSA's FAA §702 targeting procedures set forth criteria b -50 Us - 024 • lf or ip itiating collection on a target Once a target's selector has been placed on ∙∙∙ ∙ ∙∙ ∙∙∙∙∙ colleciion ∙th e Agency continues to evaluate collection and use other tools to identify 'chao _ges in the sfatu s Qt to cation of the target e g change in USP status such as ∙ information that the individual_ has been granted permanent resident status in the ∙ U ted Stales pr information tha'ftheta rget is entering the United States If these chabges occur 'orit is determined that the farget is no longer producing foreign ∙∙∙ intelligell ce the selectot is removed fi∙om collect1on ∙∙ cb Dges in tarcretin status ma be rocessed immediate ∙∙ u Qn identification in NSA s st'ems∙ ------ -- mres N A to ∙ ∙∙∙ Th is re ---------- - L- ---- r------- -- U Collection controlsverification targets that collection is for currently tasked each source of collection NSA em lo s rocesses to determine whether b 1 ∙are ∙seudfti g∙cO'minunications only for selectors currently tasked∙ d b p P L 8636 _ a_ u- th o- t-i -z _ e_d £- -o' r collection f For • I I ' l U FOUO Collection for telephony - - Je ∙∙∙∙∙∙∙∙∙∙∙ ctors l I b 3 P L 8636 ∙•∙∙∙∙∙ ∙∙∙ T S I S lh W Upstream collection for Internetbased selectors TOP SE CR eT h' Sf f N 93 OFOR ' b 1 b 3 P L 8636 b 3 50 usc 3024 i DOCID 4273474 'fOP SECRE'fHSI fNOFORN ST140002 thH1r ∙∙ b 3 P L 8636 b 3 50 usc 3024 i L 1 ___ ___ IL c an re s lt i n th e ∙ TSHSIHNF A situation kn 9 WD asiL--- - T u unintended lGquisitiofi o non target comp 11 1 uications ' NSA implemented a verification c A ' ' ' · ' ' Pf6ce ss to address this situation that is another check performed before upstream '6 1r ∙ Internet communications are forwarded to analyst accessible repositories for I I l p rO'cessing b 3 P t 8636 b 3 50 usc 3024 i -- 1----------------------------r-' · J ∙∙∙ l lJ '1 ' 1 ∙ ∙∙∙∙∙∙ ∙∙∙∙∙ ∙∙ ∙∙∙∙∙∙∙ 'b 1 b 3 P l 86 6 b 3 50 usc 3024 i U Provisions of FAA §702 cert Internet transactions i fications----t pstream U Background Upstream Internet collection includes acquisition oftwo types of communications not present in downstream collection abouts communications and multiple communications transactions MCTs Abouts communications are those that are not to or from the target selector but whose contents include the selector For example if a target's email address is within the body ofthe Internet communication between other individuals the communication is about the selector An MCT is an Internet transaction that contains more than one discrete communication lf one of those discrete communications is to from or about a tasked selector and if the active end ofthe transaction is foreign the entire MCT transaction will be acquired through upstream Internet collection This can include other discrete communications that do not contain the tasked selector If the targeted selector is not the active user in the transaction the MCT can include other discrete communications that do not contain the tasked selector U Provisions NSA's FAA §702 minimization procedures require NSA to 'fOP S E CR-E'f 81 i'I 94 OFOR ' DOCID 4273474 ST 140002 'fOP S CRE'f 91 N O P OR N take reasonable steps postacquisition to identify and segregate through technical means Internet transactions that cannot be reasonably identified as containing single discrete communications where the active user of the transaction i e the electronic communjcations account address identifier used to send or receive the Internet transaction to or from a service provider is reasonably believed to be located in the United States or the location of the active user is unknown U fFOUOj Internet transactions that cannot be identified as meeting the above definition must be segregated and retained in an accesscontrolled repository from which transactions may not be moved except for processing to render them intelligible unless they are determined not to contain discrete communications for which the sender and all intended recipients are reasonably believed to be in the United States Any such transactions moved to data repositories accessible by 68 analysts are required to be identified as having been previously segregated NSA's FAA §702 minimization procedures also specify that Internet transactions acquired through NSA's upstream Internet collection techniques on or before 31 October 20 II be destroyed upon recognjtion U Upstream Internet collection transactions controlsmultiple communication TS SI iNf Effective January 2012 NSA implemented a process for analyzing and processing upstream Internet collection to ensure that only MCTs devoid ofwholly domestic communications will be forwarded for further analysis This process applied to all upstream data that bad been sequestered starting I November 201 I 69 Three criteria are used to sort these communications and determine whether they would be withheld from use by analysts sequestered in a collection store or sent to data stores accessible by analysts the type of communication discrete or MCT the active user oftbe selector and the location of the active user The minimization procedures require that sequestered communications be accessible only to s eciall trained ersonnel to determine whether the rna be authoriz ed for use ∙∙ • • m _ _ ∙∙∙∙∙∙∙ b 1 b 3 P L 8636 b 3 50 usc 3024 i As NSA reported to the FISC all FAA §702 upstream Internet transactions acquired before November 2011 whether or not they were MCTs were deleted Additional controls are required when MCTs available to analysts are used for example to support reporting of foreign intelligence see the Sbming and Dissemination section ------ ------ ---------- ------ b 1J s ______ _ t 3 P ∙ _L∙ ∙∙8 _6 oo3 8 ' ∙ ∙∙ Ts#s ·Il t ' J ough the minimization procedures permit NSA to pass previously segregated communication to repositories accesslb'le to analysts NSA has not done so I the only FAA §702 data forwarded to Si'IS_I IRLL TO USA r' 't 'n l analyst -a essib l e repositories was datal I or where the target was the active user The hltnainder was sequestered pending development of decision logic to assess MCTs The data was also excluded from I I 69 TOP S CRET 81 N OFORN 95 DOCID 4273474 TOP SECRETh'Sf NOFOftN ST140002 U Table 29 summarizes the collection provisions of the FAA §702 minimization procedures and the controls implemented by NSA to maintain compliance I U Table 29 Collection Provisions and Controls Q I 1 p I _ L J• U 1 II Provision Contror IJ U Acquisition of information Targeting controls see Table 26 are the first U by targeting nonUSPs measures employed to limit collection to communications of reasonably believed to be targets that meet the requirements of the targeting procedures outside the United States will The foreignness requirements and the posttargeting analysis of be conducted in a manner communications serve to minimize collection of communications designed to the greatest extent not authorized for acquisition e g domestic communications feasible to minimize the acquisition of information not relevant to the pu rpose for ∙∙∙ ∙∙∙∙∙∙ which it was authoriz 9 · · ' ' L IU • --------------------L- It I I 3 P L 8636 ∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙'∙∙ 'b · · l - b 3 P L 86 _36 b 3 50 usc l024 i 3 ∙ ' IfF • Acquisition of 3 ∙ communications not to or from the target will employ an ln t er n et Pir o to c ol fi l t elr o j j a _ • uot lol ' b 1 b 3 P L 8636 1 ∙I U Internet protocol filtering is performed on collection I 1 1 t venfy that at least one end of each transact or i 1 meeting this criterion should be j -- ls to r e --lg n -_ ' O In I Y trans ctions I delivered fC' r 1 NSA ∙ U NSA will take reasonable steps postacquisition to identify and segregate through technical means Internet transactions that cannot be reasonably identified as containing single discrete communications where the active user of the transaction is reasonably believed to be located in the United States or the location of the active user is unknown I 1'------------ T' ---- - I i • I U NSA has implemented pr ocedures to analyze upstream Internet collection Only discrete ∙∙∙tran actions a_6q MCTs meeting certain criteria are made accessible to an l_ysts · · H3 -P L 6-36 U If6t1et r P U Repositories U Provisions of FAA §702 certificationsrepositories U ffffl JOT NSA's FAA §702 targeting procedures require that NSA establish processes for ensuring that raw traffic is labeled and stored only in authorized repositories and is accessible only to those who have had proper training see the Access and Training section TOP SBCRBT H SI r OFOR 96 l'l DOCID 4273474 ST 140002 TOP SECRE'f'f SI NOfOlt N U Control framework for access to FAA §702 repositories U FOU0 7 Several control procedures are employed to ensure that FAA §702 data is stored in repositories that meet standards for security and compliance and that access to the data is properly controlled From the time of collection data is processed through interim systems before it reaches thq lapproved source systems for 70 FAA § 702 reporting The remainder of this sectwn describe∙s Jour types of controls focusing on their application to thq l ∙∙ ∙ ∙ ∙ ∙ • U f OUO System security accreditation b 3 P L 8636 • U f OUO System certification • U FOUO Data flow management and • U FOUO Data tagging U FOUO Approval for NSA systems to store and process FAA §702 data U ff OUOJ Accreditation TS is responsible for managing the risk on all NSA networks and the computer systems and devices connected to those networks TS's responsibilities include • U J'FOUO Guiding prioritizing and overseeing the development of information assurance programs necessary to ensure protection of information systems and networks by managing the NSA Information Security Program • U fFOUO Serving as the Director NSA Authorizing Official to accredit all NSA information systems • U FOUO Conducting information systems security and accreditation and risk management programs and • U f OUO Establishing maintaining and enforcing NSA information systems security policies and implementation guidelines U Accreditation is the official management decision to permit operation of information systems in specific environments at acceptable levels of risk based on the implementation of an approved set of technical managerial and procedural safeguards U FOUO When accrediting systems TS uses the National Institute of Standards and Technology NIST Risk Management Framework to determine the appropriate level of risk mitigation to protect systems information and infi∙astructure NIST Special Publication 80037 Guide for Applying the Risk Management Framework to Federal Information Systems February 201 0 describes the six steps in the framework TOP SBCRBT H SI r OFOR 97 l'l DOCID 4273474 TOP SECRET Sf NOf OftN ST140002 • U FOUO Categorize the information system and the information processed stored and transmitted by that system based on an impact analysis risk assessment • U fOU O Select an initial set ofbaseline security controls for the information system based on the security categorization tailoring and supplementing the security control baseline as needed based on an organjzational assessment of risk and local conditions • U ff OUO Implement the security controls and describe how the controls are employed within the information system and its environment of operation system developers • U IfOUO Assess the security controls using appropriate assessment procedures to determine the extent to which the controls are implemented correctly operating as intended and producing the desired outcome with respect to meeting the security requirements for the system independent testing by TS • U fOUOj Authorize information system operation based on a determination of the risk to organizational operations and assets individuals other organjzations and the nation resulting from the operation of the information system and the decision that this risk is acceptable and • U f OUO Monitor the security controls in the infotmation system on an ongoing basis including assessing control effectiveness documenting changes to the system or its environment of operation conducting security impact analyses of the associated changes and reporting the security state of the system to designated organizational officials U fFOU0 1 Before a system is authotized to be put on a network it must go through the accreditation process and be approved by TS Once implemented systems are b fJ P L 8636 subject to reaccreditation every three years or when significant changes occur that may affect the risk assessment The dates through which the FAA §702 repositories are accredited are hsted in Table 30 ∙ U JFOl IO Table 30 Accreditation Status of NSA I FSHREL l9 lel€ 1 F' E¥ stem b 1 b 3 -P L 86 a ___ '∙ named In the System Sicurity Plan SSP ∙∙∙∙∙ TS REL TO USA FVEY TOP SECRET 811 NOFORN 98 DOCID 4273474 'fOP S CRE'f h'SI N Of Oft N ST 140002 U IFOUOJ Certifica t ion In addition to system accreditation all systems containing FISA data must be certified by TV4 the NSA authority for certifying automated systems to ensure they are compliant with the legal and policy regulations protecting USP privacy Dol and the FISC are notified when NSA designates a _q ew l I U f OU In2010 NSA began certifying FISA §ystems ∙∙∙∙a s part ofan effort to ensure that they comply with the legal aJ td policy regulations protecting USP privacy This included the repositories that c6n trun FAA §702 metadata Personnel fi∙om various organizatioq s within SID and TD performed the initial certifications TV subsequ _p tly · assuliJ ed responsibility for system certification and developed the NSA corporate database for registering NSA systems their compliance certification and data flows It is NSA's authoritative source for all compliance certifications b 3 P L 8636 U FOUO The Agency 's certification process currently evaluates system controls for compliance with purge data retention and ageoff data access querying dissemination data tagging targeting and analytical processes These mission functional areas are defined by the Comprehensive Mission Compliance Program ODOC administers Through this program compliance certification requirements are developed to address required compliance controls The compliance requirements administered by the TV2 requirements team form the basis for the criteria against which systems are certified for compliance U ff OUO To be certified to handle FISA data systems must receive TV certification through the Compliance Certification process The TV4 certification h at contain FAA §702 data and which can be used as sources dates for the to support dissemination ∙are ∙ listed in Table 31 I UI FOU9 Table 31 Co · pli _nce Certification Status of NSA _l __ ____ l∙∙ b 3 P L 8636 fFSfJREL 1'8 USA f v I II I ∙System Certification Date ∙∙ • li ∙∙ ∙∙∙ • b ' 1 ∙∙∙ b 3 P L 86JS ∙ ∙∙∙∙∙∙∙ ∙ ∙ ∙∙ U IFOUOJ TV provided new compliance certification guidance in May 2014 ∙∙∙∙∙ Systems other than those being decommissioned within twelve months which meet ∙ b 3 P L 8636 the following ctiteria should be recertified by TV • U IfOt JOJ Systems with two significant systemrelated incidents in a twelve month period or three total • U F OUO FISA systems that have not been certified within two years 'fOP S E CRE'fH SI r OFOR 99 r DOCID 4273474 TOP SECttET Sf NOfORN ST140002 • U t'OUOJ Systems with a major upgrade affecting compliance functionality or • U P'OUO' Systems planning to process under a new authority e g addition of FISA data U IF000 7 Owners of all affected FISA systems were notified in June 2014 that they should com lete recertific tio if their systems met these guidelines - - s ' ' ' ' ' months ∙ b 3 P L 8636 ofthe ∙repos1tonesl are∙ scheduled d ecommissioned and were exempted from this T o be L ' req uirement l ∙∙∙ ∙∙ U Data flow management C IREL 'fO U A F VC i' USSIDs define a set of controls and operating procedures forthe United States SIGINT System USSID DA3511 Data Acquisition Directorate Targeting and Data Flow Management defines a process intended to assure that only desired SIGINT is delivered to intended users in the time fi∙ame and format required SJ '811 KEL 'fO USA F YE¥JI lis responsible for yovertng endtoend mana m ent - of-Itif ern et and telephony ___ t c ollecti n ∙∙∙∙ houses the access data -· fort estmg · and · setting up new data flow paths that traverse the __ _ -· · maiiag _r s r spon sible · ' ∙ s lt f processinginfrastructure ∙∙∙ The O Data Governance Team governs the 3 86 36 b P L processing and disttibution of data collected within NSA's SIGINT system oversees the documentation and review of all new dataflow requests and implements processes designed to ensure that NSA compliance standards are maintained throughout the development ofnew data flows bH 1 ∙∙∙∙ oLu 4 8 SI REL TO USA FVEY The Data Governance Team manages the data flow process Customers must comple te Dataflow Management Requests DMR to initiate or modify data flows DMRs require detailed information including the status of _ system certifications system accreditation plans types of data to be processed I authotities for collection and ·1 1 documentation of data flows DMRs are evaluated and approved by a triage team L- --- -t' ' ---- - ---- ------ · l pon triage earn concurrence the DMR is given to th Qata Delivery organizations for Targ ting and Tasking ∙and testing and 1mp ementation -- - DMR -s are omplete · on c e all required approvals are obtained and data flows become operationar ∙∙ _ l b 3 P L 8636 U Data tagging U FOU01 Historically NSA has managed data access by implementing restrictions on data storage including the use oflogical database partitions Data flows were designed to place data in these partitions for example according to the FAA §702 certification under which the communications were acquired To access the data personnel bad to have appropriate training and be given access to certain systems and missions matching the data partitions where the data was stored TOP SECRETHSI 1 0FOR I 100 DOCID 4273474 'fOf S ST 140002 CRE'f H S I N OFOR N U $ 0 UO As NSA uew∙me'Chaiiisms∙∙ror∙ ∙ h 3 P L 8636 storing and accessing data are being developed Data tags are created for ea cb ' i coJlection record identifying the authority under whjcb the data wa S'collected as well as several other ieces of information used in mauaoino∙ ∙tbe data over its life c cle 71 Thus to access raw data acquired under the ∙ 3 P L 8636 certification for FAA §702 analysts must be approved for access to such collection as part of an authorized mission and fulfill the trairung requirements for the authority -- -- U FOUO Data tags also serve to maintain compliance with limitations on the scope of queries as well as ageoff and purge requirements U FOUO' Table 32 summarizes the repository provisions oftbe FAA §702 targeting and micimization procedures and the controls NSA implemented to maintain compliance U Table 32 FAA §702 Repository Provision and Controls U II Provision II Control U Ifflt te7 NSA has established processes for U All systems processing FAA §702 data must ensuring that raw traffic is labeled and stored complete a security accreditation process only in authorized repositories U All FAA §702 