OCR of the Document

View the Document >>

Privacy and Civil Liberties Oversight Board, Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, July 2, 2014. Unclassified Pre-Release.

Privacy and Civil Liber0es Oversight Board Report on the Surveillance Program Operated Pursuant to Sec7on 702 of the Foreign Intelligence Surveillance Act JULY 2 2014 P RI V A CY AN D C I VI L L I BE R TI E S O VE RS I G H T B O A RD Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act JULY 2 2014 Privacy and Civil Liberties Oversight Board David Medine Chairman Rachel Brand Elisebeth Collins Cook James Dempsey Patricia Wald i P RI V A CY AN D C I VI L L I BE R TI E S O VE RS I G H T B O A RD Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act Part 1 INTRODUCTION 1 Part 2 EXECUTIVE SUMMARY 5 Part 3 DESCRIPTION AND HISTORY 16 Genesis of the Section 702 Program 16 Statutory Structure 20 Acquisition Process 32 Targeting Procedures 41 Post-Tasking Review 48 Minimization Procedures 50 Internal Agency Oversight 66 External Oversight 70 Compliance Issues 77 Part 4 LEGAL ANALYSIS 80 Statutory Analysis 80 Constitutional Analysis 86 ii Analysis of Treatment of Non-U S Persons 98 Part 5 POLICY ANALYSIS 103 Value of the Section 702 Program 104 Privacy and Civil Liberties Implications of the Section 702 Program 111 Part 6 RECOMMENDATIONS 134 Part 7 CONCLUSION 149 ANNEXES 150 A Separate Statement by Chairman David Medine and Board Member Patricia Wald 151 B Separate Statement by Board Members Rachel Brand and Elisebeth Collins Cook 161 C July 9 2013 Workshop Agenda and Link to Workshop Transcript 166 D November 4 2013 Hearing Agenda and Link to Hearing Transcript 169 E March 19 2014 Hearing Agenda and Link to Hearing Transcript 172 F Request for Public Comments on Board Study 175 G Reopening the Public Comment Period 177 H Index to Public Comments on www regulations gov 178 iii Part 1 INTRODUCTION I Background Shortly after the Privacy and Civil Liberties Oversight Board PCLOB or Board began operation as a new independent agency Board Members identified a series of programs and issues to prioritize for review As announced at the Board's public meeting in March 2013 one of these issues was the implementation of the Foreign Intelligence Surveillance Act Amendments Act of 2008 1 Several months later in June 2013 two classified National Security Agency NSA collection programs were first reported about by the press based on unauthorized disclosures of classified documents by Edward Snowden a contractor for the NSA Under one program implemented under Section 215 of the USA PATRIOT Act the NSA collects domestic telephone metadata i e call records in bulk Under the other program implemented under Section 702 of the Foreign Intelligence Surveillance Act FISA the government collects the contents of electronic communications including telephone calls and emails where the target is reasonably believed to be a non-U S person2 located outside the United States A bipartisan group of U S Senators asked the Board to investigate the two NSA programs and provide an unclassified report 3 House Minority Leader Nancy Pelosi subsequently asked the Board to consider the operations of the Foreign Intelligence Surveillance Court FISA court 4 Additionally the Board met with President Obama who asked the Board to review where our counterterrorism efforts and our values come into See Privacy and Civil Liberties Oversight Board Minutes of Open Meeting of March 5 2013 at 4-5 available at http www pclob gov SiteAssets meetings-and-events 5-march-2013-publicmeeting 5%20March%202013%20Meeting%20Minutes pdf 1 Under the statute the term U S persons includes United States citizens United States permanent residents and virtually all United States corporations 2 Letter from Tom Udall et al to the Privacy and Civil Liberties Oversight Board June 12 2013 available at http www pclob gov SiteAssets newsroom 6 12 13%20Senate%20letter%20to%20PCLOB pdf Response available at http www pclob gov SiteAssets newsroom PCLOB_TUdall pdf 3 Letter from Democratic Leader Nancy Pelosi to Chairman David Medine July 11 2013 available at http www pclob gov SiteAssets newsroom Pelosi%20Letter%20to%20PCLOB pdf Response available at http www pclob gov SiteAssets newsroom PCLOB%20Pelosi%20Response%20Final pdf 4 1 tension 5 In response to the requests from Congress and the President the Board began a comprehensive study of the two NSA programs The Board held public hearings and met with the Intelligence Community and the Department of Justice White House and congressional committee staff privacy and civil liberties advocates academics trade associations and technology and communications companies During the course of this study it became clear to the Board that each program required a level of review that was best undertaken and presented to the public in a separate report As such the Board released a report on the Section 215 telephone records program and the operation of the FISA court on January 23 2014 6 Subsequently the Board held an additional public hearing and continued its study of the second program Now the Board is issuing the current report which examines the collection of electronic communications under Section 702 and provides analysis and recommendations regarding the program's implementation The Section 702 program is extremely complex involving multiple agencies collecting multiple types of information for multiple purposes Overall the Board has found that the information the program collects has been valuable and effective in protecting the nation's security and producing useful foreign intelligence The program has operated under a statute that was publicly debated and the text of the statute outlines the basic structure of the program Operation of the Section 702 program has been subject to judicial oversight and extensive internal supervision and the Board has found no evidence of intentional abuse The Board has found that certain aspects of the program's implementation raise privacy concerns These include the scope of the incidental collection of U S persons' communications and the use of queries to search the information collected under the program for the communications of specific U S persons The Board offers a series of policy recommendations to strengthen privacy safeguards and to address these concerns II Study Methodology In order to gain a full understanding of the program's operations the Board and its staff received multiple briefings on the operation of the program including the technical Remarks by the President in a Press Conference at the White House Aug 9 2013 available at http www whitehouse gov the-press-office 2013 08 09 remarks-president-press-conference 5 See PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD REPORT ON THE TELEPHONE RECORDS PROGRAM CONDUCTED UNDER SECTION 215 OF THE USA PATRIOT ACT AND ON THE OPERATIONS OF THE FOREIGN INTELLIGENCE SURVEILLANCE COURT 2014 available at http www pclob gov All%20Documents Report%20on%20the%20Telephone%20Records%20Program PCLOB-Report-on-the-Telephone-Records-Program pdf 6 2 details and procedural rules that govern its implementation The Board appreciates the responsiveness and open lines of communication that have been established with members of the Intelligence Community and the Department of Justice These have enabled the Board to understand the operation of this complex program and to fully consider the practical impact that the Board's recommendations will have Building upon the previous public hearings held in July and November 2013 the Board held an additional public hearing on March 19 2014 focused exclusively on the Section 702 program 7 This hearing was comprised of three panels The first panel consisted of government representatives who provided the government's views on Section 702 The second panel consisted of academics and privacy advocates who addressed the legal issues related to Section 702 including both statutory and constitutional matters The third panel consisted of representatives from private industry academics and human rights organizations who discussed the transnational and policy issues related to Section 702 Panelists as well as the general public were invited to submit written comments to the Board via www regulations gov 8 Since the unauthorized disclosures that began in 2013 much of the information that the Intelligence Community has declassified and released has related to the Section 215 program In the preparation of this Report the Board worked with the Intelligence Community to seek further declassification of information related to the Section 702 program Specifically the Board requested declassification of additional facts for use in this Report Consistent with the Board's goal of seeking greater transparency where appropriate the request for declassification of additional facts to be used in this Report was made in order to provide further clarity and education to the public about the Section 702 program The Intelligence Community carefully considered the Board's requests and has engaged in a productive dialogue with PCLOB staff The Board greatly appreciates the diligent efforts of the Intelligence Community to work through the declassification process and as a result of the process many facts that were previously classified are now available to the public In the course of preparing and finalizing this Report the Board met with staff from the House Permanent Select Committee on Intelligence and the Senate Select Committee on Intelligence as well as staff from the House and Senate Judiciary Committees to discuss the Section 702 program and the Board's preliminary recommendations The Board also presented its preliminary recommendations to senior staff at the White House In addition the Board provided a draft of this Report to the Intelligence Community for classification review While the Board's report was subject to classification review and while the Board 7 See Annex E 8 See Annex H 3 considered the Intelligence Community's comments regarding the operation of the program to ensure accuracy none of the changes resulting from that process affected the Board's substantive analysis and recommendations III Report Organization This Report consists of six parts After this introduction and the Executive Summary Part 3 contains a factual narrative that explains the development of the Section 702 program and how the program currently operates Part 4 consists of legal analysis including the Board's statutory and constitutional analyses as well as a discussion of how the program affects the legal rights of non-U S persons Part 5 examines the policy implications of the program including an assessment of its efficacy and its effect on privacy while Part 6 outlines and explains the Board's recommendations The Board presents this Report in an effort to provide greater transparency and clarity to the public regarding the government's activities with respect to the Section 702 program The recommendations reflect the Board's best efforts to protect the privacy and civil liberties of the public while considering legitimate national security interests The Board welcomes the opportunity for further discussion of these pressing issues 4 Part 2 EXECUTIVE SUMMARY In 2008 Congress enacted the FISA Amendments Act which made changes to the Foreign Intelligence Surveillance Act of 1978 FISA Among those changes was the addition of a new provision Section 702 of FISA permitting the Attorney General and the Director of National Intelligence to jointly authorize surveillance conducted within the United States but targeting only non-U S persons reasonably believed to be located outside the United States The Privacy and Civil Liberties Oversight Board PCLOB began reviewing implementation of the FISA Amendments Act early in 2013 shortly after the Board began operations as an independent agency 9 The PCLOB has conducted an in-depth review of the program now operated under Section 702 in pursuit of the Board's mission to review executive branch actions taken to protect the nation from terrorism in order to ensure that the need for such actions is balanced with the need to protect privacy and civil liberties 10 This Executive Summary outlines the Board's conclusions and recommendations I Overview of the Report A Description and History of the Section 702 Program Section 702 has its roots in the President's Surveillance Program developed in the immediate aftermath of the September 11th attacks Under one aspect of that program which came to be known as the Terrorist Surveillance Program TSP the President authorized interception of the contents of international communications from within the United States outside of the FISA process Following disclosures about the TSP by the press in December 2005 the government sought and obtained authorization from the Foreign Intelligence Surveillance Court FISA court to conduct under FISA the collection that had been occurring under the TSP Later the government developed a statutory framework specifically designed to authorize this collection program After the enactment and expiration of a temporary measure the Protect America Act of 2007 Congress passed the FISA Amendments Act of 2008 which included the new Section 702 of FISA The statute See Privacy and Civil Liberties Oversight Board Minutes of Open Meeting of March 5 2013 at 4-5 available at http www pclob gov SiteAssets meetings-and-events 5-march-2013-publicmeeting 5%20March%202013%20Meeting%20Minutes pdf 9 10 42 U S C 2000ee c 1 5 provides a procedural framework for the targeting of non-U S persons reasonably believed to be located outside the United States to acquire foreign intelligence information Section 702 permits the Attorney General and the Director of National Intelligence to jointly authorize surveillance targeting persons who are not U S persons and who are reasonably believed to be located outside the United States with the compelled assistance of electronic communication service providers in order to acquire foreign intelligence information Thus the persons who may be targeted under Section 702 cannot intentionally include U S persons or anyone located in the United States and the targeting must be conducted to acquire foreign intelligence information as defined in FISA Executive branch authorizations to acquire designated types of foreign intelligence under Section 702 must be approved by the FISA court along with procedures governing targeting decisions and the handling of information acquired Although U S persons may not be targeted under Section 702 communications of or concerning U S persons may be acquired in a variety of ways An example is when a U S person communicates with a non-U S person who has been targeted resulting in what is termed incidental collection Another example is when two non-U S persons discuss a U S person Communications of or concerning U S persons that are acquired in these ways may be retained and used by the government subject to applicable rules and requirements The communications of U S persons may also be collected by mistake as when a U S person is erroneously targeted or in the event of a technological malfunction resulting in inadvertent collection In such cases however the applicable rules generally require the communications to be destroyed Under Section 702 the Attorney General and Director of National Intelligence make annual certifications authorizing this targeting to acquire foreign intelligence information without specifying to the FISA court the particular non-U S persons who will be targeted There is no requirement that the government demonstrate probable cause to believe that an individual targeted is an agent of a foreign power as is generally required in the traditional FISA process under Title I of the statute Instead the Section 702 certifications identify categories of information to be collected which must meet the statutory definition of foreign intelligence information The certifications that have been authorized include information concerning international terrorism and other topics such as the acquisition of weapons of mass destruction Section 702 requires the government to develop targeting and minimization procedures that must satisfy certain criteria As part of the FISA court's review and approval of the government's annual certifications the court must approve these procedures and determine that they meet the necessary standards The targeting procedures govern how the executive branch determines that a particular person is reasonably believed to be a non-U S person located outside the United States and that 6 targeting this person will lead to the acquisition of foreign intelligence information The minimization procedures cover the acquisition retention use and dissemination of any non-publicly available U S person information acquired through the Section 702 program Once foreign intelligence acquisition has been authorized under Section 702 the government sends written directives to electronic communication service providers compelling their assistance in the acquisition of communications The government identifies or tasks certain selectors such as telephone numbers or email addresses that are associated with targeted persons and it sends these selectors to electronic communications service providers to begin acquisition There are two types of Section 702 acquisition what has been referred to as PRISM collection and upstream collection In PRISM collection the government sends a selector such as an email address to a United States-based electronic communications service provider such as an Internet service provider ISP and the provider is compelled to give the communications sent to or from that selector to the government PRISM collection does not include the acquisition of telephone calls The National Security Agency NSA receives all data collected through PRISM In addition the Central Intelligence Agency CIA and the Federal Bureau of Investigation FBI each receive a select portion of PRISM collection Upstream collection differs from PRISM collection in several respects First the acquisition occurs with the compelled assistance of providers that control the telecommunications backbone over which telephone and Internet communications transit rather than with the compelled assistance of ISPs or similar companies Upstream collection also includes telephone calls in addition to Internet communications Data from upstream collection is received only by the NSA neither the CIA nor the FBI has access to unminimized upstream data Finally the upstream collection of Internet communications includes two features that are not present in PRISM collection the acquisition of so-called about communications and the acquisition of so-called multiple communications transactions MCTs An about communication is one in which the selector of a targeted person such as that person's email address is contained within the communication but the targeted person is not necessarily a participant in the communication Rather than being to or from the selector that has been tasked the communication may contain the selector in the body of the communication and thus be about the selector An MCT is an Internet transaction that contains more than one discrete communication within it If one of the communications within an MCT is to from or about a tasked selector and if one end of the transaction is foreign the NSA will acquire the entire MCT through upstream collection including other discrete communications within the MCT that do not contain the selector Each agency that receives communications under Section 702 has its own minimization procedures approved by the FISA court that govern the agency's use 7 retention and dissemination of Section 702 data 11 Among other things these procedures include rules on how the agencies may query the collected data The NSA CIA and FBI minimization procedures all include provisions permitting these agencies to query data acquired through Section 702 using terms intended to discover or retrieve communications content or metadata that meets the criteria specified in the query These queries may include terms that identify specific U S persons and can be used to retrieve the already acquired communications of specific U S persons Minimization procedures set forth the standards for conducting queries For example the NSA's minimization procedures require that queries of Section 702-acquired information be designed so that they are reasonably likely to return foreign intelligence information The minimization procedures also include data retention limits and rules outlining circumstances under which information must be purged Apart from communications acquired by mistake U S persons' communications are not typically purged or eliminated from agency databases even when they do not contain foreign intelligence information until the data is aged off in accordance with retention limits Each agency's adherence to its targeting and minimization procedures is subject to extensive oversight within the executive branch including internal oversight within individual agencies as well as regular reviews conducted by the Department of Justice DOJ and the Office of the Director of National Intelligence ODNI The Section 702 program is also subject to oversight by the FISA court including during the annual certification process and when compliance incidents are reported to the court Information about the operation of the program also is reported to congressional committees Although there have been various compliance incidents over the years many of these incidents have involved technical issues resulting from the complexity of the program and the Board has not seen any evidence of bad faith or misconduct B Legal Analysis The Board's legal analysis of the Section 702 program includes an evaluation of whether it comports with the terms of the statute an evaluation of the Fourth Amendment issues raised by the program and a discussion of the treatment of non-U S persons under the program In reviewing the program's compliance with the text of Section 702 the Board has assessed the operation of the program overall and has separately evaluated PRISM and upstream collection On the whole the text of Section 702 provides the public with transparency into the legal framework for collection and it publicly outlines the basic As described in Part 3 of this Report the National Counterterrorism Center NCTC has some access to Section 702 data and therefore has its own minimization procedures as well However the NCTC's role in processing and minimizing Section 702 data is limited 11 8 structure of the program The Board concludes that PRISM collection is clearly authorized by the statute and that with respect to the about collection which occurs in the upstream component of the program the statute can permissibly be interpreted as allowing such collection as it is currently implemented The Board also concludes that the core of the Section 702 program -- acquiring the communications of specifically targeted foreign persons who are located outside the United States upon a belief that those persons are likely to communicate foreign intelligence using specific communications identifiers subject to FISA court-approved targeting rules and multiple layers of oversight -- fits within the totality of the circumstances standard for reasonableness under the Fourth Amendment as that standard has been defined by the courts to date Outside of this fundamental core certain aspects of the Section 702 program push the program close to the line of constitutional reasonableness Such aspects include the unknown and potentially large scope of the incidental collection of U S persons' communications the use of about collection to acquire Internet communications that are neither to nor from the target of surveillance and the use of queries to search for the communications of specific U S persons within the information that has been collected With these concerns in mind this Report offers a set of policy proposals designed to push the program more comfortably into the sphere of reasonableness ensuring that the program remains tied to its constitutionally legitimate core Finally the Board discusses the fact that privacy is a human right that has been recognized in the International Covenant on Civil and Political Rights ICCPR an international treaty ratified by the U S Senate and that the treatment of non-U S persons in U S surveillance programs raises important but difficult legal and policy questions Many of the generally applicable protections that already exist under U S surveillance laws apply to U S and non-U S persons alike The President's recent initiative under Presidential Policy Directive 28 on Signals Intelligence PPD-28 will further address the extent to which non-U S persons should be afforded the same protections as U S persons under U S surveillance laws 12 Because PPD-28 invites the PCLOB to be involved in its implementation the Board has concluded that it can make its most productive contribution in assessing these issues in the context of the PPD-28 review process C Policy Analysis The Section 702 program has enabled the government to acquire a greater range of foreign intelligence than it otherwise would have been able to obtain -- and to do so quickly and effectively Compared with the traditional FISA process under Title I of the See Presidential Policy Directive -- Signals Intelligence Activities Policy Directive 28 2014 WL 187435 Jan 17 2014 PPD-28 available at http www whitehouse gov the-pressoffice 2014 01 17 presidential-policy-directive-signals-intelligence-activities 12 9 statute Section 702 imposes significantly fewer limits on the government when it targets foreigners located abroad permitting greater flexibility and a dramatic increase in the number of people who can realistically be targeted The program has proven valuable in the government's efforts to combat terrorism as well as in other areas of foreign intelligence Presently over a quarter of the NSA's reports concerning international terrorism include information based in whole or in part on Section 702 collection and this percentage has increased every year since the statute was enacted Monitoring terrorist networks under Section 702 has enabled the government to learn how they operate and to understand their priorities strategies and tactics In addition the program has led the government to identify previously unknown individuals who are involved in international terrorism and it has played a key role in discovering and disrupting specific terrorist plots aimed at the United States and other countries The basic structure of the Section 702 program appropriately focuses on targeting non-U S persons reasonably believed to be located abroad Yet communications of or concerning U S persons can be collected under Section 702 and certain features of the program implicate privacy concerns These features include the potential scope of U S person communications that are collected the acquisition of about communications and the use of queries that employ U S person identifiers The Board's analysis of these features of the program leads to certain policy recommendations The government is presently unable to assess the scope of the incidental collection of U S person information under the program For this reason the Board recommends several measures that together may provide insight about the extent to which communications involving U S persons or people located in the United States are being acquired and utilized With regard to the NSA's acquisition of about communications the Board concludes that the practice is largely an inevitable byproduct of the government's efforts to comprehensively acquire communications that are sent to or from its targets Because of the manner in which the NSA conducts upstream collection and the limits of its current technology the NSA cannot completely eliminate about communications from its collection without also eliminating a significant portion of the to from communications that it seeks The Board includes a recommendation to better assess about collection and a recommendation to ensure that upstream collection as a whole does not unnecessarily collect domestic communications The Report also assesses the impact of queries using United States person identifiers At the NSA for example these queries can be performed if they are deemed reasonably likely to return foreign intelligence information No showing of suspicion that 10 the U S person is engaged in any form of wrongdoing is required but procedures are in place to prevent queries being conducted for improper purposes The Board includes two recommendations to address the rules regarding U S person queries Overall the Board finds that the protections contained in the Section 702 minimization procedures are reasonably designed and implemented to ward against the exploitation of information acquired under the program for illegitimate purposes The Board has seen no trace of any such illegitimate activity associated with the program or any attempt to intentionally circumvent legal limits But the applicable rules potentially allow a great deal of private information about U S persons to be acquired by the government The Board therefore offers a series of policy recommendations to ensure that the program appropriately balances national security with privacy and civil liberties II Recommendations A Targeting and Tasking Recommendation 1 The NSA's targeting procedures should be revised to a specify criteria for determining the expected foreign intelligence value of a particular target and b require a written explanation of the basis for that determination sufficient to demonstrate that the targeting of each selector is likely to return foreign intelligence information relevant to the subject of one of the certifications approved by the FISA court The NSA should implement these revised targeting procedures through revised guidance and training for analysts specifying the criteria for the foreign intelligence determination and the kind of written explanation needed to support it We expect that the FISA court's review of these targeting procedures in the course of the court's periodic review of Section 702 certifications will include an assessment of whether the revised procedures provide adequate guidance to ensure that targeting decisions are reasonably designed to acquire foreign intelligence information relevant to the subject of one of the certifications approved by the FISA court Upon revision of the NSA's targeting procedures internal agency reviews as well as compliance audits performed by the ODNI and DOJ should include an assessment of compliance with the foreign intelligence purpose requirement comparable to the review currently conducted of compliance with the requirement that targets are reasonably believed to be non-U S persons located outside the United States B U S Person Queries Recommendation 2 The FBI's minimization procedures should be updated to more clearly reflect the actual practice for conducting U S person queries including the frequency with which Section 702 data may be searched when making routine queries as part of FBI 11 assessments and investigations Further some additional limits should be placed on the FBI's use and dissemination of Section 702 data in connection with non-foreign intelligence criminal matters Recommendation 3 The NSA and CIA minimization procedures should permit the agencies to query collected Section 702 data for foreign intelligence purposes using U S person identifiers only if the query is based upon a statement of facts showing that it is reasonably likely to return foreign intelligence information as defined in FISA The NSA and CIA should develop written guidance for agents and analysts as to what information and documentation is needed to meet this standard including specific examples C FISA Court Role Recommendation 4 To assist in the FISA court's consideration of the government's periodic Section 702 certification applications the government should submit with those applications a random sample of tasking sheets and a random sample of the NSA's and CIA's U S person query terms with supporting documentation The sample size and methodology should be approved by the FISA court Recommendation 5 As part of the periodic certification process the government should incorporate into its submission to the FISA court the rules for operation of the Section 702 program that have not already been included in certification orders by the FISA court and that at present are contained in separate orders and opinions affidavits compliance and other letters hearing transcripts and mandatory reports filed by the government To the extent that the FISA court agrees that these rules govern the operation of the Section 702 program the FISA court should expressly incorporate them into its order approving Section 702 certifications D Upstream and About Collection Recommendation 6 To build on current efforts to filter upstream communications to avoid collection of purely domestic communications the NSA and DOJ in consultation with affected telecommunications service providers and as appropriate with independent experts should periodically assess whether filtering techniques applied in upstream collection utilize the best technology consistent with program needs to ensure government acquisition of only communications that are authorized for collection and prevent the inadvertent collection of domestic communications 12 Recommendation 7 The NSA periodically should review the types of communications acquired through about collection under Section 702 and study the extent to which it would be technically feasible to limit as appropriate the types of about collection E Accountability and Transparency Recommendation 8 To the maximum extent consistent with national security the government should create and release with minimal redactions declassified versions of the FBI's and CIA's Section 702 minimization procedures as well as the NSA's current minimization procedures Recommendation 9 The government should implement five measures to provide insight about the extent to which the NSA acquires and utilizes the communications involving U S persons and people located in the United States under the Section 702 program Specifically the NSA should implement processes to annually count the following 1 the number of telephone communications acquired in which one caller is located in the United States 2 the number of Internet communications acquired through upstream collection that originate or terminate in the United States 3 the number of communications of or concerning U S persons that the NSA positively identifies as such in the routine course of its work 4 the number of queries performed that employ U S person identifiers specifically distinguishing the number of such queries that include names titles or other identifiers potentially associated with individuals and 5 the number of instances in which the NSA disseminates non-public information about U S persons specifically distinguishing disseminations that includes names titles or other identifiers potentially associated with individuals These figures should be reported to Congress in the NSA Director's annual report and should be released publicly to the extent consistent with national security F Efficacy Recommendation 10 The government should develop a comprehensive methodology for assessing the efficacy and relative value of counterterrorism programs 13 III Separate Statements Following the Board's recommendations the Report includes two separate statements A Separate Statement of Chairman David Medine and Board Member Patricia Wald Chairman David Medine and Member Patricia Wald wrote jointly to recommend requiring restrictions additional to those contained in Recommendation 3 with regard to U S person queries conducted for a foreign intelligence purpose They also recommended that minimization procedures governing the use of U S persons' communications collected under Section 702 should require the following 1 No later than when the results of a U S person query of Section 702 data are generated U S persons' communications should be purged of information that does not meet the statutory definition of foreign intelligence information relating to U S persons 13 This process should be subject to judicial oversight 14 2 Each U S person identifier should be submitted to the FISA court for approval before the identifier may be used to query data collected under Section 702 for a foreign intelligence purpose other than in exigent circumstances or where otherwise required by law The FISA court should determine based on documentation submitted by the government whether the use of the U S person identifier for Section 702 queries meets the standard that the identifier is reasonably likely to return foreign intelligence information as defined under FISA 15 In addition they wrote to further explain their views regarding Recommendation 2 Specifically they believe that the additional limits to be placed on the FBI's use and dissemination of Section 702 data in connection with non-foreign intelligence criminal matters should include the requirement that the FBI obtain prior FISA court approval before using identifiers to query Section 702 data to ensure that the identifier is reasonably likely to return information relevant to an assessment or investigation of a crime 13 U S person communications may also be responsive to queries using non-U S person identifiers This review would not be necessary for queries seeking communications of U S persons who are already approved as targets for collection under Title I or Sections 703 704 of FISA and identifiers that have been approved by the FISA court under the reasonable articulable suspicion standard for telephony metadata under Section 215 It would also not be necessary if the query produces no results or the analyst purges all results from the given query as not containing foreign intelligence 14 Subsequent queries using a FISA court-approved U S person identifier would not require court approval 15 14 The statement also responds to the separate statement by Members Brand and Cook B Separate Statement by Board Members Rachel Brand and Elisebeth Collins Cook Board Members Rachel Brand and Elisebeth Collins Cook wrote separately to emphasize the Board's unanimous bottom-line conclusion that the core Section 702 program is clearly authorized by Congress reasonable under the Fourth Amendment and an extremely valuable and effective intelligence tool They further wrote to explain their proposal for FBI queries of Section 702 data which would not place limitations on the FBI's ability to include its FISA data within the databases queried in non-foreign intelligence criminal matters They explain their view that querying information already in the FBI's possession is a relatively non-intrusive investigative tool and the discovery of potential links between ongoing criminal and foreign intelligence investigations is potentially critical to national security Instead they would require an analyst who has not had FISA training to seek supervisory approval before viewing responsive 702 information to ensure that the information continues to be treated consistent with applicable statutory and courtimposed restrictions They also would require higher-level Justice Department approval before Section 702 information could be used in the investigation or prosecution of a non-foreign intelligence crime The statement also responds to the separate statement by Chairman Medine and Member Wald 15 Part 3 DESCRIPTION AND HISTORY I Genesis of the Section 702 Program As it exists today the Section 702 program can trace its lineage to two prior intelligence collection programs both of which were born of counterterrorism efforts following the attacks of September 11 2001 The first and more well-known of these two efforts was a program to acquire the contents of certain international communications later termed the Terrorist Surveillance Program TSP In October 2001 President George W Bush issued a highly classified presidential authorization directing the NSA to collect certain foreign intelligence by electronic surveillance in order to prevent acts of terrorism within the United States based upon a finding that an extraordinary emergency existed because of the September 11 attacks Under this authorization electronic surveillance was permitted within the United States for counterterrorism purposes without judicial warrants or court orders for a limited number of days 16 President Bush authorized the NSA to 1 collect the contents of certain international communications a program that was later referred to as the TSP and 2 collect in bulk non-content information or metadata about telephone and Internet communications 17 The acquisition of telephone metadata was the forerunner to the Section 215 calling records program discussed in a prior report by the Board The President renewed the authorization for the NSA's activities in early November 2001 Thereafter the authorization was renewed continuously with some modifications and constrictions to the scope of the authorized collection approximately every thirty to sixty days until 2007 Each presidential authorization included the finding that an extraordinary emergency continued to exist justifying ongoing warrantless surveillance Key members of Congress and the presiding judge of the Foreign Intelligence Surveillance Court FISC or FISA court were briefed on the existence of the program The collection of communications content and bulk metadata under these presidential authorizations became known as the President's Surveillance Program According to a 2009 report by the inspectors general of several defense and intelligence agencies over time the program See DNI Announces the Declassification of the Existence of Collection Activities Authorized by President George W Bush Shortly After the Attacks of September 11 2001 Dec 21 2013 Dec 21 DNI Announcement available at http icontherecord tumblr com post 70683717031 dni-announces-thedeclassification-of-the 16 17 See Dec 21 DNI Announcement supra 16 became less a temporary response to the September 11 terrorist attacks and more a permanent surveillance tool 18 In December 2005 the New York Times published articles revealing the TSP i e the portion of the President's Surveillance Program that involved intercepting the contents of international communications In response to these revelations President Bush confirmed the existence of the TSP 19 and the Department of Justice issued a white paper outlining the legal argument that the President could authorize these interceptions without obtaining a warrant or court order 20 Notwithstanding this legal argument the government decided to seek authorization under the Foreign Intelligence Surveillance Act FISA to conduct the content collection that had been occurring under the TSP 21 In January 2007 the FISC issued orders authorizing the government to conduct certain electronic surveillance of telephone and Internet communications carried over listed communication facilities where among other things the government made a probable cause determination regarding one of the communicants and the email addresses and telephone numbers to be tasked were reasonably believed to be used by persons located outside the United States 22 The FISC's order referred to as the Foreign Telephone and Email Order in effect replaced the President's authorization of the TSP and the President made no further reauthorizations of the TSP 23 When the government sought to renew the January 2007 Foreign Telephone and Email Order however a different judge on the FISC approved the program but on a different legal theory that required changes in the collection program 24 Specifically in May 2007 the FISC approved a modified version of the Foreign Telephone and Email Order in which the court as opposed to the government made probable cause determinations regarding the particular foreign telephone numbers and email addresses that were to be used to conduct surveillance under this program 25 Although the modified See UNCLASSIFIED REPORT ON THE PRESIDENT'S SURVEILLANCE PROGRAM PREPARED BY THE OFFICE OF INSPECTORS GENERAL OF THE DEPARTMENT OF DEFENSE DEPARTMENT OF JUSTICE CENTRAL INTELLIGENCE AGENCY NATIONAL SECURITY AGENCY AND THE OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE at 31 2009 18 See e g President's Radio Address Dec 17 2005 available at http georgewbushwhitehouse archives gov news releases 2005 12 20051217 html 19 Legal Authorities Supporting the Activities of the National Security Agency Described by the President January 19 2006 available at http www justice gov olc opiniondocs nsa-white-paper pdf 20 21 See Dec 21 DNI Announcement supra Declassified Certification of Attorney General Michael B Mukasey at 37 In re National Security Agency Telecommunications Records Litigation MDL Dkt No 06-1791-VRW N D Cal Sept 19 2008 2008 Mukasey Decl available at http www dni gov files documents 0505 AG%20Mukasey%202008%20Declassified%20Declaration pdf 22 23 2008 Mukasey Decl supra at 37 24 2008 Mukasey Decl supra at 38 n 20 25 2008 Mukasey Decl supra at 38 17 Foreign Telephone and Email Order permitted the government to add newly discovered telephone numbers and email addresses without an individual court order in advance 26 the government assessed that the restrictions of the order particularly after the May 2007 modifications was creating an intelligence gap 27 Separate from but contemporaneous with the TSP and the Foreign Telephone and Email Orders a second collection effort was being undertaken Specifically the government used the then-existing FISA statute to obtain individual court orders to compel private companies to assist the government in acquiring the communications of individuals located overseas who were suspected of engaging in terrorism and who used United States-based communication service providers 28 The government stated that it and the Foreign Intelligence Surveillance Court FISC expended considerable resources to obtain court orders based upon a probable cause showing that these overseas individuals met the legal standard for electronic surveillance under FISA 29 i e that the targets were agents of a foreign power such as an international terrorist group and that they used the specific communication facilities such as email addresses regarding which the government was seeking to conduct electronic surveillance 30 The persons targeted by these efforts were located outside the United States and the communications being sought were frequently with others who were also located outside the United States 31 Drafting applications that demonstrated satisfaction of this probable cause standard the government has asserted slowed and in some cases prevented the acquisition of foreign intelligence information 32 The government has not disclosed the scale of this second effort to target foreign individuals using traditional FISA electronic surveillance authorities but in the years following the passage of the Protect America Act of 2007 and the FISA Amendments Act of 2008 which eliminated the requirement for the 26 2008 Mukasey Decl supra at 38 See S Rep No 110-209 at 5 2007 stating that the DNI informed Congress that the decision had led to degraded capabilities Eric Lichtblau James Risen and Mark Mazzetti Reported Drop in Surveillance Spurred a Law NEW YORK TIMES Aug 11 2007 reporting on Administration interactions with Congress that led to the enactment of the Protect America Act including reported existence of an intelligence gap 27 Statement of Kenneth L Wainstein Assistant Attorney General Senate Select Committee on Intelligence Hearing On Modernization of the Foreign Intelligence Surveillance Act at 6-7 May 1 2007 May 2007 Wainstein Statement available at http www intelligence senate gov 070501 wainstein pdf 28 29 May 2007 Wainstein Statement supra at 6-7 30 50 U S C 1805 a 2 31 May 2007 Wainstein Statement supra at 7 32 See e g May 2007 Wainstein Statement supra at 7 18 government to seek such individual orders the total number of FISA electronic surveillance applications approved by the FISC dropped by over forty percent 33 In light of the perceived growing inefficiencies of obtaining FISC approval to target persons located outside the United States in the spring of 2007 the Bush Administration proposed modifications to FISA 34 Reports by the Director of National Intelligence to Congress that implementation of the FISC's May 2007 modifications to the Foreign Telephone and Email Order had resulted in degraded acquisition of communications combined with reports of a heightened terrorist threat environment accelerated Congress' consideration of these proposals 35 In August 2007 Congress enacted and the President signed the Protect America Act of 2007 36 a legislative forerunner to what is now Section 702 of FISA The Protect America Act was a temporary measure that was set to expire 180 days after its enactment 37 The government transitioned the collection of communications that had been occurring under the Foreign Telephone and Email Orders previously the TSP and some portion of the collection targeting persons located outside the United States that had been occurring under individual FISA orders to directives issued under the Protect America Act 38 The Protect America Act expired in February 2008 39 but existing Protect America Act certifications remained in effect until they expired 40 Shortly after passage of the Protect America Act efforts began to replace it with a more permanent statute 41 After substantial debate in July 2008 Congress enacted and President Bush signed into law the FISA Amendments Act of 2008 42 The FISA Amendments Compare 2007 ANNUAL FISA REPORT 2 371 Title I FISA applications in 2007 available at http www fas org irp agency doj fisa 2007rept pdf with 2009 ANNUAL FISA REPORT 1 329 Title I FISA applications in 2009 available at http www fas org irp agency doj fisa 2009rept pdf 33 See S Rep No 110-209 at 2 5 noting Administration's submission of proposed modifications in April 2007 see generally May 2007 Wainstein Statement supra Statement of J Michael McConnell Director of National Intelligence Before the Senate Select Committee on Intelligence May 1 2007 available at http www intelligence senate gov 070501 mcconnell pdf 34 35 See S Rep No 110-209 at 5 36 Pub L No 110-55 121 Stat 552 2007 Protect America Act 37 Protect America Act 6 c 38 2008 Mukasey Decl supra at 13 n 22 See Protect America Act--Extension Pub L No 110-182 122 Stat 605 2008 extending Protect America Act for two weeks 39 40 Protect America Act 6 See e g Press Release The White House President Bush Discusses the Protect America Act of 2007 Sept 19 2007 available at http georgewbushwhitehouse archives gov news releases 2007 09 20070919 html S Rep No 110-209 at 5 41 42 Pub L No 110-261 122 Stat 2436 2008 19 Act replaced the expired Protect America Act provisions with the new Section 702 of FISA The authorities and limitations of Section 702 are discussed in detail in this Report In addition to Section 702 the FISA Amendments Act of 2008 also enacted Sections 703 and 704 of FISA which required judicial approval for targeting U S persons located abroad in order to acquire foreign intelligence information 43 After passage of the FISA Amendments Act the government transitioned the collection activities that had been conducted under the Protect America Act to Section 702 44 Section 702 as well as the other provisions of FISA enacted by the FISA Amendments Act were renewed in December 2012 and are currently set to expire in December 2017 45 II Statutory Structure What Does Section 702 Authorize The Foreign Intelligence Surveillance Act is a complex law and Congress' authorization of surveillance under Section 702 of FISA is no exception In one sentence the statutory scope of Section 702 can be defined as follows Section 702 of FISA permits the Attorney General and the Director of National Intelligence to jointly authorize the 1 targeting of persons who are not United States persons 2 who are reasonably believed to be located outside the United States 3 with the compelled assistance of an electronic communication service provider 4 in order to acquire foreign intelligence information 46 Each of these terms is to various degrees further defined and limited by other aspects of FISA Congress also imposed a series of limitations on any surveillance conducted under Section 702 The statute further specifies how the Attorney General and Director of National Intelligence may authorize such surveillance as well as the role of the FISC in reviewing these authorizations This section describes this complex statutory framework A Statutory Definitions and Limitations Our description of Section 702's statutory authorization begins by breaking down the four-part sentence above First Section 702 authorizes the targeting of persons 47 FISA does not define what constitutes targeting but it does define what constitutes a person Persons are not only 43 50 U S C 1881b 1881c 44 2008 Mukasey Decl supra at 40 n 22 45 FISA Amendments Act Reauthorization Act of 2012 Pub L No 112-238 126 Stat 1631 2012 46 50 U S C 1881a a b 3 g 2 A vi 47 50 U S C 1881a a 20 individuals but also groups entities associations corporations or foreign powers 48 The definition of person is therefore broad but not limitless a foreign government or international terrorist group could qualify as a person but an entire foreign country cannot be a person targeted under Section 702 49 In addition the persons whom may be targeted under Section 702 may not intentionally include United States persons 50 United States persons or U S persons are United States citizens United States permanent residents green card holders groups substantially composed of United States citizens or permanent residents and virtually all United States corporations 51 As is discussed in detail below the NSA targets persons by tasking selectors such as email addresses and telephone numbers The NSA must make determinations regarding location U S person status and foreign intelligence value about the users of each selector on an individualized basis It cannot simply assert that it is targeting a particular terrorist group Second under Section 702 the non-U S person target must also be reasonably believed to be located outside the United States A reasonable belief is not defined in FISA but Section 702 does require that targeting procedures described in further detail below be adopted to ensure that Section 702 acquisition is limited to targets reasonably believed to be located outside the United States 52 Electronic surveillance targeting persons believed to be located in the United States is not permitted by Section 702 whether the persons in question are U S persons or not 53 Third under Section 702 this targeting of non-U S persons reasonably believed to be located outside the United States occurs with the compelled assistance of an electronic communication service provider 54 FISA defines electronic communication service providers to include a variety of telephone Internet service and other communications providers 55 As further described below electronic communication service providers are 50 U S C 1801 m 1881 a The term foreign power is a defined term in FISA it includes international terrorist groups foreign governments and entities not substantially composed of United States persons that are engaged in the proliferation of weapons of mass destruction 48 See Privacy and Civil Liberties Oversight Board Transcript of Public Hearing Regarding the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act at 71 Mar 19 2014 PCLOB March 2014 Hearing Transcript statement of Rajesh De General Counsel NSA in response to questions by James Dempsey Board Member PCLOB available at http www pclob gov Library Meetings-Events 2014-March-19-Public-Hearing 19-March2014_Public_Hearing_Transcript pdf 49 50 50 U S C 1881a b 3 51 50 U S C 1801 i 52 50 U S C 1881a d 1 A 53 50 U S C 1881 b 1 54 50 U S C 1881a g 2 A vi 55 50 U S C 1881 b 4 21 compelled to provide this assistance in conducting Section 702 acquisition through directives issued by the Attorney General and the Director of National Intelligence Given the nature of the Internet communications generated and delivered through communication services offered directly to individuals by one entity may be acquired as they cross the network of another provider without the knowledge of the consumer-facing provider This concept is further described in the discussion below regarding upstream collection Fourth and finally this targeting of non-U S persons reasonably believed to be located outside the United States must be conducted to acquire foreign intelligence information 56 Non-U S persons may be targeted under Section 702 only if the government has reason to believe that those persons possess are expected to receive or are likely to communicate foreign intelligence information 57 Foreign intelligence information concerning non-U S persons is defined in FISA as information that relates to the ability of the United States to protect against an actual or potential attack by a foreign power sabotage international terrorism or the proliferation of weapons of mass destruction by a foreign power or clandestine intelligence activities by a foreign power 58 Foreign There is some conflicting language in Section 702 on the precise standard on this point Section 1881a a states that a Section 702 authorization must be to acquire foreign intelligence information This authority however must be governed by a certification and the certification need only state that a significant purpose of the acquisition is to obtain foreign intelligence information 50 U S C 1881a g 2 A v See also SEMIANNUAL ASSESSMENT OF COMPLIANCE WITH PROCEDURES AND GUIDELINES ISSUES PURSUANT TO SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE ACT AUGUST 2013 at A-2 AUGUST 2013 SEMIANNUAL ASSESSMENT noting that the Section 702 Attorney General Guidelines implement the statutory requirement that a significant purpose of Section 702 acquisition is to obtain foreign intelligence information 50 U S C 1881a g 2 A v by requiring that Section 702 targeting occur only with respect to persons assessed to possess foreign intelligence information or who are reasonably likely to receive or communicate foreign intelligence information available at http www dni gov files documents Semiannual%20Assessment%20of%20Compliance%20with%20proc edures%20and%20guidelines%20issued%20pursuant%20to%20Sect%20702%20of%20FISA pdf see also NSA DIRECTOR OF CIVIL LIBERTIES AND PRIVACY OFFICE REPORT NSA'S IMPLEMENTATION OF FOREIGN INTELLIGENCE SURVEILLANCE ACT SECTION 702 at 5 April 16 2014 NSA DCLPO REPORT available at http www dni gov files documents 0421 702%20Unclassified%20Document pdf 56 57 NSA DCLPO REPORT supra at 3 50 U S C 1801 e 1 For information concerning a U S person the information must be necessary for this purpose Specifically this provision states foreign intelligence information is defined as 58 I nformation that relates to and if concerning a United States person is necessary to the ability of the United States to protect against -- A actual or potential attack or other grave hostile acts of a foreign power or an agent of a foreign power B sabotage international terrorism or the international proliferation of weapons of mass destruction by a foreign power or agent of a foreign power or C Clandestine intelligence activities by an intelligence service or network of a foreign power or by an agent of a foreign power 22 intelligence information concerning non-U S persons is also defined as information that relates to the national defense or security of the United States or the conduct of the foreign affairs of the United States but only insofar as that information concerns a foreign power such as international terrorist groups or foreign governments or foreign territory 59 The term foreign territory is undefined by the statute As noted below in authorizing Section 702 acquisition the Attorney General and Director of National Intelligence specify the categories of foreign intelligence information that the United States government is seeking to acquire In addition to defining the scope of the Section 702 authorization Congress specified limitations on the government's authority to engage in Section 702 targeting As previously mentioned U S persons may not be intentionally targeted In addition the government is prohibited under the law from intentionally targeting any person known at the time of acquisition to be located in the United States 60 These two rules taken together -- that the target must be both a non-U S person and someone reasonably believed to be located abroad -- are often referred to as the foreignness requirement The government is also prohibited from engaging in what is generally referred to as reverse targeting