repositories are certified compliant with the legal and policy regulation protecting USP privacy U Data flows must be approved Y O and SV to ensure compliance ∙∙∙ ∙ ∙ U Data tags are applied to∙rdentify the authority under which the information was acquired The tags also serv∙e to manage access tn nrl ∙ f th rlata j II l ∙ ∙ ∙∙ ∙∙ U b 3 P L 8636 U Accessand Training U Provisions of FAA §702 certifications U The FAA §702 targeting procedures state that NSA will develop and deliver training to ensure that intelligence personnel responsible for approving the targeting of persons under that authority as well as analysts with access to the raw data acquired pursuant to FAA §702 understand their responsibilities and the procedures that apply to this acquisition '- _c_s _R£_ L u_sj _ r_' ' c_v_ 21-- - - - - - - - - - - - - - - - _ - _ _ _ _ _ _ _ _ · · l __ To __ TOP SECR E T f 81 r OFORN 101 t ' · •• ∙∙∙∙∙ b 1 b 3 P L 8636 b 3 50 usc 3024 i DOCID 4273474 'f'Ofl SECitE'f' S f INOfi'OftN ST140002 U Control framework for restricting access to FAA §702 collection to aut horized personnel fi'S iSINtff NSA requires that users having access to FAA §702 data have one or more credentials be current on the required training and be assigned to approved · · · · · · · · ' mlSSlOnS 1 b - f' L ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙ 8636 Onel lcre d entials is needed to access FAA ∙∙∙•∙∙ ∙ ∙ ∙∙∙∙∙I §702 data l ∙∙∙ is reauired to acces data ∙coUected under thel∙∙∙∙∙∙∙∙∙ I∙F AX §702 certifications IF _ JL ------------ 3 z- ' ' l'li ' 1 Required credential 7 ∙∙∙∙∙∙∙ To obtain any of the I Only individuals who credentials a request must be su _ r r l it ted inl ∙∙ bold the requested credential w ay subm1Csomeone for the credential The request is first revi yv e d bythe∙ xssociate Directorate for Security and Counterintelligence Q ∙∙∙∙∙∙ ∙∙ ∙∙∙∙∙∙∙∙∙to ∙d'efermine whether the applicant has satisfied certain security criteria If approved ·•il · · · · · · ∙∙ by Q the request is forwarded to SV for final adjudication SV reviews the request 36∙∙∙∙∙ u f ∙∙ 3 - R L ' ' ''86 ∙ Lh Lt b e m ∙ d' 'd 1 ∙ ∙ d trammg an ∙ ∙ d b h 'f ymg · ∙∙∙∙∙∙∙∙∙∙∙ven t at t e request 1v1 ua 1s curTent on requrre i r e W Q S a valid ∙∙∙ ∙ ∙∙ ∙∙∙∙∙∙ · · mls siOifjustifieation JJ a _I __ 1 equirements are met SV approves the for entry to NSA's security ∙∙a∙ruabase I I retrieves - ederitia t t ll ∙∙∙ I other corporate authoritative source systems that ∙∙ ∙ ∙ _ iriform tion froml ∙∙∙ ·- - l an Q _ everal proyide · l he s atus of individuals'' ∙∙∙appr oyed missions traiujng and clearances Using this i 'n'foQ11ati ·i i lcalculates iail y- a∙listo f individuals who gualify for FAA § 70 t∙access NSA systems use the information froml to detennine what data the indiv t duals are authorized to access SID maintains the authority rules which determine wbatl verifies for individuals to access data Cf REL T USA FVErij Obtaining the credential ∙ j I U fFOU01 Obtaining access to mission resources SID policy designates las NSA's tool for the proper administration and implementation of access to SIGINT data in NSA repositories it facilitates the administrative process of acquiring access to tools and databases Access sponsors submit individuals for access The sponsors determine the appropriate SIGINT authority for users assigning them to a mission documented in the mission correlation table a master list of all analytic production elements that have been approved for SIGINT missions The table facilitates database access by providing a record of databases needed to perform SIGINT missions The access sponsor nominates a user for access to raw SIGINT databases sources and tools in support of a stipulated mission The sponsor ensures that auditors are assigned to the mission to review queries of mission t- da d H H H H 1 Je e ds Hu se r accessHinfor mationHtol I H ' ' ' ' ¥ 3 • · 1 · · 86 36 · t - ·- · I ∙ ∙ ∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙ r'hel∙∙ lC rede ·r li W as originai∙ ∙Y · t bilshoo for∙ flSA a and reonjres lrajnjng n NSA's U FOUO _ Standard Minimization Pro e Q ures for FISAinform∙a rioH L ter difterent verst011s∙ otiL ____ ∙1 I were established ∙for p_ permits access to FAA §702 data · o f F f A-- - 1 arricular categodes redential n ·l I acqUired before the establishment oftllej 72 TOP SB CRE 'fh' SI OFOR 102 N DOCID 4273474 ST 140002 'fOP SE CRET 81 0 F OR N U LfOU0 1 Maintaining access Automated and manual procedures provide assurance of continuing eligibility to access FAA §702 data Users and access sponsors are responsible for removing users' access when they no longer qualify for a missiou E _ c h l I mission is also requiTed to have au intelligence oversight officer who performs periodic reviews to ensure that individuals assigned to mis sions are still eligible for access ∙∙∙∙ ∙∙∙•∙ ∙∙∙∙∙∙∙ ∙ U FOU0 1 Enforcement of required traiuing is supported by the production of ∙∙∙∙∙∙•∙∙ ∙ • automated notices to individuals well in advance of their training expiration dat e b 3 P L 8636 N d uce d at regu ar mterv 1 al s unti h 1s comp ete 1 d If tratrung '1 t e trammg ottces are pro ∙ ∙ e xpires Jhe individual is automatically removed from access to FAA §702 data 73 ∙ C ' · - 6 D i J ii rn J I ∙∙∙ I calculates daily a Jist of individuals who qualify for FAA §702 acc ess∙ 1 interfaces with several corporate authoritative source systems that provide the status of individual's approved missions training and clearances For systems that use data tags user information in ∙I lis compared with the data tags applied to the communications before giving the individuals access to the data If the user does not possess the combination of requirements identified in the data tag access to that data is denied U FOUO Appropriate and adequate training NSA CSS Policy 123 requires that Agency personnel complete 10 training annually U FOUO' To qualify for access to data acquired under an FAA §702 certification persons must have completed specific training courses within the last 12 months All courses are developed by NSA's ADET in conjunction with the OGC mission subject matter experts and mission compliance professionals All NSA analysts who perform targeting functions must take the first three courses listed next the last is mandatory only for personnel requiring access to FAA §702 data • U LfOUO O VSClOOO NSA CSS Intelligence Oversight Training the Agency's core IO course provided to the workforce to maintain a high degree of sensitivity to and understanding of intelligence laws regulations and policies associated wi th the protection ofU S person privacy tights Personnel are familiarized with the major tenets ofthe four core IO documents Executive Order 12333 as amended Department of Defense Regulation 5240 1R Directive Type Memorandum 08052 and NSA CSS Policy l23 OVSC I 000 is webbased and includes knowledge checks for 74 proficiency • U ff OUOf OVSCll 00 Overview of Signals Intelligence Authorities the W 3 P l 8636 SIGINT core IO course provides an introduction to various legal authorities ∙∙∙ ∙∙∙∙ ∙ ∙∙∙∙∙ _ ' I CU 1 • 73 ∙∙∙∙∙∙∙ ∙∙∙∙∙∙ ∙∙∙∙∙ lctoes not verify the individuals ' I - §7o2 ·ti aii l 1g sfiitus · f ____ _____ __ 74 U IFOUO E O 12333 United Stales Intelligence Activities DoD Regulation 5240 1R Procedures Governing the Activities ofDoD Intelligence Components That A feel US Persons DTM08052 DoD Guidance for Reporting Questionable Intelligence Activities and Significant or Highly Sensitive Mailers 'fOP SECRE'fHSI N OFOR N 103 DOCID 4273474 TOP SECR£T SI INOFOR N ST140002 governing NSA operations Upon completion personnel should be able to identify applicable surveillance authorities at a high level define the basic provisions ofthe authorities and identify situations requiring additional authority OVSC I LOO is web based and includes knowledge checks for proficiency All personnel in the U S SIGINT System USSS working under NSA SIGINT authority with access to raw SIGINT are required to complete OVSC1100 • U fOUOj OVSCI800 Legal Compliance and Minimization Procedures an advanced SIGINT intelligence oversight course which explains policies procedures and responsibilities within missions and the obligations ofthe USSS to protect U S person and foreign partner privacy rights OVSC 1800 is webbased and includes competency examsl l · Pers ogg l 'Nho do not pass the test after l attempts must complete remedial trainillg∙ All∙ analystsjQ _ he USSS working∙ 1 1nder DIRNSA SIGINT authority with access to raw SIGINT are - requ ired - to c oiil pl t e OVSC 1800 annually - ' t 3 -P L 8636 I I • U FOUO OVSC1203 FISA Amendments Act FAA S ion -xpl ains 702 the legal policies and targeting and mini1 9 izati6r1 procedures FAA m ndates The course is web based and incl gdes ∙a ∙competency exam ∙∙ Personnel who do not pass the test after ------------ -- attempts must complete remedial training All analysts who require access to FAA §702 data must take this course annually l I I U FOUO Other courses are also required before analysts can access NSA targeting tools The first four of these are required for all NSA analysts who perform targeting functions while the last is mandatory only for those analysts targeting under FAA §702 • U POUOj CRSK1300 Foundations of Smart Targeting a webbased course that covers targeting policy processes and concepts available assistance targeting tools research and collection • U FOUO CRSKJ 30 J Foundations of Smart Targeting Research available in webbased format beginning January 2015 the course focuses on elements of the targeting process requiring research the research process and the tools and databases used in research • U FOUOj CRSKJ 302 Foundations of Smart Targeting Targeting a web based course that includes collection source considerations the target workflow process creating TRs finding and assessing collection results and documenting sources • U FOU O CRSK1303 Foundations ofSmart Targeting Targeting Maintenance a webbased course that focuses on resolving compliance problems managing traffic and maximizing the intelligence value oftask ed selectors TOP SECRETh'SI NOFOR N 104 DOCID 4273474 TOP SECRET HSI fNOF OR N ST 140002 • U f OUO CRSKI304 FAA Section 702 Practical Applications a web based course required for all NSA analysts who conduct targeting under FAA § 702 It is scenario based and addresses compliant TRs targeting maintenance and incident reporting U f'O UO Adjudicator training In addition to the above courses mission personnel who grant final approval ofF AA § 702 TRs must take a course on the approval process be approved by their FAA §702 mission lead receive handson training by personnel with adjudication experience and be approved by S2 Mission and Compliance staff Upon approval elements in SID will upgrade the individual's access role iQto · allow · adjudicati-on · · ofTRs ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ TiJj 3 P L 8636 H • H ∙∙∙∙∙∙∙∙ • U fOtJO CRSKJ 305 FAA Section 7Q 2 Targeting Adjudication a course that explains NSA resourcesJor validailng selectors and foreignness explanations in0 TRS' ' determining whether submitted TRs should be approved and followup actions after a TR bas been approved or denied U Access requirements for technical personnel to FAA §702 repositories U fOUO Technology Directorate personnel who directly support repositories and systems that contain raw SIGINT data or activities that utilize raw SIGINT must complete OVSCIOOO OVSCIIOO and OVSCJ806 training annually OVSC 1806 is the same course as OVSC1800 see above but bas an additional lesson on the system compliance certification process Technical personnel who support FISA systems and whose responsibilities may include direct access to FISA data are also required to attend a briefing administered by OGC and TV Upon completion of the briefing SV update s1 I recording the user's attendance at the briefing and theiT autho'fization for access ∙ u Identification U I F0y0 ∙∙∙ 20t 7 ∙ - of access vulner · - jl it Y · · i - - -' scheduled to be decommissioned in is § iJ e f' i e relies on a con tb ination of data ∙ ' ' · d to p rotect ∙access to h d' 'd ∙ Wit ∙∙∙ ∙∙∙∙∙∙∙∙ '• U owever It 76 as part of its access control ∙∙∙∙∙∙∙∙∙∙∙∙∙∙ 'f oes not ven y t at an m IVl does interface u al 1s current on trammg I G'4ffiL TO USP · 'li 'te¥ an individual with authorized access to 1 ∙ FISA data discovered that FAA §702 data had been included in the results of a query ldata The individual bad received FAA §702 training when she was o j ∙∙∙∙∙ ∙∙ ' U ffOUS l isNSA s Corpora t e for Al l h Q i - on Service See the Obtaining the Credential s cti6n more in formati a o_n_o_n r wl∙ ∙ ••••• • ' P L _ 86 36 3 'fOP ECRE'f 81 NOFOR 105 ' DOCID 4273474 TOP SECR£T 81 I t OFOR N ST140002 assigned to a different mission so her access to the data was not in violation of the FAA §702 targeting and minimization procedures However the access did violate SID policy because the mission to which the individual was assigned was not autbotized for FAA §702 77 Investigation of the occurrence led to the discovery that personnel without the required FAA §702 training could access FAA §702 data in 78 I I if they have th credential To date no incidents have ∙ been identified of individuals who have not received FAA §702 training querying 1 land r e cei v l g FAA §702 data 79 I ∙∙ ∙ U FOUO When SV personnel discovered this vulnerability they worked with TD lwas updated to to initiate ccfrrective measur s - 1 add ne w ∙t ors to FAA § 702 data collected on or after that date The new CO Is em ul te_ ·i ∙ the acc s e6il'trols required for ther FAA § 02 _systems i cludin controlling ceess based upon the authonty under which 1t was ob _ t n e d _ I l siriiilar process will be implemented to addre access controls ro L r at - a-----J A review is urrently undetway regarding action to take ∙∙∙ o_btaJo d l l _ I d ' foc j _ • ro s b 3 P L 8636 I 3 r i i sr i ' n 02 U Table 33 Access and Training Provisions and Controls U Provision Control U NSA will develop and deliver training regarding the applicable procedures to ensure that intelligence personnel responsible for approving the targeting of persons under FAA §702 as well as analysts with access to the acquired foreign intelligence information understand their responsibilities and the procedures that apply to this acquisition U F'O't10 NSA has a list of courses required annually for analysts to qualify for access to data acquired under FAA §702 This includes OVSC1203 a course specific to FAA §702 U To access NSA targeting tools all analysts must complete four courses on targeting Analysts targeting under FAA §702 must also take a course on application of the authority U Adjudicators who grant the final approval ofTRs under FAA §702 must also complete a course on adjudication specific to the authority U Fet feJ Technology Directorate personnel who support FISA systems must complete OVSC1 000 1100 and 1806 annually and attend a briefing administered by OGC and TV 77 'b ' l P L ∙ S _ - 8 • 3 COREL TO USA FVBY SID Management Directive 421 states that FlSA access is based on current mission need and does not follow individual analysts when they move to new missions or location s unless speci tied in the document authorizing the assignment Persons changing missions jobs or locations must provide rejustification to v l ough their management chains for FISA access or access to unminimized unevaluated content in the new J'OSitLOll • 7 S · U f wrth ont I I credential analysts cannot access FAA §702 data and most other types ofFJSA credential was originally established for data T li FISA data and requires training in NSA's standard minimization procedures for FISA information 79 tor FISA access lare also authorized to access TSl Sih'Nf OfNSA's O SIGIN I r t j _ i O - rized ∙ FAA §702 data TOP SBCRBTHSI 106 r OFORl'l b 1 b 3 P L 8636 DOCID 4273474 TOP SECRE'f'f Sf Nt ft ltftq ST 140002 U NSA has established processes to ensure that raw traffic is accessible in authorized repositories only to those who have had the proper training UifFeol le Access to FAA §702 foreign intelligence and the ability to submit and approve targeting under the authority require certain credentials and access to mission resources databases sources and tools The approval is not granted unless the required training has been completed See above information regarding laecess ∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙ b 3 P L 8636 U U Querying Repositories of Collected FAA §702 Data U Provisions of FAA §702 certificationsqueries U Minimization procedures permit use of computer selection terms to scan storage media containing communications acquired pursuant to FAA §702 and to select communications for analysis with certain limitations Query selection terms e g telephone numbers and key words and phrases must be formed in a manner reasonably likely to ren1rn foreign intelligence information Collection obtained through NSA upstream Internet collection techniques may not be queried using selection terms of an identifiable USP U Compliance controlsquery compliance U fFOUO Queries ofraw SIGINT databases are subject to USSJD CRI610 SIGINT Production and Raw SIGINT Access revised 12 February 2013 which requires that • U iFOUO All user organizations designate two auditors to review daily those queties presented for their rev iew 80 • U f OU0 1 Auditors be familiar with the targets and types of queties executed within their missions • U fOU0 1 SV provide trruning for new auditors on their responsibilities and certify them as compliant before conducting audits 81 • U f OUOj SV conducts periodic super audits of interactive raw SIGINT database queries verifying that selectors were foreign on the date the super audit is performed and examining tbe query terms to determine compliance with NSA policy 82 • U f OUO NSA mruutain a noneditable file of ail such database queries for a minimum of one year 80 U 1 INSA implemented an approach to query review that uses stTatified sampling based upon historical rates of queries identified as reportable to determine the queries from each database to be presented for auditor r view Thel system passively logs queries but the queries are not subject to audit NSA is develqping a process to provide additional oversight for queries against this system 81 U i 'Auditor s are now required to take NSA Raw Traffic Database Auditor Training OVSC31 01 every years∙∙and must be cleared to the security level required for the authority under which the analyst performed the query subject to audit 2 ∙ ·cU t The system used to test tor i g l _nessl I does not maintain an historical record of _ foreignness ofthe tasked selector L 1 ∙∙∙∙∙∙∙∙∙ _ ∙ ∙ ∙∙∙∙∙∙∙ I two ··· b 3 P L 8636 'fOP 8ECRE'fh'Sif NOFOR t ' 107 DOCID 4273474 TOP SECRETHSI fNOFORN ST140002 • U fOUO All queries be driven by a foreign intelligence purpose and • U ¥ 0 UO An audit record of the selection terms be created and reviewed per NSA policy by the originating organization U ff OUQ Mission auditors are assigned to each missio11 _u sing thel __ - _ tool described in the access section The t ool -requih s that missions have designated auditors before r t wpersonner ·c-a n · he approved for the missions Auditor qualificatiO'iis ∙∙∙∙lndude target knowledge expertise in the mission area familiatity with the type of queties to be reviewed ability to mentor analysts to improve query b 3 P L 8636 execution attainment of all credentials required for the data reviewed and completion of all required training Queries presented to auditors are required to be audited within 24 hours of receipt or on the next normal duty day ····· U FOUO SV developed OVSC31 01 NSA Raw Traffic Database Auditor Training to prepare auditors for postquery review The course provides instruction on use of the corporate query audit system incident identification incident reporting and maintenance of records of audits to support SV super audits and DoJ ODNI reviews I Sh'Sfi REL TO USA Fy X Thel system a legacy system which predates J JSSID CRT6'f6 and is scheduled to be decommissioned does maintain a log _ __ 'Ofquenes for five years The system has not yet been modified to provide these o Ys to the co orate loa ino and auditin s stem b 3 P L 863 U FOI JO Queries not using USP selection terms U FOUO FAA §702 systems provide records of queries to the corporate logging and auditing system for user generated queries ofraw SIGINT content 83 These records are the source for daily postquery reviews by auditors and SV query oversight These systems also maintain records of query reviews U IFOUtn Auditors examine queries to determine whether they have a valid foreign intelligence purpose Auditors also evaluate query selection terms to determine whether they were constructed so as to avoid obtaining information on USPs The review is intended to balance the pursuit of foreign intelligence and protection of USPs' Fourth Amendment rights When a tasked FAA §702 selector is used as a query term and the selector is foreign the corporate query logging and auditing system does not present the query for review by an auditor because the term bas been reviewed by a releaser and an adjudicator as part of the TR approval for tasking 84 during the targeting process l fa tasked selector is used as a query term and the U f One ofthel l ∙does norsend ∙qliery∙red5i'ds'Totl1eNSA co rpo i ·a ·ie ulo gg T i g u i ' f 3 -P L 8636 auditing system This system is scheduled to be decommissioned ∙∙ 84 U feBS The query auditing and logging system obtains current tasked selectors fron Q a t id eri fi es U1eir foreignness against NSA SlGlNT databases 83 TOP SECRETN'SI INOFORN 108 DOCID 4273474 TOP SEiCR£TH81 I t OFOR N ST 140002 selector is not foreign it is subject to review by an auditor Queries using selection terms that are not approved selectors are subject to auditor review Ui l f'OI J Provisions of FAA §702queries using USP selection terms U FOUO A 3 October 2011 FISC Order approved the use of modified minimization procedures that permit queries of data collected under the authority only for foreign intelligence purposes using USP query terms subject to specific NSA review procedures and external oversight Such queries can only be performed using FAA §702 telephony communications and Internet communications obtained from downstream collection Use ofUS P identifiers to query FAA §702 collection must be approved in accordance with NSA procedures NSA is required to maintain records of all USP identifiers approved for use as selection terms These query procedures are subject to oversight by D oJ and ODNl U FOUO Compliance controlsqueries with USP selection terms U FOUOJ NSA adopted internal procedures governing use ofUSP identifiers for queries of communications coHected under FAA §702 Upstream Internet collection is not approved for such queries DoJ and ODNI reviewed and appro ved these procedures The Senate and House Intelligence Committees were informed ofthese changes There are three sets ofprocedures for approval ofthese queries • U FOUO Queries ofmetadata • U FOUO Emergency queries of content and • U IfOUO NSA's annually required course on FAA §702 OVSCI203 includes training on the use ofUS P identifiers to query raw data collected under the authority The NSA FAA web page also contains the documented and approved procedures for these queties Although metadata queties are not subject to preapproval the que ry and a foreign intelligence justification must be recorded to support external oversight The justification must document the analytic knowledge linking the selector to a foreign target or foreign intelligence purpose Content queties using USP identifiers are subject to preapproval by S2 SV and OGC SV maintains records of all queries using USP identifiers and includes such queries in its query oversight U Table 34 summarizes the query provisions ofNSA's FAA §702 minimization procedures and the controls implemented by NSA to maintain compliance TOP SECRETHSI 1 0FOR I 109 DOCID 4273474 TOP SEC RE'f HSf NOf OftN ST140002 U Table 34 Query Provisions and Controls S 1 5 11 P L TO USJ Po'EY lil Provision U Storage media data repositories containing communications acquired pursuant to FAA §702 may be queried to identify and select communications for analysis Query ter ms such as telephone numbers and key words or phrases will be limited to those selection terms reasonably likely to return foreign intelligence information 'ti 3 L - ∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙ ∙∙∙ ∙∙ II Control U Queries of FAA §702 databases may only be conducted for foreign intelligence purposes and are subject to review by mission auditors who must have target knowledge expertise in the mission area and have completed training on raw traffic database auditing The review evaluates whether the query was for a valid foreign intelligence purpose U SV conducts periodic super audits of these queries ef ei IREL TO us a F' IE'1' NSA maintains a file of all database queries for at least one year in the corporate logging and auditing system for user ∙cfii'eries∙∙onaw ∙s1G 1NT∙content ∙r J ∙ gene∙ratea _ 11 U Identifiers of an identifiable USP may hot be used as terms to query any Intern ∙∙ communication acquired through upstream Internet collection Use of USP identifiers∙∙ a terms to query communications must be approved in accordance with NSA procedures NSA will maintain records of all USP identifiers approved for use as selection terms U fFet l€1 DoJ and ODNI will conduct oversight of NSA's queries using USP identifiers I All personnel receive annual training on U ∙ U P query procedures which can only be performed fodore lgn intelligence pu rposes against FAA §702 telephon't ∙coJ nmunications and Internet communications The SV web page prov1des mstructions for requesting approval of such queries using a process that DoJ and ODNI approved U JF6t 167 Queries of upstream Internet collection using USP terms are prohibited Queries of metadata are not subject to U preapproval but the query and foreign intelligence justification must be documented Content queries using USP terms follow U request and documentation procedures and are subject to preapproval by SV and OGC U SV maintains records of all queries using USP identifiers and includes these queries in its oversight of query review I I I I U See the Oversight section 6ff6 11 REL 'Fe U 3A f'O I U Sharing and Dissemination U Sharing UIJ'FOOO As stated in the Access and Training section targeting procedures require that all personnel accessing or otherwise handling r aw data acquired pursuant to FAA §702 must be current on training for the authority This imposes restrictions even within NSA on the use of information obtained under this authority U Unminimized communications acquired pursuant to FAA §702 may be provided to the CIA and FBI for targets each has identified to NSA Each agency has minimization procedures for handling data collected under this authority and must TOP S E CR eT h' SI N OFOlt 110 DOCID 4273474 TOP SECHT Sf NOfi'OftN ST 140002 handle communications provided by NSA in accordance with those procedures CmTently unminimized data shared with the CIA and FBI is limited to communications det ived from downstream collection U Dissemination U The NSA minimization procedures apply to dissemination of all information acquired under FAA §702 including nonpublicly available information concerning USPs acquired by targeting non USPs approved under the NSA targeting procedures There are several restrictions on dissemination of information acquired under this authority • U FOU0 1 Discr ete Co mmuni cations within an MCT Analysts seeking to disseminate information obtained from a discrete communication within an is eligible for dissemination MCT must assess whether the communication e g not a domestic communication and document that assessment in the comments fi eld of the reporting tool in a manner that supports internal and external oversight • U f OUO Att orn ey C lient Co mmun icat ions Dissemination ofUS P attorneyclient privileged communications must be reviewed by the NSA OGC NSA must cease review of communications between a person known to be under criminal indictment in the United States and an attorney representing that individual in that matter segregate such communications maintain a record of the identified attorneyclient communications and notifY Dol so that appropriate procedures may be established to protect such communications fi∙om review or use in a criminal prosecution while preserving foreign intelligence information in the communication • U fFOUO Domestic C ommunic ations A domestic communication may only be disseminated if DIRNSA has approved a destruction waiver for that communication documenting its eligibility for retention and dissemination Such communications must contain information that meets one offour criteria significant foreign intelligence technical database information necessary to assess a communication' s vulnerability evidence of a crime or information concerning a threat of serious harm to life or property Communications acquired when there was no reasonable belief at the time of tasking that a target was a nonUSP located outside the United States are not eligible for destruction waivers If a waiver has been obtained NSA may share domestic communications that do not have foreign intelligence value but are believed to contain evidence of a crime with appropriate federal law enforceme nt authorities in accordance with applicable laws and regulations 85 Without a destruction waiver NSA is authorized to notify the FBI if information in a domestic communication indicates that a target has entered the United States The Agency may also provide information to the CIA and 85 U 50 U S C §§ l 806 b and 1825 c require that the communications be released with a statement that U1e Attorney General must approve use of the information in a criminal proceeding USC §1806 b is not l imited to FAA §702 domestic communications it applies to all disseminations to law enforcement TOP SECRE'f gf NOFOR N 111 DOCID 4273474 TOP SECRETf Sf NOFORN ST140002 FBI for collection avoidance purposes NSA may retain domestic communications shared with the CIA and FBI for six months and must restrict further use or dissemination of communications whose destruction bas been waived by placing the identifiers for these communications on the MPL • U Foreign Communications of or Concerning USPs These communications may be disseminated ifthe identity ofthe USP is deleted and a generic term substituted so that the information cannot reasonably be connected with an identifiable US P This process is refened to as masking Otherwise dissemination of intelligence based on such communications may only be made to recipients requiring the identity of the USP to perform their official duties and only if at least one of eight additional requirements is met o U The USP consented to dissemination or the information is publici y available o U The USP identity is necessary to understand the foreign intelligence information or assess its importance o U The communication or information indicates that the USP may be a foreign power an agent of a foreign power residing outside the United States and holding an official position in the government or military forces of a foreign power a corporation or other entity owned or controlled directly or indirectly by a foreign power or acting in collaboration with an intelligence or secur ity service of a foreign power and the USP has or bas bad access to classified national security information or material o U The USP may be the target of intelligence activities of a foreign power o U The USP is engaged in unauthorized disclosure of classified national security information only if the originating agency has verified that the information has been properly classified o U The USP communication was authorized by a court order and the communication may relate to the foreign intelligence purpose ofthe surveillance o U The USP may be engaging in international tenorist activities or o U There is evidence that the USP is engaging in a criminal activity • U Foreign Communication of or Concerning a NonUSP may be disseminated in accordance with other laws regulations and policies provided that the communications are eligible for retention under FAA §702 • U Collaboration witb Foreign Governments Consistent with the authority accorded NSA by E O 12333 the Agency maintains cryptologic liaison relationships with certain foreign governments Information derived from FAA §702 collection that has been evaluated for foreign intelligence and minimized for USP information may be disseminated to these foreign TOP SECRET H SI r OFOR 112 r DOCID 4273474 ST 140002 TOP SECR£T ISI INOFORN governments 86 Dissemination of infotmation of or concerning a USP must comply with the restrictions described in Foreign Communications of or Concerning USPs above as well as with those described for MCTs above NSA is permitted to disseminate unminimized communications to foreign partners to obtain technical or linguistic assistance to determine the meaning or significance of the information 87 U Sharing FAA §702 with authorized NSA personnel U fFOUO Analysts authorized to access FAA § 702 communications are trained to ensure that individuals with whom they wish to discuss such communications have appropriate credentials l∙penn Jts review ofan individual's training and I clearances The training also addresses NSA · p'Olicy hich states that emailing unminimized and unpublished data to anyone even otJ iefNSA ttersonnel violates compliance controls such as effective auditing ∙∙∙∙∙ ∙ b 3 P L 8636 U Provision of unminimized communications to CIA and FBI U FOUO As described in the Targeting section NSA must approve selectors nominated by these agencies based upon compliance with NSA taraetincr rocedures F ved selectors Internet communica ions are routed to the re q uesting ∙agency based ∙∙∙ p ∙mation in he · r R · · · NSA'poilcy stateLs t at ∙∙∙∙ ∙∙∙∙∙ an a ly _s t_s_s ou not s ru∙e___ ∙∙∙∙∙ ∙∙ u nmi J hniz ea and li r1e aluated communications received pursuant to this collection '' ' ' ' w ith the CIA and FBI for selectors tasked on behalf of those agencies collaboration ∙ ' ' on such collection is permit ted when analysts from the CIA or FBI access the b 3 P L 8636 uuminimized communications from their own agencies' FAA §702 data repositories The required annual FAA §702 course OVSCJ203 provides training on these restrictions which are designed to assure accountability of dissemination if recall or purge becomes necessary U General disseminati on requirements U f'OUO Limits on use of reported FAA §702 communications Analyst training OVSC1203 instructs that use or disclosure of information derived from FAA §702 communications in any criminal proceeding immigration proceeding or any other legal or administrative proceeding is prohibited without the advance authorization ofthe Attorney General oftbe United States To prevent such use NSA internal procedures require that disseminations ofFAA §702 derived information include the Intelligence Purposes Only caveat that prohibits use of the information without approval This is included in the FAA §702 training 86 U ffeB Collected tratftc that has been evaluated to determine whether it contains foreign intelligence and has been subject to minimization to protect USP identities is referred to as evaluated minimized traffic or EMT 87 U Dissemination tor technical or linguistic assistance is subject to speci'fk restrictions limiting the use ofthe information by the foreign government to translation or analysis ofthe communications allowing dissemination only to the individuals perlorming the analysis or translation restricting the foreign government from making a permanent record of the information and requiring destruction or return to NSA ofU1e information disseminated TOP SECRET 81 NOFORN 113 DOCID 4273474 TOP SECRE'f' f SI NOfOft N ST140002 U fOUOJ Reporting documentation Consistent with the purge requirements in the minimization procedures NSA is required to account for and must be able to trace its disseminations based on FAA §702 communications The annual training addresses the documentation that analysts must complete to fulfi 11 this requirement • L W7 The collection authority specific FAA §702 certificatio piece of traffic used in the report and ∙ b 3 P L 8636 • U A source verification statement documenting an identifier for each piece of traffic and confirming that the source was not ineligible for retention or subject to purge A new reporting tool first introduced in 2013 performs the source verification automatically Successful completion ofthis process with no flags confirms the traffic may be used as a source for reporting StfSf REL TO USA FVEY An NSA reporting policy document Sourcing Requirement and Verification Guidance ISS05410 revised 8 May 2012 provides reporting and dissemination guidance The policy requires that individuals releasing reports verify that the reports do not contain information that should have been purged fiom raw SIGINT databases This must be performed within 24 hours of the report release using the Master Purge List SIGINT reporters are also required to include traffic source identifiers for all reports and enter source verification statements in the reporting tool to confirm that this review bas been performed ∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙ b 3 P L 8636 SHSf REL TO USA FVEY The primary analyst reportinf tools used in 2013 performed automated verification I at the time of o o u es against NSA s r p ortxelease If none∙ of∙the∙ scii irce records for the report matched records in the purge system the report would be released If a match to the identifier for a purged record was found the release would be stopped and the individual releasing the report would be notified The policy requires that a manual source verification check be performed for reports released through means without automated source verification In 2014 a new analyst reporting tool was implemented that also includes automated source verification see the Purge section U Disseminating communications involving MCTs U FOUO The FAA §702 am1Ual training course OVSC1203 addresses procedures that analysts must perform for upstream Internet collection containing MCTs to comply with the minimization procedures The training