which would occur if the government were to intentionally target persons reasonably believed to be located outside the United States if the purpose of the acquisition is to target a particular known person reasonably believed to be in the United States 61 In addition to this explicit prohibition against reverse targeting persons located in the United States the government reads the statutory prohibition against targeting U S persons to also prohibit the reverse targeting of U S persons 62 In other words the ban on reverse targeting prohibits the government from targeting a non-U S person outside the United States when the real interest is to collect the communications of a person in the United States or of any U S person regardless of location Under Section 702 the government also may not intentionally acquire communications as to which the sender and all intended recipients are known at the time 50 U S C 1801 e 2 Specifically this provision states foreign intelligence information is also defined as 59 I nformation with respect to a foreign power or foreign territory that relates to and if concerning a United States person is necessary to -- A the national defense or the security of the United States or B the conduct of the foreign affairs of the United States 60 50 U S C 1881a b 1 61 50 U S C 1881a b 2 62 See PCLOB March 2014 Hearing Transcript supra at 89-92 23 of the acquisition to be located in the United States 63 Finally Section 702 contains a limitation and a reminder that any acquisition must always be conducted consistent with the requirements of the Fourth Amendment to the Constitution 64 B Section 702 Certifications The Attorney General and the Director of National Intelligence authorize Section 702 targeting in a manner substantially different than traditional electronic surveillance under FISA To authorize traditional FISA electronic surveillance an application approved by the Attorney General must be made to the FISC 65 This individualized application must include among other things the identity if known of the specific target of the electronic surveillance facts justifying a probable cause finding that this target is a foreign power or agent of a foreign power and uses or is about to use the communication facilities or places at which electronic surveillance is being directed 66 minimization procedures governing the acquisition retention and dissemination of non-publicly available U S person information acquired through the electronic surveillance and a certification regarding the foreign intelligence information sought 67 If the FISC judge who reviews the government's application determines that it meets the required elements -- including that there is probable cause that the specified target is a foreign power or agent of a foreign power and that the minimization procedures meet the statutory requirements -- the judge will issue an order authorizing the requested electronic surveillance 68 Section 702 differs from this traditional FISA electronic surveillance framework both in the standards applied and in the lack of individualized determinations by the FISC Under the statute the Attorney General and Director of National Intelligence make annual certifications authorizing the targeting of non-U S persons reasonably believed to be located outside the United States to acquire foreign intelligence information without specifying to the FISC the particular non-U S persons who will be targeted 69 Instead of identifying particular individuals to be targeted under Section 702 the certifications identify categories of foreign intelligence information regarding which the Attorney 63 50 U S C 1881a b 4 64 50 U S C 1881a b 5 50 U S C 1804 a FISA also grants additional authority to conduct emergency electronic surveillance without first making an application to the FISC 50 U S C 1805 e 65 But see 50 U S C 1805 c 3 permitting electronic surveillance orders in circumstances where the nature and location of each of the facilities or places at which surveillance will be directed is unknown 66 67 50 U S C 1804 a 1805 a 68 50 U S C 1805 a c d 50 U S C 1881a a NSA DCLPO REPORT supra at 2 noting that Section 702 certifications do not require individualized determination by the FISC 69 24 General and Director of National Intelligence authorize acquisition through the targeting of non-U S persons reasonably believed to be located abroad 70 There also is no requirement that the government demonstrate probable cause to believe that a Section 702 target is a foreign power or agent of a foreign power as is required under traditional FISA Rather the categories of information being sought must meet the definition of foreign intelligence information described above The government has not declassified the full scope of the certifications that have been authorized but officials have stated that these certifications have authorized the acquisition of information concerning international terrorism and other topics such as the acquisition of weapons of mass destruction 71 While individual targets are not specified Section 702 certifications must instead contain targeting procedures approved by the Attorney General that must be reasonably designed to ensure that any Section 702 acquisition is limited to targeting persons reasonably believed to be located outside the United States and prevents the intentional acquisition of wholly domestic communications 72 The targeting procedures specify the manner in which the Intelligence Community must determine whether a person is a nonU S person reasonably believed to be located outside the United States who possesses or is likely to possess or receive the types of foreign intelligence information authorized by a certification The process by which individuals are permitted to be targeted pursuant to the targeting procedures is discussed in detail below In addition the Attorney General and Director of National Intelligence must also attest in the certification that the Attorney General has adopted additional guidelines to ensure compliance with both these and the other statutory limitations on the Section 702 program 73 Most critically these Attorney General Guidelines explain how the government implements the statutory prohibition against reverse targeting While only non-U S persons may be intentionally targeted the information of or concerning U S persons may be acquired through Section 702 targeting in a variety of ways such as when a U S person is in communication with a non-U S person Section 702 See 50 U S C 1881a g 2 A v requiring Attorney General and Director of National Intelligence to attest that a significant purpose of the acquisition authorized by the certification is to acquire foreign intelligence information PCLOB March 2014 Hearing Transcript supra at 8-9 statement of Robert Litt General Counsel ODNI stating that certifications identify categories of information that may be acquired NSA DCLPO REPORT supra at 2 noting the annual topical certifications authorized by Section 702 70 PCLOB March 2014 Hearing Transcript at 13 statement of Robert Litt General Counsel ODNI stating that the Section 702 program has been an important source of information not only about terrorism but about a wide variety of other threats to our nation id at 59 statement of Rajesh De General Counsel NSA stating that there are certifications on counterterrorism and weapons of mass destruction id at 68 statement of James A Baker General Counsel FBI T his program is not limited just to counterterrorism 71 72 50 U S C 1881a d 1 g 2 A i g 2 B 73 50 U S C 1881a f g 2 A iii 25 target because two non-U S persons are discussing a U S person or because a U S person was mistakenly targeted Section 702 therefore requires that certifications also include minimization procedures that control the acquisition retention and dissemination of any non-publicly available U S person information acquired through the Section 702 program 74 As discussed below the minimization procedures include different procedures for handling U S person information depending on the circumstances of how it was acquired Along with the targeting procedures the minimization procedures contain the government's core privacy and civil liberties protections and are more fully discussed throughout this Report C FISC Review The government's Section 702 certifications targeting procedures and minimization procedures but not the Attorney General Guidelines are all subject to review by the FISC 75 In addition to the required procedures and guidelines the Section 702 certifications are accompanied by affidavits of national security officials76 that further describe to the FISC the government's basis for assessing that the proposed Section 702 acquisition will be consistent with the applicable statutory authorization and limits 77 Through court filings or the testimony of witnesses at hearings before the FISC the government also submits additional information explaining how the targeting and minimization procedures will be applied and describing the operation of the program in a way that defines its scope 78 The FISC's review of the Section 702 certifications has been called limited by scholars 79 privacy advocates 80 and in one instance shortly after the FISA Amendments Act 74 50 U S C 1881a e 1 g 2 A ii g 2 B 50 U S C 1881a d 2 e 2 i The Attorney General Guidelines must however be submitted to the FISA court 50 U S C 1881a f 2 C Section 702 does have a provision permitting the Attorney General and the Director of National Intelligence to authorize acquisition prior to judicial review of a certification under certain exigent circumstances 50 U S C 1881a c 2 To date the Attorney General and the Director of National Intelligence have never exercised this authority 75 50 U S C 1881a g 2 C see e g Memorandum Opinion at 3 Caption Redacted Docket No Redacted 2011 WL 10945618 at 1 FISA Ct Oct 3 2011 Bates October 2011 Opinion noting submitted affidavits by the Director or Acting Director of NSA and the Director of FBI available at http icontherecord tumblr com post 58944252298 dni-declassifies-intelligence-community-documents 76 77 See AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-1 to A-2 See e g Bates October 2011 Opinion supra at 5-9 2011 WL 10945618 at 2-4 describing 2011 government filings with and testimony before the FISA court id at 15-16 2011 WL 10945618 at 5 describing representations made to the FISA court in prior Section 702 certifications 78 See e g Laura K Donohue Section 702 and the Collection of International Telephone and Internet Content at 15 18 30-34 available at http justsecurity org wpcontent uploads 2014 05 donahue 702 pdf 79 26 was passed by the FISC itself 81 In certain respects this characterization is accurate Unlike traditional FISA applications the FISC does not review the targeting of particular individuals Specifically although the Section 702 certifications identify the foreign intelligence subject matters regarding which information is to be acquired the FISC does not see or approve the specific persons targeted or the specific communication facilities that are actually tasked for acquisition As such the government does not present evidence to the FISC nor does the FISC determine -- under probable cause or any other standard -- that the particular individuals being targeted are non-U S persons reasonably believed to be located outside the United States who are being properly targeted to acquire foreign intelligence information 82 Instead of requiring judicial review of these elements Section 702 calls upon the FISA court only to decide whether the targeting procedures are reasonably designed to ensure compliance with certain limitations and that the minimization procedures satisfy certain criteria described below The FISC is not required to independently determine that a significant purpose of the proposed acquisition is to obtain foreign intelligence information 83 although the foreign intelligence purpose of the collection does play a role in the court's Fourth Amendment analysis 84 In other respects however the FISC's role in the Section 702 program is more extensive The FISC reviews both the targeting procedures and the minimization procedures the core set of documents that implement Section 702's statutory requirements and limitations 85 With respect to the targeting procedures the FISC must See e g Submission of Jameel Jaffer Deputy Legal Director American Civil Liberties Union Foundation Privacy and Civil Liberties Oversight Board Public Hearing on Section 702 of the FISA Amendments Act at 9 Mar 19 2014 available at http www pclob gov Library Meetings-Events 2014March-19-Public-Hearing Testimony_Jaffer pdf 80 Memorandum Opinion In re Proceedings Required by 702 i of the FISA Amendments Act of 2008 Docket Misc No 08-01 2008 WL 9487946 at 5 FISA Ct Aug 27 2008 81 See The Intelligence Community's Collection Programs Under Title VII of the Foreign Intelligence Surveillance Act at 2 2012 describing differences between targeting individuals under traditional FISA electronic surveillance provisions and targeting pursuant to Section 702 This document accompanied a 2012 letter sent by the Department of Justice and the Office of the Director of National Intelligence to the Senate Select Committee on Intelligence and House Permanent Select Committee on Intelligence urging the reauthorization of Section 702 See Letter from Kathleen Turner Director of Legislative Affairs ODNI and Ronald Weich Assistant Attorney General Office of Legislative Affairs DOJ to the Honorable Dianne Feinstein Chairman Senate Committee on Intelligence et al May 4 2012 available at http www dni gov files documents Ltr%20to%20HPSCI%20Chairman%20Rogers%20and%20Ranking% 20Member%20Ruppersberger_Scan pdf 82 83 50 U S C 1881a i 2 Additionally if the FISC determines that a Section 702 certification and related documents are insufficient on Constitutional or statutory grounds the FISC cannot itself modify the certification and related documents governing the Section 702 program but instead must issue an order to the government to either correct any deficiencies identified by the FISC within 30 days or to cease or not begin implementation of the certification 50 U S C 1881a i 3 B 84 85 50 U S C 1881a d 2 e 2 i 1 A 27 determine that they are reasonably designed to ensure that targeting is limited to targeting persons reasonably believed to be located outside the United States 86 The FISC also must determine that the targeting procedures are reasonably designed to prevent the intentional acquisition of wholly domestic communications 87 In addition the FISC must also review the proposed minimization procedures under the same standard of review that is required in traditional FISA electronic surveillance and physical search applications 88 The FISC must find that such minimization procedures are specific procedures that are reasonably designed to control the acquisition retention and dissemination of non- publicly available U S person information 89 Each time the FISC reviews a Section 702 certification the FISC must also determine whether the proposed Section 702 acquisition as provided for and restricted by the targeting and minimization procedures complies with the Fourth Amendment 90 After conducting its analysis the FISC must issue a written opinion explaining the reasons why the court has held that the proposed targeting and minimization procedures do or do not comply with statutory and Fourth Amendment requirements 91 The FISC has held that it cannot make determinations in a vacuum regarding whether targeting and minimization procedures are reasonably designed to meet the statutory requirements and comply with the Fourth Amendment To the contrary the FISC has repeatedly noted that the government's targeting and minimization procedures must be considered in light of the communications actually acquired and that s ubstantial implementation problems can notwithstanding the government's intent speak to whether the applicable targeting procedures are 'reasonably designed' to acquire only the communications of non-U S persons outside the United States ' 92 Therefore although the FISC reviews the targeting procedures minimization procedures and related affidavits that 86 50 U S C 1881a i 2 B i 87 50 U S C 1881a i 2 B ii Compare 50 U S C 1881a i 2 C requirement to evaluate Section 702 minimization procedures with 50 U S C 1805 a 3 requirement to evaluate FISA electronic surveillance minimization procedures and 50 U S C 1824 a 3 requirement to evaluate FISA physical search minimization procedures 88 89 50 U S C 1801 h 90 50 U S C 1881a i 3 A i 3 B 50 U S C 1881a i 3 C While FISC judges may write opinions explaining their orders with regard to other aspects of FISA the statutory requirement for an opinion explaining the rationale of all orders approving Section 702 certifications is unique within FISA Though not required by FISA FISC Rule of Procedure 18 b 1 also requires FISC judges to provide a written statement of reasons for any denials of the government's other FISA applications See United States Foreign Intelligence Surveillance Court Rules of Procedure FISC Rule of Procedure Rule 18 b 1 available at http www uscourts gov uscourts rules FISC2010 pdf 91 Bates October 2011 Opinion supra at 28 2011 WL 10945618 at 9 quoting FISC opinion with redacted docket number 92 28 are submitted with a Section 702 certification the court's review is not limited to the four corners of those documents The FISC also takes into consideration additional filings by the government to supplement or clarify the record responses to FISC orders to supplement the record 93 and the sworn testimony of witnesses at hearings 94 Commitments regarding how the targeting and minimization procedures will be implemented that are made to the FISC in these representations have been found to be binding on the government For example during the consideration of the first Section 702 certification in 2008 the government stated that that the targeting procedures impose a requirement that analysts conduct due diligence in determining the U S person status of any Section 702 target even though the phrase due diligence is not explicitly found in the text of the NSA targeting procedures The FISC incorporated the government's representation regarding due diligence into its opinion and the government has subsequently reported to Congress and the FISC -- as incidents of noncompliance -- instances in which the Intelligence Community conducted insufficient due diligence that resulted in the targeting of a U S person 95 In evaluating the Section 702 certifications the court also considers additional filings required by the FISC's Rules of Procedure One such rule requires the government to notify the FISA court whenever the government discovers a material misstatement or omissions in a prior filing with the court 96 Another rule mandates that the government report to the FISA court incidents of noncompliance with targeting or minimization procedures previously approved by the court 97 In a still-classified 2009 opinion the FISC held that the judicial review requirements regarding the targeting and minimization procedures required that the FISC be fully informed of every incident of noncompliance See FISC Rule of Procedure 5 c stating that the FISC Judges have the authority to order any party to a proceeding to supplement the record by furnish ing any information that the Judge deems necessary 93 94 FISC Rule of Procedure 17 See AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 29 describing incidents and stating In each of these incidents all Section 702-acquired data was purged Together these redacted instances represent isolated instances of insufficient due diligence that do not reflect the redacted of taskings that occur during the reporting period 95 96 See FISC Rule of Procedure 13 a See FISC Rule of Procedure 13 b SEMIANNUAL ASSESSMENT OF COMPLIANCE WITH PROCEDURES AND GUIDELINES ISSUES PURSUANT TO SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE ACT MAY 2010 at 22 MAY 2010 SEMIANNUAL ASSESSMENT discussing requirements under Rule 10 c the predecessor to Rule 13 b in the prior set of FISC Rules of Procedure available at http www dni gov files documents FAA SAR%20May%202010%20Final%20Release%20with%20Exem ptions pdf The government also provides the FISC the Semiannual Section 702 Joint Assessment portions of the Section 707 Semiannual report and a separate quarterly report to the FISC all of which describe scope nature and actions taken in response to compliance incidents See The Intelligence Community's Collection Programs Under Title VII of the Foreign Intelligence Surveillance Act supra at 5 50 U S C 1881a l 1 97 29 with those procedures In the 2009 opinion the court analyzed whether several errors in applying the targeting and minimization procedures that had been reported to the court undermined either the court's statutory or constitutional analysis The court concluded that they did not In addition to identifying errors that could impact the sufficiency of the targeting and minimization procedures these compliance notices play an additional role in informing the FISC regarding how the government is in fact applying the targeting and minimization procedures Specifically the compliance notices must state both the type of noncompliance that has occurred and the facts and circumstances relevant to the incident 98 In doing so representations to the FISA court have in essence created a series of precedents regarding how the government is interpreting various provisions of its targeting and minimization procedures which informs the court's conclusions regarding whether those procedures -- as actually applied by the Intelligence Community to particular real-life factual scenarios -- comply with Section 702's statutory requirements and the Fourth Amendment For example while the 2008 FISC opinion incorporated the government's commitment to apply due diligence in determining the U S person status of potential targets notices of non-compliance filed by the government reflect that the government interprets the targeting procedures to also require due diligence in determining the location of potential targets Similarly the government has filed letters clarifying aspects of its post-tasking process which are discussed further below and it has reported -- as compliance incidents -- instances when its performance of the posttasking process has not complied with those representations The government's interpretations of the targeting and minimization procedures reflected in these compliance filings however are not necessarily formally endorsed or incorporated into the FISC's subsequent opinions In the Board's opinion Intelligence Community personnel applying these procedures months or years later may not be aware of the interpretive gloss arising from prior interactions between the government and the FISC on these procedures Former FISC Presiding Judge John Bates' October 3 2011 opinion provides both an example of the scope of the FISA court's review of Section 702 certifications in practice and an illustration of what actions the court can take if it determines that the government has not satisfied the court's expectations to be kept fully accurately and timely informed In April 2011 the government filed multiple Section 702 certifications with the FISC 99 In early May 2011 however the government filed a letter with the court under a FISC procedural rule regarding material misstatements or omissions acknowledging that the scope of the NSA's upstream collection described below was more expansive than 98 FISC Rule of Procedure 13 b 99 Bates October 2011 Opinion supra at 3 2011 WL 10945618 at 1 30 previously represented to the court 100 As a result of the filing the FISC expressed serious concern that the upstream collection as described by the government may have exceeded the scope of collection previously approved by the FISC and what could be authorized under Section 702 The FISC therefore ordered the government to respond to a number of questions regarding the upstream collection program 101 Throughout the summer of 2011 the government continued to supplement the record in response to the FISA court's concerns with a number of filings including by conducting and reporting to the court the results of a statistical sample of the NSA's acquisition of upstream collection 102 The government's supplemental filings discussed both factual matters such as how many domestic communications were being acquired as a result of the manner in which the government was conducting upstream collection as well as the government's legal interpretations regarding how the NSA's minimization procedures should be applied to such acquisition 103 The FISA court also met with the government and held a hearing to ask additional questions of NSA and Department of Justice personnel 104 Based on this record Judge Bates ultimately held that in light of the new information portions of the NSA minimization procedures met neither the requirements of FISA nor the Fourth Amendment and ordered the government to correct the deficient procedures or cease Section 702 upstream collection 105 The government subsequently modified the NSA minimization procedures to remedy the deficiencies identified by the FISA court 106 The FISC continued to have questions however regarding upstream collection that had been acquired prior to the implementation of these modified NSA minimization procedures 107 The government took several actions with regard to this past upstream collection and ultimately decided to purge it all 108 100 Bates October 2011 Opinion supra at 5 2011 WL 10945618 at 2 101 Bates October 2011 Opinion supra at 7 2011 WL 10945618 at 2 102 Bates October 2011 Opinion supra at 10 2011 WL 10945618 at 3-4 103 Bates October 2011 Opinion supra at 33-35 50 54-56 2011 WL 10945618 at 11 17 18-19 104 Bates October 2011 Opinion supra at 7-9 2011 WL 10945618 at 4 105 Bates October 2011 Opinion supra at 59-63 67-80 2011 WL 10945618 at 20-28 See generally Memorandum Opinion Caption Redacted Docket No Redacted 2011 WL 10947772 FISA Ct Nov 30 2011 Bates November 2011 Opinion available at http icontherecord tumblr com post 58944252298 dni-declassifies-intelligence-community-documents 106 See Memorandum Opinion at 26-30 Caption Redacted Docket No Redacted 2012 WL 9189263 at 1-4 FISA Ct Sept 25 2012 Bates September 2012 Opinion available at http www dni gov files documents September%202012%20Bates%20Opinion%20and%20Order pdf 107 108 Bates September 2012 Opinion supra at 30-32 2012 WL 9189263 at 3-4 31 D Directives As noted above Section 702 targeting may occur only with the assistance of electronic communication service providers Once Section 702 acquisition has been authorized the Attorney General and the Director of National Intelligence send written directives to electronic communication service providers compelling the providers' assistance in the acquisition 109 Providers that receive a Section 702 directive may challenge the legality of the directive in the FISC 110 The government may likewise file a petition with the FISC to compel a provider that does not comply with a directive to assist the government's acquisition of foreign intelligence information 111 The FISC's decisions regarding challenges and enforcement actions regarding directives are appealable to the Foreign Intelligence Surveillance Court of Review FISCR and either the government or a provider may request that the United States Supreme Court review a decision of the FISCR 112 III Acquisition Process How Does Section 702 Surveillance Actually Work Once a Section 702 certification has been approved non-U S persons reasonably believed to be located outside the United States may be targeted to acquire foreign intelligence information within the scope of that certification The process by which nonU S persons are targeted is detailed in the next section This section describes how Section 702 acquisition takes place once an individual has been targeted A Targeting Persons by Tasking Selectors The Section 702 certifications permit non-U S persons to be targeted only through the tasking of what are called selectors A selector must be a specific communications facility that is assessed to be used by the target such as the target's email address or telephone number 113 Thus in the terminology of Section 702 people non-U S persons reasonably believed to be located outside the United States are targeted selectors e g email addresses telephone numbers are tasked The users of any tasked selector are 109 50 U S C 1881a h 110 50 U S C 1881a h 4 111 50 U S C 1881a h 5 50 U S C 1881a h 6 However as noted in the Board's Section 215 report to date only two cases have been appealed to the FISCR One In re Directives Pursuant to Section 105B of the Foreign Intelligence Surveillance Act 551 F 3d 1004 FISA Ct Rev 2008 involved a directive under the Protect America Act the predecessor to Section 702 but none have involved Section 702 Nor has the U S Supreme Court ever considered the merits of a FISA order or ruled on the merits of any challenge to FISA 112 See AUGUST 2013 JOINT ASSESSMENT supra at A-2 NSA DCLPO REPORT supra at 4 The Intelligence Community's Collection Programs Under Title VII of the Foreign Intelligence Surveillance Act supra at 3 113 32 considered targets -- and therefore only selectors used by non-U S persons reasonably believed to be located abroad may be tasked The targeting procedures govern both the targeting and tasking process Because such terms would not identify specific communications facilities selectors may not be key words such as bomb or attack or the names of targeted individuals Osama Bin Laden 114 Under the NSA targeting procedures if a U S person or a person located in the United States is determined to be a user of a selector that selector may not be tasked to Section 702 acquisition or must be promptly detasked if the selector has already been tasked 115 Although targeting decisions must be individualized this does not mean that a substantial number of persons are not targeted under the Section 702 program The government estimates that 89 138 persons were targeted under Section 702 during 2013 116 Once a selector has been tasked under the targeting procedures it is sent to an electronic communications service provider to begin acquisition There are two types of Section 702 acquisition what has been referred to as PRISM collection and upstream collection PRISM collection is the easier of the two acquisition methods to understand B PRISM Collection In PRISM collection the government specifically the FBI on behalf of the NSA sends selectors -- such as an email address -- to a United States-based electronic communications service provider such as an Internet service provider or ISP that has been served a directive 117 Under the directive the service provider is compelled to give the communications sent to or from that selector to the government but not communications that are only about the selector as described below 118 As of mid-2011 91 percent of the NSA DCLPO REPORT supra at 4 PCLOB March 2014 Hearing Transcript supra at 57 statement of Rajesh De General Counsel NSA noting that a name cannot be tasked 114 115 NSA DCLPO REPORT supra at 6 OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE STATISTICAL TRANSPARENCY REPORT REGARDING USE OF NATIONAL SECURITY AUTHORITIES ANNUAL STATISTICS FOR CALENDAR YEAR 2013 at 1 June 26 2014 available at http www dni gov files tp National_Security_Authorities_Transparency_Report_CY2013 pdf In calculating this estimate the government counted two known people using one tasked email address as two targets and one person known to use two tasked email addresses as one target The number of targets is an estimate because the government may not be aware of all of the users of a particular tasked selector 116 The Intelligence Community's Collection Programs Under Title VII of the Foreign Intelligence Surveillance Act supra at 3 See also PCLOB March 2014 Hearing Transcript at 70 statement of Rajesh De General Counsel NSA noting any recipient company would have received legal process 117 118 PCLOB March 2014 Hearing Transcript at 70 see also NSA DCLPO REPORT supra at 5 33 Internet communications that the NSA acquired each year were obtained through PRISM collection 119 The government has not declassified the specific ISPs that have been served directives to undertake PRISM collection but an example using a fake United States company USA-ISP Company may clarify how PRISM collection works in practice The NSA learns that John Target a non-U S person located outside the United States uses the email address johntarget@usa-ISP com to communicate with associates about his efforts to engage in international terrorism The NSA applies its targeting procedures described below and tasks johntarget@usa-ISP com to Section 702 acquisition for the purpose of acquiring information about John Target's involvement in international terrorism The FBI would then contact USA-ISP Company a company that has previously been sent a Section 702 directive and instruct USA-ISP Company to provide to the government all communications to or from email address johntarget@usa-ISP com The acquisition continues until the government detasks johntarget@usa-ISP com The NSA receives all PRISM collection acquired under Section 702 In addition a copy of the raw data acquired via PRISM collection -- and to date only PRISM collection -- may also be sent to the CIA and or FBI 120 The NSA CIA and FBI all must apply their own minimization procedures to any PRISM-acquired data 121 Before data is entered into systems available to trained analysts or agents government technical personnel use technical systems to help verify that data sent by the provider is limited to the data requested by the government To again use the John Target example above if the NSA determined that johntarget@usa-ISP com was not actually going to be used to communicate information about international terrorism the government would send a detasking request to USA-ISP Company to stop further Section 702 collection on this email address After passing on the detasking request to USA-ISP Company the government would use its technical systems to block any further Section 702 acquisition from johntarget@usa-ISP com to ensure that Section 702 collection against this address was immediately terminated 119 Bates October 2011 Opinion supra at 29-30 and n 24 2011 WL 10945618 at 25 n 24 Minimization Procedures used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence Information Pursuant to Section 702 of the Foreign Intelligence Surveillance Act of 1978 as Amended 6 c Oct 31 2011 NSA 2011 Minimization Procedures available at http www dni gov files documents Minimization%20Procedures%20used%20by%20NSA%20in%20Con nection%20with%20FISA%20SECT%20702 pdf 120 121 NSA 2011 Minimization Procedures supra 6 c 34 C Upstream Collection The NSA acquires communications from a second means which is referred to as upstream collection Upstream collection is different from PRISM collection because the acquisition occurs not with the compelled assistance of the United States ISPs but instead with the compelled assistance through a Section 702 directive of the providers that control the telecommunications backbone over which communications transit 122 The collection therefore does not occur at the local telephone company or email provider with whom the targeted person interacts which may be foreign telephone or Internet companies which the government cannot compel to comply with a Section 702 directive but instead occurs upstream in the flow of communications between communication service providers 123 Unlike PRISM collection raw upstream collection is not routed to the CIA or FBI and therefore it resides only in NSA systems where it is subject to the NSA's minimization procedures 124 CIA and FBI personnel therefore lack any access to raw data from upstream collection Accordingly they cannot view or query such data in CIA or FBI systems The upstream acquisition of telephone and Internet communications differ from each other and these differences affect privacy and civil liberty interests in varied ways 125 Each type of Section 702 upstream collection is discussed below In conducting both types of upstream acquisition NSA employs certain collection monitoring programs to identify anomalies that could indicate that technical issues in the collection platform are causing data to be overcollected 126 The Intelligence Community's Collection Programs Under Title VII of the Foreign Intelligence Surveillance Act supra at 3-4 see also PCLOB March 2014 Hearing Transcript supra at 26 statement of Rajesh De General Counsel NSA The second type of collection is the shorthand referred to as upstream collection Upstream collection refers to collection from the for lack of a better phrase Internet backbone rather than Internet service providers 122 See PCLOB March 2014 Hearing Transcript supra at 26 statement of Rajesh De General Counsel NSA This type of collection upstream fills a particular gap of allowing us to collect communications that are not available under PRISM collection 123 The Intelligence Community's Collection Programs Under Title VII of the Foreign Intelligence Surveillance Act supra at 4 124 125 See PCLOB March 2014 Hearing Transcript supra at 27 statement of Rajesh De General Counsel NSA 126 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 29 35 1 Upstream Collection of Telephone Communications Like PRISM collection the upstream collection of telephone communications begins with the NSA's tasking of a selector 127 The same targeting procedures that govern the tasking of an email address in PRISM collection also apply to the tasking of a telephone number in upstream collection 128 Prior to tasking the NSA therefore is required to assess that the specific telephone number to be tasked is used by a non-U S person reasonably believed to be located outside the United States from whom the NSA assesses it may acquire the types of foreign intelligence information authorized under one of the Section 702 certifications Once the targeting procedures have been applied the NSA sends the tasked telephone number to a United States electronic communication service provider to initiate acquisition 129 The communications acquired with the compelled assistance of the provider are limited to telephone communications that are either to or from the tasked telephone number that is used by the targeted person Upstream telephony collection therefore does not acquire communications that are merely about the tasked telephone number 130 2 Upstream Collection of Internet Transactions The process of tasking selectors to acquire Internet transactions is similar to tasking selectors to PRISM and upstream telephony acquisition but the actual acquisition is substantially different Like PRISM and upstream telephony acquisition the NSA may only target non-U S persons by tasking specific selectors to upstream Internet transaction collection 131 And like other forms of Section 702 collection selectors tasked for upstream Internet transaction collection must be specific selectors such as an email address and may not be key words or the names of targeted individuals 132 Once tasked selectors used for the acquisition of upstream Internet transactions are sent to a United States electronic communication service provider to acquire communications that are transiting through circuits that are used to facilitate Internet PCLOB March 2014 Hearing Transcript supra at 26 statement of Rajesh De General Counsel NSA id at 51-53 statement of Brad Wiegmann Deputy Assistant Attorney General National Security Division DOJ 127 128 NSA DCLPO REPORT supra at 6 PCLOB March 2014 Hearing Transcript supra at 53-54 statements of Rajesh De General Counsel NSA and Brad Wiegmann Deputy Assistant Attorney General National Security Division DOJ 129 130 Bates October 2011 Opinion supra at 15 2011 WL 10945618 at 5 131 NSA DCLPO REPORT supra at 5-6 NSA DCLPO REPORT supra at 4 PCLOB March 2014 Hearing Transcript supra at 57 statement of Rajesh De General Counsel NSA noting that a name cannot be tasked 132 36 communications what is referred to as the Internet backbone 133 The provider is compelled to assist the government in acquiring communications across these circuits To identify and acquire Internet transactions associated with the Section 702-tasked selectors on the Internet backbone Internet transactions are first filtered to eliminate potential domestic transactions and then are screened to capture only transactions containing a tasked selector Unless transactions pass both these screens they are not ingested into government databases As of 2011 the NSA acquired approximately 26 5 million Internet transactions a year as a result of upstream collection 134 Upstream collection acquires Internet transactions that are to from or about a tasked selector 135 With respect to to and from communications the sender or a recipient is a user of a Section 702-tasked selector This is not however necessarily true for an about communication An about communication is one in which the tasked selector is referenced within the acquired Internet transaction but the target is not necessarily a participant in the communication 136 If the NSA therefore applied its targeting procedures to task email address JohnTarget@example com to Section 702 upstream collection the NSA would potentially acquire communications routed through the Internet backbone that were sent from email address JohnTarget@example com that were sent to JohnTarget@example com and communications that mentioned JohnTarget@example com in the body of the message The NSA would not however acquire communications simply because they contained the name John Target In a still-classified September 2008 opinion the FISC agreed with the government's conclusion that the government's target when it acquires an about communication is not the sender or recipients of the communication regarding whom the government may know nothing but instead the targeted user of the Section 702-tasked selector The FISC's reasoning relied upon language in a congressional report later quoted by the FISA Court of Review that the The Intelligence Community's Collection Programs Under Title VII of the Foreign Intelligence Surveillance Act supra at 3-4 133 134 Bates October 2011 Opinion supra at 73 2011 WL 10945618 at 26 See e g October 2011 Opinion supra at 15-16 2011 WL 10945618 at 5-6 describing the government's representations regarding upstream collection in the first Section 702 certification the FISC reviewed 135 Bates October 2011 Opinion supra at 15 2011 WL 10945618 at 5 Joint Statement of Lisa O Monaco Assistant Attorney General National Security Division Dept of Justice et al Hearing Before the House Permanent Select Comm on Intelligence FISA Amendments Act Reauthorization at 7 Dec 8 2011 December 2011 Joint Statement statement of Brad Wiegmann Deputy Assistant Attorney General National Security Division DOJ available at http www dni gov files documents Joint%20Statement%20FAA%20Reauthorization%20Hearing%20%20December%202011 pdf PCLOB March 2014 Hearing Transcript supra at 55 136 37 target of a traditional FISA electronic surveillance is the individual or entity about whom or from whom information is sought 137 There are technical reasons why about collection is necessary to acquire even some communications that are to and from a tasked selector In addition some types of about communications actually involve Internet activity of the targeted person 138 The NSA cannot however distinguish in an automated fashion between about communications that involve the activity of the target from communications that for instance merely contain an email address in the body of an email between two nontargets 139 In order to acquire about communications while complying with Section 702's prohibition on intentionally acquiring known domestic communications the NSA is required to take additional technical steps that are not required for other Section 702 collection NSA is required to use other technical means such as Internet protocol IP filters to help ensure that at least one end of an acquired Internet transaction is located outside the United States 140 If for example a person located in Chicago sent an email to a friend in Miami that mentioned the tasked selector JohnTarget@example com the IP filters or comparable technical means are designed to prevent the acquisition of this communication The IP filters however do not operate perfectly 141 and may fail to filter out a domestic communication before it is screened against tasked selectors A United States-based user for example may send a communication intentionally or otherwise via a foreign server even if the intended recipient is also in the United States 142 As such the FISC has noted the government's concession that in the ordinary course of acquiring single communications wholly domestic communications could be acquired as much as 0 197% of the time 143 While this percentage is small the FISA court estimated in 2011 that the See In re Sealed Case 310 F 3d 717 740 FISA Ct Rev 2002 quoting H R Rep 95-1283 at 73 1978 see also PCLOB March 2014 Hearing Transcript supra at 55 statement of Brad Wiegmann Deputy Assistant Attorney General National Security Division DOJ confirming the FISC had held that targeting includes communications about a particular selector that are not necessarily to or from that selector 137 Bates October 2011 Opinion supra at 37-38 2011 WL 10945618 at 12 describing the types of acquired Internet transactions and noting that a subset involve transactions of the target 138 Bates October 2011 Opinion supra at 31 43 2011 WL 10945618 at 10 14 describing limitations on what can be distinguished at the acquisition stage 139 Bates October 2011 Opinion supra at 33 2011 WL 10945618 at 11 regarding the technical measures that NSA uses to prevent the acquisition of upstream collection of domestic communications NSA DCLPO REPORT supra at 5-6 acknowledging that IP filters are used to prevent the acquisition of domestic communications 140 December 2011 Joint Statement supra at 7 acknowledging measures to prevent acquisition of domestic communications are not perfect 141 142 Bates October 2011 Opinion supra at 34-35 n 33 2011 WL 10945618 at 11 n 33 143 Bates October 2011 Opinion supra at 34 n 32 2011 WL 10945618 at 11 n 32 38 overall number of communications the government acquires through Section 702 upstream collection could result in the government acquiring as many as tens of thousands of wholly domestic communications per year 144 In addition wholly domestic communications could also be acquired because they were embedded in a larger multi-communication transaction MCT the subject of the next section 3 Upstream Collection of Internet Communications Multi-Communication Transactions MCTs While the NSA's upstream collection is intended to acquire Internet communications it does so through the acquisition of Internet transactions The difference between communications and transactions is a significant one and the government's failure to initially distinguish and account for this distinction caused the FISA court to misunderstand the nature of the collection for over two years and later to find a portion of the Section 702 program to be unconstitutional The NSA-designed upstream Internet collection devices acquire transactions as they cross the Internet An Internet transaction refers to any set of data that travels across the Internet together such that it may be understood by a device on the Internet 145 An Internet transaction could consist of a single discrete communication such as an email that is sent from one server to another Such communications are referred to as single communication transactions SCTs 146 Of the upstream Internet transactions that the NSA acquired in 2011 approximately ninety percent were SCTs 147 In other instances however a single Internet transaction might contain multiple discrete communications These transactions are referred to as MCTs 148 If a single discrete communication within an MCT is to from or about a Section 702-tasked selector and at least one end of the transaction is foreign the NSA will acquire the entire MCT 149 If the acquired MCT is a transaction between the Section 702 target who is assessed to be a non-U S person located outside the United States and is targeted to acquire foreign intelligence information falling under one of the approved certifications and a server then Bates October 2011 Opinion supra at 34 n 32 2011 WL 10945618 at 11 n 32 December 2011 Joint Statement supra at 7 144 See Bates October 2011 Opinion supra at 28 n 23 2011 WL 10945618 at 9 n 23 quoting government characterization of what constitutes an Internet transaction 145 146 Bates October 2011 Opinion supra at 27-28 2011 WL 10945618 at 9 147 Bates October 2011 Opinion supra at 34 n 32 2011 WL 10945618 at 11 n 32 148 Bates October 2011 Opinion supra at 28 2011 WL 10945618 at 9 149 December 2011 Joint Statement supra at 7 39 all of the discrete communications acquired within the MCT are also communications to or from the target Based on a statistical sample conducted by the NSA the FISC estimated that as of 2011 the NSA acquired between 300 000 and 400 000 such MCTs every year i e MCTs where the active user 150 was the target him or herself 151 When the acquired MCT is not a transaction between the target and the server but instead a transaction between another individual and a server that happens to include a Section 702 tasked selector the MCT may include communications that are not about a tasked selector and may have no relationship or no more than an incidental relationship to the tasked selector 152 These non-target MCTs break down into three categories Based on the NSA's statistical study the FISC estimated that as of 2011 the NSA acquired at least 1 3 million MCTs each year where the user who caused the transaction to occur was not the target but was located outside the United States 153 Using this same statistical analysis the FISA court estimated that the NSA would annually acquire an additional approximately 7 000 to 8 000 MCTs of non-targeted users who were located in the United States and between approximately 97 000 and 140 000 MCTs each year where NSA would not be able to determine whether the user who caused the transaction to occur was located inside or outside the United States 154 The NSA's acquisition of MCTs is a function of the collection devices it has designed Based on government representations the FISC has stated that the NSA's upstream Internet collection devices are generally incapable of distinguishing between transactions containing only a single discrete communication to from or about a tasked selector and transactions containing multiple discrete communications not all of which are to from or about a tasked selector 155 While some distinction between SCTs and MCTs can be made with respect to some communications in conducting acquisition the government has not been able to design a filter that would acquire only the single discrete communications within transactions that contain a Section 702 selector This is due to the constant changes in the protocols used by Internet service providers and the services provided 156 If time The active user is the actual human being who is interacting with a server to engage in an Internet transaction 150 151 Bates October 2011 Opinion supra at 38 2011 WL 10945618 at 12 152 December 2011 Joint Statement supra at 7 153 Bates October 2011 Opinion supra at 39 2011 WL 10945618 at 12 Bates October 2011 Opinion supra at 38-40 2011 WL 10945618 at 12 With respect to this last category the unidentified user could be the Section 702 target Id at 38 40-41 2011 WL 10945618 at 12 154 Bates October 2011 Opinion supra at 31 2011 WL 10945618 at 10 In 2011 the NSA was able to determine that approximately 90 percent of all upstream Internet transactions consisted of SCTs as the result of a post-acquisition statistical sample that required a manual review Id at 34 n 32 2011 WL 10945618 at 11 155 156 Bates October 2011 Opinion supra at 32 2011 WL 10945618 at 10 40 were frozen and the NSA built the perfect filter to acquire only single discrete communications that filter would be out-of-date as soon as time was restarted and a protocol changed a new service or function was offered or a user changed his or her settings to interact with the Internet in a different way Conducting upstream Internet acquisition will therefore continue to result in the acquisition of some communications that are unrelated to the intended targets The fact that the NSA acquires Internet communications through the acquisition of Internet transactions be they SCTs or MCTs has implications for the technical measures such as IP filters that the NSA employs to prevent the intentional acquisition of wholly domestic communications With respect to SCTs wholly domestic communications that are routed via a foreign server for any reason are susceptible to Section 702 acquisition if the SCT contains a Section 702 tasked selector 157 With respect to MCTs wholly domestic communications also may be embedded within Internet transactions that also contain foreign communications with a Section 702 target The NSA's technical means for filtering domestic communications cannot currently discover and prevent the acquisition of such MCTs 158 Because of the greater likelihood that upstream collection of Internet transactions in particular MCTs will result in the acquisition of wholly domestic communications and extraneous U S person information there are additional rules governing the querying retention and use of such upstream data in the NSA minimization procedures These additional procedures are discussed below IV Targeting Procedures Who May Be Targeted How And Who Decides As is discussed above the government targets persons under Section 702 by tasking selectors -- communication facilities such as email addresses and telephone numbers -- that the government assesses will be used by those persons to communicate or receive foreign intelligence information that falls within one of the authorized Section 702 certifications 159 Under Section 702 this targeting process to determine which persons are 1 non-U S persons that are 2 reasonably believed to be located outside the United States who will 3 use the tasked selectors to communicate or receive foreign intelligence Bates October 2011 Opinion supra at 34-35 n 32 n 33 id at 45 2011 WL 10945618 at 11 T he government readily concedes that NSA will acquire a wholly domestic about communication if the transaction containing the communication is routed through an international Internet link being monitored by NSA or is routed through a foreign server 157 158 Bates October 2011 Opinion supra at 45 47 2011 WL 10945618 at 15 159 See e g AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-2 41 information is governed by targeting procedures 160 While the targeting procedures are subject to judicial review by the FISC 161 individual targeting determinations made under these targeting procedures are not reviewed by the FISC but are subject to internal Executive oversight as detailed below 162 Both the NSA and FBI have targeting procedures that govern the process by which persons may be targeted under Section 702 163 While some information has been released by the government neither the NSA nor the FBI targeting procedures have been declassified in full The NSA's Section 702 targeting procedures take primary importance because only the NSA may initiate Section 702 collection 164 The FBI's Section 702 targeting procedures which are discussed further below are applied to certain selectors only after the NSA has previously determined under the NSA targeting procedures that these selectors qualify for Section 702 targeting 165 Although the NSA initiates all Section 702 targeting and thus makes all initial decisions pursuant to its targeting procedures regarding whether a person qualifies for Section 702 targeting under one of the Section 702 certifications the CIA and FBI have processes to nominate targets to the NSA for Section 702 targeting 166 It is the NSA however that must make the determination whether to initiate targeting Section 702 targeting begins when an NSA analyst discovers or is informed of a foreign intelligence lead -- specifically information indicating that a particular person may possess or receive the types of foreign intelligence information described within one of the Section 702 certifications 167 Lead information could come from any of multiple sources including human intelligence signals intelligence or other sources such as law enforcement information Because Section 702 acquisition is selector-based the NSA analyst must also See 50 U S C 1881a d 1 requirement for targeting procedures AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-1 general scope of what is covered by those targeting procedures 160 161 50 U S C 1881a d 2 162 NSA DCLPO REPORT supra at 2 4-5 163 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 6 9 See The Intelligence Community's Collection Programs Under Title VII of the Foreign Intelligence Surveillance Act supra at 3 noting that NSA takes the lead in targeting and tasks both telephone and electronic communications selectors to acquire communications AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 6 A ll Section 702 targeting is initiated pursuant to the NSA's targeting procedures 164 The Intelligence Community's Collection Programs Under Title VII of the Foreign Intelligence Surveillance Act supra at 3 165 166 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-8 A-12 167 NSA DCLPO REPORT supra at 4 42 discover or be informed of a specific selector used by this potential target that could be tasked to PRISM and or upstream collection 168 Having identified a potential person to target through the tasking of a selector the NSA analyst must then apply the targeting procedures These procedures require the NSA analyst to make a determination regarding the assessed location and non-U S person status of the potential target the foreignness determination 169 and whether the target possesses and or is likely to communicate or receive foreign intelligence information authorized under an approved certification the foreign intelligence purpose determination 170 A Foreignness Determination With respect to the foreignness determination the NSA analyst is required to assess whether the target of the acquisition is a non-U S person reasonably believed to be located outside the United States based upon the totality of the circumstances available 171 This analysis begins with a review of the initial lead information which must be examined to determine whether it indicates either the location or the U S person status of the potential target 172 At times the lead information itself will state where the target is assessed to be located and their U S person status In other instances this information may only enable an analyst to infer location or U S person status In either case the Section 702 targeting determination may not be made upon the lead information alone Instead the NSA analyst must check multiple sources and make a determination based on the totality of the circumstances available to the analyst 173 The government has stated that in making this foreignness determination the NSA targeting procedures inherently impose a requirement that analysts conduct due diligence in identifying these relevant circumstances What constitutes due diligence will 168 NSA DCLPO REPORT supra at 4 PCLOB March 2014 Hearing Transcript supra at 41 statement of Rajesh De General Counsel NSA stating that foreignness determination is a shorthand for referring to the determination that the target is a non-U S person reasonably located to be abroad 169 PCLOB March 2014 Hearing Transcript supra at 61 statement of Brad Wiegmann Deputy Assistant Attorney General National Security Division DOJ describing individualized foreign intelligence purpose determination which must be documented as part of the tasking process 170 NSA DCLPO REPORT supra at 4 PCLOB March 2014 Hearing Transcript supra at 42 statement of Rajesh De General Counsel NSA noting that foreignness determination is a totality of the circumstances test 171 The Intelligence Community's Collection Programs Under Title VII of the Foreign Intelligence Surveillance Act supra at 3 172 NSA DCLPO REPORT supra at 4 PCLOB March 2014 Hearing Transcript supra at 41 statement of Rajesh De General Counsel NSA in describing foreignness determination stating that an analyst must take into account all available information A n analyst cannot ignore any contrary information to suggest that that is not the correct status of the person 173 43 vary depending on the target tasking a new selector used by a foreign intelligence target with whom the NSA is already quite