identifies the requirements for disseminating single discrete communications within MCTs The course also explains requirements for documenting the analysis that supports tbe decision that communications are eligible for reporting An NSA reporting policy document Source Record Entries for Reporting from FAA 702 Multiple Communications Transaction ISS18511 requires that compliance be documented in NSA reporting tools SV performs oversight of tbe documentation supporting use of certain MCTs for reporting see the Oversight section 'fOP ECU'f 1 N OI Olt 114 N DOCID 4273474 TOP SECRETHSI fNOFORN ST 140002 U Disseminating attorneyclient communications U f'OUOJ In OVSC1203 analysts are trained on the requirement that NSA OGC personnel preapprove disseminations of information involving USP attorney client privileged communications U FOUO Disseminating domestic communications Dissemination of domestic communications is limited to those communications for which DIRNSA has approved a destruction waiver documenting their eligibility for retention 88 Such communications must contain information that meets at least one of five criteria significant foreign intelligence technical database information information necessary to assess communications vulnerabilities evidence of a crime or information concerning a threat of serious harm to life or property Destruction waivers are discussed in the Oversight and Purge sections Training on retention and use of domestic communications is included in OVSC1203 UI FOUO Disseminating foreign communications of or concerning USPs U FOUO OVSCJ 203 addresses the requirement to exclude information fi∙om reporting that would allow a reader to determine a USP's identity unless the identity qualifies for dissemination under the terms of the FAA §702 minimization procedures NSA' s Information Sharing Services Group ISS reviews exceptions to this ''masking requirement ISS handles requests for release ofUSP identities U Disseminating foreign communications of or concerning a non USP Foreign communications of nonUSPs that contain foreign intelligence are eligible for dissemination subject to other applicable laws and policies U Dissemination to foreign governments Information obtained under FAA §702 may be disseminated to foreign governments in three ways addressed in OVSCI203 I 51 SIIIR£L TO USA f'Jl 'r' l i -----------------r rr r P L · _ 88 U ffOUet A destruction waiver is not required for dissemination of domestic communications to notify the FBI of the target's presence in the United States or to notify the FBI or CIA for collection avoidance purposes TOP SE CR ET SI IH OFOR 115 i 8636 DOCID 4273474 'fOP SEC • U 1-Af ' RET l SI I OFORN ST140002 6 3 P L 8636 fA 1 J ∙∙∙∙∙∙∙∙∙∙∙ _ l8m b dissemination must be performed in accordance with special handling procedures and requires the approval of SV and OGC who maintain records and report this activity to DoJ and ODNI L ___ SHREL TO USA FVHY Dissemination of collection acquired when post tasking technical checks are not functioning properly In 2013 NSA identified b l1Y g o J i and reported an incident in which a system modification caused incomplete ksee ∙the Po∙sFTargefiri secfiO'rir production o4 Aineri fe f H b 3 P L 86 minimization procedures approved in November 2013 required application of in response t the incident These pro ed res mc e q y - - t t NSA d veloped mcluded addittonal yenficatlon of target locat10n before FAA commumcatlons acquired during a peri o d vheq lposttasking technical checks are not functioning as intended are used for targeting and dissemination These procedures were the subject of several communications across SID as well as training sessions and are documented onNSA 's FAA §702 web page ∙ · · U f OUO Table 35 summarizes the sharing and dissemination provisions ofthe FAA §702 targeting and minimization procedures and the controls implemented by NSA to maintain compliance U Table 35 Sharing and Dissemination Provisions and Controls 8fif4F Provision U NSA has established processes to ensure that raw traffic is accessible in authorized repositories only to those who have had the proper training II Control U Annual FAA §702 training addresses analyst responsibility for ensuring that individuals with whom they wish to discuss FAA §702 communications have the necessary credentials and training U NSA may provide to the CIA and FBI llf F SV adjudicates TRs from CIA and FBL If unminimized communications acquired approved the al encies will receive unminimized pursuant to FAA §702 These communications communica1ions will be based upon targets that each agency ∙ I For requested targets whose selectors identifies to NSA are aireadv tasked bv NSA SID personnel will Ito provide '6 - ∙∙∙∙ ∙ dual∙∙routel j lnternet commumcations to the b 3 P L 86 3 requesung agency r U Minimization procedures require NSA be able to purge communications that meet specific requirements U To account for and trace dissemination based on FAA §702 communications and to comply with purge requirements analysts must document certain information for the data sources in each report including the certification under which data was collected and a statement verifying that each piece of traffic used was confirmed as eligible for retention This is addressed in annual analyst training and NSA reporting policy U A new reporting tool first introduced in 2013 performs the source verification automatically Successful completion of this 'fOP SECR e'fh'SI 1 0FOR t ' 116 I II DOCID 4273474 ST 140002 TOP SECR£T SI INOFOR N process with no flags confirms the traffic is not subject to purge and may be used as a source for reporting U A dissemination based on communications of or concerning a USP that are eligible for retention may be made if the identity of the USP is deleted and a generic term or symbol is substituted so that the informa tion cannot reasonably be connected with an identifiable USP Otherwise dissemination of intelligence based on communications of or concerning a USP may only be made to a recipient requiring the identity of such person for the performance of official duties and only if at least one of eight criteria is met U This requirement is consistent with NSA reporting policy for all reporting based on communications of USPs U NSA analysts seeking to use a discrete communication within an MCT for reporting must document that specified analysis has been performed U If'et loet Annual FAA §702 training includes the requirements for reporting based upon discrete communications within an MCT and the documentation required SV reviews this documentation for certain MCTs See Oversight SID Oversight and Compliance U All proposed disseminations of information constituting USP attorney client privileged communications must be reviewed by the NSA OGC before dissemination U Monitoring of attorneyclient communications between a person known to be under criminal indictment in the United States and an attorney representing that individual in the matter under indictment must cease once the relationship has been identified Acquired communications must be logged and the National Security Division of the DoJ notified so that appropriate procedures may be established to protect such communications from review or use in criminal prosecutions while preserving foreign intelligence information contained therein U Annual FAA §702 training addresses procedures analysts must perform to disseminate this data OGC notifies DoJ NSD of such communications and advises mission personnel on dissemination Minimization procedures require that domestic communications be promptly destroyed upon recognition unless DIRNSA approves the communication for a destruction waiver Domestic communications for which a destruction waiver is approved may be disseminated If a waiver has been obtained NSA may share domestic communications believed to contain evidence of a crime with appropriate federal law enforcement authorities in accordance with applicable laws and regulations Without a destruction waiver NSA is authorized to notify the FBI if information in a domestic communication indicates that a target has entered the United States and may provide information to both the CIA and FBI for collection avoidance purposes U Annual FAA §702 training addresses this requirement U TOP SECRETHSI INOFORN 117 DOCID 4273474 TOP S'gCRETh'SI NOFOR N ST14 0002 Sf 1' Et 'f8 I IS a AI'El1 ' NSA is permitted to disseminate evaluated minimized information to foreign partners 0 I EL TO us FVEY NSA policy requires that dissemination of EMT acquired pursuant to FAA §702 other than as serialized product must be approved by the SIGINT Director and a record of the dissemination provided to SV U NSA may disseminate raw data to a foreign government for technical or linguistic assistance U Annual FAA §702 training addresses the requirement that such dissemination must be approved by SV and OGC who will manage the restrictions on this dissemination keep the required records and report to DoJ and ODNI Sfff fi Procedures addressing the requirements If NSA seeks to use information acquired pursuant to FAA §702 when there is for use of data acquired when posttasking uncertainty about the location of the target of checks are not functioning as intended J the acquisition becausei lpost tasking were communicated to mission personnel and are checks described in NS 's FAA §702 ' documented on the FAA §702 web page targeting procedures were not funct fo_ning properly NSA will follow internal procedures for determining whether such informatio l may' be used U Purge b 1 b 3 P L 8636 Sfltlf U Background ShREL rO USA FYEY The PostTargeting section documents the requirements for destruction of communications and the processes that may identify a change in the target's location or USP status These processes include analyst r eview of I and receipt of information from other comm_1 1 _gi ations -l ∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙ag∙endes If the circumstances result in unauthorized collection the noncompliant data will be identified and purged 89 The period of the unauthorized collection is b ∙ ∙1∙ ∙∙∙∙∙∙ b 3 P L 8636 included in an incident report documented by SV and is used by the purge b 3 50 usc 3024 i adjudicator who initiates the purge process U FOUO Compliance controlspurge of FAA §702 communications 90 Manual and automated controls support the purge process SID's Mission Support Systems and Data Compliance Group within the Directorate for Analysis and Production developed a purge information web page to guide analysts This page includes instructio us to purge communications collected under FAA §702 authority The directions call for analysts to contact SV ifth ey believe that purge ofFAA §702 data is required because nearly all cases requiring purges also require incident reports S SIHREL TO USA PV£Y0 The purge web page describes two types of purges 1 incident or parametric purges which are necessary when the reason for the purge affects all collection for a target or selector over a period of time SID's Mission SupportSystems and Data Compliance Group performs these and 2 purge upon 89 U Purge refers to the deletion of communications from systems that were acquired as a result of unauthorized collection or otherwise are not authorized tor retention pursuant to the minimization procedures 9 From the time of collection description focuses on tb e L------------------- · The Jg llowing ° TOP SBCRETh'SI N 118 · R -· · - · ·- ∙∙ ∙ ∙∙∙∙∙∙∙ ∙∙ ' ' '' '∙∙∙ L 1 b 1 b 3 P L 8636 b 3 50 usc 3024 i DOCID 4273474 ST 140002 TOP SECRBTHSI 1 0 FOR N recognition or analyst driven purges A parametric purge is applied for example to remove communications collected after a target is determined to be in the United States Purge upon recognition for FAA §702 is for example required when I NSA identifies a discrete domestic communication within an MCT requiring the entire MCT to be purged or 2 a legally acquired foreign communication between a foreign target and a USP or a communication in which the subject is a USP found to have no foreign intelligence value U f OUO NSA bas implemented a mission compliance standard for purges which states that consistent with NSA's FAA §702 minimization procedures and absent a destruction waiver some or all communications data acquired under the authority must be purged if any ofthe following crite1ia are satisfied • U The targeted person is confirmed or believed to be a USP regardless of location purge all communications • U The targeted person was confirmed or believed to be in the United States at the time of collection roamer purge collection acquired during period of U S travel • U A person was incorrectly targeted purge all collection • U The tasked selector is known or suspected to be used by a USP purge all communications from known date of use by the USP 91 • U The tasked selector was known or suspected to be accessed from withjn the United States purge communications from date of access • U The tasked selector was tasked before being approved for tasking remained tasked for any reason after collection was no longer authorized or was tasked under the wrong authority purge all collection • U An incorrect selector was tasked purge all collection • U The communication is one in which the sender and all intended recipients were in the United States at the time of acquisition of the communication purge affected communications or • UNfOUO The communication otherwise qualifies as a domestic communication as defined in the FAA §702 minimization procedures and DIRNSA or the Acting DIRNSA has not executed a destruction waiver to authorize continued retention ofthe communicati on purge affected communications U FOUO Purge processes Purging involves four processes nominate data to purge adjudicate purge nominations execute purge actions and verify purge atons Other systems are certified to bold certain data copied or derived f q m data ∙∙ b 3 P L 8636 91 I Sh'NRl __' TOP SECRBTHSI NOFORN 119 ∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙ I 6H1 b 3 P L 8636 DOCID 4273474 'f'Ofl SECH'f' 81 NOPOltN ST140002 objects These systems have their own purge processes The following description focuses on the I 1 ∙∙ ' '6' '3 P L 8636 U fOUO Nomination fo r purge Nomination involves identification of the selectors and time period for which communications must be destroyed For FAA §702 most are identified in incident reports and SV determines whether purge is required and documents the date range for purge in the incident report Purges of specific data objects are also initiated by analysts recognizing content that meets minimization criteria but which is not an indicator of a compliance incident This process is known as purge upon recognition For this type of purge the identifiers of the affected communications are placed on the MPL in discover state before a modified version ofthe process described below is followed U If OUOJ Adjudicating purge nominations Purge adjudication is the process whereby the purge adjudication authority SID 's Mission SupportSystems and Data Compliance Group determines the validity and accuracy of a nominated purge request locates the data required for destruction and places the data objects on the master purge l ist MPL The goal of adjudication is to ensure compliance with purge criteria without overpurging communications at the expense of mission The adjudicator • U fOUO Evaluates the nomination against the purge criteria unless a determination was made during incident processing • U fOUO Using logical parameters provided in the nomination determines and issues search criteria for discovery of potentially affected communications in tbel l -9 • • U fOUO Enters identifiers of affected data objects in the MPL in discover state to prevent use as a source for n ew SIGINT reporting or other controlled uses and to initiate checks to determine if the objects were used in prior SIGINT reporting • U ffOU j Manages the impact of pending or approved destruction waivers that may exclude specific objects from purge • U If OOO For data objects requiring purge changes MPL state of their identifiers to purge and issues purge execute orders delete those objects and to thel Ito ∙ • U FOUO Records the decision to purge release or quarantine the data objects in the corporate purge tracking system bvbich∙ retaib'S ' b 3 P L 8636 I 92 U FOUO The di - Qye ry proeess ∙∙∙∙∙∙∙ - · iq e rf ol n · d -by a limited number of individuals with special access tor each 'fOP SECRE'fHSI 120 r OFOR r DOCID 4273474 ST 140002 TOP SECRETHSI fNOFORN submitted data identifiers with historical records of actions taken and cross references to original compliance incidents and or purge nominations that caused them to enter the purge process Uf q OUO For purges stemming fi∙om system or technical errors collection and or technical subject matter experts are typically relied upon to conduct or assist with purge discovery Some aspects of the adjudication process may be modified based on the details ofthe specific incident UifFOU01 Executing purge actions The purge executor receives purge decisions from the adjudication authority issues execute orders tol hstem ∙Q W iiers ∙ b'Jr3 P L 8636 containing the unique identifiers ofthe data to be purged cogflrms ∙∙rec∙eipt oftlie orders changes the MPL state for those identifi rs to∙∙''ptirge and reniins records of the purge action for five years I l∙syste owners r e - resp - nsible for processing the orders rendering the specified dat t unrecoverable and confirming completion of purge execute orders ∙∙ ∙∙∙∙∙ U fFOUOj Verifying purgc t actions Procedures are performed to provide additional assurance thaf'system owners have purged required SIGINT data from NSA r1 ∙∙ SV obtains random samples of data from the master purge list and deter runeswhether the data objects have been removed from the systems selected for rev1ew U ¥0 UO Automation to support purge processing Much ofthe purge process is performed manually NSA is developing a system to automate more of the purge process in phases between I I∙∙∙∙∙ b 3 P L 86 U fOUO Reports affected by purge actions SIGINT reporting procedures require MPL checks to prevent publication of new reports with sources that were subject to purge Additional measures are taken to detect and adjudicate already disseminated SIGINT products affected by a compliance incident or specific data identified during purge discovery Incident reports include information SV obtained from the mission team on reports issued related to the target or collection referenced in the incident Another source of information is a daily query run by NSA's management information systems for SIGINT production against the MPL to identify reports sourced from communications listed on the MPL whether because of an incident or purgeuponrecognition U If'OUOJ When SIGINT products with potentially tainted sources are identified the Reports under Review RUR team coordinates with the mission team that issued the report the purge adjudication authority SV and OGC as necessary to determine and complete approp riate actions This may include requesting a destruction waiver to permit retention ofthe traffic and allow the report to stand removing the MPL listed traffic completely from the report and revising and reissuing the report or recalling the repor t The RU R team maintains a list of affected reports and their status that is updated when the report analysis is complete The purge adjudication TOP SECRE'f SI 1 0FOR N 121 DOCID 4273474 TOP SECRET SI INOFOR N ST140002 authority makes necessary changes to the status of the communication identifiers on the MPL depending on the action taken U f'OUO Table 36 summatizes the purge provisions ofthe FAA §702 targeting and minimization procedures and the controls NSA has implemented to maintain compliance U Table 36 Purge Provisions and Controls 91 'f4F Provision Telephony communications and Internet communications acquired with the assistance of the FBI from Internet service providers that are not approved for retention under the standards set forth in the minimization procedures and that are known to contain communications of or concerning USPs will be destroyed upon recognition U Ill Control ll l Annual FAA §702 training addresses posttargeting review of target communications and situations requiring destruction of communications which most often require notification to SV and an incident report U U Internet transactions acquired through NSA's upstream collection techniques that do not contain information that meets the retention standards set forth in the minimization procedures and that are known to contain communications of or concerning USPs will be destroyed upon recognition U Annual FAA §702 training addresses posttargeting review of target communications and situations requiring destruction of communications which most often require notification to SV and an incident report U Internet transactions that are identified and segregated pursuant to the requirements for processing MCTs and are subsequently determined to contain a discrete communication in which the sender and all intended recipients are reasonably believed to be in the United States will be handled as domestic communications U Annual FAA §702 training addresses posttargeting review of target communications and situations requiring destruction of communications which most often require notification to SV and an incident report U ffit l6t A communication identified as a domestic communication and if applicable the Internet transaction in which it is contained will be promptly destroyed upon recognition unless DIRNSA or the Acting DIRNSA approves a destruction waiver after determining the communication meets one or more of four specific conditions U Annual FAA §702 training addresses posttargeting review of target communications and situations requiring destruction of communications which most often require notification to SV and an incident report UI Fetle Any communications acquired through the targeting of a person who at the time of targeting was reasonably believed to be outside the United States but is in fact inside the United States at the time such communications were acquired and any communications acquired by targeting a person who at the time of targeting was believed to be a nonUSP but was in fact a USP at the time such communications were acquired will be treated as domestic communications under these procedures TOP SECR e'f U Annual FAA §702 training addresses posttargeting review of target communications and situations requiring destruction of communications which most often require notification to SV and an incident report SHREL TO USA F'II'EY In addition to ana review of communications investigation ofL__J c J lotices from others involved in pr_ocessmg FAA §7Q2 information and receipt ofinformation from oth r agencies may identify an incident If the es of the collection req∙uire an incident circumstan∙c report anaiYs ts and SV work tqgether to determine the extent of the communicatici ns affected This is used to document the purg e parameters in an h' SI N OFOlt 122 b 1 b 3 P L 8636 DOCID 4273474 TOP SECRET I SI INOFOR N ST 140002 incident report which becomes the source for the purge adjudication process Communications identified for purge U i are subject to adjudication to determine whether the nominated data objects are consistent with the purge criteria communications affected by the incident have been properly identified destruction waivers pending or approved may affect the 1 I I ∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙ ∙∙∙I I The adjudicator adds the relevant data ∙∙∙∙ ∙ ∙ ∙ ∙to th Master Purge List MPL to prevent its use in targefing ∙and re porting and issues pu rge execute orders to appropriate ∙∙syster n s U Owners of the FAA §702J execute the purge orders remove data match mg the included identifiers and acknowledge completion of each order U Fett01 NSA's management information system for SIGINT reporting queries the MPL daily to identify data objects added to the list that may be associated with issued reports The Reports under Review team uses this information and incident report data concerning reporting associated with the a ffected communications to follow up with mission personnel for recall or reissuance of the reports U SV randomly samples records from the MPL comparing them to the FAA §702 repositories to assure completeness of purge ' b 3 P C g$ jG · t um I SHPJF e f JF For information acquired pursuant to SID guidance NSA Procedures for the Use FAA §702 during a period whenl last revised of FAA 702 704or 705 b Collection posttasking checks were not functioning 15 November 2013 was updated to provide properly resulting in uncertainty about the manual procedures for evaluating data when location of the target of the acquisition if NS NSA's posttask n gl checks are not determines that the target is reasonably properly f unctloning believed to have been inside the United State at the time the information was acquired such · information will not be used and will be 1 promptly destroyed 3 P L 8636 I S Jf4F U Retention of Data U Provisions of FAA §702 certifications U ¥0UO The retention criteria in the minimization procedures apply only to communications not subject to purge based upon other minimization requirements see the PostTargeting section U FOUO NSA minimization procedures state that telephony b 3 P L 86 communications will be retained no longer than five years from the expiration date of the certification authorizing collection unless NSA analysts have determined that the communications meet the retention standards set forth in the minimization procedures for example communications necessary to understand foreign intelligence information Communications for which SIDDIR has approved longer retention and for which a purge was not otherwise required may also be retained 'fOP S ECRE'f h' SI 123 i'I OFOR ' DOCID 4273474 'fOP S C RE'f f 91 N OFOR N ST140002 Communications for which DIRNSA has waived destruction may also be retained in accordance with the terms of the destruction waiver through upstream U In general NSA may not retain Internet transactions obtained collection techniques longer than two years from the expiration date ofthe certification authorizing collection However NSA may be able to retain certain Internet transactions longer if at least one discrete communication within the upstream Internet transaction would otherwise meet the retention standards and each discrete communication within the transaction is to from or about a tasked selector or not to from or about a tasked selector and is also not to or from a USP or person reasonably believed to be in the United States The minimization procedures also required destruction of all upstream Internet transactions acquired before November 2011 U Retention control procedures U Fot JO System certification The NSA system certification process implemented in 2010 see the Repositories section includes the Agency's requirements for compliance with the FAA §702 retention limits established in the minimization procedures To be certified FAA §702 systems must 1 limit retention of unminimized data records to the authorization and retention periods of the certification under which they were collected 2 retain data with an approved ageoff waiver beyond the normal ageoff pe1iod SID Director waiver and 3 provide a means to identify data records to be retained beyond the maximum retention period specified by the collection authority under which it was obtained 93 UJ qLOU01 Data tagging Data tags are now associated with most collection before it is made available to data stores accessible to analysts The tags include the certification under which the communications were obtained further supporting NSA's ability to identify records that meet the criteria for removal from system repositoties based upon ageoff requirements associated with each certification In 2014 new data tags were implemented to distinguish among the retention periods for upstream Internet transactions two years downstream collection five years and telephony data five years and monitring rageoff Pro a ' h 3 P L 8636 tmplemented to ageoff data 10 FAA §70 ∙Though lhe∙o nmmtzatwn procedures require data be aged off within two or five years of expiration of the certification depending upon the source of collection the processes NSA uses for determining ageoff result in earlier removal of data see Table 37 94 U fF O U O J implementation 93 U NSA 's FAA §702 minimization procedures provide no maximum retention period tor foreign commtmications detennined to contain foreign intelligence information The ageoff requirements apply to communications for which such a determination has not been made 94 U ffffl ffi The FAA 702 certifications are renewed annually Expiration oftl1e certification in effect for any collection would occur somewhere between 1 and 365 days of that collection NSA applies ageoff criteria to time of collection or recording date not the expiration ofthe certification 'fOP SECRETHSI NOFORN 124 DOCID 4273474 TOP SECRE'f'f SI N Ofi'OftN ST 140002 L 8636 b -3 - U Table 37 System AgeOff Procedures ∙∙∙∙∙∙∙∙ tfS1191h't4F ∙∙ ∙rr∙ II If II I and Internet Collection Procedure for Data AgeOff II TeleDhon tor Data ' I IJO striim Age Off 1 Monitoring for Com llance with Age Off Cnteria l1 1l b 3 ∙P L∙∙8936 b 3 so usc∙∙∙3024 i ∙∙ U fFQ YO Enterprise data header EDH is a small set of metadata tags applied to a piece of mission data so that it can be identified protected tracked and handled throughout its life cycle ill only accept data with an EDH ∙ ∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙ t U fFetro Systems scheduled to be decommissioned b 3 P L 8636 i U Ifflt10' DTOI date and time of intercept § T1 '' H I _ - 111' •• b 1 - I TS SI It4F b 3 P L 8636 U ¥0U01 Table 38 summarizes the retention provisions oftbe FAA §702 targeting and minimization procedures and the controls NSA implemented to maintain compliance TOP SECR e'f SI Ntlf tllt N 125 DOCID 4273474 TOP SECRETHSI INOFORN ST140002 U Table 38 Retention Provisions and Controls U IFOt16 II Provision II Control U Telephony communications and Internet communications acquired by or with the assistance of the FBI from Internet SeN ice Providers may not be retained longer than five years from the expiration date of the certification authorizing the collection unless NSA determines that each communication meets the retention st_a_n_da_r_d_s_in_th_e_se___ _p_ro_c_e_d_ur_e_s_ U System certification required of all FAA §702 systems includes retention standards consistent with minimization procedures U Data tags are now associated with most collection before it is made available to data stores accessible to analysts Data tags support identification of records for ageoff lutilizes∙a∙ l 3 P L 8636 U Internet transactions acquired through NSA's Ut software tool to search for data beyonq thEf upstream collection may not be retained longer required ageoff procedure A irnilar tool is than two years from the expiration date of the being developed fori ∙ certification authorizing the collection unless NSA determines that each communication meets the retention standards in these procedures Additional requirement regarding MCTs are addressed in the Purge section ∙ ' h U Internet transactions that are identified and segregated pursuant to the procedures for MCTs will be retained in an accesscontrolled repository U Any information contained in a segregated Internet transaction may not be moved or copied from the segregated repository or otherwise used for foreign intelligence purposes unless it has been determined that the transaction does not contain any discrete communication as to which the sender and all intended recipients are reasonably believed to be located in the United ______________ 1 1S_ta_te_s_ U Any Internet transactions acquired through NSA's upstream collection techniques prior to 31 October 2011 will be destroyed upon recognition NSA has implemented a U segregation process and sequestered MCT data is maintained in a collection store where it is not available for analytic use None of the data subject to sequestration has been transferred to repositories accessible to analysts NSA has deleted all identified U upstream Internet collection acquired before November 2011 If additional data is identified that was subject to this purge requirement NSA deletes it upon recognition U These controls are documented in the Collection section U U Oversight U Provisions of FAA §702 certifications internal and external oversight UI FOUO The FAA §702 targeting and minimization procedures provide that NSA will conduct the following oversight • U Implement a compliance program with ongoing oversight of its exercise of FAA §702 authority including the associated targeting and minimization procedures • U Develop and deliver training regarding procedures to ensure that intelligence personnel responsible for approving targeting of persons under these procedures as wel1 as analysts with access to the acquired foreign intelligence infotmation understand their responsibilities and the procedures that apply to this acquisition 'fOP iECR-E'fh'S f f i'I 126 O F OR ' DOCID 4273474 fOI' SECttET Sf NOfi'OftN ST 140002 • U Establish processes for ensuring that raw traffic is labeled and stored only in authorized repositories and is accessible onJy to those who have had the proper training • U fOUO Conduct ongoing oversight activities and make necessary reports to the NSA OIG and OGC including reports of non compliance • U Ensure that corrective actions are taken to address identified deficiencies • U Conduct periodic spot checks of targeting decisions and intelligence disseminations to ensure compliance with established procedures and conduct periodic checks of queries in data repositories • Sf Uf Report incidents of non compliance with the targeting and minimization procedures within five business days of discovery to the Dol NSD and ODNI 's oversight team 95 U DoJ NSD and ODNI oversight requirements include • U Oversee NSA's exercise ofthe FAA §702 authority including bimonthly reviews to evaluate the implementation ofthe procedures • U Oversee NSA's activities with respect to use ofUSP identifiers to query communications collected under FAA §702 U NSA oversight U A 'OUO NSA operates a comprehensive oversight framework to maintain compliance with the FAA §702 targeting and minimization procedures The NSA organizations that perform oversight are described below U FOUO FAA §702 Authority Lead is responsible for the implementation and operation ofthe FAA §702 authority for NSA The FAA §702 Authotity Lead serves on NSA's corporate Authorities Integration Group and works with other NSA mission Authority Leads and corporate legal policy compliance and technology personnel to coordinate implementation ofNSA mission authorities The FAA §702 Authority Lead addresses the tactical and strategic elements ofthe program interacts regularly with NSA's OGC ODO C TO LAO and SID routinely interacts with DoJ NSD ODNI FBI and CIA provides direction regarding daily operational and technical questions and coordinates input to reports to Congress and the FISA Court U fFOUO Authorities Integration Group AIG is administratively assigned to ODO C and reports to the NSA Deputy Director The AIG works directly with SID and Information Assurance Directorate authority leads including the FAA § 702 Authority Lead and holds weekly meetings with the authority leads and corporate process leads e g TD ODO C OGC to bring legal policy compliance technology and mission areas together to provide recommendations on the implementation ofthe 95 U ODNI's oversight team is comprised of ODNI's O ffice ofGeneral Counsel ODNl's Civil Liberties and Privacy Office and ODNl's Office ofU1e Deputy Director ofNational Intelligence for Intelligence Integration Mission Integration Division TOP SECRETh'81 NOFORl'l 127 DOCID 4273474 TOP SECRBT 81 INOFORN ST14 0002 authorities The AIG focuses on the activities of each authority internal and external to ensure that they are coordinated and integrated across NSA The AIG acts as a forcing function within NSA facilitating discussion among the Directorates to promote better understanding ofhow decisions affect the various authorities The AIG updates the NSA Deputy Director quarterly on each authority Uh'fOUO' Office of tbe Director of Comp liance ODOC is responsible for developing and directing the execution of compliance strategies and activities focused on protecting USP privacy during the conduct of authorized NSA missions ODOC has the authority to develop implement and mollitor a Comprehensive Mission Compliance Program for the Agency which addresses 1 integration of compliance strategies and activities across NSA mission technology and policy organizations 2 a training and education p rogram for compliance and 3 maintenance of and reporting on the status of mission compliance The CMCP ' s focus is on mission compliance particularly in Signals Intelligence and Information Assurance operations including the technology base on which they function The key objective ofthe CMC P is to provide reasonable assurance that the legal authotities and policies affecting USP privacy are reliably and verifiably followed by NSA The CMCP includes activities and funding to support compliance with FAA §702 such as compliance target validation and query tools U fOUG ODO C's monitoring activities provide continuous assessment to determine whether internal controls are operating as intended Its assessments help management evaluate the effectiveness ofthe compliance program and its components For example ODO C reviews compliance activities associated with queries in NSA repositories including those related to FAA §702 I • U FOUO ODO C analyzes hueries w∙∙∙ 6 3 P L 8636 forwarded to the query audit database that could tndtcate a problem in communicating with the repositories queried • U FOUO It vetifies that all queties requiring postquery review are assigned to reviewers • U FOUO It monitors the number of queries selected for review and the timeliness of review and • U FOU j It tracks the super audits performed by SV see the Oversight section U fFOOO In addition ODOC performs Compliance Vulnerability Discovery CVD reviews that focus on high risk areas within the CMC