familiar may not require deep research into the target's already known U S person status and current location while a great deal more effort may be required to target a previously unknown and more elusive individual As previously discussed above a failure by an NSA analyst to conduct due diligence in identifying relevant circumstances regarding the location and U S person status of a Section 702 target is a reportable compliance incident to the FISC After conducting due diligence and reviewing the totality of the circumstances the NSA analyst is required to determine whether the information indicates that the target is a non-U S person reasonably believed to be located outside the United States 174 The government has stated and the Board's review has confirmed that this is not a 51% to 49% test 175 If there is conflicting information indicating whether a target is located in the United States or is a U S person that conflict must be resolved and the user must be determined to be a non-U S person reasonably believed to be located outside the United States prior to targeting 176 While conflicting information must be resolved the standard for making the foreignness determination is not a probable cause standard Through the application of the NSA targeting procedures over the years and interactions with and between and among NSA personnel and external DOJ Office of the Director of National Intelligence ODNI overseers a common understanding has been developed regarding what constitutes a sufficient basis for determining that a potential Section 702 target is a non-U S person reasonably believed to be located outside the United States The NSA targeting procedures include a process for assessing non-U S person's status This determination may not be made unless the analyst has first undertaken due diligence In 2013 the DOJ undertook a review designed to assess how often the foreignness determinations that the NSA made under the targeting procedures as described above turned out to be wrong -- i e how often the NSA tasked a selector and subsequently realized after receiving collection from the provider that a user of the tasked selector was either a U S person or was located in the United States The DOJ reviewed one year of data and determined that 0 4% of NSA's targeting decisions resulted in the tasking of a selector that as of the date of tasking had a user in the United States or who was a U S person As is discussed in further detail below data from such taskings in most instances must be 174 See PCLOB March 2014 Hearing Transcript supra at 40-42 statement of Rajesh De General Counsel NSA 175 PCLOB March 2014 Hearing Transcript supra at 40-41 statement of Rajesh De General Counsel NSA NSA DCLPO REPORT supra at 4 PCLOB March 2014 Hearing Transcript supra at 40-42 statement of Rajesh De General Counsel NSA 176 44 purged The purpose of the review was to identify how often the NSA's foreignness determinations proved to be incorrect Therefore the DOJ's percentage does not include instances where the NSA correctly determined that a target was located outside the United States but post-tasking the target subsequently traveled to the United States B Foreign Intelligence Purpose Determination In addition to the foreignness determination the NSA analyst must also make a foreign intelligence purpose determination Specifically the NSA targeting procedures require that the NSA determine that tasking the selector will be likely to acquire one of the types of foreign intelligence information identified in a Section 702 certification 177 In making this determination the NSA analyst must identify the specific foreign power or foreign territory concerning which the foreign intelligence information is being sought 178 The NSA targeting procedures include a non-exclusive list of factors that the NSA will consider in determining whether the tasking of a selector will be likely to result in foreign intelligence information falling within one of the Section 702 certifications C Documentation Requirements The NSA targeting procedures contain documentation requirements with respect to aspects of the foreignness and foreign intelligence purpose determinations Analysts are required under the NSA targeting procedures to cite the specific documents and communications that led them to assess that the Section 702 target is located outside the United States 179 As a practical matter these citations are accompanied by a narrative explaining what the documents and communications indicate with regard to the location of the target In other words with respect to the determination regarding the location of the target analysts must show their work Although analysts are required under the targeting procedures to conduct an analysis regarding why the targeting of the individual will result in obtaining foreign intelligence information under the Section 702 certifications analysts are not required to document i e show their work this foreign intelligence purpose determination in the same manner as they are required to document the foreignness determination With respect to the foreign intelligence purpose the NSA targeting procedures require the analyst only to identify the foreign power or foreign territory regarding which the foreign intelligence information is to be acquired 180 By policy but not as a requirement of the targeting procedures the NSA also requires that all taskings be accompanied by a very brief statement typically no more than one sentence 177 NSA DCLPO REPORT supra at 4 See AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-5 noting that the identified foreign power or foreign territory must be documented 178 179 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-5 see also NSA DCLPO REPORT supra at 4-5 180 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-5 45 long that further explains the analyst's rationale for assessing that tasking the selector in question will result in the acquisition of the types of foreign intelligence information authorized by the Section 702 certifications 181 In the Board's view this reduced documentation regarding the foreign intelligence purpose determination results in a less rigorous review by the NSA's external overseers of the foreign intelligence purpose determinations than the NSA's foreignness determination Also as a matter of NSA policy as opposed to a requirement in the NSA targeting procedures NSA analysts document the assessed non-U S person status of the target but analysts do not separately document the basis for this non-U S person determination In general however the non-U S person analysis is based upon same information that underlies the determination regarding the target's location D Approvals Once analysts have documented their determinations in an NSA tasking database 182 the tasking request undergoes two layers of review before actual Section 702 acquisition is initiated 183 Two different senior NSA analysts must review the documentation accompanying the tasking request to ensure that it meets all of the requirements of the NSA targeting procedures 184 Both NSA senior analysts receive additional training to review tasking requests 185 Both senior analysts may also request additional information prior to approving or denying the Section 702 tasking request 186 Both senior analysts are required to review all aspects of the tasking before approving the tasking request 187 Once the tasking request receives all of the necessary approvals it is sent to one or more electronic communication service providers that have received a Section 702 directive in order to initiate Section 702 acquisition 188 The tasking request however is subjected to further post-tasking review by the DOJ ODNI review team 189 as is discussed in the External Oversight section below See generally PCLOB March 2014 Hearing Transcript supra at 59 statement of Rajesh De General Counsel NSA discussing foreign intelligence purpose determination and noting that it must be documented in a targeting rationale document 181 182 August 2013 Semiannual Assessment supra at A-5 183 NSA DCLPO REPORT supra at 5 184 NSA DCLPO REPORT supra at 5 185 NSA DCLPO REPORT supra at 5 186 NSA DCLPO REPORT supra at 5 187 NSA DCLPO REPORT supra at 5 188 NSA DCLPO REPORT supra at 5 189 NSA DCLPO REPORT supra at 5 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 6-7 46 E CIA and FBI Nominations The CIA and FBI have both developed processes to nominate selectors to the NSA to be tasked for Section 702 acquisition 190 The NSA evaluates the CIA and FBI nominations under the same targeting procedures and using the same processes that are described above It is the NSA that is ultimately responsible for the tasking of such facilities In order to ensure that the NSA's foreignness and foreign intelligence purpose determinations regarding the CIA and FBI nominations are made on accurate and current information both the CIA and FBI have implemented internal requirements prior to formally nominating a selector to the NSA for acquisition For example the CIA nominations are reviewed and approved by the targeting officer's first line manager a legal officer a senior operational manager and the CIA's FISA Program office prior to being exported to the NSA 191 These internal procedures are in addition to the NSA documentation and approval requirements required for all taskings F FBI Targeting Procedures The FBI's targeting procedures govern certain aspects of the PRISM program specifically requests for certain communications for selectors that have already been determined by the NSA to have met its targeting procedures As the NSA has already made a foreignness determination with respect to any selector for which the FBI will be acquiring communications the FBI's role in targeting is substantially different than that of the NSA 192 Instead of establishing the required information to indicate that a Section 702 target is a non-U S person reasonably believed to be located outside the United States who is likely to communicate or receive foreign intelligence information the FBI targeting procedures are intended to provide additional assurance that the users of tasked accounts are non-United States persons located outside the United States 193 The FBI targeting procedures therefore require the FBI to both review the NSA's foreignness determinations194 and review information available to the FBI FBI personnel who process tasking requests receive training in both the FBI targeting procedures and a detailed set of standard operating procedures that describe the steps that the FBI must take to ensure that they 190 See supra footnote 1664 and accompanying text AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-8 see also AUGUST 2013 SEMIANNUAL ASSESSMENT at 36 describing compliance incident related to an FBI nomination that stemmed from reliance on an unsupported fact 191 The Intelligence Community's Collection Programs Under Title VII of the Foreign Intelligence Surveillance Act supra at 3 192 193 Bates October 2011 Opinion supra at 22 2011 WL 10945618 at 7 The Intelligence Community's Collection Programs Under Title VII of the Foreign Intelligence Surveillance Act supra at 3 194 47 have conducted due diligence in looking for information that may alter or affect the NSA's foreignness assessment 195 V Post-Tasking Review and Related Reporting and Purging Requirements In addition to defining the process by which Section 702 tasking will be initiated the NSA targeting procedures also impose additional post-tasking requirements designed to ensure that the users of tasked selectors remain non-U S persons located outside the United States and that acquisition against the selector continues only insofar as the government assesses that the tasking is likely to acquire foreign intelligence information within one of the authorized Section 702 certifications The manner in which the posttasking checks required by the NSA targeting procedures will be implemented has been supplemented by additional filings by the government with the FISC The government has reported to the FISA court and Congress as compliance incidents instances in which its implementation of the required post-tasking checks did not correspond with these additional representations to the court NSA analysts are required to routinely review at least a sample of the Section 702- acquired communications for selectors that they have tasked to ensure that the selectors remain properly tasked 196 The NSA has developed automated systems to remind analysts to review collection from email addresses and comparable selectors within five business days after the first instance that data is acquired for a particular tasked selector and at least every 30 days thereafter comparable systems have to-date not been implemented with respect to Section 702 acquisition of upstream telephony collection The analysts review the content to verify that the selector is associated with the foreign intelligence target as well as look for any information indicating that a user of the selector is a U S person or located in the United States 197 The NSA also requires analysts to re-verify at least once a year that each selector continues to be tasked in order to acquire the types of foreign intelligence information specified in the certification under which the selector is tasked The CIA and FBI have each implemented their own comparable policies and practices mandating that analysts agents and officers initially review and periodically verify data acquired from selectors nominated by the CIA and FBI to ensure the selectors remain properly tasked for Section 702 acquisition 195 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 36 A-11 to A-12 196 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-4 NSA DCLPO REPORT supra at 6 NSA DCLPO REPORT supra at 6 see also PCLOB March 2014 Hearing Transcript supra at 42 statement of Rajesh De General Counsel NSA noting that analysts have an affirmative obligation to periodically revisit the foreignness determination 197 48 In addition to this content review the NSA is required to conduct routine posttasking checks of all Section 702-tasked selectors 198 If it is determined that a user of a tasked selector is either in the United States or is a U S person the selector is required to be promptly detasked from Section 702 acquisition i e all Section 702 acquisition directed at that selector must be terminated 199 Any other Section 702-tasked selectors assessed to be used by the individual determined to be a U S person or located in the United States must also be promptly detasked 200 Additionally selectors must be detasked if the government determines that it will not obtain the types of foreign intelligence information authorized under the Section 702 certifications 201 Failure to detask a selector from Section 702 acquisition after it has been or based on the available information should have been determined to be ineligible for further Section 702 acquisition is a compliance incident that must be reported first to the DOJ and ODNI and in turn to the FISC and Congress 202 If it is learned that a tasked selector is being used by a U S person or person located in the United States the data acquired from the selector while it was being used by the U S person or person located in the United States is subject to purge with limited exceptions 203 If the data was acquired as a result of a compliance incident -- because for example there was an error in the tasking e g typographical error lack of due diligence tasking etc an error in detasking insufficiently prompt detasking or an overproduction by the provider -- the acquired communications must be purged 204 In cases where there is no underlying compliance incident but a user is determined to be a U S person or a person located in the United States e g the government had a reasonable but ultimately mistaken belief that a target was located outside the United States a purge of acquired communications is also required 205 198 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 6 199 NSA DCLPO REPORT supra at 6 see also NSA October 2011 Minimization Procedures supra 3 d 1 200 NSA DCLPO REPORT supra at 6 see also NSA October 2011 Minimization Procedures supra 3 d 1 201 NSA DCLPO REPORT supra at 6 See AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 7 noting that the NSA must report all instances in which a target is found to be located in the United States but that such incidents are only compliance incidents if the NSA knew or should have known the target was in the United States during the collection period id at 25-27 29 33 describing the category of detasking incidents and specific detasking incidents NSA DCLPO REPORT supra at 3 summarizing reporting process 202 203 NSA DCLPO REPORT supra at 8 204 See e g PCLOB March 2014 Hearing Transcript supra at 72 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-12 noting that all of the agency minimization procedures require purges when a target is discovered to be a U S person or person located in the United States with limited exceptions 205 49 Certain exceptions apply however in instances where the communications were not acquired as the result of a violation of the targeting or minimization procedures The NSA minimization procedures permit the Director or Acting Director of the NSA to waive on a communication-by-communication basis specific communications determined to contain significant foreign intelligence information or information that is not foreign intelligence information but is evidence of a crime 206 The CIA and FBI standards for executing a waiver are similar Additionally and notwithstanding the general purge requirement and the specific waiver exceptions the NSA may also inform the FBI that a target has entered the United States so that the FBI make seek traditional FISA electronic surveillance of the target or take other lawful investigative steps 207 The NSA may also retain and disclose to the FBI and CIA certain technical data for collection avoidance purposes 208 VI Minimization and Related Requirements What Are the Limitations Regarding How the Data is Acquired Who May View It How Long It Is Retained and with Whom It May be Shared Minimization is one of the most confusing terms in FISA Like traditional FISA electronic surveillance and physical search 209 Section 702 requires that all acquired data be subject to minimization procedures 210 Minimization procedures are best understood as a set of controls on data to balance privacy and national security interests Specifically under FISA minimization procedures must be specific procedures that are reasonably designed in light of the purpose and technique of the particular surveillance to minimize the acquisition and retention and prohibit the dissemination of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain produce and disseminate foreign intelligence information 211 Minimization procedures must also contain special limitations on the dissemination of U S NSA October 2011 Minimization Procedures supra 5 1 and 2 The NSA's minimization procedures also allow for the Director of the NSA to waive the purge of a communication that is assessed to contain technical data base information information necessary to understand or assess a communications security vulnerability or information pertaining to a threat of serious harm to life or property NSA October 2011 Minimization Procedures 5 3 4 To date no waivers have been granted under these additional provisions 206 207 NSA October 2011 minimization procedures supra 5 208 NSA October 2011 minimization procedures supra 5 209 See 50 U S C 1805 a 3 and 1824 a 3 210 50 U S C 1881a e 211 50 U S C 1801 h 1 emphasis added 50 person identities with respect to certain types of foreign intelligence information 212 as well as allow for the retention and dissemination of evidence of a crime to law enforcement entities 213 These statutory requirements obligate the Attorney General to adopt procedures that balance the at times competing interests in protecting the privacy of U S persons and the Intelligence Community's production of foreign intelligence information to meet national security requirements In addition although the minimization procedures must be designed to protect U S persons' privacy the procedures will at times provide controls on data that protect the privacy of non-U S persons as well This section describes the controls imposed by the Section 702 minimization procedures on acquisition access and related training requirements querying retention and purging and dissemination The NSA's 2011 Section 702 minimization procedures have been publicly released 214 Minimization procedures for the CIA FBI and National Counterterrorism Center NCTC 215 have not been publicly released to date though some information regarding these procedures has been declassified Although the minimization procedures for each agency have many similarities there are differences between the agencies' minimization procedures that are related to the different authorities of the respective agencies and the way each uses the Section 702-acquired data 216 Some of these differences impact privacy concerns All Section 702-acquired data both content and metadata is subject to the Section 702 minimization procedures 217 A Acquisition The minimization procedures of agencies that conduct acquisition -- in the case of Section 702 the NSA and FBI -- must contain provisions that minimize the acquisition of U S person information consistent with the authorized purpose of the collection The first minimization of the acquisition of U S person information however stems from the targeting requirements imposed by the statute itself As an initial matter Section 702 50 U S C 1801 h 2 further limiting dissemination of U S person identities with regard to foreign intelligence information as defined by 1801 e 2 but not 1801 e 1 212 213 50 U S C 1801 h 3 See NSA 2011 Minimization Procedures supra available at http www dni gov files documents Minimization%20Procedures%20used%20by%20NSA%20in%20Con nection%20with%20FISA%20SECT%20702 pdf 214 As described below the NCTC's role in processing and minimizing Section 702 data is limited See AUGUST 2013 JOINT ASSESSMENT supra at 4 n 2 215 PCLOB March 2014 Hearing Transcript supra at 18-19 discussion between David Medine Chairman PCLOB and Brad Wiegmann Deputy Assistant Attorney General National Security Division DOJ 216 217 PCLOB March 2014 Hearing Transcript supra at 19 51 prohibits the intentional targeting of U S persons the intentional targeting of persons located in the United States reverse targeting or the intentional acquisition of communications known to be wholly domestic at the time of acquisition 218 Each of these statutory requirements is designed to reduce though not eliminate the acquisition of U S person information The NSA minimization procedures therefore start with a requirement that Section 702 collection be conducted in accordance with the Section 702 certification and in a manner designed to the greatest extent reasonably feasible to minimize the acquisition of information not relevant to the authorized purpose 219 This mandate applies to both the NSA's acquisition and the technical assistance provided by the FBI in acquiring communications 220 Affidavits accompanying the certifications witness testimony in hearings before the FISC and additional filings before the court describe how the NSA and FBI will actually conduct the acquisition in a manner that the government believes will be reasonably designed to minimize the acquisition of information that is irrelevant to the acquisition of the foreign intelligence information specified in the Section 702 certifications 221 These representations detail the method and techniques by which the collection of PRISM and upstream collection is conducted as described above A failure to implement the acquisition in a manner that reasonably limits the collection to the authorized purpose of the Section 702 certifications can and has led to incidents of noncompliance with the minimization procedures that have been reported to the FISC and Congress 222 In addition to actually acquiring the data certain technical actions must be undertaken at or just after the acquisition stage in order to facilitate later compliance with other minimization rules For example data-tagging Section 702-acquired data at or just after acquisition is also employed to effectuate other access and routing controls certain 218 50 U S C 1881a a b 219 NSA October 2011 Minimization Procedures supra 3 a See NSA October 2011 Minimization Procedures supra 2 a defining acquisition as the collection by NSA or the FBI through electronic means of a non-public communication to which it is not an intended party 220 See e g Bates October 2011 Opinion supra at 5-10 2011 WL 10945618 at 2-3 describing various government submissions regarding how the government conducts Section 702 upstream collection id at 15-16 2011 WL 10945618 at 5 describing comparable descriptions in prior dockets id at 29-41 2011 WL 10945618 at 9-13 further describing government descriptions regarding how the government conducts Section 702 upstream collection 221 See AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 31 describing compliance incidents during this reporting period that resulted in NSA's systems overcollecting data beyond what was authorized under the Section 702 certifications 222 52 controls limiting the scope of queries and age-off and purge requirements Each of these controls is discussed further below B Access and Training Although the minimization process begins with acquisition FISA-acquired data that has yet to be reviewed and evaluated by a human being is still referred to by the government as being unminimized or raw data The NSA CIA and FBI are the three Intelligence Community agencies that have access to such unminimized Section 702- acquired data 223 Each agency limits access to unminimized Section 702-acquired data to personnel who have been trained to apply their respective agency's minimization procedures To enforce these restrictions all unminimized Section 702-acquired data must be stored in repositories with access controls designed to prevent unauthorized access of the data by those within or outside of the relevant agency The NSA's core access and training requirements are found in the NSA's targeting procedures which have not been released to the public NSA analysts are required to undergo mandatory training and must pass a test regarding the requirements of the Section 702 minimization procedures among other legal requirements prior to receiving access to unminimized Section 702-acquired data 224 The CIA's minimization procedures similarly limit access to unminimized Section 702-acquired data to analysts who have received training in the CIA minimization procedures 225 The CIA conducts in-person training regarding its minimization procedures before its personnel receive access to Section 702 data repositories and also embeds FISAtrained attorneys with CIA personnel to answer questions on the application of those minimization procedures to actual collection 226 The FBI has created a mandatory online training course that must be taken before FBI agents or analysts are granted access to repositories of unminimized Section 702- acquired data 227 The Department of Justice's National Security Division NSD and the FBI also conduct in-person trainings at FBI field offices 228 223 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-12 224 NSA DCLPO REPORT supra at 4 225 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-9 226 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-9 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 14 and A-12 see also PCLOB March 2014 Hearing Transcript at 86 statement of James A Baker General Counsel FBI confirming that access controls exists for FBI systems holding Section 702-acquired data 227 228 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 14 53 When an analyst agent or officer is granted access to unminimized Section 702- acquired data after receiving the requisite training this does not mean that the agent or analyst has access to all such data Agencies separate acquired data as a security measure Furthermore the CIA and FBI do not have copies of all Section 702-acquired data as neither agency receives all PRISM data acquired by the NSA nor does either agency receive upstream collection 229 In addition to these general access and training requirements the NSA's minimization procedures impose supplemental requirements with respect to certain Internet transactions When the active user i e the actual human being who is interacting with a server to engage in an Internet transaction associated with an MCT is either reasonably believed to be located in the United States or when the NSA cannot determine where the active user is located the NSA must segregate the MCT in a special access-controlled repository 230 Only analysts who have been trained in how to review such communications to identify any wholly domestic communications within such MCTs are permitted access to this repository 231 A multi-communication transaction may not be moved out of the special-access repository or otherwise used unless it has been determined that none of the discrete communications that make up the MCT are wholly domestic communications 232 If an MCT within this repository is determined to contain a wholly domestic communication it must be destroyed upon recognition 233 The CIA and FBI do not have access to any unminimized Section 702-acquired upstream collection 234 Separately certain access and training requirements are imposed by the NCTC's Section 702 minimization procedures The NCTC does not have access to unminimized Section 702-acquired data 235 The NCTC has however been provided access to certain FBI systems that contain Section 702-acquired data that has been minimized to meet the FBI's dissemination standard Minimization in this context means that any nonpublicly available Section 702-acquired U S person information in these FBI systems has been determined to either to be foreign intelligence information necessary to understand or assess the importance of foreign intelligence information or evidence of a crime 236 U S person information that is evidence of a crime but is not otherwise foreign intelligence 229 Bates October 2011 Opinion supra at 18 n 17 2011 WL 10945618 at 6 n 17 230 NSA October 2011 Minimization Procedures supra 3 b 5 a 231 NSA October 2011 Minimization Procedures supra 3 b 5 a 1 232 NSA October 2011 Minimization Procedures supra 3 b 5 a 1 a 233 NSA October 2011 Minimization Procedures supra 3 b 5 a 1 a 234 Bates October 2011 Opinion supra at 18 n 17 2011 WL 10945618 at 6 n 17 235 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 4 n 2 236 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 4 n 2 54 information however may only be disseminated for law enforcement purposes 237 and the NCTC is not a law enforcement agency 238 The NCTC Section 702 minimization procedures require NCTC personnel who have been granted access to these FBI systems to first be trained to not use retain or disseminate purely law enforcement information and to purge any such Section 702-acquired information from NCTC systems if it has been ingested 239 C Querying the Acquired Data The NSA CIA and FBI's Section 702 minimization procedures all permit these agencies to query unminimized Section 702-acquired information A query refers to any instance where data is searched using a specific term or terms for the purpose of discovering or retrieving unminimized Section 702-acquired content or metadata A query term or identifier is just like a search term that is used in an Internet search engine -- the term could be for example an email address a telephone number a key word or phrase or a specific identifier that an agency has assigned to an acquired communication 240 Queries are conducted using one or more of such terms or identifiers Section 702 queries are of data that has already been acquired through the tasking of selectors as described above A query therefore does not cause the government to collect any new communications but queries do permit the government to more efficiently search through and discover information in the data the government has already acquired 241 An aspect common to the implementation of the query provisions in all of the Section 702 minimization procedures is that an analyst or agent only receives unminimized Section 702-acquired data as a result of a query if that analyst or agent has the appropriate training and authorization to access the Section 702 data Different agencies accomplish this in different ways For example the CIA limits access to the database containing unminimized Section 702-acquired data to personnel who have received training in the CIA's Section 702 minimization procedures thereby preventing untrained individuals from conducting queries of this data The NSA on the other hand often stores data acquired from multiple legal authorities in a single data repository Instead of limiting access to whole databases the NSA tags each acquired communication with the legal authority under which it was acquired and then has systems that prevent an analyst from accessing or querying data acquired under a legal authority for which the analyst does not have the 237 50 U S C 1801 h 3 238 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 4 n 2 239 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 4 n 2 See e g NSA DCLPO REPORT supra at 6 NSA October 2011 Minimization Procedures supra 3 b 6 240 PCLOB March 2014 Hearing Transcript supra at 29-31 statements of Rajesh De General Counsel NSA and Brad Wiegmann Deputy Assistant Attorney General National Security Division DOJ 241 55 requisite training 242 At the FBI an agent or analyst who conducts a federated query across multiple databases but who does not have Section 702 training would not receive the Section 702-acquired information as the result of a query The agent or analyst would however be notified in their query results of the fact that there is responsive information to their query in a database containing unminimized Section 702-acquired information to which he or she does not have access In order to gain access to this information the analyst or agent would need to either take the requisite training to gain access to the Section 702 information or contact a fellow agent or analyst who had the requisite training to determine whether the responsive results can be disseminated pursuant to the minimization procedures The NSA's intelligence analysts conduct at times complex queries across large data sets The NSA's minimization procedures require that queries of unminimized Section 702- acquired information be designed such that they are reasonably likely to return foreign intelligence information 243 This prohibition against overbroad queries such as a query for the term river across all Section 702-acquired data with no other limiting query terms or queries conducted for purposes other than to identify foreign intelligence information such as an analyst's query to find information about a girlfriend applies to all of the NSA queries of unminimized Section 702-acquired information not just queries containing U S person identifiers 244 NSA analysts receive training regarding how to use multiple query terms or other query discriminators like a date range to limit the information that is returned in response to their queries of the unminimized data 245 Through various means the NSA systems record all queries of unminimized Section 702- acquired data and these records are subject to audit 246 Additional rules apply when an NSA analyst wants to use a U S person identifier -- i e a query term associated with a specific U S person such as an email address or telephone number -- to query unminimized Section 702-acquired data U S person identifiers are prohibited from being used to query the NSA's Section 702 upstream collection of Internet transactions 247 In contrast the NSA's upstream telephony collection 242 See NSA DCLPO REPORT supra at 6-7 243 NSA October 2011 Minimization Procedures supra 3 b 6 See NSA DCLPO REPORT supra at 6-7 discussing general query restrictions prior to detailing the additional requirements with regard to U S person identifiers 244 NSA DCLPO REPORT supra at 6-7 see also NSA October 2011 Minimization Procedures supra 3 b 6 noting that other discriminators may be used in constructing queries 245 246 NSA DCLPO REPORT supra at 7 247 NSA October 2011 Minimization Procedures supra 3 b 6 56 and PRISM data may be queried using U S person identifiers if those U S person identifiers have been approved pursuant to internal NSA procedures 248 The NSA's internal procedures treat queries of metadata and content using U S person identifiers differently 249 The NSA's internal procedures require that queries of metadata using a U S person identifier be conducted only in a system or systems that require analysts to document the basis for their metadata query prior to conducting the query Analysts are trained prior to using such systems The NSA reported that it conducted approximately 9 500 metadata queries using U S person identifiers in 2013 In reviewing these queries the NSD and ODNI have found that this number is likely substantially overinclusive of the actual number of U S person metadata queries conducted because many query terms that had been labeled as U S person identifiers proved on further analysis to not be identifiers of U S persons With respect to content queries using U S person identifiers the NSA's internal procedures take a white-listing approach Specifically content queries using U S person identifiers are not permitted unless the U S person identifiers have been pre-approved i e added to a white list through one of several processes several of which incorporate other FISA processes For example the NSA has approved the use of content queries using identifiers of U S persons currently subject to FISC-approved electronic surveillance under Section 105 or targeting under Section 704 U S person identifiers can also be approved by NSA's Office of General Counsel after a showing is made regarding why the proposed use of the U S person identifier would be reasonably likely to return foreign intelligence information all approvals to use U S person identifiers to query content must be documented 250 In 2013 the NSA approved 198 U S person identifiers to be used as content query terms The NSA minimization procedures mandate that the DOJ's National Security Division and ODNI conduct oversight of the NSA's U S person queries The NSD and ODNI's oversight of the NSA and other agencies queries is further detailed below The CIA's minimization procedures similarly permit the CIA to query unminimized Section 702-acquired data using U S person identifiers to discover foreign intelligence information 251 The CIA's minimization procedures require that all queries of unminimized content whether or not a U S person identifier is used in the query must be reasonably designed to find and extract foreign intelligence information The CIA minimization procedures state that the CIA must keep records of all such content queries 248 NSA October 2011 Minimization Procedures supra 3 b 6 249 NSA DCLPO REPORT supra at 7 250 NSA October 2011 Minimization Procedures supra 3 b 6 NSA DCLPO REPORT supra at 7 Bates October 2011 Opinion supra at 25 2011 WL 10945618 at 8 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 13 251 57 In implementing its query provision the CIA has not required its personnel to seek pre-approval of U S person content queries but it does record who conducts those queries and requires analysts to both identify any U S person identifiers used as query terms and to write a contemporaneous foreign intelligence justification for any query of unminimized Section 702-acquired content using a U S person identifier 252 The CIA's content queries for example involve U S persons located overseas that intelligence indicates may be engaged in facilitating international terrorism In 2013 the CIA conducted approximately 1 900 content queries using U S person identifiers Approximately forty percent of these content queries were at the request of other U S intelligence agencies Some identifiers were queried more than once the CIA has advised that approximately 1 400 unique identifiers were queried during this period The NSD and ODNI are required under the CIA minimization procedures to review these records Metadata queries are treated differently under the CIA's minimization procedures The CIA minimization procedures do not contain a standard for conducting metadata queries although the statute and internal CIA procedures do require that queries may not be conducted for an unauthorized purpose such as trying to find information about a love interest If the CIA did identify any metadata associated with the individual however the CIA is permitted to conduct a further query into the underlying content only if the query is to identify foreign intelligence information and the CIA may only disseminate the results of content or metadata queries to the requesting entity if the dissemination of information was otherwise permissible under the CIA's minimization procedures as described below The CIA does not track how many metadata-only queries using U S person identities have been conducted The FBI minimization procedures also permit the FBI to query unminimized Section 702-acquired data 253 Stemming from its role as both a foreign intelligence and a law enforcement agency the FBI's minimization procedures differ from the NSA and CIA's procedures insofar as they permit the FBI to conduct reasonably designed queries to find and extract both foreign intelligence information and evidence of a crime Although consistent with 50 U S C 1806 a any use of Section 702-acquired information regarding United States or non-U S persons may only be used for lawful purposes the requirement that queries be reasonably designed to identify foreign intelligence information or evidence AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 8 NSD and ODNI also review CIA's written justifications for all queries using United States person identifiers of the content of unminimized Section 702acquired communications 252 PCLOB March 2014 Hearing Transcript supra at 86 statement of James A Baker General Counsel FBI noting that the FBI queries such data 253 58 of a crime applies only to U S person information The reasonably designed standard applies to both content and metadata queries The FBI is required under its minimization procedures to maintain records of all terms used to query content These records identify the agent or analyst who conducted the query but do not identify whether the query terms are U S person identifiers Although the FBI's minimization procedures do not require the FBI to keep records of metadata-only queries such queries are conducted in the same databases that contain the content collection therefore such metadata queries are also recorded The NSD and ODNI conduct oversight reviews of both the content and metadata queries as described below Because they are not identified as such in FBI systems the FBI does not track the number of queries using U S person identifiers The number of such queries however is substantial for two reasons First the FBI stores electronic data obtained from traditional FISA electronic surveillance and physical searches which often target U S persons in the same repositories as the FBI stores Section 702-acquired data which cannot be acquired through the intentional targeting of U S persons As such FBI agents and analysts who query data using the identifiers of their U S person traditional FISA targets will also simultaneously query Section 702-acquired data Second whenever the FBI opens a new national security investigation or assessment FBI personnel will query previously acquired information from a variety of sources including Section 702 for information relevant to the investigation or assessment With some frequency FBI personnel will also query this data including Section 702- acquired information in the course of criminal investigations and assessments that are unrelated to national security efforts In the case of an assessment an assessment may be initiated to detect obtain information about or prevent or protect against federal crimes or threats to the national security or to collect foreign intelligence information 254 If the agent or analyst conducting these queries has had the training required for access to unminimized Section 702-acquired data any results from the Section 702 data would be returned in these queries If an agent or analyst does not have access to unminimized Section 702-acquired data -- typically because this agent or analyst is assigned to nonnational security criminal matters only -- the agent or analyst would not be able to view the unminimized data but would be notified that data responsive to the query exists and could request that an agent or analyst with the proper training and access to review the unminimized Section 702-acquired data Anecdotally the FBI has advised the Board that it The Attorney General's Guidelines for Domestic FBI Operations II A available at http www justice gov ag readingroom guidelines pdf 254 59 is extremely unlikely that an agent or analyst who is conducting an assessment of a nonnational security crime would get a responsive result from the query against the Section 702-acquired data D Retention and Purging FISA also requires that the retention of nonpublicly available U S person information be minimized consistent with the need of the United States to obtain produce and disseminate information 255 As such the NSA CIA and FBI's minimization procedures contain provisions regarding when unminimized data must be aged off agency systems what data must be purged upon recognition and what types of evaluated information may be retained indefinitely 256 Data that has been evaluated and determined to contain either no U S person information or only U S person information that meets the standard for permanent retention is referred to as minimized information With a notable exception unminimized Section 702-acquired data must be aged off of the NSA and CIA systems no later than five years after the expiration of the Section 702 certification under which that data was acquired 257 Unminimized Internet transactions acquired through the NSA's upstream collection however must be aged off of the NSA systems no later than two years after the expiration of the Section 702 certification under which the data has been acquired 258 The CIA and FBI do not receive and therefore do not retain such upstream collection The FBI's minimization procedures alone distinguish between acquired data that have not been reviewed and those that have not been determined to meet the retention standard As with the NSA and CIA Section 702-acquired communications that have not been reviewed must be aged off FBI systems no later than five years after the expiration of the Section 702 certifications under which the data was acquired Data that was reviewed but not yet determined to meet the retention standard in the FBI minimization procedures may be kept for a longer retention period subject to additional access controls With respect to all of the agencies extensions from these age-off requirements may be sought from a high-level agency official Other limited exceptions apply such as to communications that are still being decrypted 259 255 50 U S C 1801 h 1 Although the minimization procedures themselves do not place an outer limit regarding how long such information may be retained general rules regarding the retention of federal records apply to this data 256 257 See e g NSA October 2011 Minimization Procedures supra 3 c 1 NSA DCLPO REPORT supra at 8 258 NSA October 2011 Minimization Procedures supra 3 c 1 NSA DCLPO REPORT supra at 8 259 See e g NSA October 2011 Minimization Procedures supra 6 a 1 a 60 As government personnel engage in the process of evaluating communications the minimization procedures impose certain requirements requiring communications to be purged upon recognition As described above if data has been acquired as a result of a compliance incident such as a typographical error in the tasking or a failure to detask a selector before a target's known travel to the United States any identifiable data acquired as a result of the compliance incident is purged 260 When a compliance incident is discovered each agency has a process to discover and destroy data subject to purge 261 The agencies also must coordinate such purges to ensure that all agencies are both aware of instances when a purge is required and use the same parameters to identify data subject to purge 262 Whether or not the communications were acquired as a result of a compliance incident purges are required whenever a user of a tasked selector has been determined to be a U S person or located in the United States at any point during the acquisition 263 These purge requirements and the exceptions to these requirements have been detailed above In addition the NSA's minimization procedures include additional purge-upon-recognition requirements due to the possibility that the NSA's upstream collection of Internet transactions could acquire domestic communications to which a user of a tasked selector is not a communicant Such upstream-acquired Internet transactions must be destroyed upon recognition if it is determined that the transactions contain U S person information but do not contain any information that meets the NSA's long-term retention standards discussed further below 264 MCTs must also be destroyed upon recognition if it is determined that a single discrete communication within the MCT is a wholly domestic communication 265 The NSA's minimization procedures also contain the following provision Personnel will exercise reasonable judgment in determining whether information acquired must be minimized and will destroy inadvertently 260 See e g PCLOB March 2014 Hearing Transcript supra at 72 261 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-13 262 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-13 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-12 noting that all of the agency minimization procedures require purges when a target is discovered to be a U S person or person located in the United States with limited exceptions 263 264 NSA October 2011 Minimization Procedures supra 3 c 2 NSA October 2011 Minimization Procedures supra 3 b 5 a 1 a requiring destruction of segregated MCTs determined to contain a wholly domestic communication and 3 b 5 b 1 requiring a determination regarding whether a single communication within an MCT is a wholly domestic communication before it is used Bates November 2011 Opinion supra at 9 2011 WL 10947772 at 4 incorporating government's representation in a filing that if the discrete communication within an MCT is determined to be a wholly domestic communication it must be destroyed 265 61 acquired communications of or concerning a United States person at the earliest practicable point in the processing cycle at which such communication can be identified either as clearly not relevant to the authorized purpose of the acquisition e g the communication does not contain foreign intelligence information or as not containing evidence of a crime which may be disseminated under these procedures 266 While it is not entirely clear what constitutes an inadvertently acquired communication here the NSA's general counsel has stated that i f information is determined to not have foreign intelligence value then it is required to be purged 267 The NSA's general counsel however clarified that it is often difficult to determine the foreign intelligence value of any particular piece of information 268 An NSA analyst would need to determine not only that a communication is not currently of foreign intelligence value to him or her but also would not be of foreign intelligence value to any other present or future foreign intelligence need Thus in practice this requirement rarely results in actual purging of data Neither the CIA nor FBI's minimization procedures have comparable requirements that a communication containing U S person information be purged upon recognition that the communication contains no foreign intelligence information instead the CIA and FBI rely solely upon the overall age-off requirements found in their minimization procedures Section 702-acquired data that is not subject to purge upon recognition may be retained effectively indefinitely i e need not be aged off of agency systems if an agency determines that the data meets the retention standard in its minimization procedures A communication is sometimes described as having been minimized or retained if the communication has been determined to meet this retention standard The NSA's minimization procedures permit the NSA to retain communications other than wholly domestic communications in generally the same situations where the NSA is permitted to disseminate i e disclose these communications to the consumers of the NSA's intelligence reports 269 Specifically the NSA may retain communications where the information identifiable to a U S person is for example necessary to understand the foreign intelligence information or assess its importance indicates that U S person may be the target of intelligence activities by a foreign government or the communication indicates that the United States person may be engaging international terrorist 266 NSA October 2011 Minimization Procedures supra 3 b 1 PCLOB March 2014 Hearing Transcript supra at 44 see also id at 45-46 referencing above quoted provision in the minimization procedures by stating that this determination must be made as early as possible in the processing cycle 267 268 PCLOB March 2014 Hearing Transcript supra at 46 269 NSA October 2011 Minimization Procedures supra 6 a 62 activities 270 The NSA may also retain a communication containing U S person information if the communication is reasonably believed to contain evidence of a crime and the NSA has or will disseminate that evidence to a federal law enforcement entity 271 The NSA may also retain communications beyond the normal age-off period if it is still decrypting the communication or using the communication to decrypt other communications 272 The NSA minimization procedures do not separately place any limitations on the retention of communications that contain no U S person information but they do contain a reminder that any such communications may be retained only in accordance with other laws regulations and policy for example the general definitions and restrictions regarding the NSA's authorities provided in Executive Order 12333 and related documents 273 The retention standard in the CIA's Section 702 minimization procedures is comparable to the standard found in the NSA's minimization procedures The CIA may indefinitely retain minimized communications In order to minimize the communication the CIA must remove any U S person information from the communication unless the information is publicly available the U S person has consented to retention of the information or the CIA must determine that the U S person information is necessary or may reasonably become necessary to understand foreign intelligence information The CIA minimization procedures contain various categories of information considered to either be foreign intelligence information or information that is necessary to understand foreign intelligence information Once minimized the communications may be retained in repositories that are still restricted to CIA personnel but not necessarily CIA personnel who have been trained in the CIA minimization procedures The CIA minimization procedures also permit the retention of data that is retained because it has been reported to a federal law enforcement agency as evidence of a crime The FBI Section 702 minimization procedures permit acquired communications to be retained indefinitely if the communications either contain no U S person information or if the communications contain information that reasonably appears to be foreign intelligence information is necessary to understand foreign intelligence information or assess its importance or is evidence of a crime Before further using this communication the FBI is required to mask any U S person information within the communication that does not satisfy one of these three criteria The FBI is also separately required to retain 270 NSA October 2011 Minimization Procedures supra 6 a 2 b 271 NSA October 2011 Minimization Procedures supra 6 a 3 b 8 272 NSA October 2011 Minimization Procedures supra 6 a 1 273 NSA October 2011 Minimization Procedures supra 7 63 reviewed information that reasonably appears to be exculpatory or that reasonably appears to be discoverable in a criminal proceeding E Use and Dissemination Restrictions in FISA and the minimization procedures contain limitations on the use and dissemination of Section 702-acquired information Dissemination of FISA-acquired information generally refers to the reporting of acquired information outside of an intelligence agency though broad accessibility of information within an agency can also constitute dissemination 274 Section 702 acquisition is governed by almost all of the same restrictions on use that apply to traditional FISA electronic surveillance 275 These statutory restrictions apply to both U S person information and non-U S person information Specifically all Section 702 information may be used or disclosed only for lawful purposes 276 Use of Section 702- acquired information in a criminal proceeding must be authorized by the Attorney General 277 Any person whose communications have been acquired pursuant to Section 702 whether or not he or she was a target of the acquisition and whether or not he or she is a U S person must be notified by the government before any information obtained from or derived from Section 702 acquisition is used against him or her in any legal proceeding in the United States 278 Such an individual is referred to as an aggrieved person An aggrieved person may move to suppress the evidence that was obtained from or derived from Section 702 acquisition on the grounds that the information was unlawfully acquired or that the Section 702 acquisition otherwise did not conform with the Attorney General and Director of National Intelligence's authorization 279 The agencies' minimization procedures and practices impose additional restrictions on the use and dissemination of Section 702-acquired data The NSA's minimization procedures permit the NSA to disseminate U S person information if the NSA deletes any information that could identify the U S person a process referred to as masking 280 Alternatively the NSA may disseminate the U S person's identity for one of a specific list of reasons including that the U S person has consented to the dissemination the specific 274 See H R Rep No 95-1283 at 59 discussing minimization within agencies 50 U S C 1881e a stating that information acquired under Section 702 shall be governed under virtually all of the use restrictions found in 50 U S C 1806 275 276 50 U S C 1806 a 277 50 U S C 1806 b 278 50 U S C 1806 c d 279 50 U S C 1806 e 280 NSA October 2011 Minimization Procedures supra 6 b 64 information about the U S person is already publicly available the U S person's identity is necessary to understand foreign intelligence information or the communication contains evidence of a crime and is being disseminated to law enforcement authorities As a matter of practice and policy the NSA typically masks all information that could identify a U S person in its reports 281 Consumers of NSA reports such as other federal agencies may then request that the U S person identity be unmasked a request that the NSA approves if the user has a need to know and disseminating the U S person identity would be consistent with the NSA's minimization procedures 282 Generally dissemination of communications that contain no U S person information are governed by other laws regulation and policies such as Executive Order 12333 and related implementing regulations but not by the minimization procedures 283 These further restrictions outside the minimization procedures for example require that the NSA generate intelligence reports only to meet specific intelligence requirements established by the government 284 These regulations and policies also contain restrictions regarding what information U S person information or otherwise may be shared with foreign governments 285 In response to Judge Bates' opinion finding that a previous version of the NSA's minimization procedures did not meet Fourth Amendment or statutory requirements the NSA's minimization procedures now also impose additional restrictions on the use of MCTs Specifically