P to discover compliance weaknesses In 2013 ODOC completed two CVDs focused on mission compliance with SIGINT authorities Table 39 summarizes these CVDs TOP SECRET 181 NOFORN 128 DOCID 4273474 Tt P SEC itE'f' h'Sf NOF ORN ST 140002 U Table 39 Compliance Vulnerability Discovery Reviews Uitfet10j I If Date II U SIGINT II ' AuthcfrftY l 05 03 13 FISA FAA §702 07 17 13 All CVD Review II I ' Multiple Communications Transactions Data Taaaing I Scope of the Review I Reviewed data from NSA systems for proper taaaina to support designation of these systems I ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ • as I ∙ b 3 P L 8636 Reviewed implementation of controls to segregate unauthorized data from NSA's FAA §702 Upstream Multiple Communications Transactions U U FOUO' ODOC has also implemented processes to ensure that NSA representations to external overseers are accurate and NSA personnel have a consistent understanding ofprogram activities VoA and verification of implementation reviews are performed on written NSA representations that describe the Agency's acquisition processing retention analysis and dissemination and form the basis for legal opinions FISC Orders and Executive Branch decisions In 2013 ODOC conducted VoAs with FAA §702 stakeholders for the affidavits and targeting and minimization procedures supporting renewals of FAA § 702 certifications One verification of implementation was conducted in June 2013 with NSA external partners DoJ NSD and ODNI on procedures for implementing the FAA §702 targeting procedures U ff OUO SV implements the SIGINT compliance program across NSA SV establishes SIGINT compliance standards and provides guidance across the global SIGINT enterprise manages incidents of non compliance monitors compliance in high risk areas resolves problems and verifies compliance through audits and by managing the SIGINT Intelligence Oversight Officer program SV manages resources to ensure that NSA corporate systems and capabilities align with CMCP solutions C REL TO USA FYE l To maintain NSA's compliance with the FAA §702 targeting and minimization procedures SV I I • Si t W 1 8 I 86 S ·- · - I OU C b 3 50∙ l sc 3024 1f t thzu Ig ∙∙ ∙∙∙∙∙ ∙∙ ∙∙∙ ∙∙∙ ∙∙∙ ∙∙ • Adjudicates TRs for selectors nominated by the CIA and FBI the same process used for NSA TRs L ReL TO USA FVEY Performs post-taskli ig · analy is for FAA §702 selectors suspected of being accessed within the United Sfatesl ____ ___ TOP SBC RETHSI OFOR N 129 DOCID 4273474 TOP SEC RE'f f Sf NOf OftN ST140002 • U AAOUO Investigates all incidents ofnoncompliance with FAA §702 targeting and minimization procedures coordinating with TV when a potential incident involves a system SV works with the mission team to document FAA §702 incidents promptly reports them to OGC OIG and ODOC and maintains a permanent record • UJ q QUO Works with mission personne 1 and OGC to process destruction waivers as needed • UI f 0U01 Conducts super audits of que1ies of raw SIGINT databases that provide records of queries to the corporate logging and auditing system to analyze the quality of query reviews by auditors • U ff OUQj Completes Purge Verification Activities quarterly fo and certain other stores that hold FAA §702 data to assess NSA's effectiveness in purging noncompliant SIGINT l b 3 P L 86 36 • U tfOUO Oversees use ofMCTs as a source for reporting and verifies completion of required documentation 96 • U flVOUO Serves as the FAA §702 tasking liaison for the NSA enterprise IC customers FBI and CIA and overseers from DoJ NSD and ODNI • U FOUO Provides documentation for review by DoJ NSD and ODNI SV lfor each selector tasked and reviews records of reviews∙ information shared with NSA SIGINT partners for compliance with b 3 P L 86 36 dissemination requirements Records of database queries using USP query terms and records ofUSP reporting are also provided to overseers SV coordinates responses by NSA organizations to questions from DoJ NSD and ODNI during their review of information SV made available ' • U fi' OU6 Preapproves USP content queries in conjunction with OGC • U AAOUO Participates in the verification of accuracy process for renewals of certifications and targeting and minimization procedures • U AAOUO Partners with the Associate Directorate for Education and Training to develop and implement oversight and compliance training for tbe SIGINT workforce SV codevelops and reviews all updates ofthe FAA §702 course U AAOU0 7 SID Analysis and Produ ction Missi on and Comp liance Office This office supports all areas ofNSA's SIGINT operations by overseeing 96 fflhNFTTiuee types ofMCTs are made available to analysts Two types oftransactions made available to analysts after the MCT sequestration process are those that contain only discrete communications no MCTs and those where the active user of the selector is a targeted individual SV performs oversight of the third type where the active user of the selector is a nontargeted individual outside the U S an example of abouts collection SV examines these MCTs for compliance with NSA reporting guidance ISS1851 1 which states that analysts are only authorized to use those discrete portions ofMCTs containing the targeted selector TOP SECRET 81 NOFOR N 130 DOCID 4273474 TOP SECRETHSf NOfOftN ST 140002 • U FOUO FAA §702 adjudication and training interfacing with analysts on bow to use the authority approving new adjudicators who meet training and mission requirements and reviewing adjudicated TRs for compliance • Sh'N Pr Dualroute adjudication approving provision of the results of targeting to the CIA or FBI for selectors already on NSA collection • SH REL TO USA FVEY FISA and production metrics providing feedback to management on use oftbe authority and analyst adjudicator performance b f '''' ' ''' b 3 P L 8636 • 8 f REL TO USA FVEY The application ofthe authority e g in struction s for maintaining compliance∙ wbe nJL - ---- - - ------ ---- -- a were not operating targeting and adjudication checklists and general guidance on the analytic use ofthe authority U FOl JeJ TD Office of Compliance TV is responsible for identifying assessing tracking and mitigating compliance tisks including USP privacy concerns in NSA mission systems across the extended enterptise including systems that hold FAA §702 data TV manages the system compliance certification process continuous compliance monitoring and technical compliance incident reporting and also trains technical personne l TV performs VoAs for areas assigned to it in NSA representations ∙∙∙∙∙∙∙∙∙∙∙∙∙∙ '' b 3 P L 8636 U l£ 00011 I TV began certifying FISA systems including the FAA §702 systems to ensure compliance with the law and policies protecting USP privacy see the Repositories section U The Office of tbe General Counsel provides legal advice to NSA and is the liaison to DoJ NSD for NSA's FAA §702 program One of its main oversight responsibilities includes independently assessing potential incidents of non compliance U OGC receives reports of potential incidents of noncompliance from SV OGC compiles FAA §702 incidents daily provides them to DoJ NSD and ODNI and makes an initial determination whether incidents represent noncompliance with the FAA § 702 certifications and targeting and minimization procedures OGC notifies DoJ NSD and the ODNI's oversight team of potential incidents of noncompliance with the targeting procedures within five business days of discovery as FAA §702 targeting procedures require OGC reviews all proposed disseminations of information constituting USP attorneyclient privileged communications before dissemination as NSA's FAA §702 minimization procedures require For all violations ofNSA's FAA §702 targeting and minimization procedures OGC coordinates input from NSA organizations and edits the content for factual and legal accuracy DoJ NSD prepares Rule 13 notices in coordination with ODNJ TOP SECIU T 181 131 r OFORN DOCID 4273474 TOP SECRETHSI NOf OltN ST140002 U OGC performs additional oversight responsibilities including • U IfOUOJ Reviews requests to perform content queries using USP selection terms Only OGC approved selection terms can be used to perform content queries ofUSP information ∙∙∙∙ 8-h offf m r ----- b 3 P L ss 36 bK3 0U C l 1 ∙∙∙∙∙ ∙∙ - - ------ -- -- --' __ - 3 24 i ∙∙∙∙ ∙∙∙∙∙ • U FOUO Participates in the VoA process • UI fOUO Reviews and makes updates to the FAA §702 course as necessary U Office of tbe Inspector General OIG conducts audits special studies inspections investigations and other reviews ofthe programs and operations ofNSA and its affiliates OIG oversight includes • U Performing audits and special studies ofthe FAA §702 program • U Receiving notification of incident reports for all NSA authorities including FAA §702 saved in the Agency's corporate incident reporting database • Uh'FOUO Reviewing Congressional notifications and notices filed with the FISC ofincidents ofnoncompliance with FAA §702 targeting and minimization procedures • U Preparing Intelligence Oversight Quarterly Reports in coordination with the DIRNSA and OGC that summarize compliance incidents for all authotities occmTing during quarterly review periods and forwarding the reports to the President's Intelligence Oversight Board through the ATSD IO 97 • U Performing intelligence oversight reviews during OIG inspections ofjoint and field sites • U Maintaining the OIG Hotline responding to complaints including allegations ofSIGINT misuse by NSA affiliates operating under DIRNSA's authority • U Reporting immediately to the ATSD IO a development or circumstance involving an intelligence activity or intelligence personnel that could impugn the reputation or integrity of the rc or otherwise call into question the propriety of an intelligence activity 97 U In 2014 the ATSD IO was changed to the Office ofthe Senior DoD Intelligence Oversight Official TOP I CRI T 1 0FORN 132 DOCID 4273474 'fOP SE ST 140002 CitE'f 1 FOlt U FOUOJ The OIG reviews management controls maintains awareness of compliance incidents and stays informed of changes affecting NSA authorities including FAA §702 OIG reviews of the FAA §702 program allow it to independently assess compliance with minimization procedures Since the Agency obtained FAA §702 authority in January 2008 the OIG has completed annual reviews of reports containing references to USP identities and targets later determined to be in the United States as the statute requires The OIG bas also completed two special studies of the program Table 40 U Table 40 OIG Reviews of the FAA §702 program S fii P Date II lf lssuiC I 3 29 13 10 29113 I JL ' OIG Review U Assessment of Management Controls Over FAA §702 ST110009 Scope of the Review Reviewed management controls for U maintaining compliance with targeting and minimization procedures I I ∙∙∙∙∙∙∙∙•∙∙∙∙∙∙ ∙∙ ∙∙∙∙∙∙∙∙∙∙∙ · ∙∙∙∙∙∙∙ · · -· · ∙∙∙∙∙ • ∙∙∙∙ ∙ ∙ ∙∙ U External oversight e HJF b 1 b 3 P L 8636 b 3 50 usc 3024 i U 7¥ 0 UO DoJ NSD and ODNI closely coordinate to perform oversight to ensure that NSA's FAA §702 program is compliant with the statute and FISC rulings DoJ NSD is the primary liaison between NSA and the FISC for all matters pertaining to the FAA §702 program DoJ NSD and ODNI oversight includes • U fOUO Reviewing and approving annual certification renewals and updates ofthe associated targeting and minimization procedures and filing them for FISC approval • U Providing guidance to the NSA OGC on legal opinions relating to the interpretation scope and implementation ofthe FAA §702 authority • U f OUO Reviewing briefings on NSA proposals to substantially modify systems or processes supporting FAA §702 This allows NSD to determine that the modifications are lawful and that the Attorney General AG and the FISC are aware of the scope and nature oftbe changes • U Evaluating and investigating potential incidents ofnoncompliance with the statute or procedures and reporting any matter determined to be a compliance incident to the FISC • U Reviewing NSA briefings and training transctipts to ensure that they accurately describe the requirements ofthe FAA §702 Orders • fS 'iqf j Performing bimonthly reviews ofNSA authorities unde _ t h el __ _ FAA §702 certifications The reviews include NSA's targeting aecisions ∙∙ ∙∙ TOP SBCRBT H SI r OFOR 133 l'l b 1 b 3 P L 8636 b 3 50 usc 3024 i DOCID 4273474 TOP CRETHSI INOFOftN ST14 0002 including source documentation supporting these determinations to assess compliance with NSA targeting procedures and AG Acquisition Guidelines The reviews also examine database queries using USP query terms aud disseminations of serialized reporting and EMT • U Prepa1ing the pe1iodic reports the statute requires W DoJ submits the Semiannual Reporls of the AG Concerning Acquisitions under Section 702 of the FJSA to Cougress and the FISC I b ' 1T ____ ∙∙ ___ b 3 P L 8636 b l SO USC ∙∙l Q i 24 ∙∙∙ - i o n t t n t ac g i1n§ toreign certifications by NSA and FBI While the CIA does not acquire the ∙ c ∙ ∙ ∙ ∙ ∙ ∙ d d h NSA an d FBI acquue ∙ d twn It may receive unmtrum1ze ata t at ill1011na The AG's semiannual reports focus on analysis of incidents ofnon compliance with targeting and minimization procedures by NSA and FBI ∙ andj ncidents of noncompliance with minjmization procedures by CIA 2 S f Joi n tly the AG and the D NJ submit the Semiannual Assessments of Compliance wilh frocedures and Guidelines Issued Pursuant to Section and the FISC These repmts summarize the 702 of the FISA to Congre s oversight performed on implemep tatiou of the FAA §702 authority trends in targeting and minimization e g · · cha pges in tbe number of selectors w1der collection and statistics on use ofthe Q ertifications and compliance incidents with the FAA §702 authority for NSA FBI and the CIA • U ODNI hosts bimontbJy interagency meetings and a weekly phone call to discuss FAA §702 implementation and compliance matters The FISC reviews and when satisfied that the legal requirements have been met approves a11 renewals of certifications and targeting and minjmization procedures for the FAA § 702 authority that have been authorized by the AG and DNJ 98 In addition the FISC reviews representations NSA made regarding the operation of the program and Rule 13 notices of incidents of non compliance filed by DoJ NSD on be half of NSA If the Court finds that incidents of non compliance result from processes inconsistent with the targeting aud m®mization procedures e g incomplete applic ig _r t of the - 1 identification NSA will be requji Q J o _ change its 'internal systems or procedures and report to the Court on tbe p f'o gress made to achieve comp liance Tbe Court may also determine that additional _ measures or changes are required to the targeting and minimization procedures e g b 1 sequestration of MCTs ifit deems that NSA processes do not adequately protect b 3 P L 8636 USPs ifl 98 U fi'OUO The AG and DNI autJ10rize the collection of data pursuant to FAA §702 using targeting and minimization procedures adopted by the AG in consultation with the DNI The FISC must approve the certifications and associated procedures that the AG and DNI have authorized 'fOP SECRE'fHSI I 134 r OFOR r DOCID 4273474 ST 140002 TOP 8Ei€R£T ISI INOFORN Uh¥ 0UO Table 41 summarizes the oversight provisions ofthe FAA §702 targeting and minimization procedures and the controls NSA implemented to maintain compliance U Table 41 Oversight Provisions and Controls Sflf4r II Provision Control II U NSA will implement a compliance program and will conduct ongoing oversight with respect to its exercise of the authority under FAA §702 including the associated targeting and minimization procedures NSA operates a comprehensive oversight framework to maintain compliance with the FAA §702 targeting and minimization procedures This compliance framework is collectively managed by the NSA organizations described above U NSA will develop and deliver training regarding the applicable procedures to ensure intelligence personnel responsible for approving the targeting of persons under these procedures as well as analysts with access to the acquired foreign intelligence information understand their responsibilities and the procedures that apply to this acquisition U ffetle SV partners with the Associate Directorate for Education and Training to develop and implement oversight and compliance training for the SIGINT workforce SV codeveloped and reviewed all updates of the FAA §702 course OGC also reviews and updates the FAA §702 course U NSA will establish processes for ensuring that raw traffic is labeled and stored only in authorized repositories and is accessible only to those who have had the proper training U IFOUO TV certifies FISA systems periodically including the FAA §702 systems to ensure that they comply with law and policy protecting USP privacy TV's certification process evaluates system controls for maintaining compliance in a number of areas including data tagging and data access U NSA will conduct ongoing oversight activities and make any necessary reports including those relating to incidents of noncompliance to the NSA OIG and OGC in accordance with the NSA charter Ut 'FOUO SV and TV investigate incidents of noncompliance with FAA §702 targeting and minimization procedures SV works with mission teams to document FAA §702 incidents SV promptly reports potential incidents to OGC and ODOC and maintains a permanent record When a potential incident involves a system TV manages the incident investigation U The OIG receives notification of incident reports for all NSA authorities including FAA §702 The OIG also receives Congressional notifications and notices filed with the FISC of incidents of noncompliance with the FAA §702 targeting and minimization procedures U ffetle OGC receives notifications of potential incidents of noncompliance for all NSA authorities OGC compiles FAA §702 incidents daily which it provides to DoJ NSD and ODNI and assesses whether incidents represent possible noncompliance with the FAA §702 certifications and associated targeting and minimization procedures TOP SECRET 4'SI OFOR l 135 U DOCID 4273474 'fOP S C RE'f' h'SI IN Ofi'Oft N ST 140002 U NSA will ensure that necessary corrective actions are taken to address any identified deficiencies U SV and TV investigate all incidents of noncompliance with FAA §702 targeting and minimization procedures and monitor corrective actions U OIG performs audits and special studies of the FAA §702 program tracks recommendations until completion U NSA will conduct periodic spot checks of targeting decisions and intelligence disseminations to ensure compliance with established procedures and conduct periodic spot checks of queries in data repositories U 1 SV performs oversight of targeting decisions queries and dissemination and provides documentation for review by DoJ NSD and ODNI to support their oversight of NSA's implementation of FAA §702 SV also conducts super audits of queries of raw SIGINT databases U OGC reviews all proposed disseminations of information constituting USP attorney client privileged communications before dissemination U ffet te NSA will report incidents of non compliance with the targeting and minimization procedures within five business days of