before a discrete communication contained within an MCT can be used in an intelligence report FISA application or to engage in further Section 702 targeting the NSA analyst must determine if the discrete communication contains a tasked selector 286 If not and the communication is to or from an identifiable U S person or person located in the United States that discrete communication may only be used to protect against an immediate threat to life such as a hostage situation 287 The CIA's minimization procedures permit the CIA to disseminate U S person information if any information that identifies the U S person is masked in the dissemination The CIA may also disseminate U S person information in a manner that identifies the U S person if that person's identity is necessary to understand foreign 281 NSA DCLPO REPORT supra at 7 282 NSA DCLPO REPORT supra at 7-8 NSA October 2011 Minimization Procedures supra 6 b and 7 283 NSA October 2011 Minimization Procedures supra 7 284 NSA DCLPO REPORT supra at 7 285 See generally Exec Order No 12333 1 3 b 4 and 1 6 f 286 NSA October 2011 Minimization Procedures supra 3 b 5 b 2 287 NSA October 2011 Minimization Procedures supra 3 b 5 b 2 c 65 intelligence information or if concerning an attack by a foreign power sabotage by a foreign power international terrorism or the international proliferation of weapon of mass destruction by a foreign power or clandestine intelligence activities by a foreign power may become necessary to understand the foreign intelligence information The CIA may further disseminate evidence of a crime to federal law enforcement authorities The FBI's minimization procedures permit the FBI to disseminate Section 702- acquired U S person information that reasonably appears to be foreign intelligence information or is necessary to understand foreign intelligence information Disseminations concerning the national defense or security of the United States or the conduct of foreign affairs of the United States are permitted to identify U S persons only if necessary to understand the foreign intelligence information or to assess its importance The FBI is also permitted to disseminate U S person information that reasonably appears to be evidence of a crime to law enforcement authorities The FBI's minimization procedures incorporate certain guidelines already otherwise applicable to the FBI regarding the dissemination of information to foreign governments 288 VII Internal Agency Oversight and Management of the Section 702 Program In addition to the training programs previously described each of the agencies subject to targeting or minimization procedures has developed a corresponding compliance program to evaluate and oversee compliance with these procedures as well as facilitate the reviews by external overseers 289 Any incidents of noncompliance that have been identified either by these compliance programs or that are otherwise discovered by the agencies must be reported to the DOJ and ODNI who in turn must report these incidents to Congress and the FISC 290 as discussed in the next section The NSA's use of the Section 702 authorities are internally overseen by various NSA entities including the NSA's Office of the Director of Compliance ODOC NSA's Office of General Counsel OGC embedded compliance elements within NSA's directorates in 288 NSA October 2011 Minimization Procedures supra 3 b 5 b 2 c See AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-6 to A-8 discussing NSA oversight program id at A-9 discussing CIA oversight program id at A-11 to A-12 discussing FBI oversight program See generally id at 4-5 n 2 noting that no incidents of noncompliance have been reported by the NCTC and that the NSD and ODNI would be conducting a review of the NCTC's compliance in the following reporting period 289 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 28 noting that the semiannual report required by Section 707 is given to both Congress and the FISC and describes all incidents of noncompliance 50 U S C 1881f b 1 G requiring all incidents of noncompliance with the targeting procedures minimization procedures and Attorney General Guidelines as well as any incidents of noncompliance by a provider to be reported in the Section 707 Report FISC Rule of Procedure 13 b requiring incidents of noncompliance to be reported to the FISC 290 66 particular the Signals Intelligence Directorate's Oversight and Compliance O C section and -- as of early 2014 -- the NSA's new Director of Civil Liberties and Privacy Office DCLPO 291 Each of these organizations has different but related roles The NSA's ODOC is responsible for NSA-wide compliance efforts and conducts periodic risk assessments to identify potential systemic incidents of noncompliance with the NSA targeting or minimization procedures 292 For example the ODOC conducted a risk assessment regarding how effective the NSA's purge practices had been in removing data required to be purged from the NSA's systems Particularly important in light of errors and misunderstandings that have led to compliance issues in Section 702 and other programs such as the MCT issue discussed above ODOC also coordinates programs intended to ensure that factual representations made to the FISC are accurate and that interpretations of how the targeting and minimization procedures are to be applied in practice are consistent both within the NSA and between the NSA and its overseers 293 The NSA's O C section and OGC conduct more granular oversight of the Section 702 program The O C section conducts spot checks of individual targeting decisions queries of acquired data and disseminations for compliance with the NSA's targeting and minimization procedures 294 The O C section and OGC also offer compliance-related guidance regarding targeting decisions investigate and report potential incidents of noncompliance with the procedures and other legal requirements and provide remedial training when an incident investigation reveals that the incident was caused by an avoidable error 295 The O C section and OGC also facilitate the reviews conducted by the DOJ and ODNI that are described below 296 The NSA appointed its first Director of Civil Liberties and Privacy while the Board was conducting its review of the Section 702 program The Director's office is not as of yet involved in periodic Section 702 programmatic reviews The Director's first public report however was issued in April 2014 and described in an unclassified manner aspects of the NSA's implementation of the Section 702 program The CIA's internal compliance program is managed by the CIA's FISA Program Office and the CIA's OGC 297 These entities conduct oversight of the CIA's day-to-day use of the Section 702 authorities by for example conducting pre-tasking reviews of the CIA 291 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-6 to A-8 NSA DCLPO REPORT supra at 9 292 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-7 to A-8 293 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-7 294 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-7 NSA DCLPO REPORT supra at 7 295 See generally NSA DCLPO REPORT supra at 9 296 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 7 297 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-9 67 nominations to the NSA regarding proposed new selectors to be tasked for Section 702 acquisition 298 The FISA Program Office also oversees whether current and proposed systems handle Section 702-acquired data in compliance with the minimization procedures 299 The FISA Program Office additionally conducts reviews regarding whether Section 702 selectors remain properly tasked 300 The CIA's OGC has attorneys embedded with CIA personnel to answer specific targeting querying retention and dissemination questions 301 Finally the CIA FISA program office and the CIA OGC facilitate the reviews conducted by the DOJ and ODNI that are described below Several sub-organizations within the FBI are responsible for conducting internal oversight over the Bureau's Section 702 activities The FBI's OGC in particular its National Security Law Branch is responsible for providing legal advice regarding the application of the FBI targeting and minimization procedures The FBI's Exploitation Threat Section XTS takes the lead in reviewing the FBI's nominations to the NSA for proposed Section 702 tasking 302 Various sub-organizations within the Bureau are responsible for reviewing and monitoring compliance with the FBI targeting and minimization procedures As described above the NCTC's role in the Section 702 program is minimal The NCTC has assigned legal and program personnel to oversee the implementation of its minimization procedures Incidents of noncompliance with the targeting or minimization procedures that are identified by any of these internal compliance efforts or that are otherwise self-identified by the agencies must be reported to the DOJ and ODNI 303 Historically most identified compliance incidents have been discovered as a result of self-reporting or via the internal compliance programs 304 Once an incident has been identified and reported the internal 298 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-8 to A-9 299 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-9 300 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-9 301 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-9 302 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-12 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 7 regarding the NSA's reporting of incidents 10 regarding reporting of incidents by the FBI Office of General Counsel A-7 regarding the NSA's reporting via the NSA Office of General Counsel and A-9 regarding reporting of incidents by the CIA Office of General Counsel 303 See AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 7 stating that most incidents are identified by NSA analysts or by NSA's internal compliance program id at 25 noting that most compliance incidents involve the NSA targeting or minimization procedures id at 28 advising that the volume of NSA incidents is robust enough such that pattern and trend analysis is more fruitful than is the case with other compliance matters 304 68 compliance programs are also involved in implementing remedial actions such as purging and retraining as required 305 In addition to reporting incidents of noncompliance as an additional prophylactic measure the NSA is required under its targeting procedures to report any instance in which a user of a Section 702-tasked selector is determined to have been in the United States while the selector was tasked 306 Should the CIA or FBI determine that a user of a Section 702 selector is a U S person or located in the United States the CIA and FBI report this to the NSA which in addition to promptly detasking the selector sends a report to the DOJ and ODNI This reporting requirement applies whether or not the NSA assesses that this acquisition occurred as the result of a compliance incident For example if the NSA correctly assessed that a target was a non-U S person located abroad but unbeknownst to the NSA and not reasonably predictable based on information available to the NSA the target subsequently entered the United States no compliance incident would have occurred The NSA would be required to promptly detask the target's selectors from Section 702 acquisition upon recognition and purge data acquired while the user was in the United States but no incident of noncompliance with the targeting or minimization procedures would have occurred This is because the NSA assessed that the target was a non-U S person reasonably believed to be located outside the United States up until the time that the NSA detasked the selector from Section 702 acquisition Nonetheless the NSA would be required to report such an incident to the DOJ and ODNI As described below the DOJ and ODNI investigate such incidents and will request additional information in order to make their own determination regarding whether a compliance incident did or did not occur 307 Additionally but separately the statute also requires each agency that conducts Section 702 acquisition to conduct an annual review of the Section 702 program 308 These annual reviews must be sent to the Senate Select Committee on Intelligence Senate Committee on the Judiciary House Permanent Select Committee on Intelligence and House Judiciary Committee hereinafter the Congressional Committees the FISC Attorney General and Director of National Intelligence 309 The annual reviews must report the number of disseminations of U S person identities made the number of U S person identities that were subsequently unmasked and the number of Section 702 targets that See e g NSA DCLPO REPORT supra at 9 regarding various remedies implemented by NSA after an incident is discovered AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-13 describing elements of the purge process 305 306 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 7 307 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 7 308 50 U S C 1881a l 3 309 50 U S C 1881a l 3 69 were subsequently determined to be located in the United States 310 The agency reviews must also evaluate whether foreign intelligence information is being acquired under the Section 702 program and whether the minimization procedures adequately minimize the acquisition retention and dissemination of U S person information consistent with the United States' foreign intelligence needs 311 The CIA receives Section 702 acquisition but does not actually conduct any acquisition As such the CIA does not conduct an annual review some information regarding the CIA's use of the program however is included in the NSA's annual report VIII External Oversight of the Section 702 Program In enacting Section 702 Congress mandated additional external layers of oversight each resulting in reports made to Congress and the FISC This Section describes the targeting and minimization reviews conducted by the DOJ's National Security Division NSD and the ODNI the reports issued by the inspectors general and additional oversight activities conducted by the FISC and the Congressional Committees A NSD ODNI Targeting Reviews As is discussed above the NSA is required under its targeting procedures to document every targeting decision made under its targeting procedures The record of each targeting decision known as a tasking sheet includes 1 the specific selector to be tasked 312 2 citations to the specific documents and communications that led the NSA to determine that the target is reasonably believed to be located outside the United States 313 3 a narrative describing the contents of these specific documents and communications 4 a statement regarding the assessed U S person status of the target and 5 a statement identifying the foreign power or foreign territory regarding which the foreign intelligence information is to be acquired 314 The NSD conducts a post-tasking review of every tasking sheet provided by the NSA 315 the ODNI reviews a sample of these sheets In addition to evaluating whether the tasking complied with the targeting procedures the NSD and ODNI review the targeting for 310 50 U S C 1881a l 3 A i - iii 311 50 U S C 1881a l 3 A B 312 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 7 313 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-5 see also NSA DCLPO REPORT supra at 4-5 314 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at A-5 See PCLOB March 2014 Hearing Transcript supra at 61 statement of Brad Wiegmann Deputy Assistant Attorney General National Security Division DOJ stating that tasking sheets are all reviewed by the Department of Justice on a regular basis 315 70 overall compliance with the statutory limitations such as the prohibition against reverse targeting If the NSD or ODNI is unable to determine whether the tasking sheet is sufficient the NSD and ODNI will require the NSA to provide the cited documents and communications that underlie the NSA's foreignness determination at a bimonthly onsite review 316 The NSD and ODNI also engage with the NSA compliance and legal personnel to ask follow-up questions regarding the foreignness and foreign intelligence purpose determinations 317 As needed the NSD and ODNI also seek additional information from the CIA and FBI regarding selectors that they have nominated 318 The NSD and ODNI's review of foreign intelligence purpose determinations is more limited than its review of foreignness determinations insofar as the NSA analysts are required to document the basis for their foreignness determination i e they must show their work whereas the analyst need only identify a foreign intelligence purpose The results of each NSD ODNI bimonthly review are required by statute to be provided to the Congressional Committees 319 Historically the NSD and ODNI's bimonthly reviews have determined that approximately 0 1% of all the NSA taskings did not meet the requirements of the NSA targeting procedures 320 Additionally but separately the NSD and ODNI also conduct approximately monthly reviews of the FBI's application of its own targeting procedures 321 The NSD currently reviews every instance in which the FBI's evaluation of foreignness revealed any information regarding the target regardless of whether the information confirms or rebuts the NSA's foreignness determination Follow-up questions regarding the FBI's evaluation of this information are discussed with FBI analysts and supervisory personnel 322 Like the NSA reviews the results of the NSD ODNI monthly reviews regarding FBI targeting are documented in a report that must be sent to the Congressional Committees 323 The NSD and ODNI have not reported the historical percentage of tasking incidents that have been discovered as a result of these reviews For the period of June through November 2012 the 316 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 7 317 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 7 See e g AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 8 noting that with respect to CIA nominations the joint oversight review team conducts onsite visits at CIA and the results of these visits are included in the bimonthly NSA review reports discussed above see also AUGUST 2013 SEMIANNUAL ASSESSMENT at 6-7 describing these content of the bimonthly review reports including the NSA tasking review 318 319 50 U S C 1881f b 1 F PCLOB March 2014 Hearing Transcript supra at 43 statement of Brad Wiegmann Deputy Assistant Attorney General National Security Division DOJ 320 321 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 9-10 322 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 10 323 50 U S C 1881f b 1 F 71 overall FBI tasking incident error rate which would include incidents discovered by the NSD ODNI reviews was 0 04% B NSD ODNI Minimization Reviews The NSD and ODNI also conduct at least bimonthly reviews of the NSA CIA and FBI's application of their respective minimization procedures 324 These reviews vary based on the differences in each agency's minimization procedures and the manner in which each agency uses the Section 702-acquired data 325 In addition to reviewing agency activities for compliance with the minimization procedures the NSD and ODNI also look for any other potential violations of statutory prohibitions such as the prohibition against reverse targeting For example if a Section 702 tasking resulted in substantial reporting by the Intelligence Community regarding a U S person but little about the Section 702 target this would be a strong indication to the oversight team that reverse targeting may have occurred The results of the NSD ODNI reviews are documented in reports that are as required by FISA sent to the Congressional Committees 326 The NSD and ODNI bimonthly minimization reviews at the NSA focus on dissemination and queries using U S person identifiers 327 With respect to dissemination the NSA identifies to the NSD ODNI review team all NSA-issued reports that contain U S person information derived from Section 702 acquisition 328 The NSD ODNI team has reviewed a substantial majority of these reports 329 The NSD ODNI team also reviews other disseminations of foreign intelligence information to foreign governments which may or may not contain U S person information 330 With respect to queries of Section 702- acquired metadata using U S person identifiers the NSD ODNI team reviews all such queries and analysts' justifications for the queries With respect to Section 702-acquired content queries the NSD ODNI review team reviews the documentation for all U S person identifiers that are approved as query terms 331 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 5-10 regarding frequency of reviews and fact that they include minimization reviews 324 325 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 5-6 326 50 U S C 1881f b 1 F 327 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 7 13 328 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 7 The NSD ODNI previously reviewed a substantial majority of these reports See NSA DCLPO REPORT supra at 8 NSD has advised that it has recently revised its reviews and is now reviewing all reports provided by NSA that that contain U S person information 329 330 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 7 See NSA October 2011 Minimization Procedures supra 3 b 6 regarding documentation requirements for such query terms NSA DCLPO REPORT supra at 7 regarding fact that this documentation is made available to NSD and ODNI for review 331 72 At the CIA the NSD ODNI team reviews the CIA's querying retention and dissemination of Section 702-acquired data 332 The NSD ODNI team evaluates all of the required written justifications for use of a U S person identifier or any other query term intended to return information about a particular U S person to query Section 702- acquired content 333 Metadata queries are not reviewed The NSD ODNI review team samples decisions made by CIA personnel to permanently retain data 334 The CIA is required to provide and the NSD ODNI team reviews all disseminations of Section 702- acquired U S person information 335 With respect to the FBI the NSD ODNI team also evaluates the FBI's querying retention and dissemination determinations 336 The NSD and ODNI review a sample of communications that FBI assesses meets the retention standards a sample of disseminations containing Section 702-derived U S person information and a sample of queries conducted by FBI personnel The NSD and ODNI also conduct annual process reviews at the NCTC and FBI The NCTC process review examines the processes that the NCTC has put in place to control access and train personnel with regard to its limited Section 702 minimization procedures The FBI annual process review surveys the systems FBI uses to receive verify and route PRISM collection The NSD and ODNI also conduct ad hoc reviews related to newly developed or modified systems that the agencies plan to use to target non-U S persons under Section 702 or acquire retain or disseminate Section 702-acquired information 337 These ad hoc system reviews are intended to identify existing compliance issues prevent future compliance incidents from occurring and ensure that systems are designed in a manner that facilitates subsequent oversight of their use C NSD ODNI Incident Investigation Reporting and Related Activities Whether initially discovered via an NSD ODNI review an internal agency compliance review or by self-reporting Section 702 and the FISC's own rules of procedure require the NSD to report compliance incidents by the Intelligence Community or electronic communication service providers to the Congressional Committees and to the 332 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 8 333 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 8 334 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 8 335 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 8 336 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 10 n 6 337 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 11 73 FISC 338 Specifically the FISA Amendments Act requires the Attorney General to report every incident of noncompliance to the Congressional Committees in a semiannual report 339 Pursuant to FISC Rule of Procedure 13 b all compliance incidents must be reported to the FISC in either an immediate notice or for less significant incidents in a quarterly report 340 Rule 13 b states that such reports must include a description of the incident of noncompliance the facts and circumstances related to the incident any modifications that will be made in how the government is using the authority in light of the incident and a description of how the government will handle any information obtained as a result of the incident 341 In addition but separately the Attorney General and Director of National Intelligence must semiannually jointly conduct an assessment regarding the agencies' compliance with their targeting procedures minimization procedures and the Attorney General Guidelines 342 This semiannual assessment must be provided to the Congressional Committees and to the FISC 343 To date four of the semiannual assessments have been partially declassified and are publicly available 344 To meet these various reporting obligations a team of NSD and ODNI personnel review incident reports request additional information and when necessary further investigate potential incidents of noncompliance 345 These inquiries and investigations entail frequent interaction with counterparts in the internal agency compliance programs discussed above In addition to resolving individual compliance matters the NSD and ODNI team lead weekly calls and bimonthly meetings with representatives from the NSA CIA and FBI to discuss among other things compliance trends and incidents that affect multiple agencies 346 338 See 50 U S C 1881f b 1 G FISC Rule of Procedure 13 b 339 50 U S C 1881f b 1 G See MAY 2010 SEMIANNUAL ASSESSMENT supra at 22 discussing requirements under Rule 10 c the predecessor to Rule 13 b in the prior set of FISC Rules of Procedure NSA DCLPO REPORT supra at 3 discussing individual notices and quarterly reports 340 341 FISC Rule of Procedure 13 b 342 50 U S C 1881a l 1 343 50 U S C 1881a l 1 See SEMIANNUAL ASSESSMENT OF COMPLIANCE WITH PROCEDURES AND GUIDELINES ISSUES PURSUANT TO SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE ACT MARCH 2009 available at http www dni gov files documents FAA SAR%20March%202009%20Final%20Release%20with%20Exe mptions pdf SEMIANNUAL ASSESSMENT OF COMPLIANCE WITH PROCEDURES AND GUIDELINES ISSUES PURSUANT TO SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE ACT DECEMBER 2009 available at http www dni gov files documents FAA SAR%20December%202009%20Final%20Release%20with%20 Exemptions pdf May 2010 Semiannual Assessment supra August 2013 Semiannual Assessment supra 344 345 MAY 2010 SEMIANNUAL ASSESSMENT supra at 22 346 See generally AUGUST 2013 SEMIANNUAL REPORT supra at 11 discussing bimonthly meetings 74 Some of the results of the NSD and ODNI's compliance investigations and reports are discussed below D Inspector General Reports Section 702 also authorizes inspectors general of agencies that acquire data pursuant to Section 702 to conduct reviews of the Section 702 program 347 The inspectors general are authorized to evaluate the agencies compliance with the targeting procedures minimization procedures and Attorney General Guidelines 348 Any such reviews are required to contain an accounting of the number of disseminated reports containing U S person identities the number of instances those identities were unmasked and the number of targets that were subsequently determined to be located in the United States 349 The results of these reviews must be provided to the Attorney General Director of National Intelligence FISC and the Congressional Committees 350 The NSA and DOJ351 Inspectors General have conducted reviews under this provision The reports of these reviews have not been declassified E FISC Oversight The FISC's primary role in Section 702 is to review the Section 702 certifications and corresponding targeting and minimization procedures for compliance with the statute and the Fourth Amendment As is described in detail above the FISC has held that this review of the Section 702 certifications and related documents cannot be made in a vacuum but instead must be made in light of the actual manner in which the government has implemented or plans to implement the Section 702 authorities In addition to filings made by the government to the FISC in support of the certifications the FISC's determinations are informed by the information provided in the NSD's reports of all incidents of noncompliance with the procedures 352 the Attorney General and Director of National Intelligence's semiannual assessment regarding compliance with the procedures 353 the annual reports of agency heads that conduct Section 702 acquisition 354 347 50 U S C 1881a l 2 348 50 U S C 1881a l 2 A 349 50 U S C 1881a l 2 B C 350 50 U S C 1881a l 2 D See Press Release Dept of Justice Office of the Inspector General DOJ OIG Issues Report on Activities Under Section 702 of the FISA Amendments Act Sept 25 2012 available at http www justice gov oig press 2012 2012_09_25 pdf 351 352 FISC Rule of Procedure 13 b 353 50 U S C 1881a l 1 354 50 U S C 1881a l 3 75 and any reports by the inspectors general 355 In reviewing the certifications the FISC also will order the government to respond in writing to questions regarding the conduct of the Section 702 collection program and holds hearings in order to take sworn testimony from government witnesses 356 The FISC's oversight role is not limited to the renewal of Section 702 certifications The government's obligation to report incidents of noncompliance under the FISC's rules is independent of whether any Section 702 certification is currently pending before the court 357 In a letter to Senate Judiciary Committee Chairman Patrick Leahy former FISC Presiding Judge Reggie Walton stated that with respect to all FISA compliance matters to include incidents of noncompliance with the Section 702 program the court may seek additional information issue orders to the government to take specific action to address an incident of noncompliance or if deemed necessary issues orders to the government to cease an action that the court assesses to be non-compliant 358 F Congressional Oversight The Senate Select Committee on Intelligence Senate Committee on the Judiciary House Permanent Select Committee on Intelligence and House Judiciary Committee are the committees that oversee the government's use of FISA information including Section 702 information In passing the FISA Amendments Act Congress mandated that the Attorney General provide these four committees with a semiannual report describing several aspects of the Section 702 program and further provide the committees with the underlying documents that govern the program 359 Among other things this semiannual report must include copies of the reports from any compliance reviews conducted by the DOJ or ODNI a description of any and all incidents of noncompliance by the Intelligence Community or an electronic communications service provider any certifications including targeting and minimization procedures and the directives sent to the electronic communication service providers 360 The semiannual report must also include a description of the FISC's review of the certifications and copies of any order by the FISC or 355 50 U S C 1881a l 2 FISC Rules of Procedure 5 c and 17 Bates October 2011 Opinion supra at 7-10 2011 WL 10945618 at 2-4 examples of filings and hearing described Letter from Presiding Judge Reggie B Walton Foreign Intelligence Surveillance Court to Senator Patrick Leahy Chairman Senate Comm on the Judiciary at 4-6 July 29 2013 Judge Walton Letter describing government submissions related to Section 702 certifications and the types of additional information sought from the government by the FISA court available at http www fisc uscourts gov sites default files Correspondence%20Leahy-1 pdf 356 357 FISC Rule of Procedure 13 b 358 Judge Walton Letter supra at 10-11 359 50 U S C 1881f 360 50 U S C 1881f b 1 76 pleading by the government that contains a significant legal interpretation of Section 702 361 In practice the government provides the four committees all government filings hearing transcripts and FISC orders and opinions related to the court's consideration of the Section 702 certifications In addition the Congressional Committees receive the classified Attorney General and Director of National Intelligence's semiannual assessment regarding compliance with the procedures 362 the annual reports of agency heads that conduct Section 702 acquisition 363 and any reports by the inspectors general 364 In addition to these statutory requirements the agencies may separately and more promptly inform the Congressional Committees of substantial compliance incidents 365 The committees also hold hearings and committee members and staff receive briefings regarding the implementation of the Section 702 program 366 IX Compliance Issues The Section 702 program is a technically complex collection program with detailed rules embodied in the targeting procedures minimization procedures and Attorney General Guidelines regarding targeting acquisition querying retention and dissemination Incidents of noncompliance with these rules have been identified in the course of the oversight conducted by the agencies themselves by the NSD and by the ODNI These internal and external compliance programs have not to date identified any intentional attempts to circumvent or violate the procedures or the statutory requirements 367 but both unintentional incidents of noncompliance and instances where Intelligence Community personnel did not fully understand the requirements of the statute and the procedures have been identified The government calculates a compliance incident rate for the Section 702 program by dividing the number of identified compliance incidents by the average number of selectors on task This incident rate has been substantially below one percent since the 50 U S C 1881f b 1 D Copies of documents related to significant legal interpretations are also produced to Congress pursuant to 50 U S C 1871 361 362 50 U S C 1881a l 1 363 50 U S C 1881a l 3 364 50 U S C 1881a l 2 365 See e g NSA DCLPO REPORT supra at 3 366 See e g S Rep No 112-174 at 2 2012 367 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 23 77 Section 702 program was initiated The most common type of compliance incident that has occurred has involved instances in which the NSA otherwise complied with the targeting and minimization procedures in tasking and detasking a selector but failed to make a report to the NSD and ODNI in the time frame required by the NSA targeting procedures 368 Such notification delays made up over half of the reported incidents in the most recently declassified Attorney General Director of National Intelligence semiannual assessment 369 Two other common reasons compliance incidents occurred have been that 1 the wrong selector was tasked due to a typographical error 370 or 2 a delay in detasking resulted when an analyst detasked some but not all of the Section 702-tasked selectors used by a non-U S person target known to be traveling to the United States 371 Taken together these three errors accounted for almost 75% of the compliance incidents that occurred during the reporting period of the most recently declassified Attorney General Director of National Intelligence semiannual assessment Less common incidents however can have greater privacy implications For example the NSA has reported instances in which the NSA analysts conducted queries of Section 702-acquired data using U S person identifiers without receiving the proper approvals because the analyst either did not realize that the NSA knew the identifier to be used by a U S person or the analyst mistakenly queried Section 702-acquired data after receiving approvals to use a U S person identifier to query other non-Section 702-acquired data 372 In addition to such human errors technical issues can lead to overcollection incidents For example the government has disclosed that technical errors have resulted in delays in detasking selectors found to be used by persons located in the United States 373 The government has also disclosed that both changes in how communications transit the telecommunications system and design flaws in the systems the government uses to acquire such communications can and have resulted in the acquisition of data beyond what was authorized by Section 702 program 374 Such unauthorized collection is required to be purged upon recognition 368 See e g AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 23-24 369 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 26 370 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 33 n 21 371 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 33 372 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 30 373 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 32 AUGUST 2013 SEMIANNUAL ASSESSMENT supra at 31-32 stating that an undisclosed number of incidents involving overcollection as a result of changes in the global telecommunications environment unforeseen consequences of software modifications or system design issues occurred during the reporting period 374 78 Several systemic incidents have also occurred in the government's operation of the Section 702 program As is described above the government's upstream acquisition of multi-communication transactions led to substantial modifications of the NSA minimization procedures and the purging of several years of prior collection In an earlier incident the NSA discovered that its practices for executing purges were substantially incomplete Modifications to better tag track and purge data from the NSA's systems when required were implemented More recently questions raised by the NSD ODNI oversight team led to the discovery that post-tasking checks used to identify indications that a target is located in the United States were incomplete or for some selectors non-existent for over a year After this issue was discovered the relevant systems were modified to correct several errors efforts were made to identify travel to the United States that had been previously missed and corresponding purges were conducted and additional modifications to the agencies' minimization procedures were made to ensure that data acquired while a Section 702 target had traveled to the United States will not be used Since the Section 702 program's inception the compliance programs have also identified two instances of reverse targeting The first instance which was discovered by the NSD ODNI targeting review involved the reverse targeting of a non-U S person located inside the United States in order to acquire foreign intelligence information The second which involved reverse targeting to acquire information about a U S person located outside the United States was identified by NSA oversight personnel The targeting in the first incident resulted in the acquisition of communications that were subsequently purged the targeting in the second incident did not result in any communications being acquired In both incidents the analysts who engaged in the reverse targeting substantially misunderstood the prohibition against reverse targeting Given the centrality of this prohibition to Section 702 targeting these analysts were retrained not only on the reverse targeting prohibition but on other fundamental targeting requirements 79 Part 4 LEGAL ANALYSIS I Overview Part Four is divided into three sections Statutory Analysis Constitutional Analysis and Analysis of Treatment of Non-U S Persons The Statutory Analysis section explains the statutory framework for collection under Section 702 of the Foreign Intelligence Surveillance Act FISA and provides the Board's evaluation of whether PRISM and upstream collection comply with the statute The Constitutional Analysis section details the Board's evaluation of the constitutionality of the program -- examining the warrant requirement and its exceptions and assessing the program's reasonableness under the Fourth Amendment Part Four concludes with a discussion of the treatment of non-U S persons under the program II Statutory Analysis A Establishment of Section 702 As noted in the Board's Report on the Section 215 program FISA was enacted in 1978 to establish a procedure under which the Attorney General could obtain a judicial order authorizing the use of electronic surveillance in the United States for foreign intelligence purposes Its original provisions -- now referred to as traditional FISA -- authorized among other things individualized FISA orders for electronic surveillance relating to a specific person place or communications account or device Over time Congress has enacted legislation bringing additional categories of foreign intelligence gathering within FISA's ambit One of the latest examples of this is the enactment of the FISA Amendments Act of 2008 375 As outlined in Part 3 of this Report the FISA Amendments Act which includes the new Section 702 of FISA replaced the temporary authority of the Protect America Act which in turn was designed to codify part of the President's Surveillance Program The statute was enacted in response to Congress' conclusion that FISA should be amended to provide a separate procedure to facilitate the targeting of persons reasonably believed to be outside the United States to acquire foreign intelligence information 376 This statute was developed during a time of public debate and 375 Pub L No 110-261 122 Stat 2436 2008 376 S Rep No 110-209 at 2 2007 80 concern regarding the intelligence activities undertaken by the government and it was an attempt to put a statutory framework around activities that were currently ongoing 377 As discussed below the government utilizes two collection methods under Section 702 -- PRISM collection and upstream collection which includes acquiring about communications The manner in which collection is effectuated via PRISM and upstream varies therefore the Board has analyzed the statutory compliance of each collection method separately After reviewing the operation of the Section 702 program as a whole and each collection method implemented under Section 702 individually the Board has concluded that PRISM collection is expressly authorized by the statute and that the statute while silent on about upstream collection can permissibly be interpreted as allowing such collection as currently implemented B Collection Under Section 702 1 Statutory Framework for Collection Congress created Section 702 to authorize Foreign Intelligence Surveillance Court FISC or FISA court approval of certifications which authorize the acquisition of broad categories of foreign intelligence information through the targeting of non-U S persons reasonably believed to be located outside the United States 378 A non-U S person is an individual who is neither a citizen nor a lawful permanent resident of the United States As described in detail in Part 3 of this Report the Attorney General and the Director of National Intelligence must submit a certification to and receive an order from the FISA court that permits them to authorize the targeting 379 Under Section 702 the FISC has the authority to review the government's certifications targeting procedures and minimization procedures and the court must approve these certifications and procedures under criteria set forth in the statute The FISC does not review specific selectors380 tasked for collection nor does it review the individual factual basis for expecting that the tasking of a particular selector will result in the acquisition of foreign intelligence information In its review and approval process however the FISC has the authority to do more than a rote check to ensure that the government meets its statutory requirements The FISC's mandate to ensure compliance with the Fourth Amendment is expressly enumerated in the statute and the court has required the government to make changes to its collection under Section 702 in the past on 377 See S Rep No 110-209 at 5 2007 378 See 50 U S C 1881a a g 379 50 U S C 1881a a g i A selector is a unique identifier associated with a particular individual or entity See pages 32-33 of this Report 380 81 this basis 381 Additionally the FISA court has an oversight role the FISC Rules of Procedure impose an ongoing duty on the government to immediately correct any misstatement or omission of material facts that it has provided to the court as well as to disclose any instance in which the government's conduct did not comply with the FISC's authorization or with applicable law 382 On the whole Section 702 provides the public with transparency into the legal framework for collection and publicly outlines the basic structure of the program Use of the words target and targeting allowed Congress to signal the type of collection activity undertaken by the government without detailing operational methods and tactics In addition it is clear from the face of the statute that the government must submit certifications to the FISC as well as implement targeting and minimization procedures that have been approved by the court 2 PRISM Collection The Board concludes that as currently implemented the operation of PRISM collection falls within the framework of the statute Section 702 expressly authorizes the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information As described in Part 3 above under PRISM collection the government acquires communications to and from approved targets using communications selectors that are associated with particular persons Examples of communications selectors include email addresses but not key words 383 The collection of communications to and from a target inevitably returns communications in which non-targets are on the other end some of whom will be U S persons 384 Such incidental collection of communications is not accidental nor is it inadvertent 385 The incidental collection of communications between a U S person and a non-U S person located outside the United States as well as communications of non-U S persons outside the United States that may contain information about U S persons was clearly See Memorandum Opinion Caption Redacted Docket No Redacted 2011 WL 10945618 FISA Ct Oct 3 2011 Bates October 2011 Opinion available at http icontherecord tumblr com post 58944252298 dni-declassifies-intelligence-community-documents 381 United States Foreign Intelligence Surveillance Court Rules of Procedure Rule 13 available at http www uscourts gov uscourts rules FISC2010 pdf 382 Privacy and Civil Liberties Oversight Board Transcript of Public Hearing Regarding the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act at 26 Mar 19 2014 PCLOB March 2014 Hearing Transcript statement of Rajesh De General Counsel NSA available at http www pclob gov Library Meetings-Events 2014-March-19-Public-Hearing 19-March2014_Public_Hearing_Transcript pdf 383 384 PCLOB March 2014 Hearing Transcript supra at 96-97 statement of Robert Litt General Counsel ODNI 385 PCLOB March 2014 Hearing Transcript supra at 96-97 82 contemplated by Congress at the time of drafting The statute prohibits the targeting of U S persons but not the incidental acquisition of communications involving U S persons Further the statute requires the government to adopt procedures that among other things are reasonably designed to minimize not eliminate the acquisition and retention of private information about U S persons consistent with the government's foreign intelligence needs 386 The statute also calls for the Department of Justice and the Intelligence Community to review and report on disseminations of U S person information including cases in which the U S person is not referred to by name 387 The Senate Select Committee on Intelligence has explained the inevitability of such incidental collection and how Congress responded to that inevitability Congress recognized at the time the FISA Amendments Act was enacted that it is simply not possible to collect intelligence on the communications of a party of interest without also collecting information about the people with whom and about whom that party communicates including in some cases non-targeted U S persons Specifically in order to protect the privacy and civil liberties of U S persons Congress mandated that for collection conducted under Section 702 the Attorney General adopt and the FISA Court review and approve procedures that minimize the acquisition retention and dissemination of nonpublicly available information concerning unconsenting U S persons 388 Based on the information that the Board has reviewed the government's PRISM collection complies with the structural requirements of the statute As outlined above the government has filed certifications authorizing the acquisition of certain categories of targets with the FISA court and has developed and submitted for FISA court approval targeting and minimization procedures as required by the statute Incidentally collected U S person information is subject to these minimization procedures that set standards for acquisition and retention of information and permit disseminations of U S person information only for a foreign intelligence purpose or when the information is evidence of a crime 389 After a thorough review the Board has concluded that the government generally is complying with the targeting limitations set forth in subsections b 1 through b 4 and has adopted Attorney General guidelines that among other things prohibit reverse 386 See 50 U S C 1801 h 1881a e 387 See 50 U S C 1881a l 2 3 388 S Rep No 112-174 at 8 2012 389 See 50 U S C 1801 h 1881a e 83 targeting Although there have been documented compliance incidents 390 we conclude that overall PRISM collection falls within the framework of the statute 3 Upstream Collection As described above upstream collection constitutes a small percentage of collection under Section 702 To the extent that upstream collection involves acquiring communications to and from targeted persons it fits within the statutory framework in the same way that PRISM collection does Targeting under PRISM and upstream collection work in the same way the mode of collection is different Upstream collection under Section 702 poses an additional question for statutory analysis because as described above in Part 3 the upstream process captures not only communications to and from targeted persons but also other communications that contain reference to the selector of a targeted person -- which are referred to as about communications 391 The statutory language of Section 702 does not expressly permit or prohibit collection of communications about a target The fact that the government engages in such collection is not readily apparent from the face of the statute nor was collection of information about a target addressed in the public debate preceding the enactment of FISA or the subsequent enactment of the FISA Amendments Act Indeed the words target and targeting are not defined in either the original version of FISA or the FISA Amendments Act despite being used throughout the statute Some commenters have questioned whether the collection of such about communications complies with the statute We conclude that Section 702 may permissibly be interpreted to allow about collection as it is currently conducted Collection of about communications occurs only in upstream collection not in PRISM 392 Unlike PRISM collection upstream collection acquires Internet transactions meaning packets of data that traverse the Internet directly from the Internet backbone 393 Utilizing this method the government is able to capture communications that contain an approved selector no matter where it appears in the communication -- whether in the to or from lines of an email for instance or in the body of the email As discussed in Part 3 above there are technical reasons why about collection is needed to acquire even some communications that are to and from a target Some other 390 See pages 77-79 of this Report 391 PCLOB March 2014 Hearing Transcript supra at 26 392 PCLOB March 2014 Hearing Transcript supra at 63 PCLOB March 2014 Hearing Transcript supra at 26 Bates October 2011 Opinion supra at 27-28 n 23 2011 WL 10945618 at 9 n 23 393 84 types of about communications also involve Internet activity of the actual target For some communications the NSA's collection devices are not able to distinguish between communications that are actually to or from a target and those in which the selector is found in the body or a communication nor can they distinguish among the different types of about communications Thus under current technology and program design in order to avoid significant gaps in upstream collection coverage about collection is largely a technical inevitability 394 As a result if the selector is contained within the body of a communication about collection may result in the acquisition of communications between two non-targets In some such instances both of the individuals who are parties to the communication could be U S persons or persons located within the United States This occurs because the current state of technology renders the government unable to determine with certainty the location of all communicants at the time of acquisition In addition upstream collection leads to the acquisition of multi-communication transactions MCTs 395 As explained in Part 3 above MCTs that contain a communication to from or about a target may be embedded within communications that are between U S persons or persons located within the United States and the government has not been able to design a filter that would acquire only the single discrete communications within transactions that contain a selector Thus due to the inclusion of about collection and the collection of MCTs there is a greater risk that the NSA will acquire purely domestic communications through upstream collection than through PRISM This risk is mitigated to some extent by the fact that through the upstream process Internet transactions are first filtered to help eliminate potential domestic transactions before they are screened to determine whether a transaction contains a tasked selector Further NSA's minimization procedures include more stringent safeguards for upstream data than they do for PRISM data In particular the NSA the only agency that conducts upstream collection and the only agency that has access to unminimized results of upstream collection is not permitted to use U S person identifiers in conducting queries of the upstream data In addition the retention period for As a general rule in conducting traditional wiretaps the government has been permitted to access a trunk line if it has no reasonable physical access to a particular line or device subject to strict limits on retention and use of non-targeted communications 394 The acquisition of MCTs through the upstream collection process and the minimization procedures adopted to address the specific challenges posed by acquisition of MCTs are described in detail in Part 3 of this Report The constitutional and policy questions raised by the collection of MCTs are addressed in those respective sections of this Report 395 85 Internet communications collected through upstream is two years as opposed to the NSA's five-year retention period for data collected in PRISM 396 Given the lack of any textual prohibition as well as the present technical necessity of capturing about communications in certain circumstances as part of the upstream collection process we conclude that the inclusion of about collection under the current operation of the program is a permissible reading of the statute III Constitutional Analysis Evaluating the constitutionality of the Section 702 program poses unique challenges Unlike the typical Fourth Amendment inquiry where the legitimacy of a particular search or seizure is judged in light of the particular circumstances of that case 397 evaluating the government's implementation of Section 702 requires assessing a complex surveillance program -- one that entails many separate decisions to monitor large numbers of individuals resulting in the annual collection of hundreds of millions of communications of different types obtained through a variety of methods pursuant to multiple foreign intelligence imperatives and involving four intelligence agencies that each have their own rules governing how they may handle and use the communications that are acquired 398 Further complicating the analysis the constitutional interests at stake are not those of the persons targeted for surveillance under Section 702 all of whom lack Fourth Amendment rights because they are foreigners located outside of the United States 399 Minimization Procedures used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence Information Pursuant to Section 702 of the Foreign Intelligence Surveillance Act of 1978 as Amended 3 c Oct 31 2011 NSA 2011 Minimization Procedures 396 397 Scott v United States 436 U S 128 137 1978 Most programs of searches or seizures that have been evaluated under the Fourth Amendment have involved uniform practices that advanced a single government interest through standardized means that intruded upon the privacy interests of each person affected in the same manner See e g Vernonia Sch Dist 47J v Acton 515 U S 646 1995 drug testing of student athletes Michigan Dep't of State Police v Sitz 496 U S 444 1990 highway sobriety checkpoints Courts also sometimes undertake programmatic assessments in response to statutory facial challenges where they evaluate the constitutionality of a statute without factual development centered around a particular application In re Directives Pursuant to Section 105B of Foreign Intelligence Surveillance Act 551 F 3d 1004 1009 FISA Ct Rev 2008 citing Wash State Grange v Wash State Repub Party 128 S Ct 1184 1190 2008 Here however the Board has not asked whether Section 702 is valid on its face -- a question that would be answered by deciding whether any application of the statute passed constitutional muster Id at 1009-10 Instead it has asked whether this specific application of the statute -- the program as it is conducted today -- is consistent with the Constitution Id at 1010 398 See United States v Verdugo-Urquidez 494 U S 259 274-75 1990 holding that the Fourth Amendment has no application to a physical search in a foreign country of the residence of a citizen of that country who has no voluntary attachment to the United States 399 86 Instead the relevant Fourth Amendment interests are those of the U S persons whose communications may be acquired despite not themselves having been targeted for surveillance 400 Although U S persons and other persons in the United States may not be targeted under Section 702 operation of the program nevertheless results in the government acquiring some telephone and Internet communications involving U S persons potentially in large numbers As explained above this acquisition can occur in four main situations 1 A U S person communicates by telephone or Internet with a foreigner located abroad who has been targeted The government refers to this as incidental collection 2 A U S person sends or receives an Internet communication that is routed internationally and that includes a reference to a selector such as an email address used by a foreigner who has been targeted The government refers to this as about collection 401 3 A U S person sends or receives an Internet communication that is embedded within the same transaction as a different communication that meets the requirements for acquisition because it is to or from a targeted foreigner or includes a reference to the communications identifier of a targeted foreigner The government refers to these transactions containing more than one separate communication as multiplecommunication transactions or MCTs 402 4 A U S person's communications are acquired by mistake due to a targeting error an implementation error or a technological malfunction The government refers to this as inadvertent collection Any Fourth Amendment assessment of the Section 702 program must take into account the cumulative privacy intrusions and risks of all four categories above together with the limits and protections built into the program that mitigate them 403 In addition to U S persons foreign citizens temporarily and voluntarily present within the United States likely possess Fourth Amendment rights See Verdugo-Urquidez 494 U S at 278 Kennedy J concurring 400 401 See pages 37-39 of this Report for an explanation of about collection 402 See pages 39-41 of this Report for a discussion of MCTs Apart from these four categories there is of course a risk that government personnel could deliberately misuse the Section 702 program to target a U S person for surveillance Doing so would be grounds for professional sanction and possibly criminal prosecution however and auditing procedures are in place to deter such wrongdoing Every targeting decision made by an analyst is recorded and reviewed both by supervisors within the NSA and also by a joint oversight team from the Department of Justice and Office of 403 87 After analyzing these factors the Board finds that the core of this program -- acquiring the communications of specifically targeted foreign persons who are located outside the United States upon a belief that those persons are likely to communicate foreign intelligence using specific communications identifiers subject to FISA court- approved targeting rules that have proven to be accurate in targeting persons outside the United States and subject to multiple layers of rigorous oversight -- fits within the totality of the circumstances test for reasonableness as it has been defined by the courts to date Outside of this fundamental core certain aspects of the Section 702 program push the entire program close to the line of constitutional reasonableness Such aspects include the scope of the incidental collection of U S persons' communications the use of about collection to acquire Internet communications that are neither to nor from the target of surveillance and the use of queries to search the information collected under the program for the communications of specific U S persons With these concerns in mind this Report offers a set of policy proposals designed to push the program more comfortably into the sphere of reasonableness ensuring that the program remains tied to its constitutionally legitimate core A Privacy in Telephone and Internet Communications The Fourth Amendment protects the right of the people to be secure in their persons houses papers and effects It thus prohibits unreasonable searches and seizures by the government and it specifies that a warrant authorizing a search or seizure may issue only upon probable cause supported by Oath or affirmation and particularly describing the place to be searched and the persons or things to be seized 404 A search occurs not only where the government intrudes on a person's tangible private property to obtain information but also where the government violates a subjective expectation of privacy that society recognizes as reasonable 405 Because individuals who are protected by the Constitution have a reasonable expectation of privacy in their telephone conversations it has long been the rule that wiretapping conducted within the United States for criminal or other domestic purposes is presumptively unreasonable under the Fourth Amendment unless the government has obtained a warrant based on probable cause 406 While the Supreme Court has not expressly the Director of National Intelligence To date there are no known instances in which government personnel deliberately violated the statute targeting procedures or minimization procedures There have however been instances in which analysts have made mistakes of law including two instances of reverse targeting See page 79 of this Report 404 U S Const amend IV Kyllo v United States 533 U S 27 33 2001 citing Katz v United States 389 U S 347 361 1967 Harlan J concurring see United States v Jones 132 S Ct 945 949-50 2012 405 406 Katz 389 U S at 352-59 see Arizona v Gant 556 U S 332 338 2009 88 ruled on the extent of Fourth Amendment protection for Internet communications lower courts have concluded that emails are functionally analogous to mailed letters and that therefore their contents cannot be examined by the government without a warrant 407 The same may be true for other similarly private forms of Internet communication although this question awaits further development by the courts B Foreign Intelligence Exception to the Warrant Requirement Under the authority of Section 702 the government collects telephone and Internet communications without obtaining individual judicial warrants for the specific people it targets Decisions about which telephone and Internet communications to collect are made by executive branch personnel without court review While the FISC plays a role in overseeing the categories of foreign intelligence the government seeks the procedures it employs and its adherence to statutory and constitutional limits the court has no part in approving individual targeting decisions Although as a general matter warrantless searches are per se unreasonable under the Fourth Amendment there are a few specifically established and well-delineated exceptions to that general rule 408 And while wiretapping and other forms of domestic electronic surveillance generally require a warrant the Supreme Court has left open the question of whether safeguards other than prior authorization by a magistrate would satisfy the Fourth Amendment in a situation involving the national security and the activities of foreign powers 409 In other words there may be a foreign intelligence exception to the warrant requirement permitting the executive branch to conduct wiretapping and other forms of electronic surveillance without judicial approval The Supreme Court has not decided whether such an exception exists in part because the 1978 enactment of the Foreign Intelligence Surveillance Act FISA forestalled the question the Act established a framework for foreign intelligence surveillance under which the executive branch obtains See United States v Warshak 631 F 3d 266 285-86 6th Cir 2010 stating that g iven the fundamental similarities between email and traditional forms of communication it would defy common sense to afford emails lesser Fourth Amendment protection and holding that government agents must obtain a warrant based on probable cause before compelling an Internet service provider to turn over the contents of a subscriber's emails United States v Maxwell 45 M J 406 418 C A A F 1996 holding that the transmitter of an e-mail message enjoys a reasonable expectation that police officials will not intercept the transmission without probable cause and a search warrant Bates October 2011 Opinion supra at 73-74 2011 WL 10945618 at 26 A person's 'papers' are among the four items that are specifically listed in the Fourth Amendment as subject to protection against unreasonable search and seizure Whether they are transmitted by letter telephone or e-mail a person's private communications are akin to personal papers 407 City of Ontario Cal v Quon 560 U S 746 760 2010 quoting Katz 389 U S at 357 internal quotation marks omitted 408 Katz 389 U S at 358 n 23 United States v U S Dist Court for E Dist of Mich S Div 407 U S 297 308 1972 Keith 409 89 warrant-like orders from the FISA court before engaging in surveillance that falls within the ambit of the statute 410 While the Supreme Court has not spoken lower courts evaluating surveillance conducted before the enactment of FISA addressed the existence of a foreign intelligence exception and every court to decide the question recognized such an exception 411 More recently the Foreign Intelligence Surveillance Court of Review concluded that a foreign intelligence exception permitted warrantless surveillance directed at a foreign power or an agent of a foreign power -- which could include U S citizens -- under the Protect America Act a predecessor to Section 702 412 This precedent does not neatly resolve all questions about the existence and scope of a foreign intelligence exception to the warrant requirement 413 The Board takes no position here on the existence or scope of that exception We note that the program's intrusion on U S persons' privacy is reduced by its focus on targeting individually selected foreigners located outside the United States from whom the government reasonably See 50 U S C 1801-1812 In re Terrorist Bombings of U S Embassies in E Africa 552 F 3d 157 161 2d Cir 2008 410 See United States v Truong Dinh Hung 629 F 2d 908 913 4th Cir 1980 United States v Buck 548 F 2d 871 875 9th Cir 1977 United States v Butenko 494 F 2d 593 605 3d Cir 1974 United States v Brown 484 F 2d 418 426 5th Cir 1973 but see Zweibon v Mitchell 516 F 2d 594 618-20 D C Cir 1975 411 It is not necessarily clear that the Section 702 program would fall within the scope of the foreign intelligence exception recognized by these decisions which were limited to surveillance directly authorized by the Attorney General targeting foreign powers or their agents and or pursuing foreign intelligence as the primary or sole purpose of the surveillance See Truong Dinh Hung 629 F 2d at 912-16 approving surveillance authorized by Attorney General only if the executive is attempting primarily to obtain foreign intelligence from foreign powers or their assistants Buck 548 F 2d at 875 approving surveillance expressly authorized by the Attorney General Butenko 494 F 2d at 596 606 approving surveillance concerning activities within the United States of foreign powers where the primary purpose of these searches is to secure foreign intelligence information Brown 484 F 2d at 421 approving electronic surveillance authorized by the Attorney General and made solely for the purpose of gathering foreign intelligence Under Section 702 targets are selected by NSA personnel without Attorney General approval and they need not be foreign powers or their agents foreign intelligence need only be a significant purpose of the surveillance See 50 U S C 1881a a g 2 A v Critically however Section 702 targets cannot be U S persons or anyone located in the United States Moreover limits expressed in pre-FISA opinions addressing the president's inherent and unilateral constitutional power to conduct foreign intelligence surveillance do not necessarily apply to executive implementation of a congressionally enacted statute that involves oversight by all three branches of government See United States v Abu-Jihaad 630 F 3d 102 121 2d Cir 2010 412 See In re Directives 551 F 3d at 1010-12 Apart from the distinctions noted above nearly all of the relevant decisions predated the implementation of FISA's surveillance framework beginning in 1978 and experience with FISA and the FISA court since then arguably undermines some of the rationales underlying the foreign intelligence exception such as the fear that a warrant requirement will unduly reduce the flexibility of executive foreign intelligence initiatives and that the judiciary is ill-suited to address the delicate and complex decisions that lie behind foreign intelligence surveillance Truong Dinh Hung 629 F 2d at 913 413 90 expects to obtain foreign intelligence -- and by the government's employment of oversight mechanisms to help ensure adherence to those limitations Unlike the warrantless surveillance of the pre-FISA era U S persons and others in the United States cannot be targeted under this program and therefore the government never will be permitted to collect and retain their entire communications history 414 Instead the government will have access only to those scattered communications that occur between a U S person and a targeted overseas foreigner or that are acquired through about collection or as part of an MCT which are subject to special limitations on retention and use Moreover the fact that the people targeted under Section 702 are situated in foreign countries may often make it difficult and time-consuming for the government to assemble documentation about them sufficient to obtain independent judicial approval for surveillance -- while those targets' lack of Fourth Amendment rights militates against any legal obligation to obtain such approval or to strictly limit targeting to foreign powers and their agents C The Reasonableness Framework Even if a warrant is not required a search is not beyond Fourth Amendment scrutiny for it must be reasonable in its scope and manner of execution 415 Thus even though the foreign intelligence exception applies in a given case governmental action intruding on individual privacy interests must comport with the Fourth Amendment's reasonableness requirement 416 The absence of a warrant requirement simply means that rather than employing a per se rule of unreasonableness privacy concerns and governmental interests must be balanced to determine if the intrusion is reasonable 417 Whether a search is reasonable therefore is determined by assessing on the one hand the degree to which it intrudes upon an individual's privacy and on the other the degree to which it is needed for the promotion of legitimate governmental interests 418 Making this determination requires considering the totality of the circumstances 419 Applying this test to a program of intelligence gathering demands sensitivity both to the government's right to protect itself from unlawful subversion and attack and to the If a U S person or someone located in the United States is inadvertently targeted based on an erroneous belief about that person's nationality or location all of the communications acquired through that targeting must be destroyed unless for example the Director or Acting Director of the NSA specifically determines in writing that an individual communication should be retained because it satisfies one of four criteria See pages 49-50 of this Report 414 415 Maryland v King 133 S Ct 1958 1970 2013 416 In re Directives 551 F 3d at 1012 citing United States v Place 462 U S 696 703 1983 417 King 133 S Ct at 1970 quoting Illinois v McArthur 531 U S 326 331 2001 418 Samson v California 547 U S 843 848 2006 internal quotation marks omitted 419 Samson 547 U S at 848 91 citizen's right to be secure in his privacy against unreasonable government intrusion 420 When considering surveillance directed at national security threats particularly those of a foreign nature it is appropriate to begin the inquiry by noting that the President of the United States has the fundamental duty under Art II s 1 of the Constitution to 'preserve protect and defend the Constitution of the United States ' and that i mplicit in that duty is the power to protect our government against those who would subvert or overthrow it by unlawful means 421 More broadly the government's interest in protecting national security is of the highest order of magnitude 422 Additional consideration is due to the fact that the executive branch acting under Section 702 is not exercising its Article II power unilaterally but rather is implementing a statutory scheme enacted by Congress after public deliberation regarding the proper balance between the imperatives of privacy and national security By establishing a statutory framework for surveillance conducted within the United States but exclusively targeting overseas foreigners subject to certain limits and oversight mechanisms Congress sought to accommodate and advance both the government's interest in pursuing legitimate intelligence activity and the individual's interest in freedom from improper government intrusion 423 The framework of Section 702 moreover includes a role for the judiciary in ensuring compliance with statutory and constitutional limits albeit a more circumscribed role than the approval of individual surveillance requests Where as here the powers of all three branches of government -- in short the whole of federal authority -- are involved in establishing and monitoring the parameters of an intelligence-gathering activity the Fourth Amendment calls for a different calculus than when the executive branch acts alone 424 Furthermore the hostile activities of terrorist organizations and other foreign entities are prone to being geographically dispersed long-term in their planning conducted in foreign languages or in code and coordinated in large part from locations outside the reach of the United States Accordingly complex wide-ranging and 420 Keith 407 U S at 299 addressing intelligence gathering aimed at domestic national security threats 421 Keith 407 U S at 310 In re Directives 551 F 3d at 1012 citing Haig v Agee 453 U S 280 307 1981 see Keith 407 U S at 312 It has been said that ' t he most basic function of any government is to provide for the security of the individual and of his property ' citation omitted 422 423 United States v Cavanagh 807 F 2d 787 789 9th Cir 1987 addressing traditional FISA Abu-Jihaad 630 F 3d at 121 addressing traditional FISA cf Youngstown Sheet Tube Co v Sawyer 343 U S 579 635-38 1952 Jackson J concurring 424 92 decentralized organizations such as al Qaeda warrant sustained and intense monitoring in order to understand their features and identify their members 425 On the other side of the coin the acquisition of private communications intrudes on Fourth Amendment interests Even though U S persons and persons located in the United States are subject to having their telephone conversations collected only when they communicate with a targeted foreigner located abroad the program nevertheless gains access to numerous personal conversations of U S persons that were carried on under an expectation of privacy Email communications to and from U S persons which the FISA court has said are akin to papers protected under the Fourth Amendment 426 are also subject to collection in a variety of circumstances Digital tools enable the government to query the repository of collected communications to locate communications involving a given person in search of foreign intelligence or evidence of a crime 427 D Holistic Assessment of Reasonableness As discussed elsewhere in this Report the Board believes that the Section 702 program significantly aids the government's efforts to prevent terrorism as well as to combat weapons proliferation and gather foreign intelligence for other purposes The question then is how the program's intrusion on the privacy of U S persons weighs against its substantial contribution to these governmental interests 428 This evaluation must consider the program as a whole -- taking into account how and why the communications of U S persons are acquired and what is done with them afterward Thus the privacy risks posed by the comparatively broad scope of targeting under this program and the absence of individual warrants must be offset by the applicable rules restricting the acquisition use dissemination and retention of the communications that are acquired In this regard we must consider whether practices that permit use of U S 425 In re Terrorist Bombings 552 F 3d at 175 citing In re Sealed Case 310 F 3d 717 740-41 FISA Ct Rev 2002 See Bates October 2011 Opinion supra at 74 2011 WL 10945618 at 26 T he Supreme Court has held that the parties to telephone communications and the senders and recipients of written communications generally have a reasonable expectation of privacy in the contents of those communications The intrusion resulting from the interception of the contents of electronic communications is generally speaking no less substantial Since the nineteenth century in order to protect the security of personal papers and effects the Supreme Court has held that the government cannot engage in a warrantless search of the contents of sealed mail Ex parte Jackson 96 U S 727 733 1877 Letters in the mail are as fully guarded from examination and inspection except as to their outward form and weight as if they were retained by the parties forwarding them in their own domiciles The Sixth Circuit Court of Appeals has held that email enjoys constitutional protection no less than physical letters Warshak 631 F 3d at 284-86 426 427 See pages 55-60 of this Report for a description of the rules and procedures governing queries 428 See Samson 547 U S at 848 93 persons' communications after their collection are appropriate given the less rigorous rules on targeting that permitted their acquisition This holistic approach is consistent with available precedent When evaluating governmental policies authorizing warrantless searches or seizures the Supreme Court has indicated that limits on the uses to which the collected information may be put and on access to that information bear on the policy's reasonableness under the Fourth Amendment 429 Lower courts addressing the traditional FISA process have similarly noted that despite its somewhat more lenient requirements compared with traditional criminal wiretaps it safeguards privacy rights through an expanded conception of minimization that differs from that which governs law-enforcement surveillance 430 The Foreign Intelligence Surveillance Court of Review addressing a surveillance program with similarities to Section 702 emphasized the matrix of safeguards governing the program including effective minimization procedures that serve d as an additional backstop against identification errors as well as a means of reducing the impact of incidental intrusions into the privacy of non-targeted United States persons 431 The FISA court has applied this approach to Section 702 having recognized that the procedures governing retention use and dissemination bear on the reasonableness under the Fourth Amendment of a program for collecting foreign intelligence information 432 The government has acknowledged that the Fourth Amendment rights of U S persons are affected when their communications are acquired under Section 702 incidentally or otherwise and it has echoed the FISA court's observation that the implementation of adequate minimization procedures is part of what makes the collection reasonable 433 See e g King 133 S Ct at 1967 in approving collection of DNA information from arrestees ascribing significance to restrictions on the information that may be added to databases and for what purposes it may be used Vernonia 515 U S at 658 emphasizing that the results of the drug tests for student athletes are disclosed only to a limited class of school personnel who have a need to know and they are not turned over to law enforcement authorities or used for any internal disciplinary function 429 430 United States v Belfield 692 F 2d 141 148 D C Cir 1982 citation omitted 431 In re Directives 551 F 3d at 1013 1015 See Bates October 2011 Opinion supra at 77 2011 WL 10945618 at 27 Exemplifying this approach when the FISA court concluded that the upstream portion of the program was unreasonably acquiring too many domestic and irrelevant communications through the collection of MCTs it declared that portion of the program to violate the Fourth Amendment but it later concluded that the program had returned within constitutional bounds after new procedures were adopted to specially handle those communications See id at 68-79 2011 WL 10945618 at 24-28 see also Memorandum Opinion Caption Redacted Docket No Redacted 2011 WL 10947772 FISA Ct Nov 30 2011 available at http icontherecord tumblr com post 58944252298 dni-declassifies-intelligence-community-documents 432 See PCLOB March 2014 Hearing Transcript supra at 15 statement of Brad Wiegmann Deputy Assistant Attorney General National Security Division DOJ That's not to say that U S persons whose communications are collected incidentally doesn't trigger a Fourth Amendment review It does Those people 433 94 An important ramification of this holistic approach is that concerns about postcollection practices such as the use of queries to search for the communications of specific U S persons cannot be dismissed on the basis that the communications were lawfully collected Rather whether Section 702 collection is constitutionally reasonable in the first place and hence lawful depends on the reasonableness of the surveillance regime as a whole including whether its rules affecting the acquisition use dissemination and retention of the communications of U S persons appropriately balance the government's valid interests with the privacy of U S persons This totality of the circumstances test is applicable when examining the implications of incidental collection Where a wiretap is conducted in a criminal investigation pursuant to a warrant satisfaction of the three requirements of the warrant clause probable cause particularity and prior judicial review 434 renders the wiretap constitutionally reasonable -- both as to the intended subjects of the surveillance and as to any persons who end up being incidentally overheard the full range of whom the government can never predict 435 Likewise under Title I of FISA the government obtains warrant-like orders from the FISA court that require a modified form of particularity and probable cause 436 Just as the requirements of judicial review probable cause and particularity render a wiretap constitutionally reasonable in the criminal context even as to individuals about whom the government had no prior evidence so the corresponding protections of Title I of FISA render it reasonable under the Fourth Amendment courts have held 437 However where surveillance is undertaken without individual warrants or judicial orders as under Section 702 and where the warrant requirements therefore are not satisfied the legitimacy of the surveillance must be assessed under the reasonableness standard of the Fourth Amendment as described above weighing the competing privacy still have Fourth Amendment rights but what the FISA court has said is that the minimization procedures that are in place render that collection reasonable from a Fourth Amendment perspective see also Government's Unclassified Memorandum in Opposition to Defendants' Motion to Suppress at 62 United States v Muhtorov No 12-0033 D Colo May 9 2014 arguing that the Section 702 program's targeting and minimization rules contribute to its reasonableness under the Fourth Amendment 434 Dalia v United States 441 U S 238 255 1979 listing the requirements of a search warrant See United States v Donovan 429 U S 413 427 n 15 1977 United States v Kahn 415 U S 143 155 n 15 1974 United States v Gaines 639 F 3d 423 429-33 8th Cir 2011 United States v Urban 404 F 3d 754 773-74 3d Cir 2005 United States v Tehfe 722 F 2d 1114 1118 3d Cir 1983 United States v Ramsey 503 F 2d 524 526 n 7 7th Cir 1974 Of course even a validly authorized wiretap or other search can be executed in a constitutionally unreasonable manner 435 436 See In re Sealed Case 310 F 3d at 739-40 See e g United States v Stewart 590 F 3d 93 129 2d Cir 2009 In re Sealed Case 310 F 3d at 741 United States v Pelton 835 F 2d 1067 1075 4th Cir 1987 Cavanagh 807 F 2d at 789-91 United States v Duggan 743 F 2d 59 79-80 n 7 2d Cir 1984 437 95 and governmental interests while taking into account the totality of circumstances Thus even where only foreigners outside the United States are targeted the nature of the collection and use of some communications involving a U S person bears on the constitutional reasonableness of the program Simply put the totality of the circumstances that must be considered under the Fourth Amendment in this context may include factors such as why U S persons' communications are acquired the frequency with which they are acquired how long they may be retained who is given access to them whether and how the government may query them for information about specific U S persons under what circumstances they may be disseminated and what degree of oversight attends to these matters For instance given the comparatively low standards for collection of information under Section 702 standards for querying the collected data to find the communications of specific U S persons may need to be more rigorous than where higher standards are required at the collection stage Applying this holistic inquiry to the Section 702 program therefore requires examining a web of factors bearing on the collection use dissemination and retention of the communications of U S persons under the program Pulling one of the threads of this web in a more or less privacy-protective direction alters the total picture The ultimate Fourth Amendment assessment rests on an appraisal of the point at which any particular feature of the program or any particular combination of features goes too far and pushes the program across the threshold of unreasonableness In the Board's view the core of this program -- acquiring the communications of specifically targeted foreign persons who are located outside the United States upon a belief that those persons are likely to communicate foreign intelligence using specific communications identifiers subject to FISA court-approved targeting rules that have proven to be accurate in targeting persons outside the United States and subject to multiple layers of rigorous oversight -- fits within the totality of the circumstances test for reasonableness as it has been defined by the courts to date Outside of this fundamental core certain aspects of the Section 702 program raise questions about whether its impact on U S persons pushes the program over the edge into constitutional unreasonableness Such aspects include the scope of the incidental collection of U S persons' communications the use of about collection to acquire Internet communications that are neither to nor from the target of surveillance the collection of MCTs that predictably will include U S persons' Internet communications unrelated to the purpose of the surveillance the use of database queries to search the information collected under the program for the communications of specific U S persons and the possible use of 96 communications acquired under the program for criminal assessments investigations or proceedings that have no relationship to foreign intelligence 438 These features of the Section 702 program and their cumulative potential effects on the privacy of U S persons push the entire program close to the line of constitutional reasonableness At the very least too much expansion in the collection of U S persons' communications or the uses to which those communications are put may push the program over the line The response if any feature tips the program over the line is not to discard the entire program instead it is to address that specific feature With these concerns in mind the next section of this Report offers a set of proposals designed to push the program more comfortably into the sphere of reasonableness ensuring that the program remains tied to its constitutionally legitimate core Because the same factors that bear on Fourth Amendment reasonableness under a totality of the circumstances test are equally relevant to an assessment based purely on policy the Board opts to present its proposals for changes to the Section 702 program as policy recommendations without rendering a judgment about which if any of those proposals might be necessary from a constitutional perspective This approach is fitting because some of the facts that may bear on the reasonableness of the Section 702 program under the Fourth Amendment such as how many U S persons' communications and domestic communications are acquired simply are not known It also permits us to offer the recommendations that we believe are merited on privacy grounds without making finetuned determinations about whether any aspect of the status quo is constitutionally fatal and without limiting our recommendations to changes that we may deem constitutionally required In sum the Board has carefully considered the totality of the circumstances surrounding the Section 702 program that must be considered in assessing the program's reasonableness under the Fourth Amendment but rather than render a judgment about the constitutionality of the program as a whole the Board instead has addressed the areas of concern it has identified by formulating recommendations for changes to those aspects of the program Anecdotally the FBI has advised the Board that it is extremely unlikely that an agent or analyst who is conducting an assessment of a non-national security crime would get a responsive result from the query against the Section 702-acquired data 438 97 IV Analysis of Treatment of Non-U S Persons The treatment of non-U S persons under U S surveillance programs raises important but difficult legal and policy questions Privacy is a human right that has been recognized most prominently in the International Covenant on Civil and Political Rights ICCPR an international treaty ratified by the U S Senate Many of the generally applicable protections that already exist under U S surveillance laws apply to U S and nonU S persons alike The President's recent initiative under Presidential Policy Directive 28 on Signals Intelligence PPD-28 439 will further address the extent to which non-U S persons should be afforded the same protections as U S persons under U S surveillance laws Because PPD-28 invites the PCLOB to be involved in its implementation the Board has concluded that it can make its most productive contribution in assessing these issues in the context of the PPD-28 review process A Existing Legal Protections for Non-U S Persons' Privacy A number of provisions of Section 702 as well as provisions in other U S surveillance laws protect the privacy of U S and non-U S persons alike These protections can be found for example in 1 limitations on the scope of authorized surveillance under Section 702 2 damages and other civil remedies that are available to subjects of unauthorized surveillance as well as sanctions that can be imposed on government employees who engage in such conduct and 3 prohibitions on unauthorized secondary use and disclosure of information acquired pursuant to the Section 702 program These sources of statutory privacy protections are discussed briefly The first important privacy protection provided to non-U S persons is the statutory limitation on the scope of Section 702 surveillance which requires that targeting be conducted only for purposes of collecting foreign intelligence information 440 The definition of foreign intelligence information purposes is limited to protecting against actual or potential attacks protecting against international terrorism and proliferation of weapons of mass destruction conducting counter-intelligence and collecting information with respect to a foreign power or foreign territory that concerns U S national defense or foreign affairs 441 Further limitations are imposed by the required certifications identifying the specific categories of foreign intelligence information which are reviewed and Presidential Policy Directive -- Signals Intelligence Activities Policy Directive 28 2014 WL 187435 Jan 17 2014 PPD-28 available at http www whitehouse gov the-pressoffice 2014 01 17 presidential-policy-directive-signals-intelligence-activities 439 440 50 U S C 1881a a 441 50 U S C 1801 e 98 approved by the FISC 442 These limitations do not permit unrestricted collection of information about foreigners The second group of statutory privacy protections for non-U S persons are the penalties that apply to government employees who engage in improper information collection practices -- penalties that apply whether the victim is a U S person or a non-U S person Thus if an intelligence analyst were to use the Section 702 program improperly to acquire information about a non-U S person for example someone with whom he or she may have had a personal relationship he or she could be subject not only to the loss of his or her employment but to criminal prosecution 443 Finally a non-U S person who was a victim of a criminal violation of either FISA or the Wiretap Act could be entitled to civil damages and other remedies 444 In sum if a U S intelligence analyst were to use the Section 702 program to collect information about a non-U S person where it did not both meet the definition of foreign intelligence and relate to one of the certifications approved by the FISA court he or she could face not only the loss of a job but the prospect of a term of imprisonment and civil damage suits The third privacy protection covering non-U S persons is the statutory restriction on improper secondary use found at 50 U S C 1806 under which information acquired from FISA-related electronic surveillance may not be used or disclosed by Federal officers or employees except for lawful purposes 445 Congress included this language to insure that information concerning foreign visitors and other non-U S persons is not used for illegal purposes 446 Thus use of Section 702 collection for the purpose of suppressing or burdening criticism or dissent or for disadvantaging persons based on their ethnicity race gender sexual orientation or religion would violate Section 1806 Further FISA provides special protections in connection with legal proceedings under which an aggrieved person -- a term that includes non-U S persons -- is required to be notified prior to the disclosure or use of any Section 702-related information in any 442 50 U S C 1881a g 2 A v See Bates October 2011 Opinion supra at 17 n 15 2011 WL 10945618 at 6 n 15 criminal penalties of 50 U S C 1809 of the FISA are implicated by Section 702 surveillance that strays beyond the scope of the court's order approving such activities In addition to the extent that Section 702 program surveillance strayed from the certifications approved by the FISA court it would potentially implicate the criminal provisions of the Wiretap Act 18 U S C 2511 1 because the Section 702 surveillance would then lose its safe harbor for authorized FISA activities under Section 2511 2 e of the Wiretap Act 443 See 50 U S C 1810 aggrieved person not limited to U S persons 18 U S C 2520 any person not limited to U S persons see also Suzlon Energy Ltd v Microsoft Corp 671 F 3d 726 728-29 9th Cir 2011 construing the statutory term any person to include non-U S persons 444 445 50 U S C 1806 a incorporated into Section 702 by 50 U S C 1881e a H R Rep No 95-1283 I at 88-90 1978 discussing Section 106 of H R 7308 which became Section 106 of the FISA 446 99 federal or state court 447 The aggrieved person may then move to suppress the evidence on the grounds that it was unlawfully acquired and or was not in conformity with the authorizing Section 702 certification 448 Determinations regarding whether the Section 702 acquisition was lawful and authorized are made by a United States District Court which has the authority to suppress any evidence that was unlawfully obtained or derived 449 Finally as a practical matter non-U S persons also benefit from the access and retention restrictions required by the different agencies' minimization and or targeting procedures While these procedures are legally required only for U S persons the cost and difficulty of identifying and removing U S person information from a large body of data means that typically the entire dataset is handled in compliance with the higher U S person standards B President's Initiative to Protect the Privacy of Non-U S Persons As a matter of international law privacy is a human right that has been recognized most prominently in the ICCPR an international treaty ratified by the U S Senate The question of how to apply the ICCPR right of privacy to national security surveillance however especially surveillance conducted in one country that may affect residents of another country has to this point not been settled among the signatories to the treaty and is the subject of ongoing spirited debate 450 The executive branch is currently engaged in an extensive review of the extent to which as a policy matter the United States should afford all persons regardless of nationality a common baseline level of privacy protections in connection with foreign intelligence surveillance This review began on January 17 of this year when President Obama issued PPD-28 451 in which he directed the review of the treatment of information regarding non-U S persons in connection with its surveillance programs Issues relating to the treatment of non-U S persons in government surveillance programs are by no means limited to the Section 702 program Questions arise in 447 See 50 U S C 1806 c d 448 50 U S C 1806 e 449 50 U S C 1806 f g The United States currently interprets the ICCPR as not applying extra-territorially Nonetheless the Board has received thoughtful comments and testimony arguing to the contrary The Board also notes that in November 2013 the United Nations adopted with United States support a Resolution on The right to privacy in the digital age This resolution includes a provision requesting that the United Nations High Commissioner for Human Rights develop and present a report examining the protection and promotion of the right to privacy in the context of domestic and extraterritorial surveillance and or interception of digital communications and collection of personal data including on a mass scale This report is expected to be presented in August 2014 450 451 PPD-28 supra 100 connection with signals intelligence conducted under other statutes and programs including Executive Order 12333 Under PPD-28 the government has begun to address as a matter of policy the privacy and civil liberties of non-U S persons in connection with the full spectrum of signals intelligence programs conducted by the United States The introduction to that directive notes that signals intelligence activities must take into account that all persons should be treated with dignity and respect regardless of their nationality or wherever they might reside and that all persons have legitimate privacy interests in the handling of their personal information 452 The government is presently in the process of implementing the principles set forth in that directive including the requirement that signals intelligence activities shall be as tailored as feasible 453 PPD-28 sets forth a number of principles that have historically been or will be implemented among them Privacy and civil liberties shall be integral considerations in the planning of U S signals intelligence activities The United States shall not collect signals intelligence for the purpose of suppressing or burdening criticism or dissent or for disadvantaging persons based on their ethnicity race gender sexual orientation or religion Signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions and not for any other purposes 454 Further PPD-28 provides that U S signals intelligence activities must therefore include appropriate safeguards for the personal information of all individuals regardless of the nationality of the individual to whom the information pertains or where that individual resides 455 The Intelligence Community has already begun reviewing various options for implementing PPD-28 and the Board will engage in this process PPD-28 specifically provides for direct PCLOB participation The Privacy and Civil Liberties Oversight Board is encouraged to provide the President with a report that assesses the implementation of any matters contained within this directive that fall within its mandate 456 452 PPD-28 supra 453 PPD-28 supra 3 d 454 PPD-28 supra 3 b 455 PPD-28 supra 4 456 PPD-28 supra 5 b 101 The Board has thus concluded that the optimal way for it to assess the treatment of information of non-U S persons is in the broader context of the PPD-28 review where it can evaluate other surveillance programs along with Section 702 with a view to an integrated approach to foreign subjects of surveillance and the collection of signals intelligence The implementation of PPD-28 may change the way Section 702 is operated and in so doing alleviate some of the concerns that have been voiced about its treatment of non-U S persons 102 Part 5 POLICY ANALYSIS I Introduction In the Board's assessment the Section 702 program has proven valuable in enabling the government to prevent acts of terrorism within the United States and abroad and to pursue other foreign intelligence goals The program has helped the government to learn about the membership and activities of terrorist organizations as well as to discover previously unknown terrorist operatives and disrupt specific terrorist plots Although the program is large in scope and involves collecting a great number of communications it consists entirely of targeting individual persons and acquiring communications associated with those persons from whom the government has reason to expect it will obtain certain types of foreign intelligence The program does not operate by collecting communications in bulk At the same time the communications of U S persons or people located in the United States may be acquired by the government under Section 702 in the course of targeting non-U S persons located abroad The breadth of collection under the program and its technical complexity enhance this possibility The communications of U S persons can be acquired when a U S person is in contact with a foreign target who need not be involved in wrongdoing in order to be targeted when the government makes a mistake and in certain other situations The government's ability to query its databases for the communications of specific U S persons and to retain and disseminate such communications under certain circumstances heightens the potential for privacy intrusions The Board has been impressed with the rigor of the government's efforts to ensure that it acquires only those communications it is authorized to collect and that it targets only those persons it is authorized to target Moreover the government has taken seriously its obligations to establish and adhere to a detailed set of rules regarding how it handles U S person communications that it acquires under the program Available figures suggest consistent with the Board's own assessment that the primary focus of the Section 702 program remains monitoring non-U S persons located overseas for valid foreign intelligence purposes Nevertheless there are some indications that the government may be gathering and utilizing a significant amount of information about U S persons under Section 702 While the Board has seen no evidence of abuse of this information for improper purposes the collection and examination of personal communications can be a 103 privacy intrusion even in the absence of abuse and a number of the Board's recommendations are motivated by a desire to provide more clarity and transparency regarding the government's activities in the Section 702 program II Value of the Section 702 Program A Advantages and Unique Capabilities The Section 702 program makes a substantial contribution to the government's efforts to learn about the membership goals and activities of international terrorist organizations and to prevent acts of terrorism from coming to fruition Section 702 allows the government to acquire a greater range of foreign intelligence than it otherwise would be able to obtain and it provides a degree of flexibility not offered by comparable surveillance authorities Because the oversight mandate of the Board extends only to those measures taken to protect the nation from terrorism our focus in this section is limited to the counterterrorism value of the Section 702 program although the program serves a broader range of foreign intelligence purposes 457 Section 702 enables the government to acquire the contents of international telephone and Internet communications in pursuit of foreign intelligence While this ability is to some degree provided by other legal authorities particularly traditional FISA and Executive Order 12333 Section 702 offers advantages over these other authorities In order to conduct electronic surveillance under traditional FISA i e Title I of the Foreign Intelligence Surveillance Act of 1978 the government must persuade the Foreign Intelligence Surveillance Court FISC or FISA court under a standard of probable cause that an individual it seeks to target for surveillance is an agent of a foreign power and that the telephone number or other communications facility it seeks to monitor is used or is about to be used by a foreign power or one of its agents 458 In addition a high-level executive branch official must certify with a supporting statement of facts that a significant purpose of the surveillance is to obtain foreign intelligence and that the information sought cannot reasonably be obtained through normal investigative techniques 459 To meet these requirements and satisfy the probable cause standard facts must be gathered by the Intelligence Community a detailed FISA court application must be drafted by the DOJ the facts in the application must be vetted for accuracy the senior 457 See page 25 of this Report 458 50 U S C 1805 a 2 459 50 U S C 1804 a 6 104 government official's certification must be prepared the Attorney General must approve the application and the application must be submitted to the FISA court which must review it determine if the pertinent standards are met and if so grant it 460 These steps consume significant time and resources 461 In practice FISA applications are lengthy and the process not infrequently takes weeks from beginning to final approval 462 This system is deliberately rigorous for it was designed to provide a check on the government's surveillance of U S persons and other people located in the United States Its goal was to prevent the abusive and politically motivated surveillance of U S persons and domestic activists that had occurred under the guise of foreign intelligence surveillance in the mid-twentieth century Under FISA electronic surveillance may be directed only at individuals who are acting at the behest of a foreign power such as a foreign government or international terrorist organization only for legitimate foreign intelligence purposes and only where the aims of the surveillance cannot be achieved by other means 463 The statute's procedural hurdles help to ensure that surveillance takes place only after detailed analysis a strong factual showing measured judgment by high-level executive branch officials and approval by a neutral judge Although the FISA process was designed for surveillance directed at people located in the United States the government later sought and obtained approval from the FISA court to use this process to target foreign persons located outside the United States as well Developments in communications technology and the Internet services industry meant that such surveillance could feasibly be conducted from within the United States in some instances 464 Utilizing the process of traditional FISA to target significant numbers of individuals overseas however required considerable time and resources and government officials have argued that it slowed and sometimes prevented the acquisition of important intelligence 465 460 See 50 U S C 1804 1805 These steps also must be repeated each time the government wishes to continue the surveillance beyond the time limit specified in the original order See 50 U S C 1805 d 461 FISA permits surveillance to begin prior to court approval in emergency situations but in order to exercise this option the Attorney General must make a determination that an emergency exists and that the factual basis required for the surveillance exists and an application must be submitted to the FISA court for the normal probable cause determination within seven days See 50 U S C 1805 e 462 Moreover when the target of surveillance is a U S person that person must be knowingly acting on behalf of a foreign power See 50 U S C 1801 b 1 2 An exception to the requirement that the target be acting on behalf of a foreign power permits a so-called lone wolf with no apparent connection to a foreign power to be targeted if there is probable cause that the person is engaged in international terrorism or proliferation of weapons of mass destruction See 50 U S C 1801 b 1 C D 1805 a 2 A 463 464 See pages 16-18 of this Report 465 See pages 18-19 of this Report 105 Section 702 imposes significantly fewer limits on the government when it targets non-U S persons located abroad permitting greater flexibility and a dramatic increase in the number of people who can realistically be targeted 466 Rather than approving or denying individual targeting requests the FISA court authorizes the surveillance program as a whole approving the certification in which the government identifies the types of foreign intelligence information sought and the procedures the government uses to target people and handle the information it obtains 467 Targets of surveillance need not be agents of foreign powers instead the government may target any non-U S person overseas whom it reasonably believes has or is likely to communicate designated types of foreign intelligence 468 The government need not have probable cause for this belief or for its belief that the target uses the particular selector such as a telephone number or email address to be monitored There is no requirement that the information sought cannot be acquired through normal investigative techniques Targeting decisions are made by NSA analysts and reviewed only within the executive branch 469 Once monitoring of a particular person begins it may continue until new information indicates that the person no longer is an appropriate target Whether a person remains a valid target must be reviewed annually 470 These differences allow the government to target a much wider range of foreigners than was possible under traditional FISA For instance people who might have knowledge about a suspected terrorist can be targeted even if those people are not themselves involved in terrorism or any illegitimate activity In addition to expanding the pool of potential surveillance targets Section 702 also enables a much greater degree of flexibility allowing the government to quickly begin monitoring new targets and communications facilities without the delay occasioned by the requirement to secure approval from the FISA court for each targeting decision As a result of these two factors the number of people who can feasibly be targeted is significantly greater under Section 702 than under the traditional FISA process And Under FISA and the FISA Amendments Act the term United States person includes U S citizens legal permanent residents unincorporated associations with a substantial number of U S citizens or legal permanent residents as members and corporations incorporated in the United States It does not include associations or corporations that qualify as a foreign power See 50 U S C 1801 i 466 467 50 U S C 1881a a i NSA DIRECTOR OF CIVIL LIBERTIES AND PRIVACY OFFICE REPORT NSA'S IMPLEMENTATION OF FOREIGN INTELLIGENCE SURVEILLANCE ACT SECTION 702 at 4 April 16 2014 NSA DCLPO REPORT available at http www dni gov files documents 0421 702%20Unclassified%20Document pdf 468 469 NSA DCLPO REPORT supra at 4-5 Analysts are required to review the communications acquired from a target at least annually to ensure that the targeting is still expected to provide the foreign intelligence sought and that the person otherwise remains an appropriate target under Section 702 See NSA DCLPO REPORT supra at 6 470 106 indeed the number of targets under the program has been steadily increasing since the statute was enacted in 2008 The government also conducts foreign intelligence surveillance outside of the United States against non-U S persons under the authority of Executive Order 12333 In some instances this surveillance can capture the same communications that the government obtains within the United States through Section 702 And because this collection takes place outside the United States it is not restricted by the detailed rules of FISA outlined above 471 Nevertheless Section 702 offers advantages over Executive Order 12333 with respect to electronic surveillance The fact that Section 702 collection occurs in the United States with the compelled assistance of electronic communications service providers contributes to the safety and security of the collection enabling the government to protect its methods and technology In addition acquiring communications with the compelled assistance of U S companies allows service providers and the government to manage the manner in which the collection occurs By helping to prevent incidents of overcollection and swiftly remedy problems that do occur this arrangement can benefit the privacy of people whose communications are at risk of being acquired mistakenly B Contributions to Counterterrorism The Section 702 program has proven valuable in a number of ways to the government's efforts to combat terrorism It has helped the United States learn more about the membership leadership structure priorities tactics and plans of international terrorist organizations It has enabled the discovery of previously unknown terrorist operatives as well as the locations and movements of suspects already known to the government It has led to the discovery of previously unknown terrorist plots directed against the United States and foreign countries enabling the disruption of those plots While the Section 702 program is indeed a program operating to some degree as a cohesive whole and approved by the FISA court accordingly its implementation consists entirely of targeting specific individuals about whom the government already knows something Because surveillance is conducted on an individualized basis where there is reason to target a particular person it is perhaps unsurprising that the program yields a great deal of useful information The value of the Section 702 program is to some extent reflected in the breadth of NSA intelligence reporting based on information derived from the program Since 2008 the number of signals intelligence reports based in whole or in part on Section 702 has FISA does not generally cover surveillance conducted outside the United States except where the surveillance intentionally targets a particular known U S person or where it acquires radio communications in which the sender and all intended recipients are located in the United States and the acquisition would require a warrant for law enforcement purposes See 50 U S C 1801 f 1881c 471 107 increased exponentially A significant portion of those reports relate to counterterrorism and the NSA disseminates hundreds of reports per month concerning terrorism that include information derived from Section 702 Presently over a quarter of the NSA's reports concerning international terrorism include information based in whole or in part on Section 702 collection and this percentage has increased every year since the statute was enacted These reports are used by the recipient agencies and departments for a variety of purposes including to inform senior leaders in government and for operational planning More concretely information acquired from Section 702 has helped the Intelligence Community to understand the structure and hierarchy of international terrorist networks as well as their intentions and tactics In even the most well-known terrorist organizations only a small number of individuals have a public presence Terrorist groups use a number of practices to obscure their membership and activities Section 702 has enabled the U S government to monitor these terrorist networks in order to learn how they operate and to understand how their priorities strategies and tactics continue to evolve Monitoring these networks under Section 702 has led the government to identify previously unknown individuals who are involved in international terrorism Identifying such persons allows the government to pursue new efforts focusing on those individuals and the disruption of their activities such as taking action to prevent them from entering the United States Finally the flexibility of Section 702 surveillance enables the government to effectively maintain coverage on particular individuals as they add or switch their modes of communications As important as discovering the identities of individuals engaged in international terrorism is determining where those individuals are located Modern communications permit the members of a terrorist group and even a small number of people involved in a specific plot to be spread out all over the world Information acquired from Section 702 has been used to monitor individuals believed to be engaged in terrorism In one case for example the NSA was conducting surveillance under Section 702 of an email address used by an extremist based in Yemen Through that surveillance the agency discovered a connection between that extremist and an unknown person in Kansas City Missouri The NSA passed this information to the FBI which identified the unknown person Khalid Ouazzani and subsequently discovered that he had connections to U S based Al Qaeda associates who had previously been part of an abandoned early stage plot to bomb the New York Stock Exchange All of these individuals eventually pled guilty to providing and attempting to provide material support to Al Qaeda Finally pursuit of the foregoing information under Section 702 has led to the discovery of previously unknown terrorist plots and has enabled the government to 108 disrupt them By providing the sites of specific targets of attacks the means being contemplated to carry out the attacks and the identities and locations of the participants the Section 702 program has directly enabled the thwarting of specific terrorist attacks aimed at the United States and at other countries For instance in September 2009 the NSA monitored under Section 702 the email address of an