discovery to the DoJ NSD and ODNI OGC and ODNI CLPO U 1 OGC notifies external overseers of incidents of possible noncompliance with the targeting procedures within five business days of discovery OGC coordinates input by NSA organizations for Rule 13 notices prepared by DoJ NSD in coordination with ODNI for all violations of the FAA §702 targeting and minimization procedures DoJ NSD and ODNI will oversee NSA's exercise ofthe FAA §702 authority which will include bimonthly reviews to evaluate the implementation of the procedures DoJ NSD and ODNI perform bimonthly reviews of NSA authorities under the_ FAA §702 certifications DoJ NSD and ODNI review NSA's targeting decisions including the source documentation supporting these determinations to assess compli nce with NSA targeting procedures and Attorn y General's AG Acquisition Guidelines NSD and ODNI also review queries and disseminations of serialized reporting and EMT U 1i U Iffit te DoJ NSD and ODNI will oversee NSA's activities with respect to use of USP identifiers to query communications collected under FAA §702 I 3 fi U FAA §702 Incidents of NonCompliance F b 1 b 3 P L 8636 b J 50 usc 3024 i U fFOUO FISC Rules of Procedure requiTe NSA to report to the FISC corrections ofmaterial facts and disclosures ofnoncompliance'' with FAA §702 In addition NSA determines whether Congressional notifications are required U FISC Rules of Procedure U FOUO The FISC Rules ofProcedure govern all FISC proceedings Rule 13 Correction of Misstatement or Omission Disclosure of Noncompliance is the procedure NSA follows when notifying the Court through DoJ NSD ofincidents of noncompliance with FAA §702 U Rul e 13 a Correction ofMaterial Fac ts Ifthe government discovers that a submission to the Court contained a misstatement or omission of material fact the 'fOP SECRE'fHSI NOFORN 136 DOCID 4273474 ST 140002 TOP SECRETI SI INOFORN government must immediately in writing inform the Judge to whom the submission was made of 1 U the misstatement or omission 2 U necessary corrections 3 U the facts and circumstances relevant to the misstatement or omission 4 U modifications the government has made or proposes to make in how it will implement any authority or approval granted by the Court and 5 U how the government proposes to dispose of or treat information obtained as a result of the misstatement or omission U Rule 13 b Disclosure of Non compliance If the government discovers that an authority or approval granted by the Court has been implemented in a manner that did not comply with the Court's authotization or approval or with applicable law the government must immediately in writing inform the Judge to whom the submission was made of 1 U the noncompliance 2 U the facts and circumstances relevant to the noncompliance 3 U modifications the government has made or proposes to make in bow it will implement any authority or approval granted by the Court aud 4 U bow the government proposes to dispose of or treat information obtained as a result ofthe noucompliance U Identifying and Reporting Incidents ofNon-compliance U Identifying incidents of noncompliance All potential incidents ofnoncompliance with FAA §702 certifications U $ and targeting and minimization procedures are reported to SV or TV upou discovery by analysts and others operating under the autbotity as documented in the FAA §702 section Incident Recognition and Reporting Training Program Control Framework provides a heightened sense of awareness for personnel to identify potential violations Incidents may also be discovered through oversight mechanisms addressed in the FAA §702 Program Control Framework section PostTargeting and Oversight Monjtoring and oversight include manual and technical controls to detect abnormalities U Ifi'OUO After review of the incident SV or TV forwards documentation to OGC If OGC believes a violation of the targeting and minimization procedures has or may have occurred even if all the facts have not been gathered preliminary notification is sent to DoJ NSD OGC notifies DIRNSA ofinstances ofnoncompliance as appropriate Upon receiving initial notification from OGC DoJ NSD drafts in conjunction with ODNl a notification to the Court should one be required under the FISC Rules of Procedure 'fOP S ECRE'fh'Sif i'IOFOR 137 ' DOCID 4273474 'fOP SECitE'f Sf NOf OftN ST 140002 U FOOO Once the facts have been gathered and OGC has made an initial determination that a noncompliant FAA §702 event has occurred OGC finalizes a notification of noncompliance and forwards it to DoJ NSD and ODN1 which make the final determination as to whether there has been an incident ofnoncompliance that must be reported to the FISC If DoJ NSD and ODN1 determine that an incident of noncompliance has occurred DoJ drafts a notification which is coordinated with the IC elements involved finalizes it and files the notice with the Court U FOUO Dol NSD often follows up on preliminary notifications with one or more additional notifications In some cases the preliminary notification of an incident serves as the final notice of that incident 99 b 3 P L 8636 ∙∙∙∙∙ U FOUO ∙∙In∙20B ∙ O incidents ofnoncompliance 13 b s were filed with the FISC for matters identified in that calendar year None ofthese incidents involved inaccurate information in previously filed declarations to the Court requiring that a Rule 13 a notice of correction of material fact be filed U Congressional notifications U q OUO DIRNSA as head of an IC element has a statutory obligation to keep the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence fully and currently informed of all significant intelligence activities NSA resolves doubts about notification in favor of notification In addition to notifying Congress and the Director ofNationa l Intelligence DIRNSA must notify the USD I and other USD I staff as directed by USD I guidance For all FAA §702 incidents ofnoncompliance reported to Congressional intelligence committees NSA also provides discretionary notifications to the Senate and House Committees on the Judiciary 100 U F 0001 NSA's LAO manages NSA's liaison with the Congress and with the DN1 DoD the IC and other U S government departments and agencies regarding matters of concern to Congress LAO is NSA 's focal point for Congressional inqui ties correspondence questions for the record and RFis directed to NSA U If000 7 NSA CSS Policy 133 provides guidelines for identifying matters that OGC and LAO must consider reporting to the Congressional intelligence committees under 50 U S C §§309 J and 3092 The guidelines do not constitute a comprehensive Jist of what must be reported Compliance incidents are assessed under a general guideline to consider reporting matters that the intelligence committees have 99 U AOQU67 DoJ NSD f iles the Quarterly Report to the Foreign Intelligence Surveillance Court Concerning Compliance Matlers Under Section 702 of the Foreign Intelligence Surveillance Act which includes incidents DoJ 13 b s as well as all NSD and ODNI determined to be violations of the targeting and minimization procedures other incidents determined not to meet the reporting requirements of 13 b This quarterly report to the FISC also provides supplemental information on previously reported compliance incidents 100 J 2 Congressional Notificati on U 50 U S C §3091 as implemented by Intelligence Community Directive I 16 November 2011 requires the head ofe ach element ofthe JC to inform CongTess on significant intelligence activities TOP SECRET SI NOFOR H 138 DOCID 4273474 'fOP S ST 140002 CRE'f' h'SI IN Of'Oft N expressed a continuing interest in or which otherwise qualify as significant intelligence activities or failures U fOUO NSA works to keep Congressional inte1ligence committees fully and cuiTently informed about the Agency's activities over and above what is strictly 133 At a required to be reported under the guidelines outlined in NSA CSS Policy minimum however NSA must keep the Congressional intelligence committees timely informed of all major intelligence policies and activities and provide the information those Committees request U IFOOO Determining whether Congressional notification should be provided is a judgment based on the facts and circumstances and on the nature and extent of previous notifications to Cougress on the same matter Not every intelligence activity watTants Congressional notification NSA's analysis ofthe FAA §702 incidents of noncompliance filed during 2013 resulted in two incidents reported in Congressional notifications one related to a 2013 incident and the other to an incident first reported in 2012 I reported a retention and dissemination compliance incident involving an NSA corporate database 6 1f ∙ ∙∙∙∙∙∙∙∙∙ TSJ Sfli'NFfCongressional Notificat ion b J L 8636 ∙ ∙∙ ∙∙∙ ∙∙∙ • ∙∙ ∙∙∙ ∙∙∙ ∙•∙ ∙∙∙∙ ∙•∙∙ • ∙ ∙ y∙ ∙ ∙ ∙∙ ' ∙∙ ∙∙∙ ∙∙∙ ∙∙ ∙∙∙∙∙∙∙∙∙ ∙∙ ∙∙∙ ∙∙∙ ∙∙ ∙∙ ∙∙ • ∙∙ ∙ ∙∙ • ∙∙∙ ∙∙•∙•∙ '∙ ∙∙ ∙∙∙∙∙∙∙ ∙∙∙∙ ∙∙ ' ∙ ∙∙ ∙∙ I TS SI l ¥ Cong ressional N otificati n · l pr vided esolution of a matter first reported to the Congressional intelligence committees ohl _ I 1 This update reported on the actions taken to resolve the ------ ---- matter mcludmg cotTection of the affected system component purge of affected transactions verification that no disseminated reports had been based upon overcollected data and implementation of a postacquisition review of this type of data to identify future overcollection r- ' -0 1 U O U O ' j __________________________ TOP SECRE'f h' SI NOFOR 139 J b 3 -P I L 8636 DOCID 4273474 'fOP SECitE'f Sf NOf OftN U Incidents ofNon-compliance in 2013 ST140002 L 8636 b 3 -P U POUGt In 2013 DoJ reported to the CourtO incidents ofnoncompliance with FAA § 702 The incidents and rates of occurrence are in Table 42 U FOUO Table 42 FAA §702 Incidents of NonCompliance Reported in 2013 tf n ln f F Incident Type II Percentage Tasking Errors • 12% Detasking Errors∙ ∙ 19% Non compliance with Notification Requirement 57% Noncompliance with Documentation Requirement § 5% Minimization Errors 11 6% Other•• 1% • U Tasking errors foreignness support was insufficient to support tasking e g foreignness was not reestablished following travel to the United States foreign intelligence purpose explanation was insufficient or a typographical error was made t U Detasking error examples include 1 delayed detasking which occurs when NSA has a foreign intelligence target reasonably believed to be outside the United States at the time of tasking and later learns that the target plans to travel to the United States but does not detask the target's selectors before the target arrives in the United States and 2 incomplete detasking of all tasked selectors when it is determined the target is no longer eligible for tasking i U Notification NSA's targeting procedures require certain incidents be reported to NSD and ODNI within five business days even if these incidents do not involve noncompliance with the targeting procedures Specifically NSA is required to terminate acquisition and notify NSD and ODNI if NSA concludes that a person is reasonably believed to be located outside the United States and after targeting this person learns that the person is inside the United States or if NSA concludes that a person who at the time of targeting was believed to be a nonUnited States person was in fact a United States person § U FOUO Documentation ErrorsThe targeting procedures require that NSA provide a citation to the source of information upon which the determination of the target's foreignness was made These errors in which the citations were not considered adequate to support the foreignness of the user of the selector tasked were identified through DoJ and ODNI review of NSA tasking 11 U Minimization errors may include errors in querying reporting and retention •• U The other incident type often pertains to instances in which systems that support compliance are not operating as intended TSI 61 INF U i OUOJ Examples ofincidents including actions NSA took to mitigate recurrence follow This information is taken from the 13 b uotices DoJ NSD filed with the FISC UI FOUO Example 1 Incident as a result of delayed detasking f liance Incident ReO ardin Section 702 Tasked _ - S i SI fF I lNSA reported to the National Security Division NSD and t4e 0f fice of the Director of National Intelligence ODNI a delay in the detaski ng of ∙∙∙∙∙∙∙ • ∙∙∙∙∙ ∙∙ ∙∙ ∙∙ ∙ ∙∙∙ b 1 b 3 P L 8636 TOP S E CitE'f SI 140 OFOR t ' DOCID 4273474 TOP SEC RBT 81 INOP OR N b 1 o 3 R 8636 ST 140002 tbH3l50 ∙u sc 3024m ∙∙ ∙∙ ∙∙∙∙∙∙∙∙ '∙∙ ∙∙∙∙∙∙∙∙ ∙ • I N A determined I I that the f o f the selec torS 1∙ hid rraveted tu th u s 1 I ∙ s elector assoctated wttb the U S traveLJ 1 be ∙ an_NSA analyst · deta$ l the analyst owever inadvert e tly dicfiiot de ' sk tne · r selectors used b the target NSA discovered this and dehi'ske the same day The continued tasking of the remaining selector was not discovered until lwhen the selector was immediately detasked ∙1 ∙ 1 Sffl'tJf 6 1y · · · b 3 P L 86 6 ∙••∙ targbtea rr ∙errorl I U 1fi'OUO Action taken to miti gate recurr ence The target office was reminded of the need to identify and immediately detask all facilities used by a target when the target is found to be in the United States U fFOUO NSA did not issue a Congressional notification about this incident The incident was included in the Semiannual Report ofthe Attorney General Concerning Acquisitions under Section 702 ofthe Foreign Intelligence Surveillance Act dated March 2014 U FOUO Example 2 Other incident technical error j ' b t b 1 ' ∙ l J 3 P L 8636 Nsk · ·lly notified the NS 6 of a· -po- ·s f ' t -as J i n - g checks NSA conqud t6help ensut e that accounts tasked for collection pursuant tti Section 702 A re not e U S NSA provided written notice o this∙ incident to NSD and L-· b e i1J g_ u_ s_e -d - - rr o-m- 1 n - - si d' -e th I ' the 'ODNII ∙ ∙ €8 lF - P re l i mi n ary ' -u incident regarding the ------ b 3 P L 8636 ∙∙∙∙∙∙∙ S 'NF NSA identified the followin r com liance∙∙incident as a result of its on roino ∙∙ k i ecks ar rinl nded S 1'clf NSA's post taskind to identif indications that users ofSection 702tasked selectors ma bc Hriside the U S ∙∙ ∙∙∙∙∙∙∙∙∙ '1 _____ ____ I∙∙ _ _ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙ ∙∙∙∙∙∙∙∙∙ ∙ ∙ ∙∙∙ ∙∙∙∙∙∙•∙∙∙ b ' TOP SEC RETHSI NOii ORN _ _ 141 b 3 P L 8636 • ' b 3 50 usc 3024 i ∙ ' 1 1 ∙∙ 3 P L 8636 DOCID 4273474 ST140002 ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ 'l'fj 1 1 ' • l liiiiiiiiii ∙∙ ∙∙ b 3 LJ J6 ' 36 · 3 0 so ¥ i ' '' ' ' ''' ' _ _ _ _ ∙∙ ∙ ∙ b · _ · '• a '• '•∙ ∙ '• • '•∙ ∙∙∙ ∙∙∙ ∙∙ ·· · ∙ ∙ ∙∙ ∙∙ ∙ ·- - ' '•• ∙ and confirmed that there is no ∙ tSt NSA NSD and ODNI at the time continue d to investigate this incident The Department ofJustice committed to continue to inform the Court of additional information regarding thjs incident as it became available Supplemental Final As detailed in the preliminary notice NSA determined that certain Section 702 I selectors were not beina sent from NSA s f I Sf JF t Q NS f i s l 1 - l y _b i _ · · · _ _li ro∙ m∙ ria u ·c te a -r- ' egard inJ er n∙J c c-·o 1 preventingl I Post tasking 'l- l -- - theseJselecL tor sl ∙ b 1 b 3 · L 8636 b 3 50 US'C∙3Q24 i ∙∙∙ ∙∙• • ∙∙ - · • · · 1L -s _ _w_ _J - · _ _ r e fi _ au∙o_n_∙ IN S A m ad ∙∙a ∙m o di t∙o∙en_s_ ur_eth_a _'______ ___ _ ___ 1 SA -------- NSA at that time continued to investigate the alert o- t enti al f i ii 'fut ur com liance incident NSA has corrected thb error tha t - evenred ∙∙ ∙ ∙∙∙∙ 'fOP SECRE'fh'SI 1 0FORN 142 b 1 b 3 P L 8636 b 3 50 usc 3024 i DOCID 4273474 ST 140002 ∙ ∙ I wbjle those facil i _ w ere∙tas Ked f - S · · tion 702 acqu isiti'o the remainjngL selectors NSA bas identified o o firined the Uruted States by the intended target wruch lasteq_____Jda ys ∙l ∙∙∙ ∙∙ _ ∙ l 'fOP SECKE'f Sf NOPORN ∙∙∙∙∙∙∙∙ ' b 1 ∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙ b 3 P L 8636 With spect to period ofrldaming in ∙∙∙∙ ∙∙∙∙∙∙∙ accounts have been detasked ∙ • I _ fh_ff_ _S ti_o_n ta_k_e ' b _S_ ' '_S_ _u_m_m_ ar_y_o_f_a_c_ _n__ to mitigate recurrence With respect to∙'r∙ 1 b P L _ 3 86 36 b 3 SO USC 3024 i selectors discussed above NSA advises that the unique identifiers associatep with communications acquired while users were or may have been in the US wer added to NSA's Master Purge List MPL in discover status 107 1 I The notice also stated that DoJ would include this issue in its quarterly report to that the report would the Court regarding Section 702 compliance occurrences and confirm that NSA bad added the communications to the MPL in purge state S t F U ff OU07 NSA did not issue a Congressional notification about this incident The preliminary incident of non compliance was included in the Semiannual Report of the Attorney General Concerning Acquisitions under Section 702 of the Foreign Intelligence Surveillance Act dated March 2014 U NSA Use of the FAA §702 Authority '6 1 ∙∙∙∙∙ S NSA asserts that the FAA §702 authority provides significant foreign b 3 P L ∙∙86 36 ∙∙∙∙∙ ∙∙∙∙∙∙∙ iiitelligenee inform iQ related to the foreign intelligence categories specified in the ' i s · - Tbe c e rtificati o ns ovet∙l IF AA §702 certificatio I 6 '1' b 3 P L 8636 b 3 50 usc 3024 i U Methods Used toAssess Effectiveness U FOUO NSA maintains a variety of statistics related to the FAA §702 authority that show the overall contributions to NSA SIGINT reporting how customers value and use reports and the unique access to foreign intelligence information FAA §702 provides Data presented in this report is for calendar year 2013 unless otherwise noted and statistics are limited to NSA reporting U FAA §702 contributions to SIGINT reporting 'fSf Sfh'R EL TO USA FVEY7 As Figures 9 and I 0 show information obtained b Jr∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ l E FAA §702 is a key and growing source of reportable foreign intelligence to U S govetnttrent ∙consumers J1 9 i ed foreign governments Of the more than b 3 -P L 86 6 lsiGINT reports issued in caleiidafyear20l3 0 percent were based in ·-· · ·- whole or in part on FAA §702 information 107 fS Hf' j TOP SECRBTHSI NOFORN 143 -- - ∙∙∙∙∙∙∙tl1tf1 bk3 P L 6 DOCID 4273474 TOP SECRETf Sf NOFORN ST140002 U Figure 9 Total SIGINT Reports Issued in CY2013 b M b 3 P L 8636 i I TS Sf REL TO USA FVEY U Figure 10 SIGINT Reports Based in Whole or in Part on FAA §702 or PAA Collection h ' 1 ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙ b 3 P L 8636 2008 2009 2010 2011 2012 fFSHSIHREL 'fe U A 108 2013 I' VI t EC REL TO USA f 'EY When a report is solely sourced to an authority it indicates that a particular source was used by the analyst but does not mean that the collection was only available from that one source of collection TOP ECltE'f SI NOFORN 144 DOCID 4273474 'fOP S CRE'f h'SI N Of Oft N ST 140002 f ∙∙ · 1 ' ' ' · · · During 2013 NSA disseminated an average of over serialized SIGINT reports a month that included information collect ed under the 109 FAA §702 certifications t ffffl H bf 3 P L ·M 3 k 4' l L ∙ ∙∙∙ ∙∙ ∙∙ ∙ ∙ - f1EH ffii FVE¥7 TO USA FVEY NSA management believes that disseminated reports ba sea · n f - § 7 Q · c Q_lJection further the U S government's understanding of high priority intema tio ·naf iettq f ism t r gets Be ond disseminated re orts collection obtained under FAA 702 contributes∙t ∙ and hef r ∙ sts T∙ J s 1 n te l 'U ' re_n_c_e_a_n a ∙∙ ·· di ate d D TSf SIHR EL TO USA P v'BY On average during 2013 NSA SIGINT reports per month concerning international terrorism that include information de1ived fi∙om FAA §702 collection U Figure 11 Terrorism Specific SIGINT Reports Sourced wi th FAA §702 Information CY2013 I TCOIJC' J ' b 1 b 3 PJ 8636 ∙∙ ∙∙ ∙∙∙ • ∙∙ 109 U ff 8e The number of issued reports was obtained in November 2014 from NSA 's management information system for SIGINT production The number of reports for any period is net of any reports recalled after U1ey were issued 'ftlP E CitE'f 81 N OFOR 145 l' DOCID 4273474 'f'Ofl SECitE'f' Sf INOfi'OftN On average more thanl under FAA §702 during 2013 1 ST 140002 selectors were tasked for acquisition 'fSHSih W 1 ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ __ 1 b 3 P L 8636 ∙∙ U Analyst Use of the Authority Sh ff J The FAA §702 authority is utilized broadly to suppdrt NSA missions ∙ ∙ Jts usefulness is confirmed by the above statistics as well as the fact that the number of selectors tasked to the authmity has increased ∙1 since 2010 SimjJarly the increase in the number ofre prts sourced by FAA §702 commurucations has increased _∙in the same period U FAA §702 Contributions to the Intelligence Mission U In 2013 NSA reported to the Senate Committee on the Judiciary that information gathered fiom Section 702 of the FISA Amendments Act and Section 215 ofthe Patriot Act in complement with NSA's other authorities has contributed to the Unjted States government's understanding ofterrorism activities and in many cases has enabled the disruption of potential terrorist events at home and abroad U On 21 June 2013 NSA provided to several Congressional committees testimony concernjug 54 cases in which these programs conttibuted to the U S government's understanding and in many cases disruption of terrorist plots in the United States and more than 20 countries U The SIGINT Directorate provided to the OIG additional examples ofthe value of FAA §702 collection to NSA missions I T SI SII T - - i- - · - i O l - -P L 8636 c ∙ ' ' ' ' _ F ari t u · · andL I '∙ of ploq _ __ T S S fh - F 11 ∙∙∙∙∙∙∙∙∙∙ t'b 1l∙ b 3 P L 86 36 b 3 18 usc 798 b 3 50 usc 3024 i I F3 ' z 'l'TF J t'l ty∙ ___ r ' 1 b 3 P L 86 JG∙ ___ I __ _ ' 'o ∙ TS S I#t F b f b 3 P L 8636 b 3 18 usc 798 b 3 50 usc 3024 i 'fOP S R CRE'f h' SI r OFOR 146 N I DOCID 4273474 'fOP SECRET SI 1 0FOR N ST 140002 1 ∙∙ f b _ 3kp'J b -j -T' - 0- '1 0- T - f - t - · e s '8 - YSC798 · ·- · - ·- b 3 50 _ USG 3024 i ∙ ∙ · - - - - - - - _- _' ___ - •• J r ' J I · Sectio ·- 7 02 1 • TS 6WlF Section 70'21 ∙∙ ∙∙∙∙ ∙∙∙∙∙∙∙ ∙∙ TS Sb 'i fl ∙∙ Based on Section 702 collection disrupted the potential attack ∙∙ ∙ ∙ IS 'b 1 b H 3 P L 863Et_ # Sth 't F - I b 3 18 usc 798 b 3 50 usc 3024 i ∙ • ∙∙ • ∙∙∙∙∙∙∙ TS h'S h' F I I ____ ____ _____ TOP SECR£THSI 147 r OFOR ' DOCID 4273474 TOP SEiCRETI SJ fN OFOR N ST140002 ∙∙ I based u on information obtained p 'EJGI ursuant to Executive Order'' 2333 and Section 702 NSA '1 5 St tREL TO us I I ∙∙ ' ∙ • ∙ _ 0 _ ∙∙ ∙∙∙∙∙∙∙∙ '7021 v Sectio ∙ ' ' ' ' ' b rf · j--- • ∙∙∙∙∙∙ _ _ _ _ _ - - - ∙∙ ∙∙∙∙ ∙ ∙ L I ___ _ _ _ _ ••• _ had been arrested b 3 P L 8636 'fOP SR C RE'f SI r OFOR 148 N DOCID 4273474 'fOP S CRE'f 91 NOPORN ST 140002 SiiltRL 'fO USAILr ' -r ' ' T _'T' r' TTC' ∙∙∙∙∙∙∙∙∙ ∙•∙ ∙∙∙' ' ∙ ∙ ∙∙ ∙ b 1 b 3 P L 8636 b 3 18 usc 798 b 3 50 usc 3024 i TOP SECU'f 81 iNOFORl' 149 _ _ _ ∙∙∙_ _ _ _ _ _ _ _ --i g -P L 8636 DOCID 4273474 'fOP S CRE'f h'SI N Of Oft N ST140002 IV U ABBREVIATIONS AND ORGANIZATIONS U ADET U AlG Associate Directorate for Education and Training Authorities Integration Group U A TSD 10 Assistant to the Secreta CU L1 _____ __ L U U ---- ------ U BR U Business Records ∙ U L C D R C a 11 D eta 'i'l ' R --ec -o-rd ---- __ U CIA Central Intelligence Ageiicy Comprehensive Mission Compliance Pr ogni U CMCP Cell site location information∙∙ U CSLI U CSP Communication Service Providet' Counterterrorism U CT U DIA Data Integrity Analyst ∙ ∙∙∙∙∙ Director NSA U DIRNSA Dataflow Management Request U DMR ∙ ∙ Director ofNational Intelligence U DNI '∙ Department of Defense ∙ ∙ U DoD Department of Justice National Security DivisioQ U DoJ NSD Directive Type Memorandum ∙ ∙ ∙ U DTM Date and Time oflntercept U DTOI b 1 Emphatic Access Restriction U EAR _ _ ' ∙∙∙∙∙∙∙∙∙ b 3 P L 8636 U EDH Enterprise data header _ __ ∙ ∙∙ U ____ ____ __ 1 ∙∙ U E O Executive Order ∙∙∙∙∙∙ U FAA FISA Amendments Act Federal Bureau of Investigation U FBI U FISA Foreign Intelligence Surveillance Act Foreign Intelligence Surveillance Court U FISC U FTP File Transfer Protocol ∙ 1 U -------- L· ∙_ ∙∙ ' I •' r cu _ Mc H d M iss ion Coo rd U H ' ' om ____ el an 'ina tor____ Intelligence Community U IC U IMEI International Mobile Station Equipment Identity U IMSI International Mobile Subsctiber Identity Intelligence Oversight U IO Legislative Affairs Office U LAO Multiple Communication Transaction U MCT 'fOP SECU'f' 81 NOfOlt N 150 DOCID 4273474 'f'Ofl SECitE'f' Sf INOfi'OftN ST 140002 U MPL U MRG U I Master Purge List Math Research Group · U N C T C -- N at - -io _n_a -1 - C ou_ n_t _e t-te -n-·o -ti -sm__ Center National Security Agency Cerit l Security Service NSA Washington ∙∙ National Security Division National Security Operations Center ∙∙ Office of the Director ofNational Intelligence Office ofthe Director ofCompliance ∙ 0 ff ce off Gheneral Coun sel 11ce o t e 1nspector 0 enera 1 Obligation to Review _ Public key infi astructure Associate Directorate for Security and CounterintelJ t gence Reasonable Articulable Suspicion ∙ ∙∙∙ Request for information U j -- - U S 1 S Information Sharing Services Group 0 1 b 1 U NSA U NSAW U NSD U NSOC U ODNI U ODOC UU 0GCIG 0 U OTR U PKI U Q U RAS U RFI 0 U S2 U S2I U S2I4 U S3 U S31324 U S354 U SCA Analysis and Production Counterterrorism Production Center Homeland Security Analysis Center rD a ta A c g u i si ti o n ----- U SOO Signals Intellig'epce Directorate ∙ Signals Intellig nce ∙ ∙ ∙ ∙••• ∙ I ∙ S enior 0 erations Officer 1∙∙∙ ∙∙∙∙ I j I I I I i I ' Technology Directorate Targeting reguest --- r I TOP SECltE'f' 81 NOFORl'l 151 I • ∙∙ HO∙' U SV U Tl2 U Tl222 U T131 U T 323 U Tl6 U TD U TR U TS ∙ ∙ Special compliance activity Sensitive Compartme nted ∙∙information FaCiljt f U SID U SIGINT u l ' • r J SCIF I ' l b 3 P L 8636 I ' DOCID 4273474 'f'Ofl SECitE'f' Sf INOfi'OftN U L 1 - - - --- - - -----------' ∙∙∙∙∙∙∙∙∙∙∙∙∙ U TV U TV4 U USD I U USP U USSID U USSS TDOffi U V o A------ v et ifi ·c - a ti -on-- of a- c-cu- r-ac- y CU I of Compliance Complianc∙e∙∙∙and Ve j_fication Undersecretary of D efeus ·e · · forln t 11ig e nc e U S person U S Signals Intelligence Directive U S STGINT System - TOP SECRETh'SI NOFORN 152 ST140002 · ∙ ∙∙∙∙ ∙∙∙∙ ∙∙ ∙ ∙ ∙∙ ∙∙ ∙∙∙ f j 3 P L 8636 DOCID 4273474 TOP SECRET ISI NOfi'OftN ST 140002 U APPENDIX A ABOUT THE §215 AND FAA §702 REVIEW U Reason for Review U IFOUor In September 2013 ten members of the Senate Committee on the Judiciary requested a comprehensive independent review of the implementation of §2 L5 of the USA PATRIOT Act and §702 of the Foreign Intelligence Surveillance Act FISA Amendments Act FAA of2008 for calendar years 2010 through 2013 U Objectives U FOU01 In January 2014 the National Security Agency Central Security Service's NSA Office of the Inspector General OIG and Committee staff agreed that the NSA OIG would review NSA's implementation ofboth authorities for calendar year 2013 The study has three objectives U Objective I • U Describe how data was collected stored analyzed disseminated and retained under the procedures for §215 and FAA §702 authorities in effect in 2013 and the steps taken to protect US Person information • U Describe the restrictions on using the data and how the restrictions have been implemented including a description of the data repositories and the controls for accessing data • U Describe oversight and compliance activities performed by internal and external organizations in support of §215 Foreign Intelligence Surveillance Court FISC Orders and FAA § 702 minimization procedures U Objective II • U Describe incidents of non compliance with §215 FISC Orders and FAA §702 Certifications and what NSA has done to minimize recurrence U Objective III • U Describe how analysts used the data to support their intelligence miSSIOnS U FOU OJ The report also provides a summary of the changes made in the implementation of both authorities for calendar years 2010 through 2012 and for §215 a list ofincidents ofnoncompliance for calendar years 2010 through 2012 TOP S CR T 81 H OFOR 153 N DOCID 4273474 TOP SECRETHSf NOPOftN ST140002 U Scope and Methodology U ffOUO Our study ofNSA's implementation ofthe §Section 215 and FAA §702 authotities was based largely on program stakeholder interviews and reviews of policies and procedures and other program documentation For this review the NSA OIG documented the controls implemented that address the requirements of each authority However we did not verify through testing whether the controls were operating as described by program stakeholders U Section 215 U fFOUO Our §215 review focused on the BR FISA program control framework incidents ofnoncompliance and NSA's use ofthe authority to support its counterterrorism CT mission in 2013 To document the BR FISA control 'ij 3Hi L 8636 framework we used BR Order 13158 approved by the FISC on ∙ _ ∙∙ ∙∙∙∙∙ 11 October 2013 ' ∙ __ ∙ ∙ ∙ ∙ ∙∙∙ and effective through 30 January 2014 and compared the requirements listed in that ∙ Ordei' with J_he processes and controls NSA used to maintain compliance with that ∙ _∙ Order In addition - W documented the changes implemented in the BR FISA ∙∙ ∙pro gram following the Presiden t 's directives in 2014 ∙ ∙ • ∙ ∙ ' ∙ _ ∙∙ • the Office of the Director of Compliance ODOC the Authorities Integration Group AIG the Legislative Affairs Office LAO and the Office of General Counsel OGC -- -- -- -- -- -- U FAA §702 TSt SWHP In addition to FAA §702 stakeholder interviews and reviews of policies and procedures and other program documentation information obtained in the OIG's Assessment ofManagement Controls Over FAA §702 revised and reissued 29 March 2013 was also used as a resource That review examined the controls that NSA used to maintain compliance with FAA § 702 and the targeting and minimization procedures associated with the 201 I certifications TSHSIHN¥ Our FAA §702 review focused on the processes and controls in place in 2013 Two primary documents filed annually with each FAA §702 certification comprise NSA's procedures for complying with the FISA Amendments Act of2008 • UIJq QUO The Procedures Used by the National Security Agency for Targeting NonUnited States Persons Reasonably Believed to be Located Outside the United States to Acquire Foreign Intelligence Information Pursuant to Section 702 of the Foreign Intelligence Surveillance Act of 1978 as Amended FAA §702 Targeting Procedures and TOP SECRE'fh'Sif i'IOFOR 154 DOCID 4273474 ST 140002 • U FOUOj The Minimization Procedures Used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence Information Pursuanllo Section 702 of the Foreign Intelligence Surveillance Act of 1978 as Amended the FAA §702 Minimization Procedures U If'OUO For calendar year 20 13 the period under review different versions of these documents were in effect because of changes made with the annual certification renewal and special amendments • U q OUO FAA §702 Targeting Procedures o U ffOUO Procedures approved with the 2012 renewal of the authority effective 24 September 2012 o These procedures were not changed for the 2013 certification renewal and remained effective 10 September 2013 through 9 September 2014 U FOU • U fFOUO FAA §702 Minimization Procedures o S tW Procedures approved for the 2012 certification renewal approved 6 1 ∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙ Y b 3 P L 8636 ∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙ by the FISC 24 August 2012 were effective 24 September 2012 through ∙2JSeptember∙ 20 3 ∙l I I ∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙ I b h ∙∙ ∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ b 3 P L 8636 b 3 50 usc 3024 i U IFOUO We also examined implementing procedures and controls for the Attorney General's targeting guidelines U ffOUQ We interviewed personnel in SID Policy and Corporate Issues Staff S02 SV Analvsis and Production S2 Staff and Product Lines Data Acquisition 1 J 1 and l I I the 1 -- -------___ _-- - · __ r 1 -9 _ n- 1'------ an-td M 1 Capabili iie S T1 QDOC the LAO a J g OGC rv ∙∙∙∙∙∙∙∙∙∙∙∙∙ ∙∙∙∙∙∙∙∙∙∙∙∙•∙∙∙∙∙∙∙∙∙∙∙∙∙ · · H u •' 1 ∙∙ b 3 P L 8636 U Prior Coverage U q 'QUO Since 24 May 2006 the date the original BR Order was signed the NSA OIG has completed five BR FISA program reviews Table A1 summarizes the reviews the NSA OIG bas performed on the BR FISA program 'ft P ECitE'fi SI NOFORl'l 155 DOCID 4273474 'fOP SECKE'f i Sf NOP ORN ST140002 U Table A1 NSA OIG Reviews of the BR FISA Program TSHSI tJF Date II ls Ued ll OIG Review l Scope of the Review ' 09 05 06 Assessment of Management Controls for Implementing the FISC Order Telephony BR ST060018 Reviewed collection processing analysis dissemination and oversight controls 05 12 10 NSA Controls for FISC BR Orders ST 100004 Reviewed querying and dissemination controls summarized pilot test results for the period from January through March 2010 05 25 11 Audit of NSA Controls to Comply with the FISC Order Regarding BR ST 100004L Reviewed querying and dissemination controls summarized the monthly test results for 2010 10 20 11 Audit of NSA Controls to Comply with the FISC Order Regarding BR Retention ST 110011 Verified ageoff of BR FISA metadata in 2011 to maintain compliance with the 60 month retention requirement of the BR Order 08 01 12 NSA Controls to Comply with the FISC Order Regarding BR Collection ST120003 Reviewed collection and sampling controls for ensuring that NSA receives only the BR FISA metadata authorized by the BR Order • This report summarized monthly test results of the BR querying and dissemination controls during 2010 f FSl' SIHtlF U ff OUO Since the Agency obtained FAA §702 authority in January 2008 the NSA OIG has completed annual reviews ofreports containing references to USP identities and targets later determined to be located in the Uuited States as required by the statute Table A2 summatizes the two reviews the NSA OIG bas completed ofthe FAA §702 program U Table A2 NSA OIG Reviews of the FAA §702 Program 9HUF Date 3 29 13 OIG Review Issued U Assessment of Management Controls Over FAA §702 ST110009 I l v 11'11 I ∙∙∙∙∙∙∙∙∙∙ Reviewed management controls for U maintaining compliance with the targeting and minimization procedures Jl ∙∙∙∙∙∙∙ ∙∙∙∙∙ ' Scope of the Review · ∙∙∙∙∙∙∙∙ ·· · 11 b 1 b 3 P L 8636 TOP SB CRET SI HOFOR H 156 e UF DOCID 4273474 TOP S CltE't' Sf NOPOltrq ST 140002 U APPENDIX B BR FISA PROGRAM CHANGES 20102012 U 2010 I NSA's RAS selection term • U f OOO On 25 June 2Q W management Y t m d I • U f F Uet f · · · · ' ' · · · · ' · ·_ ftnt k atHi1ysts I the Order requirement for weekly reports of BRrelated disseminations was changed to monthly _ U FOUO I ∙ P L 8636 ' Q 011 1 lthe Order requirement restricting the number of allowed to access BR metadata was lifted ' - - l l p- r - - r - -o- s it -or _y _fi o-r -t k d - _ ∙∙∙ ∙ telep lQny ∙ transaction records ∙ ∙ ∙ _ ∙ ∙ • · cy p W ·∙∙ ∙∙ U · - 2 o1 · ∙ ∙ · ·· ∙∙∙ ∙∙∙∙∙∙∙ ∙∙ - ∙ ∙ Uf FOuO I --- ∙∙∙∙∙∙ 1 tl1e · O t' d r requirement for NSA to review a sample bfrecbrds obtained was changed to a revl'e Y ofNSA's monitoring and assessment toensure that only approved metadata is bein g · -a quired NSA tifkd the - rt l • ∙ ∙ U 1 JPet fe l cu oue l I '∙∙∙∙∙∙ INSA notified the Co - r tl 'I -- ------------------ • U FOUe I the Court authorized NSA to implement an automated querying process 1 10 110 U NSA is no longer authorized to use the automated query process since it withdrew its request to do so in the renewal applications and declarations that support the BR Orders approved by the FISC beginning with BR Order 1467 dated 28 March 2014 TOP SECRETHSI NOFORN 157 DOCID 4273474 TOP SECRBTHSI 1 0 FOR N ST140002 • U FOUO On 29 November 2012 the Order requirement to track and report the number of instances since the preceding report in wbjcb NSA bas shared in any form results from queries of the BR metadata in any form with anyone outside NSA was changed to apply to only sharing of query results that contain U S person information 'fOP E CRE'f h' Si f i'I 158 OFOR i'l DOCID 4273474 'fOP SECHT 1 1 N OFOR N ST 140002 U APPENDIX C BR FISA PROGRAM INCIDENTS OF NONCOMPLIANCE 2010 THROUGH 2012 U Table C1 BR FISA Incidents 2010 through 2012 Congressional Notification Description 1 b -P L 8636 • U fFQ Y O On 1 November 2010 Rule 10 b and 10 c notices were replaced by Rule 13 a and 13 b notices respectively t U t U Final Rule 10 c noticeL r ∙∙ ∙∙∙ · · - Supplemental Rule 13 b notice § U FOUO Final Rule 13 a and 13 b notice -· ∙∙∙∙ ∙ ∙∙∙∙ · · ∙∙∙∙∙∙ ∙∙∙ '6 3 P L 8636 ∙∙•∙∙∙∙∙∙ TSOSI f4F 'fOP SECRE'fi SI NOf OltN 159 DOCID 4273474 TOP SEiCRETI SI fNOFORN ST140002 U APPENDIX D FAA §702 PROGRAM CHANGES U Minimization Procedures U 2011 • U FOU01 Language on upstream data added to Minjmization Procedures • U FOUO The retention period for Upstream Data is reduced to two years • U FOUO Clarified that the fiveyear retention period for unevaluated data began to run fi∙om the date of expiratiou of tbe certification under which tbe data was collected Prior versions did not specify when the fiveyear period began • U FOUO Permitted queries using USP identifiers to identify and select communications Requires preapproval before any queries are made Specifically excludes queries against upstream data • U FOUO Adds requirement to segregate Internet transactions that cannot be reasonably identified as containing single discrete communications U 2012 • U IfOUOjLimjted access to metadata from Internet transactions to data acquired on or after October 31 201 J 6 1T∙∙∙∙∙∙∙ b 3 P L 8636 • U fetJ'CJ A dds specific requirements for DIRNSA determination that a domestic communication can be retained This includes a requirement that DIRNSA first determine that the sender or recipient of the domestic communication was properly targeted under FAA §702 • ∙ s i EE if'OU A I l r ∙∙ ∙ ∙∙ --L------------r-_____J U 2 013∙∙ ∙∙∙ ∙∙'4' ∙∙∙∙∙∙ ∙∙∙ ∙ • U An amendment to the Minimization procedures was made in late 2013 A ∙∙_ ∙ ∙∙∙∙∙∙∙∙∙∙ section was added precluding NSA from using information acquired pursuant to based n the total_ity of the circums ances that bJ 1 ∙ FAA §70 unless NSA det rmines b J P L 86 36 · ∙∙∙ tbe target ts reasonably beheved to be outs1de the Umted States at tbe ttme the b 3 50 usc 3024 i informatiop was acquired ∙∙∙∙ ∙∙∙∙∙∙ S REL T - us ·Aij r--___ ---------------- ∙∙∙∙ IL ' ∙∙∙ b 1 b 3 P L 8636 TOP SECR BT 811 HOFOR l 160 DOCID 4273474 TOP SECRETHSf NOPOftN ST 140002 U Other Changes U 2012 • ffS fSi f W Congress notified by NSAI I b 1 b 3 P L 8636 b 3 50 usc 3024 i b 1 b 3 P L 8636 TOP SE€1 e'f SI NOFORN 161