Al Qaeda courier based in Pakistan Through that collection the agency intercepted emails sent to that address from an unknown individual located in the United States Despite using language designed to mask their true intent the messages indicated that the sender was urgently seeking advice on the correct mixture of ingredients to use for making explosives The NSA passed this information to the FBI which used a national security letter to identify the unknown individual as Najibullah Zazi located near Denver Colorado The FBI then began intense monitoring of Zazi including physical surveillance and obtaining legal authority to monitor his Internet activity The Bureau was able to track Zazi as he left Colorado a few days later to drive to New York City where he and a group of confederates were planning to detonate explosives on subway lines in Manhattan within the week Once Zazi became aware that law enforcement was tracking him he returned to Colorado where he was arrested soon after Further investigative work identified Zazi's coconspirators and located bomb-making components related to the planned attack Zazi and one of his confederates later pled guilty and cooperated with the government while another confederate was convicted and sentenced to life imprisonment Without the initial tip-off about Zazi and his plans which came about by monitoring an overseas foreigner under Section 702 the subway-bombing plot might have succeeded In cases like the Zazi and Ouazzani investigations one might ask whether the government could have monitored the communications of the overseas extremists without Section 702 using the traditional FISA process In some instances that might be the case But the process of obtaining court approval for the surveillance under the standards of traditional FISA may for the reasons explained above limit the number of people the government can feasibly target and increase the delay before surveillance on a target begins such that significant communications could be missed The Board has received information about other instances in which the Section 702 program has played a role in counterterrorism efforts Most of these instances are included in a compilation of 54 success stories involving the Section 215 and 702 programs that was prepared by the Intelligence Community last year in the wake of Edward Snowden's unauthorized disclosures Other examples have been shared with the Board more recently Information about these cases has not been declassified but some general information about them can be shared In approximately twenty cases that we have reviewed surveillance conducted under Section 702 was used in support of an already existing counterterrorism investigation while in approximately thirty cases Section 702 109 information was the initial catalyst that identified previously unknown terrorist operatives and or plots In the vast majority of these cases efforts undertaken with the support of Section 702 appear to have begun with narrowly focused surveillance of a specific individual whom the government had a reasonable basis to believe was involved with terrorist activities leading to the discovery of a specific plot after which a short intensive period of further investigation ensued leading to the identification of confederates and arrests of the plotters A rough count of these cases identifies well over one hundred arrests on terrorism-related offenses In other cases that did not lead to disruption of a plot or apprehension of conspirators Section 702 appears to have been used to provide warnings about a continuing threat or to assist in investigations that remain ongoing Approximately fifteen of the cases we reviewed involved some connection to the United States such as the site of a planned attack or the location of operatives while approximately forty cases exclusively involved operatives and plots in foreign countries 472 C Contributions to Other Foreign Intelligence Efforts As noted above the oversight mandate of our Board extends only to those measures taken by the government to protect the nation from terrorism Some governmental activities including the Section 702 program are not aimed exclusively at preventing terrorism but also serve other foreign intelligence and foreign policy goals The Section 702 program for instance is also used for surveillance aimed at countering the efforts of proliferators of weapons of mass destruction 473 Given that these other foreign intelligence purposes of the program are not strictly within the Board's mandate we have not scrutinized the effectiveness of Section 702 in contributing to those other purposes with the same rigor that we have applied in assessing the program's contribution to counterterrorism Nevertheless we have come to learn how the program is used for these other purposes including for example specific ways in which it has been used to combat weapons proliferation and the degree to which the program supports the government's efforts to gather foreign intelligence for the benefit of policymakers Our assessment is that the program is highly valuable for these other purposes in addition to its usefulness in supporting efforts to prevent terrorism The examples described in this paragraph do not represent an exhaustive list of all instances in which the Section 702 program has proven useful even in counterterrorism efforts 472 See S Rep No 112-229 at 32 2012 appendix reproducing Background Paper on Title VII of FISA Prepared by the Department of Justice and the Office of the Director or National Intelligence Section 702 lets us collect information about the intentions and capabilities of weapons proliferators and other foreign adversaries who threaten the United States 473 110 III Privacy and Civil Liberties Implications of the Section 702 Program A Nature of the Collection under Section 702 1 Programmatic Surveillance Unlike the telephone records program conducted by the NSA under Section 215 of the USA PATRIOT Act the Section 702 program is not based on the indiscriminate collection of information in bulk Instead the program consists entirely of targeting specific persons about whom an individualized determination has been made Once the government concludes that a specific non-U S person located outside the United States is likely to communicate certain types of foreign intelligence information -- and that this person uses a particular communications selector such as an email address or telephone number -- the government acquires only those communications involving that particular selector 474 Every individual decision to target a particular person and acquire the communications associated with that person must be documented and approved by senior analysts within the NSA before targeting Each targeting decision is later reviewed by an oversight team from the DOJ and the ODNI the DOJ ODNI oversight team in an effort to ensure that the person targeted is reasonably believed to be a non-U S person located abroad and that the targeting has a legitimate foreign intelligence purpose The FISA court does not approve individual targeting decisions or review them after they are made Although the persons who may be targeted under Section 702 include corporations associations and entities as well as individuals 475 the government is not exploiting any legal ambiguity by targeting an entity like a major international terrorist organization and then engaging in indiscriminate or bulk collection of communications in order to later identify a smaller subset of communications that pertain to the targeted entity To put it another way the government is not collecting wide swaths of communications and then combing through them for those that are relevant to terrorism or contain other foreign intelligence Rather the government first identifies a communications identifier like an email address that it reasonably believes is used by the target whether that target is an individual or an entity It then acquires only those communications that are related to this identifier 476 In other words selectors are always 474 See pages 20-23 and 32-33 of this Report 475 See 50 U S C 1801 m 1881a a The NSA's upstream collection described elsewhere in this Report may require access to a larger body of international communications than those that contain a tasked selector Nevertheless the government has no ability to examine or otherwise make use of this larger body of communications except to promptly determine whether any of them contain a tasked selector Only those communications or more precisely transactions that contain a tasked selector go into government databases See pages 36-41 of this Report 476 111 unique communications identifiers used by the targeted persons So under the Section 702 program the government cannot for instance acquire communications because they are associated with a particular region where the government believes it is likely to find information related to one of its targets Collection is instead limited to the communications identifiers of the targets themselves Likewise although the selectors that the government could use are not limited to telephone numbers and email addresses the government is not creatively interpreting the meaning of selectors to engage in bulk collection under Section 702 Even in the complex realm of Internet communications a selector always must be associated with a specific person or entity Thus acquisition is always based on selecting communications that are associated with the target 477 2 Contents of Private Telephone and Internet Communications Under Section 702 the government acquires the contents of international communications -- collecting Internet communications like emails and recording telephone calls -- as well as the addressing information or metadata associated with those communications The contents of such communications may be highly personal and sensitive U S persons and people located in the United States may not be targeted under Section 702 but their communications nevertheless can be acquired including when they are in contact with a foreigner located abroad who has been targeted Thus the chance of government intrusion into private matters may be comparatively higher for individuals who maintain frequent contact with family members friends acquaintances or professional contacts outside of the United States After being acquired by the government communications obtained through Section 702 are stored in databases for default periods of time 478 There they are subject to being examined by NSA CIA and FBI analysts or agents in pursuit of foreign intelligence or evidence of a crime Subject to the separate minimization procedures at each agency communications can be identified and retrieved from these databases for examination based on their addressing information such as the telephone numbers or email addresses involved while Internet communications are also retrievable by scanning their contents for the presence of certain words or terms 3 Scope of Targeting and Collection While the Section 702 program is based entirely on individual targeting decisions it nevertheless results in an extremely large amount of collection In part this is because This is true even in the unique contexts of so-called about collection and MCT collection both of which are discussed below 477 478 See page 60 of this Report 112 modern technology especially the ability to store huge amounts of data makes it logistically feasible to target large numbers of people The breadth of collection is also possible because as explained above the standards under which targeting is permitted under Section 702 are less rigorous than those governing other surveillance activities conducted within the United States The government enjoys much more latitude when targeting foreigners located outside the United States under Section 702 than it does when targeting people located in the United States under other legal authorities even for foreign intelligence purposes The range of people whom the government may target and the permissible reasons for that targeting are much broader while the level of suspicion required and the legal steps the government must take before initiating surveillance are much lower In particular the FISA court approves the government's targeting and minimization procedures but plays no role in reviewing individual targeting decisions 479 As a result the number of people targeted under Section 702 is considerable and collection has steadily grown During the year 2013 89 138 persons were targeted for collection under Section 702 Thus while the Board does not regard Section 702 as a bulk collection program because it is based entirely on targeting the communications identifiers of specific people neither does the program resemble traditional domestic surveillance conducted pursuant to individualized court orders based on probable cause The FISA court instead determines whether to approve the surveillance program as a whole and plays a role in overseeing whether it stays within statutory and constitutional limits The Section 702 program in short is perhaps best characterized by the term programmatic surveillance 480 B Acquisition of the Communications of U S Persons under Section 702 While the scope of targeting under Section 702 is broad that targeting cannot include U S persons or people located in the United States As a result this program does not allow the government to gain comprehensive access to any U S person's communications the government will not be able to hear every telephone call a U S person makes for instance or collect every email sent or received by that person Instead absent mistake or abuse Section 702 enables the government to obtain only those communications that occur where a U S person is in contact with a targeted overseas foreigner as well as those that are acquired in the unique circumstances of about and MCT collection discussed below 479 See pages 26-31 of this Report The Section 215 program in contrast represents both a bulk collection program and an example of programmatic surveillance 480 113 Because it disallows comprehensive monitoring of any U S person and prohibits deliberately acquiring even a single communication that is known to be solely among people located within the United States the program would serve as a relatively poor vehicle to repress domestic dissent monitor American political activists or engage in other politically motivated abuses of the sort that came to light in the 1970s and prompted the enactment of FISA Nevertheless as described below under certain circumstances the program permits the government to collect a communication where one party is a U S person including communications that are sensitive and private and where the U S person may have taken steps to preserve the confidentiality of the communication There are four main ways in which the Section 702 program notwithstanding its focus on targeting foreigners located abroad can lead to the acquisition of U S persons' communications 1 Incidental Collection A person targeted for surveillance who speaks on the phone or communicates over the Internet is communicating with someone else That other person's communications with the target are said to have been incidentally acquired In the context of the Section 702 program the term incidental collection is used to refer to situations in which U S persons or people located in the United States have their communications acquired because they were in contact with a targeted foreigner located overseas While the government cannot target U S persons or people located in the United States it is permitted to acquire and in some cases retain and use communications in which a U S person is in contact with a target The term incidental is appropriate because such collection is not accidental or inadvertent but rather is an anticipated collateral result of monitoring an overseas target 481 But the term should not be understood to suggest that such collection is infrequent or that it is an inconsequential part of the Section 702 program The number of communications collected under Section 702 to which one party is a U S person or located in the United States is not known And one of the purposes of the program is to discover communications between a target overseas and a person in the United States Executive and legislative branch officials have repeatedly emphasized to us that with respect to terrorism communications involving someone in the United States are See Privacy and Civil Liberties Oversight Board Transcript of Public Hearing Regarding the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act at 97 Mar 19 2014 statement of Robert Litt General Counsel ODNI available at http www pclob gov Library Meetings-Events 2014-March-19-Public-Hearing 19-March2014_Public_Hearing_Transcript pdf 481 114 some of the most important communications acquired under the program 482 And indeed where the program has directly led to the discovery and disruption of terrorist plots it has sometimes done so by helping to discover previously unknown operatives in the United States through their communications with terrorism suspects located abroad 483 From a privacy perspective however incidental collection under Section 702 differs in at least two significant ways from incidental collection that occurs in the course of a criminal wiretap or the traditional FISA process First in the criminal or FISA context the targets of surveillance must be believed to be criminals or agents of a foreign power 484 That means that innocent U S persons need not worry about the government listening to their phone conversations or reading their emails except to the extent that they are communicating with suspected criminals or agents of foreign powers The range of people whom the government may target under Section 702 on the other hand is much broader It is not limited to suspected terrorists or others engaged in nefarious activities Instead under an approved certification the government may target any overseas foreigner who has or is likely to communicate certain kinds of foreign intelligence -- who for instance may possess information with respect to a foreign power or foreign territory that relates to the conduct of the foreign affairs of the United States 485 That person need not be acting at the behest of a foreign power or be engaged in any activities that are hostile toward the United States or would violate any laws For instance someone who has information about a terrorist operative may be targeted under Section 702 even if that person has no involvement in terrorism Second to engage in traditional FISA or criminal electronic surveillance the government must obtain approval from a judge who independently assesses the legitimacy of the targeting and must be persuaded that the government's beliefs about the person See Privacy and Civil Liberties Oversight Board Transcript of Public Workshop regarding surveillance programs operated pursuant to Section 215 of the USA PATRIOT Act and Section 702 of the Foreign Intelligence Surveillance Act at 109 July 9 2013 statement of Steven Bradbury formerly DOJ Office of Legal Counsel stating that Section 702 is particularly focused on communications in and out of the United States because those are the most important communications you want to know about if you're talking about a foreign terrorist suspect communicating to somebody you don't know inside the United States see id at 116 statement of Kenneth Wainstein formerly DOJ National Security Division White House Homeland Security Advisor agreeing available at http www pclob gov SiteAssets 9-july2013 Public%20Workshop%20-%20Full pdf see also FISA for the 21st Century Hearing before the Senate Comm on the Judiciary 109th Cong 9 2006 statement of General Michael V Hayden Director CIA 482 483 See pages 107-110 of this Report 484 See 50 U S C 1805 a 2 A 18 U S C 2518 3 a 50 U S C 1801 e 2 B The range of foreign intelligence that the government may seek under Section 702 is limited by the certifications approved by the FISA court See pages 24-31 of this Report for a description of the certification process 485 115 and or communications facility being targeted are supported by probable cause 486 By providing a neutral check on the government's authority to conduct electronic surveillance these protections help assure innocent U S persons that their conversations will not be incidentally acquired in the course of improper surveillance directed at another person These restrictions and checks are absent under Section 702 To be clear such absence does not mean that the government has free rein targeting rules a system of intra- and inter-agency oversight programmatic supervision by the FISA court and a host of reporting requirements all work to ensure that the government's decisions about whom to monitor stay within legal bounds But the expansiveness of the governing rules combined with the technological capacity to acquire and store great quantities of data permit the government to target large numbers of people around the world and acquire a vast number of communications By 2011 for instance the government was annually acquiring over 250 million Internet communications in addition to telephone conversations 487 The current number is significantly higher Even if U S persons' communications make up only a small percentage of this total the absolute number of their communications acquired could be considerable Minimization requirements to some degree compensate for the possibility of broad incidental collection Those rules are described in detail earlier in this Report 488 and their significance is discussed below While the existence of minimization rules may temper the privacy impact of incidental collection the scope of that collection may also bear on whether the minimization rules are adequate The present lack of knowledge about the range of incidental collection under Section 702 therefore hampers attempts to gauge whether the program appropriately balances national security interests with the privacy of U S persons 2 Inadvertent Collection Sometimes the NSA acquires communications under Section 702 of U S persons or people located in the United States by mistake This can occur when the NSA erroneously believes that a potential target is a foreigner or located outside the United States and discovers the truth only after collection on that person begins It can also occur as a result of human error such as mistyping an email address in the targeting process Additionally mistakes can occur as a result of technological malfunctions Finally targets who were located outside the United States may travel into the country making them no longer 486 See 50 U S C 1805 18 U S C 2518 Opinion at 29 Caption Redacted Docket No Redacted 2011 WL 10945618 at 9 FISA Ct Oct 3 2011 Bates October 2011 Opinion available at http icontherecord tumblr com noting submitted affidavits by the Director or Acting Director of NSA and the Director of FBI 487 488 See pages 50-66 of this Report 116 eligible for targeting before the NSA discovers this fact While all of these possibilities create risks that the NSA will acquire communications that it is not authorized to collect the Board has been impressed by the seriousness with which the government attempts to ensure that this does not occur In any surveillance program as large in scope as the Section 702 program particularly where collection involves highly sophisticated technology mistakes are inevitable The Board believes that the Section 702 program is implemented in a manner that reasonably avoids such errors Furthermore experience has shown that where there have been more significant mistakes the government discovers them and complies with the reporting requirements that demand prompt disclosure of compliance incidents to the FISA court and to the oversight committees in Congress There have been a few significant large-scale implementation problems in the Section 702 program all revolving around technological matters As described earlier technical problems have in some instances led the government to acquire communications not authorized for collection under the program More recently the checks that are designed to provide indications that a target is located inside the United States were substantially non-functioning for over a year In yet another incident the NSA discovered that its systems for purging data were not operating completely leading to the retention of information that should have been destroyed 489 In consultation with the FISA court the government has resolved those issues appropriately and has worked to remedy the errors that were discovered Inadvertent collection can also occur on an individualized basis such as where the NSA targets people whom it mistakenly believes are foreigners or located outside the United States Commentators have questioned the rigor of the agency's foreignness determinations particularly whether they rely on certain default assumptions where information about a person is lacking The notion also has arisen that the agency employs a 51% test in assessing the location and nationality of a potential target -- in other words that analysts need only be slightly more than half confident that the person being targeted is a non-U S person located outside the United States These characterizations are not accurate In keeping with representations the government has made to the FISA court NSA analysts consult multiple sources of information in attempting to determine a proposed target's foreignness and they are obligated to exercise a standard of due diligence in that effort making their determinations based on the totality of the circumstances They also must document the information on 489 See page 79 of this Report 117 which they based their assessments which must be reviewed and approved by two senior analysts prior to targeting and which are subject to further review later 490 Available figures suggest that the percentage of instances in which the NSA accidentally targets a U S person or someone in the United States is tiny In 2013 the DOJ reviewed one year of data to determine the percentage of cases in which the NSA's targeting decisions resulted in the tasking of a communications identifier that was used by someone in the United States or was a U S person The NSA's error rate according to this review was 0 4 percent 491 Moreover once a targeting decision has been made that is not the end of the story Soon after collection on a selector begins analysts must review a sample of the communications that have recently been collected to ensure that the email address or other selector actually is associated with the person whom the NSA intended to target and that this person is a foreigner located outside the United States Additional measures are employed to re-verify the validity of continued collection against the selector 492 In addition the DOJ ODNI oversight team reviews every targeting decision including the documentation on which the foreignness determination was made The oversight team conducts on-site reviews as part of this process and when the documentation available is not sufficient to demonstrate the basis of a foreignness determination the oversight team requests and obtains additional information 493 The NSA counts the number of instances in which it discovers that a selector is or may be being used by someone in the United States -- either because the target traveled to the United States or because the original targeting decision was erroneous The percentage of such instances is also very small with the total annual number of instances representing less than 1 5 percent of the average number of selectors targeted at any given moment To date the DOJ ODNI oversight team has not discovered any instances in which an analyst intentionally violated the statute targeting procedures or minimization procedures In the history of the program the government has identified only two instances of reverse targeting -- that is the prohibited targeting of overseas foreigners for the purpose of acquiring the communications of persons in the United States with whom they are in contact 494 490 NSA DCLPO REPORT supra at 4-5 491 See pages 71-72 of this Report 492 See pages 48-49 of this Report NSA DCLPO REPORT supra at 6 493 NSA DCLPO REPORT supra at 10 See page 79 of this Report In one case the targeting resulted in no collection of communications In the other case all of the collection was purged 494 118 In sum as noted above the Board is impressed by the rigor with which the government attempts to ensure that the persons it targets under Section 702 truly are nonU S persons located outside the United States 495 3 About Collection One of the most controversial aspects of the Section 702 program is the practice of so-called about collection This term describes the NSA's acquisition of Internet communications that are neither to nor from an email address -- but that instead merely include a reference to that selector 496 For instance a communication between two third parties might be acquired because it contains a targeted email address in the body of the communication 497 The fact that the NSA acquires certain communications based on what is contained within the body of the communication has apparently led some to believe that the government is scanning the contents of U S persons' international communications to see if they are discussing particular subjects or using particular key words Initial news articles describing about collection may have contributed to this perception reporting that the NSA is searching the contents of vast amounts of Americans' email and text communications into and out of the country hunting for people who mention information about foreigners under surveillance 498 This belief represents a misunderstanding of a more complex reality About collection takes place exclusively in the NSA's acquisition of Internet communications through its upstream collection process That is the process whereby the NSA acquires communications as they transit the Internet backbone within the United States This process is distinguished from the NSA's PRISM collection in which U S -based Internet service providers transmit communications to the government See below for a discussion of what happens when the NSA discovers that it inadvertently acquired the communications of a U S person or someone in the United States 495 496 See PCLOB March 2014 Hearing Transcript supra at 13 statement of Rajesh De General Counsel NSA See The Intelligence Community's Collection Programs Under Title VII of the Foreign Intelligence Surveillance Act at 4 2012 describing differences between targeting individuals under traditional FISA electronic surveillance provisions and targeting pursuant to Section 702 This document accompanied a 2012 letter sent by the Department of Justice and the Office of the Director of National Intelligence to the Senate Select Committee on Intelligence and House Permanent Select Committee on Intelligence urging the reauthorization of Section 702 See Letter from Kathleen Turner Director of Legislative Affairs ODNI and Ronald Weich Assistant Attorney General Office of Legislative Affairs DOJ to the Hon Dianne Feinstein Chairman Senate Committee on Intelligence et al May 4 2012 available at http www dni gov files documents Ltr%20to%20HPSCI%20Chairman%20Rogers%20and%20Ranking% 20Member%20Ruppersberger_Scan pdf 497 498 Charlie Savage N S A Said to Search Content of Messages to and From U S N Y TIMES Aug 8 2013 119 directly 499 Whereas PRISM collection is a comparatively simple process because the government obtains communications of a service provider's customers directly from that provider the upstream process is more complex depending upon the use of collection devices with technological limitations that significantly affect the scope of collection 500 Because of the way that Internet communications are transmitted in the form of data packets the NSA's collection devices acquire what the agency and the FISA court have termed Internet transactions 501 As a result of this acquisition technique the FISA court has explained the NSA's upstream collection devices acquire any Internet transaction transiting the device if the transaction contains a targeted selector anywhere within it 502 This means that an Internet communication between third parties not involving the target can be acquired by the NSA if it contains a reference for instance to the email address of a target 503 For this reason about collection raises at least two serious concerns one relatively simple the other more complex First about collection may be more likely than other forms of collection to acquire wholly domestic communications -- something not authorized by Section 702 Because about communications are not to or from the email address that was tasked for acquisition 504 which is used by a person reasonably believed to be located outside the United States there is no guarantee that any of the participants to the communication are located outside the United States In part to compensate for this problem the NSA takes additional measures with its upstream collection to ensure that no communications are acquired that are entirely between people located in the United States These measures can include for instance employing Internet protocol filters to acquire only communications that appear to have at least one end outside the United States 505 In this process Internet communications are first filtered to eliminate potential domestic communications and then are screened to capture only communications containing a tasked selector The Intelligence Community's Collection Programs Under Title VII of the Foreign Intelligence Surveillance Act supra at 3-4 NSA DCLPO REPORT supra at 5 See pages 33-34 of this Report 499 500 Bates October 2011 Opinion supra at 30 2011 WL 10945618 at 10 501 Bates October 2011 Opinion supra at 30 2011 WL 10945618 at 10 502 Bates October 2011 Opinion supra at 31 2011 WL 10945618 at 11 Joint Statement of Lisa O Monaco Assistant Attorney General National Security Division Dept of Justice et al Hearing Before the House Permanent Select Comm on Intelligence FISA Amendments Act Reauthorization at 7 Dec 8 2011 December 2011 Joint Statement available at http www dni gov files documents Joint%20Statement%20FAA%20Reauthorization%20Hearing%20%20December%202011 pdf 503 As explained earlier persons are targeted under Section 702 while the selectors used by those persons are tasked 504 505 NSA DCLPO REPORT supra at 5-6 120 While we believe that the measures taken by the NSA to exclude wholly domestic about communications may be reasonable in light of current technological limits they are not perfect 506 Even where both parties to a communication are located in the United States in a number of situations the communication might be routed internationally in which case it could be acquired by the NSA's upstream collection devices 507 There are reasons to suppose that this occurs rarely but presently no one knows how many wholly domestic communications the NSA may be acquiring each year as a result of about collection 508 The more fundamental concern raised by about collection is that it permits the government to acquire communications exclusively between people about whom the government had no prior suspicion or even knowledge of their existence based entirely on what is contained within the contents of their communications 509 This practice fundamentally differs from incidental collection discussed above While incidental collection also permits the government to acquire communications of people about whom it may have had no prior knowledge that is an inevitable result of the fact that conversations generally involve at least two people acquiring a target's communications by definition involves acquiring his communications with other people But no effort is made to acquire those other peoples' communications -- the government simply is acquiring the target's communications In about collection by contrast the NSA's 506 December 2011 Joint Statement supra at 7 acknowledging that the NSA's efforts are not perfect 507 See generally Bates October 2011 Opinion supra at 34 2011 WL 10945618 at 11 Although the NSA conducted a study in 2011 at the behest of the FISA court to estimate how many wholly domestic communications it was annually acquiring as a result of collecting MCTs discussed below the study did not focus on how many domestic communications the NSA may be acquiring due to about collection where the communication acquired was not an MCT but rather a single discrete communication Bates October 2011 Opinion supra at 34 n 32 2011 WL 10945618 at 11 n 32 At the urging of the FISA court the NSA subsequently spent some time examining this question but ultimately did not provide an estimate instead explaining to the court the logistical reasons that the chance of acquiring domestic communications in about collection should be smaller -- and certainly no greater -- than potentially encountering wholly domestic communications within MCTs Id This statement prompted the FISA court to adopt the assumption that the percentage of wholly domestic communications within the agency's about collection might equal the percentage of wholly domestic communications within its collection of MCTs leading to an estimate of as many as 46 000 wholly domestic about communications acquired each year Id We do not view this as a particularly valid estimate because there is no reason to suppose that the number of wholly domestic about communications matches the number of wholly domestic MCTs but the fact remains that the NSA cannot say how many domestic about communications it may be obtaining each year 508 See December 2011 Joint Statement supra at 7 U pstream collection allows NSA to acquire among other things communications about a target where the target is not itself a communicant The Intelligence Community's Collection Programs Under Title VII of the Foreign Intelligence Surveillance Act supra at 4 Upstream collection lets NSA collect electronic communications that contain the targeted e-mail address in the body of a communication between two third parties 509 121 collection devices can acquire communications to which the target is not a participant based at times on their contents 510 Nothing comparable is permitted as a legal matter or possible as a practical matter with respect to analogous but more traditional forms of communication From a legal standpoint under the Fourth Amendment the government may not without a warrant open and read letters sent through the mail in order to acquire those that contain particular information 511 Likewise the government cannot listen to telephone conversations without probable cause about one of the callers or about the telephone in order to keep recordings of those conversations that contain particular content 512 And without the ability to engage in inspection of this sort nothing akin to about collection could feasibly occur with respect to such traditional forms of communication Digital communications like email however enable one as a technological matter to examine the contents of all transmissions passing through collection devices and acquire those for instance that contain a tasked selector anywhere within them The government values about communications for the unique intelligence benefits that they can provide Although we cannot discuss the details in an unclassified public report the moniker about collection describes a number of distinct scenarios which the government has in the past characterized as different categories of about collection These categories are not predetermined limits that confine what the government acquires rather they are merely ways of describing the different forms of communications that are neither to nor from a tasked selector but nevertheless are collected because they contain the selector somewhere within them 513 In some instances the targeted person actually is a participant to the communication using a different communications selector than the one that was tasked for collection and so the term about collection may be misleading 514 In other instances a communication may not involve the targeted person but for various logistical and technological reasons it will almost never involve a person located in the United States 510 See December 2011 Joint Statement supra at 7 511 See United States v Jacobsen 466 U S 109 114 1984 Ex parte Jackson 96 U S 727 733 1877 512 See Katz v United States 389 U S 347 1967 Such communications include any Internet transaction that references a targeted selector regardless of whether the transaction falls within one of the previously identified categories of 'about communications ' Bates October 2011 Opinion supra at 31 2011 WL 10945618 at 11 513 The term about communications was originally devised to describe communications that were about the selectors of targeted persons -- meaning communications that contained such a selector within the communication But the term has been used more loosely by officials in a way that suggests these communications are about the targeted persons References to targeted persons do not themselves lead to about collection only references to the communications selectors of targeted persons lead to about collection 514 122 Some forms of about collection however do potentially intrude on the privacy of U S persons and people in the United States as when for instance a U S person sends or receives an international communication to or from a non-target that contains a tasked email address in the body of the communication Because selectors that are designated for collection under Section 702 need not be affiliated with any nefarious activity themselves as explained earlier a U S person's use of a tasked selector in a communication does not necessarily indicate that the person is assisting a foreign power or engaged in any wrongdoing Furthermore that person's communication will have been acquired because the government's collection devices examined the contents of the communication without the government having held any prior suspicion regarding that communication As noted above however all upstream collection -- of which about collection is a subset -- is selector-based i e based on things like phone numbers or emails 515 Just as in PRISM collection a selector used as a basis for upstream collection is not a 'keyword' or particular term e g 'nuclear' or 'bomb' but must be a specific communications identifier e g email address 516 In other words the government's collection devices are not searching for references to particular topics or ideas but only for references to specific communications selectors used by people who have been targeted under Section 702 Moreover the NSA's acquisition of about communications is to a large degree an inevitable byproduct of its efforts to comprehensively acquire communications that are to or from its targets Because of the specific manner in which the NSA conducts upstream collection and the limits of its current technology the NSA cannot completely eliminate about communications from its collection without also eliminating a significant portion of the to from communications it seeks Only to a limited degree could the agency feasibly turn off its about collection without incurring this result and the outcome would not only represent an incomplete solution but would also undermine confidence that communications to and from targets are being reliably acquired Additionally there is no way at present for the NSA to selectively choose among the different categories of about communications at the collection stage Nor does the NSA currently have any means available to automatically segregate about communications from to from communications after collection or to segregate among different forms of about communications after collection Thus ending all about collection would require ending even those forms of about collection that the Board regards as appropriate and valuable and that have very little chance of impacting the privacy of people in the United States PCLOB March 2014 Hearing Transcript supra at 26 statement of Rajesh De General Counsel NSA see id This is not collection based on key words for example id at 57 Abouts is a type of collection of information A ll collection of information is focused on selectors not key words like terrorist or like a generic name or things along those lines And it's the same selectors that are used for the PRISM program that are also used for upstream collection It's just a different way to effectuate the collection 515 516 NSA DCLPO REPORT supra at 4 123 For now therefore about collection is an inextricable part of the NSA's upstream collection which we agree has unique value overall that militates against eliminating it entirely As a result any policy debate about whether about collection should be eliminated in whole or in part may be to some degree a fruitless exercise under present conditions From our perspective given a choice between the status quo and crippling upstream collection as a whole we believe the status quo is reasonable As explained later however because of the serious and novel questions raised by about collection as a constitutional and policy matter we recommend that the NSA develop technology that would allow it to selectively limit or segregate certain forms of about communications -- so that a debate can be had in which the national security benefits of the different forms of about collection are weighed against their respective privacy implications We emphasize however that our acceptance of about collection rests on the considerations described above -- the inextricability of the practice from a broader form of collection that has unique value and the limited nature of what about collection presently consists of the acquisition of Internet communications that include the communications identifier of a targeted person Although those identifiers may sometimes be found in the body of a communication the government is not making any effort to obtain communications based on the ideas expressed therein We are not condoning expanding about collection to encompass names or key words nor to its use in PRISM collection where it is not similarly inevitable Finally our unwillingness to call for the end of about collection is also influenced by the constraints that presently govern the use of such communications after acquisition As with all upstream collection about communications have a default retention period of two years instead of five are not routed to the CIA or FBI and may not be queried using U S person identifiers 4 Multi-Communication Transactions MCTs The technical means used to conduct the NSA's upstream collection result in another issue with privacy implications Because of the manner in which the agency intercepts communications directly from the Internet backbone the NSA sometimes acquires communications that are not themselves authorized for collection because they are not to from or about a tasked selector in the process of acquiring a communication that is authorized for collection because it is to from or about a tasked selector In 2011 the FISA court held that the NSA's procedures for addressing this problem were inadequate and that without adequate procedures this aspect of the NSA's collection practices violated the Fourth Amendment The government subsequently altered its procedures to the satisfaction of the FISA court Based on the Board's assessment of how those procedures are being implemented today the Board agrees that existing practices strike a reasonable balance between national security and privacy 124 Unlike in PRISM collection where the government receives communications from the Internet service providers who facilitate them in upstream collection the NSA obtains what it calls transactions that are sent across the backbone of the Internet Communications travel across the Internet in the form of data packets a single email for instance can be broken up into a number of data packets that take different routes to their common destination where they are reassembled to reconstruct the email A complement of data packets in NSA parlance is a transaction 517 These transactions will sometimes contain only a single discrete communication like a single email At times however these transactions will contain a number of different individual communications The NSA refers to the latter as an MCT An MCT is acquired by the NSA only if at least one individual communication within it meets the criteria for collection That is at least one of these individual communications must be to or from a tasked selector or contain reference to a tasked selector But the MCT might also contain other individual communications that do not meet these criteria and that have no direct relationship to the tasked selector 518 The NSA's collection devices are unable to distinguish before the point of acquisition whether or not a transaction is an MCT Thus in the process of intercepting a communication that is to from or about a tasked selector the NSA might simultaneously obtain communications that are neither because they are embedded within an MCT that contains a different communication meeting the standards for collection 519 These other communications might be to or from U S persons or people located in the United States They also might be domestic communications exclusively between people located in the United States When the FISA court first began approving the Section 702 program in 2008 it did not understand that the NSA's upstream process acquired transactions or that the agency was acquiring MCTs that included communications including wholly domestic communications that were not themselves authorized for collection Only in 2011 after the government submitted a clarifying letter to the FISA court did these aspects of upstream collection become clear to the court 520 After extensive briefing a hearing and the The government describes an Internet 'transaction' as 'a complement of packets traversing the Internet that together may be understood by a device on the Internet and where applicable rendered in an intelligible form to the user of that device ' Bates October 2011 Opinion supra at 28 n 23 2011 WL 10945618 at 9 n 23 517 518 See December 2011 Joint Statement supra at 7 About collection and MCT collection are separate but overlapping categories An MCT can be acquired if one of the communications within it is about a tasked selector i e contains reference to a tasked selector but an MCT also can be acquired if one of the communications within it is to or from a tasked selector Thus while about collection and MCT collection are both unique results of the upstream collection process there is no inherent relationship between the two 519 520 Bates October 2011 Opinion supra at 27-28 30 2011 WL 10945618 at 2 9-11 125 implementation of a study to estimate how many purely domestic communications were being acquired the FISA court concluded that the NSA's practices were inconsistent with the Fourth Amendment and with the statutory requirement to minimize the retention of information about U S persons consistent with foreign intelligence needs The FISA court accepted that the continued acquisition of MCTs was legitimate but that the procedures in place to handle them after collection did not adequately protect the privacy interests of U S persons whose communications were acquired solely because they were contained within an MCT that also included a communication involving a tasked selector The government later resolved this issue to the FISA court's satisfaction by implementing new procedures for handling MCTs Most notably the NSA implemented procedures to segregate and restrict access to certain MCTs after collection and established that any MCT found to contain a wholly domestic communication must be destroyed upon recognition It also shortened the default retention period for communications acquired through upstream collection to two years 521 These rules are now embodied in the NSA's minimization procedures To address concerns about collection that occurred before these new procedures were implemented the NSA later decided to purge all data in its repositories that it could identify as having been acquired through upstream before the date of these new procedures 522 The Board has inquired into how the NSA's new procedures for handling MCTs are being implemented and it has learned -- at a level of operational detail greater than what is reflected in the agency's minimization procedures -- about the precise manner in which the segregation of MCTs occurs and the steps through which any use of a communication found in an MCT is permitted to occur Based on this information the Board believes that current practices adequately guard against the government's use of wholly domestic communications as well as other communications of U S persons that are not to from or about a tasked selector Given the present impossibility of identifying before collection those MCTs that contain domestic communications or other U S persons' communications that are not themselves authorized for acquisition we believe that the existing procedures strike a reasonable balance between national security and privacy But we echo the FISA court's observation that it is incumbent upon the NSA to continue working to enhance its capability to limit its acquisitions to only targeted communications 523 See Memorandum Opinion at 7-11 Caption Redacted Docket No Redacted 2011 WL 10947772 at 3-5 FISA Ct Nov 30 2011 available at http icontherecord tumblr com post 58944252298 dnideclassifies-intelligence-community-documents 521 See Memorandum Opinion at 30 Caption Redacted Docket No Redacted 2012 WL 9189263 at 3 FISA Ct Sept 25 2012 available at http www dni gov files documents September%202012%20Bates%20Opinion%20and%20Order pdf 522 523 See Bates October 2011 Opinion supra at 58 n 54 2011 WL 10945618 at 20 n 54 126 C Retention Use and Dissemination of U S Persons' Communications under Section 702 Examining the privacy implications of the Section 702 program cannot end with a discussion of what is collected but also must consider how information about U S persons is treated after collection how long it is kept who has access to it in what ways it may be analyzed under what circumstances it may be disseminated and what procedures and oversight mechanisms are in place to ensure compliance with applicable rules 524 Once communications are acquired under Section 702 they go into one or more databases at the NSA CIA and FBI 525 At each agency access to this Section 702 data is limited to those analysts or agents who have received training and guidance In reviewing information contained in these databases government personnel may come across communications involving U S persons Data is frequently reviewed through queries which identify communications that have particular characteristics specified in the query such as containing a particular name or having been sent to or from a particular email address 526 Beginning first with inadvertent collection if it is discovered that a Section 702 target is a U S person or was inside the United States at the time of targeting the government must stop the collection immediately and generally must destroy any communications already acquired 527 While the imperative to stop collection is absolute each agency is permitted in limited circumstances to waive the general requirement that communications already collected must be destroyed At the NSA for instance the Director or Acting Director may waive the destruction requirement on a communication-byEverything that is collected under Section 702 is treated as a communication and therefore is protected by the applicable minimization procedures 524 The CIA and FBI each receive only a select portion of the communications acquired under Section 702 and they receive only Internet communications acquired through PRISM collection not telephone calls or Internet communications acquired through upstream collection The National Counterterrorism Center NCTC is not authorized to receive any unminimized Section 702 data but instead has access to certain FBI systems containing minimized Section 702 data The CIA holds all unminimized communications acquired through Section 702 in a standalone network that is separate from the CIA's other information processing systems 525 Because about and MCT collection occur only in upstream collection which NSA alone receives FBI and CIA personnel have no access to such communications 526 See e g Minimization Procedures used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence Information Pursuant to Section 702 of the Foreign Intelligence Surveillance Act of 1978 as Amended 3 d 2 5 Oct 31 2011 NSA 2011 Minimization Procedures available at http www dni gov files documents Minimization%20Procedures%20used%20by%20NSA%20in%20Con nection%20with%20FISA%20SECT%20702 pdf If the government learns that a target who previously was outside the United States has traveled into the United States it also must stop collection immediately and it must generally destroy those communications that were acquired after the target entered the United States subject to the possibility of a waiver discussed above Id 3 d 527 127 communication basis by determining in writing that the communication satisfies one of several criteria The destruction requirement may be waived if the communication is reasonably believed to contain significant foreign intelligence information evidence of a crime technical data base information or information necessary to understand or assess a communications security vulnerability Communications that indicate a threat of serious harm to life or property may also be preserved from destruction 528 The FBI standards are similar as are the CIA standards except that CIA waivers are limited to communications containing significant foreign intelligence or evidence of a crime Although approval for these waivers must come from the highest levels of the agencies the breadth of the circumstances in which they can be approved raises concern that the waiver provisions might permit excessive use of communications that the agencies never should have acquired Allowing the government to exploit the fruits of mistaken targeting decisions may risk creating an incentive for lax adherence to targeting restrictions Presently however it appears that the government has been invoking these waiver provisions in a restrained manner In 2013 for instance the NSA Director waived the destruction of approximately forty communications none of which was a wholly domestic communication involving eight targets based on a finding that each communication contained significant foreign intelligence information Neither the CIA nor FBI utilized their waiver provisions in 2013 Along with the rigor that we believe is applied to the government's determinations of foreignness during targeting this sparing use of waivers helps to allay concern about their abuse Furthermore when an erroneous targeting was the result of a compliance incident such as mistyping an email address as opposed to a reasonable but mistaken belief about a target's status the waiver provision is unavailable Apart from communications acquired inadvertently U S persons' communications are not typically purged or eliminated from the government's Section 702 databases before the end of their default retention periods even when the communications pertain to matters unrelated to foreign intelligence or crime This is because the agencies do not scrutinize each communication that they acquire or attempt to identify those that are to or from a U S person or person in the United States The NSA's minimization procedures for instance require the destruction of irrelevant communications of or concerning U S persons but analysts are required to make such determinations only at the earliest practicable point in the processing cycle and only where the communication can be identified as clearly not relevant to the purpose under which it was acquired or containing evidence of a crime 529 In practice however this destruction rarely happens NSA analysts do not review all or even most communications acquired under Section 702 528 NSA 2011 Minimization Procedures supra 5 529 NSA 2011 Minimization Procedures supra 3 b 1 128 as they arrive at the agency Instead those communications often remain in the agency's databases unreviewed until they are retrieved in response to a database query or until they are deleted upon expiration of their retention period without ever having been reviewed Even when an analyst focuses on a particular communication the destruction requirement is triggered only when analysts can affirm a negative that the communication in question does not contain foreign intelligence or evidence of a crime 530 But communications that appear innocuous at first may later take on deeper significance as more contextual information is learned and it can be difficult for one analyst to be certain that a communication has no intelligence value to any other analyst As a matter of course therefore there is no routine deletion from the NSA's Section 702 databases of information that involves U S persons but is not pertinent to the agency's foreign intelligence mission Therefore although a communication must be destroyed upon recognition when an NSA analyst recognizes that it involves a U S person and determines that it clearly is not relevant to foreign intelligence or evidence of a crime 531 in reality this rarely happens Nor does such purging occur at the FBI or CIA although their minimization procedures contain age-off requirements those procedures do not require the purging of communications upon recognition that they involve U S persons but contain no foreign intelligence information Information that remains in the government's Section 702 databases may be queried to find the communications of specific U S persons under certain circumstances 532 Queries are a key mechanism through which analysts access Section 702 information in the government's databases 533 They may involve telephone numbers key words or phrases or other discriminators as selection terms 534 Queries can be used to search both the content of communications and the addressing information or metadata associated with the communications At the NSA content queries based on identifiers associated with specific U S persons -- such as a name or email address -- can be performed if they are reasonably likely to return foreign intelligence information 535 No showing or suspicion is required that the U S person is engaged in any form of wrongdoing In recent months NSA analysts have performed queries using U S person identifiers to find information NSA 2011 Minimization Procedures supra 3 c In addition the communication must be known to contain information of or concerning U S persons Id 530 531 NSA 2011 Minimization Procedures supra 3 b 1 c 1 The NSA and CIA first obtained approval to conduct queries using U S person identifiers in 2011 See Bates October 2011 Opinion supra 532 See e g NSA DCLPO REPORT supra at 6 Analysts access the information via 'queries ' which may be date-bound and include alphanumeric strings such as telephone numbers email addresses or terms that can be used individually or in combination with one another 533 534 See e g NSA 2011 Minimization Procedures supra 3 b 6 535 NSA 2011 Minimization Procedures supra 3 b 6 see NSA DCLPO REPORT supra at 7 129 concerning among other things individuals believed to be involved in international terrorism The CIA and FBI standards for content queries are essentially the same except that the FBI given its law enforcement role is permitted to conduct queries to seek evidence of a crime as well as foreign intelligence information At the NSA prior approval must be obtained to use content query terms that involve U S person identifiers The agency records each term that is approved though not the number of times any particular term is actually used to query a database The NSA performs checks of its analysts' queries Prior approval is not required at the CIA instead the agency has developed audit capability This system requires CIA personnel using U S person identifiers as query terms or any other query term intended to return information about a particular U S person write a contemporaneous foreign intelligence justification which is documented along with a record of the query Review of queries is also provided by the DOJ ODNI oversight team which reviews every U S person term approved for querying at the NSA as well as every U S person query performed at the CIA reporting their numbers and any compliance issues to congressional oversight committees In 2013 the NSA approved the use of 198 terms involving U S person identifiers to perform content queries of its Section 702-acquired communications During the same year the CIA conducted approximately 1 900 queries of its unminimized Section 702- acquired communications of which approximately forty percent were at the request of other U S intelligence agencies 536 Outside of those queries conducted on behalf of other intelligence agencies CIA queries might involve for instance U S persons located overseas that intelligence indicates may be engaged in planning terrorist attacks or otherwise facilitating international terrorism While the FBI maintains records of content queries used to search its Section 702 data it does not separately designate those that employ U S person identifiers and so the number of U S person queries performed by the FBI is not known At the NSA metadata queries like content queries must be reasonably designed to return foreign intelligence information when they involve U S person identifiers Prior approval is not required but the analyst must supply a written justification for the query and all queries are recorded and subject to audit 537 The DOJ ODNI oversight team reviews every NSA metadata query that involves a U S person identifier In 2013 NSA analysts Approximately 27 percent of these queries were duplicative of previous queries that employed the same query terms 536 537 NSA DCLPO REPORT supra at 7 130 performed approximately 9 500 queries of metadata acquired under Section 702 using U S person identifiers 538 The CIA also has the capability to conduct metadata-only queries against metadata derived from Section 702 collection However the CIA does not track how many metadataonly queries using U S person identifiers have been conducted The CIA's minimization procedures do not contain any specific standard with respect to metadata queries involving U S person identifiers although such queries are regulated under internal CIA regulations that govern queries of FISA and non-FISA information and FISA itself requires that information collected be used only be for lawful purposes 539 The FBI requires that metadata queries like content queries be reasonably designed to return foreign intelligence or evidence of a crime As noted above however the FBI does not separately track which of its queries involve U S person identifiers and so the number of such metadata queries is not known As illustrated above rules and oversight mechanisms are in place to prevent U S person queries from being abused for reasons other than searching for foreign intelligence or in the FBI's case for evidence of a crime In pursuit of the agencies' legitimate missions however government analysts may use queries to digitally compile the entire body of communications that have been incidentally collected under Section 702 that involve a particular U S person's email address telephone number or other identifier with the exception that Internet communications acquired through upstream collection may not be queried using U S person identifiers 540 In addition the manner in which the FBI is employing U S person queries while subject to genuine efforts at executive branch oversight is difficult to evaluate as is the CIA's use of metadata queries If the NSA CIA or FBI wishes to permanently retain a communication of or concerning a U S person beyond the default retention periods personnel must make a determination that retention is justified under certain criteria established in their minimization procedures Those criteria demand a legitimate governmental interest in the communication but are fairly broad with respect to the types of needs and purposes that justify retention The NSA for instance permits retention if the identity of the U S person is necessary to understand foreign intelligence information or asses its importance or if According to the DOJ ODNI oversight team the NSA's counting of its own metadata queries typically is overinclusive often counting queries that do not actually include a U S person identifier as well as other queries where it is unclear whether a U S person identifier is involved 538 539 See 50 U S C 1806 a 540 See NSA 2011 Minimization Procedures supra 3 b 6 131 the communication contains evidence of a crime among other reasons 541 The CIA's and FBI's rules are comparable Agencies that receive Section 702 communications may disseminate to another agency foreign intelligence information of or concerning a U S person or evidence of a crime concerning a U S person that was acquired from those communications This is done most frequently by the NSA reflecting the nature of its mission When making such disseminations NSA personnel typically mask the information about that U S person that could be used to identify him or her -- replacing a proper name with for instance a U S person -- but they may unmask such information upon request with supervisory approval when the requesting agency is deemed to legitimately require the information for its mission 542 The number of disseminated reports containing references to U S person identifiers are reported annually to congressional oversight committees As with U S person queries these rules guard against the unjustified use of information about U S persons for illegitimate ends but they do not significantly restrict the use of such information for legitimate intelligence and law enforcement aims 543 In 2013 the vast majority of the intelligence reports disseminated by the NSA that were based on intelligence derived from Section 702 contained no reference to any U S person A significant number of such reports however albeit a small percentage of the total did include references to U S persons As noted U S person information in these reports typically is initially masked to hide personally identifying information In response to requests from recipients of those reports primarily intelligence and law enforcement agencies last year the NSA unmasked approximately 10 000 U S person identities where the information was not included in the original reporting 544 Apart from this intelligence reporting the NSA is permitted to pass on information showing possible violations of the law to the DOJ and the FBI In 2013 the agency passed on such information only ten times 541 NSA 2011 Minimization Procedures supra 6 a b 2 542 NSA DCLPO REPORT supra at 7-8 NSA 2011 Minimization Procedures supra 6 b Under similar rules and additional internal restrictions the NSA may share communications involving U S persons with foreign governments NSA 2011 Minimization Procedures supra 8 a The NSA also is permitted to use and disseminate U S persons' privileged attorney-client communications subject to approval from its Office of General Counsel as long as the person is not known to be under criminal indictment in the United States and communicating with an attorney about that matter Id 4 The CIA and FBI minimization procedures contain comparable provisions 543 According to the NSA fewer than a quarter of these identifiers were proper names of individuals or their titles the remainder were U S corporation names U S educational institution names U S -registered IP addresses websites hosted in the United States email addresses or telephone numbers potentially used by U S persons and other identifiers potentially used by U S persons 544 132 In the Board's view the protections contained in the agencies' minimization procedures are reasonably designed and implemented to ward against exploitation of information acquired under Section 702 for illegitimate purposes The Board has seen no trace of any such illegitimate activity associated with the program or any attempt to intentionally circumvent legal limits Depending on the scope of collection however the applicable rules may allow a substantial amount of private information about U S persons to be acquired by the government examined by its personnel and used in ways that may have a negative impact on those persons Although it is not known how many communications involving U S persons or people in the United States are acquired under Section 702 the limited figures available may provide some indication of the extent to which the government presently could be using such communications Some of these figures illustrate that the Section 702 program remains primarily focused on monitoring non-U S persons located outside the United States By the same token the overall scope of collection under the program and the quantity of intelligence reporting derived from this collection involving U S persons suggest that the government may be gathering and utilizing a significant amount of information about U S persons under Section 702 If so this would raise legitimate concern about whether a collection program that is premised on targeting foreigners located outside the United States without individual judicial orders now acquires substantial information about U S persons without the safeguards of individualized court review Emphasizing again that we have seen no indication of abuse nor any sign that the government has taken lightly its obligations to establish and adhere to a detailed set of rules governing the program the collection and examination of U S persons' communications represents a privacy intrusion even in the absence of misuse for improper ends The Board's desire to provide more clarity and transparency regarding the government's activities under Section 702 particularly insofar as they involve the acquisition and handling of U S persons' communications underlies a number of our recommendations 133 Part 6 RECOMMENDATIONS The Board has conducted an in-depth study of the Section 702 program We have carefully considered whether the program as implemented complies with the statute and is consistent with constitutional requirements The Board has also evaluated whether the program strikes the right balance between national security and privacy and civil liberties as a policy matter The Board recognizes the considerable value that the Section 702 program provides in the government's efforts to combat terrorism and gather foreign intelligence and finds that at its core the program is sound However some features outside of the program's core particularly those impacting U S persons raise questions regarding the reasonableness of the program The Board therefore offers a series of policy recommendations to ensure that the program includes adequate and appropriate safeguards for privacy and civil liberties The Board has identified five key areas where operations of the Section 702 program could strike a better balance between privacy civil rights and national security They include the manner in which targeting and tasking is implemented the manner in which queries using U S person identifiers are conducted and the Foreign Intelligence Surveillance Court's FISC or FISA court role in the certification process Additional areas for improvement include the government's collection of upstream Internet transactions transparency in the operations of the Section 702 program We also make a recommendation not limited only to Section 702 about evaluation of the efficacy of government surveillance programs Based on our independent review and the conclusions we have drawn the Board offers the following recommendations I Targeting and Tasking Recommendation 1 The NSA's targeting procedures should be revised to a specify criteria for determining the expected foreign intelligence value of a particular target and b require a written explanation of the basis for that determination sufficient to demonstrate that the targeting of each selector is likely to return foreign intelligence information relevant to the subject of one of the certifications approved by the FISA court The NSA should implement these revised targeting procedures through revised guidance and training for analysts specifying the criteria for the foreign intelligence determination and the kind of written explanation needed to support it We expect that the FISA 134 court's review of these targeting procedures in the course of the court's periodic review of Section 702 certifications will include an assessment of whether the revised procedures provide adequate guidance to ensure that targeting decisions are reasonably designed to acquire foreign intelligence information relevant to the subject of one of the certifications approved by the FISA court Upon revision of the NSA's targeting procedures internal agency reviews as well as compliance audits performed by the ODNI and DOJ should include an assessment of compliance with the foreign intelligence purpose requirement comparable to the review currently conducted of compliance with the requirement that targets are reasonably believed to be non-U S persons located outside the United States In order to target a person under Section 702 two basic criteria must be satisfied the person must be a non-U S person located outside the United States the foreignness determination and the surveillance must be conducted to collect foreign intelligence information the foreign intelligence purpose determination The Board's review of the Section 702 program showed that the procedures for documenting targeting decisions within the NSA and the procedures for reviewing those decisions within the executive branch focus primarily on the foreignness determination -- -- establishing that a potential target is a non-U S person reasonably believed to be located abroad The process for documenting and reviewing the foreign intelligence purpose of a targeting is not as rigorous Agency personnel have not been required to articulate or explain these determinations in any detail as a matter of course and typically indicate what category of foreign intelligence information they expect to obtain from targeting a particular person in a single brief sentence that contains only minimal information about why the analyst believes that targeting this person will yield foreign intelligence information As a result the Section 702 oversight team from the DOJ and the ODNI cannot scrutinize these foreign intelligence purpose determinations with the same rigor that it scrutinizes foreignness determinations In contrast NSA analysts are required to articulate a rationale to a much greater degree regarding their foreignness determinations and oversight is accordingly more in-depth The Board recognizes that this distinction stems from the different treatment of the foreignness and foreign intelligence purpose determinations in Section 702 itself Section 702 d the subsection of the statute outlining the requirements for targeting procedures specifically requires that the procedures be reasonably designed to ensure that targeting is limited to persons reasonably believed to be located outside the United States but there is no comparable requirement in this subsection specifying that targeting procedures must be reasonably designed to ensure that targeting has a valid foreign intelligence purpose Likewise when the FISA court assesses whether the government's targeting procedures 135 comply with statutory requirements the court is directed by Section 702 i to consider the adequacy of those procedures with respect to the foreignness determination but there is no comparable provision specifically requiring a review of the foreign intelligence purpose determination Despite the fact that the statute treats these two determinations differently it also demands that all targeting be intended to acquire foreign intelligence information Thus the foreign intelligence purpose determination is a critical part of the statutory framework From a constitutional perspective moreover at least insofar as Section 702 surveillance incidentally collects communications to and from U S persons the foreign intelligence purpose is what provides the basis for the government to conduct Section 702 surveillance without a warrant As a result we conclude that there should be something closer to parity between the foreignness determination and foreign intelligence purpose determination in terms of what level of explanation is required of an analyst and how rigorous the oversight of that explanation is Therefore the Board recommends that the NSA's targeting procedures be updated to require a more detailed written explanation of the foreign intelligence purpose of each targeting decision and to specify the criteria that would be sufficient to demonstrate that this standard has been met Changes to the targeting procedures that provide more guidance to analysts and require more explanation regarding the foreign intelligence purpose of a targeting will help analysts better articulate this element of their targeting decisions When analysts articulate at greater length the bases for their targeting decisions the executive branch oversight team that later reviews those decisions will be better equipped to meaningfully review them The Board does not believe that a statutory change is needed to implement this recommendation The government already has the authority to amend its targeting procedures subject to FISA court approval We believe that it would be helpful for the FISA court when reviewing Section 702 certifications to assess whether the government's targeting procedures are reasonably designed to ensure that targeting is limited to persons of foreign intelligence value much like the court now assesses whether targeting procedures are reasonably designed to ensure that targeting is limited to persons located outside the United States We believe that without statutory change the government could request that the FISA court assume this additional task as the FISA court already must and does consider how fully the Section 702 program is geared toward acquiring foreign intelligence in order to ensure that the program is authorized by the statute and consistent with the Fourth Amendment Once the revised targeting procedures are in place analysts should be trained on their implementation to ensure that the analysts are appropriately articulating the rationale for foreign intelligence purpose determinations The NSA should also modify its 136 internal agency reviews to ensure that the new targeting procedures have been adopted by its analysts The executive branch compliance audits should also be modified to reflect the new targeting procedures and to include more rigorous scrutiny of whether valid foreign intelligence purpose determinations are being properly articulated II U S Person Queries Recommendation 2 The FBI's minimization procedures should be updated to more clearly reflect actual practice for conducting U S person queries including the frequency with which Section 702 data may be searched when making routine queries as part of FBI assessments and investigations Further some additional limits should be placed on the FBI's use and dissemination of Section 702 data in connection with non-foreign intelligence criminal matters When an FBI agent or analyst initiates a criminal assessment or begins a new criminal investigation related to any type of crime it is routine practice pursuant to the Attorney General Guidelines for Domestic FBI Operations to conduct a query of FBI databases in order to determine whether they contain information on the subject of the assessment or investigation The databases queried may include information collected under various FISA authorities including data collected under Section 702 The FBI's rules relating to queries do not distinguish between U S persons and non-U S persons as a domestic law enforcement agency most of the FBI's work concerns U S persons If a query leads to a hit in the FISA data i e if a communication is found within a repository of Section 702 data that is responsive to the query then the agent or analyst is alerted to the existence of the hit If the agent or analyst has received training on how to handle FISAacquired materials he or she is able to view the Section 702 data that was responsive to the query however if the agent or analyst has not received FISA training he or she is merely alerted to the existence of the information but cannot access it The agent or analyst would have to contact a FISA-trained agent or analyst and ask him or her to review the information Even though FBI analysts and agents who solely work on non-foreign intelligence crimes are not required to conduct queries of databases containing Section 702 data they are permitted to conduct such queries and many do conduct such queries This is not clearly expressed in the FBI's minimization procedures and the minimization procedures should be modified to better reflect this actual practice The Board believes that it is important for accountability and transparency that the minimization procedures provide a clear representation of operational practices Among other benefits this improved clarity will better enable the FISA court to assess statutory and constitutional compliance when 137 the minimization procedures are presented to the court for approval with the government's next recertification application In light of the privacy and civil liberties implications of using Section 702 information collected under lower thresholds and for a foreign intelligence purpose in the FBI's pursuit of non-foreign intelligence crimes the Board believes it is appropriate to place some additional limits on what can be done with Section 702 information Members of the Board differ on the nature of the limitations that should be placed on the use of that information Board Members' proposals and a brief explanation of the reasoning supporting each are stated below with elaboration in the two separate statements Additional Comment of Chairman David Medine and Board Member Patricia Wald For acquisitions authorized under Section 702 FISA permits the FBI for law enforcement purposes to retain and disseminate evidence of a crime However there is a difference between obtaining a U S person's communications when they are in plain view as an analyst reviews the target's communications and the retrieval of a U S person's communications by querying the FBI's Section 702 holdings collected over the course of years 545 Therefore consistent with our separate statement regarding Recommendation 3 we believe that U S persons' privacy interests regarding 702 data should be protected by requiring that each identifier should be submitted to the FISA court for approval before the identifier may be used to query data collected under Section 702 other than in exigent circumstances The court should determine based on documentation submitted by the government whether the use of the U S person identifier for Section 702 queries meets the standard that the identifier is reasonably likely to return information relevant to an assessment or investigation of a crime As discussed in more detail in our separate statement this judicial review would not be necessary for U S persons who are already suspected terrorists and subject to surveillance under other government programs Additional Comment of Board Members Rachel Brand and Elisebeth Collins Cook As explained in our separate statement we would support a requirement that an analyst conducting a query in a non-foreign intelligence criminal matter obtain supervisory approval before accessing any Section 702 information that was responsive to the query We would also support a requirement of higher-level Justice Department approval to the extent not already required before Section 702 information could be used On June 25 2014 the United States Supreme Court ruled unanimously that a search of a cell phone seized by the police from an individual who has been arrested required a warrant Riley v California No 13132 2014 WL 2864483 U S June 25 2014 The Court distinguished between reviewing one record versus conducting an extensive records search over a long period The fact that someone could have tucked a paper bank statement in a pocket does not justify a search of every bank statement from the last five years Id at 18 Likewise observing evidence of a crime in one email does not justify conducting a search of an American's emails over the prior five years to or from everyone targeted under the Section 702 program 545 138 in the investigation or prosecution of a non-foreign intelligence crime such as in the application for a search warrant or wiretap in the grand jury or at trial We would not require any additional approvals before an analyst could conduct a query of databases that include FISA data Additional Comment of Board Member James Dempsey It is imperative not to re-erect the wall limiting discovery and use of information vital to the national security and nothing in the Board's recommendations would do so The constitutionality of the Section 702 program is based on the premise that there are limits on the retention use and dissemination of the communications of U S persons collected under the program The proper mix of limitations that would keep the program within constitutional bounds and acceptable to the American public may vary from agency to agency and under different circumstances The discussion of queries and uses at the FBI in this Report is based on our understanding of current practices associated with the FBI's receipt and use of Section 702 data The evolution of those practices may merit a different balancing For now the use or dissemination of Section 702 data by the FBI for nonnational security matters is apparently largely if not entirely hypothetical The possibility however should be addressed before the question arises in a moment of perceived urgency Any number of possible structures would provide heightened protection of U S persons consistent with the imperative to discover and use critical national security information already in the hands of the government 546 Recommendation 3 The NSA and CIA minimization procedures should permit the agencies to query collected Section 702 data for foreign intelligence purposes using U S person identifiers only if the query is based upon a statement of facts showing that the query is reasonably likely to return foreign intelligence information as defined in FISA The NSA and CIA should develop written guidance for agents and analysts as to what information and documentation is needed to meet this standard including specific examples Under the NSA and CIA minimization procedures for the Section 702 program analysts are permitted to perform queries of databases that hold communications acquired under Section 702 using query terms that involve U S person identifiers Such queries are designed to identify communications in the database that involve or contain information relating to a U S person See Presidential Policy Directive -- Signals Intelligence Activities Policy Directive 28 2014 WL 187435 2 Jan 17 2014 limiting the use of signals intelligence collected in bulk to certain enumerated purposes available at http www whitehouse gov the-press-office 2014 01 17 presidential-policydirective-signals-intelligence-activities 546 139 The internal processes employed by the two agencies with respect to U S person queries differ Under the NSA's minimization procedures all queries that involve U S person identifiers whether they search content or metadata must be constructed so as to be reasonably likely to return foreign intelligence information The NSA also requires analysts to provide written justifications for the use of all query terms that involve U S person identifiers More specifically with respect to querying the metadata of Section 702 communications which includes for instance the email address from which a communication was sent analysts must document the basis for queries that involve U S person identifiers which are subject to audit With respect to queries that scan the contents of Section 702 communications analysts must obtain prior approval for any query term that involves a U S person identifier Subsequent uses of an already approved query term do not require new permission Under the CIA's minimization procedures personnel must document the foreign intelligence basis for queries of content queries that involve U S person identifiers which are subject to audit but need not document a justification or obtain prior approval for queries of metadata Although the Board recognizes that NSA and CIA queries are subject to rigorous oversight by the DOJ's National Security Division and the ODNI with the exception of metadata queries at the CIA which are not reviewed by the oversight team we believe that NSA and CIA analysts before conducting a query involving a U S person identifier should provide a statement of facts illustrating why they believe the query is reasonably likely to return foreign intelligence information 547 To assist in this process the government should develop written guidance for the benefit of analysts who are authorized to perform such queries to clearly explain the meaning of the standard reasonably likely to return foreign intelligence information It should also provide illustrative examples of permissible and impermissible queries as well as proper and improper bases on which to conclude that a query is reasonably likely to return foreign intelligence This guidance should reflect the fact that the statutory definition of foreign intelligence information under FISA is narrower when the information in question involves U S persons than it is when information pertains only to non-U S persons Implementing these measures will help to ensure that analysts at the NSA and CIA do not access or view communications acquired under Section 702 that involve or concern U S persons when there is no valid foreign intelligence reason to do so 547 queries Board Member Elisebeth Collins Cook would not extend a new requirement to this effect to metadata 140 III FISC Role Recommendation 4 To assist in the FISA court's consideration of the government's periodic Section 702 certification applications the government should submit with those applications a random sample of tasking sheets and a random sample of the NSA's and CIA's U S person query terms with supporting documentation The sample size and methodology should be approved by the FISA court The FISA court reviews the government's proposed targeting and minimization procedures each time the government seeks approval or re-approval of a certification typically annually To assist the FISA court in its review the government should provide the court with a random sample of targeting decisions reflected in tasking sheets and a random sample of NSA and CIA query terms that involve U S person identifiers 548 The FISC should approve the methodology used to select the samples and the size of those samples Providing a random sample of targeting decisions would allow the FISC to take a retrospective look at the targets selected over the course of a recent period of time The data could help inform the FISA court's review process by providing some insight into whether the government is in fact satisfying the foreignness and foreign intelligence purpose requirements and it could signal to the court that changes to the targeting procedures may be needed or prompt inquiry into that question The data could provide verification that the government's representations during the previous certification approval were accurate and it could supply the FISC with more information to use in determining whether the government's acquisitions comply with the statute and the Fourth Amendment Similarly a retrospective sample of U S person query terms and supporting documentation will allow the FISC to conduct a fuller review of the government's minimization procedures Such a sample could allow greater insight into the methods by which information gathered under Section 702 is being utilized and whether those methods are consistent with the minimization procedures While U S person queries by the NSA and CIA are already subject to rigorous executive branch oversight with the exception of metadata queries at CIA supplying this additional information to the FISC could help guide the court by highlighting whether the minimization procedures are being followed and whether changes to those procedures are needed Chairman David Medine and Board Member Patricia Wald see no reason to exclude the FBI's query process from FISA court oversight While it is correct that the FBI does not distinguish between queries using U S person identifiers and those that do not as a domestic law enforcement agency it clearly conducts a significant number of queries using identifiers belonging to U S persons Therefore a sample of the queries performed by the FBI could inform the FISA court's review 548 141 Recommendation 5 As part of the periodic certification process the government should incorporate into its submission to the FISA court the rules for operation of the Section 702 program that have not already been included in certification orders by the FISA court and that at present are contained in separate orders and opinions affidavits compliance and other letters hearing transcripts and mandatory reports filed by the government To the extent that the FISA court agrees that these rules govern the operation of the Section 702 program the FISA court should expressly incorporate them into its order approving Section 702 certifications The government's operation of the Section 702 program must adhere to the targeting and minimization procedures that are approved by the FISA court as well as to the pertinent Attorney General guidelines and the statute itself The government also makes additional representations to the FISA court through compliance notices and other filings as well as during hearings that together create a series of more rigorous precedents and a common understanding between the government and the court regarding the operation of the program More than once the government has implemented rules for the Section 702 program that are more detailed than what is reflected in the text of the targeting and minimization procedures themselves although these rules typically are viewed as an interpretation of those procedures These more detailed rules are not centrally located but are contained in compliance letters affidavits mandatory reports hearing transcripts and other sources that arise from the interaction between the government and the FISC Such rules have precedential value and create real consequences as the government considers itself bound to abide by the representations it makes to the FISA court To the extent that the rules which have emerged from these representations and this interactive process govern the operation of the Section 702 program they should be memorialized in a single place and incorporated into the FISC's certification review This recommendation is influenced by the Board's recognition that FISC judges and legal advisors do not serve on the court forever As judges rotate out of FISC service the risk that important information about the contours of the Section 702 program will be lost due to attrition or not fully appreciated by new judges greatly increases when the body of precedent that has developed over the course of the program's existence is not centrally located Adopting this recommendation would ensure that each judge who may come to render decisions about the program will have ready access to a centralized source that encapsulates this body of precedent to help inform his or her decisions and understanding of the program This consolidation of rules will also facilitate congressional oversight of the Section 702 program Accordingly the Board views this recommendation as a measure to promote good government 142 Additionally incorporating the series of precedents described above into a comprehensive source will provide a single reference point for every government lawyer agent officer and analyst within the Intelligence Community who has responsibilities under the Section 702 program These precedents and rules given their dispersed location within a range of different FISA court filings and documents may not be readily accessible to the lawyers tasked with helping to implement the requirements specified in those documents or to the agents and analysts operating the program A complete readily accessible legal framework will assist lawyers and analysts throughout the government in their efforts to comply with the requirements of the Section 702 program IV Upstream and About Collection Recommendation 6 To build on current efforts to filter upstream communications to avoid collection of purely domestic communications the NSA and DOJ in consultation with affected telecommunications service providers and as appropriate with independent experts should periodically assess whether filtering techniques applied in upstream collection utilize the best technology consistent with program needs to ensure government acquisition of only communications that are authorized for collection and prevent the inadvertent collection of domestic communications In PRISM collection through which the government obtains communications directly from Internet service providers the government acquires only those communications sent to or from selectors used by targeted persons Obtaining only communications sent to and from those selectors helps ensure that no wholly domestic communications are acquired -- because the targeted person who uses the selector always must be someone reasonably believed to be located outside the United States In upstream collection by contrast the NSA obtains communications directly from the Internet backbone with the compelled assistance of companies that maintain those networks rather than Internet service providers that supply particular modes of communication The success of this process depends on collection devices that can reliably acquire data packets associated with the proper communications In addition through about collection the upstream process includes acquiring communications that contain reference to selectors used by targeted persons even if the communication is not sent to or from the account of that selector Because the targeted person may not be a party to the communication it is possible that neither participant in the communication is located outside the United States although the NSA takes additional measures including the use of IP filters to try to avoid collecting wholly domestic communications 143 As a result upstream collection involves a greater risk that the government will acquire wholly domestic communications which it is not authorized to intentionally collect under Section 702 Ensuring that the upstream collection process comports with statutory limits and with agency targeting procedures involves an important technical process of filtering out wholly domestic communications The government acknowledges however that the technical methods used to prevent the acquisition of domestic communications do not completely prevent them from being acquired Even if domestic communications were to constitute a very small percentage of upstream collection this could still result in a large overall number of purely domestic communications being collected Mindful of these considerations the Board believes that there should be an ongoing dialogue both within the government and in cooperation with telecommunications providers or independent experts to ensure that the means being used to filter for domestic communications use the best technology We also believe that the determination about whether this is the case should be continually revisited Recommendation 7 The NSA periodically should review the types of communications acquired through about collection under Section 702 and study the extent to which it would be technically feasible to limit as appropriate the types of about collection In the upstream collection process as in the PRISM collection process the NSA acquires Internet communications sent to and from the selector such as an email address used by a targeted person In upstream however the NSA also acquires Internet communications that are not sent to or from this email address but instead contain reference to the selector sometimes in the body of the communication These are termed about communications because they are not to or from but rather about the communication selectors of targeted persons In addition for technical reasons about collection is needed even to acquire some communications that actually are to or from a target A number of different scenarios result in a communication containing reference to a particular selector when the communication is not to or from that selector Thus there are a number of different categories or types of about communications acquired by the NSA Some forms of about communications are actually the communications of targeted persons Other types of about collection can result in the acquisition of communications between two non-targets thereby implicating greater privacy concerns For instance when a person in the United States sends or receives an international communication that contains a targeted email address in the body of the communication that communication may be acquired by the NSA even if the sender and recipient are not targets themselves and were completely unknown to the government before its collection devices examined 144 the contents of their communication Moreover the permissible scope of targeting in the Section 702 program is broad enough that targets need not themselves be suspected terrorists or other bad actors Thus if the email address of a target appears in the body of a communication between two non-targets it does not necessarily mean that either of the communicants is in touch with a suspected terrorist All of these types of about communications can provide intelligence value helping the government learn more about terrorist networks and their plans or obtain other foreign intelligence While about collection is valued by the government for its unique intelligence benefits it is to a large degree an inevitable byproduct of the way the NSA conducts much of its upstream collection As discussed earlier in this Report because of the technical manner in which this collection is performed the NSA cannot entirely stop acquiring about communications without also missing a significant portion of to from communications Nor does the agency have the capability to selectively acquire certain types of about communications but not others At least some forms of about collection present novel and difficult issues regarding the balance between privacy and national security But current technological limits make any debate about the proper balance somewhat academic because it is largely unfeasible to limit about collection without also eliminating a substantial portion of upstream's to from collection which would more drastically hinder the government's counterterrorism efforts We therefore recommend that the NSA work to develop technology that would enable it to identify and distinguish among the types of about collection at the acquisition stage and then selectively limit or modify its about collection as may later be deemed appropriate If it is not possible for collection devices to identify or differentiate among types of about communications at the acquisition stage we urge the NSA to develop technology that would allow it to automatically segregate all about communications after collection and if possible to individually segregate different types of about communications from one another after collection With such mechanisms in place it will be possible to have a policy discussion about whether or not the privacy impacts of particular types of about collection justify treating those types of communications in a different way or eliminating their collection entirely V Accountability and Transparency Recommendation 8 To the maximum extent consistent with national security the government should create and release with minimal redactions declassified versions of the FBI's and CIA's Section 702 minimization procedures as well as the NSA's current minimization procedures 145 The Board believes that the public would benefit from understanding the procedures that govern the acquisition use retention and dissemination of information collected under Section 702 The Board respects the government's need to protect its operational methods and practices but it also recognizes that transparency enables accountability to the public that the government serves Therefore the Board urges the government to engage in a declassification review and to the greatest extent possible without jeopardizing national security release unredacted versions of the FBI CIA and NSA minimization procedures Recommendation 9 The government should implement five measures to provide insight about the extent to which the NSA acquires and utilizes the communications involving U S persons and people located in the United States under the Section 702 program Specifically the NSA should implement processes to annually count the following 1 the number of telephone communications acquired in which one caller is located in the United States 2 the number of Internet communications acquired through upstream collection that originate or terminate in the United States 3 the number of communications of or concerning U S persons that the NSA positively identifies as such in the routine course of its work 4 the number of queries performed that employ U S person identifiers specifically distinguishing the number of such queries that include names titles or other identifiers potentially associated with individuals and 5 the number of instances in which the NSA disseminates non-public information about U S persons specifically distinguishing disseminations that includes names titles or other identifiers potentially associated with individuals These figures should be reported to Congress in the NSA Director's annual report and should be released publicly to the extent consistent with national security Under Section 702 the government acquires the contents of telephone calls and Internet communications from within the United States without individualized warrants or court orders so long as the acquisition involves targeting non-U S persons reasonably believed to be located outside the United States for foreign intelligence purposes Those targeted persons of course may communicate with U S persons or people located in the United States resulting in the incidental collection of their communications Since the enactment of the FISA Amendment Act in 2008 the extent to which the government acquires the communications of U S persons under Section 702 has been one of the biggest open questions about the program and a continuing source of public concern Lawmakers and civil liberties advocates have called upon the executive branch to disclose how many communications of U S persons are being acquired In turn 146 the executive branch has responded that it cannot provide such a number -- because it is often difficult to determine from a communication the nationality of its participants and because the large volume of collection under Section 702 would make it impossible to conduct such determinations for every communication that is acquired The executive branch also has pointed out that any attempt to document the nationality of participants to communications acquired under Section 702 would actually be invasive of privacy because it would require government personnel to spend time scrutinizing the contents of private messages that they otherwise might never access or closely review As a result of this impasse lawmakers and the public do not have even a rough estimate of how many communications of U S persons are acquired under Section 702 Based on information provided by the NSA the Board believes that certain measures can be adopted that could provide insight into these questions without unduly burdening the NSA or disrupting the work of its analysts and without requiring the agency to further scrutinize the contents of U S persons' communications We believe that the NSA could implement five measures listed above that collectively would shed some light on the extent to which communications involving U S persons or people located in the United States are being acquired and utilized under Section 702 While the measures we have proposed will provide only partial insight into this question they will not for instance reveal the number of communication obtained under PRISM collection which accounts for the vast majority of Internet acquisitions they will provide a snapshot albeit imperfect of the degree to which the NSA under Section 702 acquires communications involving U S persons queries them retains them permanently and disseminates information from them to other agencies The number of queries and disseminations involving U S person information are already tracked by the NSA but we believe that these figures should be annually reported in a central document along with the new figures we have proposed counting and that the NSA's annual reporting of its queries and disseminations should highlight those that potentially involve individuals as opposed to businesses or institutions which are of special interest from a privacy perspective It is possible that with respect to the first two measures above the information that the NSA feasibly can document might turn out to be insufficiently comprehensive to yield dependable numbers but this will not be known until the NSA attempts to implement the recommendation Adopting the measures that we have proposed will supply policymakers and the public with important information about one of the most frequently discussed aspects of the Section 702 program enabling more informed judgments to be made about the program in the future 147 VI Efficacy Recommendation 10 The government should develop a comprehensive methodology for assessing the efficacy and relative value of counterterrorism programs The efficacy of any particular counterterrorism program is difficult to assess Even when focusing only on programs of surveillance such programs can serve a variety of functions that contribute to the prevention of terrorism Most obviously a surveillance program may reveal the existence of a planned terrorist attack enabling the government to disrupt the attack But the number of plots thwarted in this way is only one measure of success Counterterrorism surveillance programs can enable the government to learn about the identities and activities of the individuals who make up terrorist networks They can help the government to understand the goals and intentions of those organizations as well as the ways in which the organizations fund their pursuits and coordinate the activities of their members All of this knowledge can aid the government in taking steps to frustrate the efforts of these terrorist organizations -- potentially stymieing their endeavors long before they coalesce around the plotting and implementation of a specific attack Because the nature of counterterrorism efforts can vary measures of success may vary as well Moreover individual counterterrorism programs are not typically used in isolation rather these programs can support and mutually reinforce one another Therefore the success of a particular program may not be susceptible to evaluation based on what it produces in a vacuum Any evaluation must instead seek to understand how a particular program fits within the government's overall counterterrorism efforts and to what degree it aids those efforts relative to other programs Despite these complications determining the efficacy and value of particular counterterrorism programs is critical Without such determinations policymakers and courts cannot effectively weigh the interests of the government in conducting a program against the intrusions on privacy and civil liberties that it may cause In addition government counterterrorism resources are not unlimited and if a program is not working those resources should be redirected to programs that are more effective in protecting us from terrorists Accordingly the Board believes that the government should develop a methodology to gauge and assign value to its counterterrorism programs and use that methodology to determine if particular programs are meeting their stated goals The Board is aware that the ODNI conducts studies to measure the relative efficacy of different types of intelligence activities to assist in budgetary decisions The Board believes that this important work should be continued as well as expanded so as to differentiate more precisely among individual programs in order to assist policymakers in making informed data-driven decisions about governmental activities that have the potential to invade the privacy and civil liberties of the public 148 Part 7 CONCLUSION One of the Board's goals in developing this Report has been to provide greater transparency and clarity to the public regarding the operation of the Section 702 program This is a complex program and in the wake of the unauthorized disclosures about the program there has been a great deal of misinformation circulated to the public The Board is grateful to the Intelligence Community and the Department of Justice for its employees' tireless efforts to educate Board Members and staff about the program's operation and to work with us to declassify information in the public interest The Board also appreciates the work of the many government officials and employees congressional staff privacy and civil liberties advocates academics trade associations and technology and communications companies who provided input into the Board's study of the program In addition to this effort to explain the Section 702 program the Board has set forth a series of policy recommendations designed to ensure that the program appropriately balances national security concerns with privacy and civil liberties We note that this is only the start of the dialogue We do not believe that any of the recommendations we offer would require legislative changes and the Board welcomes the opportunity for further discussion of these pressing issues and how to best implement the Board's recommendations We hope that this Report contributes to a way forward that secures the life of our nation while preserving the liberties that make our nation worth fighting for 549 Remarks by the President on Review of Signals Intelligence Jan 17 2014 available at http www whitehouse gov the-press-office 2014 01 17 remarks-president-review-signals-intelligence 549 149 INDEX TO ANNEXES A Separate Statement by Chairman David Medine and Board Member Patricia Wald B Separate Statement by Board Members Rachel Brand and Elisebeth Collins Cook C July 9 2013 Workshop Agenda and Link to Workshop Transcript D November 4 2013 Hearing Agenda and Link to Hearing Transcript E March 19 2014 Hearing Agenda and Link to Hearing Transcript F Request for Public Comments on Board Study G Reopening the Public Comment Period H Index to Public Comments on www regulations gov 150 ANNEX A Separate Statement of Chairman David Medine and Board Member Patricia Wald I Recommendation Regarding U S Person Queries for Foreign Intelligence Purposes We do not believe that the Board's Recommendation 3 goes nearly far enough to protect U S persons' privacy rights when their communications are incidentally collected as a consequence of targeting a non-U S person located abroad under Section 702 The Section 702 program has collected hundreds of millions of Internet communications Even if only a small percentage of those communications are to or from an American the total number of Americans' communications is likely significant Furthermore these communications which may be maintained for many years in government databases in searchable form may contain sensitive and confidential matters having nothing to do with the foreign intelligence purposes of the Section 702 program Although such queries must be conducted for a foreign intelligence purpose currently the government can query several years of such communications without court approval which could potentially produce a composite picture of a significant slice of an American's private life This practice raises two related concerns with constitutional statutory and policy implications First are sufficient protections in place to purge Americans' communications that have no foreign intelligence value Second are there sufficient restrictions on when the government can query data collected under Section 702 to seek Americans' communications We offer the following proposals to address each of these concerns Recommendation Minimization procedures that govern the use of Americans' communications collected under Section 702 should require the following 1 No later than when the results of a U S person query of Section 702 data are generated Americans' communications should be purged of information that does not meet the statutory definition of foreign intelligence information relating to Americans 550 This process should be subject to judicial oversight 2 Each U S person identifier should be submitted to the FISA court for approval before the identifier may be used to query data collected under Section 702 for a foreign U S person communications may also be responsive to queries using non-U S person identifiers The same purge procedure should apply in such cases 550 151 intelligence purpose 551 other than in exigent circumstances or where otherwise required by law 552 The court should determine based on documentation submitted by the government whether the use of the U S person identifier for Section 702 queries meets the standard that the identifier is reasonably likely to return foreign intelligence information as defined under FISA 553 Discussion As explained in Part 3 above under Section 702 the government may lawfully collect the communications of an American where that individual is communicating with a targeted non-U S person who is reasonably believed to be located outside the United States 554 The government refers to the collection of such Americans' information as incidental collection because the American will not be and cannot be the target of Section 702 surveillance Although we understand that the government does not currently count the number of incidentally collected American communications it is likely that the scope and extent of the Americans' information collected under Section 702 is substantial as of 2011 the NSA was acquiring approximately 250 million Internet communications annually and even if only a small percentage of these total involved Americans the number would be large in absolute terms 555 We recognize that a query of collected Section 702 data seeking information about a specific American556 may not provide as complete a picture of the individual's activities as it would for an actual target of surveillance Nonetheless such queries are capable of 551 Queries for criminal purposes are governed by the proposal in Part II of this statement See e g Brady v Maryland 373 U S 83 1963 Fed R Crim P 16 a 1 B and 18 U S C 3500 Jenks Act 552 Subsequent queries using a FISA court-approved U S person identifier would not require court approval 553 Through about collection the NSA may also collect the communication of an American who is not in direct contact with a Section 702 target if a targeted selector appears within the communication In addition the NSA may collect the communications of an American who is not in direct contact with a Section 702 target through acquiring an MCT However such communications are acquired only through upstream collection and thus they may not be queried using U S person identifiers under current minimization procedures 554 The NSA minimization procedures state that permanent retention of communications of Americans is permitted if they are of foreign intelligence value or certain other standards are met including communications in which the identity of the American is necessary to understand foreign intelligence information or assess its importance Minimization Procedures used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence Information Pursuant to Section 702 of the Foreign Intelligence Surveillance Act of 1978 as Amended 6 b 2 Oct 31 2011 NSA 2011 Minimization Procedures 555 We are not proposing that the parties to every communication be investigated to determine if one or more of the parties are Americans Such reviews themselves could raise privacy and civil liberties concerns However where there is a reasonable basis to conclude that a party is an American the recommended procedures should apply 556 152 revealing a significant slice of the American's life This is particularly the case for Americans who correspond frequently with foreigners including relatives business associates and others Because the scope of the legitimate foreign intelligence purposes that may justify surveillance under Section 702 is broad going beyond counterterrorism an American could be in contact with several targets of Section 702 surveillance and yet be innocent of any complicity in terrorist or other activity of foreign intelligence interest Since Section 702 does not require any particularized judicial finding to support the initial collection of information from either the foreign target or the American who communicated with the target further safeguards should be required to limit the permissible scope of U S person queries Under present rules querying of the communications to which the American was a party can be justified either on the grounds that they are likely to have foreign intelligence value or contain evidence of a crime 557 Moreover there is currently no external check outside of the executive branch on the process of making such queries or purging of non-foreign intelligence material from query results We agree that legitimate foreign intelligence matters which appear in these Americans' incidentally collected communications can be retained However we feel strongly that the present internal agency procedures for reviewing communications and purging those portions that are of no foreign intelligence value prior to use of the information558 are wholly inadequate to protect Americans' acknowledged constitutional rights to protection for private information or to give effect to the statutory definition of foreign intelligence information which as discussed below provides a more stringent test for information relating to Americans Minimization guidelines approved by the FISA court were intended to afford these protections but in their present form they do not As a practical matter most collected communications are not reviewed for the purging of non- foreign intelligence matters upon collection or at any set time thereafter prior to use The NSA guidelines require only that upon review the analyst should purge material that is clearly non-foreign intelligence information The practice when applying the clearly criteria for purging Americans' communications is to err on the side of insuring that any piece of private information is retained that might in the future conceivably take on value or that some other analyst in the intelligence community might find to be of value We do not think this is the intent of the statute Some argue that the process of reviewing and purging of private information that has no intelligence value is more intrusive than permitting the information to remain in agency databases for years subject to viewing by intelligence personnel in multiple 557 See Section II of this Separate Statement regarding FBI queries relating to evidence of a crime 558 NSA 2011 Minimization Procedures supra 3 153 agencies In our view there is no legitimate basis to maintain potentially personal sensitive information that has no bearing on either foreign intelligence or criminal conduct Nor do the restrictions on use of FISA data in criminal investigations requiring only Attorney General approval provide adequate protections to the vast majority of Americans whose communications have been incidentally collected who will never be subjected to such proceedings but whose information can be probed and queried and used to pursue investigations against them Our conclusion that more controls are required for this query process is informed by constitutional statutory and policy concerns As discussed above under the Fourth Amendment the reasonableness of this program must be assessed based on the totality of the circumstances 559 The government recognizes that the initial collection of Americans' communications under Section 702 constitutes a search under the Fourth Amendment The reasonableness of this surveillance depends upon whether there are sufficient safeguards including targeting and minimization procedures to adequately protect the Fourth Amendment interests of persons whose communications may be collected used and disseminated Since there are no prior determinations that any Americans whose communications have been collected are involved in terrorism or other activities of foreign intelligence interest because Americans cannot be targeted there should be compensatory safeguards governing the access use dissemination and retention of the contents of their communications when those communications are acquired in the course of targeting others In this regard we do not believe that the Fourth Amendment analysis justifying in other contexts the use of queries directed at individuals who are not themselves surveillance targets applies with equal force to querying U S person communications acquired in the Section 702 program As discussed above the incidental collection of information through a Title III wiretap meets Fourth Amendment standards based on the prior judicial review showing of probable cause and particularity in the wiretap order which justifies the surveillance both with respect to known suspects and with respect to incidental interceptees 560 Under Section 702 by contrast there is no probable cause or other individualized finding by a judge -- either with regard to the non-U S person who is the target of the surveillance or the American who communicates with the target Nor is there any judicial review after the fact of targeting decisions or queries It is troubling to allow the government without some form of judicial approval to compile and review private communications by U S persons who have not consented to the government's collection To address these constitutional concerns more robust safeguards should be 559 Samson v California 547 U S 843 848 2006 560 United States v Donovan 429 U S 413 427 n 15 1977 154 required at the query stage whenever the government seeks to conduct queries seeking information about U S person's communications in order to support the reasonableness of the program Existing query standards which require no outside review are insufficient to compensate for the lack of judicial review at the front end so as to provide assurance about the legitimacy and scope of the collection On the other hand judicial review would not be necessary for queries seeking communications of U S persons who are already approved as targets for collection under Title I or Sections 703 704 of FISA and identifiers that have been approved by the FISA court under the reasonable articulable suspicion standard for telephony metadata under Section 215 561 As a result this would not restrict queries regarding U S persons who are already suspected terrorists and are under surveillance The statutory framework of FISA further supports the need for enhanced safeguards for U S person information The definition of foreign intelligence information under FISA which is incorporated by reference into Section 702 sets forth several categories of information including information regarding international terrorism or international proliferation of weapons of mass destruction To meet the statutory definition the information generally must relate to one of the listed categories but if the information concerns a U S person the definition specifically requires that the information must be necessary to the ability of the United States to protect against these threats 562 At the query stage this definition is relevant because the NSA minimization procedures require that queries using U S person identifiers must be reasonably likely to return foreign intelligence information We believe that foreign intelligence information in the query context must track the statutory definition which for U S persons involves the higher necessary standard When FISA was originally enacted Congress made clear in passing the statute that enhanced safeguards were needed for U S person information As the report of the House Permanent Select Committee on Intelligence explained T he committee has adopted a definition of foreign intelligence information which includes any information relating to these broad security or foreign relations concerns so long as the information does not concern U S persons Where U S persons are involved the definition is much stricter it requires that the information be necessary to these security or foreign relations concerns It would also not be necessary if the query produces no results or the analyst purges all results from the given query as not containing foreign intelligence 561 562 50 U S C 1801 e emphasis added 155 Where the term necessary is used the committee intends to require more than a showing that the information would be useful or convenient The committee intends to require a showing that the information is both important and required The use of this standard is intended to mandate that a significant need be demonstrated by those seeking the surveillance For example it is often contended that a counterintelligence officer or intelligence analyst if not the policymaker himself must have every possible bit of information about a subject because it might provide an important piece of the larger picture In that sense any information relating to the specified purposes might be called necessary but such a reading is clearly not intended 563 To give effect to this definition of foreign intelligence information under FISA and the cautionary words from both the House and Senate reports we believe that the approval process for U S person queries under Section 702 must be tightened The more stringent necessity test for foreign intelligence information relating to U S persons requires that queries seeking to identify incidentally collected communications of an American must be reasonably designed to produce information necessary to the ability of the United States to protect against the listed threats or to assure the defense or security of the United States or the conduct of its foreign affairs It is imperative that a process be instituted to assure compliance with this definition Finally as a policy matter we seek to find the appropriate balance that will enable the government to pursue its legitimate foreign intelligence purposes while still safeguarding legitimate privacy interests The government urges that once information has been lawfully collected it may be used for any lawful purposes and that existing minimization rules under Section 702 provide sufficient safeguards against improper use In contrast on June 19 2014 the U S House of Representatives by a 293-to-123 bipartisan vote approved a ban on U S person queries under Section 702 564 The President's Review Group on Intelligence and Communications Technologies many advocacy organizations certain members of Congress and others have urged that in order to conduct a U S person query of Section 702 data the government should be required to obtain a FISA warrant under Title I of the statute and demonstrate probable cause that the U S person is a foreign power or an agent or employee of a foreign power Last week a federal district court judge noted that whether the Fourth Amendment requires a warrant for queries to be conducted H R Rep No 95-1283 at 47 1978 see also S Rep No 95-701 at 31 1978 containing similar language 563 The ban applies to agencies that would be funded under the proposed Defense Appropriations Act 2015 H R 4870 which would not include the FBI See H Amdt 935 113th Cong 2014 160 CONG REC H5 544 daily ed June 19 2014 available at http www gpo gov fdsys pkg CREC-2014-06-19 pdf CREC2014-06-19 pdf 564 156 of Section 702 data was a very close question 565 He ultimately ruled the Fourth Amendment did not require a warrant even though such a requirement might better protect Americans' privacy rights We believe that the middle course we propose -- not banning queries or requiring a warrant but instead requiring judicial approval of queries employing a more relaxed standard -- more appropriately balances the government's legitimate foreign intelligence purposes with the privacy rights of Americans With regard to query results it is important on both legal and policy grounds for the government to implement procedures under which Section 702 communications are reviewed to assess whether they meet the statutory definition of foreign intelligence information applicable to U S persons no later than when the results of a U S person query are generated to insure that only those meeting the necessary standard are used retained or disseminated and those not meeting the definition are purged 566 At base we believe some external oversight of the review process is essential to counteract an understandable but strong reluctance of analysts to give up any information that might conceivably have some future remote value despite the more restrictive statutory definitions of foreign intelligence for Americans' information 567 While we conclude that a particularized judicial finding should be required before a U S person query has been made to ensure that it has a proper basis we believe the FISA Title I standard for targeting is too demanding in the query context Rather the 565 United States v Mohamud No 10-475 2014 WL 2866749 at 26 D Or June 24 2014 We recognize that some communications of Americans may never be returned as the result of a query or otherwise reviewed before they are aged-off of agency systems at the end of the data retention period 566 One alternative in that regard would be for the FISA court to use a special master with a security clearance to regularly review representative samples of query results The master would assess whether information that does not meet the statutory definition of foreign intelligence information had been properly purged and report to the court on the master's findings See In re U S Dep't of Defense 848 F 2d 232 239 D C Cir 1988 W here a massive number of classified documents exists such that the judge and his law clerk simply cannot examine them all appointment of a master to structure the judge's review of these documents is appropriate so long as the judge retains decisional authority over the issue in question If the FISA court concluded over time that the review and purging process was working properly this review process could be relaxed or suspended If on the other hand the FISA court based on the master's report concluded that Americans' communications were not being properly minimized the court would have discretion to expand its oversight of this process to insure that the privacy interests of Americans with regard to non-foreign intelligence communications were being protected There is some similarity between this proposal and the operation of federal wiretaps Under federal law i mmediately upon the expiration of the wiretap order recordings shall be made available to the judge issuing such order and sealed under his directions 18 U S C 2518 8 a This allows the court to assure itself that the government is getting the evidence that the warrant authorized If the judge concludes that the government was collecting information outside of the scope of the warrant the FISA court would be able to modify or terminate the wiretap authority or impose any other appropriate restrictions 567 The ultimate goal of this would be to align agency practice with statutory and constitutional requirements 157 government should be permitted to conduct U S person queries so long as the FISA court finds that the U S person identifier was reasonably likely to return foreign intelligence information as defined under FISA If the Board's Recommendation 1 regarding targeting is adopted the Section 702 program will provide sufficient front-end safeguards that we do not believe a probable cause standard is needed at the query stage And provided that the statutory definition of foreign intelligence information is strictly followed including the requirement that the Americans' information sought be necessary to the government's ability to protect against international terrorism or other designated threats we conclude that it is appropriate for the government to seek such information through U S person queries without demonstrating that the American in question is an agent of a foreign power At the end the current system allows a U S person about whom there is no suspicion of being a terrorist or engaging in other illegal activity but who unknowingly corresponds with the target of a Section 702 proceeding -- perhaps a relative or professional colleague or old friend -- to have his or her correspondence with the target over a period of several years collected reviewed at will by intelligence analysts and retained in a FISA data bank If the unknowing correspondent's emails or other Internet material do display information of foreign intelligence value it can be used as such and we have no objection to that But without any such determination the correspondence in toto however private or confidential can be stored for years and it can be queried using the unknowing correspondent's name as a selector not only by a few but by many NSA foreign intelligence analysts The unknowing correspondent's information may also be used under restrictions but nonetheless used and disseminated outside the agency in reports or provided to a foreign government -- all this with no prior review beyond that conducted within the intelligence community The possibility of such an occurrence even if rare does not seem to us to come near the Fourth Amendment reasonableness standard for a significant component of Section 702 or to comply with the letter and spirit of FISA We feel strongly that a neutral and detached judicial officer should approve the use of U S person identifiers That requirement traditionally has been considered a critical component of Fourth Amendment protections against overbroad searches 568 As the Supreme Court stated last week noting the importance of judicial approval for government access to information the Founders did not fight a revolution to gain the right to government agency protocols 569 See e g United States v U S Dist Court for E Dist of Mich S Div 407 U S 297 309 1972 Keith reasonableness under the Fourth Amendment derives content and meaning through reference to the warrant clause 568 569 Riley v California No 13-132 2014 WL 2864483 at 16 U S June 25 2014 158 II Recommendation Regarding FBI Queries for Criminal Purposes The Board's unanimous Recommendation 2 states that additional limits should be placed on the FBI's use and dissemination of Section 702 data in connection with non- foreign intelligence criminal matters In our view these limits should include the requirement that the FBI obtain prior FISA court approval before using identifiers to query Section 702 data to ensure that the identifier is reasonably likely to return information relevant to a criminal assessment or investigation of a crime In response Board Members Brand and Cook in their separate statement refer to the practice of FBI's using the results of Section 702 data queries in the investigation and prosecution of crimes as largely theoretical Yet the FBI has not only the capability to conduct such queries but has authorized them and in fact criminal agents do conduct such queries routinely the fact is that we do not know the precise number of times there is a subsequent use of any results from those queries 570 Privacy and civil liberties concerns regarding incidentally collected Section 702 information do not just arise when that information is used outside the FBI such as to obtain a search warrant The information can also be used inside the FBI to make determinations about Americans that adversely affect them such as deciding to move from an assessment to a formal criminal investigation A troubling precedent could be created by permitting a general search of Section 702 material including incidental collections of innocent Americans' private information which was collected with no articulable suspicion and particularized judicial approval and target-specific oversight It could have implications when it comes to general access throughout the government to big data repositories collected for a specific purpose and under specific restrictions by a particular agency In the case of domestic criminal law enforcement which currently operates under a painstaking structure with deep roots in the Fourth Amendment and a myriad of particularized statutes and case law a general permission to search such protected data without any need to demonstrate even an articulable suspicion about the named selector is especially worrisome Finally FISA court judges who are drawn from the ranks of federal district judges and who preside over grand jury proceedings and criminal trials have extensive experience in evaluating what is or is not relevant evidence in a criminal Board Members Brand and Cook are concerned that any justification for a query at an early stage in a criminal investigation will often be unworkable The alternative however is to permit queries of innocent subjects' Section 702 communications without even an articulable suspicion of wrongdoing or terrorist affiliations We note also that there is nothing to support the assertion that these queries are less intrusive of privacy than the other techniques listed in the Attorney General's Domestic Rules as permissible in early stage investigations i e public information online resources volunteered information consent searches and requested information Federal Bureau of Investigation Domestic Investigations and Operations Guide 5 9 1 Oct 15 2011 available at http vault fbi gov FBI%20Domestic%20Investigations%20and%20Operations%20Guide%20%28DIOG%2 9 fbi-domestic-investigations-and-operations-guide-diog-2011-version 570 159 investigation and our proposal that they be required to do so would not rule out queries essential to an investigation We do not anticipate that requiring judicial approval for queries in ordinary crime situations will erect any serious impediment to law enforcement On the other hand Board Members Cook and Brand's suggestion that FBI agents be allowed to use Section 702 data without judicial approval not only in the investigative stage but with approval by Department of Justice officials as the basis for a warrant or grand jury subpoena raises the substantial statutory and constitutional questions discussed above Our proposal will not ban any queries regarding U S persons or others in investigations of either foreign intelligence or domestic crimes but rather would interpose a time honored protection of approval by a detached judicial officer of government access to Americans' communications This is the minimal protection that should be afforded to U S persons who have done nothing to merit forfeiture of all Fourth Amendment protection to their private papers 160 ANNEX B Separate Statement by Board Members Rachel Brand and Elisebeth Collins Cook I The Program is Legal and Effective We hope that the length of the Board's report and its comprehensive discussion of the legal considerations surrounding the program will not obscure the Board's unanimous bottom-line conclusion The core Section 702 program is clearly authorized by Congress reasonable under the Fourth Amendment and an extremely valuable and effective intelligence tool To the extent that the Board had concerns about the program after our thorough review they focused primarily on two particular aspects to the program's current operation the practice of searching the database using a U S person identifier and so-called about collection both of which are discussed at length in the Board's report The Board makes a few targeted recommendations to address concerns raised by these two aspects of the program We stress that these are policy-based recommendations designed to tighten the program's operation and ameliorate the extent to which these aspects of the program could affect the privacy and civil liberties of U S persons We do not view them to be essential to the program's statutory or constitutional validity II Queries of Section 702 Information The extent to which additional restrictions should apply to agencies' ability to query information collected pursuant to Section 702 using U S person identifiers has divided the Board In the case of the FBI this issue is intertwined with questions about querying Section 702 information for non-foreign intelligence purposes the potential use of Section 702 information in criminal proceedings and longstanding efforts to ensure information sharing within the agency Specifically the Board grappled with what to do about the fact that it is theoretically possible for a database query by an FBI analyst in a non-foreign intelligence criminal matter to return Section 702 information and for this information to be further used in the investigation and prosecution of that crime 571 In addressing this issue we believe it important to adopt a policy that matches the scope of the problem can work as a practical matter and will not unnecessarily impair the government's ability to conduct counterterrorism and other national security-related investigations The FBI receives only a small portion of Section 702 information and receives no information collected upstream See Letter from Deirdre M Walsh Director of Legislative Affairs to Hon Ron Wyden United States Senate June 27 2014 responding to question regarding number of queries using U S person identifiers of communications collected under Section 702 571 161 The concern As discussed at length in the Board's Report Section 702 collection differs from traditional electronic surveillance in a few key ways including a lower standard for collection and the absence of a particularized judicial finding for targeting decisions Moreover Section 702 has an explicit foreign intelligence purpose requirement for authorized collection consistent with the longstanding distinction between foreign intelligence and criminal purposes reflected elsewhere in FISA Given these factors our key concerns were the querying of Section 702 collection for non-foreign intelligence purposes and the potential subsequent use of that information to further a non-foreign intelligence criminal investigation or prosecution 572 Scope According to initial information provided by the FBI it seems clear that FBI agents and analysts routinely conduct queries across all FBI databases in non-foreign intelligence investigations and assessments This is unsurprising given that the FBI has traditionally considered the querying of information already within its possession to be among the least intrusive investigative techniques available and the agency's overall efforts since 9 11 to foster information sharing and eliminate stovepipes But the story is far different for the potential use of Section 702 information in the investigation or prosecution of non-foreign intelligence crimes We are unaware of any instance in which a database query in an investigation of a non-foreign intelligence crime resulted in a hit on 702 information much less a situation in which such information was used to further such an investigation or prosecution Our proposal As stated in the Board's Report we would not place limitations on the FBI's ability to include its FISA database among the databases queried in non-foreign intelligence criminal matters We believe that querying information already in the FBI's possession is a relatively non-intrusive investigative tool and the discovery of potential links between ongoing criminal and foreign intelligence investigations is potentially critical to national security 573 Instead we would require an analyst who has not had FISA training to seek supervisory approval before viewing responsive Section 702 information to ensure that the information continues to be treated consistent with applicable statutory and courtimposed restrictions We believe that placing some additional limitations on the use of Section 702 information in non-foreign intelligence criminal matters may also be warranted because of the increased civil liberties concerns raised by the use of FISA information outside the foreign intelligence context Conceptually the appropriate point at which to potentially limit the use of that information is where it could infringe on a person's liberty by for 572 See In re Sealed Case 310 F 3d 717 FISA Ct Rev November 18 2002 See pages 108-10 of this Report See generally The Webster Commission Final Report of the William H Webster Commission on the Federal Bureau of Investigation Counterterrorism Intelligence and the Events at Fort Hood Texas on November 5 2009 2012 573 162 example being used as the basis for obtaining a search warrant wiretap or other intrusive investigative tool as the basis for a criminal indictment in a grand jury proceeding or as evidence in a criminal prosecution Where current policy does not already require the approval of at least the Assistant Attorney General 574 we would require such approval before Section 702 information could be used in these contexts We note that it is already very unlikely that Section 702 information would be used in this way because of the existing significant hurdles to the use of any FISA-derived information in a criminal proceeding 575 FISA requires the personal approval of the Attorney General Deputy Attorney General or Assistant Attorney General for National Security before FISA-derived information can be used as evidence at trial or in some of the more preliminary stages of the criminal process such as before the grand jury 576 FISA also requires that criminal defendants be notified if FISA-derived information will be used against them in a criminal proceeding And since any decision to use Section 702 information risks revealing the intelligence community's sources and methods there is always a strong disincentive to permit it The hurdles imposed by these existing requirements result in Section 702 information being used rarely in the prosecution of even national security-related crimes and perhaps never in the prosecution of other crimes As such our proposal would not create an entirely new and unknown set of rules but would build an added level of protection for civil liberties into the existing structure Concerns with requiring court approval prior to querying Chairman Medine and Member Wald would require the FBI to obtain FISC approval prior to querying FISAobtained information regardless of whether the query relates to a U S person and even in the investigation of foreign intelligence crimes such as terrorism or espionage For an FBI query for foreign intelligence purposes not including investigation of foreign intelligence crimes the FISC would have to first determine that the query was likely to return foreign intelligence information For an FBI query in the investigation of any crime--including foreign intelligence crimes--the FISC would have to first determine that the query was likely to return evidence relevant to the investigation 577 We have significant concerns See Memorandum from Michael B Mukasey Attorney General to all Federal Prosecutors Revised Policy on the Use or Disclosure of FISA Information at 2-7 January 10 2008 574 575 50 U S C 1806 b Id at 1806 c We note that the Department of Justice has recently clarified its view of when information used in a criminal proceeding may be derived from prior Title VII FISA collection See e g United States v Mohamud No 3 10-CR-475 slip op at 3 D Or June 24 2014 quoting government filing In addition the Department's FISA Use Policy imposes additional restrictions to the use of Section 702 information in the context of more routine criminal investigative activities 576 Foreign intelligence investigations routinely encompass foreign intelligence crimes How the FBI or the FISA Court would determine which of these standards applied is unclear 577 163 about the implications of this approach which would likely have significant detrimental consequences far greater than acknowledged or perhaps intended by our colleagues First and foremost although the apparent motivation of this proposal is to protect U S persons it could not be limited to U S persons in practice The FBI our domestic law enforcement agency naturally does not distinguish between U S persons and non-U S persons which means this proposed requirement would apply by default to all queries of the FISA database by all FBI personnel in any FBI investigation of any crime And requiring the FBI to determine whether the subject of a query is a U S person could result in more intrusive investigation of that person than would otherwise occur 578 Similarly although the motivation of the proposal is to address incidental collection of U S person information through the Section 702 program the FBI currently combines all FISA-obtained information in one database which means that as a practical matter the proposal would prohibit the FBI from searching any FISA-obtained information without first obtaining a court order Although Chairman Medine and Member Wald reference a requirement for judicial approval for queries in ordinary crime situations the text of their proposal covers even foreign intelligence crimes meaning that an FBI agent investigating an al Qaeda operative for terrorism would have to go to the FISA court to run a query of any FISA-obtained information Requiring the FBI to undertake the lengthy and burdensome FISC approval process before an FBI analyst could even query the information would create practical challenges so daunting that it likely never would be pursued Even if the FBI could obtain prior approval this would result in significant delay of the investigation and potentially enormous burdens on the FISC The practical effect of this proposal would be to prevent the FBI from using one of our most valuable foreign intelligence tools to investigate foreign intelligence crimes It is hard to imagine adopting a rule that is so at odds with the recommendations of the 9 11 Commission the Webster Commission and others in the years following 9 11 579 In addition to requiring judicial approval the proposal would impose a standard for the court's approval in investigations of crime that would be unworkable in many circumstances Database queries are often used at the earliest stages of an investigation - such as during an assessment perhaps to follow up on a tip At this stage an analyst knows very little and conducts a query to see if there is anything at all that creates a reason to Although apparently grounded in Fourth Amendment principles the proposal makes no distinctions between contents of communications and metadata--as to which there is no currently recognized Fourth Amendment interest 578 See National Commission on Terrorist Attacks upon the United States The 9 11 Commission Report Final Report of the National Commission on Terrorist Attacks upon the United States at 78-80 416-418 2004 The Webster Commission Report at 94-95 and 136-39 579 164 further pursue the investigation It is hard to imagine the basis on which the FISC could assess what if anything will be returned in a database query at this stage which would require the FISC to deny the application Finally the proposal could actually exacerbate civil liberties concerns in at least two respects First a query of information already in the FBI's possession has been considered one of the least intrusive investigative means available and is therefore one of the first steps taken in any assessment or investigation But now in order to use this preliminary investigative tool our colleagues would require the FBI to assemble information sufficient to facilitate meaningful judicial review which will inevitably require the use of more intrusive means Second because queries at the early stages of an investigation are often used to eliminate individuals from suspicion discouraging queries could prevent the discovery of exculpatory information that otherwise might establish an individual's innocence NSA and CIA Our colleagues also would require prior court approval for NSA and CIA queries of Section 702 information when they involve U S person identifiers Based on our review of the current use and extensive oversight of U S Person queries at the NSA and CIA which we have accurately characterized at rigorous 580 the majority has declined to recommend such a requirement 581 580 Board Report at Recommendation 4 We are also concerned about the potential implications of Chairman Medine and Member Wald's proposal regarding minimization To the extent that their approach requires an analyst to review U S Person communications that the analyst would not otherwise review we think it far from clear that it is more protective of privacy than leaving those communications in the database unreviewed until the end of the retention period 581 165 ANNEX C AGENDA OF PUBLIC WORKSHOP HELD ON JULY 9 2013 Link to Workshop transcript http www pclob gov All%20Documents July%209 %202013%20Workshop%20T ranscript pdf 166 PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD Workshop Regarding Surveillance Programs Operated Pursuant to Section 215 of the USA PATRIOT Act and Section 702 of the Foreign Intelligence Surveillance Act July 9 2013 Renaissance Mayflower Hotel - Grand Ballroom 1127 Connecticut Ave NW Washington DC AGENDA 09 00 Doors Open 09 30 - 09 45 Introductory Remarks David Medine PCLOB Chairman 09 45 - 11 30 Panel I Legal Constitutional Perspective Facilitators Rachel Brand and Patricia Wald Board Members Panel Members Steven Bradbury Formerly DOJ Office of Legal Counsel Jameel Jaffer ACLU Kate Martin Center for National Security Studies Hon James Robertson Ret formerly District Court and Foreign Intelligence Surveillance Court Kenneth Wainstein formerly DOJ National Security Division White House Homeland Security Advisor 12 30 - 2 00 Panel II Role of Technology Facilitators James Dempsey and David Medine Board Members Panel Members Steven Bellovin Columbia University Computer Science Department Marc Rotenberg Electronic Privacy Information Center 167 Ashkan Soltani Independent Researcher and Consultant Daniel Weitzner MIT Computer Science and Artificial Intelligence Lab 2 00 - 2 15 Break 2 15 - 4 00 Panel III Policy Perspective Facilitators Elisebeth Collins Cook and David Medine Board Members Panel Members James Baker formerly DOJ Office of Intelligence and Policy Review Michael Davidson formerly Senate Legal Counsel Sharon Bradford Franklin The Constitution Project Elizabeth Goitein Brennan Center for Justice Greg Nojeim Center for Democracy and Technology Nathan Sales George Mason School of Law 4 00 - 4 10 Break 4 10 - 4 30 Open for Public Comment 4 30 Closing Comments David Medine PCLOB Chairman Affiliations are listed for identification purposes only 168 ANNEX D AGENDA OF PUBLIC HEARING HELD ON NOVEMBER 4 2013 Link to Hearing transcript http www pclob gov SiteAssets PCLOB%20Hearing%20%20Full%20Day%20transcript%20Nov%204%202013 pdf 169 PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD PUBLIC HEARING Consideration of Recommendations for Change The Surveillance Programs Operated Pursuant to Section 215 of the USA PATRIOT Act and Section 702 of the Foreign Intelligence Surveillance Act November 4 2013 Renaissance Mayflower Hotel - Grand Ballroom 1127 Connecticut Ave NW Washington DC AGENDA 08 45 Doors Open 09 15 - 09 30 Introductory Remarks David Medine PCLOB Chairman with Board Members Rachel Brand Elisebeth Collins Cook James Dempsey and Patricia Wald 09 30 - 11 45 Panel I Section 215 USA PATRIOT Act and Section 702 Foreign Intelligence Surveillance Act Rajesh De General Counsel National Security Agency Patrick Kelley Acting General Counsel Federal Bureau of Investigation Robert Litt General Counsel Office of the Director of National Intelligence Brad Wiegmann Deputy Assistant Attorney General National Security Division Department of Justice 11 45 - 1 15 Lunch Break on your own 1 15 - 2 30 Panel II Foreign Intelligence Surveillance Court 170 James A Baker formerly DOJ Office of Intelligence and Policy Review Judge James Carr Senior Federal Judge U S District Court Northern District of Ohio and former FISA Court Judge 20022008 Marc Zwillinger Founder ZwillGen PLLC and former Department of Justice Attorney Computer Crime Intellectual Property Section 2 30 - 2 45 Break 2 45 - 4 15 Panel III Academics and Outside Experts 4 15 Jane Harman Director President and CEO The Woodrow Wilson Center and former Member of Congress Orin Kerr Fred C Stevenson Research Professor George Washington University Law School Stephanie K Pell Principal SKP Strategies LLC former House Judiciary Committee Counsel and Federal Prosecutor Eugene Spafford Professor of Computer Science and Executive Director Center for Education and Research in Information Assurance and Security Perdue University Stephen Vladeck Professor of Law and the Associate Dean for Scholarship at American University Washington College of Law Closing Comments David Medine PLCOB Chairman All Affiliations are listed for identification purposes only 171 ANNEX E AGENDA OF PUBLIC HEARING HELD ON March 19 2014 Link to Hearing transcript http www pclob gov Library Meetings-Events 2014-March-19-PublicHearing 19-March-2014_Public_Hearing_Transcript pdf 172 PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD PUBLIC HEARING Hearing Regarding the Surveillance Program Operated Pursuant Section 702 of the Foreign Intelligence Surveillance Act March 19 2014 Renaissance Mayflower Hotel - Grand Ballroom 1127 Connecticut Ave NW Washington DC AGENDA 08 45 Doors Open 09 00 - 09 10 Introductory Remarks David Medine PCLOB Chairman Panel I Government Perspective on Section 702 Foreign Intelligence Surveillance Act Panelists 09 15 - 10 45 James A Baker General Counsel Federal Bureau of Investigation Rajesh De General Counsel National Security Agency Robert Litt General Counsel Office of the Director of National Intelligence Brad Wiegmann Deputy Assistant Attorney General National Security Division Department of Justice 10 45 - 11 00 Break Panel II Legal Issues with 702 Foreign Intelligence Surveillance Act 11 00 - 12 30 Panelists Laura Donohue Professor of Law Georgetown University Law School 173 12 30 - 1 45 Jameel Jaffer Deputy Legal Director American Civil Liberties Union Julian Ku Professor of Law Hofstra University Rachel Levinson-Waldman Counsel Liberty and National Security Program Brennan Center for Justice Lunch Break on your own Panel III Transnational and Policy Issues Panelists 1 45 - 3 45 3 45 John Bellinger Partner Arnold Porter Dean C Garfield President and CEO Information Technology Industry Council Laura Pitter Senior National Security Researcher Human Rights Watch Eric Posner Professor of Law University of Chicago Law School Ulrich Sieber Director Max Planck Institute for Foreign and International Criminal Law Freiburg Germany Christopher Wolf Partner Hogan Lovells Closing Comments David Medine PCLOB Chairman All Affiliations are listed for identification purposes only 174 ANNEX F Request for Public Comments on Board Study The Federal Register The Daily Journal of the United States Government 56952 Federal Register Vol 78 No 179 Monday September 16 2013 Notices PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD Notice-PCLOB-2013-06 Docket No 2013- 0005 Sequence No 6 Notice of Hearing A Notice by the Privacy and Civil Liberties Oversight Board on 10 25 2013 Action Notice Of A Hearing Summary The Privacy and Civil Liberties Oversight Board PCLOB will conduct a public hearing with current and former government officials and others to address the activities and responsibilities of the executive and judicial branches of the federal government regarding the government's counterterrorism surveillance programs This hearing will continue the PCLOB's study of the federal government's surveillance programs operated pursuant to Section 215 of the USA PATRIOT Act and Section 702 of Foreign Intelligence Surveillance Act Recommendations for changes to these programs and the operations of the Foreign Intelligence Surveillance Court will be considered at the hearing to ensure that counterterrorism efforts properly balance the need to protect privacy and civil liberties Visit www pclob gov for the full agenda closer to the hearing date This hearing was rescheduled from October 4 2013 due to the unavailability of witnesses as a result of the federal lapse in appropriations DATES Monday November 4 2013 9 00 a m -4 30 p m Eastern Standard Time Comments You may submit comments with the docket number PCLOB-2013-0005 Sequence 7 by the following method 175 Federal eRulemaking Portal Go to http www regulations gov Follow the on-line instructions for submitting comments Written comments may be submitted at any time prior to the closing of the docket at 11 59 p m Eastern Time on November 14 2013 This comment period has been extended from October 25 2013 as a result of the new hearing date All comments will be made publicly available and posted without change Do not include personal or confidential information ADDRESSES Mayflower Renaissance Hotel Washington 1127 Connecticut Ave NW Washington DC 20036 Facility's location is near Farragut North Metro station FOR FURTHER INFORMATION CONTACT Susan Reingold Chief Administrative Officer 202-331-1986 For email inquiries please email info@pclob gov SUPPLEMENTARY INFORMATION Procedures for Public Participation The hearing will be open to the public Individuals who plan to attend and require special assistance such as sign language interpretation or other reasonable accommodations should contact Susan Reingold Chief Administrative Officer 202-331-1986 at least 72 hours prior to the meeting date Dated October 21 2013 Diane Janosek Chief Legal Officer Privacy and Civil Liberties Oversight Board https www federalregister gov articles 2013 10 25 2013-25103 notice-of-hearing 176 ANNEX G Reopening the Public Comment Period At the March 19 2014 public hearing the Privacy and Civil Liberties Oversight Board PCLOB Chairman announced the reopening of the public comment period to allow for additional submissions in light of the information discussed and submitted during the March 19 2014 public hearing All comments received were posted to the PCLOB Docket No 2013-005 and can be viewed at http www regulations gov # docketDetail D PCLOB2013-0005 177 ANNEX H Index to Public Comments received to PCLOB Docket No 2013-005 on www regulations gov 178 Comments Received on PCLOB Docket No 2013-005 Can also view all entries at http www regulations gov # docketDetail D PCLOB-20130005 Entity submitting comment - listed in order as they appear on docket Go to URL to see comment on Docket Additional details Global Network Initiative GNI http www regulations gov # documentDetail D PCLOB-2013-0005-0027 GNI is a multistakeholder group of companies civil society organizations including human rights and press freedom groups investors and academics Private individual http www regulations gov # documentDetail D PCLOB-2013-0005-0044 Nathan Sales http www regulations gov # documentDetail D PCLOB-2013-0005-0022 179 Panel member at PCLOB Workshop European Digital http www regulations gov # documentDetail D Rights EDRi and the PCLOB-2013-0005-0024 Fundamental Rights European Experts Group FREE EDRi is an association of 35 digital civil rights organizations from 21 European countries FREE is an association whose focus is on monitoring teaching and advocating in the EU Michael Davidson http www regulations gov # documentDetail D PCLOB-2013-0005-0020 Project On Government Oversight POGO National Security Counselors and OpenTheGovernment org Center for National Security Studies http www regulations gov # documentDetail D PCLOB-2013-0005-0029 http www regulations gov # documentDetail D PCLOB-2013-0005-0033 180 Panel member at PCLOB Workshop Michael Davidsonsecond submission http www regulations gov # documentDetail D PCLOB-2013-0005-0028 Mr Juan Fernando L pez Aguilar Chair of the European Parliament's Civil Liberties Justice and Home Affairs Committee http www regulations gov # documentDetail D PCLOB-2013-0005-0059 Ashkan Soltani http www regulations gov # documentDetail D PCLOB-2013-0005-0023 Alliance for Justice http www regulations gov # documentDetail D PCLOB-2013-0005-0035 Alan Charles Raul http www regulations gov # documentDetail D PCLOB-2013-0005-0065 Has four attachments Three former intelligence professionals - all former employees of the National Security Agency http www regulations gov # documentDetail D PCLOB-2013-0005-0053 Statement submitted Private citizen anonymous http www regulations gov # documentDetail D PCLOB-2013-0005-0014 181 Providing the July 30th opinion of the U S Court of Appeals for the Fifth Circuit in In re Application of the United States of America for Historical Cell Site Data No 11-20884 Panel member at PCLOB Workshop Coalition of 53 groups- letter http www regulations gov # documentDetail D PCLOB-2013-0005-0038 This is an updated coalition letter to PCLOB The Constitution Project http www regulations gov # documentDetail D PCLOB-2013-0005-0009 Sharon Bradford Franklin was Panel member at PCLOB Workshop Computer and Communications Industry Association http www regulations gov # documentDetail D PCLOB-2013-0005-0025 Private citizen anonymous http www regulations gov # documentDetail D PCLOB-2013-0005-0017 Electronic Frontier Foundation http www regulations gov # documentDetail D PCLOB-2013-0005-0030 BSA The Software Alliance Computer Communications Industry Association CCIA Information Technology Industry Council ITI SIIA Software Information Industry Association TechNet http www regulations gov # documentDetail D PCLOB-2013-0005-0061 182 Ashkan Soltani http www regulations gov # documentDetail D PCLOB-2013-0005-0039 Private citizen anonymous http www regulations gov # documentDetail D PCLOB-2013-0005-0005 Daniel J Weitzner Massachusetts Institute of Technology http www regulations gov # documentDetail D PCLOB-2013-0005-0040 Private citizen anonymous http www regulations gov # documentDetail D PCLOB-2013-0005-0052 Access AccessNow org http www regulations gov # documentDetail D PCLOB-2013-0005-0048 Information and Privacy Commissioner of Ontario Canada Dr Ann Cavoukian http www regulations gov # documentDetail D PCLOB-2013-0005-0057 Privacy Times http www regulations gov # documentDetail D PCLOB-2013-0005-0011 Electronic Privacy Information Center http www regulations gov # documentDetail D PCLOB-2013-0005-0064 183 Revised submission was a panel member at PCLOB Workshop Panel member at PCLOB Workshop Marc Rotenberg was a panel member at PCLOB Workshop ACLU Statement http www regulations gov # documentDetail D PCLOB-2013-0005-0032 Private citizen anonymous http www regulations gov # documentDetail D PCLOB-2013-0005-0046 Mark Sokolow http www regulations gov # documentDetail D PCLOB-2013-0005-0018 GodlyGlobal org http www regulations gov # documentDetail D PCLOB-2013-0005-0019 Private citizen anonymous http www regulations gov # documentDetail D PCLOB-2013-0005-0041 ACCESS NOW http www regulations gov # documentDetail D PCLOB-2013-0005-0047 Coalition letter http www regulations gov # documentDetail D PCLOB-2013-0005-0010 Center for Democracy Technology Gregory T Nojeim http www regulations gov # documentDetail D PCLOB-2013-0005-0034 Reporters Committee for Freedom of the Press http www regulations gov # documentDetail D PCLOB-2013-0005-0063 184 Jameel Jaffer was a panel member at PCLOB Workshop and Hearing A faith-based initiative based in Switzerland with global scope Second posting Gregory Nojeim was a panel member at PCLOB Workshop Center for National Security Studies http www regulations gov # documentDetail D PCLOB-2013-0005-0060 Private citizen anonymous http www regulations gov # documentDetail D PCLOB-2013-0005-0037 Brennan Center for Justice's Liberty and National Security Program http www regulations gov # documentDetail D PCLOB-2013-0005-0049 Jeffrey H Collins http www regulations gov # documentDetail D PCLOB-2013-0005-0043 Jeffrey H Collins http www regulations gov # documentDetail D PCLOB-2013-0005-0045 Amended Steven G Bradbury http www regulations gov # documentDetail D PCLOB-2013-0005-0012 Panel member at PCLOB Workshop Human Rights Watch http www regulations gov # documentDetail D PCLOB-2013-0005-0036 Human rights organizations and advocates from around the world http www regulations gov # documentDetail D PCLOB-2013-0005-0042 185 Elizabeth Goitein was a panel member at PCLOB Workshop Dozens of countries represented Steven M Bellovin http www regulations gov # documentDetail D PCLOB-2013-0005-0021 Panel member at PCLOB Workshop Board of the U S Public Policy Council of the Association for Computing Machinery http www regulations gov # documentDetail D PCLOB-2013-0005-0026 Eugene H Spafford was a panel member at PCLOB Hearing Private citizen http www regulations gov # documentDetail D PCLOB-2013-0005-0066 Caspar Bowden Prepared for the European Parliament LIBE Committee http www regulations gov # documentDetail D PCLOB-2013-0005-0068 Stephanie Pell http www regulations gov # documentDetail D PCLOB-2013-0005-0069 Panel member at PCLOB hearing Congressman Bennie Thompson http www regulations gov # documentDetail D PCLOB-2013-0005-0071 Ranking Member Committee on Homeland Security Government Accountability Project http www regulations gov # documentDetail D PCLOB-2013-0005-0072 Jennifer S Granick http www regulations gov # documentDetail D PCLOB-2013-0005-0090 Private citizen anonymous http www regulations gov # documentDetail D PCLOB-2013-0005-0007 186 Information Technology Industry Council http www regulations gov # documentDetail D PCLOB-2013-0005-0074 Stephanie Pell http www regulations gov # documentDetail D PCLOB-2013-0005-0070 BSA The Software Alliance Computer Communications Industry Association CCIA Information Technology Industry Council ITI SIIA - Software Information Industry Association TechNet http www regulations gov # documentDetail D PCLOB-2013-0005-0067 Jameel Jaffer http www regulations gov # documentDetail D PCLOB-2013-0005-0082 Government Accountability Project http www regulations gov # documentDetail D PCLOB-2013-0005-0083 Martin Scheinin http www regulations gov # documentDetail D PCLOB-2013-0005-0085 Marshall Erwin http www regulations gov # documentDetail D PCLOB-2013-0005-0089 Electronic Frontier Foundation http www regulations gov # documentDetail D PCLOB-2013-0005-0100 187 Panel member at PCLOB hearing Panel member at PCLOB workshop and hearing Panel member at PCLOB hearing Christopher Wolf http www regulations gov # documentDetail D PCLOB-2013-0005-0087 Panel member at PCLOB hearing Thomas Drake http www regulations gov # documentDetail D PCLOB-2013-0005-0102 Panel member at PCLOB hearing Laura Pitter http www regulations gov # documentDetail D PCLOB-2013-0005-0079 Panel member at PCLOB hearing NSA Director of Civil Liberties and Privacy Office Report on NSA's Implementation of FISA Section 702 http www regulations gov # documentDetail D PCLOB-2013-0005-0101 Laura K Donohue http www regulations gov # documentDetail D PCLOB-2013-0005-0075 Panel member at PCLOB hearing Julian G Ku http www regulations gov # documentDetail D PCLOB-2013-0005-0086 Panel member at PCLOB hearing PEN American Center http www regulations gov # documentDetail D PCLOB-2013-0005-0094 Eric A Posner http www regulations gov # documentDetail D PCLOB-2013-0005-0081 Hogan Lovell http www regulations gov # documentDetail D PCLOB-2013-0005-0088 National Association of Criminal Defense Lawyers http www regulations gov # documentDetail D PCLOB-2013-0005-0091 188 Panel member at PCLOB hearing Ben Davis http www regulations gov # documentDetail D PCLOB-2013-0005-0084 Amnesty International USA and the American Civil Liberties Union http www regulations gov # documentDetail D PCLOB-2013-0005-0096 Brennan Center for Justice http www regulations gov # documentDetail D PCLOB-2013-0005-0093 Christopher Wolf http www regulations gov # documentDetail D PCLOB-2013-0005-0078 Kevin Cahill http www regulations gov # documentDetail D PCLOB-2013-0005-0105 The Constitution Project http www regulations gov # documentDetail D PCLOB-2013-0005-0099 Center for Democracy Technology http www regulations gov # documentDetail D PCLOB-2013-0005-0095 Dean C Garfield http www regulations gov # documentDetail D PCLOB-2013-0005-0077 Panel member at PCLOB hearing Laura Donohue http www regulations gov # documentDetail D PCLOB-2013-0005-0104 Panel member at PCLOB hearing Center for National Security Studies http www regulations gov # documentDetail D PCLOB-2013-0005-0098 John B Bellinger III http www regulations gov # documentDetail D PCLOB-2013-0005-0076 189 Panel member at PCLOB hearing Panel member at PCLOB hearing William Binney Thomas Drake Edward Loomis J Kirk Wiebe Ray McGovern Elizabeth Murray Coleen Rowley Daniel Ellsberg http www regulations gov # documentDetail D PCLOB-2013-0005-0103 Rachel LevinsonWaldman http www regulations gov # documentDetail D PCLOB-2013-0005-0080 Center for Democracy and Technology Center for National Security Studies National Association of Criminal Defense Lawyers OpenTheGovernment Org The Constitution Project http www regulations gov # documentDetail D PCLOB-2013-0005-0106 190 Panel member at PCLOB hearing This Report is the Privacy and Civil Liberties Oversight Board's effort to analyze and review actions the executive branch takes to protect the Nation from terrorism to ensure the proper balancing of these actions with privacy and civil liberties 191                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu