OCR of the Document

View the Document >>

National Security Agency, NSA Office of the Inspector General Releases Three Reports. February 17, 2016. Unclassified. [3811]

NSA Office of the Inspector General Releases Three Reports 17 February 2016 The National Security Agency NSA is releasing today three reports by NSA's Inspector General about the Agency's compliance with a current and former statute authorizing electronic surveillance The reports detail steps NSA has taken to adhere to the law and highlight the importance of these legal authorities to the Agency's national security mission They also reveal some procedural and other deficiencies that have been subsequently corrected NSA reported the incidents to Congress as required All three reports - more than 300 pages total - confirmed that there had been no cases of intentional violation of laws NSA released the reports under a Freedom of Information Act request They are being published on NSA gov to help raise public awareness of the Agency's foreign intelligence mission and to highlight the Agency's ongoing commitment to compliance with the law The NSA Inspector General's rigorous independent and continuous reviews are an essential part of the Agency's extensive oversight These reports issued over a five-year period beginning in 2010 concern NSA activities conducted pursuant to two authorities Section 702 of the Foreign Intelligence Surveillance Act FISA which authorizes targeted surveillance of foreign persons located outside the United States in certain cases and Section 215 of the USA PATRIOT Act which was replaced last year by the USA FREEDOM Act NSA itself initiated two of the reports and one was requested by members of the Senate Judiciary Committee Below are highlights from these NSA Office of the Inspector General OIG reports NSA OIG report ST-14-0002 This report issued on February 20 2015 was compiled by the NSA OIG at the request of members of the Senate Judiciary Committee The OIG reviewed the controls implemented by NSA in carrying out activities pursuant to two FISA authorities The first was Section 702 which was enacted as part of the FISA Amendments Act of 2008 and authorizes the targeting of non-U S persons reasonably believed to be outside the United States to acquire critical foreign intelligence information This collection authority is one of the Intelligence Community's most significant tools for the detection identification and disruption of terrorist threats to the United States and its allies The second authority examined by the OIG was Section 215 of the USA PATRIOT Act Pursuant to Section 215 NSA was authorized to collect in bulk certain telephone metadata This program operated from 2006 until its termination by statute on November 28 2015 Section 215 was amended by the USA FREEDOM Act which was enacted on June 2 2015 and became effective on November 29 2015 The USA FREEDOM Act made significant changes to NSA's authority to collect telephone metadata pursuant to the Foreign Intelligence Surveillance Act and was not the subject of the OIG's review so significant portions of the report are no longer relevant to NSA's activities The report presents a detailed comprehensive picture of the operation of the Section 702 program Specifically it describes the extensive internal and external oversight and compliance regime including access restrictions training requirements and technical controls - as well as limits on data retention and dissemination of information The report also notes a number of unintentional compliance failures and describes the controls put in place to mitigate recurrence The report further notes that Section 702 contributes significantly to NSA's mission NSA OIG report ST-11-0009 This report focused solely on Section 702 and was issued on March 29 2013 It reviewed the system of management controls that NSA implemented including training access and multiple levels of review and oversight The OIG did not identify any areas of noncompliance It recommended several areas in which controls over compliance with Section 702 could be improved including a lack of clear guidance to analysts inadequate documentation and insufficient training in some instances In each case NSA's Signals Intelligence Directorate agreed with the OIG's recommendations and implemented corrective action plans NSA OIG report AU-10-0023 This report which covered only certain aspects of NSA's implementation of Section 702 was issued on November 24 2010 Specifically the report reviewed the process by which NSA transitioned from collection pursuant to Section 702 to other authorities under FISA The OIG identified the lack of a standardized process which created the potential for gaps in lawful surveillance coverage The Agency has since implemented an improved transition process Moreover Section 701 of the USA FREEDOM Act subsequently clarified surveillance procedures in that regard The National Security Agency is tasked with a complex foreign intelligence mission and is dedicated in its respect for U S laws and policies There is a robust internal and external oversight structure in which all three branches of government play a key role as well as a rigorous internal compliance program The three NSA OIG reports published here are intended to help raise public awareness of the Agency's mission and to highlight ongoing commitment to compliance with the law DOCID 4273445 f -P SE CRGBPT VCOMilt11WNf l 9RiJPY NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE U Final Report of the Audit on the FISA Amendments Act 702 Detasking Requirements AU-10-0023 24 November 2010 DERIVED FROM NSA CSS Manual 1-52 DATED 08 January 2007 DECLASSIFY ON -2Q3261Ug- 1UP SE CRE 11 C OJYillv 1 JivOf t1R1v pproved for Release by NSA on 02-11 -2016 FOIA Case #80120 litigation 1 DOCID 4273445 TOP SECRE'l ICOMlNl NOFORl'Q U NSA OFFICE OF THE INSPECTOR GENERAL U The NSA Office of the Inspector General OIG conducts audits investigations inspections and special studies Its mission is to ensure the integrity efficiency and effectiveness ofNSA operations provide intelligence oversight protect against fraud waste and mismanagement of resources and ensure that NSA activities are conducted in compliance with the law The OIG also serves as an ombudsman assisting Agency employees civilian and military with complaints and questions U Intelligence Oversight U The OIG Office oflntelligence Oversight reviews NSA's most sensitive and high-risk programs fo r compliance with the law U Audits U The OIG Office of Audits within the OIG provides independent assessments of programs and organizations Performance audits evaluate the effectiveness and efficiency of entities and programs and assess whether NSA operations comply with federal policies Information Technology audits determine whether IT solutions meet customer requirements while conforming to information assurance standards All audits are conducted in accordance with standards established by the Comptroller General ofthe United States U Investigations and Special Inquiries U The OIG Office oflnvestigations administers a system for receiving and acting on requests for assistance and complaints about fraud waste and mismanagement Investigations and special inquiries may be undertaken as a result of such requests and complaints including anonymous tips at the request of management as the result of questions that surface during inspections and audits or at the initiative of the Inspector General U Field Inspections U The Office of Field Inspections conducts site reviews as part of the OIG's annual plan or by management request Inspections yield accurate up-to-date information on the effectiveness and efficiency of field operations and support programs along with an assessment of compliance with federal policy The Office partners with Inspectors General of Service Cryptologic Components and other Intelligence Communjty Agencies to conduct joint inspections of consolidated cryptologic facilities DOCID 4273445 A U-10-0023 OFFICE OF THE INSPECfOR GEN ERAL NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE 24 November 2010 IG-11226- 10 TO DISTRIBUTION SUBJECT U Audit of the FISA Amendments Act FAA 702 Detasking Requirements AU- 10-0023 - ACTION MEMORANDUM 1 U This report summarizes the results of our audit of the FISA Amendments Act FAA 702 Detasking Requirements AU-10-0023 and incorporates management's response to the draft report 2 U FOUO As required by NSA CSS Policy 1-60 NSA CSS Office of the Inspector General actions on OIG audit recommendations are subject to monitoring and follow-up until completion Therefore we ask that you provide a written status report concerning each planned corrective action categorized as OPEN If you propose that a recommendation be considered closed please provide sufficient information to show that actions have been taken to correct the deficiency If a planned action will not be completed by the original target completion date please state the reason for the delay and yrovide a revised tar et completion date Status reports should be sent to _ _ Assistant Inspector General for Follow-up at OPS 2B Suite 6247 within 15 calendar days after each target completion date c o 3 U j FOUO We appreciate the courtesy and cooperation extended to the auditors throughout the review For additional information please conta ctl l on 963-0957 or via e-mail at I -- - I b 3 -P L 86 -36 1 urJit2Ad Inspector General DOCID 4273445 AU-10-0023 DISTRIBUTION cos OGC SID cc - ------____ J SID I SAE Dlj D1 Dl4 ---- - - -- r---- J D12 - - G L1- - a-s1- - o-n- r - - - - - - - - --- - _ _ _ _- - '' T-Il-- _ _ I IG _ - - ' ''' b 3l -P L 86-36 DOCID 4273445 A U-10-0023 U TABLE OF CONTENTS U EXECUTIVE SUMMARY iii I U INTRODUCTION 1 II U FINDING AND RECOMMENDATION 5 U FINDING Gaps inl __ ___ l c overage Exist 5 U ACRONYMS AND ORGANIZA'l IONS 19 b 3 -P L 86-36 U APPENDIX A About the Audit U APPENDIX 8 Data Analysis U APPENDIX C Full Text of Management Responses i DOCID 4273445 AU-10-0023 U This page intentionally left blank 'fOP SECRF fh'COlvfHo 'Ft'NOFOAAr ii DOCID 4273445 AU-10-0023 'fb 1 U EXECUTIVE SUMMARY b p -P L 86-36 -so usc 3024 i b 3 U OVERVIEW I 1 I ftf JL TO U A If V1 1 i Section 7 02 of the Foreign Intelligence Surveillance Act FISA Amendments Act of 2008 FAA has strengthened Signals Intelligen ce SIGINT collection particularly against terrorist targets From September- 2-008 to March 2010 the number of SIG INT re orts that inc or orated FAA 702 sour'ted collection T I I fffi' Under the law collection under FAA 702 must cease in certain circumstances potentially resulting in a gap in coverage To regain coverage NSA must transition to another authority for continued collection such as a FBI FISA Order The Agency does not have a consistent process to ensure a seamless transition from FAA 702 authority to FBI FISA Orders U HIGHLIGHTS U Gaps Jnl o v o o ' DL v v coverage exist vn r v D 1 Analysis of detasking for FAA 702 compliance - _ - -- 'b ' '3' P L 8 9 6 otJ U Signific nce TS7' Sft t r' I t t I 1 b i SJJ J r o b 3 -s tS 01 REL 'T'' ' ' 'TI 1 TDI 36 024 i I Need for standardized process The Agency lacks a standardized process I TO USA 00 usc l'Bl' V I I o o U I I POUO Management Response U I IFOUQ1 The recommendation is being addressed by manage c nt b 1 TOP SECRGBP'fi5'COMtNf' 'NO PORN iii b 3 -P L 86-36 b 3 -so usc 3024 i DOCID 4273445 AU-10-0023 U This page intentionally left blank 'fOP 5lCRl'f' itOlv t'NTJ 'NOf OttN iv DOCID 4273445 1 UP SECRLYI 'COl'ffflV'f J' IOt'ORN AU-10-0023 I U INTRODUCTION U Background T S 1 NE Section 702 ofthe Foreign Intelligence Surveillance Act ' 'FTSA Amendments Act QJJ Q08 FAA enhances surveillance against b 3 -so usc 302 4 foreign nationals outside the 'tJnitea states d I 1 1 702 effectively broadened access to cntical targets of interest particularly terrorists From September 2008 when FAA was implemented to March 2010 the number of Signals Intelligence SIGINT reports that incorporated 702 sourc ed c ollection-1 I - - T5Fl1r b 3 -- p -- 6-36 b' ''Yi b 3 -P L 86-36 TS 91 tHi' Collection under FAA 702 must cease under certain circumstances Detasking is required when a tar et is determined to be enterin or to have entered the United States Collection also m'l lst c ease when a tar et is found to be a U S p - To regain coverage of such a target collection must transition to another authority for example a Federal Bureau b 1 of Investigation FBI FISA Order The transition from FAA 702 to b 3 -P L 86-36 another authority may not be seamless thereby creating a gap in b 3 -50 usc 3024 coverage and potentially causing a risk to U S security This audit assessed the circumstances and extent of the FAA 702 coverage gap by examining tasking and detasking records FBI FISA data traffic collected and purged and SIGINT reporting U FAA 702 'FS 91 tiF FAA 702 allows NSA to use the assistance of U S telecommunications and Internet service providers to target nonUSPs outside the United States After the Attorney General and the Director of National Intelligence file a joint certification that certain statutory requirements have been met and the certification is approved by the FISA Court FISC NSA may conduct foreign intelligence surveillance of the content of communications The certification includes an affirmation that the surveillance targets only non-USPs reasonably believed to be outside the United States The certification is submitted to the FISC and typically is approved for one year Acquisition under a certification must adhere to targeting and minimization procedures approved by the Court As of August TOP ECRET $EUR0 'ofFNTh' oJOFORH 1 DOCID 4273445 AU-10-0023 201 O l NSA was authorized to conduct FAA 702 collection under - 1 certifications o BHl b 3 p J 86-36 b 3 -50 usc 302 i U I IF OUO Other FISA authorities provide alternative means to obtain collection against foreign intelligence targets when NSA must stop collection detask pursuant to FAA 702 o U FAA 704 U I FO UO Other Acquisitions Targeting USPs Outside the United States A FISC Order is required but surveillance techniques are not reviewed by the court o U FAA 705b U I FOU9- Joint Applications and Concurrent Applications When a FISA Order that authorizes surveillance of a target inside the United States is in place the Attorney General can authorize targeting while the USP is reasonably believed to be outside the United States o U b b b FBI FISA Order S SI REL 'fO FVEY The FBI is authorized under a FISC Order to perform searches and electronic surveillance against - a gents ora roreigh power Und er FISC docket number l __ 1 3 -P L 86-36 known as the Raw Take Sharing Order dated July 2002 NSA 3 -50 usc 3024 i is able to receive most FBI FISA collection U Increased use of FAA 702 Authority 8 SI REL 'fO USA FVEY According to analysts in the Signals Intelligence Directorate SID collection under FAA 702 authority is productive and grew in the 19 months between September 2008 and March 2010 Increased tasking under FAA 702 authority has resulted in increased SIGINT reporting The Agency has also experienced an increase in compliance-related detaskings of selectors 2 DOCID 4273445 AU-10-0023 TOP SECRET $'COltff-NI 5'l'lOFORN U Tasking 6 SI RBL 'fO USA FVBY Tasking by s electod rm _ _ b 3 - _so usc ao2 i -- - I TO usA FVEYI compliance-reiatedt detaskingl ifi tl dl s1gn 1can y Incre-ase _ lr----l _____ _____ 1 _ _ _____ 1 U SIGINT reportirig S SI RSL TO USA FVEY R portin based on collection under FAA 702 authori increas e d S SI ' 'REL TO USA F'lEY U NSA oversight of FAA 702 collection 6 SI RSL 'fO USA FYSY In addition to the analysts' obligation to review the status of their selectors the SID Oversight and Compliance Office SV is responsible for monitoring compliance with FAA 702 and tracking detasking SV monitors selectors through_ special tools to ensure c Pl I19 J l ' b 3 -P L 86-36 j when a C'6mp1iance problem exists SV contacts the Targeting Office of Primary Interest TOP and requests that its personnel research the selector before detasking SV is also responsible for maintaining a Protect America Act PAA FAA Incident database to record and track incidents and provide that information for external oversight by the Department of Justice DoJ and the Office of the Director of National Intelligence I TOP SECRGBPTht 01dfNT 5'NOFORH 3 DOCID 4273445 AU-10-0023 U This page intentionally left blank TOP 8ECRE1 $'CObflN1 5'NOFORN 4 DOCID 4273445 'f'OfJ ECR E'f 'COlfffN'f 'NOFOftN AU-10-0023 II U FINDING AND RECOMMENDATION U FINDING Gaps inL-I___ lcovera g e Exisf -- b 3 -P L TSh'ShS'NF Although FAA 702 has provided important SIG NT collection the Agency has experienced o vera e a s when transitionin from FAA 702 to another authorit - U FAA 702 Implementation U FAA 702 procedures 'PS SI nF FAA 702 requires that NSA adopt procedures to ensure that its collection targets are non-USPs reasonably believed to be outside the United States and to ensure that the Agency does not intentionally acquire communications known to be purely domestic NSA must also establish minimization procedures that reasonably balance its foreign intelligence needs against the privacy interests of USPs with respect to the collection retention and dissemination of information U FAA 702 detaskings for compliance U j FOUO In certain circumstances NSA must detask selectors to maintain compliance with FAA 702 and approved targeting and minimization procedures There are three broad reasons for detasking '' b' ''' iojoo - b 3 -P L 86-36 o U Roamers 3 31 j REL TO USA FVSY The foreign target is initially believed to be overseas but it is subsequent determined thaLthe tar et has entered- the United- States o U FOUO USP status determined after tasking GBP SI f RSL TO USA F fEY The target is overseas and believed to be foreign but NSA subsequently determines that the target is a USP overseas b 1 b 3 P L 86-36 b 3 ' 5 I 7 f L 'fe usA FVE'td TOP SECRET fCa U JNT $'NOFOR f 5 -s o usc 3024 i 86 - 36 DOCID 4273445 AU-10-0023 - - o '' b' ' t 1 - b f' -3 - i r - 8 6 3 6 - - - NSA must detask the account from FAA 702 collection T f SII E O c e NSA determines that a tar et is a USP is roaming in the United Stat es or NSA must detask associatelr-s-e ect -o-rs ro -m -co Te-c- t lo- n- u-n e-r_ FAA 702 authority and purge related SIGINT holdings from all databases To avoid a break in coverage other authorities must be sought if the target remains of interest and is an agent of a foreign power e g 704 705b andjor FBI FISA D C Compliance detaskings few in context but potential risk is great 81 REL 'TO USA Ji'VEY The number of selectors that are detasked for compliance reasons from collection under FAA 702 authority is small compared with all SIGINT selector tasking as of March ' j i _ 2 o1ol GBP 3 P L 86-36 1 b 3 I ' parti _ular J those related to poses a o risk when transition to Tte-rn ative coverage is not se atnl ss however loss of FAA 702 collection on potentially highinterest selectors U FOUO FAA 702 detasked Selectors compared to all FAA tasking and total SIGINT Selecto rs _ U Defining the FAA 702 gap in coverage ' TS f 81 OlF The gap -in coverage is the collection lost in the time between destasking sele lor from FAA 702 collection authority and initiation of collection under another authority e g 704 705b or FBI FISA For non-FAA 702 coverag_ a higher legal standard individualized probable cause is requi red o secure a FISA order In some cases the Government may not be able t9 assemble facts sufficient to satisfy the probable cause standard I I TOP SECRE1 $'CO ' ffN1 tOFOR '-l 6 P L 86-36 DOCID 4273445 AU-10-0023 'fOP SECRGBP'fh'C01dfN'f 'NOFORN U Audit Focus 9nl U Audit universe of FAA 702 detaskings 'f8 SI tfF To determine the extent of the coverage gaps we identified every Digital Network Intelligence DNI and Dialed Number Recognition DNR selector that was detasked to comply i 3 r--p L a 6 __36 with FAA 702 after enactment of the FAA in July 2008 By ex a rrrining j tasking records and SV's PAA FAA Incidents database we identified D relevant detasked - - - - J i - EUR - - r-x @ I r e i j Th e se - electors were drawn -- _ b 3 -50 usc 3024 __ Jrom i Uf FoGo ontribution IQ tc J of collection under FAA au thority reporting -- 6 SI REL rO USA FVBY From September 2008 to March 201 o FAA 702 collection con tributed to an increasing percef tar f5 '' '' '' of0'fef5'cffti n'g' oveta1J the increase was Jrom EJpereentto l i 3 -P L S - 36 percent 1 t REL f' Q U A _ FVEY Perce - ge oOReports with Contributions from FAA September 2008 - March 2010 8 SI 'REL TO lJO r F'o' Y TOP SECRGBP1ht 01diN'fi7'NOFORtol 7 DOCID 4273445 AU-10-0023 'fOfl 8ECfff 't 'CO i'vfl N't 'NOt'Oftl' l 1 3 -P L 86-36 U FOUO Audit sample focuses on0DNI selectors 8 81 REL 'fO USA F'IE' Fr I l the uni T e rs e of l k ietasked DNI and D - - 1 5 J dentffied l IDNI s ors for ' ' ' ' ' ''''' detaited selector by-selector gap analysis see Appendix B for ' i _ scope and methodology D I sel ctors represented the large o f 3 -P i f6 3 6 r n Jonty of FAA 7 Q c l taskmgs m the sample 93 percent In L additi m CJselectors ac'Coilrtted for O percent of tasked FAA 702 DNI DNI FAA 702 S I t b C rff f selectors as e ec ors y e 1 1ca 1on indicated in the as of March 2010 adjacent diagram ' b 1 The large quantity b 3 -P L E M askings and b 3 -50 usc deh i s ings co upled with the ' significant role of FAA 7 02 onD reporting as well as the high risk tha t a gap in D cover ge poses prompted our focus ori O DNI detaskings U Effective Collection Priority S 81 REL 'fO U A FV Y To understand better the priority of tasking and forwarding of c-ollection fo r these c J selectors we obtained the h 0 _ Effective Colleclio'fi Ptiority EC P oHhe D selectors under review 3 b p L 86 - 36 ' 'ECP is de riv e d from two values national SIGINT riori and collection ' d 'e'ffce EGP- valu range from L o_n_e--- - th_r_o_u_g 'h-n in-e- -w 'i - -th --o-n-e- b-e 'i 'n-g- t - -h-e 'h -l- -'ghes t prioritY - F o'io the D selectors that we identified the average ECP was 2 52 indicating that these selectors are of high priority U Effect of Gaps on SIGINT Collection and Reporting T I OTV To determine the effects ofFAA 702 detasking on selectors ' fi 'Tl' ' '''''' during a 1 3 -m onth period Fehruary 2009 to March 2 010 1 I -- O Qrf 'JT E Hec ti QP n d re p or ting w e analyzed the 0 b 3 _'i L S 6-36 'fOfJ 8ECltE'f 'COlvffNf Jlfol0t'ORN 8 -36 3024 i DOCID 4273445 A U-10-0023 _ - -' ' - ' f f Il b p -P L 86-36 - ' 'o f1Ur - I - o' T U DCollection Coverage Gap Analysis -- 1L I o - - ' GBP ' b ' 3 - P L g o -a L U JEQ UOt Time de lay poses risk on productive selectors - I Ij_ 7'' r f r 71f j XS I t rtnn r f -i-l li lr - - - - - - - - - - - - - - - - - T -o _ ' - o TOP E CRE1 $ 'ofFN10' oJOFORH 9 DOCID 4273445 AU-10-0023 bTTl - b 3 -P L - i3'6' 36 U Minimal delav on some hiah-interest selectors I'T'C 'C T I l 1 T 1' ' _ ' ''_D 1' ' bJ 3 - it --L 86-36 b -3 -so usc 3o2 4 i o ___ _ o _ 1-------------------------r-- --1 could dro Jipeci f collection U Majority ofnse lectcffs ' b l b 3 a6 36 _ TGBP 1 Hq I 86-36 ----- - ------------------ - i -t -- b b 3 -P L 3 -so usc 3o 2 4 i -- TOP SECRGBPTh'CObffN1WNOFOR V 10 DOCID 4273445 TOP SECRGBP'fh'COi'YffN'fJ 'N OrORN U Selectors not Retasked r T oo Reason Selector Was not Retasked ' b' ' -l' - - - _ b 3 - P r - a 6 3'Ei o AU-10-0023 --- -- --- - - - Total I No of n 1 Percentage of Total I 100 00% Te SI NF U Lack of Systematic Process - 'b 3 -P L 86-36 U I Tf ' f O I f f UF I _ I I IProduction Center has faced - -challenges in achieving seamless coverage of targets while b 1 maintaining compliance with FAA 702 requirements- lr------ 1 b 3 -P L 86-36 - h f1 __ - l FOUO b 3 -P L 8 24 f o i 'F s 74 4s r f n FJ r l--------'------------- U Need ' ' o T to r consistent process I our - 1 o o I _ U_Iff _O_U_OJ I --------------------------i ' b 3 -P L 8 1 2 TOP SECRET $'Ca1tf FNT fNOFOR'l 11 DOCID 4273445 AU-10-0023 - - b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i - t t fFS z' EHz' PiFj Gap I No of Selectors b 3 -P L 8 I Percentage - - Total I t 100% t'P I I f 1 f fi' I b 3 -P L 86-36 I I I U ' I T NF 1 '' 'S S '' b H b '3l P L 86-36 After the Agency detasks an FAA 702 selector 'b ta PJ as 3s - - - b 3 -18 usc 798 b 3 -50 usc 3024 i 2 TS SI Pf F TOPis can directly notify L I_ _ _ _ _ _ I I I '' l p 1 3 TS 811 PfF After normal duty hours NSA's b f3 -P L 86-36 J I 4 TS 81 0lF Agency analysts can send TS SI HF I I TS 81 PlF In addition in September 2009 at the reques of the NS Director an Emergency Authorizatia C r l p t of b 1 Operatwns was developed _ _l and the Office of J 3 -P L 86 _36 General Counsel OGC to outlme a detailed process for maintaining coverage L l- - - - - - - - - - - - - - - ' 3 S Slh'RGBPL TO USA FVEY I TOP SECM11 $'CO '' ffN1 10FO ' 12 b 3 -P L 86-36 b 3 -50 usc 3024 i DOCID 4273445 AU-10-0023 U FOUO Lack of understandin TS SI f UF - of the handoff rocess 6 1' - b 3 -P L 86-36 - b 3 -50 usc 3024 i U FOUO Case studies f'T'C_ - 'T ' -' I I _ - b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i L ---------------------------1 1 ' ' f'T'Q CH C'T ' 'DDT ' '8 '1V T C' A r 1 ' Informal but nearly seamless I I DV -- -e - b 1 b 3 -P L 86-36 b 3 -18 usc 79 b 3 -50 usc 30 ' ' o J - I I ' I I ------ b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i I tTS Sim n Selectors Associated w i h I L - ______ _ _ __ _ _ _ --r b 1 l ' ' u u u u _- _ u b 3 -P L 8 Selectors _ 6 HT b 3 -P L 86-36 '4 ----------------------- TS 7i 'e I ' i 'n F TOP 8ECRE1 $lEUR0 1tflN1i$lNOFORN 13 DOCID 4273445 AU-10-0023 TS l 01 l Pl F NSA the Central Intelligence Agency and the FBI 1 b -P L-8iF36 o o - ____ _ 2 rl 1 i '' 'I' ' Y I TS 81 Plf --1 - o o '6 ff o b 3 -P L 86-36 b 3 -50 usc 3024 i I TS Il l - - - - - - - - - i d witn '1 L l_ _ _ _ _ _ _ _ _ _ b 3 -P L -86 -36 o t'fS I SI I Nfil These selectors had been laced under FAA 702 coverage b 1 lbecause th ey ie re used by several persons associated with b 3 -P L 8 -A H H ' - 'JPY-JPY -'3JPY-t - - b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i I I TS 81 Pi F analysts initially did n6fknow JPYho to c'o i iact b 1 about obtaining alternative coverage and were not cl _ar ahout b 3 -P L 8 what could be obtained from FAA 705b tasking and how th is tasking Ulfi ately the analysts I I 4 S h m LdT O U S A P g y J - - - - - - - - - --- j - b 3 P L 8 L --------------'' TOP eECM21 $'CO ' flN1 5'NOFORN 14 DOCID 4273445 AU-10-0023 were provided guidance inte rnally I I - - i ii _ bl 3 -P L 86-36 b l -50 USC 3024 i o o I 'To v o rl 1 T v ' occur because not all analysts m the office are familiar with these new procedures l ' l - j I J J ' J _ '- v L i m it e d f e ed b f k an - - ' b 1 '' ' o 1 1 -n - - - 't Hf ' - usc 3024 i I ' l - - - -r - r-1 '- - e-le_ c- t-or- -A s c i a - - -- -w-it-h- ______________ __3 v - b 3 -P L 8 b ' -P L 86-36 b 3 so 1 I I T I fj IfF ll o 1 1 1 o1 ID initiated j hortlv after taskine- on the selector had been I b 1 b l3 -F L 86-36 b l - 0 usc 3024 i SI SINREL USA f'o' E'f sv_ s es L-1_ _ __ I to monitor tasked selectors to ensure foreignness and comphance w1tlt the law - o 0 5 'f'OP SECRGBP'f J'COltffN'fi7'NOFORto b 3 -P L 86-36 15 DOCID 4273445 AU-10-0023 1 o I - - - b -f t- 8 -36 b l - s o u c 3024 i o lsyqqest jmproyements Ut h f3 f L 86 3 TS 11811 I iFJ _i-- ---- - --- ------ ' ' ---- ----- -- ' ---' agreed that a standardized process would improve the timeliness I I They also concluded that the process should be strengthened and SU H ested other improvements to the current system o' o _ b 1 Recommendation L- r 1 Establish o' - b 3 -P L 86-36 b 3 -50 usc 3024 i a standardized process for when it is determined that _c_o_v_e_r_a_g_e_s Toh-o-u TIId c-o-n' ' 't m_u_e__ af'ter selectors are d etas ked from FAA 702 collection ACTION SID with OGC U Management Response CONCUR U f FOUO O and OGG con c ut with OIG''s _ b 3 -P L 86-36 recommendation Corrective aytion js under way and wW be completed as soon as possible 1 -------------- TOP SECMJ1 $tcO fiN1j IOFOR '-l 16 DOCID 4273445 TOP SECRGBPTh'CO ffNT 'folOFOftN AU-10-0023 Successful completion within this timeframe is contingent upon direct involvement from SV and Sl as they are owners of mission components that are directly tied to the transition process see Appendix C for full text of management comments U OIG Comment U Planned actions meet the intent of the recommendation U Loss of Collection - _ - b 3 -P L 1 I 86-36 1 R L 'fO USA FVBY We also grouped the o electors reviewed by the reason for detasking o'T'c - I CT 1 1 Tt ' Circumstances of Detasking _ i r _1 TS SI N Ii' C T I J - b Jr------------------------ o 'o U Significar tce ofl o y r D I ------ --------- TOP SECRGBP'f 'COldfNt 'NOFORtol 17 b 3 -P L 86-36 DOCID 4273445 AU-10-0023 U FOUO Strict guidance on detasking - __ - - 1 JJ J v v o n v L I I b 3 -P L 86-36 Strict guidance from DoJ and OGC - - ' 4 J - -tf - - 01 '' 'T '--' _ I 11 lT ' ' ' 4 1 __ b 3 -P L 86-3G b J' SO USC 3014 i _ --- - - U Action taken TS Sl WJPY' I l the P RNSA al6rijfwiiliwtlie _ ' b 3 -P L 86-36 Attorney General and the acting Direcfi k of National Intelligence filed with the FISC FAA 702 certification renewaJ d ocUJ nents related to targeting and minimization procedures fo tn el l - _ - _ ------- __ 'fS SI lFJI j NSA learned that the FISC was concerned with the proposed changes to the minimization procedures DoJ and NSA are exploring alternatives to address the matter while continuing to operate under the existing procedures TOP SECRETh'COl fFNf 'NOFORN 18 DOCID 4273445 A U-10-0023 U ACRONYMS AND ORGANIZATIONS I CIA I - nn '-- - - ----- ---------' U Central Intelligence Agency gl l - -J - ' U Director NSA DNR DoJ ECP FAA I TOPI USP _ i i i i i i b 3 -P L 86-36 U Dialed Number Recognition o o o o o U Department of Justice U Effective Collection Priority U Foreign Intelligence Surveillance Act of 1978 FISA Amendments Act of 2 00-8 U Federal Bpreai i f Investigation U Foreigfi intelligence Surveillance Act of 1978 fU lforeign Intelligence Surveillance Court u l OGC P AA SID SIGINT SV SV4 U I FOUOl Digital Network Intelligence DNI FBI FISA FISC 1 U O f fice-oT f G en _e_r_a 1 C ou_ n_ s el ---------- U Protect America Act U Signals Intelligence Directorate U Signals Intelligence U I fFOUOj Signals Intelligence Directorate Oversight and Compliance U FOUOj Signals Intelligence Directorate Oversight and Compliance FISA Authorities U I fi'O UO Targeting Office of Primary Interest U United States Person 19 DOCID 4273445 A U-10-0023 U This page intentionally left blank TOP SECRGBP1 $'CObfFNTh'NOFOR ' r 20 DOCID 4273445 TOP SECRGBPTi$lCOAfl1 lTj OFORZV U APPENDIX A U About the Audit TOP SECR-E'fi 'COltfl'NVfJ 'NOfOltN' 1 AU-10-0023 DOCID 4273445 49W This page intentionally left blank DOCID 4273445 'f'OP SECRGBP'f 5'C0 dfNinlNOFOR V A U-10-0023 U ABOUT THE AUDIT U Objectives U The audit objective was to document the circumstances and the extent of dropped Signals Intelligence SIG INT collection as a result of Foreign Intelligence Surveillance Act of 1978 FISA Amendments Act of 2008 FAA 702 restrictions U Scope and Methodology U Conducted from February to August 2010 the audit examined the gaps in coverage when a selector is required to be detasked for compliance with FAA 702 and the measured effect of the lost coverage U FOUO We reviewed current policies and laws pertaining to FAA 702 We obtained access to the Protect America Act PAA FAA Incident database and reviewed reported incidents from 10 July 2008 when the FAA became law through 4 March 2010 and documented actual instances when SIGINT collection was stopped to comply with 702 See Appendix C- Data Analysis for our data sources U SID Oversight and Complia nce U j FOUO To gain an understanding of the Agency's process for documenting and reporting incidents and violations we met with the SV staff We obtained for our analysis information from SV's PAA FAA Incidents database on selectors that were detasked because ofFAA 702 restrictions U Office of General Counsel U f j-JPY0UOt We met with the OGC FAA liaison to gain the overall legal perspective of the implementation of FAA 702 We also met with the Acting General Counsel to discuss the nature of collection restrictions that are inherent in NSA's legal authorities In addition we discussed whether the current law is sufficient for NSA to achieve its mission goals 'f'OP SGBPCRGBPT $'CObfFNThlNOFOR'l 3 DOCID 4273445 AU-10-0023 U L -_ _ _ _ _ _ _ _ _ _ ___ We met with technical leadership in the Ito gain an understanding of the legal policy and compliance constraints in the 1 Ianalytic environment specifically related to b o3l P F - 6 36 FAA 70 2 Cas e s tuctJ r g r ing-0 selectors that were detasked - because of FAA 702 restrictions we'I'e ccmducted lwhen a selector was detasked was discussed with nalysts We obtained the analysts' opinions about the effect of collection on their work including specific benefits and obstacles of the FAA 702 authority ru F OUO I I b I U FAA implementation leads U f -FOUO We met with the Analysis Production FAA leads who are charged with overseeing working groups which are addressing problems with carrying out work under the FAA They outline efforts on analytic training and coordinate with the Department of Justice OGC and SV t IIC liiDCI Tf ' I IC' A tr- T I I GBPIf I lE I I I ' ' l ii'il p L 8 6-36 3 3024 b -SO USC i U Tasking tool and data repository pe rs o n n e l------ IV II FQU s2 gliii t Ei j b l -P L databases to assist in our review In addition we met with the S metrics team l personnel and a representative from SIGINT Strategy and Governance to gather additional data concerning tasking gaps collection prioritization and qualitative measures related to the FAA 702 selectors of interest I' U Training U -FOUot We took the Legal Compliance and -Minimization Procedures USSID 18 training to obtain c'C ess to certain databases In addition we attended D raining U Government aud iting standards U We conducted this performance audit in accordance with generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions according our audit objectives We believe TOP SECRGBP1h'EUR01fffNf'j'tollOFORN' 4 86 6 -3 DOCID 4273445 AU-10-0023 TOP SGBPCRGBPThlGBP0 dfNT 5'NOf'ORN that the evidence obtained provides a reasonable basis for our findings and conclusions according to our audit objectives U Prior Coverage U The Office of the Inspector General has not performed any previous audits or inspections on FAA 702 U Use of Computer-Processed Data I U To perform this audit we used data that originated from th l the SV4 PAA FAA ltRidehtif 1 f b 3 -P L 86-36 raji fj databases We used the data to conduct a gap analysis on selectors that were detasked for FAA 702 compliance reasons We did not determine the validity of these databases however we validated the data across multiple sources to ensure an accurate depiction of the data as used for our analysis U Management Control Program U j ff'OUO - As part of the audit we assessed the organization's control environment pertaining to the audit objectives as set forth in NSA CSS Policy 7 -3 Internal Control Program 14 April 2006 We found that SV4's 2010 statement of assurance reported that a lack of upgrades of Information Technology systems and software application and lack of training and staffing could impede the SV4 mission TOP SECRE1j$lGBP0 flNTh'NOf'0R 'r 5 DOCID 4273445 AU-10-0023 U This page intentionally left blank 'f'OP 8ECRGBP'f 'C01 ftNT j'l TOFORN 6 DOCID 4273445 WW AH-IO-OOZS U APPENDIX U Data Analysis DOCID 4273445 AU-10-0023 U This page intentionally left blank TOP SECRGBP1j$EUR0hffNTi$'NOFORN 2 DOCID 4273445 AU-10-0023 U DATA ANALYSIS U Identification of Detasked Selectors 6 3 -P t s -36 U FOUO We used the SV PPAAIFAA incidents database and the of selectors that were detasked to maintain compliance with FAA 702 L __jas sources - SV4 PAA FAA Incidents database UI IP'OUO We examined the SV4 PAAI FAA Incidents database which contains a record of reportable incidents under the PAAIFAA A reportable incident under PAAI FAA is one of the following U f OUO The conduct of any SIGINT activity collection processing retention or dissemination using PAA collectors in a way that contravenes the terms of the PAA or the terms of the specific certification under which you are operating 6 This includes any activity that runs counter to the Director's affidavit or the associated exhibits that describe the process for determining foreignness the minimization procedures or the targets authorized for collection under the certification U The conduct of any SIGINT activity using PAA collectors without having a certification in place to cover the target being collected b 1 3 -P L 86-36 S SI REL TO US t FV SY We reviewed the records in the SV PAAIFAA Incidents database from 10 July 2008 the inception 'Qf FAA to 4 March 2010 and determined that there were a total of0 incidents U I FOUO The records in the database are categorized by incident type This allowed us to determine those that met the criteria for our review of detaskings related to compliance The relevant incident types for further review are b il' ' - H f Q EL 1 'fO USA F fBY Roamers into the US m oL 241il isi ii fJg 1'----------' jGBP1 R SL TO USA FYEY Targets identified as a USP after tasking under 702 U I F OUO Incident types such as analyst error and tasking error did not relate to detasking to maintain compliance with 702 therefore we eliminated these types of records from our review 6 U PAA was the predecessor to FAA 3 DOCID 42 73445 66-36 Ill 1' 66-66 this 66-36 use 3024 i I - WI lie the targeting tool used to submit and manage Digital Network Intelligence targeting requests To ensure that we obtained records of all detaskings related to 702 compliance we requested froml tasking records a record of detaskings for any of the three following reasons 1 User is a USP 2 User is entering the United States 3 User is in the United States The main purpose for requesting d-etask-ing records froml was to search for selectors that were detasked citing a reason user is entering the United States and that were not captured as incidents in the SV Incidents database because they were detasked before the user actually roamed into the United States U Audit universe We compared the results of the query with the selectors identi ed in the review of the Incidents database and identi ed additional selectors that were detasked for compliance purposes WW From our review of the SV PAAIFAA Incidents landl ldetasking records we identi ed a total universe Ibll3l-P-L- 35-35 '0 unique selectors tha were detasked for compliance reasons The detaskings covered the FAA 702 certifications We were able to identify both detasked DNI and Dialed Number Recognition selectors from the FAA Incidents database and detasked DNI selectors from detasking records The breakout of the selectors are detailed in the following table llicrelhre our Search within March EIJIU did not formal ads 6 reason eld until 1111 upgradewas performed delssking records was performed forille date range February 20W lo 36'36 DOCID 4273445 'f'Ofl SECfff'f 'COMthTT 'NOFORN AU-10-0023 C - FG- -0 U If6t ij Detasked Selectors by Source and Type v 702 Selector Type Type Source SV4 PANFAA Incidents database Compliance-related detaskings since July 2008 SV4 PANFAA Incidents database Compliance-related detaskings since July 2008 SV4 PANFAA Incidents database Compliance-related detaskings since July 2008 SV4 PANFAA Incidents database Compliance-related detaskings since July 2008 D detasking record D detasking record I i I Total ' July 2008 to March 2010 July 2008 to March 2010 July 2008 to March 2010 July 2008 to MarcJ l 201 0 Compliance-related February detaskings since Febru9JY 2009 to o March 2010 2009 February Complian ce-'telated detask ngs 'since February 2009 to 2009 March 2010 9 0I REL TO USA F11B'Y b 1 b 3 -P L 86-36 b 3 -P L 86-36 No of Detasked Selectors Time Frame Description U Audit Sample for Gap Analysis S eL 't'O USA FVEY The focus of our gap analysis was on FA AL__J selectors that were detasked for collection for compliance r e asons under the0 certification from February 2009 to March - ---- 2010 f e Concentrated on the selectors f g_rn theQ ertification b e cau s e of the signifance C tbe FAA 702 collection inclut inf the - - number of F L 702 taskings and the key ro jt plays in SIGJNT p roduct i fl W e also based our dedsions regarding the time - r me f9Y r e V le'iv and the f wus ot Q selectors on of the availability '1 1y - ' f ' ords n Ge s_a ry to conduct the analysis and the majority of the $6 36 ' - 1 ls at g t to o J er t 1 s J tSJ b l -P L because of a lack traffic or tasking information or both S SI RBL 'f'O USA FVBYj o u r-analy j_s covered both time gaps g ps in cover ge in days and collection c'ov'erage g tP Jproi'ected m1ssed collection as a result of the loss of coverage for the _ l lselectors L _ __ b 1 L__j '-' '' n J JJ J o _' - ' vvn - Database Type SV4 PAAJFAA Incidents database o - b 3 -P L 86-36 ' b 3 -P L 86-36 vJ J o 702 Selector Type Selectors Reviewed ebruary 200$ to - March 201 Q o detasking records Total 'f'OP 8ECRET 'C01W fNf 't lOFORN 5 DOCID 4273445 AU-10-0023 U FOUO Records reviewed U I l fi'OUO To measure the extent of the gaps associated with detasked 702 selectors we evaluated multiple sources'r-o 'f ____ ____ information This information was re uested from SV 1-and the 82 e als o - n view d Jh followin databases - ' b 3 -P L 86-36 I I L o U fFOUO j702 tisking history U I fFOU J ' records were used to determine the dates of cove ag for the selectors The data included the dates the i eh i c tors were tasked and deta e Q in O for Executive Order 12333 and 702 coverage -- - o U IF QJJO I I ' U IFOU O Data were r q 9 ted from t he l lon the tasking and d etasking on h e selectors This allowed us to draw a 1 P - 1 l data to determine the Effective Collection 'Pr- io ri Y' of each of the selectors - A - f i d r J g n et e f s 7 r e - s o I oAu ec d ts r ------- o U l JEL FVEYlJ data were requested for determination of the number of P teces of traffic or traffic hits c9 1J JG9 p e r day r elated t e 702 1 I This '6 flf - traffic allowed us to determine how active the selectors were in b 3 P L 86-36 e g arcC to traJfic coUected L --- --___ - --- __ b 3 -50 USC 3024 i From this information we were able to project the potential collection that was lost during gaps in coverage related to 702 ' compliance It also provided us the ability to determine how o U OUO Purged records U I FOUO Purge requests from SV4 to database managers were '6 3 FP I 86 eva luatect for-records -related -to the group of0 selectors in the 1 atabase The purged records in effect represent a gap in collection coverage 'f'OP SECRGBPTh'COltfflVTi5' oorOFORN 6 DOCID 4273445 AU-10-0023 o U FOUO 704 705b tasking 8 SI REL 'TO USA f'Tv BY Reports were generated from D and records requested from SV regarding ZQ4 f705b aut horizations to determine if any of thy L_jdetasked 702 ' selectors were subsequently approv d mder those b 3 -P L 86-36 authorizations b 1 b 3 -P L 86-36 TOP SECRGBP1j$lGBP0bfFNT j'NOf'ORN 7 DOCID 4273445 AU-10-0023 U This page intentionally left blank 'f'OP 8ECRGBP'f 'COMtN'fij'lolOFORN 8 DOCID 4273445 AU-10-0023 U APPENDIX C U Full Text of Management Comments TOP SGBPCRGBPT $lGBP0l fFN1 f oIOf'ORN 1 DOCID 4273445 AU-10-0023 U This page intentionally left blank TOP SECRGBP1j$EUR0 ePHNTjj'l'l0f'ORtv 2 DOCID 42 73445 AU-10-0023 U 51 D and OGC Management Responses ffiP Sl CU ltiC hVIIIQ i JINOI URN SECURITY CLASSIFICATION NSA STAFF PROCESSING FORM TO i EXREG CONTROL NUMBER KCC CONTROl NUMBER I 2010-8956 OIG THRU ACTION o a --- - - - - - - - - - - - - - - - -l 0 SUBJECT U SID Response to Draft Audit Report on the FfSA Amendments Act 702 Derasking Requirements EXREG S USPENSE APPROVAL SIGNATURE I 5 Nov 2010 KCC SUSPENSE ELEMENT susPENSE INFORMATION DISTRJBUTION SUMMARY PURPOSI UI To provide the SID response to the draft repot1 on FISA Amendments Act FAA 702 Detasking Requirements AU-10-0023 BACKGROUND U IrOUO The Audit was initiated at the request of DlRNSA The Audit objective was to document the circumstances and the extent of dro ed SIGINT collection as a result ofF AA 702 restrictions The draft Audit re ort was rovided ro DISCUSSION U ret f8tThe a mnent T' ll4 is the consolidated SID 1 and OGC response to the subjec _r eP tieL____J feg d tt_J'or their response to this t skcr o - - - ' b 1 oo 'i b 3 -P L 86-36 b 3 -50 USC 3024 i b 3 -P L 86-36 Thi SPF may be downgraded and marked SECI ETIICOMTNT INOFORN upon removal ofend v COOROINATIONIAPPROVA OFFICE SECURE PHONE NAME AND DATE l h JD SID OIR h l S02 ' 1 r I TlLI IO -- - 63 335 S2 O iC ai17ii li iQ 10 ORUiiNATOR teoiaiVttf JOt ro I 963-3121 ORG FORM A6796T REV FEB 2005 Suoersodos M796 NOV 96 whoch obsoleto I NSN 754 FM- 1-5465 Derived Fr om Dated Declassify On H t bH3 -P L 86-36 963-4093 I I S023 I PHONE ISoeute I DATE PREPARED 966-5590 SECURITY ClASSIFICATION TOP 6ECftGBPT lCOMfNTh'HOrOR H NSNCSSM 1-52 20070108 28828 I 88 TOP SECURE PHONE NAME AND DATE OFFICE SECRGBPThlGBP0lrf1N't'jj'NO ORN 3 I 1 15 2010 DOCID 4273445 AU-10-0023 I U SUMMARY U FOUO As requested this co rrespondence provides the Office of L ----------'1 -and Offi'ce of Generai Cou ns rs OGCrstate-me'rits 6f bj 3 -P L 86-36 concurrence or non-concurrence with the recommendation contained in the Office of Inspector General's OIG's draft audit report on the transition gap NSA encounters when targets of Foreign Intelligence Survei llance Act FISA Amendments Act FAA 702 collection must be de-tasked from th is collecti-on authority This memorandum also provid es OIG with the results ofO and OGC 's review of the draft report for factua l accuracy II U CONCURRENCE WITH RECOMMENDATION SIH Fr Recommendation Establish a process for _NSA a l_ _ _ _ _ _ ------ '----------- cov erage_ t or- acco -nts de-tasked from FAA 702 -- - b 1 collection U Lead Actionee SID with OGC b 3 -P L 86-36 b 3 -50 usc 3024 i U Concur Non-Concur Estimated Completion Date O and OG9 G o nc ur w itfi o co' J -P L 86-36 OIG 's recommendation Corrective action is underwgy and wilfb'e c mpleted as soon as possible s uc ces st l comp letion w ith in this timeframe is contingent upon direct involvement from SV and S1 as they are owners of mission components that are directly tied to the transition process I T l l l l F Comment Although there is a current process for the Signals Intelligence Directorate SID overage of targets of interest OGC does not dispute OIG's substantive finding that the current process does not appear to be universally understood by SID'sl Jpersonnet Jp 6 3 -P L 86-36 response to th is f ind ing and re ommendat1on - OGC ah d indiy idu als froril tc slo I includeOpers onner are rking on impr_o ying- t le cG rreht p r cessl coverage ofl -t r fefs th at must be d'r ppeg from FAA 702 collection oGQ _and SIDQpetso n nel have alread init_ i a t d discussions to I I establish a clearer procgss for NSA 6oveh ge for selectors d ' tasked from FAA 702 c 'i l-ectio n OGC and p ersonnel nav - begun drafting a comprehensive standard operati ng prpcedure SOP for a a lysts to follow wt l n a approp late The SOP 'jyill L a-1s_o_i_n_c_lu_d_e_a_q_u_ick- re-fer_e_n-ce_ g_u_id_e_a_n_d_c_h_e-ck-l ls__ l for anaJysts OGC w i II ehgage with the Department of Justice DoJ I TOP ECRE1 JPYCO 'IlNT O OR V 4 las - 6 3 -P L 86-36 b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i DOCID 4273445 AU-10-0023 necessary to ensure that the new process addresses OIG's finding and recommendation - l p 8 -36 sessi6ns lo-r TSf SI It IF In the short term 0 has rnitrated a serie s oftraTni iig 1 3 -P L 86-36 b 3 -50 Os c 24W _ be s of the d ivision and branch leadership teams to raise awareness of the proce ss - The purpose of the tr i il'ing is to establish brancb and division level Points of Contact POCs who wi ll be able t o as$_ist ana lysts through th lprocess Additiona l Video Teleconferendng Center VTC sessions w ill be schedu led to include the extended enterprise 6 3 '-P L 6-36 TSHSI dF Finally an e-mai l alia has been created that includes techn ica l and policy e p e rfS inD The purpose f'thi group is to assist the division and branch POCs as they work with the analysts on thel process Members of the group wi ll also ensu re that timely resolution is reached for selectors de-tasked from FAA 702 III U D REVIEW F OR FACTUAL ACCURACY _ - b 3 -P L 86-36 U fOUQj OIG Comment The OIG does not agree ' i ith the Jth all suggested changes were due to inaccuracies or misleadi_n g statements In most cases these suggested changes were based onO i nlerpretations of the repopt and new information We made the appropri ate changes to update and Jarify areas of the report SHSI It F The following lists areas of the report where 0 f'dentified factual inaccuracies or misleading statements that shou ld be corrected in the final version of OIG's report on th lg p NSA encounters when targets of FAA 702 collection must be de-tasked from fhis collection authority These factual inaccuracies do not affectO concurrence w ith the report's recommendation that SID and OGC establish a new process 1 1-tar get th_ t must be dropped Jrom FAA 7 92- colfection The fo llowing constitutes o speCifiC suggeste d 2f g os I 1 U Correction 1 b f1L b 3 P l - 8 -36 b 3 -P L 86-36 b 3 -5o usc 3o24 i - 11 11ff jf Highlights Section page i On page ' i' in the Highli9hts oo s ct1on the report contains a sentence that says l _____ _ _____ _ _ - _ - __ _- - - --- I 1 TOP SECRGBP1j$lGBP0bfFNT0'NOf'ORN 5 DOCID 4273445 AU-10-0023 8 181 lt JF' Comment This statement implies that NSA would have been able to obtain probable cause on all of those selectors and would have been able to transition to another authority Believe we should clarify that we cannot transition all selectors in all circumstances -- - ' b 3 -P L 86-36 U Correction 2 - leoverag -E i t page U _ge 'fh o 81181 t JfZjGaps inl FINDING top of the page it states the Agency has experiencedL_f overage gaps when transitioning from FAA702 to another authority 8 181 F Comment This statement implies that NSA should be able to transition to another authority in all instances This is not the case Believe we should clarify that we cannot transition all selectors in all circumstances While the need for a higher legal standard is mentioned on the bottom of page 6 believe we need to be up front with the fact that some selectors will not transition U Correction 3 81 SI dF Effective Collection Priority ECP page 8 This section states that the average ECP was 2 52 indicating that the average ECP was 2 52 indicating that these selectors are of high priority S SI lt JF Comment Believe we need to add context to this statement We would imagine that most if not all has i i'n b 3 -P L 86-36 ECP that falls into the 1-3 range Probably all on the ECP selecto rs are of high priority based U Correction 4 T81 81ff dF Selectors not retasked page 11 The table at the top of the page indicates thatl j - b 1 b 3 -P L 86-36 T8 1811 F Comment We think it is important to add a footnote that indicates that the analysts were told that they did NOT have to perform thorough research to try to recall why the selector was not retasked Below is an excerpt from an email exchange between 01 9od0indicating that the analyst did not have to perform research if they did noi remember why the selector was not retasked b 3 -P L 86-36 6 DOCID 4273445 AU-10-0023 TS SI lfqf We agree with your assertion that the analysts simply note that they do not recall what happened to the selectors if they cannot remem ber Our intention was not to require people to spend hours trying to recall information to answer our survey which is why there is a don't recall option in the first questiorl 1 3 -P L 86-36 b l -50 usc 3024 i U Correction 5 ' T8 SI F I U Correction 6 TSff81 ftqF Need for consistent process page 11 The document states that b -1 b 3 -P 'L 86 36 b 3 -50 usc 3024 i T8 181 H F Comment We think it is important to note that some selectors will take longer to transition compared to others based on the circumstances The probable cause standard is higher than the standard associated FAA 702 tasking This statement implies that we should always be able to transition quickly It may lbefore w e b 3 -P L 86-36 take time and a lot of back and forth between reach the probable cause standard We realize this is addressed in the Case Studies on page 13 but we think it should be stated up front U Correction 7 8 81 REL Footnote 3 page 14 States thatl b f -P L -------------- 1 rrs lll r Comment I 86 36 - 1 b 3 -P L 86-36 TOP SECRGBP1j$lGBP0bfFNT $'NOf'ORN 7 DOCID 4273445 AU-10-0023 b 3 -P L 86-36 U Correction 8 TS 81 t JF First Paragraph page 15 The analysts also may not have been l 1 IL - - - - - - - - - - - - - - - - - - - - - - - - - - - 4 P 3 -P L 86-36 3 -50 usc 3024 1 TSHSifftqF Comment I I U Correction 9 TS SifftqF Action Taken page 18 Th is section discusses the new procedures which are supposed to provide relief on som l seenarins _ - w b 1 TSI SII F Comment Unfortunately b 3 -P L 86-36 provisimi's Were 7 removed from the new procedures so we w1 ll not see an rel1ef based on the new procedures OGC wou ld have details on exactly what occurred and where we stand b 1 b 3 -P L 86-36 III U OGC- REVIEW FOR FACTUAL ACCURACY U FOUO OIG Comment The OIG does not agree with the OGC that all suggested changes were due to inaccuracies or misleading statements In most cases these suggested changes were based on OGC's interpretations of the report and new information We made the appropriate changes to update and clarify areas of the report S SI ftqF The following lists areas of the report where OGC identified factual inaccuracies that should be corrected in the final version of OIG's report on the transition gap NSA encounters when targets of FAA 702 collection must be detasked from this collection authority These factual inaccuracies do not affect OGC's concurrence w ith the report's recommendation that SID and OGC establish a new process targets that must be dropped from FAA 702 co llection The following const itutes OGC's specific suggested correct ions TOP EC Rf T $1 0 'NOFORN 8 b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i DOCID 4273445 AU-10-0023 TOP SECRGBPTh'CO fl NT 'NOFORN - - cb 1 U Correction 1 81 SI - b 3 P L 86-36 Highlights Section page i _ On-pa ge i ' in the Highlights'j sectio the report contains a sentence thatsays- tt1e issue of a l l-is cu rrently under review by DoJ This statem nt is factua lly incorrect In July 2010 DoJ attempted to persuade the Foreig Intelligence Survei llance Court FISC to allow tasking to continue under one versi n of the but the FISC ------------------------------------------------ refused to accept the proposed change to NSA's FAA targeting and minimization procedures that the Government proposed to address this problem OGC's understanding is that the FISC concluded such a change would conflict with statutory restrictions contained in the FAA legislation itself Therefore DoJ is no longer reviewing this issue in the manner mentioned in the draft report Instead DoJ is reviewing two different draft legislative proposa ls that attempt to close the transition gap One proposal was drafted by NSA and the other proposal was prepared by DoJ's National Security Division I I - b 1 b 3 -P L 86-36 U Correction 2 8 fSI P JF Introduction On page 2 the Introduction section of the draft report contains the following sentence '6 1f u u Sfi'SF f Fr -underFtSC docket numbed 0L 24 i __Sharing Order known as the Raw Take dated July 2002 NSA is able to receive FBI FISA co llection U As drafted lhissertence is factually inaccurate The sentence shou ld be revised to read SffSI t F Under FISC docket - berl known as the Raw Take Sharing Order dated Ju ly 2002 NSA is able to receive most FBI FISA collection directed against the FBI's counterterrorism targets TOP 8ECRGBPT $'EUROl fFNTA olO ORZV 9 DOCID 4273445 AU-10-0023 U Correction 3 TOP SGBPCRE'fjj'COl Yn'NOr0t t J b 3 -P L 86-36 S fSI It F Finding that Gaps inDrarget Coverage Exist Page 6 of this section of the draft report contains the following sentence SHSI ffqf To avoid a break in coverage other authorities must be sought if the target remains of interest and is an agent of a foreign power 704 705b and or FBI FISA SI SI JJ This sentence is inaccurate as drafted since it implies that the listed authorities are the only possible authorities available to resume coverage The sentence should be revised to read 8 SiffPqF To avoid a break in coverage other authorities must be sought if the target remains of interest and is an agent of a foreign power e g 704 705b FBI FISA etc U Correction 4 b 3 -P L 86-36 SifSI Jj Finding that Gaps inDrarget Coverage Exist Page 6 of this section of the draft report contains the following statement SHSI dF For non-FAA 702 coverage a higher legal standard ---- individualized probable cause is required to secure a FISA order I I l S SI Pqf Although the statement is accurate as drafted for completeness Otq may wish to note that in some cases the Government may simply not be able a b assemble facts sufficient to satisfy the probable cause standard 1 b 3 -P L 86-36 U Correction 5 TS SI IfqF Discussion of lack of process ron pages 15 to 16 of this section of the draft report there is a discussion of the delay experienced in regaining coverage of selectors associated witt 1 I $_ince t _e p6rt says L ------------------------1 TOP 8EJCRE1j$'EUR0AffNT 5'1oorOFORN 10 o o o _ b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i DOCID 4273445 TOP SECRGBP'f 'CO 'f NOF01 tN AU-10-0023 NSA had to de-task the account _once theAgency l earned thatl 'b '1 ' I b 3 -P L s6 6 b 3 -50 usc 3024 U Correction 6 11 r Discussion of Strict guidance on detas J ing- I On pages 17 to 18 the draft report states tb at DoJ and' OGC have provided stri ct guidance to de_ 9Sk I I Although accurate as drafted the report impli JhatOoj and '6GC have discretion to alter the guidance Therefore the dratt r-e p o rt' s discussion of the legal advice provided by DoJ and OGC on the de ' tasking ofl lis extremely misleading A lthough this section of the f6 1 to ' ' r afLr epgr _ notes that the FISC has expressed concern about the modifications b -P t 6 '36 'th G 9vern ent p- op os ed Ito NSA's FAA 702 targeting and mini izanon - proced res 'Hie-report fa i l to note that the Court's concern was with ITss u-e - QQC 's underst ndTi1'g - is that th eJ 9 urt concluded that to address one aspe c fofth-e even the modest changes propo s ed were ---------------------------------------------------- incompatible with the current statutory framework Moreover for comp leteness the report shou ld also note that even if the statutory language is changed there may be Fourth Amendment problems w ith maintaining electronic surveillance of a U S person or a person located inside the United States on anything less than a fo rmal probable cause determination I thel TOP SECRGBP1 VCOlofFNTh'NOf'OR ' 1 11 DOCID 4273445 DOCID 4273133 NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE Further dissemination of this report outside NSA is PROHIBITED w ithout the approval of the Inspector General U Report on the Special Study Assessment of Management Controls Over FAA 702 ST-11-0009 Revised and Reissued 29 March 2013 b 3 -P L 86-36 Classified By l Derived From NSA CSSM 1-52 Dated 20070108 Declassify On 28388381 pp roved for Release by NSA on 02-11-2016 FOIA Case# 80120 litigation 'fOfl f Cttf'f 1 J'TqO fi' OfUq j DOCID 4 2 73133 U OFFICE OF THE INSPECTOR GENERAL U Chattered by the NSA Director and by statute the Office ofthe Inspector General conducts audits investigations inspections and special studies Its mission is to ensure the integrity efficiency and effectiveness ofNSA operations provide intell igence oversight protect against fi aud waste and mismanagement of resources by the Agency and its affiliates and ensure that NSA activities comply with the law The OIG also serves as an ombudsman assisting NSNCSS employees civilian and military U AUDITS U The audit function provides independent assessments ofprograms and organizations Performance audits evaluate the effectiveness and efficiency of entities and programs and their internal controls Financial audits determine the accuracy ofthe Agency ' s financial statements All audits are conducted in accordance with standards established by the Comptroller General of the United States U I NVESTI GATI ONS U The OJG administers a system fo r receiving comp laints including anonymous tips about fi aud waste and mismanagement Investigations may be unde1taken in response to those complaints at the request of management as the result of irregularities that surface during inspections and audits or at the initiative ofthe Inspector General U INTELLIGENCE OVERSIGHT U Intelligence oversight is designed to insure that Agency intelligence functions comply with federal law executive orders and DoD and NSA policies The IO mission is grounded in Executive Order L2333 which establishes broad principles under which IC components must accomplish their missions U Fl ELD I NSPECTI ONS U Inspections are organizational reviews that assess the effectiveness and efficiency of Agency components The Field Inspections Division also partners with Inspectors General ofthe Service Cryptologic Elements and other IC entities to jointly inspect consolidated cryptologic faci lities TOP SECRET fSf IHOf OR1 DOCID 4273133 OFFICE OF THE INSPECTOR GENERAL NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE 29 March 2013 IG- 11526- 13 TO DISTRIBUTION SUBJECT U Revised Report on the Special Study Assessment of Management Controls Over FAA 702 ST-11-0009 -ACTION MEMORANDUM 1 U I FOUO This revised report summarizes the results of our special study of management controls that ensure compliance with Section 702 of the Foreign Intelligence Surveillance Act FISA Amendments Act of 2008 FAA 702 and the Targeting and Minimization Procedures associated with the 2011 Certifications It reflects changes made based upon additional information provided subsequent to the release of the original report on 8 November 2012 The report documents our analysis findings a nd recommendations for improvement It also notes other areas that merit attention 2 UI FOUO In accordance with NSAICSS Policy 1-60 NSA CSS Office ofthe Inspector General and IG-11358- 12 Follow-up Procedures for OIG Report Recommendations actions on OIG recommendations are subject to monitoring and follow-up until completion Consequently we ask that you provide a written report concerning each OPEN recommendation in the following circumstances when your action plan has been fully implemented or has changed or if the recommendation is no longer valid The report should provide sufficient information to show that corrective actions have been completed If a planned action will not be completed by the target date please state the reason for the delay and give a revised completion date Reports should be sent toJ Follow-Up Program Manager at e-mail DL D l _Followup AJ IAS D 1 I I 3 U I OUO - We appreciate the courtesy and cooperation extended to our staff throughput the special study For additional information please contact lon 963- 1422 s or via _ l til atl c 6- 6 a s AGBP Inspector General I DOCID 4273133 8 P F DISTRIBUTION DIRNSA SID T Shea NTOC R Ledgett TD L Anderson DOC J DeLong OGC R De ADET J Majoros cc Exec DIR F Fleisch CoS E Brooks SID DDIR R Moultrie DDCR t - - - - - - 1 ' bLIAISON ' ' DL ntocreg gt i er g o b 3 -P L 86-36 b 6 1 D11 D12 D13 D14 TOP SECRE1iVShVN01'o0R l DOCID 4273133 'fOP SECR ET Sih'HOF OffiJ U TABLE OF CONTENTS U EXECUTIVE SUMMARY iii I U INTRODUCTION 1 II U FOUO FINDINGS RESOLVED DURING THE REVIEW 11 Ill U iFOUO FINDINGS AND RECOMMENDATIONS 13 U FOUO FINDING ONE PERFORMANCE STANDARDS PERFORMANCE METRICS AND C OMPLIANCE ENFORCEMENT MEASURES FOR TARGETING AND MINI MIZATION PROCEDURES ARE INCOM PLETE 13 I i g o w t 7 6j tY DING TWO FINDING CER'rAIN FAA 702 SELEC Rsj I I THRL - - - - - - -- - -- - i -- - --- 19 PROCEDURES AND NSA POLICY ARE N OT FULLY ADDRESSED 21 U FOUO FINDING FOUR SOME DOCUMENTATION S UPPORTING FAA 702 RESPONSIBILITIES HAS NOT BEEN KEPT U P-TO-DATE AND REQUIRES REORGANIZATION ACROSS NSA WEB PAGES 25 U FOUO FINDING FIVE INCREASED AUTOMATION OF PROCESSES SUPPORTING FAA 702 IS NEEDED TO ENSURE COMPLIANCE AND REDUCE ERRORS 29 U FOUO FINDING SIX THE FAA 702 CURRICULUM NEEDS TO BE UPDATED AND THE TRAINING REQUIREMENT ENFORCED 35 IV U OBSERVATIONS 39 V U if'OUO SUMMARY OF RECOMMENDATIO NS 41 VI U ABBREVIATIONS AND ORGANIZATIONS 45 APPENDIX A U About the Study APPENDIX B U Control Requirements and Management Controls APPENDIX C U Full Text of Management Response 'fCW ECR E'f fSf fi Of I OiUJ DOCID 4273133 This page intentionally left blank DOCID 4273133 TOP SE CRETHSf t OF ORt U EXECUTIVE SUMMARY U Overview 'f'S I 81 In F The National Security Agency I Central Security Service NSAICSS conducts activities under the authority of Section 702 of the Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008 FAA 702 a key sour ce of information on foreign targets Since FAA's inception epy ting based on FAA 702 collection has grown from an average of repor t per month to more than FAA 702 reports are sourced from collection obtained with the assistance of U S communications service prov i ders The -maJq r Y of the c oll -tioQ lis- from lntex ne t S rvi P r Q Y sle J J3 I M traffic and t J remamder telephony and upstream Internet tJ C i r _ J j t O n e d Jromo '' b 1 lthe Irrternet backbone b 3 -P L 86 _36 I I I I U I FOUO For the Agency to retain this important tool in support of its mission it must ensure compliance with FAA 702 NSAICSS has implemented policies and control procedures including training access control multiple levels of review and oversight This system of controls is designed to provide reasonable assurance of compliance with the statute and FAA 702 targeting and minimization procedures that form the basis for the affidavits made by the NSA Director concerning the Agency's use of the authority UI IFOUO The findings represent improvements needed to the overall control environment in which the FAA 702 authority is used In a later r eview the Office of the Inspector General will conduct compliance and substantive testing to draw conclusions on the efficacy of the management controls - --- ------- ------- 8 Lfi F b 1 - I ------------------------- U Highlights UI jFOUO Although the OIG did not identify areas of non-compliance with the targeting and minimization procedures we identified six areas in which controls over compliance with FAA 702 should be improved U FOUO Assessment of performance against compliance standards Establishing accountability for compliance requires clear performance standards measurement of actual performance against those standards reporting results and implementation of corrective action These processes are not fully developed 'fOP SECRE'f fSf fi Of ORt Ill DOCID 4273133 'fOf f C T 7'Sl IN OF URN l t t l r-rtt'' r- te c C ttll 1L_ _ _ _ _ _ _ _ _ _ _ _ _ __ll_ _ _ _ _ _ _ 'bj 1 ' - b 3 -P L 86-JS b 3 -50 usc 3024 i TG IGII P F Dissemination process A review ofFAA 702 -sourced serialized dissemination does not include steps to verify that when MCTs were used to support what is being disseminated the multiple communications ti ansaction MCT documentation required was prepared in accordance with the minimization procedures o U FOUO Documentation deficiencies Some internal Standard Operating Procedures and other internal FAA 702 guidance have not been kept up to date and require reorganization by subject across internal NSA web pages ' ' ' ' U J l G Ucnl b 3 -P L 86-36 lwould improve purge execution training comp liance and production of compliance alerts U FOUO Tra ining update and enforcement Adjudicators personnel responsible for ap proving targetin g requests do not have a documented standardized version of their training for reference In addition to the initial FAA 702 training required before accessing FAA data analysts are now required to take a new FAA 702 applications course on com pliant targetin g requests and targeting maintenance However the requirement for the applications course is not yet enforced U Management Action U j j FOUO Signals Intelligence Directorate personnel agreed with the Inspector General recommendation s and the planned actions meet the intent of the recommendations TOP SECRET lSI hHOf l l QR T DOCID 4273133 'fO l SECR ET fSV fOF OiUJ I U INTRODUCTION U Background U Sources of Section 702 Foreign Intelligence Surveillance Act FISA Amendments Act of 2008 FAA 702 collection H 3 -P L 86-36 TSJ SiffnF FAA 702 data is composed of Digital Netwoik Intelligente DNI and Dialed Number Recognition DNR 9-ata DNI is Signals Intelligence SIGINT received from lnt ernef S ervice Providers ISPs with the assistan ce of the Federal Bur au of'l westigation FBI the PRISM program and from 'ii stream collection Anal sts submittinrr I FAA 7 ta ing cim bii1i -- DNR data is o tame 1a mtercep o e te ep one networ N SA ha s - uthonpy to a cqmre commumcations to from or m the case of DNI collectiorf fromL about tasked selectors b 3 -P L ss 36 - - I U Requirements of FAA 702 g OlF The target of collection must be a non-U S person USP who is reasonably believed to be located outside the United States and possesses is ex ected to receive a nd or is like to communicate foreign intelligence FAA 702 Certifications o - L ---------------------1 - b -11 b 3 P L 6-36 b 3 -50 us c -30 4 i 8 P F FAA 702 requires the Attorney General to adopt targeting and minimization procedures in support of the statute The targeting and minimization procedures are documented in each Certification DIRNSA's affidavit for each certification provid es information regarding how the Government will implement t hose proce dures and states that o S l 1 3 -P L 86-36 nnl 3 -50 usc 302 I ------------------------------------1 TOP SECR ET fSf fi OF ORt I DOCID 4273133 'fOF SEC'ftE'fh'SVfHOF ORN Reasonable procedures are in place to ensure that acquisition under the Certification is limited to targeting non-USPs reasonably believed to be located outside the United States Targeting procedures are reasonably designed to prevent the intentional acquisition of domestic communications 2 Acquisition is for the purpose of obtaining foreign intelligence information within the scope of each Certification NSA will follow specific minimization procedures NSA may provid e the Central Intelligence Agency CIA and the FBI unminimized communications acquired through this authority U Independent measure of compliance performance S ffP The Agency's compliance with FAA 702 is subject to bi-monthly review by the Department of Justice DOJ and the Office of the Director of National Intelligence ODNI who review disseminations queries of U S person identifiers compliance incidents and the targeting requests for all n ew and retasked selectors for the period as well as the supporting information for a sample of the selectors These entities have reported a very small number of errors U Objective and Scope of Review U j jFOUO The objective of the OIG review was to assess the adequacy of management controls to ensure reasonable compliance with FAA 702 This analysis was based on review of published and draft guidance and certain controls in systems supporting application of the authority We also interviewed managers and analysts responsible for targeting approval and oversight subject to FAA 702 requirements Testing of the controls identified will be the subject of a later review U Standards of Internal Control U We assessed management controls against the Government Accountability Office's Standards for Internal Control in the Federal Government November 1999 which presents the five standards that define the minimum level of quality acceptable for management contro l in government Control Environment Risk Assessment Control Activities Information and Communications and Monitoring U Internal control or management control comprises the plans methods and procedures used to meet missions goals and objectives It provides S 'SJ ff Don1estic coJnmunications according to Section 2 of the FAA 702 Minimization Procedures are all communications other than foreign communications including those in which the sender and all intended recipients are reasonably believed to be located in the United States at the time of acquisition Foreign communications must have at least one communicant outside the United States 2 DOCID 4273133 TOP SE CRETh'SI NOF ORH reasonable assurance that an entity is effective and efficient in its operations reliable in its reporting and compliant with laws and regulations NSA CSS Policy 7-3 Managers' I nternal Control Program 14 February 20 12 advises that evaluations of internal control consider the requirements outlined by the GAO standards The Office of the In spector General OIG evaluates management control against the standards U Targeting and Minimizati on Procedures Basis for Compliance U Ta rgeting 8 SI lF The targeting pro cedures specify that NSA will make a determination about whether a person is a non- United States person reasonably believed to be outside the United States in light of the totality of the circumstances based on the information available with res ect to that '6 1y With respect to the foreign intelligence purpose or e targetmg e procedures require NSA to assess whether the tar g possesses and or is likely to communicate foreign intelligence inforn1 'a tion J mcerning a foreign power or foreign territory Wit h respect to documentatTorr aqalysts who request tasking will document in the tasking database a citatio-n or c itations to the information that led them to reasonably believe that a targete d p-ers n is located outside the United States as well as id entify the foreign po i'ert labout which they expect to obtain fo reign intelligence information pursuant to the proposed targeting b 3 -P L86-36 S f ffP The submitted targeting request is then subject to an adjudication review by specially traine _p e rsonnell _ ' b I b 3 -P L 86-36 b 3 -50 usc 3024 - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 b 1 b 3 -P L 86-36 User of the selector is th e intended foreign intelligence target 3 DOCID 4 2 73133 TOP SECR ETh'8tm W Oru Target remains appropriate under the Certification cited in tasking and Target r emains outside the United States and or there is no information to indicate that the target is inside the United States S NptThe On-Going Target Review section of the OTR Guidance states that analysts musd Ito gphold that there has been no change in the target's status that would require adjustment to maintain NSA's compliance At least every 30 days the b 1 review should confirm that the b 3 -P L 86-36 Selector remains associated with the intended target Target remains appropriate to the Certification cited Target remains outside the United States and or there is no information to indicate that the target is inside t he United States and Type of data being obtained is not routinely of a type that is subject to immediate destruction requirements i e domestic communications S JHF Information that demonstrates a change in any of these factors might require detasking the selector destroying or otherwise handling collected traffic in accordance with the minimization procedures and notice to the Agency's overseers U Oversight and reporting U FOUO The Agency must Train those targeting and those approving targeting or accessing FAA 702 information Ensure that FAA 702 raw traffic is stored only in authorized repositories and is accessible only to those who have had the proper training and Conduct spot-checks of targeting decisions intelligence disseminations and queries of data repositories for compliance U Minimizat ion U FOUO The minimization procedures are designed to protect USP information during acquisition processing retention and dissemination of information obtained by targeting non- USPs reasonably believed to be located outside the United States They require that the Agency ensure that Acquisition is conducted in a manner designed to the greatest extent feasible to minimize the acquisition of information not relevant to the aut horized purpose of t he acquisition Personnel exercise reasonable j udgment in determining whether information acquired mus t be minimized and dest roy inadvertently 4 DOCID 4 2 73133 l'OP SE CREl' Sl HOF ORH acquired communications of or concerning a USP at the earliest practicable point in the processing cycle unless the data can be retained under exception provisions detailed in the minimization procedures and Report s based on communications of or concerning a USP may be disseminated if the identity of the USP is deleted and a generic term or symbol is substituted so that the information cannot reasonably be connected with an identifiable USP Otherwise dissemination of intelligence reports based on communication of or concerning a USP may be made to a recipient requiring the identity of such person only for the performance of official duties but only if meeting certain criteria U Control Env i ro nment U Reliance on manual controls U I FOUO A significant number of the procedures and controls established to ensure compliance with FAA 702 and NSA's court-approved targeting and minimization procedures are manual Thus training supervisory reviews and oversight are critical elements of the control structure Modifications to the systems relied on for targeting collection and processing continue to Improve the ability to purge information when required Identify and prevent instances of over-collection and Improve efficacy and efficiency of processing and oversight U FOUO Rea lignment of responsibility U SID has restructured operations to better manage FAA 702 processing and compliance S lf EH7'J'-PH l ll r e sp onsib ilizy for adjudicati ng - FAA 7021 o Iassumed - on I ' v o II __ I o U I FOUOj S2 Mission and Compliance performs functions supporting use of the authority as well as additional oversight of FAA 702 processing and compliance SV continues to perform much of the direct oversi _9 ft rgeting - l ' ' '' ' l assubied responsibility fro _m _ S -V - -t o-o-r- - - - - - - - - - - - - ' b 3 -P L 86-36 5 DOCID 4273133 'fO SECR E'fh'St i JOf ORH o Execution of purges related to FAA 702 incidents removal from data repositories of records ineligible for retention under the authority o Implementation of a purge adjudication process to better ensure completeness of purges o Development of processes and tools to enhance compliance while reducing the burden on analysts o Training and oversight of targeting adjudicators and o Preparation of additiona 1 management measures including metrics to improve accountability U Continued process improvement TS 81 f fF The Agency has undertaken several reviews of NSA systems and processes as well as the data acquired from communications providers and other Agency sources under FAA 702 authority in response to compliance incidents and questions raised by the Foreign Intelligence Surveillance Court FISC These reviews and other efforts to improve compliance and efficiency of operations have resulted in several changes to the processes and controls supporting the Agency's use of the authority 8 HF SID continues to take steps to improve FAA 702 compliance In addition to FAA 702 training that fo cuses on legal requirements for use of the authority a new course FAA 702 Practical Applications g releasedl iiill3J Pi -ss as _ j I j SID continues to make changes to the targeting tool to support co pliance and increase efficiency see Findings Resolved During the 1 6 3 p LJ -3s 1 _w P 9 b 3 -P L 86-36 SID c mp feted theL Project t9 edfiuce errors in targetfrt 0frr r-equ t Thef most s1gmhcant gaps identi t d included a lack o standardized - eedb a to targetincr ' anal sts''o'for the reasons tarcretincr re uests failed roval f Jf t a insufficient n i a n gement reporting of denied targeting r equests and the need to 'iher se accountability and compliance for targeting Corrective actions in c1udj ng standardized denial reasons - management re orting of denial metri'cs j were implemented ThesL e a- c tJ o-n- s - -r-e d_u_c-e dr-a-v -e r_a_cr_e_ __ weekly demals of tar etin re uests by 24 ercent I ' - ----- - - -- --- -- ------ improved L ------------------------ 6 DOCID 4273133 TOP SE CRET SII HUf' OltN compliance with required interna l procedures for selector management and reduced the risk of incidents U Definitions U Annual Contribution Evaluation ACE The Agency's performance management system based on established individual performance objectives and performance elements sII Pl F Adjudicators Pers n l Lr-- - - - - - - - - - - - - - - - - - - _- - - - r ' 3 -P L 86-36 I 1- with -re s-r orisibility for reviewing and a pproving FAA 702 j targeting reqr-t-le_s_t_s_ - - - - - - - - - - - - - - - - - - - - - - - UI POUO -- -- -- -------- -- -- which provides authorization attributes and access control services to enterprise programs and projects '6R1f -- b 3 -P t 86-36 b 3 -50 usc 3024 il T8 Slf f F Digital Network Intelligence DNI SIGINT detived from communications in volv i ng lnterne t hased -selectors-1 l -- _ I I 8 81 OlF Dialed Number Recognition DNif Colh' dfon pro c ess D from telephony systems I I U Foreignness Assessment and documentation supporting the determination of reasonable belief that a target is not a United States person and is outside the United States I I UI 1- Tj'O UOi A corporate compliance tool that serves as a streamli ne d access control mechanis _ checks that individ'u als meet the ne cessary II lis-sion trru nmg and clearance required for initial account access t9 S1G'iNT tools and databases u10 l I v v '- -H _ - ' _P L 86-36 - o o UI IFO UO Mast r rge ost MPL NSA's central record of SIGINT collection includiiig re ords deri v ed from that collection which NSA has purged The list includesi that h ave been marked for purge or have been purged from j systems that ru e used in sourcing traffic for SIGINT reporting I I TOf' SECRE TtS'8DS1a 'OFO Jl l 7 I I DOCID 4273133 TOP SECRET Sfh'HOF ORH TS 81 HP Multiple Communications Transaction MCT Traffic containing more than one discrete communication This traffic might contain discrete communications that are not to from or about tasked selectors Upstream collection might contain both discrete and MCT traffic and could include MCTs of non -targeted individuals that contain a tasked selector U f' FlEO U O lf A _ d a Jt a base repository that provides storage and b l3' J -- tetrievai o content It is a raw SIGINT storage S ystem ' '''' lt t ol NSA's and ret J ieval mechanism f or S - -IG - lN 'T - a IOI It is a raw SIGINT storage system 'fS SI HF PRISM PRISM refers to the portion ofthe FAA 702 collection architecture wherein individual electronic conununication service providers 1 o o''''''''''' rovi f e J nternet- conHnunieatio-ns l -- ---- -- ---- --- --r----------1 b that in O enel ar n'e liostect bythe b 3 -P L 86-36 _ b 3 -50 usc 3024 i ' - - ______________________ ' '' __ ' ___ o b 3 -P L 86-36 U Purge The on-demand removal of data items rendering them unrecoverable through standard mission data access mechanisms ul I CD l U r I r ' - I - - U If FOUO R aw SIGINT Any SIG INT acquired either as a result of ' L 86_36 search and development or as targeted collection operations against a __ foreign intelligence target before the information has been evaluated for foreign intelligence and minimized in accordance with the applicable set - o of-minimization procedures Ou o dr------------- A controlled information -I D anagem enf syS _tem which is the authoritative data source for a given c n guration managed data element and is governed in accordance with SA C$S Policy I A SID oruanization that Ul leads planning and acquisition efforts fo_'-_ _ _ _ _ _ _ _ ____ collection of intelligence I I U 1f FOuofl A SID initiative wliose obJective was to reduce targeting errors thereby improving processing effi ciency and compliance for FAA 702 tl'ansactions 8 DOCID 4273133 l'OP SE CREl' Sl HOF ORH TS 81 f f Upstream Collection NSA's interception of Internet llo cated on the u nited States' Internet backbone conducted with the assistance of electronic b 3 -P L '86 3 b 3 -50 usc 3024 i communications service providers who are lo cated inside the United -sta es and have been served with FAA 702 directives This collection methodis distinguished from other FAA 702 DNI collection PRISM 'b -y HHHHHHHHHHHHHHHHHHHHHHHHHHHHeommun ieations acquired Ofroml 1 - b 3 -P L 86-36 The targeting tool for submitting DNI and DNR targeting compliant with FAA and other SIGINT authorities H S f SiffHP TOl SECltE 'f1 8iW tftJFtntN 9 DOCID 4273133 an m mm wur URN This page intentionally left blank DOCID 4273133 II U lFOUO FINDINGS RESOLVED DURING THE REVIEW _ U FOUO Incompatibility between Assigned Au o r ilies-1 I land Compliance --- o _y QJs for FAA 702 L ---------' S J NF One ofth primary NSA internal control mechanisms that ensure C'o mpliance with FAA 702 Targeting Procedures is the adjudication of - -- targeting requests before tasking This review confirms that the target and associated selector are tasked under the proper FAA 702 Certification the target is not a USP the target is outside the United States foreign and the determination of reasonable belief of foreio-nness is orooerlv suooorted An b _ _3 -P L 86-36 o U j j VOUO - SV was aware of this gap between the NSA -required internal t 6 3FP b 86 3 6 rol and im lementation of the internal control within the tool and it - was r e S Q lved ---- -- -----------r---------------------------------- o SHNF I n creased Risk of FAA 702 No - - pii a il'c e forl 1 _ _ _ LIT_a_s_k_e_d_ S_e_le _ c_ t_o_r_s_ _ _ _ _ _ _ _ _ _ _ _ _ - Sf N F To support compliance with FAA 702 automated OTR notices that a required review of target communications is due are gener tedl I Iand sent to analyst I lbii L --------------------------- M LV 1 o Jl - - TO'P S'f t ttP T1l t ll 7'ftJFtntlc 11 DOCID 4273133 TOP SECRET SII OF O J U This page intentionally left blank 'f'O P 5'ECltE f1 8i' WOFOttN 12 DOCID 4273133 'fO SE CitE'f Sll tq'Of Oru Ill UNFOUO FINDINGS AND RECOMMENDATIONS U FOUOi Fl NDI NG ONE Performance Standards Performance Metrics and Compliance Enforcement Measures for Targeting and Minimization Procedures Are Incomplete UIIFOUOj Establishing accountability for compliance requires clear performance standards measurement of actual performance against those standards reporting results and implementation of corrective action These processes are not fully developed U Elements of an Eff ecti ve Complia nce Ove rsight Progra m g IF NSA has established a pre-tasking process that includes reviews of targeting requests for compliance with the targeting procedures The targeting request must be ap proved before the selectors are released for 'bj 3 P c 36 tasking- and collection l I ----------------------------------------------- U j JFOUO Effective compliance oversight requires the development of measurable standards against which actual performance can be assessed Comparison of performance against these standards must be reported regularly to management for timely review and follow -up action Together these elements provide the means to establish accountability and initiate action to improve compliance U Shared Responsibility for Oversight S Iqlf Monitoring compliance with FAA 702 targeting and m inimization procedures has become a shared responsibility within the Agency Before 2010 SID SV had primary responsibility for monitoring- the A encv 's application of FAA 702 authg r ity l - -- - - b 1 b 3 -P L s6 36 S H fr' As personnel outside SV assumed more of the responsibility for adjudicating FAA 702 targeting requests l traip_e d new adjudicators b 3 -P L 86-36 13 DOCID 4273133 TOf ECU T fSf tfOF OIUJ and assumed oversight of the targeting queue Statistics on the targeting queue provide an assessment of the timeliness of the adjudication process and t h e means to evaluate the a dequacy of t h e number of adju dicators given the volume of targeting reque_stsA I - - - - --- - _ o o b f ' '' -- b JH L 86-36 _ _ ____ 1-----------------------1- A lt- hough --t- hese L- ------------- -- r----- ------ statistics mtorm management ot the overall processmg of targeting requests they do not provide qualitative information regarding the accuracy of target requests submitted and approved and compliance with the targeting procedures b 3 -P L 86-36 U I j FOU O SV's continuing oversight of analyst and adjudicator performance is effected through reviews of targeting requests see Finding Th ree participation in bi-monthly overseer reviews and ma mtgement of FAA 702 incident reporting Errors identified in targeting 1 equests are communicated to the analyst adju dicator and I 1 After overseer 60day reviews SV prepares feedback briefings to inform adjudicators of overseer findings The briefin gs also provide metrics on the reasons for denial of targeting requests trends identified in SV's review and guidance on FAA 702 targeting procedures Incident reports are also analyzed to identify trends that m ight require action SV's oversight provides a critical assessment of compliance with FAA 702 independent of those requesting targeting This feedback however is not p rovided to the managers responsible for the targeting analysts and adjudicators -- '' ' '' b 3 -P L 86-36 U Development of FAA 702 Compliance Metrics - U I FOU O S2 Compliance FISA Staf J r i i-des some--' etrics for FAA 702 processing and compliance including weekly reports' on the targeting request queue 1 I' I The process to establish complete standards and measures for assessment of compliance continues U I FOUO To support effective monitoring of the Agency's use of FAA 702 authority metrics must be Based on clear and consistent expectations of performance for all targeting analysts and adjudicators within the Agency and J Ul -I ___ _ _ _ _ _ _ _ _ _ _ _ _ _ _ TO P SECltE T1V ibVNOFOttN 14 I DOCID 4273133 TOJl E CitE'fi SI HOF ORti Generate sufficient detail to facilitate action by the adjudicator or targeting analyst b 3 -P L 86-36 U I j JPY0 1 10 The development of these metrics byl li s t associated with the Comprehensive Mission Compliance Program a group of NSA initiatives to achieve reasonable assurance that the SIGINT and Information Assurance missions are conducted in accordance with the laws and policies that protect USP privacy The program includes monitoring and assessments including trend analysis U Incomplete Implementation of Processes to Ensure Ta rgeting Proficiency and Compl i ance Accountability UI IFOUO In 2010 SID comp_l J d thel project a Lean Six Sigma project to reduce t argeting eiTors and improve processing efficiency and cogq liance loi FAA transactions The ro'ect team com rised ersonnel r _rr _ _m_ _____________________ '1' ' - ---- ------- ---- ---' b l3J p 86 3 ' Although several of the recommendafioris' T fom have heen iOlRlemented recommendations that focused on accountability for targeting u r a-cy have n ot The l study recommended for FAA analysts L ----' Employee performance review objectives for compliance with targeting requirements Periodic metrics to leaders in organizations responsible for targeting original focus was on denial metrics for FAA 702 targeting requests and Progressive measures to improve compliance with targeting standards including removal of FAA 702 targeting authority b 3 -P L 86-36 U I FOUO Although not addressed by thel lstudy - i -iiar actiQns are needed to assess monitor and remediate the quality of targeting reviews conducted by adjudicators U If FOUO To measure and increase targeting proficiency oLthe work fo rce including targeting under FAA 702 authority SID r - - - i has developed the Targeting Wor kforce Readiness Standard WRS tional Job Qualification Standard JQS for all Agency personnel involved with targeting Its purpose is to establish the standard targeting tasks along with the knowledge skills and abilities necessary to complete the tasks at a defined proficiency level 4 The standard is supported by training and assessment plans standard tests and on-the-job training evaluations The WRS is under review and not fully implemented Associated development 1 UJ fOUO - A functional JQS defines the standard of performance for a broad SIGINT function such as targeting or reporting and crosses skill communities work roles and personnel types It applies to civilians and contractors as well as military personnel The functional JQS once completed at the specified proficiency level accompan ies the individual across PLs and SID T P EGREF 'ih WOPOtO'JPY 15 DOCID 4273133 I Ol' f Cft E'T 91 ffOf ORN plans and a means to track progress are being created within t h e Associate Directorate for Education and Training 's ADET Enterprise Learning Management ELM arch itecture and include much of the required training classroom and on-the-job for FAA 702 targeting analysts to achieve full proficiency Implementation of the WRS and associated training and assessments will provide a means to achieve accountability fo r compliance with targeting requirements and ensu re training standardization and enforcement Development of FAA 702 metrics based on the WRS proficiency standards would support the performance measurement component of the WRS U JFQUQ RECOMMENDATION 1 U FOUO Establish for FAA 702 targeting analysts and adjudicators ACE performance objectives based on completion of a specified proficiency level of the Targeting Workforce Readiness Standard and ELM training plan Sf I' JF ACTION I 1 U Management Response b 3 -P L 86-36 U f FOUO AGREE SID 1-are preparing an ELM plan for target analysts and adjudicators The ELM plan will be broken down into proficiency levels thereby allowing the analyst to register for the correct training as stated in the ACE objective The ELM p lan for th e Tar geting Workforce Readiness Standard for FAA 702 will be completed 1'---_ 1-fo r i ll National Cryptologic School N CS courses Enforqed registratiori iil the E I -M program and targeting proficiency sta stics to the individual level as weifas- eom pletion rate of any reguired FAA 702 training NCS courses will be co'lnpleted l St uctured onthe -job training will be phased in - - -- ' U Status OPEN - - U Target Completion Date o b 3 -P L 86-36 I I I I U OIG Comment U j jFOUO Planned action satisfies the intent of the recommendation 'f P 5'ECttE 'f 7'8fl7'N0r Rll 16 DOCID 4273133 'fOP SECltE'f Sl tffif OIU U IFOl fOt RECOMMENDATION 2 U FOl fO Develop metrics and management reporting to U IFOUO Measure ta rget ing analyst and adj udicat or complia nce with FAA 702 ta rgeting and minimization procedures and U JFOUO Support ana lysis of t rends indicative of changes needed in t raining or guidance U fFOUOi Coordi nate t his process with the Comprehensive Mission Compl iance Prog ram F ACTION I U Management Respo nse - 9 3 -P L 86-36 o - l a part of the 8 Pl F AGREE SID Lean Six Sigma Team Participants will assess the feasibility of developing metrics to evaluate de-targeting trends and process deficiencies Final implementation will depend on technical capabilities and deployment schedules U Status OPEN h 3 -P L 86-36 U Target Completion Date I I U OIG Comment U I I t 9t J9 Planned action satisfies the intent of the recommendation 17 DOCID 4273133 TOP SECR ET SII OF ORti U This page intentionally left blank 'f'O'P SECRE 'f $ ib$'1 '0POfO'l 18 DOCID 4273133 TOP SE CRETHSI UOF ORH - SH NE FJ N DJN G T W O Certain FAA 702 - Selectors g i6 L -----' b -50 usc 302 i I T$#SiHiVFII I - SHt4Ft Verification that A uthorized Sel ecto rs A re on Collection I'T'O I - Ot o 1 rr - l I - b t1f ' oo b l -1 L 86-36 b 3 -5o u sc 3024 i - S SI N F If II I 'fS SI JNF The OIG's Report on the Assessment of Management Controls to Implement the Protect America Act PAA of2007 ST-08-0001 7 April 2008 1 DJ _ l J b - L 86-36 b 3 - 0 usc 3024 i rr t ' en ' r n I 1 o V ffV o ff'oJ t 1 b 3 -J L 86-36 b ' -f 0 usc 3024 i 19 DOCID 4273133 TOP SBCRET fSI HOf' OltN o - _ - __ - I 6 1l b 3 -P L 86--36 b 3 -50 usc 3024 if U lF6U t RECOMMENDATION 3 h hF - - I - ' I Jf1Q 1'1' nn n b 3 -P L 86 36 b 3 -50 usc 3024 i U lP'6U9t ACTION I b 3 -P 86-36 U Management Response v vo ' AGREE I - - - r b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i U Stat us OPEN U Target Completion Date I 1 b 3 -P L 86-36 U OIG Comment U I F8Y8 Planned action satisfies t h e in tent of t h e recommen dation TaP SECREJ 'J s4 '0PO A' 20 DOCID 4273133 TOP SE CRET SI t OF ORH UNFOUO Fl NDI NG THREE Oversight Requirements of FAA 702 Targeting Procedures and NSA Policy Are Not Fully Addressed TStiSfHNF SV oversight of FAA 702-sourced dissemination has not been modified to address requirements for multiple communication transactions SV is implementing a new process for oversight of audits of FAA 702 database queries U IPOUO Ove rsight of FAA 702 Disse mi nati on S OfF The FAA 702 targeting procedures associated with the 2011 certifications require that SV perform periodic spot checks of intelligence disseminations to ensure compliance with established procedures SV performs spot checks of both serialized dissemination and dissemination of evaluated minimized traffic T I Hfi' FAA 702 minimization procedures establish unique requirements that analysts must implement This includes the requirement that analysts document steps taken to verify that discrete communications within collection containing MCTs are eligible for dissemination SV's spotcheck of serialized dissemination does not include steps to verify that when MCTs were used to support what is being disseminated the MCT documentation required was prepared in accordance with the minimization procedures l 4 bJ 3t P L 8 6-3 21 DOCID 4273133 U TF'Ol f RECOMMENDATION 4 TS ISI fNF Although not required by t he minimization procedures SV should incl ude in the spot-check of serialized disseminations of FAA 702sourced material procedures to evaluate analysts' compliance with the documentation requirements pertaining to disseminat ion based on discrete communications within MCTs The spot-check should also evaluate proper 'b 3'f-P L 86 3s - use ofl lper NSA policy U f81 19t ACTION sv U Management Response r AGREE I - f '' b 3 P L 86-36 I lto nrodif Ythe methodology a nd process for spot-checking disseminations of FAA 702 -sourced I ate rJ al U Status OPEN U Target Completion Date I I U OIG Comment U j jFOUO Closure of this recommendation will be evaluated upon receipt of documentation supporting the action taken U Oversight of Ta rgeti ng Decisions 8 NF FAA 702 targeting procedures require that SV conduct ongoing oversight activities and make any necessary reports including those relating to incidents of noncompliance with the FAA 702 targeting procedures and ensure that necessary coiTective actions are taken to address any identified deficiencies SV achieves oversight of targeting decisions through several means 1 b 3 -P L 86-36 1 SV's review includes analysis of the adequacy of th fQ r _igpn es s s upp o rt for thes e tar geting requests 'b i b 3 -P L-86 6 b 3 -50 usc '3024 i selectors nominated b the CIA 6 '3 iii 8s 3s ---------------------------------------------- TOe SECltE fi 'Sii7'NtJF mv 22 DOCID 4273133 Tffll E CitE'f Slh't OF OffiJ implemented its own process for nominating selectors These are also adjudicated by SV sele ctO'fs bef o r 'lf 3 -P L 86-36 SV reviews sendina them to the overseers bi-weekl SV evaluates the targeting request for incopsistencies or inaccurajcies and might review the sources cited to s u ort foreianness if SV i question s information A fu ll review including sources supporting foreignness is conducted for all targeting requests selected for review by DOJ I 0 D NI Supporting documentation was reviewed for i Iof the____ b 3 -P L 86-36 targeting requests submitted for a recent revtew penod S HF Together these processes give SV a perspective on the qu ality of the FAA 702 targeting and adjudication processes j I I u u I ' u u b 3 -P L 86-36 UI I FOUO An assessment of compliance with the targeting procedures based on SV's reviews of targeting requests is not reported to management Such reporting would a id in identification of t rends analysts and adjudicators whose performance demonstrates a need for additional training and authoritative guidance in need of improvement U If8 RECOMMENDATION 5 U FOYO Periodically provide management an assessment of targeting analyst and adjudicator performance against the legal and pol icy requirements for FAA 702 ta rgeting based on SV reviews of targeting requests Coordinate with FAA 702 metrics reporting see Recommendation 2 U f F9 9 ACTION sv U Management Response U FOUO AGREE Per the requirements of Recommendation 2 j r U Status lwill inc_ p rp _ _ _ l e metrics for management's assess ment OPEN U Target Completion Date I r b 3 -P L 86-36 U OIG Comment U I F8t 8 Planned a ction satisfies t h e intent of t h e recommendation 'f'O P 5'ECltE 'f1WtfJ 'N0Ff J1tH 23 I DOCID 4273133 U Oversight of FAA 702 Raw Traffic Repositories U I jfi'OUO The FAA 702 targeting procedures for the 2011 certifications require that SV conduct periodic spot-checks of queries against repositories containing unevaluated and unminimized FAA 702 traffic All queries of databases containing raw SIGINT content are subject to daily review by auditors assigned to each targeting analyst Under U S Signals Intelligence Directive USSID CR 1610 Section A2 9 auditors must be trained in accordance with SV standards or meet with SV for a briefing on auditor responsibilities before conducting audits USSID CR 1610 a lso requires that SV conduct super audits of all interactive raw SIG INT database systems U I FOUO Daily audits of queries assess compliance with FAA 702 query requirements Oversight of the audits is necessary to ensure that they are properly and consistently executed However such reviews are not performed with regularity SV has piloted and will soon fully implement a new super audit process that will examine the justifications for queries and evaluate query terms for foreignness using various Agency databases U IFQl I9J RECOMMENDATION 6 U IFQYQ Implement the super audit process and provide pe riodic feedback to FAA 702 aud itors and their management on the quality of audit performance U FQl IQJ ACTION SV U Management Response UI FOUO AGREE SID I SV has fully implemented the super audit process for FAA 702 SID requests closure of the recommendation U Status OPE N U OIG Comment U 1 FOUO Closure of this recommendation will be evaluated upon receipt of documentation supporting the action taken TtJ'P SECJtE T'l18117' c0F ftH 24 DOCID 4273133 TOP SE CR E'fi SII tq-Of tUq U FOUO FINDING FOUR Some Documentation Supporting Use of FAA 702 Authority Has Not Been Kept Up-to-Date and Requires Reorganization Across NSA Web Pages UIIFOl JOj Guidance supporting compliant use of FAA 702 authority is maintained in several locations and is not fully organized by subject Some of the guidance is outdated Two Standard Operating Procedures SOPs provide differing guidance on the adjudication process SOPs for some oversight functions have not been developed U Maintenance of FAA 702 Guidance - - U I FOUO Part of the function of NSA's SOPs and other forms of guidance on FAA 702 is to instruct analysts and adjudicators in the proper use of FAA 702 authori ty Included in the guidance are such topics as targeting _ I Jdissemination incident reporting and the requirements for approval of FAA 702 targeting requests bJ 3 P L 8 -36 o o U F QUO These instructions are found in several places including the FAA sv and l I web pages the sv SharePoint site and web pages maintained by individual S2 product lines It is unclear whether some of the guidance is current because it refers only to PAA the predecessor to FAA In addition much ofthe information on the FAA web page is presented as tips or appears in memo ran dum form making it unclear whether it carries the same degree of authority as the SOPs U FOUO The FAA web page which should be the primary source of '6 '3 p L # --- aiithotitativ t r guid ance is owned by- thel SID's FAA 702 Implementa t i o-n--- L-e_a d 'hr-a- s- -rb-e-e -n p 'Tl-ann- tn-g-- to_ __ update the guidance on this site but other priorities such as support for the 2011 FAA 702 Certification renewals required attention - 1 I U Targeting Review Two SOPs S H OIF Two SOPs that provide guidance for adjudication of FAA uests have been issued SV r e ar e d the 25 DOCID 4273133 TOP SECR ET fSf fN'Of ORH and common errot'S It b P' 'l S ' ' contrast the -soP Tlhlished bylists the roles and responsibi es t u -------- - ------- J - - for targeting analysts releasers and adjudicators reviewing FAA 702 targeting activities but does not provide a detailed description of the review requirements Responsibility for training adjudicators now resides in I I which should establish the authoritative guidance to support that training U SOPs for Oversight Activities U I fFOUO SOPs are key elements of a system of management controls They establish performance expectations necessary to achieve corporate objectives including compliance with established authorities U I FOUO The Agency's use of FAA 702 authority is subject to monitoring by SV S2 Mission Support Staff and Agency personnel who oversee targeting analysts including adjudicators As noted already guidance for targeting analysts and adjudicators has been developed by SV and S2 Mission Support Staff It is important for the oversight functions to have documented procedures to ensure consistent execution of these functions despite staff turnover 8 f JF Responsibilities for FAA 702 oversight have changed significantly in the past year SV performs reviews that support assessment of 36 usc g - _ com b 3 -50 3024 i Hanee with the autho ri b a ur sJr-t-a-r-ge-ti- n- g--- lnd 1ssemmatton y D J DNI and manages incident report investigation and follow -up As personnel outside SV have accepted responsibility for review and approval of a significant portion of the targeting requests including adjudicators across the Agency the FAA Implementation Team has assumed r esponsibility for traininp and oversight of adjudicators and monitoring the targeting process L l n s implemented the purge adjudication process to improve the completeriess _a nd accuracy of purges of FAA 702 data SOPs for these oversight functions hav e_not been fully developed b 3 -P L 86-36 U Role of the Rules Management Process U I fFOUO As part of NSA's Comprehensive Mission Compliance Program the role of the o oocl hs to gather ' organize maint_a inr and p rovid e access to the information contained in external - - authorities NSAICSS policy and compliance standards which govern NSA mission activities The FAA 702 guidance should be maintained within this - framework b 3 -P L 86-36 26 DOCID 4 273133 'fOfl SE CR E'f Sl t OF OffiJ U fFOUO RECOMMENDATION 7 U FOUO In accord wit h the Rules Management fra mework establish a process to maintain authoritative guidance suppo rting compliant execution of FAA 702 authority o U JFOUO Organize the information to fac ilitate research by topic o UI fOUO Coordinate changes in guidance with requ ired t rain ing and 1 3 -F L 86-36 o U IFOUO Establish a single SOP as the guidance for adj udication of all FAA 702 ta rgeting reque sts U FOUO ACTION I 'I U Management Response U I IFOUO AGREE The following activities are in progress o 1 lare developing and updating a single SOP for oversight adJUdication and targeting FAA 702 functions and training o J Jwlr-___ __________ jis populating FAA 702 _ - - documentation mto a reposttory In Octo 9 r 20 1 2 sm D - -8 tl Ahel - - 1 to discuss the process ' ' ''' 'and p ro gress w-ith _____ Ito organize the go FAA and 1 jFAA web pages Guidance changes that require updates to NCS courses within the R SK series will be requested via a New Learning Solution In such ci se l lwill be the originator upon coordination with s v In additio n i I see Recommendation 1 will manage chatige to the Targeting Workforce Readiness Standard and ELM training plan _ U Status OPEN U Target Completion Date d t j _ svwill cullaborate _ _ _ s _ _ _ _ _ _ _ _ 82 1 l U OIG Comment U I I- 1LQU9 Planned action satisfies the intent of the recommendation TO P SECltE T1H'ih$'NOFOttN 27 DOC-ID 4273133 This page intentionally left blank DOCID 4273133 U FOUO Fl NOI N G FIVE Increased Automation of Processes Supporting FAA 702 Is Needed to Ensure Compliance and Reduce Errors SttS I tNF The process for purge adjudication and execution relies on manual procedures that might result in incomplete and untimely processing Eligibility for access to FAA 702 raw traffic databases is not verified after user accounts are established Notices supporting required reviews I 1are not automated b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i U Purging of FAA 702 Records U I FCUO The Agency identifies communications that must be removed from its systems by making a determination that content does not meet the standards for retention Such records are ineliO'ible as sources for AO'enc - - reporl t O eb f y are a t e or li T si f nrems thai a ep i r sa r i f 0 e prevent ini'proper us e Q f puige'd records all re c o r 4 Urced to a report are ' Checked against the MPL ' iii 'feaJ time w h n t report i's 'rele'a sed The I lare r sponsible for deleting records from ilieir system b a on an Execute Or ler W _ ich is an authoritative request to remove data i'oii i' theD 1 I Completenes s eLtl J e MPL as a register of records purged and full removal of records from tfie are critical to compliance D I I U I I FOUO FAA 702 records that analysts identify for purge are subject to adjudication by persom J eLinj I The review provides assurance that r ecords ' J l ject-t f'j fi irge are completely id entifi ed It a lso avoid s purging _ records eligible for retention because they were collected under author ities in ad ditio tl F M 7 G 2 I l als o c o o rdinates l ' 'il '3' i '86 36 1 Ito execute the purge order ___ _ _ _ _ _ _ ____ UI l OUO The adjudication process is manually intensiye - - persont el issue o oo o - - 6' the execute order to the L a _p_p_r_o_p_r' ' ' ia_t_ e _s_y_ste_m _ s_a_n_d c onducf'i llow- up without au tom a ted support 1 The manual process ts subJect to error o o I Lack of automation to complete me purge creates me opportunny tor incomplete or untimely TOf' SECRE T $$$'ll0l-r OltlV 29 DOCID 4273133 TOP SECR ETHSflt HOF OiUJ proc _$ sing l 't i - 86- 3 L U I FOUO No instances of inappropriate reporting were identified during this review which did not include testing U FOUO RECOMMENDATION 8 U FOUO Increase automation of the purge adjudication and execution processes to support complete and t imely execution U Foue ACTION 1 'I o' U Management Response o b 3 -P L 86-36 U I FOUO AGREE SID outlined a three-phased approach to develop requirements for automation to improve purge process effidency plan a schedule of work and implement the new capabilities se'e Appendix C for the detailed response U Status OPEN U Target Completion Date I U OIG Comment U I 1GBP QUO Planned action satisfies the intent of the recommendation U FOUO Access Controls over FAA 702 Raw Traffic Databases b 3 -P L 86-36 8 PlF The FAA 702 targeting procedures assoctated wtth the 2011 certifications require that SV establish processes to ensure that raw traffi is accessible only to those who have h a d the proper training Raw traffic derived from FAA 702 collection is maintained inl To obtain a user account and access these databaL se_s_ _u_ s_e_r_s_m _ u_s t b_e_ _ _ assigned to an app Y c Lmission l obtain the 1 l t - r _qg_h d for the database I and take ' ' ' '' o _ fe guired training When a ll of these requirements have been met b 1 1 Ian automated notice that b 3 -P L 86-36 bl' h f Th' permtts esta 1s ment o an account IS process ensures th a t users h ave a mission need to access the information understand the restrictions for handling the data and have been properly trained in FAA 702 requirements ' ''''' b 3 -P L 86-36 ll I not ' P d r - - idt rmation U 1fFOUO jdlres after accounts have been - _tablished j -does not verify that persons accessing FAA 92 r-aw 'fraffic databases continue to meet eJ fgibility criteria ean l e used to verify this information l'began using I TQ P SECRE f SI tlV QFQ RN 30 DOCID 4273133 TOP SE CRETh'Sf tJOF OiUJ 1 lfor this pur p_9 sel _- - - - - - - J - l s for L I_ _ _ Jihave not been established -- U Q iJ o l- f rovid es authorization attributes and access control - s rvices to NSA enterprise programs and projects NSAICSS Policy 6-31 A uthentication and Authorization Services on NSANet Resources 26 July 6 ' 3FP t 6 2QJQ ce q l i f eS that alL l e g Y data repositories and a pplications be ol l eiiii6ie a Accarci P g the ii9 U Y system is enabled when it utilj es attributes about the -us er obtairi tfrom --- T ' applies authori tation lecisions based on those attributt s The Usage Guide states thai a utho rization is based on privileges he ' ld -s-u ' ch -a Js security clearances training comp lete d I l I --------- J L- U I I FOUO Failure to verify user attributes that qualify for raw SIGINT access increases the risk of inappropriate access to FAA 702 raw traffic databases although no such inappropriate access was identified by the OIG during this study U IFOI fOt RECOMMENDATION 9 U lFOUO Establish for repositories of FAA J _0 2 data l I I means Y Xify that usets remain eligible for access I 'il '3 i - as 3ff UffFOUOt ACTION I I U Management Response U I j FOjOI AGREE J P qm g Imanages the mapping of a ccess controls 702 Ito re12ositories Elirribilitv to access FAA data is updated l'J P d r e fl e cted in I lare able to restrict access according to a user's eligibility t 3 I ' 86 3 $tatus This control was previously handled at a system level but is now an a g e d by I ISID requests closure of the recommendatiOn U Status OPEN U OIG Comment o o '' ' ''' ''t' 'l l''n nl U I fFOVO Closure of this recommendation will be evaluated upon receipt of documentation supporting the action taken SN F I Required Reviews of FAA 702 Selectors b 1 S l F Under FAA 702 authority analysts are required before tasking to deter ine that t e intended target i a non-USP reasona ly b 3 -50 USC 3024 i beheved to be outstde the Umted States and confum that the person ts appropriate for targeting under FAA Certifications After taskin g is initiated and collection begins the targeting procedures require NSA to conduct posttargeting analysis designed to detect those occasions when a person who when targeted was reasonably believed to be located outside the Unite d b 3 -P L 86 _36 sel ctors 31 DOCID 4273133 TOP SECRET fSJ 11 JOf' lt M States has entered the United States and will enable NSA to take steps to prevent the intentional acquisition of any communication as to which the sender and all intended recipients are k nown at the time of acquisition to be located in the United States or the intentional targeting of a person who is inside the United States S OlF To ensure compliance with these requirements the Agency has implemented the Obligation to Review OTR process which establishes standards for post-tasking reviews Initial target verification must be completed within five days of receipt of communications for the tasked selector Analysts must confirm that The user of the tasked selector is the intended foreign intelligence target The target remains appropriate under the Certification cited in tasking and is not a USP and The target remains outside the United States or there is no information to indicate that the target is inside the United States S tfF After the initial verification analysts must review sufficient information to verify that no change has occurred in the target's status that h -- would affect eligibility fo r targeting NSA's internal guidance directs that 1 -P -- ----- fuis re v i W i be done at least every 30 days In addition to the 8 g -so Js i requirements for'i' Viewl Ianalysts must d termine whether the collection obtamed IS routinely of a type that m tght reqmre prompt destruction e g domestic communications s 24 Sf SI f fF Automation has been implemented to support compliance with the OTR requirements -- o _ 6 1 -- - b P L 86 36 b 3 so us_c 3024 i o - S I SI I l'fll -- ___ ' - - - - 1_ _ 5 _ __ _ _ _ _ U fOUO Guidance to Analysts on Obligation to Review Data Under Protect America Act and the FISA Amendments Act on the FAA web page 32 DOCID 4273133 TOP SE CRET Sl HOF ORN --- - - b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i U IFOUO RECOMMENDATION 10 o Improve accountability for compliance with NSA's internal OTR requirement - -- b 1 r I - b ' 3 f L 86-36 b 3 5Q u $C -3Q 4 i o - _ l l - - I v lf t' l r I UO QUO ACTION '0 Manageme o t Response I H'3 -P L 86-36 I I AGREE SID rep orts that the re quirei ii ertts l - I are completed I U Statu s I OPEN U Target Com pletion Date I I - U OIG Comment U 7'F888 j Planned action satisfies the intent of the recomm endation 33 I '6 3 -P L 86-36 DOCID 4273133 This page intentjonally left blank 3'4 DOCID 4273133 TOP SE CRETHSII JOF OR P'l U IFOUO FINDING SIX The FAA 702 Curriculum Needs to Be Updated and the Training Requirement Enforced U IPOUOJ Although the new FAA 702 course significantly improved training content additional subjects should be considered and the training should be enforced An online resource supporting adjudicator training is needed U Analyst Training U SID has significantly improved training for FAA 702 U FOUO All personnel with access to FAA 702 raw traffic databases must take the training course FISA Amendments Act FAA Section 702 OVSC 1203 which provides students with an understanding of the legal policies and minimization procedures for this authority '6 3FP c ss 3s - -- - - -- S 0114 FAA 702 Practlc'iiifApplications ____ - --- -- -_ auth rity ' The c ur se is part of the 1 l which 1s estabhshmg common standards and processes for SIG INT targeting and creating training and competency assessment mechanisms to support those standards FAA 702 Practical App lications will provide a tool to improve analyst understanding of how to apply FAA 702 including clear examples of documentation that meets the legal and policy requirements and exercises in the use of the principles Topics covered in the training include targeting requirements selector research documentation required to support the targeting decision approval of targeting requests analyst obligation to review communications to verify that selectors continue to meet targeting requirements and incident research and reporting L I teaches application ofF AA 702 U FOUO FAA 702 Practical Applications does not address certain topics important to compliance with FAA 702 'fS SI 1 N F FAA 702 Practical Applications focuses on targeting and target maintenance Certain matters were not included in the scope of the course including handling of incidents resulting from improper minimization dissemination handling and site tasking Based on interviews with SID personnel and OIG review of the course other matters should be considered fo r addition to the course Explanation of the reasonable belief standard Reporting including the new procedures required for handling MCTs Query requirements and Procedures for sharing FAA 702 -derived in formation within the Agency and disseminating FAA 702 -derived information to customers 35 DOCID 4273133 TOP SECR ET fSf fq Of ORN U ffOUO FAA 702 Practical Applications is not enforced for targeting under FAA 702 authority U I FOUO According to S2 officials completion of FAA 702 Practical Applications is required for analysts who h ave access to data derived from FAA 702 collection The course offers more detailed training in the application of the authority and the potential to improve targeting efficiency and compliance with FAA 702 However the requirement to take the course will not be enforced until ADET modifies the content to address defi ciencies identi fied by I I SID Operations personnel plan to begin b 3 -P L SS e P f rcing the requirement for all analysts with access to FAA 702 information I U Adjudicator Training 8 Sif nF Adjudicators verify that targeting requests meet FAA 702 compliance standards before tasking A sianificant trainina effort was undertaken I 'tij '-P L S -36 - - fbut a standardized online resource is needed to support current 'an -t ' dt u tu _r- e_ adjudicators An online course would provide the basis for performance standards support consistency of training and serve as a ready reference when questions arise U lFOUO RECOMMENDATION 11 U I fOUQ1 Modify the FAA 702 curriculum U JFOUO Include additional training on incidents e g from improper minimization dissemination reporting requirements unique to FAA 702 query requirements sharing of FAA 702-derived information and an explanation of the reasonable belief standard U FOUO Update FAA702 Practical Applications and enforce the requirement for all FAA 702 analysts to complete the course and o UHFOUO Document the adjudicator training and make it available for reference U FOUO ACTION I o b 3 -P L 86-36 TQ P 8EC E T S'8fiS'l'l0rf Htlr 36 DOCID 4273133 U Management Response UI I FOUO AGREE OVSC1203 SV will work with ADET to update th e FAA 702 OVSC 1203 course to r eflect the amended Targeting and Minimization Procedures that the Foreign Intelligence Surveilla n ce Court approved in September 2012 I lwill publish training slides onto the S2 FAA 702 Targeting - Review Guidance web page and work with ADET to update OV _C 1203D -- -1 I - _ CRSK 1304 __1305 ---- up d'ates to FAA702 Practical Applications _ - - CRSK1304T a ld FAA702 Adjudicator Training CRSK 1305 were - co-mpl-eted l I In addition enforced registration in the 'Hj P -k - - ELM program and targeting proficiency statistics to the individual level as -- w ll--aS GBPQJ P t _ tion rate of any reguired FAA 702 traini g N C_S _cour es wtU--h __ ompleted- j Structured on-the-Job trannng wtll be phased in ---- U Status OPE i'r - --- U Target Completion Da te IL ------- 1 U OIG Comment I U I FOUO Planned a ction satisfies the intent of the recommendation U Conclusion U I fFOUo- NSA has designed a system of management controls including training policies processes procedures systems and oversight to ensure compliance with FAA 702 Our recommendations suggest ways to improve the overall control environment in which the FAA 702 authority is used U This review examined the design of the controls Compliance and substantive testing needed to draw conclusions on the efficacy of the management controls will be conducted in a later review TfJ P SECltE 'fWSb$'NfJPOtO'JPY 37 DOCID 4273133 This page intentionally left blank 38 DOCID 4273133 TOP SE CRET Sl HOF ORN IV U OBSERVATIONS U FOUO Procedures to Improve Representation s to the FISC U I FOUO In an operation as diverse as NSA where a multitude of legacy systems are involved in processing and compliance under a given authority it is understandable that variations might exist in systems and manual procedures involved in the application of authority under FAA 702 These variations have the potential to create comytiance concerns when standards are mandated for 1 l r of an auth rity _ NSA expanded its u s e ifVerificati'on of Accuracy VoA procedures to NSA's FAA 702 Minimization Procedures and Affidavits NSA's VoA procedures are to be applied to written representations that describe NSA's acquisition processing retention analysis and dissemination and form the basis of a legal opinion a FISC Order or an Executive Branch decision or authority The purpose of a VoA review is to increase confidence that t he representations made to external entities are accurate and based on a shared understanding among operational technical legal policy and compliance officials The VoA proce dures require all factual statements within the declarations to be verified Subject documents must be reviewed by authorizing individuals identified by senior leaders within the Directorates I b 3 -P L 86-36 U I IFOUO Additional t raining m a intenance of clear and updated guidance and continued implementation of the VoA procedures will provide an increased level of confidence in obtaining a consistent understanding of Agency processes and in the accuracy of representations made regarding these processes to outside authorities see Recommendations 7 and 11 U IFOUO Effect o l o n 9ompliance with FAA 702 'ftJ P J'ECltE T Si%S' 'l Ff J RN 39 I o o o o 3 -P L 86-36 DOCID 4273133 'fOP SECRET fSfiR'tOF ORH U FOUO Effect of Manual Entry of Information on Targeting Requests Sf PlF A significant requirement for processing targeting requests under FAA 702 authority is the documentation of support for analysts' determination that the target is outside the United States and is not a USP bHtr - b 3 -P L 86-36 b 3 -50 usc 3024 i g OlF Before the targeting request is approved adjudicators review the sources documented in the targeting request that support the foreignness of the selector I - - - b l1 - b 3 -P L ss 3s b 3 -50 usc 3024 i TOf' SECRGBP T S'Sfi$'N0Ff Rft' 40 DOCID 4273133 TOP SE CRETHSI NOF OR H V U lFOUO SUMMARY OF RECOMMENDATIONS U FOUO RECOMMENDATION 1 UI FOUO Establish for FAA 702 targeting analysts and adjudicators ACE performance objectives based on completion of a specified proficiency level of the Targeting Workforce Readiness Standard and ELM training plan 51 NF ACTION ' - - - - - - - - - - - - - - ' U Status OPEN b 3 -P L 86-36 U Target Completion Date I 1 _ U FOUOt RECOMMENDATION 2 U FOUO Develop metrics and management reporting to Measure targeting analyst and adjudicator compliance with FAA 702 targeting and minimization procedures and o Support analysis of trends indicative of needed changes in training or guidance U FOUO Coordinate this process with the Comprehensive Mission Compliance Program SffNF1 ACTION U Status OPENI------------ ' b 3 -P L 86-36 U Target Completion Date b I - U FOUO RECOMMENDATION 3 b 3 ' P L 86-36 b 3 -50'U c 3024 i fTSh'Sih'PdF - J I U FOUO ACT ION I 1 _ b 3 -P L 86-36 U Status OPEN L-----' U Target Completion Date I I U FOUO RECOMMENDATION 4 TS SIHNF Although not required by the minimization procedures SV should include in the spot-check of disseminations of FAA 702-sourced material procedures to evaluate analysts' compliance with the documentation requirements pertaining to dissemination based on discrete communications within MCTs The spot-check should also evaluate proper use ofl lper NSA P i Y _ _ U F'OUet ACTION SV b 3 -P L 86-36 U Status OPEN U Target Completion Date I U OIG Comment Closure of this recommendation will be evaluated upon receipt of documentation supporting the action taken I TOP SECRE Tl$'9b 'Nf F JttH 41 DOCID 4273133 TOP SECRET Sfh'HOF ORti U FOUO RECOMMENDATION 5 U IFOUQt Periodically provide management an assessment of targeting analyst and adjudicator performance against the legal and policy requirements for FAA 702 targeting based on SV reviews of targeting requests Coordinate with FAA 702 metrics reporting see Recommendation 2 U FQUO ACTION SV U Status OPEN U Target Completion Date I I b 3 -p L 86-36 U t'FOUO RECOMMENDATION 6 U IFOU Implement the super audit process and provide periodic feedback to FAA 702 auditors and their management on the quality of audit performance U FOUO ACTION SV U Status OPEN SID SV reports the super audit process is fully implemented for FAA 702 U OIG Comment Closure of this recommendation will be evaluated upon rece ipt of documentation supporting the action taken U FOUO RECOMMENDATIO N 7 UNFOUO In conjunction with the Rules Management framework establish a process to maintain authoritative guidance supporting compliant execution of FAA 702 authority o Organize the information to facilitate research by topic o Coordinate changes in guidance with required training and Establish a single SOP as the guidance for adjudication of all FAA 702 targeting requests U FOUQ ACTION ' - - - - - - - - - - - - - - ' U Status OPEN U Target Completion Date _ l H H - H L l_ _ _ _ U FOUO RECOMMENDATION 8 U iFOUO Increase automation of the purge adjudication and execution processes to support complete and timely execution a u N ------ I H HH b 3 -P L 86-36 L-1 U Target Completion Date I U FOU RECOMMENDATION 9 U FOUO Establish for repositories of FAA 702 data l means to verify that users remain eligible for access U FOUO ACTION I 1 - H 'b 3 P L 86-36 1a b 3 -P L 86-36 U Status OPEN SID reports that actions have been taken to resolve the recommendation and requests its closure U OIG Comment Closure of th is recommendation will be evaluated upon receipt of documentation supporting the action taken 42 DOCID 4273133 U FOUO RECOMMENDATION 10 U IfiOUO Improve accountability for compliance with NSA's internal OTR requirement I I ------------- U FOUO ACTION '-------------- 1 U Status OPEN Completion Date b 3 -P L 86- 36 U Target 1 b b 3 -P L 86-36 b 3 -50 usc 3024 i I U IFOUOt-RECOMMENDATION 11 UI FOUOtModify the FAA 702 curriculum o UI FOUO Include additional training on incidents e g improper minimization dissemination reporting requirements unique to FAA 702 query requirements sharing of FAA 702-derived information and an explanation of the reasonable belief standard o U FOUO' Update FAA702 Practical Applications and enforce the requirement for all FAA 702 analysts to complete the course and o U IfOU Document the adjudicator t raining and make it ava ilable fo r reference UI FOUO ACTION U Status OPEN ' - - - - - - - - - - - - - - - ' U Target Completion Date L l_ _ _ _ _ _ - TfJ P SECltE 'f $' J lJ NOPOfb'JPY 43 - b 3 -P L 86-36 DOCID 4273133 This page intentionally left blank 44' DOCID 4273133 TOP SE CRETNSI OF O J VI U ABBREVIATIONS AND ORGANIZATIONS U ADET Associate Directorate for Education and Training U CDW Corporate Data Warehouse S fNF CIA Central Intelligence Agency U DIRNSA Director of NSA 8 SI OlF DNI Digital Network Intelligence 8 SI P F DNR Dialed Number Recognition U DOJ Department of Justice U ELM Enterprise Learning Management U FAA Foreign Intelligence Surveillance Act Amendments Act U FBI Federal Bureau of Investigation U FISA Foreign Intelligence Surveillance Act U FISC Foreign Intelligence Surveillance Court U ISP Internet Service Provider 'PS Sl PoF MCT Multiple Communications Transactions U MPL Master Purge List U NCS National Cryptologic School S OIF NTOC NSA CSS Threat Operations Center U ODNI Office of the Director of National Intelligence U ODOC Office of the Director of Compliance U OGC Office of General Counsel U OIG Office of the Inspector General U OTR Obligation to Review U PAA Protect America Act U P L ---------- P r o d u ct L in e -------------- U - U S-0_2____________S_I_G_IN _T ___P_o h c_ y_a_n_d Corp_o_r_ ate-Is_s_ u_e___ s Staff U _ S 2 __________ S I D_An al 'y si s_ a n d P r o d u c ti o n ________ U I U t i j c -ss- 3s u'f U - U L S - 3 ----------- S I' D D- -ir_e_c- -to_r_ a- te-- fo-r- D -a -t a-A - -c --u- isi t i ' o_n__ - bl U a S ID ------------ S t-gn---- - -s- I- -n- -te lT ''Ig_e_n_c_e D Ir-ect- - orat- -e-------- U SIGINT Signals Intelligence JJ SOP Standard Operating Procedure E IL- ---------- ------ ----- --_____ ___ 1 U SV _ U TD SID Oversight and Compliance Technology Directorate tJ ------------------ ------------------------ V' U U U U P -------- u - U USSID p- e_r_s-o n - --------------------------' United States Signals Intelligence Directive TO ' SECRGBP TIH'itJ 'NOFf JftH 45 DOCID 4273133 'fO SECR E'fh'St i JOf u D U VoA ORH 1 ' '' ' h 3 -P L Verification of Accuracy TOf' SECRETtSl%$'l' 0FO Jl l 46 86-36 DOCID 4273133 U APPENDIX A U About the Study DOCID 4273133 'fOJl f i CMl ISI iNOF URN U This page intentionally left blank 'fOP 8ECR E'fh'8IHHOF ORN DOCID 4273133 'fOP SECRE'f SI t OF OiUJ U ABOUT THE STUDY U Objective U I FOUO The objective of this study was to assess the adequacy of management controls designed to provide reasonable assuran ce of comp liance with Section 702 of the Foreign Intelligence Surveillance Act of 1978 FISA as amended by the FISA Amendments Act of 2008 FAA 702 U Methodology U I fFOUO This study was conducted from March 20 11 to February 2012 and was based on review of published and draft forms of guidance review of certain controls in systems supporting application of the authority and interviews with managers and analysts responsible for targeting approval and oversight subject to FAA 702 requirements This report of the study's findings a lso incorporates information that was provided subsequently primarily with respect to Finding Three Testing of the controls identified will be the subject of a later review U I I FOUO The study was conducted according to the standards of the Council ofthe Inspectors General on Integrity and Efficiency Quality Standards for Inspection and Evaluation January 2011 We believe that t he information derived from interviews and the documentation reviewed provides a reasonable basis for our findings observations and conclusions according to our study objectives U Use of Computer-Processed Data U The use of computer-processed data was not necessary to perform this audit U Prior Coverage U IFOUO Assessment of Management Controls to Implement the Protect America Act PAA of 2007 S OfF The Assessment of Management Controls to Implement the Protect America Act of2007 found that additional controls were needed to verify that only authorized selectors were on collection and that tasked selectors were producing foreign intelligence on the expected targets The study also identified the need for more rigorous controls to increase the reliability of spot checks for PAA compliance PAA was the predecessor to FAA A-1 DOCID 4273133 U fFOUOj Audit of the FISA Amendments Act FAA 702 Detasking Requirements S Pl FtThe 0 G Audit o the FISA Amendments Act FAA 702 Detasking Requirements and that the Agency loes not have a L c_o_n_s ts lt-en --rt -p-ro_c_e_s_s lt_o_e_n_s_u-re- a- s ' e' 'amless transitjon Hom FAA 7 02 authority to FBI FISA b 1 b 3 -P L 8 6-36 A-2 DOCID 4273133 TOP 8ECRGBP 1 8i1 7 i jf fJtU'V U APPENDIX B U FAA 702 Control Requirements and Management Controls TOP 8B CRET Sf tOF OR l l DOCID 4273133 TO P 8ECRGBP 'Ft't'81J 'NOFOitH ST-11- 0009 U This page intentionally left blank 'TOP 8ECRET fSf NOF OR H DOCID 4273133 T ' SECRE'ft 'Silll'idl ORIV U FAA 702 CONTROL REQUIREMENTS AND MANAGEMENT CONTROLS ' b 1 b 3 - P L 8 6-3 6 S II j Many of the internal control requirements are established by the Affidavit of the Director of NSA submitted for each Certification Exhibit A to the Affidavit and Exhibit 8 to the Affidavit Ex 11 It A esta IS es e Agency s FAA targeting procec ures e process or etermmmg at a person L rtar g et e under Section 702 of the Foreign Intelligence Surveillance Act FISA Amendments Act of 2008 FAA 702 authority is a non-U S person USP reasonably believed to be located outside the United States required post-targeting analysis to ensure that the Agency does not intentionally target a person known at the time of acquisition to be in the United States and does not result in intentional acquisition of do mestic communications required documentation of the foreignness determination compliance and oversight and steps required for departure from the procedures Exhibit 8 contains the minimization procedures to be used for information collected In addition to the control requirements estab lished by the affidavits and exhibits the Standards for Internal Control in the Federal Government provide a general framework of controls that should be incorporated into daily operations U This document provides a summary of the internal controls in place to meet these requirements B-1 DOC ID 4 273133 ST-11-0009 Assessm ent Contro l Objecti veo Sou rce Control Descr ipti on Good U TARGETING PROCEDURES 1 I U Determination of Whether the Acquisijion Targets Non-USPs Reasonably Believed to Be located OUtside the United states I U Exhibit A I II SA determines whether a person is a non-USP reasonably believed to be outside the United States in light or the totality or the circumstances based on the information available with res t to the rson l NSA analysts may use Information from one or more of the following to make that determination J hhe selector tasked and support for the reasonable belief of foreignness is also required The Targeting Rationale TAR Statement is also required and documents why targeting is requested and must indicate the tie to a foreign intelligence purpose specific to the FAA Certification under which targeting is requested I I lead information Research in NSA databases available reports and collateral information I Targeting Requirements I i I I SI SI 14F Releaser review Signals lntellioence ISIGINn Directorate Q roduct l ine Pl personnel review I argeting Request s for overall com 1ance WI e c osen ation before releasinq ij for ad'udi tion Adjudication All targeling requests submitted under FAA 702 Certifications must pass this -review for accuracy of processing and compliance with FAA 702 requirements It includes the appropriateness of the target to the ctlrtification Vtlrification of the support for reasonable belief of foreignness confirmation that the most recent foreignness support is used and that the information supports the non- USP status of the target See recommendat ion 11 regarding determination of a single Standard Operating Procedure SOP for adjudication b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i TOP I CitE ft Sit 1 ' j FBRN B-2 It Adeq uate Needs Improvement DOCID 4273133 Assessment Control Objectiveo Source Control Oescr i ption Good 2 U Determination of Whether the Acquisition Targets Non-USPs Reasonably Believed to Be located Outside the United States continued Adequate U Special Processing iBH1 l li The Central Intelligence Agency CIA has its own nomination process Reauesls are reviewed for FAA 702 comoliance bv NSA personnell b 3 -P L 86-36 b 3 -50 usc 3024 1 v pe I orms tne adjudlcatoon rev1ew b 3 -P L 86-36 FBI Tasking Requests The FBI implemented its own nomination process subsequent to the field work on this studyc J I I r 3 To acquire communications about the taraet that are not to or from the target NSA will U ExhibH A Ito ensure Ithat the person from whom nseeks to obtain I P filters are used to ensure that one end of collected communications for DNI selectors is foreign see special requirements for Multiple Communi tions Transac tion$ MCT$ - Mi n imiz- tio n Procedures row 4 It foreian intelliaence Information is located overseas I JNSA Will direCt surve11iance at a party to the communicat ion reasonably believed to be outside the United States 4 I U Assessment of the Non USP Status of the Target b 1 b 3 -P L 86 6 b 3 -50 usc 3024 i U Exhibit A U See Targellng Requirements rows 1 and 2 I nformatio n that NSA examines to determine whether a target is reasonably believed to be located outside the United Slates might also bear on the non-USP status of the target For example b 3 -P L 86-36 it rtJfJ $ECftGBP'fl5'fJN'HfJF RN B-3 Needs Improvement DOCID 4273133 TOP SECRETi$'SM'NfJFfJIM b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i ST-1 1-0009 Assessment Control Objecti veo Source Control Descr ipti on Good 5 To Prevent inadvertent tarQetinQ of a U E hibit A USP I I l tf I b liAf nf It i I The adjudicator's reView verifies the reasonable bel1ef of loretgnness and that there is no contrary information concerning the target's L SP status ' - b 1 lh 13 -P l 86-36 B-4 Adeq uate Needs Improvement DOC ID 4273133 Assessment Control Objectiveo Source Control Oescr i ption Good 6 Assessment of the Foreign Intelligence Purpose of the Targeting iSf11HFt To assess whether the target possesses and or Is likely to communicate foreigtn elli enr information related to a foreign power U Exhibit A The TAR Statement documents why targeting is requested and must indicate the tie to a foreign intelligence purpose specific to the FAA Certification under which targeting is requested This is subject to adjudication NSA considers information a u se ec or g - b 3 P L 86-36 b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i T9P 8ECRGBP'FMi M t'f1Pf1R1'1' B-5 It Adequate Needs Improvement DOCID 4273133 ST-1 1-0009 Assessment Control Objecti veo Source Control Descripti on Adeq uate Good 7 II UIIFel fe7 POST -TARGETING ANALYSIS BY NSA U Exhibit A Post -targeting analysis is designed to detect when a person who When targeted was reasonably believed to be located outside the United States has since entered the Unfted States and will enable NSA to take steps to prevent intentional acquisition or communication in which the sender and all intended recipients are known at the time of acquisition to be located In the United States or the Intentional targeting of a person who is in the United States Such analysis may include Needs Improvement iSffl'll'tNSA's Internal Obligation to Review OTR policy requires analysts to perform reviews as follows Initial collection must be reviewed within 5 days to verffy that the user of the selector is the intended foreign intelligence target the target is appropriate to the FAA Certification under Which ft is tasked and the selector is not in the United States or a USP - o 1 b 3 -P L 86-3 ' o 3 -50 usc J 24 i Collection must be reviewed at least every 30 days to affirm the target's foreignness and non-USP status and verily that information obtained is not or a type to require immediate destruction e g o domestic communications ' i I I I L b 1 b 3 -P L 86-36 b 3 -SO usc 3024WJp SECRGBP'f 'SM'i '''BF'Bfi JV' B-6 r o DOCID 4273133 Assessment Control Objectiveo Control Oescri ption Source Good 8 Ill U DOCUMENTATION U Exhibit A -tei 'HftAnalysts who request tasking will document in the tasking database a citation or c ations to the information that led them to reasonably believe that a targeted person is located outside the United States Before tasking is approved the database entry lor that tasking will be reviewed to verily that the database entry contains the necessary citations wi ll ma1ri am WhiCh NSA nalvs ts 111ec J I ec alon v- Uenable hoSe responsible lor conducting oversight to te and review the information that led NSA analysts to conclude that a target is reasonably believed to be located outside the United States targeting requests submitted under FAA 702 Certifications are subject to review by an adjudicator lor verification of compliance w h requirements including appropriateness of the target to the Certification support lor determination of foreignness and USP status and foreign intelligence purpose The adjudicator is responsible l or ensuring that the support lor reasonable belief of foreignness is documented in a database maintained by SID SV 9H'NFt The targeting system requires the analyst to choose from a menu of foreign intelligence purposes specific to each FAA 702 Certification -Once the certification is chosen the analyst must select a f - - - - - -' ' associated h that certification II t-- _ is not in the menu the selector cannot be tasked under FAA authority A citation is a reference that identifies the Isource n the r rm ti o I II b 1 b 3 -P L 86 36 b 3 -P L 86-36 b 3 -50 usc 3024 i also will identify the foreign power lab iut which they expect to Jl- o ot a ' on 'r cor 'e 'IQ n 'o nt 'ee r llli g ence 9 IV U OVERSIGHT AND COMPLIANCE U SV with NSA's OGC v ll develop and deliver training to ensure that personnel U ExhiM A U Adjudicators are subject to the same training requirements as analysts They also have received in person training on the targeting review process Documentation standardizing the information provided re$pon$i ble for pproving t rgeting of person$ in this training has no t been made available online for reference by the under FAA 702 as well as analysts with access to the acquired foreign Intelligence Information understand their responsibilities and the procedures that apply to this acquisition U SV and OGC developed the FISA Amendment Act FAA Section 702 course OVSC1203 when FAA was implemented It focuses on the legal requirements of FAA adjudicators U A new course FAA 7 al Applications CRSK1304 was made available It provides analysts h detailed examples of use of the authority e requirement for s completion is not yet enforced see Recommendation 11 b 3 - P L 86 - 36 'f F 8ECRGBP'f i'SMS'W1PEURJR JPY B-7 Adequate Need s Improvement DOC ID 4273133 ST-11-0009 Assessm ent Contro l Objectiveo Sou rce Control Descr iption Good 10 U SV has established processes lor ensuring that raw trallic is labeled and stored only in authorized repositories and is accessible only to those who have had the proper training U Exhibit A ' Needs Improvement Adequate U AII collection stores must be compliance certified before they can be used to process or store FAA 702 data U All FAA 702 systems are certified lor purge and access functions U To obtain access to the FAA 702 databases indMduals by their suoervisor appropriate clearances supeiVlsor must request in the System and required training verv1ew Of Intelligence AU1nontles USSID 18 Legal Compliance and Minimization Procedures and OVSC1203 I 3 -P L 86-3 must have an approved mission entered inl Bl'ISh'I'UFj Requests lor analysts' access to - _ o iw l Ont atntng Ff A 702 data OUSt oe suomtnea oy an access sponsor access must be approved by thec Jowner U SV reviews requests lor compartmented accesses verifying that the analyst has required training and an appropriate justification for access e g includes mission unction targets requiring FAA access I d e not able lo veilfy an account hoidePs conbnu1ng I eilgtbtilty to access FAA 702-derived collection Eligibility is determined when the account is established Compliance with annual requirements to update tralnjng i Do t Jerified at sign- on alter a SSP' 'P' thit was c om eted lor in a system update see Recommendation 9 sr up b 3 -P L 86-36 B-8 6 1 o 3 -P L 86-3 o 3 -51 u s c J 24 i DOC ID 4273133 Assessment Control Objecti veo Source Control Oescr i ption Good 11 U SV will conduct oversight activities and will make necessary reports including those relating to incidents of non-compliance to the NSA Inspector General and OGC Needs Improvement Adequate U Incident Reporting - see row 13 U Exhibit A SV performs the following oversight activities -1 lnewly tasked or retasked before sending to DOJ and Office of the Director of National Intelligence ODNI bi-weekly -tef1Nf7 SV will also ensure that corrective actions are taken to address identWied deficiencies To that end SV will conduct periodic spot checks of targeting decisions and intelligence disseminations to ensure compliance with established procedures and conduct periodic spot checks of queries in data repositories 0 1 b 3 -P L 86-3 b 3 -50 usc 3 24 i I - Review targeting support lor the bulk of items requested by DOJ ODNI for the 60-day review II support is insufficient v wnltouow up wnn tne adJUOicator eting analyst lor additional support or corrective action including possible detasking -- __ b 3 -P L 86-36 I It Spot check serialized reports based on FAA 702 information rellQr S containing USP identifiers and evaluated minimized tralli C I ng oo discrepancies Provide record of all FAA 702- derived dissemination lor review by DOJ ODNI and follow up on any issues identified in their review SV's soot check of serialized disseminations does not include procedures verfficat1on or a n lyst s compliance vntn the mtntmiZalion procedures' documentation requirements for dissemination derived from MCTs see Recommendation 4 - b 3 -P L 86-36 - Oversight of Queries All queries are reviewed daily by auditors in the SID production centers SV has not conducted reviews of auditor performance consistently see Recommendation 6 12 UJtF61 1ei DOJ and ODNI will conduct oversight of NSA's exercise of FAA 702 authority which will Include periodic reviews by DOJ and OONI personnel to evaluate the implementation of the procedures Such reviews will occur at least once every 60 days U Fet ej SV coordinates bi-monthly reviews by DOJ ODNI of targeting and dissemination including responding to questions raised and providing feedback sessions to adjudicators on the overseers' findings U Exhibit A DOJ performs reviews every 60 days covering all tasking and dissemination for a two-month period Every 15 days SV sends a document to DOJ lor each certnication one each lor DNI and ONR listing all the k y fields lor the review II It -- -- - _ _ _ _ o1tne selectors cnosen tor reVIew material lor each selector v DOJ sends NSA a spreadsheet must gather all supporting TtJ'P ECftt 'f 'filt NfJ FtJRN B-9 - b 3 -P L 86- DOCID 4273133 ST-1 1-0009 Assessment Control Objecti veo Source Control Descripti on Good 13 U NSA will report to OOJ and OONI incidents of non-compliance with these procedures by NSA personnel that resun in the intentional targeting of a person reasonably believed to be located in the United States the intentional targeting of a USP or the intentional acquis ion of communication in which the sender and all intended recipients are known at the time of acquisition to be located within the United States U Exhibit A Adequate U Incident Research Reporting U SV and the targeting team research POtential incidents jointly SV maintains records of the incldents ' r- -' I lin a -SharePolnt aataoase v manages the loi Ow-up process to produce the required notice to OOJ OONI w ithin 5 business days of confirmation of an incident o - - -- b 3 -P L 86- U NSA will provide such reports within 5 business days of learning of the incident I 1 b 1 L--------------------1 b 3 -P L 8 OGC reviews the incident and uHimately determines whether meets the cr eria for reporting to DOJ ODNL For incidents of noncompliance m h procedures e g failure to appropriately detask a selector over- ollection NSA must explain why it happened and what steps were taken to remediate the ma er e g purge data provide addhional training DOJ detennines whether the ma er must be reported to the FISC in accordance with Rule 13 b of the FISC Rules of Procedure UHFe le7 The Target of Primary Interest TOP I provides SV w h the parameters lor necessary purge o oll ct on sy enters his jn he incident record in Share Point s2 r l ses this inlonnation to in ia I purge process venfymg that jthe i5trameters include all affected collection m hout ouraino information eliaible for retention I e e II U Information acquired by intentionally targeting a USP or a person not reasonably believed to be outside the u nned States at the time of such targeting will be purged from NSA databases Needs Improvement I I I' ne purge process L r ' eri 'oe s ' ' o 'n 'm an 'u 'ar r p 'ro 'c ' ea 'o ' ur ' es - tra cr e' ' a 'e 'a ns Ko l incomplete or untimely purge execution see Recommendation 8 b 3 -P L 86-36 B-10 -36 b 3 -50 US 3024 i DOCID 4273133 T f' SECRGBP T 'fj' $'1 F fflRlJPY Assessment Control Objecti veo Sou rce Control Oescr i ption Good 14 NSA will report to OOJ and ODNI incidents U Exhibit A of non compliance including over- ollection by any electronic communication service provider to whom the Attorney General and Director of National Intelligence Issued a directive under 702 Such report will be made within 5 business days after determining that the provider has not complied or does not intend to comply with a directive 15 In the event that NSA concludes t hat a person is reasonably believed to be located outside the United States and after targeting learns that the person is inside the United States or if NSA concludes that a person who at the time of targeting was believed to be a non USP was in fact a USP it will take the following steps 1 Terminate the acquisition without delay If NSA inadvertently acquires a communication sent to or from the target while the target was located inside the United States including communication in IM ich the sender and all Intended recipients are reasonably believed to be located inside the United States at the time of acquisition such communication will be treated in accordance with the mi n im iz tio n procedures 2 Report the incident to OOJ and ODNI within 5 business days T n31ii14r Per OGC the same incident reportinQ process is used for matters involving providersQ i ncident reports as a resutt of prb der error have been filed with the Fl c Need s Improvement Adequate - - - _ _ _ _ - ti U Exhibit A I 9fi61J 'UF It is the analyst's responsibility to follow up onl information from review of traffic and detask all related selectors promptly if the target is in the United States or identified as a USP the primarv user is not the target An incident is initiated ntihcatio' of roainino or a rev1ew of collection The target1ng team works with SV to document the incident lnformatii n captured in the Incident Report database includes the detasking date whether other selectors associated with the target were detaske d and parameters for purge of communications collected that are ineligible for retention SV follows up with PL personnel to ensure that the incident record is complete including entry of purge criteria ehicior management 1 c ent o absence I p respons1o1e ensures thatl haridled timely_ _ re Qardless of anal t T9P 8ECRGBPr 5'SM ''f1Pf1Rl'l' B-11 f r turnover o r Note lmplement lt ion oil lwill add controls over the process including a requirement for PL management to document their review that the incident record is complete U See Row 13 - Incident Reporting b 3 -P L 86-36 i b 3 -5 usc 3024 I tor time y ouow-up b 3 -P L 86- r J b 1 I I I I I ti - - b 1 b 3 -P L e -36 DOC ID 4273133 TOP SECRETA'S IAS lf -FfJRAr ST-11-0009 Assessm ent Contro l Objecti veo Sou rce Control Descr ipt i on Adequate Good 16 V U DEPARTURE FROM PROCEDURES U 1 According to OGC such actions would be coordinated by that department and involve personnel at the highest levels of the Agency DOJ OONI would be notified No specific procedures or controls have been developed U Exhibit A If to protect against an immediate threat to national security NSA determines that must take action temporar ily in apparent departure from these procedures and is not feasible to obtain a timely modification of these procedures from the Attorney General and Director of National Intelligence NSA may take such action and will report that actMt y promptly to DOJ Under such circumstances NSA will continue to adhere to all or the statutory limitations set forth In the Act Needs Improvement U MINIMIZATION PROCEDURES 1 Ill U Acquis ion and Processing -General a Sii Sini4F Acquis ion or information by targeting non-USPs reasonably believed to be located outside the United States pursuant to FAA 702 will be ellected in accordance with an authorization made by the Attorney General and Director of National Intelligence and will be conducted in a manner designed to the greatest extent possible to minimize the acq u is i on or Information not relevant to the authorized purpose or the acqui s ion U Exhibit B Section 3 See targeting and adjudication processes foreignness criteria TAR etc rows 1 through 6 of Targeting Procedures 1 --- b 1 II UI manaaes over-collection events II FAA or they may stop collection 75 I ' ' b 3 -P L 86- 6 query procedures define specific requirements lor use In query selection terms Daily aud s or queries broad queries excessive targe 1ngj B-12 Iidentffy overly b 3 -P L e -36 b 3 -50 us c 302 DOC ID 4273133 Tf ' SECRET VSMS' fJfYJRN Assessment Cont rol O bj ecti veo Sou rce Con t rol Oescr i ption Good 2 b U Monrtoring Recording and Processing U Exhibit B Section 3 1 SHel iiJF Personnel will exercise reasonable judgment in determining whether information acquired must be minimized and will destroy inadvertently acquired communications of or concerning a USP at the ea iest practicable point in the processing cycle at which such communication can be identHied either as clearly not relevant to the authorized purpose of the acquisition e g the communication does not contain foreign intelligence information or as not containing evidence of a crime that may be disseminated under these procedures co lection and whether the communication is foreign or domestic an incident is reported from improper acquisition of such communications there is no review process to ensure that analysts ident y and destroy them as required The cost of such control would be prohibrtive The requirement is that all identified issues o f improper collection be reported to SV and an Incident lnrtiated Performance standards and analysis o f actual versu s expected performance could improve accountabilrty for compliance see Recommendations 1-4 U Examination of retention controls was not included in this review 4 As a communication is reviewed analysts will determine whether ft is a domestic or foreign communication to from or about a target and is reasonably believed to contain foreign U Exhibit B Section 3 intelligence information or evidence of a crime Only such communications may be processed All other communications may be retained or djssemjnated only in accg rdance w jtb wocedures I proVIaes a reclton tor retention destruction on the basis 1- ft nemer me arget was outside the Unrted States at the time of -f6HNF7 Unless l'S 'I SI HIIF Except for Internet transaction from upstream collection such inadvertently acquired communications of or concerning a USP may be retained no longer than 5 years from the expiration date of the certification authorizing the collection 3 Need s Improvement U Fe 16' The FAA 702 training course OVSC1203 specifies the steps analysts are to take to analyze communications for eligibility for retention II b 3 -P L 8 Adequate II II b b -P L 86-3E b -50 usc 3 24 i I provides direction for retention destruction on the basis or whether the target was outside the Unrted States at the time of collection and whether the communication is foreign or domestic This is covered in detail in OVSC 1203 the required FAA 7021raining U See also Obligation to Review - row 7 o f Targeting Procedures I U IFel let Parameters for purge or collection associated with an incident are provided to SV by the TOP I and recorded i n the incident record In SharePoint 52 Purge and Pretasking Compliance uses this to initiate the purge process verffying that all affected collectinn i identified Without ouroina inrnrmotinn elioible lor retention r 1- v penorms IOIIOW UP that Purge and Pretasking Compliance has updated the incident record with the status o f purge completion The purge process relies on manual procedures tha t create a risk of incomplete or untimely purge execution see Recommendation 8 p 3 -P L 86-3 plo ver y SV works with TOPIs to prepare destruction waivers for objects that meet purge crrteria and contain significant foreign intelligence value or evidence or a crime or threat of harm The Destruction Waiver must be approved by DIRNSA T9P SECRGBPr i'f N 5 1'f1F RN B-13 iii DOC ID 4273133 ST-11-0009 Assessm ent Contro l Objecti veo Sou rce Control Descr ipti on Good 4 Ill b S TGVGI ' tiF Processing of Internet Transactions Acquired through NSA Upstream Collection Techniques a TG GI ftlf NSA will take reasonable steps after acquisnion to identify and segregate through technical means lnlernet t ransactions that cannot be reasonably identnied as containing single discrete communications in which the active user of the transaction i e the selector used to send or receive the Internet transaction to or from a service provider is reasonabl believed to be located In the Unned States U Exhibit B Section 3 Ill b S b T 6 ' 61 1 t lF NSA analysts seeking to use a discrete communication wnhin an Internet transaction that contains multiple discrete communications II assess whether the discrete communication 1 is a communication in which the sender and all intended recipients are located in the Unned States and 2 is to from or about a tasked selector or othe se contains foreign Intelligence information Ill lbll5lb 3 Needs Improvement 'f3iil liti 4F The Technology Directorate developed procedures to analyze upstream collection Data permitted for use by analysts must have the active user sender or recipie the target or be outside the United States currently approximately of upstream collection Data is sequestered when ihe active user is reasonablv believed to be in the unned States l I There is no training on use of MCTs at this time see Recommendation 11 -- - - - b 1 I b 3 -P L 86-36 b 3 -50 usc 3024 i I a 1 -ffG ' 61 t l fi Such segregated communications v ll be retained in an access controlled repository accessible only to NSA analysts trained to review such transactions for the purpose of identifying those that contain discrete communications in which the sender and all intended recipients are reasonably believed to be located in the United States 5 Adeq uate ti U Efforts are ongoing to develop procedures for removing data from sequestration and special training for analysts who II process this data no recommendation - in process Prt'V' tl U Exhibit B Section 3 are tit o m nt tl for use of uostream collection ti rra1n1ng on application or tnese_proceaures nas not oeen aeveropea see Recommendation 11 - b 1 b 3 -P L 86 -36 lbll3l-50 usc 3024 il 1'8 8ECRGBPTiVf 'MUfJ F RN B-14 DOC ID 4273133 Tf P RECRGBPTA'SIAS lf F@RN Assessment Control Objecti veo Source Control Oescr i ption Good 6 Ill b 6 'f3l1S i ii14 Magnetic tapes or other storage media containing FAA 702-derived communications may be queried to ident y and select communications for analysis Query terms used will be limited to selection terms reasonably likely to return foreign intelligence information Identifiers of an identifiable USP may not be used as terms to identffy and select for analysis any Internet communication acquired through NSA's upstream collection techniques S Sii 14F Any use of USP idenmiers as terms to Identify and select communications must first be approved in accordance with NSA procedures NSA will maintain records of all USP identifiers approved for use as selection terms 7 Ill c U Destruction of Raw Data Communica t ions acquired under FAA 702 authorities other than through upstream collection that do not meet the retention standards set forth in these procedures and that are known to contain communications of or concerning USPs will be destroyed upon recognition and may be retained no longer than 5 years from the expiration date of the certification authorizing t he collection U Exhibit B Section 3 Adequate Needs Improvement Guidance on queries of FAA Databases states that NSA may not use USP names or i dent i ers as selection terms When reviewing collected FAA 702 data U If6l le1 Queries are subject to review by auditors in the 52 production centers to verify that the query has a foreign intelligence purpose within mission scope and reasonably excludes protected data U Reviews or the audits performed by PL personnel have not been regularly executed by SV to ensure quality of the audit process see Recommendation 6 b 1 b 3 -P L 86-36 b 3 -50 sc 3024 i U ExhiM B Section 3 b 3 -P L 86-36 I 1provides direction for retention destruction II on the basis of whether the target was outside the United States at the time of collection and whether the communication is foreign or domestic This is also covered in detail in OVSC1203 the required FAA 702 training U See also Obligation to Review- row 7 of Targeting Procedures A matrix of scenarios reasons purge action is required is documented for authorities including FAA 702 Purges are identified as part of the incident investigation process SV and the TOPI capture the purge parameters in the incident record on the SV SharePoint site The purge adjudication team P lrforms research to ver v completeness of items identified for ourae JPurge II aaJUotca oon ana execu ton ts manua ana suo eCI o error a ec tng completeness and timeliness see Recommendation 8 - I U Fetlet Purae Process are responsible for detettng records from their system on the basis of a Purge Execute Order to prevent improper use of purge records to support reporting b 1 b 3 P L 86-36 b 3 50 usc 3024 a f91 SI 1 14Fl l tU Retention -outside scope TQP J'BCRE 'FMi M 'I'fJ PB Uf B-15 I I a 3 -P L 86- 6 DOCID 4273133 ST-1 1-0009 Assessment Control Objecti veo Source Control Descripti on b 3 -P L 86-3E 8 Internet transactions that are acquired through NSA's upstream collection and do not contain information that meets the retention standards set forth in these procedures and that are known to contain communication of or concerning USPs will be destroyed upon recognttion All upstream collection may be retained no longer than 2 years from the expiration date or the certification authorizing the collection The Internet transactions that may be retained include those that were acquired because of limitations on NSA's abiltty to filter communications U Exhibit B Section 3 lll d U Change in Target's Location or Status U Exhiott B Section 3 Good Needs Improvement Adeq uate U See also Obligation to Review -row 7 of Targeting Procedures I provides direction for retentoonidestruct1on on the basis of whether the target was outside the Untted States at the time of collection and whether the communication is foreign or domestic This is also covered in detail in OVSC1203 the required FAA 702 training U if6t l67 The need to purge communications is identified as part of the incident investigation process SV and the TOPt capture the purge parameters in the Incident record on the SV SharePolnt stte The purge adjudication team performs research to verily completeness or ttems identified for purge Purge adjudication and execution is manual and subject to error affecting completeness and timeliness see Recommendation 8 li b 1 b 3 -P L 86-36 b 3 S usc 3024 i U Retention -outside scope 9 In the event that NSA determines that a person reasonably believed to be located outside the Untted States and after targeting the person learns that the person is inside the United States or if NSA concludes that a person who at the time of targeting was believed to be a no USP is in fact a USP the acquisition from that person wilt be termtnateCI WithOut Cletay 3il3tn i4Fj Communications acquired through the targeting of a person who at the time of targeting was reasonably believed to be located outside the United States but was in fact located inside the United St ates at the time such communications were acquired and any communications acquired by targeting a person who at the time of targeting was believed to be a non- USP but was in fact a USP will be treated as domestic communications U See also Obligation to Review -row 7 of Targeting Procedures Detasking guidance states that analysts are responsible lor detasking a selector upon review of content indicating that the selector is used by a USP confirmation that the selector is beim used bY an individual in the United States 1 b 3 -P L 86-3 b 3 - 50 USC 3 24 i It U See row 7 for purge procedures rtJtJ J'ECftGBP'fi 'M'f'l'ereR I' B-16 DOCID 4273133 TtJf' SEeRGBP TtS'5 bSS'lfJF9RA' Assessment Control Objectiveo Source Control Oescr i ption Good 10 IV 071'1f't Acquisition and Processing - AttorneyClient Communications U Exhibit B Section 4 1 ' As soon as it becomes apparent that a communication is between a person whO is known to be under criminal indictment in the United States and an attorney who represents that individual in the matter monitoring of that communication will cease and the communication will be identified as an attorney-client communication in a log maintained for that purpose The relevant portion of the communication containing that conversation will be segregated and the National Security Division of DOJ will be not ifled In addition all proposed disseminations of information constituting USP attorney -client privileged communications must be reviewed by OGC before dissemination 11 V U Domestic Communications fFBHBih'UF A communication identified as a domestic communication will be promptly destroyed upon recognition unless DIRNSA or Acting DIRNSA specifically determines in 1vriting that it meets certain criteria e g contains significant foreign intelligence evidence of a crime U Exhibit B Section 5 1 OGC reports that no instances of such collection have been identified to date by NSA analysts and therefore no log has been initiated Such insta nces would be rare e g it would occur only if a person reasonably believed to be outside the United States targeted by NSA Is known to be under Indictment In the United States and NSA intercepts a communication between the target and an attorney representing that foreign person in the U S legal proceeding Communication that is determined to be domestic does not have at least one communicant outside the United States will be promptly destroyed upon recognition unless DIRNSA specifically determines in writing that the communication may be retained SV works with TOPis to prepare destruction waivers This process is monitored as part of the follow-up on Incidents and purges Adequate N A li 8HSI FtiF If a domestic communication indicates that a target has entered the United States NSA may advise the FBI of that fact 12 VI U Foreign Communications of or Concerning USPs a U Retention Foreign communications of or concerning USPs may be retained only if necessary for the maintenance of technical databases if dissemination of such communications with reference to such USPs would be permitted under subsection b or if the information is evidence of a crime and is provided to appropriate federal law enforcement authorities U Exhibft B Section 6 T aSIHI 4F Communication resulting from the targeting of a person who was reasonably believed at the time of targeting to be a non-USP located overseas but is later determined to be a USP or a person in the United States will be promptly destroyed upon recognition unless DIRNSA specifically determines in writing that the communication may be retained SV works with TOPis to prepare destruction waivers This process is monitored as part of the follow-up on incidents and purges Tel' 8ECRGBP'F S'6'J VA'fJH JifN B-17 li Needs Improvement DOC ID 4 273133 ST-11-0009 Assessm ent Contro l Objecti veo Sou rce Control Descr ipti on Good 13 VI b U Dissemination A report based on communications of or U Exhibn B Section 6 concerning a USP may be disseminated in accordance with Section VII or VIII if the identity or the USP is masked OtheiVtise dissemination of intelligence reports based on communications or or concerning a USP may be made only to a recipient requiring the identity of such person lor the perfonnance of official duties that meet certain criteria 14 VI c Provision of Unminimized Communications to CIA and FBI U II'OI tej This restriction on dissemination is not unique to FAA 702 and is consistent with procedures required by Executive Order E O 12333 Adeq uate It b 1 bH3i-P L 86-36 U Exhibn B Section 6 I ' ' ' ' 1 NSA may provide to the CIA and FBI unminimized communications derived from FAA 702 collection iscussion of FAA 702 collection wnh CIA FBI If IC analys ts l It have their own copy of the data provided through CIA nomination or FBI dual route NSA analysts may discuss the information with them They may not provide copies of the information to IC personnel This is addressed in required NSAICSS Policy 11 -1 Information Sharing 15 VII U Other Foreign Communications U Foreign communications of or concerning a non-USP may be retained used and disseminated in any form in accordance with other applicable law regulation and policy U ExhiM B Section 7 U Fel letDissemlnation Is handled In accordance wnh the Foreign Intelligence Surveillance Act Amendments Act of 2008 the Minimization Procedures Used by the National Securny Agency in Connection vtnh Acquisitions of Foreign Intelligence Information Pursuant to Section 702 of the Foreign Int elligence Surveillance Act of 1978 as Amended DoD Regulation 5240 1 R Procedures Governing the Activities of DOD Intelligence Components That Affect United States Persons and the Classified Annex to Department of Defense Procedures Under Executive Order 12333 'f'B SECRGBPT i'f NMW1PEURJRN B-18 It Needs Improvement DOCID 4273133 Assessment Control Objectiveo Source Control Oescr i ption Good 16 VIII Collaboration with Foreign Governments a Procedures lor the dissemination of evaluated and minimized information Information acquired under FAA 702 may be disseminated to a foreign government Other than in cases lor linguistic assistance by a foreign government Section VIII b dissemination to a foreign government of information of or concerning a USP may be done only in a manner consistent with subsections VI b and VII rows 13and 15 U Exhibit B Section 8 _Sharina Evaluated and Minimized Adequate Needs Improvement b 3 - P L l Fvoh t O and minimi7er1 1 1 1 I b 1 b 3 -P L 86-36 b J -50 JSC 3024 i b Procedures lor technical or linguistic assistance Communications that because of their technical or linguistic content may require further analysis by foreign governments to assist NSA in determining their meaning or signfficance NSA may disseminate items containing unminimized FAA 702 information to foreign governments lor analysis under certain restrictions - The_provision lortechnicalllinlluistic assistance Documentation is developed case by case Consideration snoUia oe given to documentation of this process U MANAGEMENT CONTROLS B-19 DOC ID 4 273133 ST-11-0009 Assessm ent Contro l Objecti veo Sou rce Control Descr ipti on Good Adeq uate Needs Improvement 1 U Activities must be established to monitor performance measures and indicators Controls should be aimed at validating the proprtet y and integrijy of organizational and individual performance measures and indicators U Standards lor Internal Control in the Federal Government U Annual performance objectives l or compliance vMh FAA 702 requirements associated policy and SOPs have not been established see Recommendation 1 ti 2 U Information should be recorded and communicated to management and others within the entity who need ft and in a form and within a time f rame that enables them to carry out their internal control and other responsibilities U Standards lor Internal Control in the Federal Government U Comparison of actual performance to established standards lor compliance activities associated with FAA 702 are incomplete see Recommendations 2 4 5 and 6 ti 3 U Internal control monitoring should assess the quality of performance over time and ensure thai findings are resolved It includes regular management and supervisory activities such as ongoing comparisons and reconciliations to ensure that controls are functioning properly U Standards lor Internal Control in the Federal Government 4 U Access to resources and records should be limited to authorized Individuals U Standards lor Internal Control in the Federal Government b 1 b 3 -P L 86-36 b 3 -50 l sc 3 U To share FAA 702 information with other NSA analysts steps must be taken to ensure that the individual has the proper clearance This information is not addressed in the required FAA 702 training and guidance is not included on the FAA web page see Recommendation 11 TrJ M CttEf M YNtJ FfJRN B-20 ti DOCID 4273133 'f P ECttE T11Sl i7v F RJV U APPENDIX C U Full Text of Management Response TOP 8ECR ETHSV HOf OKJq DOCID 4273133 TOP tiECR E Tt7Sh51 0 FORl ST-11- 0009 U This page intent ionally left blank TOP SECR TNSV fOf OR ti DOCID 4273133 SIGNALS INTELLIGENCE DIRECTORATE memorandum 22 February 2013 FROM Signals lntelllgence Directorate SID TO Office of the Inspector General OIG ATTN L------ _ - b 3 -P L 86-36 b 3 -P L 86-36 SUBJ U ffltffltSIDResponse to the Revised Report on the OIG Assessment of Management ControlsOver FAA 702 ST 11 0009 U Thepurpose of this memorandum is to provide SID's revised response to the subject report which includes updates to corrective action plans content adjustments and technical miJmtiaeto ensure accuracy U IfFOOet Sl Dreviewed the revised report inits entirety The attached response acknowledges SID's agreement with elevenrecommendations and provides revised corrective actionplans points of contac and target completion dates as rteeded M- 1-1-loM The SID consolidated response is attached to thismemorandum Please L-------' S022r966 5621 s i ymdmv a ny_qu _e _gions - _ ' - Deputy Chief of Staff for SIGINT Polley and Corporate Issues S02 Encl a s TOP 8ECRGBPT SSfJVHOFORll DOCID 4273133 T P SECR E 1W5'1 Wi0FOR N S T-11-0009 'FOP SGBPEURRffi'i SI fNOf OI eN NSA CSS OFFICE OF lNSPECT'O R GENERAL U OFFICE OF INSPECTOR GENERAL OIG DRAFT REPORT Assessment of Management Controls Over FAA 702 Management Response to Draft Report U In accordance with IG-11357-12 Coordinating Office of Inspector General Reports the purpose of the draft coordination phase is to gain management's agreement or disagreement with report findings and recommendations The SIGINT Directorate SID has been extended an opportunity to review and comment on the revised report to ensure contextual accuracy U The following matrix includes SID's consolidated revisions to management's action plans where applicable Rec No Agree or Disagree Action Completion date Management Response U the recommendation Th and c Jare currently prepanng an ELM plan for Target Analysts and Adj udicators Thls plan Will Include FAA 702-specific training - f - U POC U 1 k 963-0561 Revised Man -tSHNFtSID 1 I with SV Re DOnse are ' U 1 prep r ing an ELM plan for target I - Agree analysts and adjudicators The ELM plan will be broken down into proficiency levels thus allowing the analysts to register for the correct training based on proficiency level as stated in the ACE objective The ELM plan for the Targeting wor1 force readiness standard for FAA 702 w111 be completely for all NCS courses Enforced reg1stration in the ELM program and targeting proficiency statistics to the individual level as well as completion rate of any requ red FAA 702 trauj g I NCS coyrsey w111 be complete Structu red OJT trainmg Will be phased in ' 1 I I I Derived From NSA CSSM 1-52 Dated 20070 108 Declassjfy On %8376661 TOP 8 SGRGBPTf Sll iOFORPl 3 -P L 86-36 DOC I D 4273133 'FQP BECRBT 8 ' iVOf'OR ii ST-11-0009 ReVIi d Ta yrcompletlon Date I Revised POC 969-6728 I U F9t l9 1 wiUt lwill work las part of the SID Lean Six SigmaTeam Participants will assess the feasibility of developing metrics to uate de-targeting trends and p ess deficiencies Final impleli'lentation will be dependent on technical capabilities and deployment - 2 v tb t 3 P L _chedules Agree I ' U POC U I I 963 0561 Revised POC u l 1969- 6729 -- I Oversklht Compliance SVI I I 3 Ut J IWill convene to establtsh tech meal procedures to implement a reconciliation process Agree '' ktoI I - i5l 1 - --' I I I I U 769- - o -3kP L _6- J449 ' _ r tt Tnn t Comoi trOii Date l l 'o o 4 U SV with OGC I ' SID SV will collaborate withL land OGC to establish a II methodology and process for spotchecking disseminations of FAA 702 sourced material dependent on the volume of dissemination Agree U 966- U 2479 TOP C I T Slf NOrORIQ b 3 -P L 86-36 b 3 SO USC 302 DOCID 4273133 TOP 8GBPCRGBP 1W8illhY JFttltltf ST-11-0009 ST-11 -0009 BeVJ il l ll4iDIII IIIliiD Raoa n SIO SVwill II r and OGC to modify the odology and process for spotchecking dissemination of FAA 702sourced material RAvi u d Tartu t Como lotion I ' Date I U SV Agree U Per 5 the requirements of Recommendation 2 SID SV will incorporate metrics for management's assessment I - b 3 -P L 86-36 I U POC U SV 966- 2479 6 U SV Agree U Jf et1eTSID SV has fully implemented the super audit process for FAA 702 SID requ ests closure of the subject recommendation Request Closure U POC U V 966- 2479 -- The followmg activities are currently in progress _ M E7 psv '--- ith ODOC SID SVJ lare developmg and updating a single SOP for oversight adjudication and targetmg FAA 702 functions nd tral o o 6 -36 Icu rren ly popu a lng l is oir n ne I Agree _ o Jo I - -- I 01scuss tne process a no progress SV will collaborate with 52 and r J to organize the go FAA andl JAA web pages U U 5597 66 - Revi ls Mi ni SJ IIl l Rg QQnsg U Add bullet #4 Guidance changes that require updates to NCS courses w1th1n the CRSK senes will be 'fOP 9BORB'P ' Si 'llOFORfl I DOCID 4 273133 TOP SGBPCRGBPfP ' ' ' ' l''EURliOORll t ST-11 -0009 - _ - 'b 3 -P L 86-36 o requested vi a New eammg Solution ill be the In such case ongi nato upon j ordlnatron with SV In addition see recommendation 1 will manage changes to Targeting Workforce Readiness Standard and ELM training plan 11 T _ComoletTOn Date - I Revised POC I Il l 963-1109 U Phase 1 Req uirements Gathering o Con uct te hrjcal exchanre sess1ons wrth developers o 1 o r ' - o b 3 - L 86 36 - - 8 U S S J _ o o rnge rnc bnerngs of the purge process and requirements Document recommendatrons for spec1fic areas where automation w ill improve process efficiency Update the compliance steering group on automation requirements and existing gaps Utii-etfet Phase 1 Deliverable Report documenting reviews and technical exchanges with c J This will Include an implementation plan Agree - - 1 ic o g e lUI Target Comeletlon o I I U IF6t1 6 1 Phase 2 Planni ng Phase Per the development and implementation plan create a schedule of work required to Increase automation of the purge adjudication and execution processes U Phahfellverable Coordinate w ith o document a schedule llmelrne w1 h specrfic completion tasks requ1red to enhance this capability per the Implementation plan 7'0f SDORE'f'i Sif N'OPORfl TOP SECRGBP1W8-b$'H8FORN I DOCID 4273133 ST-11-0009 lOP 3ECR -ET ' 'Sb' lf0t'8R JY ST-11-0009 IU tt et tel Phase 3 Development Implementation _ Vorl wittC to develop the new capability per Phase 1 and 2 U Phase 3 Deliverable Complete the development and provide a final report to OIG defining results - U POC U __ _ _ _ _ ____ 963 561 b 3 -P L l U POC U __ _ _ _ _ ____ 963 561 9 U S S J Agree Revised ManGBPr ment p esoonael U Sl manages the mapping of access controls through I Jo repositories Eligibility to access FAA 702 data Is U SID requests closure or the recommendations Deliverable Update The SID Data Manager can provide documentation to enable closure of this recommendation TOP SEORDf' 81 PCOFORPi 'fOP YECRGBP 'fl78ri7'NOFO'RN Request Closure DOCID 4273133 ST-11 -0009 RevJud POC U 969 729 I ' I I 1963-3004 - i ' l' _ - - - Ul Sub-bullet #1 er ONI OTR guidelines the requirements of sub-bullet #1 are comoleted l - 1 ''jl' b 3 -P L ' 6-36 _ - II fUlSID I - I lUI Sub-bullet #2 Thtj I oroaniz 3tions are currenuv aeveloping --- II 'I Agree o' I The analyst must assess traffic ana respond to three supporting questions I I U POC o b 3 -P I - - 8_ - 36 - I UJH etfetl 963-0561 Bevi S eocl U 1969- 6729 o 11 L i ADET U Sub-bullet 1 2 Sl eferred to SV SV will work with ADET to update the following course FISA Amendment Act FAA Section 702 OVSC1203 to reflect modified Targeting and Minimization Procedures that are currently pending the Foreign Intelligence Surveillance Court ruling _ - l J Sub-bullet 3 Slg will b 3 -P L 8 pa6Jish training slides onto the AA 702 Targeting Review Guidance webpage and will work w1th ADET to develop a course to replace bnehngs and informal training sess1ons U POC U 'FOP BEC lfi ii NOf OKf I I - - - o' 10 I b l1 b 3 -P L 86-36 b 3 -50 usc 302 DOCID 4273133 'f P 8-ECJtE 1WSi J'N ORH ST-11- 0009 ST-11 -0009 I 1963-1109 3 1-d SV 966-2479 Bevised Management Re gonse U If'Ot tO OVSC 1203 SV will work with ADET to update the FAA 702 OVSC1203 cou rse to reflect the amended Targeting and Minimization ' Procedures that the Foreign Intelligence Surveillance Court a in September 201 SI will publish tr iDing sHdes onto the S2 FAA 702 - - - Targeting Review Guidance webpage and work with ADET to update OVSC - ' - l n 3 -P L - ' 86 36 I U CRSK 1304 1305 Updates to FAA 702 Practical Applications CRSK 1304 and FAA 702 Targeting Adjudication CRSK 1305 were completed in December 2012 In addition enforced registration in the ELM program and targeting proficiency statistics to the individual 1evel as well as completion rate of any ' o ' ' oo o o o I req'u1refl88 ioioa er lructure ' S trammg Wlf be phased in 'o Reyised Tarnet CoT pletion Date I 'FOP 9DORB'f 9l UOPORN I DOCID 4273133 This page intentionally left blank DOCID 4273133 I I - 0mm DOCID 4273474 NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE U FOUO Implementation of 215 of the USA PATRIOT Act and 702 of the FISA Amendments Act of 2008 ST-14-0002 20 February 2015 U This report might not be releasable under the Freedom of Information Act or other statutes and regulations Consult the NSA CSS Inst ector General Chief of Staff before releasing or posting all or part of this repor1 b 3y P L 86 -36 cliissifiea By - _ __ Derived From NSAICSS Manuall -52 Dated 30 September 2013 Declassify On 2fJ 4f fJ22fJ T9P SGBPCRGBP1 S'Sf lNfJF9RN pp roved for Release by NSA on 02-1 1-2016 FOIA Case # 80120 litigation 1 DOCID 4273474 1 UP SE CRE 11 SVlvOf URN U OFFICE OF THE INSPECTOR GENERAL U Chartered by the NSA Director and by statute the Office ofthe Inspector General conducts audits investigations inspections and special studies Its mission is to ensure the integrity efficiency and effectiveness ofNSA operations provide intelligence oversight protect against fraud waste and mismanagement of resources by the Agency and its affiliates and ensure that NSA activities comply with the law The OIG also serves as an ombudsman assisting NSA CSS employees civilian and military U AUDITS U The audit function provides independent assessments ofprograms and organizations Performance audits evaluate the effectiveness and efficiency of entities and programs and their internal controls Financial audits determine the accuracy of the Agency 's financial statements All audits are conducted in accordance with standards established by the Comptroller General ofthe United States U INVESTIGATIONS U The OIG administers a system for receiving complaints including anonymous tips about fi aud waste and mismanagement Investigations may be undertaken in response to those complaints at the request of management as the result of irregularities that surface during inspections and audits or at the initiative of the Inspector General U INTELLIGENCE OVERSIGHT U Intelligence oversight is designed to ensure that Agency intelligence functions comply with federal law executive orders and DoD and NSA policies The IO mission is grounded in Executive Order 12333 which establishes broad principles under which IC components must accomplish their missions U Fl ELD INSPECTIONS U Inspections are organizational reviews that assess the effectiveness and efficiency of Agency components The Field Inspections Division also partners with Inspectors General ofthe Service Cryptologic Elements and other IC entities to jointly inspect consolidated cryptologic facilities 'fOP 8-ECREf J'Si lilfJFfJRltt DOCID 4273474 'fOr SECR E'f' 181 INOF'ORN ST-14-0002 o' NATIONAL SECURI1Y AGENCY CENTRAL SECURITY SERVICE j OFFICE OF THE INSPECTOR GENERAL ' __x- a Jt ' o' ' 20 February 2015 IG-11763-15 Re-Issued TO DISTRIBUTION SUBJECT U FOUO Report on the Implementation of 215 of the USA PATRIOT Act and 702 of the FISA Amendments Act of 2008 ST-14-0002 1 U FOUO Attached please find the report on Implementation of 215 ofthe USA PATRIOT Act and 702 of the FISA Amendments Act of2008 as requested by members ofthe Senate Committee on the Judiciary 2 U In September 2013 ten members of the Senate Committee on the Judiciary requested a comprehensive independent review ofthe implementation of 215 of the USA Patriot Act and 702 of the Foreign Intelligence Surveillance Act FISA Amendments Act FAA of2008 FAA 702 for calendar years 2010 through 2013 In January 2014 NSA' s Office of the Inspector General OIG and staff members of the Senate Committee on the Judiciary agreed on the scope of a review the OIG would conduct on NSA's use of both authorities 3 U The following is the NSA OIG' s report on both authorities which will be sent to the ten members of the Senate Committee of the Judiciary who requested the review the Chairman and Ranking Member of the House Committee on the Judiciary the Chairman and Vice Chairman of the Senate Select Committee on Intelligence and the Chairman and Ranking Member of the House Permanent Select Committee on Intelligence 4 U tf'OUO -We appreciate the cooperation and courtesies extended to our personnel throughout the review I AR Inspector General U This report might not be releasable under the Freedom of Information Act or other statutes and regulations Consult the NSA CSS Inspector General Chief of Staff before releasing or posting all or part of this report TOP 8ECRET SIHNOF'ORN DOCID 4273474 'i'Of SECltE'i' SI tNOFORN 7 T ' OGC Raj De I ST-14-0002 ' _ ----------- _j - AIG 1 - f t n on CLPO Rebes ca Richards ' ODOC atherine AucelJa f t UUT f _ I n Bauma4 Jiiilii ' ' I S02 frontoffice so ALIAS ff ll nf 1 lo _ slr-4------------r-----' s1 s1s s2 iL _ - 8 1 ' ' - s2 o3L r-------'----- S' - s2b 0or - - - - --------r--------- l 83 t o - - - - J ' S5 ' S3l3 S35409 $3 5411 fij - _ ---------- ____-- V$ 3542 $3 543 ---- ---- DL BMD_ Weekly ALIAS STCl DL SIDIGLIAISON DL TO- REGISTRY DL TD_Strat_Ops_Grp DL D- COMPLY- TASKER DL d_gc_registry DL d lao tasker IG D Ir G __ _ _ Dll I Dll D12 D13 D14 TOP SECRETH81HNOFOR l _ DOCID 4273474 TOP SECRET SI INOFOR N ST -14-0002 U TABLE OF CONTENTS I U INTRODUCTION ii U REASON FOR R EVIEW ii U OBJECTIVES ii II U SECTION 215 OF THE USA PATRIOT ACT 1 U BACKGRO UND 1 U METHODOLOGY AND SCOPE 2 U BR FI SA PROGRAM CONTROL FRAM EWORK 3 U BR FI SA PROGRAM INCIDENTS OF N ON-COMPLIANCE 56 U NSA USE OF THE BR F ISA AUTHORITY 63 Ill U FAA 702 70 U BACKGROUND 70 U M ETHODOLOGY AND SCOPE 71 U FAA 702 PROGRAM CONTROL F RAMEWORK 72 U FAA 702 INCIDENTS OF NON-COMPLIANCE 136 U NSA USE OF THE FAA 702 AUTHORITY 143 IV U ABBREVIATIONS AND ORGANIZATIONS 150 U APPENDIX A ABOUT THE 215 AND FAA 702 REVIEW 153 U APPENDIX B BR FISA PROGRAM CHANGES 2010-2012 157 U APPENDIX C BR FISA PROGRAM INCIDENTS OF NON-COMPLIANCE 2010 THROUGH 2012 159 U APPENDIX D FAA 702 PROGRAM CHANGES 160 'fOP 8ECRE'fh'Sif i'IOFOR t ' DOCID 4273474 TOP SECRET 81 NOFORN ST-14-0002 I U INTRODUCTION U Reason for Review U In September 2013 ten members of the Senate Committee on the Judiciary requested a comprehensive independent review of the implementation of 2J 5 of the USA PATRIOT Act and 702 ofthe Foreign Intelligence Surveillance Act FISA Amendments Act FAA of2008 for calendar years 2010 through 2013 U Objectives U In January 2014 the National Security Agency Central Security Service's NSA Office of the Inspector General OIG and Committee staff agreed that the NSA OIG would review NSA's implementation ofboth authorities for calendar year 2013 The study has three objectives U Objective I o U Describe how data was collected stored analyzed disseminated and retained under the procedures for 215 and FAA 702 authorities in effect in 2013 and the steps taken to protect U S person information o U Desctibe the restrictions on using the data and bow the resttictions have been implemented including a description of the data repositories and the controls for accessing data o U Describe oversight and compliance activities performed by internal and external organjzations in support of 21 5 Foreign Intelligence Surveillance Court FISC Orders and FAA 702 minimization procedures U Objective II o U Describe incidents of non- compliance with 215 FISC Orders and FAA 702 Certifications and what NSA has done to minimize recurrence U Objective III o U Describe bow analysts used the data to support their intelligence missions U ffOUO Our study ofNSA's implementation of 2J 5 and FAA 702 authorities was based largely on program stakeholder interviews and reviews of policies and procedures and other program documentation For this review the NSA OI G documented the controls implemented to address the requirements of each authority however we did not vetify through testing whether the controls were operating as described by program stakeholders TOP 8ECRET SI OFORN II DOCID 4273474 I OP S C RE T 1 N OfOft N ST -14-0002 II U SECTION 215 OF THE USA PATRIOT ACT U Background U Business Records Order U Since May 2006 the Foreign Intelligence Surveillance Court FISC has authorized the National Security Agency Central Security Service's NSA bulk collection program under the business records provision of the Foreign Intelligence Surveillauce Act FISA 50 U S C 1861 as amended by 215 ofthe USA PATRIOT Act legislation enacted by the U S Congress and signed into law by the President From its first authorization in May 2006 through December 2014 the program has been approved 40 times under Business Records BR Orders issued by 18 FISC judges gr -- - - cTsN_Sif HF b 3 -50 usc 3024 i Pu_rsuant to tb e ie - Orders issued by the FISC N A eceives certam call detail records or BR metadata from D u s telecommurucat10n s providers NSA refers to the series of BR Orders approved by the FISC as the BR Order and the control framework NSA bas implemented as the BR FISA program U The BR Order requires that providers produce to NSA certain information about telephone calls principally those made within the United States and between the United States aud foreign countries This information is limited to BR metadata which includes information conceming telephone numbers used to make and receive calls when the calls took place and how long the calls lasted but does not include information about the content of calls the names of the participants or cell site location information CSLI U The BR FISA program was developed to assist the U S government in detecting communicatio ns between known or suspected terrorists who are operating outside the United States and communicating with others inside the United States as well as communications between operatives within the United States The BR Order authorizes NSA analysts to query BR metadata only for identified counterterrorism purposes The BR FISA program includes oversight mechanjsms to maintain compliance with the BR Order and external reporting requirements to the FISC and Congress U BR renewal process U Approximately evety 90 days the Department of Justice DoJ on behalf of the Federal Bureau oflnvestigation FBI and NSA files an application with the FISC requesting that certain providers continue to provide calling records to NSA for another 90 days If the FISC approves the government's applications to renew the program the Court issues a primary order delineating the scope ofwhat the providers must furnish to NSA and the provisions for NSA's handling ofBR TOP SBCRBTHSI NOFORN 1 DOCID 4273474 TOP SECRETf Sf NOPORN ST-14-0002 metadata The FISC issues secondary orders separately to each provider directing them to deliver an electronic copy of certain calling records to NSA daily until the expiration of the BR Order U Methodology and Scope U Our review ofthe BR FISA program control fi amework incidents of non-compliance and NSA's use ofthe authotity to support its countertenorism CT mission was based largely on BR program stakeholder interviews and reviews of policies and procedures and other program documentation For this review we did not verify through testing whether the controls were operating as described by BR program stakeholders However we tested controls oftbe BR program during previous NSA Office ofthe Inspector General OIG reviews see the Oversight section for a list of those reviews '6 3 P L 86-36 - U 'Our study foc us 4 on tbe processes and controls m place m 2013 We used BR - Order 13-158 approved hy'tt1e FISel land compared the requirements listed in that Order with the processes and controls NSA used to maintain compliance with that Order In addition we documented the changes implemented in tbe BR FISA program following the President's directives in 2014 I U Presidential directives affecting querying controls in 2014 U On 17 January and 27 March 2014 the President of the United States directed that NSA implement the following changes to the BR FISA program I U JfOUO Submit selection terms to the FISC for reasonable articulable suspicion RAS approval see Querying section for RAS discussion Before 17 January 2014 RAS selection terms were approved by the Chief or Deputy Chief ofNSA's Homeland Security Analysis Center S214 or one of the twenty specially authorized Homeland Mission Coordinators HMCs as the BR Order required and NSA 's Office of General Counsel OGC performed First Amendment reviews for selection terms associated with U S persons USPs 2 U KOUO Restrict contact chaining to two hops fi om seed selection terms see Querying section for contact chaining discussion Before 17 January 2014 tbe BR Order authorized appropriate ly trained and authorized NSA analysts to query to three bops however NSA guidance restricted those analysts to query BR FISA repositories two hops from seed selection terms and one additional bop three bops from seed selection terms with Analysis and Production S2 management approval 3 U Store BR metadata in provider controlled repositories and not in NSA repositoties Once implemented NSA will submit FISC-approved RAS selection terms to providers for them to query their repositories Providers will provide to NSA only the results ofthose queries TOP SECRET 81 NOFORN 2 DOCID 4273474 TOP SECimT Sf NOI OftN ST -14-0002 U FOUO NSA implemented the first two directives by February 2014 The third directive storing BR metadata in provider reposit01ies and obtaining only those query results from providers will require Congressional approval of a new statute for the production of business records which had not been implemented before this report was issued U IFOUO The following sections describe how the BR FISA program control framework complies with BR Order 13-158 including the changes implemented following the President's directives in 2014 the 2013 BR FISA program incidents of non-compliance and NSA's use of the BR FISA authority U BR FISA Program Control Framework U f'OUOJ The BR FISA program control framework describes how NSA collects samples stores accesses queries disseminates and retains BR metadata and the oversight mechanisms to comply with the BR Order This section summarizes the provisions of the BR Order and the controls implemented for each phase of the BR FISA production cycle o b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i U Collection ---- - - U Provisions of BR Order 13-1_S 8- - T 'IEQThe IRGrder irec Ju S telecommunication s providers to provide at1 electron ic copy of certain call detail records herein after referred to as BR metadata The BR Order defines BR metadata as comprehensive communications routing information including but not limited to session identifying information e g originating and terminating telephone number International Mobile Subscriber Identity IMSI number and International Mobile Station Equipment Identity IMEI number trunk identifier telephone calling card numbers and time and duration of call 1 BR metadata does not include the substantive content of communications the name address or financial information of a subscriber or customer or CSLI U Data received from providers fTSNSW W I ---- --- -------------------- b 3 -50 usc 3024 i L----------------------------' 1 U The IMEI number is a type of metadata related to mobile telephony It is permanently embedded in a mobile telephone handset by the manufacturer and generally is not changeable by the user In most instances the IMEI does not travel with the Subscriber Identity Module SIM card in contrast to the IMSI number which does The IMSI number is another type ofmetadata related to mobile telephony It is a IS-digit number used to identify a customer IMSI numbers are permanently stored on SIM cards allowing a user to plug a card into any mobile telephone and be billed correctly Calling card numbers are numbers used for billing telephone calls A calling card number may be a telephone number as the phrase is commonly understood and used plus a personal identitkation number or may be another unique set of numbers not including a telephone number TOP SECRETHSI i'IOFORN 3 DOCID 4273474 'f'Ofl SECKE'f' 81 NOFORN ST-14-0002 l nT f l IT ' I ' _ _ ' IJ ' - - - - f ' - _ Q -P L 86-36 - 0 K OUSC3024 i - -- y t t - '' 1 - _ 'o _ I TSNSI a 1 L - - 1 _ _ _ _ _ _ _______ 2 U tretffi- A SCJF is an accredited area room or installation incorporating physical control measures e g barriers locks alarm systems armed guards to which no person has authorized access unless approved to receive the particular category of sensitive compartmented information and has a need to know the sensitive b 3 -P L 86-36 compartmented information activity conducted therein 3 U - ontact chain shows that selection term A communicated with selection term B their first and last contact dates telephony type and the total number of communications between selection terms A and B L l__ _' ____'_t_ _ _ l_ _ _ _ _ _ _ _ _ _ _ _ __ l o '''' TOP SECRE'fHSI NOFORN 4 b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i DOCID 4273474 TOP SECRETh'Sf NOfOftN ST -14-0002 o TS Sl ft jf Figure 1 illustrates the BR metadata dataflow from the provider to NSA and the various BR metadata repositories in 2013 ' 1 ll 3 -P L 86-36 b ' -50 usc 3024 i TSHSIHNF Figure 1 BR Metadata Dataflow and Repositories T PilubiF o T6 f9h' t4F -t1rtif7 - 1 SlJi ffi 1 1Lll ---- ___ _ __Jprovide all BR metadata for communications between the United States and abroad or wholly within the United States including local tele hone calls The BR Order does not re uire L -- 1 - - b ' 1 b l L 86-36 b 3 -50 U sc 024 i ' 'fM3tm4f I I TOP SECR-ETHSI rOFORN 5 DOCID 4273474 'fOP SECRE'fi SI INOFOR N ST-14-0002 BR metadata f i iii o - - - - - - - - - __ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ____J tbH1 ' 3 -P L 86-36 b -50 USC 3024 i T 7i 31iii 4 F ----------------------------- 3 86 36 U Table 1 BR FISAL-1--- b -P L - oo ' I Tet et ii 14F I o ' U Metadata Sampling U Sampling to verify BR metadata integrity I U 11'000 l NSA' sData Integrilis t Asj k - ' 11 3 -P L the BR FISA program DIA responsibilities include 6 U fOUO The BR FISA Authority Lead is responsible to the NSA Director and the Director of the Signals Intelligence Directorate tor implementation of FISC BR authorizations by the NSA organizations responsible tor the collection processing and analysis ofBR metadata under U1e BR Order 'fOP SRCRE'fi SI NOI OltN 6 86-36 DOCID 4273474 TOP SECRGBPT ISI IP' OFORN ST -14-0002 o UIJ'FOU01 Verifying that BR metadata is correctly ingested processed and formatted into chains o U Fouoj ---------------- L - '6 3 -P L 86-36 o U fOUO I o S W j o W j ------ lb -3 -P _ L 86-36 I - - - - o W'W b 1 b 3 -P L 86-36 6 3 -P L 86-36 -------------------------------------- 925 Sf iNf NSA bas two types of controls to monitor data received fiom the - anct main t ai n b 1r _ pro viders compliance witb the BR Order st i sL ---- ___ J h e f i r b P t b e fOu i h blmg ft q- er-_se_c_o_n_d _ -is_ 3 ____________ I - 1 JL__--- _ I b 3 -P L 86-36 han es are project L - ---- - -' team runs tests to ve1ify that b nges have been implemente and ph vides tbe test results to the DIA team to vahdate thatthe changes hav been made - U 'fOUO Sampling DIAs runlr---------- Jq n ri s on the B 3 rrretaci a to answer five questions as part of tile sampling process COlltrofS Q_VerifY C_oinpli'apce with the BR Order - - 7 U ffi'Be7 The standard tormat is - ft 6' 3 -P L 86-36 'fOP S ECR-E'fh'SI NOFORN 7 DOCID 4273474 'fOP SECttE'f SI NOJi'OltN ST-14-0002 1 TS 81 ftW Did the BR metadata contain credit card numbers 2 U FOUO Did NSA detect CSLI in thel'--------___ l l6 1 identification field b 3 -P L 86-36 3 U Did the BR metadata record structure adhere to e pecfations 4 U Did the BR metadata record content ad bere fo expectations 5 U FOUO Did I ladh to expectations U The sampling results are submitted to NSA's Office of the t itector of Compliance ODOC in weekly BR FISA compliance reports ODOC compiles the information with other compliance reports and provides it to the Director of Compliance for review The BR FISA Authority Lead suii unarizes the weekly BR FISA compliance reports for the DoJ National Secutit y Division's NSD review before quarterly compliance review meetings see Oversight section TSHSM W I I D IAs samee thd known to have contained b 1 ' re _ it c P MWl r 1 9 P r f -l i JPY P - - l _i e u ifi atio n n m bers The b ' 3 2P158 6 BR Order does not authonze NSA tQ E 9 - -- ustomer financral rnfonr ratron l b 3 -5_ 0 usc 3 o 4 f l I DIAs sample all BR metadata' re'cotds for thel khat could Th m lina f BR metadata is performed to identify to screen_for credit card nu mbers are identified DIAs test to o Credit card numbers I TSf SV UL DIAs ideutif them as credit card numbers and forward them to b 1 b 3 -P L 86-36 IAs Aetennine whether the credit card L n_u_m- b-e-rs_ w_e-re- in --g-es-te-d - in-to-r----- L - __ __ _ and noti les stakeholders including DoJ NSD ___ _ _ _ _ _ ___ - c '' ' ' b -P L 3 TSh'Sf tc f To demonstrate the number of files and BR metadata records that are sampled daily for credit cards the OIG randomly selected for review Table 2 TOP SB CRETHSI 1 0FOR ' 8 _ 86 36 DOCID 4273474 'fOP SECRE'fi SI INOFOR N ST -14-0002 U Table 2 0sampling Metrics for Credit Cards T91tSihl ll' ----- - -- o o o b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i Tei 81 IPJF --- U Table 3 L I_ __ I s a mplln g M trics for Credit Cards FSHSI JtlF FS 181 JtlF 'T'n l '-'1 t ny ll_ Tn 1 o J o n ' ' I - _ - - - '6 -------------------------- J b 3 -P L 8G 36 b l Sp usc 3024 i Cell site IQ - -ion information CSLI DIAs test thel to ve i tha it doeS 'tlot cont tiP _ _ LI because the BR Order prohibits NSA om recetvmg thts data The DI As santple l b 3 -P L 86 36' I I DIAs have identified no CSLI data in L t-h -e - -- -- -- -- ----_-_-_- l fi e d- --si u- ce it- -b-ec-am - _e_o_p__ erationall I 1 -P L _ 3 -- TSI Slh W Record structur The PIAs sample BR metadata records each feed to test whether the BR metad ata - r cord structure has ch ed __ _____ - -- TOP SECRETh'SI NOFORN 9 - - --- - ---- b 1 b 3 -P L 86-36 86 36 DOCID 4273474 'fOP SECRET SI I OFOR N ST-14-0002 - 6 o b - -P L 86-36 - l lf any tests show differences a warning message is generated for the DIAs to address Changes in BR metadata record structure are very rare but if identified the provider is contacted to determine whether the change is permanent or a one-time processing anomaly ___--- - ---' U fFOUO BR metadata record content DlAs review the BR metadata record content for each feed ________ ___ -Aceo rding- to the DIA s excejifious are v iy iare ' b' 3 -P L 86-36 U ff OUO Table 4 shows the percentage record structure and content during 2013 U fFOUO Table oftheQ 9fie a r BR metadata - 4r-1Sampi i -e centages for BR Metadata Record cture and Content Testing TS i l# l 6 1f - - b 3 -P L 86-36 b 3 -50 usc 3024 i TSHSif 'tJF 'fSHSlh' W Data feed volumes DIAs monitor data fe Q Y olumesQ or anomalies by reviewigg tbe l - -Tstatus Report which lists for each fee d the n1inilier o f raw BKnietadat a records l I received and the ' ' i i i n rilh r ti -l ecord rl b 3FP L 86-36 o o o o - U ALOOO Table 5 shows the number ofBR I I I metad co ras received 0 1 b 3 -P L 86-36 8 U i'OUO BR metadata record content is distinct l i om the content of communications BR metadata record content does not contain the content of communications defined in 18 U S C 2510 as the substance purport or meaning of a communication 'fOP gECitE'f'f gf fNOFOlt 10 DOCID 4273474 TOP SECitE'f'h'Sf NOFORN ST -14-0002 U Table 5 Total Number of BR Meta data Records C i D ' I 1 b 3 -P L 86-36 T nSIII 14F TSH81f f F o U Table 6 summarizes the provisions ofBR Order 13-158 for collection and the b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i controls NSA implemented to maintain compliance U Table 6 Collection Provisions and Controls fSJ SI Jf4f II Provision TS IS I i'I F II Control Provide Daily BR Metadata Records TSHSIHt4F I l monitod problems DIAs monitor data feep volume H ltor data flow J or anomalies U NSA Only Receives Authorized Data TSHSIIs' IF Parser rules re de ign ed t prevent unauthorized data from being ingested into op erational systems DIAs sample data j l to detect unauthorized data T ' 61#NF b 1 b 3 -P L 86-36 U Repositories U Provisions of BR Order 13-158 U NSA will store and process BR metadata in repositories within secure networks under NSA control U NSA repositories that store BR metadata U 'FOUO All NSA systems that store and process BR metadata are certified as secure through an accreditation and certification process and are in NSA controlled SCIFs During 2013 the following systems stored and processed BR metadata 't 3'FP c as 3s 'ii ' 'r '8 'u ' I - I is the corporate contact chaining dat base l __ ----- l ---------------------------1 b 1l b 3 -P L 86-36 __ b 3 -50 usc 3024 i TOP SECRBTHSI t rOFOR t r 11 DOCID 4273474 'fOf St CRETHSI INOFOR N ST-14-0002 orate database o o o o o ' __ - U FOUOf -- - - ' o - - - _ I is t e contingency sy teiiiJorL I_ _ _____ and bas tbe sarrie ha r ware and softwat e a I o SHREL TO USA F r L y L I- - - - - - - - - - - - - - - - i is Jhe system backupJ t6 ' '1f -- __ _ _--- _ _ _ _ _ _ _ _ _____J l l i l - -cu1JFouo ii k P i3pesare m rnmtned at -o''' ' ' C'CC o l dy mfor ----- BR I The Iare saved to tape backup metadata electrorucally st9 x d m l the BR FISA program is software Idata distribution b 3 'P -L 86 36 U ffOUe systems move BR metadata between NSA systems I fCNREL TO USA PIEJPY How i fQr m a t ion Js stored -inl ' ' '''' Sfi'SlHRE' IS f'g' js A F' 1 I are the only operational databases used to store BR metadata for intelligence analysis As previously mentiop_ed -1 I b 3 -P L 86-36 o o1 - b 1 b 3 -P L 86-36 TSNSW W I I o o ooc o o- 'o - --- - --- - --- b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i h -3 -P L 86-36 9 U feY L ----------------------------------------------------- 'fOP SECR e'fh'SI I rOFOR N 12 DOCID 4273474 'fOP S CRE'f 91 N OP ORN ST -14-0002 U JFOl IO Figure 2 _ I_ _ _ _ _ _ _ ___ I Architecture s 6 3 -P L 86-36 - b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i TS 81 J lF oJ ' 1-r b - PJ- 6-36 b 3 - 18 USC 79 8 b 3 -50 usc 3024 i f'T' C' II C' 'T o '-'' '-'o' ' r _ 1 1 11 11 U NSA system accreditation and certification processes I U FOUO Accreditation I TS is responsible for managing the risk on all NSA networks and the computer systems and devices connected to those networks TS responsibilities include _ b 3 -P L 86-36 10 U A relational database stores data in tables using a standardized data format This allows similar in formation to be organized and queried on the basis of specific data fields TOP SBCRE'f SI NOFOltN 13 DOCID 4273474 TOP SEiCRETI SJ fNOfORN ST-14-0002 o U fOUO Guiding prioritizing and overseeing the development of information assurance programs necessary to ensure protection of information systems and networks by managing the NSA Information Security Program o U ffOU Or Serving as the NSA Director's Authorizing Official to accredit all NSA information systems o U fOU O Conducting information systems security and accreditation and risk management programs and o U fOUOJ Establishing maintaining and enforcing information systems security policies and implementation guidelines for NSA U fOU O Accreditation is the official management decision to permit operation of an information system in a specific environment at an acceptable level of risk based on the implementation of an approved set of technical managerial and procedural safeguards U ff OU O When accrediting systems TS uses a risk management framework to determine the appropriate level of risk mitigation needed to protect systems information and infrastructure The framework comprises six steps o U Categorize the information and information system o U Select an initial baseline of security controls and tailor as appropriate for the system data and environment o U Implement and build the secmity controls in the information system o U Authorize the operation of tbe information system accept the risk and o U Monitor continually and assess the effectiveness of the security controls U FOUOr Before a system is authorized to be put on a network it must go through the accreditation process and be approved by TS Table 7 lists the dates through which the BR repositories are accredited U Table 7 Dates through which BR Repositories Are Accredited 0 fREL TO US Ac FY EY l b l1 ' b 3 -P L 86-36 Repository 11 Accredited Through t G#REL TQ Ui 1 1 Jft' 1 i JPY U FOU O Certification In addition to the TS system accreditation requirement all systems containing FISA data must be certified byl ICTV I Y - T 4 is t e NSA authority f r certification of systems to ensure they are compliant th the legal and policy regulations protecting USP ptivacy - - I 'fOP S CR-E'f 81 NOI OltN 14 b 3 -P L 86-36 DOCID 4273474 TOP SECRGBPT SI INOFORN ST -14-0002 U OUO I I TV began certifying FISA systems including the repositories that_ c01ifain BR metadata to ensure that they comply with USP privacy protection _ TV developed l the NSA corporate database for registration of ___ -- N_S A systems and their compliance certification and data flows It is NSA' s _ - -------- authoritative source for all compliance certifications TV's certification process --- - - evaluates system controls for maintaining compliance in the following areas purge data retention and aging off data access querying dissemination data tagging b 3 -P L 86-36 targeting and analytical processes U fFOUO To be certified to handle FISA data systems must be certified by TV as part ofthe Compliance Certification process Table 8 shows the TV4 certification dates for repositories that contain BR metadata I -ry U Table 8 Certification Dates for Repositories Containing BR Metadata ei REL TO t JGA FVEJPY l m- I II Dale Certified 86-36 L----------------------------------------------- O E L T O U A V t U Table 9 summarizes the provision of BR Order 13-158 for repositories and the control NSA implemented to maintain compliance U Table 9 BR Repository Provision and Control U uiouerProvision NSA will store and process BR metadata in repositories within secure networks under NSA control Il l Il l Control All BR FISA systems are certified as secure through NSA's system accreditation TS and certification process TV4 and located in NSA controlled SCIFs U Fei JSt U Access and Training U Provisions of BR Order 13-158 U BR metadata shall carry unjque markings such that software and other controls including user authentication services can restrict access to authorized personnel who have received appropriate and adequate training with regard to this authority NSA shall resttict access to BR metadata to authorized personnel who have received appropriate and adequate training U Appropriately trained and authorized technical personnel may access the BR metadata to perform those processes needed to make it usable for intelligence analysis The Court understands that the technical personnel responsible for NSA's underlying corporate infi astructure and the transmission of the BR metadata from the 'fOP SECRE'fh'SI 1 0FOR I 15 DOCID 4273474 'fOP SECR-BTHS I IN OF OR ST-14-0002 specified persons to NSA will not receive special training regarding the authority granted herein U NSA's OGC and ODOC will further ensure that all NSA personnel who receive query results in any form first receive appropriate and adequate trainjng and guidance regarding the procedures and restrictions for the handling and dissemination of such information NSA will maintain records of all such training U OGC will provid e DoJ NSD with copies of all formal b1iefing and or training materials including all revisions used to brief or train NSA personnel concerrung this authority U Restricting access to BR metadata to authorized personnel f FSf Sii 't F' The Signals Intelligence Directorate's SID Office of Oversight Compliance SV verifies semi-weekly that persons authorized access to BR metadata maintain the required credentials The trairung required for the se t w 9 GBPt e 9entials is listed in the Appropriate a iid Adequate Trairung heading of this section ' yb- 1 I CJ I Tederi'fiaf slg ifi th - - i ividual has_ Peen ade L 86-36 TSHSfh't$F Thel and appropriately trained discussed below with regard to the B RFISA program and provides the authorization to view the results ofBR metada a q ueries in any form ldoes not provide access to including wlitten and oral summaries of results the BR metadata in the bulk metadata BMD repositories or authorization to query the data I TSHSlHNr Table 10 shows a breakdown of the number of personnel withl las of31 December 2013 by affiliation t 1 __ tl 3 -P L 86-36 TSf Sif NF Table 10 Number of Personnel with L l_ _ Iby Affiliatio - _ _ o T 311 31 If4F Affiliation NSA Civilians t - - - - - - - - - - - - - - - - - 1 - NSA Military i Non-Agency Civilians Contractors Total TSf SI If F TSf Slf Nfi' Table 11 shows a breakdown ofthe number ofpersonnel withl of31 December 2013 by work role 'fOP SE CRE'fh'Sff i'IOFOR ' 16 las DOCID 4273474 TOP CR-ET 181 0FOR N ST -14-0002 - 1 1 ---- TSHSiffNF Table 11 Number of Personnel with I b 3 -P L 86-36 lby Work R le --f f T S 111'11J Ji'm F'T Work Role II Number of Personnel Analyst Oversight Leadership Staff Technical Contractor Total Tiustut IF b 3 -P L J 6-36 T NSIHtH Jhel ler dential signifi thartrperso n authorized I to access BMO rep ositor ies and is tbe first step in obt ainin g the ability to i1Se fo perform queti gll 11 t BR metadata l I J SonJy - authorized fe-r- specific 'intelligeiice an alysts working CT targets described in the BR Order and technical personnel who maintain the systems that process and store BR b 1 metadata The BR FTSA Authority Lead is the ultimate authority for deciding which b 3 -P L 86-36 organizations are authotized to access BR metadata repositories - -- - I I I TS SIHtW Table 12 shows a breakdown ofthe number ofpersonne1 withl as of 31 December 2013 by affiliation and work role L ------- TSHSI fNF Table 12 Number of Personnel with'-1-- ' b 1 by Affiliation and Work Role b 3 -P L 86-36 l T JI III f F II Affiliation and Work Role II Number of Personnel NSA Civilians - Analyst Oversight Technical Total NSA Military Contractors - Technical Total 'f l llil41 T 8 ' Uf In a q tion if an individual needs to query BR t adata usiti f 'the intelligence analyst contact chaining tool a Division -- Chief n eputy Division Chief Branch Chief or Deputy Branch Chief must submit to b ' ' i m SV a written request that the individual be given query access If the individual is iri all 'fraiiiin ran d holds thef credentials sv sends an 3 86 36 b -P L e-mail to thel heam a d requests that the person be added to the I I to1 I current b 3 -P L 86-36 U Fet 7fl l - -_ _-r-- - _ - _ _ l is'fi g hical user interthce analysts use to query data including BR metadala in _l_ _ __ f - 11 'fOP SECltE'f SI NOfOltN 17 DOCID 4273474 TOP S CR-ETh'SI 1 - 0FORN ST-14-0002 I I luser Group in P- T e l administrator verifies the person's credentials and training a t t h n J the user gro p and notifies SV when complete Upon completion utciptatica J ly sends an e- mail to SV indicating that the person bas been a e to t Je user gi oup rl l S _dditional management control helps ensure that only appropriately trained ahtFauthprized personnel are able to execute queries ' b 3 -P L 86-36 U FOUO TabIe 1 -- S - 9 fJ Il n umber oGBP personnel OU t be ---' Use't'Gfotip with q uerying capability as of 31 December 2013 L l b 3 -P L 86-36 U Table 13 Number of Personnel with Querying Capability as of 31 December 2013 U I Work Role Number of Personnel ' Analysts Technical Total U T t gg' W Receiving query results NSA personnel who receive query results are required to receive training and guidance regarding the procedures and restrictions for handling and disseminating such information Before analysts send BR-unique query results containing USP information to another individual they must first confirm that 13 credentiaL Sharing BR-uniq e query esults the recipiens has-thel c ntainirig USP in T ti it_ l i 11 4j vi d u al without tb redential would V1olatethe BR'Ofder and reqmre notlce to the Court b 1 b 3 -P L 86-36 U Training records The BR Order requires that NSA maintain records ofBR training NSA's Associate Directorate for Education and Training ADET Enterprise Leaming Management database is NSA's source system ofrecord SSR for maintaining training completion records for all required training U Figure 3 shows the categories of individuals authorized access to BR data lQ 3 kf L 86-36 o - 'o o 12 U ff6tt0 1 lrsNSA's Corporate Authorih tion Service and access control services to NSA programs and projeci's Port l fhch pr i'des autbgrizati on attributes 13 Uj l f 1 I I TOP SEC RETHSI 1 0FOR ' 18 DOCID 4273474 'fOP S CRE'fh'SI NOf OftN ST -14-0002 U FOl JO Figure 3 Access to BR Information Determined by Credentials Maintained by BR Stakeholders ___ b 1 b 3 -P L 86-3 TSHS fh'Hr Obtaining the creder n ti a l T o o b t ai a t he _ _ _ _ _ _ a a request must be submitte L in the '------ ------ -- --- -1 NSA' s__ c q rporate aed entTaling system A request mt t contain the name of a -- v lia sponsor who cu n-ently holds th req ested credenti l The Assod '' 3 -P L 86 _36 Directorate for Secunty and Countenntelhgence Q revtews l -l qu sts tot b 1 security concerns If approved the request is forwarded tg SVJo rfinat adjudication b 3 - P L 86-36 SV verifies that the individual is cun-ent on the required 't ainllig explained below and that the request inc1 udes a valid missignju sfificatio11 If all r quirements are met - SV approves the credential inl lf6r 'ent_ry inn I - fi S GBP1 W Maintaining the crec tential To ensure that personnel remain cun-ent on trruhiQg SV runs Ireport several times a week that lists all the personnel credential and their trairung status which is color coded with thel green cunent red expired If someone's OVSCl 000 or OVSCJ J00 training has expired SV notifi es that person by e-mail that training must be completed If OVSC1800 or OVSC1205 0VSC1206 has expired access is revoked immediately request is submitted and all training is Access is not restored until a newl cunent If an individual's training expires and the credential bas been revoked thjs would not violate the BR Order However if someone accesses BR metadata but has not completed the required trairung this would violate the BR Order because the person has not been appropriately and adequately trained The violation requires notice to the Court 14 11 ' U ffOUO The Court understands that the technical personnel responsible for NSA 's underlying corporate infrastructure and U1e transmission of the BR metadata ii om the specitied persons to NSA will not receive special training regarding the authority granted herein TOP SECRE'fh'Sif i'IOFORN 19 DOCID 4273474 TOP SECRGBPT SI I t OF OR N ST-14-0002 U FOUO Appropriate and adequate training NSA CSS Policy 1-23 Procedures Governing NSAICSS Activities That Affect U S Persons 30 July 2013 requires that Agency personnel civilians military military reservists integrees and most contractors complete intelligence oversight 10 training annually TS SI W In addit 911 - t Q g u alify- for th redential and comply with the-requi'fei iieiits of the BR Order persons must have completed specific training courses within the last 12 months All courses are developed by NSA 's ADET in b 1 conjunction with the OGC mission subject matter experts and mission compliance b 3 -P L 86-36 professionals o U f OUO O VSC IOOO NSA CSS Intelligence Oversight Training the Agency's core IO course is provided to the workforce to maintain a high degree of sensitivity to and understanding of intelligence laws regulations and policies associated with the protection ofUSP privacy rights during mission operations Personnel are familiatized with the major tenets ofthe four core IO documents Executive Order E O 12333 as amended Depm tment ofDefense DoD Regulation 5240 1-R Directive Type Memorandum DTM 08-052 and NSA CSS Policy J-23 OVSCI 000 is web based and includes knowledge checks for proficiency 15 o U ffOUO O VSCllOO Overview ofSignals Intelligence Authorities the core SIGINT IO course provides an introduction to various legal authorities that NSA uses to conduct its operations Upon completion personnel should be able to identify applicable surveillance authorities at a high level define the basic provisions of the authorities and identify situations and circumstances requiring additional authority OVSCJ J00 is web based and includes knowledge checks for proficiency All personnel in the U S SIGINT System USSS working under the NSA Director's SIGINT authority with access to raw SIGINT m e required to complete OVSCJ I 00 every 12 months o U FOUO O VSC1800 Analytic and OVSC1806 Techn ica l Legal Compliance and Minimization Procedures advanced SIGINT IO course that explains policies procedures and responsibilities within missions and functions ofthe USSS to enable the protection ofUSP and foreign partner ptivacy rights Upon successful completion NSA analysts with mission requirement s to access raw SIGINT databases will have met the additional training requirement imposed by SID OVSC1800 and OVSC1806 are web 'ilj 3'FP t' s 3s basedo an d 5P C 9 C P e ams - I I Personnel who do not p fsnbe-test after Q attempts must e remedial training All personnel in the USSS working under the NSA Director's SIGINT authority with access to raw SIGINT are required to complete OVSC 1800 or OVSC 1806 every 12 months I 15 U 'fOUO E O 12333 United Stales lnlelligence Activilies DoD Regulation 5240 1-R Procedures Governing the Activities ofDoD Intelligence Components That A fecl US Persons DTM-08-052 DoD Guidance for Reporting Questionable Intelligence Activities and Significant or Highly Sensitive Mailers TOP SBCRETHSI i'IOFOR 20 DOCID 4273474 TOP SECRETh'SI INOfi'OftN ST -14-0002 o U I'FOUO OVSC1205 Ana lytic and OVSC1206 Tecbn ica l Special Training on FISA advanced IO courses that present legal policies surrounding the FISC Orders and RAS standards pertairung to specific CT focused programs OVSC1205 and OVSC1206 are web based and include competency exams with a minimum passing score of 90 percent for OVSCJ205 and 89 percent for OVSCJ 206 a higher proficiency threshold than other courses because BR FISA data has a greater probability of contairung USP information Personnel who do not pass the test after one attempt must complete remedial training All personnel with access to the BR FTSA program are required to complete OVSCI205 or OVSCI206 every 12 months U f'OUO DoJ NSD review of training material As the BR Order requires NSA's OGC provides DoJ NSD copies of the material e g OVSCI205 and OVSCI206 training courses used to train NSA personnel on the authority OGC most recently provided DoJ NSD copies of revisions to the training materials in February 2014 NSA had revised the training materials because of the 17 January 2014 program changes which incJuded the two-hop limitation and FISC RAS-approval process U Access requirements for technical personnel to BR repositories U f'OUOJ The BR Order states that appropriately trained and authorized techllical personnel may access the BR metadata to perform those processes needed to make the data usable for intelligence analysis The following describes the repositories and systems and the access requirements for techujcal personnel - titf b 3 -P L '86-36 b 3 -50 usc 3024 1 ' o TS Sii o OUO Backup tapes are securely stored in a locked cabinet inside a restticted access room at a secure L__j tacility and are only accessible by - s j_gnatedl personnel - TOP SECRBTHSI NOFOltN -- b 3 -P L 86-36 21 DOCID 4273474 'fOP SECitE'fh'SI NOPORN ST-14-0002 o - TSNSM't f I I - ' 'b _6 b 3 -P L 86 36 -- b 3 50 usc 3024 i I o o U fi'OUO NSA's Corporate Infrastru cture Technical personnel responsible for maintaining NSA' s underlying corporate infrastructure and transmission of BR metadata to NSA e g corporate Ipersonnel and SharePoint system administrators are not required to receive special training regarding the BR program f b 3 -P L 86-36 - l U Access requirements for analysts to query BR repo _itones j TSNSINHF To query thel hii base using analysts including DIAs must_ - H te d__ q n Jh f luser Grou in 1 The pr e ss Jo be--add ed t6 the us gx9 ilp W as discussed- intheL -_ __ o ' ' ' W1 leti'' anal SlS lo i iifol -- Iusing their public key infrastructure bJ 'tJ pa _'Vord ve'fi'fies that the anal st s are listed on the b 3 -P L o s 36 'and the Y liave the - I a t tree requrrements are met t e inl and query BR ersotmel had the ability to run queries on I L - --- ---I 'T' - ---- r - -r- --------- mode U iq OU0 1 Table 14 summarizes the pro-vi ions ofBR Order 13-158 for access and training and the controls implemented by NsA -to--IJ J aintain compliance oo ' b 3 -P L 86-36 o o o o o o o o I TD ted1nical el system accesses tol 4 oo - wereterminated 17 U fOUO l 18 U PKI is used to authenticate users on NSA networks PKI binds oublic kevs with us s of a ai gital certificate authority I 1 'fOP SE CR-BTHSI NOFOR 22 DOC ID 427347 4 sew 0002 Ethll - 35 35 U Table 14 Access and Training Provisions and Controls e to authorized personnel who have received metadata must be approved for appropriate and adequate training credential All personnel with ccess-to 'the EMU repositories must have thalikredential All personnel who query the BR metadata in the EMU 35 33 repositories must have the credential and be on the All personnel with th credential must complete appropna an a equate training veri ed and monitored by SW U Appropriately trained and authorized WTechnical perso the technical personnel may access the BR BR metadata must have the metadata to perform those processes needed credential and must have completed appropriate to make it usable for intelligence analysis and adequate training veri ed and monitored by EU U Technical personnel responsible for U Technical personnel responsible for underlying corporate infrastructure and underlying corporate infrastructure do not receive the transmission of the BR metadata from the special training regarding the BR program speci ed persons to NBA will not receive special training regarding the authority him granted herein- 36416 U DGC and DDOC will further Before an analyst sends BR unique ensure that all NSA personnel who receive query results containing USP information to another query results in any form rst receive individual the a st con rm that the appropriate and adequate training and recipien redentiaI-i' An individual guidance regarding the procedures and with th credential must complete and restrictions for the handling and remain current on required training which includes dissemination ofsuch information- training and guidance on handling and disseminating such data- U NBA will maintain records of all such ADET Enterprise Learning training Management database is SSR for maintaining training completion records U BBC will provide N30 with copies of OGC provides BR FISA training all formal brie ng andlor training materials material to Bed N80 for review before modifying including all revisions used to briefltrain material in the OVSC1205 and DVSC1206 training NSA personnel concerning this authority courses rm I U Queryrn 86-36 U Provision of BR Order 13-158 NSA may access BR metadata for purposes of obtaining foreign intelligence information only through queries of the BR metadata to obtain contact 23 DOCID 4273474 TOP SECRBT 81 INOFOR N ST-14-0002 chaining information using selection terms approved as seeds 19 A seed is a selection term approved for querying BR metadata All selection terms to be used as seeds with which to query the BR metadata must first be approved by the S214 Chief or Deputy Cbjef or one of the twenty specially authorized HMCs in the SID Analysis and Production Directorate 20 Approval shall be given only after the designated approving official has determined that based on the factual and practical considerations of everyday life on which reasonable and prudent persons act there are facts givina rise to a RAS that the selection term to be ueried -is - - - o o hereafter the Foreign Powers Ifthe selection term b tr ' ' a o - - - 1-i ved to be used by a USP the NSA 's OGC must first determine that b l -P L -86 36 the USP ts not regarded asl b 3 -50 usc 3024 1 ' lsolely on the basts of actiVIties that are protected by the Ftrst Amendment to the Constitution 21 RAS approvals shall be effective for 180 days for any selection term reasonably believed to be used by a USP and one year for all other selection terms I I U lFOU O Furthermore queries of the BR metadata using RAS approved selection terms mai' occur either by manual analyst query or through the automated query process 2 Contact chaining que1ies ofBR metadata wiJI begin with a RAS approved seed and will return only that metadata within three bops of the seed 23 - U If'OUO The tem1 s ti on terins ine-ludeslM is not limited to identifiers Tbe term identifiers means a tele hone number as that term is commonly understoo'd an a used 19 20 TSI Sh'f fF' Selection terms that are the subject of electronic surveillance authorized b the FISC based on the FISC's ftndin of robable cause to believe that the are used b including those used by USPs may -- ---- ---- -- -- -- - be deemed approved for querying for the period of FISC- wthorized electronic surveillance without review and 1 approval by a designated approving official On 26 Fe brtwry 2014 NSA began sending selection terms to the FISC for RAS approval to comply with the President's directive of 7 January 2014 On 28 February 2014 the FISC approved RAS tor the first two selection terms under this new process 21 U The First Amendment to the U S Constitution prohibits making any law abridging the freedom of speech infringing on the freedom ofthe press inter'terin g with the right to peaceably assemble or prohibiting the petitioning for a government redress of grievance the BR Order no longer requires that NSA's OGC perform a First Amendment review of selection terms used by USPs for non-emergency RAS requests the FISC performs those reviews This change was mad - following the President's directive on 17 January 2014 which requires that NSA submit selection terms to th FISC for RAS approval 22 TSI Sil W The autop1a ied query process was initially approved by the FISC in the 7 November 2012 Order that amended docket number BR 12-178 Although approved NSA never implemented and is no longer authorized to use the automated query process since it withdrew its request to do so in the renewal applications and declarations that support th BR Orders approved by the FISC beginning with BR Order 14-67 dated 28 March 20 14 23 U fOUO The first hop from a seed returns results including all selection terms and their associated metadata with a coniact and or connection with the seed The second hop returns results that include all selection terms and their associated metadata with a contact and or connection with a selection term revealed by the first hop The third hop returns results that include all selection terms a nd their associated metadata with a contact and or connection with a selection term revealed by U1e second bop On 29 January 2014 NSA 's software system controls were modified to limit the number ofhops from seed selection terms to two to comply with the President's directive of 17 January 2014 TOP b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i SECRET 4'SI OFOR l 24 DOCID 4273474 TOP SECRET ISI INOFORN ST -14-0002 Appropriately trained and authorized technical personnel may query BR metadata using selection terms that have not been RAS approved to perform processes needed to make the BR metadata usable for intelligence analysis and may share the results of those queties with other authorized personnel responsible for these purposes However the results of such queries may not be used for intelligence analysis purposes NSA must ensure through adequate and appropriate technical and management controls that queries ofBR metadata for intelligence analysis purposes will be injtiated using only selection terms that have been RAS approved U Presidential directives affecting querying controls in 2014 U On 17 January 2014 and 27 March 2014 the President ofthe United States directed that NSA implement the following changes to the BR FISA program I U lFOUO Submit selection terms to the FISC for RAS approval Before 17 January 2014 selection terms were RAS approved by the S2I4 Chief or Deputy Chief or one of the twenty specially authorized HMCs as the BR Order required and OGC performed First Amendment reviews for selection terms associated with U S persons 2 U fFOUQ1 Restlict contact chaining to two hops from seed selection terms Before 17 January 2014 approptiately trajned and authotized NSA analysts were authorized to query to three hops however NSA guidance restricted those analysts to query BR FISA repositories two hops from seed selection terms and one additional bop three bops from seed selection terms with S2 division management approval 3 U FOtJO Store BR metadata in provider controlled repositories and not in NSA repositories Once implemented NSA will submit FISC-approved RAS selection terms to providers for them to query their repositories Providers will provide to NSA only the results ofthose queries U fOU0 1 NSA implemented the first two directives by February 2014 The third directive storing BR metadata in provider repositoties and obtaining only those query results from providers will require passage of a new statute for the production of business records which had not been enacted when this report was issued U FOUO The remainder of this section documents the control framework in place for querying BR metadata in 2013 including the changes implemented by the President's directives in 2014 U Determining seed selection terms for requesting RAS approval U FOUO Analysts working CT missions focus on lead selection terms which can be detived from multi le sources - 6 f3 -P L 86-36 wid g oftradecraft in determining which selection Analysrs ap-pfy a _terms to pursue RAS approval 1 TOP SECifB'fh'SI NOFOltN 25 -' Ii r DOCID 4273474 'fOP S CRE'ff 91 N OFOR N ST-14-0002 o b 3 -P L 86-36 UJI FOUO Analysts making determinations whether selection terms are eligible to be used as seeds under the BR FISA authority must consider all the facts they know or reasonably can know before submitting requests for RAS approval Looking at the totality ofthe circumstances analysts evaluate whether there is a RAS that the selection terms are used by persons associated with one ofthe terrotist organizations in the BR Order The level of proof demanded by the RAS standard is less than a preponderance of the evidence or probable cause U ffOUO Nonetheless the RAS standard requires more than a mere hunch or uuinformed guesswork Analysts must have an articulable reason supported by at 6 _P L a 6 -3 6 least one source for suspecting that the person using the selection tetm is associated - witlf One ofthe terr orjst organizations in the BR Order Sources used to justify RAS - re uests include but e-noi 1imited to o o _ __________ T II' T- he RA S - --sta-n d ard' is-t- he_s_ a_ m_e_fl o-r_s_ e lec- tion -tet_ m _s_ J associated with USPs and foreign persons TSI SI Wj Analysts electronically submit RAS reguests--in l 1- NSA's RAS selection tetiD J P anag_ me nt systerii -1 lhas required fields for analysts '' ' to enter'jU'sfit12aHO s--for RAS requests user nationalities and user ties to at least one 3i p ae _36 o f tbeJ rr qr - - anizations in the BR Order Analysts save the supporting - docu m t ation for RAs -r-eqaests inl for review by designated officials As- mtho d ed--by- the BR Order if selection tetms are subject to ongoing FISCauthotized decfron-ic s iye Iran ce l lbased on a finding of probable cause that the selection terin- is--use L_or about to be used by persons associated with one of the identified foreign powers NSA-may se the selection terms to query the BR metadata without obtainjng RAS because pro bable caw - a hjgher standard has already been met In these cases entries are still submitted through along with supporting documentation and HMC and possible OGC review if a ll - 1 selec io ter i$ s qci e w_i_ _ a U __ o Jd a so be_re _uired Ac ording to -P L 86-36 b 3 P l s6 3Et - _a_maJonty of the selectiOn terms submttted for RAS approval are -denved fromr r b 3 0 Lisc - 24 i l _ I I o I I I - TSHSIHNF Maintaining the _______________ list in TSf Sf ' ff I U lf RAS requests are based in part or in whole on NSA SIGINT NSA performs a purge verification check for the selection term when the request is submit1ed to ensure that the selection term had not been submitted for on-demand retroactive or reactionary removal of data ti om NSA SIGINT system repositories The purge verification field must be tilled out when creating a RAS request and must be conducted no more U1an 24 hours before submission 24 'fOP S CR e'fh'Sf rOFORN 26 DOCID 4273474 'fOP S CRE'ff 91 N OFOR N ST -14-0002 'b 1J b 3 -P L--86-36 b 3 -50 usc 3024 1 TSf SfHt fF RAS can be met only on selection terms associated with the terrorist organizations li J d I Those would include organizations listed in the F _S C apprbved BR Order or based on IC reporting and determined by NSA's OGC ---- - a terrorist oroanization in the FISC-a roved iq -- __ b 3 P l - 8 6 3 6 _ ___ _ - - L _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ - - - - - Ollly 'indivi duals ssigned--the - tetTotist organizatio n ll st in- _ - _ - I - ' b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i role can maintain the NSA p r _onnel were assigned this role I TSA'SIH l - - - - - b 1 b 3 -P L 86-36 Iwhich NSA implemented in June 2010 provides the s st _I'l l co trol framework f r nominating justifyinfo revie g approving and hsapprovmg RAS for selectiOn t rmsA _has bmlt-m safeguards to ensure - that RAS approved se ection 'teai-Is comply with requirements of the BR Order - e g reqt t_i_r ed-- RAS approvals documented only approved terrorist organjzations used _ - Jor--RAS maximum time limits not exceeded f MS approvals d Ialso _ serves as the c tu Jhoritative---source-forRAS approved selection terms and exports the - s eredion ie ims to other systems in the BR control framework b 3hP L 86-36 U RAS approval process-2013 --------- U FOU0 1 In 2013 the RAS approval process included certain mechanisms NSA usecflo determine whether selection terms were associated with one of the terrorist organizatio s ittl Ibefore BR authorized analysts could use the selection terms as seeds to query BR metadata Consistent with tbe BR Order all selection terms used as seeds for querying BR metadata were first approved by the S2I4 Chjef JJ 1 b 3 -P L _8_ 6 -_36_ _ _ _ _ _ __ 25 TS fSh' tW ln Mav 2012 DoJ NSD stated that 1t was generallv acceotable for NSA 's OGC to determine based onlrrenorti1w hnaddition with the condition ofRAS being met NSA can include I L Dfu thcr s ted that OGC must rev s t thosc dctenu uahous every months ------ ---- - - 'fOP gECitE'f'f gf fNOFOit'N 27 b 3 -P L 86-36 b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i J DOCID 4273474 'fOP SECRE'fi SI INOFOR N ST-14-0002 or Deputy Chief or one of the 20 specially authorized HMCs If selection terms were reasonably believed to be used by USPs NSA' s OGC determined whether the USPs were regarded as associated with one of the ten01ist organizations named in the BR Order solely on the basis of activities protected by the First Amendment Figure 4 illustrates the RAS approval process in place during 2013 U Figure 4 RAS Approvals Needed Before Querying BR Metadata in 2013 U FOUO NSA analyst seeks approval to query the BR rnetadata using the sel ction ternt of an Individual suspected of being associated with a designated terrorist organization 0 U Is there a reasonable articulable suspicion that terrorist organization the individ al is associated with a design ted NO YES STOP PROCESS CONTINUE PROCESS Homo Dnd Mission Coordinator HMC ven4es U11s step Is the selection term associat ed with a U S pers o n NO YES Is the susp icion of association w ith a _d e signated ie rrorist organization b ased solely o n a ctivities p rotected by the First Amendm ent - NO CONTINUE PR YES STOP PROCESS G NSA Olf ee ol Geneml Counsel verfft9SI 1JS step CONTINUe PROCESS After analysis NSA issues a r eport if appro'priate U U fF Ol J01 Table 15 summarizes the RAS selection terms approved in 2013 b 1 U Table 15 2013 RAS Approvals b 3' P L 86-36 b 3 -50 JSC 3024 i FSHSIIItlF Approved Approved o U Data includes RAS selection terms that were approved more than once in 2013 t U fFetl Data only includes unique selection terms approved during 2013 it excludes multiple RAS approvals for the same selection terms in 2013 TSI 01Hf4F U HMC review process-2013 U fF OUO After RAS approval requests are submitted inl J automatic e-mail notifications are sent to HMCs alerting them that requests are_ iivailable for review Depending on the ranking assigned to RAS approval requ sts in reminder e-mails are sent afterl jfq r emergency requests j o _ __ _ _ - -----' ' TOP SEER e'fh'SI NOFOitN 28 ' L - - - - - - - - 1 b 3 -P L 86-36 DOCID 4273474 TOP SECRET Sf NOf OftN ST -14-0002 request_ IDvf Cs o _ lfor priority requests _ P d - l_ _ _ _ ___ lfor routine requests verify that -- - o U IFQ UOfJustification s sufficiently and accurately document user ties to the -selec'tion terms submitted for RAS approval o U FOUO Justifications clearly support user ties to one ofthe terrorist _ o organizations listed oo inl b 3 -P L 86-36 I o U fF OUO RAS requests are supported by credible source documentation o U f OUO Source documentation is current and has not been superseded by other intelligence RAS requests contain time restrictions if selection terms are or were associated with users for only a specific and limited time and o UNFOUO If SIGINT is used as justification for RAS approval requests analysts performed purge verifications when requests are submitted U fFOOO IfHMCs determine that the documentation requirements have not been met and the RAS standard bas not been not satisfied analysts are notified of deficiencies and asked to provide additional information HMCs denote denied RAS requests as Pending until adequate y docum p t ed inl If the documentation requirements re met and the RAS standard has been satisfied HMCs F6 change tbe t tus o fredue from Pending ' Jg ' Approved inl 9 -PgeJ s jpl l documeiiCrurst atus changes and edits of the original RAS I sts '6 ' 3 ' ' o h f t o s t ie c ea it -i fnated appro i t sOGC approve selection terms used by USPs before completing the RAS approval process Figure 5 illustrates the RAS standard U JFOUO Figure 5 RAS Standard ------ - - - - - - - - - - - - - - - - - - - - l i I Ii o Ti i i' Jj b 3 -P L 86-36 UI Some BR tr ained - nd authorized analysts can approve RAS requests and query BR metadata However lsistem controls prevent persons from submitting and approving their own RAS requests 26 TOP SBCRBTHSI NOFORN 29 DOCID 4273474 TOP SECimT Sf NOI OftN ST-14-0002 U OGC First Amendment review of seed selection terms associated with USPs-2013 U fFOUO NSA is prohibited from establishing RAS on a USP selection term based solely on activities protected by the First Amendment In 2013 RAS requests containing selection terms associated with USPs were forwarded to the NSA OGC for a First Amendmen J view d Isent automated e-mail notifications to des ignated OGC attorneys until a First Amendment review was completed OGC reviewed the RAS requests and source documentation as well as the RAS decisions 'ti i t-P L S -36 made by HMCs and determined whether NSA intended to target individuals based _ - solely on activities protected by the First Amendment If there were indications that - RAS requests were l ed solely on such activities OGC would deny the RAS request denoted as Disapprove d in I Once OGC bas approved RAS requests inl I the selection terms are authorized for use as seeds for querying However a series of system updates must be completed before analysts can guery BR m tl l da ta using ne wly approved seed seleotiou- terms l bH1r 1 I b 3 -P L 86-36 U Controls for querying BR metadata using only RAS approved seed selection terms within the authorized number of hops U A 'Ol 91 l I tracks the status of selection terms and for an Approved stat us the expiration of the RAS approval The BR Order specifies that RAS approvals shall be effective for 180 days for selection terms reasonably believed to be used by USPs and one year for all other selection terms However NSA out of an abundance of caution used a more restrictive RAS expiration policy in 2013 JJ-P L-86 36 90 days for selection terms used by USPs and 180 days for selection terms used by for elgii pefscfns 2 7 _1 Iis configured to automatically change the status of ' x n terms from Approved to Expired when expiTation dates NSA et ooo o o -- U fFOUO I J I Its the graphical user interf ce that analysts use to query data in including BR metadata When launching analysts with I 27 U ffOUO was recon figured so that selection terms used by USPs expired in 173 days and 358 for all others NSA made this change to avoid burdening tbe FISC which began approving RAS for selection terms as the President had directed with more frequent reauthorizations than the BR Order requires 'fOP SECifB'fh'Sf NOFORN 30 DOCID 4273474 TOP SECRE'f'h'Sf INOI OltN ST -14-0002 b 1 _ appropriate credentials have the ootion to include BR metadata in their queries If aiia1vsrs sd'ectthe l b 3 -P l 8 -36 I o '-o _ o TSNSIH W When in el lmod eofl I analysts may onJy use a RAS approved selection term Q query Bifmetadata The term used to initiate a query of BR metadat is r eferted to as a seed because it is used to produce a chain of J letaclaurcontacts known as contact chaining When analysts submit seed selection r m for q ry KJtSipg_l -- another part o middleware called '' ' ' ' ' e 'hmphatic Access Restriction EAR checks whether d1e selection terms appear as b 3 P L 8Et 6 1 Itables 28 The EAR through mternal '- Apprgyed ln the software _system controls ensures t at contact chaining is restricted to seeds that are RAS apptoveg_by preventing n - RAS approved l ection terms from being used as seeds for condu Ctl'ng q _U l chaining analysis of BR metadancinf e g expired -- ommissioned' disappr d sel-ection te1 ms terms that have never_ been entered mto l If selection terJ s submitted by analysts for querymg of BR metadata appear as Approved in the tables the EAR allows queries to perform The EAR prevents queries from performing when the selection terms do not appear as Approved I I I I U FOUO In 2013 the EAR software system controls also restricted the number of hops to three from the seed for contact chaining as the BR Order authorized 29 However if analysts after reviewing the first two hops results wanted to perform contact chaining out to a third bop fro m the seed selection term SID policy required that they fust obtain S2 division management approval NSA relied on analysts to comply with SID policy-no system control was in place to prevent analysts from querying out to three hops without S2 division management approval U q OUO To understand how contact chaining was performed and the system controls implemented by the EAR to only allow querying using RAS approved seeds and within three bops of the seed selection term in 2013 it is helpful to review an example b 1 b 3 -P L 86-36 S $ _b' REL TO USA FVEY Seed selection term A-reasonably believed to be used by a foreigii jYerson was RAS approvL e _y_a_n r 7 l ' n-o 1rst en m en 't_r_ e ' ' t e-w- w - -a s- t- e-qu ' t' re T 'r-e-c-au-s-e- selection tej A the eed was not used by a U S person The analyst entered selection J e n n A in-to to perform contact chaining analysis one hop from the seed The ' ''' '' _ EAR au toma tica Uy cheeked the Itables to determine whether b -3 P B 3 I Tsl Sh'R fi N SA ii1r i li i E'A Rl Betore Jbe rei ied on analvtic due diligence to query I BR 'inetadata W i_t l only RAS approved sel Li2 term C'Afted release in June 2010 the EAR was reconfigured to use data froni ho prevent ql'id'ies it I using selection terms that were not RAS approved including USP selection terms that OGC had not reviewed 29 TSHSII Hf On 29 January 2014 NSA modified the EAR sotlware system controls to reduce the number of hops from the seed to two to comply with the President 's directive of 17 January 2014 28 I I TOP SECRETHSI NOFOR t ' 31 I DOCID 4273474 fOP SRCRE'fHSI INOFOR N b 3 -P L 86-36 ST-14-0002 selection term A was RAS approved Because it sh9 ed as RAS approved the EAR 'b jr - - - _ - allow d the query fBR etadata i First hop queries returned all b l P L 86_36 -- selectwn terms Y l m the BR repos1tory and assoc1ated metadata that had a b 3 -18 USC 798 contact or connectiOn witlffhe seed l b 3 -so usc 3o 4 i o Pf the analyst tried to query beyond the third bop or query usmg a select10n term tbat bad not been RAS approved the EAR would have prevented the action 1 U EAR bypass TSf SfH W B a s itcan takel Ifor system updates to complete before aRAS approved selection term can be used for querying BR metadata an EAR bypass was implemented for emergency situations If an analyst with a RAS b 1 approved seed selection term and S214 management approval determines that b 3 -P L 86-36 immediate querying ofBR metadata using the RAS approved seed selection term is necessary to obtain time-sensitive results to respond to an emergency S2I4 informs designated OGC SV and ODOC personnel ofits intention to bypass the EAR software s stem controls After this notification S2I4 management contacts the team requesting that designated analysts be temporarily added to the - user group inl I This allows the analysts to select the oliF ' ii - bYP S Qpti J i n thereby bypass ing the EAR software system controls for b L - op re t c i n s an c eck s ofRAS' selettiOff'tertJJS' against- thq - -tabJ s AnaJ S t wjrh manu a l cks by direct on-site supervisor oversight ensure that q'iieries pJ GBPf i11ied in the byp_ s m ode do not ex ee hops before 17 January 2014 o-nwo ll ops on and after l 7 J nuary 2014 Th team is notified when the analyst s should g removed the user group - J I immediately following NSA s r ponse to an emergency situation or after pormal system updates have completed to all o' JPY' queryi using the RAS appro red selection terms No NSA personnel were included uilhe user group j L --------1 I from I U Querying by trained and authorized technical personnel for testing purposes only S Sf tW The BR Order allows authorized NSA technical personnel to access the BR metadata including throuah ueries to make it usable for intelliaence analysis This includes erformin and maintaining records to demonstrate compliance with the BR Order I Iowever technical personnel do not share the results ofthese ueries with anal sts Tests of BRm rGBP rm as the BR' Order allows Onl -- y-a l im ited- --num- -b-er -o- f -te-c- -hu-1 - c-al -pe--r-so_n_n_e- -1- w ho -a-p-pe_ru _ - i n -I tbel TOP SECRETHSI NOFOR t ' 32 - b 3 -P L 86-36 DOCID 4273474 'fOP SECKE'ff Sf N OP ORN b 1 b 3 -P L 86-36 ST -14-0002 user E Y P inl l can query BR metadata usinf non RA pproved selection terms m operational da t_ - e s The l _user gro'-'p IS used only by t fbnical -personnel S 1 audits all que1ies performed using query tools by technical _ and mission personnel to ensure comf iance with the BR Order authorized 'l 3 15 J 3 NSA technic'hl 'pers'onnet wete in the I - 1 - l user group0 U RAS approval process-2014 TSHSJH iF On 17 January 2014 the President directed that NSA implement changes in how it operates the BR FISA program NSA must submit selection terms to the FISC for RAS approval and limit contact chaining to two hops from the seed selection terms Before 17 Jauuaty 2014 RAS selection terms were approved by the S2I4 Chief or Deputy Chief or one of the twenty authorized HMCs as the BR Order required-rand contact chaining was allowed out to three hops I b 1J b 3 P l 86 36 - i---------- -1-A s_a_n_a_d d e d_m_e_a-su_ r_e_ on 2 3 J an _u_a_ ry 2' 0 l4 - a ll l -J 'IR A S-s ' el ect io_n______ ' te-rm -s in-au -A pproved status were changed to Revalidate inl 130 b 3 -P L 86-36 U fFOUO In the weeks following the President's directives through a mot10n to amend BR Order 14-01 the FISC approved on 5 February 2014 tbe following U The government may request by motion and on a case-by-case basis permission from the Court for NSA to use specific selection terms that satisfy the RAS standard as seeds to query the BR metadata to obtain contact chaining information within two hops of an approved seed for purposes of obtaining foreign intelligence information In addition the Director or Acting Director ofNSA may authorize the emergency querying of the BR metadata with a selection term for purposes of obtaining foreign intelligence information within two hops of a seed if l the Director or Acting Director ofNSA reasonably determines that an emergency situation exists with respect to the conduct of such querying before an order authorizing such use of a selection term can with due diligence be obtained and 2 the Director or Acting Director ofNSA reasonably determines that the RAS standard has been met with respect to the selection term In any case in which this emergency authority is exercised the government shall make a motion in accordance with this amendment to the BR Primary Order to the Court as soon as practicable but not later than seven days after the Director or Acting Director ofNSA authorizes such query U fFOUO In response to these new requirements the NSA BR control framework changed o U q QUO RAS approvals submitted to th e FISC NSA no longer approves RAS for selection terms except in emergency situations HMCs or the S214 Chief or Deputy Chief previously approved RAS They now perform b 3 -P L 86-36 DOCID 4273474 TOP SECRETh'SI NOFOR N ST-14-0002 only first level reviews to determine whether RAS requests are adequately documented and supported by creditable source documentation in I Analysts follow the same preliminary procedures as before for determining whether select ion terms are used by persons who are reasonably believed to be associated with one of the terrorist organizations listed in the - BR Order and for documenting RAS req11 sts in I I After reviewing document qn HMCs send RAS requests back to analysts to the supporting make addi jQnal changes as needed deny RAS requests or formally endorse them Thily RAS requests endorsed bY f l MG$ a re submitted inl Ito - -- OGC for second--leveheview rega'rdiess of whether selection terms are used 'b '3 Pi '86 36 by USPs or foreign persons o' U -FOUO J OGC no longer officially performs First Amendment reviews of selection terms used by USPs for non-emergency RAS requests the FISC performs those reviews OGC now performs second level reviews ofRAS requests source documentation and endorsement decisions by HMCs to provide greater assurance that the FISC will not reject RAS requests because of insufficient documentation or First Amendment concerns for selection terms used by USPs OGC reviews HMC endorsements during RAS verification meetings at which HMCs present evidence supporting the RAS justifications for review by SV OGC and the S2 Declarant usually the S214 Chief or Deputy Chief who signs the eventual motions seeking FISC approval of the selection terms This group known as the RAS verification panel chaired by SV confirms that representations in RAS requests are accurate If the RAS verification panel endorses the RAS requests OGC submits them to DoJ NSD for review and submission to the FISC for approval At each level of review by HMCs OGC the RAS verification panel and DoJ NSD all questions concerns and requests for additional information must be satisfied before DoJ NSD submits the requests to the FISC TSl SII W The FISC makes the final determination of whether the RAS standard bas been met for each request and notifies DoJ NSD of its decision to approve or disapprove requests After OGC has been notified by the DoJ NSD ofthe FISC decision OGC enters the date ofthe decision saves the supporting court doc umentation _ and upda tes the dispositions ofRAS requests _ inL Ias Approved or Disapproved 31 FISC approvals are effective for 180 days for selection terms used by USPs and one year for all ' 'b ' 3 PJ S6 3 others However NSA established slightly more conservative expirations in I I 173 days for selection terms used by USPs and 358 days for all others Figure 6 illustrates the non-emergency RAS approval process 31 I U ffOUo l is the system of record for storing documents relating to NSA authorities including BR Orders for the BR FISA autl1ority TOP SEC RETHSI 1 0FOR ' 34 DOCID 4273474 TQP S CR-ETh'SI N OFOR N ST -14-0002 U Figure 6 Non -Emergency RAS Approval Process U ii OUO t Analyst Creates I R B eu-ationJ I Rellllltdation _1 Request y HMC Review I J NSAOGC is 77 notlfiedot FISC's de coslon I f J 1 NSAOGC -14 Review I '' 5 DOJ Review and 6 FISC Reviews makes ' 3 I- OetununatJon i f HMC initiate liAS Venfiatlon SV HMC OGC and SZ Declarantl I b 3 -P L 86-36 U FOUO o U FOU0 1 Emergency RAS approva ls Under the BR Order the NSA Director DIRNSA or Acting DIRNSA can approve RAS for selection terms for querying BR metadata within two hops ofthe seed selection term only after the RAS standard has been met and only when responding to emergencies When submitting a RAS request for emergency approval analysts document the request and justification for emergency approval in 1 l An HMC performs a first-level review and requests additional infonnation from the analysts as needed and denies or endorses the emergency RAS request If the HMC endorses the RAS verification panel is immediately convened to review the supporting documentation and rt J -P L 86-36 justification for requesting emergency approval If the RAS request contains a - selection term used by a USP OGC perfonn s a First Amendment review to determine that the basis for seeking RAS is not solely based on activities protected by the First Amendment If the RAS verification panel concurs with the HMC' s endorsement and OGC concludes that there are no First Ameudment concerns the S2 Declarant BR FISA Authoti ty Lead SV and OGC - lll Qrief the DIRNSA or Acting DIRNSA who determines whether an em rgency shua_tion exists and the RAS standard bas been met and the RAS determi nation is n'ol b sed solely on First Amendment protected activities U fFOUG Jf the DI 'SA q r Acting DIRNSA approves the emergency RAS request OGC''saves the appro 'abqpcumentation and changes the disposition ofthe RAS request to Approved ' Bl land notifies DoJ NSD ofthe emer ency RA approv If immediate query in is required S2I4 c_oordrnates addmg the designated analysts to the L Iuser group inI l see Querying ' se _ion for EAR Bypass rocedur s Otherwise the destgnated analysts must wmr-1 Jfor a senes of system updates to complete before querying BR metadata using the emergency -approved selection term U FOUG- The BR Order requires that witbjn seven days of the emergency RAS approval DoJ NSD ftle a motion with the FISC on behalf ofNSA TOP SBCRETHSI 1 0FORN 35 DOCID 4273474 TOI' SECttE'f'h'SJ NOFORN ST-14-0002 concerning the emergency authorization Ifthe FISC grants the motion OGC enters the date the FISC approved the RAS request and records the supporting cou rt documentation I If the FISC denies the motion NSA will b 3 -P L 86-36 take remedial action including actions the FISC bas directed Figure 7 illustrates the emergency RAS approval process iq U Figure 7 Emergency RAS Approval Process U fffltl6t lLJ 1 Analyst Creates Re quest II Lr 11 I HMC Review l s I __ 41 Review NSA OGC S2 Staffs Request I '-- 3 1- I J sj I I tWvoIUua tqn 1-l'- b 3 P L 86-36 FISC Notiflcat ion and Review ' ' 1 HMCcreates new re quen In I 11 ' - 10 1 NSAOGC documents aooroval in I HMC inltlates RAS Ve rification SV HMC OGC and S2 Declarant 1-6-' OIRNSA Re v1e ws a nd makes Oetennlnatlon l Exvi Uon I 1 L 1 DOJ Nottflc tion and Review UI FOUO '6 1 Q m LTO USA fPvfYrrry l I the DIRNSA approved the first and only selection term for emergency querying sin e receiving tbj new mandate from the FISC on 5 February 2014 A motton was filed w1tb the b 3 -P C -86-36 fl C within seven days of the DIRNSA' s approval ofthe emergency RAS Ithe FISC approved RAS for the selection term requesr - 1 o U fOUO Two-hop r estriction for con tact chaining On 29 January 2014 NSA modified the EAR software system controls to restrict contact chaining to two bops from seed selection terms as the President bad directed Before 17 January 2014 autbotized NSA analysts could query BR FISA repositories two hops fi om seed selection terms and one additional hop three hops from seed selection terms with S2 division management approval U Table J 6 summarizes the provisions of BR Order J3-158 for querying BR metadata and the controls NSA implemented to maintain compliance 'fOP SECRE'fh'Sff i'IOFOR ' 36 DOCID 4273474 'fOP SECH'f Sf NOI OftN ST -14-0002 U Table 16 Querying Provisions and Controls U I' Provision Control Seed selection terms must be approved by a designated approving official and also reviewed by OGC if the selection term is used by a USP before querying BR metadata for intelligence analysis purposes In 2013 1 l qontrols ensured that one of the 22 designated approving officials approved RAS for selection terms and if use d by USPs OGC performed a First Amendment review Selection terms were added to the RAS Approved List only after the required approvals were documented inl r I Approvals shall be given only after the designated approving official has determined that there are facts giving rise to RAS that the selection term to be queried is associated with a Foreign Power l lstor s supporting documentation for justifying RAS ifi llso-maintains the authoritative Jist of lfq_cei n p wers - ' - b 3 -P NSA shall ensure th rough adequate and appropriate technical and management controls that queries of the BR metadata for intelligence analysis purposes will be initiated using only a selection term that has been RAS approved EAR restricts contact chaining to only those seeds that are RAS approved by preventing all non RAS approved selection terms e g expired disapproved from beinp used as se ds for conducting contact - chaining RAS approvals must not exceed 180 days for selection terms reasonably believed to be used by a USP and 365 days for all other selection terms -- _ automatically changes the status of RAS approved selection terms from Approved to Expired when expiration dates set by NSA are exceeded In 2013 expiration dates were set for 90 days for selection terms associated with USPs and 180 days for all others Results of contact chaining queries must not exceed three hops from seed selection terms In 2013 the EAR limited the number of hops to three from the seed selection term for contact chaining Technical personnel may query the BR metadata using selection terms that have not been RAS approved to perform processes needed to make it usable for intelligence analysis SV reviews all query records for compliance with the BR Order U On 26 February 2014 NSA began sending RAS requests to the FISC for approval to comply with the President's directive of 17 January 2014 On 28 February 2014 the FISC approved RAS for a selection term under this new process and NSA began the process of manually entering h_he dates that the FISC approved RAS for selection terms was updated into l to require that FI$C approval dates be inputted into it before adding seleCtion terms to the RAS Approved List - t U 1F61 161 The AR relies on RAS approved selection terms to l e accurately entered by l in 2014 NSA discovered instances of RAS authorized personnel manually intol approved selection te'r rns that were inaccuratt9IY entered intqJ by authorized personnel In response NSA implemented a two-person review for acc racy of RAS approved selection terms manually entered intd l U JFe YO l the expiration d t s I'Jr-l were changed to 173 days for selection terms used by USPs anq 358 d ys for all 6ther's U 1 ' he EA R sotty af system controls were modified to limit the number of hops from seed seleclld ii terr ns to tWo- to comply with the President's directive from 17 - l January 2014 I I I I ---- 1 U b 3 -P L 86-36 37 86-36 DOCID 4273474 TOP S CitE'f Sf N Ofi'Olt N ST-14-0002 U Sharing and Dissemination U Provisions of BR Order 13-158 U ffOUO Sharing Results of intelligence analysis queries of BR metadata may be shared before minimization for intelligence analysis among NSA analysts subject to the requirement that all NSA personnel who receive que1y results in any form first receive appropriate and adequate trainjng and guidance regarding the procedures for handling and disseminating such information -3J P L U FOUO Dissemination NSA shall apply the minimization and dissemination requirements and procedures of Section 7 ofU S Signals Intelligence Directive USSID SP0018 to any results from queries of the BR metadata in any form before the information is disseminated outside NSA in any form In addition before disseminating USP information outside NSA the DIRNSA the Deputy Director or one oftbe officials listed in Section 7 3 c ofUSSID SPOOJ8 i e Director ofSI D Deputy Director of SID Chief oflnformation Sharing Services SIS Deputy Chief of SIS and the Senior Operations Officer ofthe National Security Operations Center must determine that the information identifying the USP is related to CT information and it is necessary to understand the CT information or assess its importance CT nexus Approximately every 30 days NSA shall file with the Court a report that among many things includes a statement of the number of instances since the preceding report in which NSA has shared in any form results from queries of the BR metadata that contain USP information in any form with anyone outside NSA 86-36 ' - _ _ U Sharing BR-u nique information with authorized NSA personnel -- 'fS SINtij NSA refers to sharing as providing query results internally to ' appropriatel trai Q d and authorized NSA personnel Sharing restrictions in the BR Order pnly apply HR nique query results of a USP BR unique is a term used - by NsA' that refers to cont acts within a chain solei derived from BR metadat'a Oral or written eptctlOtJ S marupu atwns an summanes are a so query resu ts U ess - ready i_ncluded in a -di_ssemin te r p rt BR-unique querf results contai ing USP 1pformat1on are only sharep with mdJvJduals who have the redent1al BR st eholders manually check to confirm that recipients havel before sharing BR-unique USP information in any form BR stakeho lders also enstit that documents or files containing BR-unique USP information are only stored in acc'e ss-controlled personal or shared network locations accessible only to BRcleared personnel and that BR-unique results containing USP information di played in the wdr place are not visible to analysts who do not have 1 -- b 1 to I I I - u l fT rn oI lbH3 -P L 86-36 1 u- u Jl '- V'- TOP SE CRBTHSI rOFOR r 38 DOCID 4273474 TOP SECRETHSI fNOFORN ST -14-0002 o o b 3 -P L 86-36 U Disseminating BR-unique information U Dissemination is the sharing of information outside NSA The BR Order includes two provisions for disseminati ng information the CT nexus requirement and the dissemination tracking requirement o U FOUO CT Nexus Requirement The CT nexus requirement applies only to disseminations ofBR query results containing USP information The dissemination provisions of Section 7 3 c ofUSSID SP0018 must be followed If query results include USP information unique to BR metadata and the analyst needs to disseminate that information to an external customer such as the FBI then the CT nexus requirement must be met before disseminating information in any form However if query results contain only foreign person information the CT nexus requirement does not apply when disseminating BR information The remainder of this section focuses on disseminating USP information derived from BR-unique metadata TSHSL ' W In accordance with USSID SP0018 ifunminimized USP b 1 - - b 3 -P L 86-36 b 3 -50 usc 3024 i information is to be disseminated one of the designated approval authorities must determine that the information is necessary to understand the foreign intelligence in the report before the information is released Tbis applies to all disseminations of unminimized USP information under all NSA authorities The BR Order further requires that one of the approving authorities confinn that the information identifying a USP also relates to CT information and is necessary to understand the CT information or assess its importance SJ S stated that most disseminations of USP information detived fi om BR metadata I U rOUO There are two categories ofBR disseminations Published di ssemi natiqns I I l an d -o-t- ber--- dt sse_m i -oat io_n_s e- g - -o-ra- -1- -b ti -e- fi-n-gs- to_r_e_c ip i-en_t_s___ o ' ' ' ' external to NSA such as the FISC who are not receiving the information as part of their lawful executive or legislative oversight function 'IJ l P oo ooooo' ' ' U F8UO I lt ports are used to disseminate SIGINT information - - that responds to special C req-uirements o 1 - ----- ---- -- ----- - --' ' -- ---------- reports are disseminated in a limited distribution to customers empowered to act on the information and to additional customers who have an operational needto-know e g FBI NCTC Central Intelligence Agency CIA Office of the Director ofNational Intelligence ODNI 39 DOCID 4273474 TOP SECRETh'SI I OFOR N ST-14-0002 o U ifOUO RFis are requests by customers e g FBI for information from NSA RFis are usually requests requiring one-time specific responses o U FOUO topic or event ------- l are - IGINf reports tbat gener allY foc IJ $ 911 0 1 1 B -P L 86-36 variety of collection authorities to a wide aud _e nee However I r are not used to disseminate USP inforD J atiot unique to BR met a ct at a-- ' - U FOUO After one ofthe approving authorities listed in Section 7 3 c ofUSSID SP0018 bas approved the dissemination ifUSP information it is usually combined unique to BR metad i i 11cluded in anJ with -inforniafiO'ti rrom other collection authorities to provide a more I t t i 86 36 0 Ji ri e r summar - s ' s t ks the idT e eof ' distributed widely and sends separately an Identities Release Memorandum only to those parts of the IC that need to know the person's jidentity 3 Only th e recipients within the IC who receiv both the and Identities Release Memorandum can determme the USP identity and then only after submitting a formal justified request that has been approved by one of the officials listed in Section 7 3 c ofUSSID SP0018 f U fl'OUO Dissemination ofBR information occurs most f n inl __ --___ reports SJ S stated that even when NSA disseminates information using RFis correspondiug r - - lrepgrts follow To formally document the dissetl l Jnatio1L 31 Jh L ihe information requested by one IC customer bu importanfio other IC customers to be released through a slightly wider aibeit highly controlled distribution Table 17 summarizes the BR reports ' '' ' disseminated in 2013 b 3 -P L 86-36 32 U JfOUQ7 Masking is the process ofusing generic identification tenus in place ofUSP names titles or contextual identifiers so that the person 's identity is not revealed in written or oral disseminations 33 U tf 'ffl ffi S214 confirmed tl1at all RFis containing BR-unique information have been followed up wi_ ll reports j j _ L--- J OP SB-ClfET#81 Ii fQFOR 40 _ - b 3 -P L 86-36 DOC ID 4273474 bust-PL 86-36 86-36 86-36- use 3024 i Qll5ll FHEWI I 464W U Table 17 BR Reports Disseminated in 2013 a 86 36 BR Reports Disseminated Total Selection Terms Reported gDerivecl from BR Total BR Unique Selection Terms Reportedl Total U S Contacts Reportedr There werel additional disseminations in oral presentations The NBA Director briefed the SSCI land NSA made a presentation to the FISC I Ulr FO d'O't The 315 Chief or Deputy Chief two of the approving authorities designated in USSID SPOOIS reviews the majority of the requests for disseminating USP information for all NSA authorities including these unique to ER Dissemination requests are approved usually the day they are received Senior Operations Officers SOD in the National Security Operations Center NSOC are also authorized approvcrs for disseminating USP information and typically review and approve dissemination requests submitted after hours or in emergency situations reassess maintains disseminated reports I signed in an access-controlled SIS network folder Disseminations approved after hours by the 8003 are formally documented normally the 36-36 1' A 41 DOCID 4273474 ror SGBPCttl'l'f Sf NOPORN ST-14-0002 following business day by Sl S The NSOC Senior Reoortina Officer notifies SIS of these disseminations J 'b 3 p l _ s6-36 - o o U fOU8 b tal b riefings that include USP information derived from BRunique metadata to olfioial outside NSA occur less frequently Normally these briefings are provideci by-NS_A leadershjp who are approving authorities for disseminating USP information 1ii'lderJJSSID SP0018 All other BR stakeholders coordinate approvals with one' Ofthe a prfvin1 authorities before presentmg mformatwn outstde NSA The CT d1vts1011 tracks oral btiefings only and Sl Sand S214 track aJI disseminations o USP information published and oral which are included in the 30-day reports fil ed with the FISC as the BR Order requires o TS SI Hf Dissemination Tracking Requirement The second provision oftbe BR Order that appli es to USP information is the dissemination tracking requirement regarding BR-unique information NSA tracks and reports to the FISC every instance in which NSA disseminates USP information derived from BR metadata 36 Approximately every 30 days OGC requests fi om Sl S b _ Lo - 36 and S2I4 the number of disseminated reports containing USP information - - d rived from BR-uni ue metadata for in ut into the 30-da re orts fil ed with o Although no longer required to track disseminations offoreign person information S2I4 continues to track all disseminations ofBR-unjque information Dissemillations were tracked manually until l l NSA's corporate dissemination tracking tool was implemented b 1- Since then all disseminated re orts containjn BR-unique inforqtation _ have b 3 -P L -s6 3 been tracked in completed he _v pload of -- -- D urrent and past BR disseminations into L --- -- 1 I I b 3 -P L 86-36 U 'FOUO Table 18 summarizes the provisions ofBR Order 13-158 for sharing and disseminating information derived from BR query results and the controls implemented by NSA to maintain compliance 36 TSI Slh'NF Since 3 September 2009 BR Order 09-13 NSA has been exempt from reporting in the 30-day reports to the FISC BR disseminations to the executive branch for oversight On 3 January 20 14 the date the FISC approved BR Order 14-01 this reporting exemption was further extended to include BR disseminations to U1e legislative branch for oversight 'fOP S ECRE'fh'Sff i'IOFORi'l 42 I DOCID 4273474 TOP SECRETf Sf NOPORN ST -14-0002 U Table 18 Sharing and Dissemination Provisions and Contr Pifi 'f' I S1f' li li ttJ14ltl' r 'r ' II Provision P 0 3 - L 86-36 CQntrOf U Results of intelligence analysis queries of the BR metadata may be shared before minimization for intelligence analysis purposes among NSA analysts subject to the requirement that all NSA personnel who receive query results in any form first receive appropriate and adequate training and guidance regarding the procedures o' and restrictions for handling and disseminating such information o o - - I fTC Cih'tJF B 3 stal eholders manually check NSA's corporate authorization services tool to confirm that recipients hay el lbefore sharino BR-unioue ouerv re sulfs of a USP in anv form J L o o b 1 b J -P L 86-36 o I U Before disseminating USP information outside NSA the NSA Director the Deputy Director or one of the officials listed in Section 7 3 c ofUSSID SP0018 must determine that the information identifying the USP is related to CT information and that it is necessary to understand the CT information or assess its importance U One of the designated approvers usually the S1S Chief or Deputy Chief verifies that the CT nexus has been met before disseminating USP information in any form The approving documentation is independently maintained by S1S for internal recordkeeping and for external review by overseers U Approximately every thirty days NSA shall file with the Court a report that among many things includes a statement of the number of instances since the preceding report in which NSA has shared in any form results from queries of BR metadata that contain USP information in any form with anyone outside NSA U fFel le7 S1 S and S214 independently track the number of disseminations since the preceding report in which NSA has shared in any form results from queries of BR metadata that contain USP information in any form with anyone outside NSA ST tracks oral disseminations only This data collectively is provided to OGC for input into the 30-day reports filed with the FISC Ti ii NF U Retention U Provisions of BR Order 13-158 U The BR Order requires that BR metadata be destroyed no later than five years 60 months after its initial collection b 3 -P L 86-36 U NSA' s BR age-off process - TS SlHtW To remain compliant with the five year retention requirements NSA comnleted its first BR aae-offi l Mav 2011 1 o o' o TOP SECRETHSI NOFOR t ' 43 b 1 b 3 -P L 86-36 DOCID 4273474 4-0002 than bll3l-P-L- 35-35 Based on guidance from OGC BR retention compliance is determined using the date when records are received from providers not the call communication date Record receipt date is the date on which providers electronically deliver BR metadata to NSA Call communication date is the date on which atelcphone call is made front one selection term to another Timing differences with call communication dates and record receipt dates lbll ll 86-36 toast 1a use 793 usc 3024a I Because of these differences NSA tracks record receipt dates for BR metadata to document compliance with the BR Order I I tam 86-36 bust 50 use 302a U Quarantine process WI I blill initial-PL 36-35 tonal 1a use 793 bust-50 use 3024a In September 3 113 the Do Civil Division directed NSA to preserve all records relating to the collection ol BR tnetadata under the BR program as a result ofcivil lawsuits against NSA To comply with the preservation order NBA did not age-oil'dala with record receipt dates exceeding months in sot-4 This data was saved itt partitions within NSA system repositories inaccessible U Seleclton terms also relcr to Ideuttlters used in dialed number recognition cg telephone ntunbers 44 DOCID 4273474 'fOP SECH'f Sf NOI OftN ST -14-0002 U 2013 age-off 'fSf SINNf ---------------------------------------------- I b f b -P L 86-36 U IFOl JO Table 19 2013 BRAge-Off Procedures b 1J b 3 P L J - 6 TSHSiffi4F U Changes that affected the 2014 age-off U FOUO ln September 2 013 DoJ' s Civil Division directed NSA to preserve all records relating to the collection ofBR metadata under the BR FISA program as a result of civil lawsuits against NSA This affected the age-off performed during 2014 BR metadata that would have been aged off to comply with the BR Order was 'fOP SECRE'fh'SI 1 0FOR I 45 DOCID 4273474 'fOP SECRE'fHSI fNOFORN ST-14-0002 retained to comply with the preservation obligation This data was saved in partitions within NSA system repositor ies inaccessible to analv$ts J U f'OOO On 12 March 2014 the FISC granted the government's motion for '6 1 '- ___ temporary relief from the five year destruction requirement pending resolution of the 39 b 3 -P L 86-36 pres rvaJ - 1 -i ation filed by plaintiffs As yermitted by the B 0 rder analys s contmue to acceSS f-o r- mteUtgence purposes r e L h epOSlt9 r y that contams 010 retention cutoff date usii'i'g onlb J -P L _ BR metadata receive on or aftel lhe 86 36 RAS approved selectwn terms b 1' - ' ' ' 1 I b l -l _ c ss-36 b 3 -50'USC 3024 i I 1 -------------------------------------------------- 1 __ b -P L Jl6-36 b 3 -SO usca Q 4 i 39 I C o t I 'o TOP SBCRBTHSI NOFORN 46 DOCID 4273474 TOP SECRE'ff Sf NOf OftN ST -14-0002 CNREL TO USA F'IE'f Table 20 1 I - b 1 b 3 -P L 86-36 '----------___ before and after data comparison I U fFOUO Table 21 summarizes the provision of BR Order 13-158 for retention and the control implemented by NSA to maintain compliance U Table 21 Retention Provision and Control U IFeW- Provision II BR Metadata must be destroyed no later than five years after its initial collection II Control See Table 19 for the procedures performed to age-off BR metadata to comply with the BR Order in 2013 U 1 U Oversight U Provisions of BR Order 13-158 U NSA's OGC and ODOC will ensure that personnel with access to BR metadata receive appropriate and adequate training and guidance regarding the procedures and restrictions for coll ection storage analysis dissemination and retention of the BR metadata and the results of queries oftbe BR metadata NSA' s OGC and ODOC will further ensure that all NSA personnel who receive query results in any form first TOP SECRE'fh'Sf NOFOR 47 DOCID 4273474 'fOP SECRE'fHSI INOFOR N ST-14-0002 receive appropriate and adequate training and guidance regarding the procedures and restrictions for handling and disseminating such information NSA will maintain records of all such training OGC will provide DoJ NSD with copies of all formal briefing and or training materials including all revisions used to brief train NSA personnel concerning this authority U NSA's ODOC will monitor implementation and use ofthe software and other controls including user authentication services and the logging of auditable information referenced in the previous paragraph U NSA will ensure that au auditable record is generated whenever BR metadata is accessed for foreign intelligence analysis or accessed using foreign intelligence analysis query tools U NSA' s OGC will consult with DoJ NSD on all significant opin ions that relate to the interpretation scope and or implementation ofthis authority When operationally practicable such consultation will occur in advance otherwise DoJ NSD will be notified as soon as practicable U At least once during the authorization petiod NSA's OGC ODOC DoJ NSD and any other appropriate NSA representatives will meet for the purpose of assessing compliance with the Court's orders Included in this meeting will be a review of NSA' s monitoring and assessment to ensure that only approved metadata is being acquired The results ofthis meeting will be reduced to writing and submitted to the Court as part of any application to renew or reinstate the authority U At least once during the authorization period DoJ NSD will meet with the NSA' s OIG to discuss their oversight responsibilities and assess NSA's compliance with the Court's orders U At least once during the authorization period NSA's OGC and DoJ NSD will review a sample of the justifications for RAS approvals for selection terms used to 40 query the BR metadata U NSA oversight U FOU0 1 In addition to the oversight requirements listed in the BR Order NSA performs additional oversight not required in the Order to ensure compliance The organizations and the oversight performed are described next U FOUO BR FISA Aut hority L ead is the focal point for the BR FISA program within SID reporting to the CT Associate Deputy Director who reports to the SID Director The BR FISA Authority Lead's responsibilities include 40 U fFOUO As of28 March 2014 BR Order 14-67 the FISC no longer required OGC and DoJ NSD to conduct periodic reviews ofRAS approved selection terms The government sought this change as a result of the President's directive of 17 January 2014 that NSA submit selection terms to the FISC for RAS approval TOP SECRETHSI NOFORN 48 DOCID 4273474 TOP SECRETf Sf NOFORN ST -14-0002 o U iFOUO Chairing weekly BMD meeting o U f OUO Ensuring appropriate program direction and proper program functioning o U FOUO Signing NSA's declarations to the FISC during renewal and o U FOUO Ensuring that the BR authority is used as described in the BR Order U FOUO Weekly BMD meetings are held to discuss BR FISA program activities to ensure compliance with the BR Order They include representatives fi om OGC ODOC TV SV GTO DIAs TD CountertetTorism Production Center S2I OIG and other organizations involved in the BR FISA program Agendas and notes are maintained for each meeting U iFOUO Autho rities Integrat ion G r oup AIG reports directly to the Deputy DIRNSA The AIG works directly with SID and Information Assurance Directorate authority leads includiog the BR FISA Authority Lead and holds weekly meetings with the authority leads and corporate process leads e g TD ODOC OGC U 'fOlJOj The AIG focuses on the activities for each authority both internal and external to ensure that they are coordinated and integrated across NSA The AIG acts as a forcing function within NSA facilitating discussion among the Directorates to promote a better understanding ofhow decisions affect the various authorities The AIG updates the Deputy DIRNSA quarterly on each authority U ODOC In 2009 NSA created the position ofDirector of Compliance to improve the Agency's ability to keep NSA's activities consistent with the laws policies and procedures designed to protect USP privacy during SIGINT and information assurance missions ODOC has specific functions with the BR FISA program outlined in the Order The Assistant Director for Special Compliance Activities is ODOC 's representative to the BR FISA program Some ofODOC's responsibilities include o U Involvement in all decisions related to the program o U Participating in weekly BM D meetings o U Updating BR FISA program training material o U Participating in quarterly compliance meetings with DoJ NSD and o U Leading the verification of accuracy VoA process U fOUO The BR FISA program has been designated a special compliance activity SCA since 2009 that is an NSA mission activity determined to require additional tailored compliance safeguards to ensure the protection ofUSP privacy When an activity is identified as an SCA ODOC becomes active in all aspects of implementing the SCA until it is determined that it is sufficiently underpinned by the Comprehensive Mission Compliance Program and significant risks have been TOP SBCRETh'SI NOFOR t ' 49 DOCID 4273474 'fOP S CRE'ff 91 NOFORN ST-14-0002 mitigated The Comprehensive Mission Compliance Program provides a framework and strategy to organize govern and resource compliance activities across NSA o U fOUO NSA's external overseers e g DoJ NSD FISC Congress have a heightened sensitivity about an activity or the means by which NSA is executing an activity o U f'OUO NSA' s legal policy compliance or oversight elements determine that an activity requires attention to understand the application of compliance measures and potential risks or o U fOUO NSA identifies an activity or process that may be out of sync with oversight and compliance regulations and policies thus making NSA vulnerable to compliance incidents U fFOUO Recognizing the critical importance of the completeness and accuracy of documentation filed with external entities ODOC developed line-by-line accuracy procedures known as VoA These procedures provide greater assurance that the representations NSA made to external overseers are accurate and based on a shared understanding among operational technical legal policy and compliance officials NSA uses the VoA process during the application process to the Court when requesting renewal ofthe BR Order U fFOUO OGC has specific functions with the BR FISA program outlined in the Order One requirement is that the OGC consult with DoJ NSD on all significant opinions that relate to the interpretation scope or implementation of the authority The lead OGC BR attorney assigned from January 2013 to September 2014 stated that OGC consults with DoJ NSD on all significant opinjons OGC saves all cotTespondence discussing significant legal opinions with DoJ NSD in an accesscontrolled network folder U fFOUO f In 2013 NSA OGC met with DoJ NSD at least once during each BR authotization period to revi ew a sample of the justifications for RAS approvals for selection terms used to quety BR metadata However as of 28 March 2014 BR Order 14-67 the FISC no longer required OGC and DoJ NSD to conduct petiodic reviews of RAS approved selection terms The government sought this change as a result of a January 2014 presidential directive under which NSA began submitting selection terms to the FISC for RAS approval U f'OUO In addition to the OGC's oversight requirements listed in the Order the OGC defined its BR FISA pro gram responsibilities as o U f'OUO Addressing all legal questions fi om BR FISA program stakeholders o U ffOUO Coordinating all interaction with DoJ NSD 'fOP SECR-BTHSI NOFORN 50 DOCID 4273474 TOP SECttET Sf NOfORN ST -14-0002 o U f'OUO Coordinating the ftling of30-da y reports and renewal documents o U f'OUO-j Leading quarterly compliance reviews with DoJ NSD o U FOUO Performing First Amendment reviews for USP RAS approval before 17 January 2014 o U fOUO Coordinating RAS requests and submitting them to DoJ NSD for approval by the FISC on and after 17 January 2014 and tSI W - - Approv-ing- t V -addi-tions ofl __ _ _ _ _ _ ___ l to U FOUO SV implements the SIGINT compliance program across NSA particularly withjn SID enabling the SIGINT mission to operate in compliance with laws policies and other guidance SV provides guidance across the global SIGJNT enterprise manages compliance incidents mom tors compliance in high- risk areas resolves problems and verifies compliance through site visits audits and managing the SIGINT Intelligence Oversight Officer program '6 l1 - TSNS1 41 t SV performs two main oversight functions for the BR FISA program b 3 -P L 86 36 -- manaaina access b veri ing training requirements semi-weekly for persons who have the redential and for persons included in the FISABR user gro p in and 2 auditing all BR que1ies performed using query tools by -- uiission and techmcal personnel to vetify compliance with the requirements of the BR Order SV's process for verifying training and managing access can be found in the o b 3 -P L 86-36 Access and Training section 'T'Sh'Sf NF As the BR Order requires whenever BR metadata is accessed for foreign intelligence analysis or accessed using foreign inteJligence analysis query tools an auditable record of activity is generated Although not required by the BR Order NSA audits all query records SV verifies that only authorized personnel with the required credentials queried BR metadata selection terms used to query BR metadata for intelligence analysis were RAS approved at the time of the query and queries for intelligence analysis remained within the authorized number ofhops fi om RAS approved seeds as the BR Order requires For the last two checks SV verifies manually that the EAR software system controls are working as intended SV stated that it bas never found an instance of the EARl b 3 -P L l allowing anon-compliant query to complete In 2013 audited au l BR query records for that year sv I U Additional SV responsibilities include b 1 b 3 -P L 86-36 o U Ensuring that SID incident reports are entered tim ly into NSA' s corporate incident reporting database o U Assisting in the development of oversight and compliance courses o TSh'SIN W Providing BR query statistics and l monthly metrics reports provided to SID leadersbjp ' TOP SECRGBPTHSI rOFOR ' 51 lcredentialing data for DOCID 4273474 TOP SECRETf Sf NOFORN ST-14-0002 o UIJ'F OUO Maintaining the content and access to the SV BR SharePoint site for st01ing BR FlSA program documentation o U fFOUO Performing VoA for statements assigned to SV in the BR Declarations and o lf tWl Approving witi L ll l '''ons o _ ' bi I U fFOUO In 2013 SV also assisted DoJ NSD in its periodic review of -P L approved selection terms used for querying BR metadata SV provided DoJ NSD with RAS justifications and supporting documentation for each review As previously mentioned in the OGC Oversight section the periodic reviews ofRAS approved selection terms were discontinued pursuant to BR Order 14-67 28 March 2014 86 36 - U fOUGj TV is responsible for identifying assessing tracking and mitigating compliance risks including USP privacy concerns in NSA mission systems across the extended enterprise including systems that hold BR metadata TV manages the system compliance certification process continuous compliance monjtoring and technical compliance incident management and conducts training and awareness for technical personnel TV attends the BMD weekly meetings and performs VoAs for areas assigned to it in the BR Declarations U FOUO OIG conducts audits special studies inspections investigations and other reviews ofprograms and operations ofNSA and its affiliates OIG oversight includes o UNFOUO Performing audits and special studies of the BR FISA program o U fOUO Meeting with DoJ NSD at least once during each BR authotization petiod to discuss oversight responsibilities NSA' s compliance with the BR Order the status ofOIG reviews and important developments affecting the BR FISA program notes from these meeting are documented in b 3 -P I - 86 3 1 I o U f FOUO Receiving notification of incident reports for all NSA authorities including BR FISA saved in the Agency's corporate io cident reporting database o U FOUO Reviewing Congressional Notifications and notices filed with the FISC of incidents of non- compliance with the BR Order o U fOUO Preparing Intelligence Oversight Quarterly Reports in coordination with the DIRNSA and OGC that summarize compliance incidents for all authorities occurring during quarterly review periods and forwarding the reports to the President's Intelligence Oversight Board through TOP SECRETHSI rOFOR r 52 DOCID 4273474 'fOP SECKE'f Sf INOfi'OftN ST -14-0002 the Assistant to the Secretary of Defense for Intelligence Oversight ATSD IO 41 o U fFOU01 Performing IO reviews during OIG inspections ofjoint and field sites o U fOU01 Attending weekly BMD meetings for situational awareness o U f OUO Maintaining the OIG Hotline and responding to complaints of violations of law rule or regulation the OIG also investigates allegations of SIGINT misuse by NSA affiliates operating under the DIRNSA SIGINT authority and o U FOUO Reporting immediately to the ATSD IO a development or circumstance involving an intelligence activity or intelligence personnel that could impugn tbe reputation or integrity of the IC or otherwise call into question the propriety of an intelligence activity UNfOUO The OIG reviews management controls maintains awareness of compliance incidents and stays informed of changes affecting NSA authorities including BR FISA OIG reviews of the BR FISA program allow it to independently assess compliance with the BR Order Since 24 May 2006 the date the 01iginal BR Order was signed the OIG bas completed five BR FISA program reviews Table 22 summarizes OIG reviews oftbe program U Table 22 OIG Reviews of the BR FISA program U fFe le7 Date n lssuiHi ll I 9 C I o Assessment of Management Controls for Implementing the FISC Order Telephony BR ST-06-0018 Reviewed collection processing analysis dissemination and oversight controls NSA Controls for FISC BR Orders ST -10-0004 Reviewed querying and dissemination controls summarized pilot test results for January through March 2010 05 25 11 Audit of NSA Controls to Comply with the FISC Order Regarding BR ST -1 0-0004L Reviewed querying and dissemination controls summarized the monthly test results for 2010 10 20 11 Audit of NSA Controls to Comply with the FISC Order Regarding BR Retention ST -11-0011 Verified age-off of BR FISA metadata in 20 11 to maintain compliance with the 60 month retention requirement of the BR Order 08 01 12 NSA Controls to Comply with the FISC Order Regarding BR Collection ST-12-0003 Reviewed collection and sampling controls for ensuring that NSA receives only the BR FISA metadata authorized by the BR Order 09 05 06 05 12 10 U This report summarized monthly test results of the BR querying and dissemination controls during 2010 U Fe let 41 U I'FOUO In 2014 the ATSD IO was changed to the Office of the Senior DoD Intelligence Oversight Official 'fOP SECifB'fh'SI NOFORN 53 DOCID 4273474 fOP SECREl'I 81 INOFOR N ST-14-0002 U External oversight U DoJ NSD is the liaison between NSA and the FISC for the BR FISA program DoJ NSD oversight includes the following o U Coordinating 90-day renewal applications o U fOUO Providing guidance to NSA OGC on all signjficant legal opinions relating to the interpretation scope and implementation of the BR authority o U fOUO Reviewing NSA briefings and training transcripts to ensure that they accurately describe the requirements of the BR Order before NSA incorporates material into its training program e g OVSCJ 205 OVSCJ 206 o U FOUO Meeting with NSA's OIG at least once during each BR authorization petiod to discuss oversight responsibilities and NSA compliance with the BR Order Proposed initiatives and other important developments affecting the BR FISA program are discussed with the OIG o U Meeting with NSA' s OGC ODOC and other NSA stakeholders at least once during BR authorization periods to assess compliance DoJ NSD meets with OGC ODOC and the BR FISA Authority Lead to review the Quarterly Compliance Report that summarizes the results of weekly tests NSA performed to ensure that NSA is receiving only auth01ized data DoJ NSD submits summaries of these meetings in writing to the FISC as part of applications to renew the authority TSHSli NT' In 2013 DoJ NSD met with NSA OGC and SV at least once each BR authorization period to review a sample of the justifications for RAS approvals for selection terms used to query BR metadata For RAS selection terms approved in 2013 DoJ NSD sampled 100 percent of the USP RAS selection terms and 20 percent of the foreign RAS selection terms As mentioned in the OGC Oversight section DoJ NSD and OGC's periodic reviews ofRAS selection terms were discontinued pursuant to BR Order 14-67 dated 28 March 2014 NSA now submits selection terms to the FISC for RAS approval to comply with the President's January 2014 directive Table 23 summarizes DoJ NSD sampling ofRAS selection terms approved in 2013 6 b g i a 6 36 U FOI IO Table 23 DoJ NSD Sample of RAS Selection Terms Approved in 2013 TS f l t4FJ 20'% o U Estimate calculated using DoJ NSD sampling methodology sample 20 percent of foreign selection terms for review t U Data includes RAS selection terms that may have been approved more than once in 2013 TSHSI If4F fOP SECiffil'h'SI INOFORH 54 DOCID 4273474 T l' SGBPCtt1'1T SI N f 0ltN ST -14-0002 U OUO ODNI representatives attend DoJ NSD meetings with NSA's OGC ODOC and the BR FISA Authority Lead to review the Quarterly Compliance Report Although ODNI does not have a formal role described in the BR Order it participates in its general role as an overseer of IC activities G'fREL TO USA f V-gJPY FISC is the approving authority for all renewals amendments reinstatements of the BR authority and starting in February 2014 RAS for selection terms NSA submitted The FISC approves the BR P1immy Orders that authorize NSA to acquire bulk BR FISA metadata and the BR Secondary Orders that compel providers to provide daily bulk BR FISA metadata to NSA for the duration of the Order The FISC performs oversight by receiving filings ofRule 13 a Notices Correction ofMaterial Facts and Rule 13 b Notices Disclosure ofNon-Compliance by DoJ NSD on behalf ofNSA The FISC also reviews the 90-day renewal applications and 30-day reports that NSA files The 30-day reports document NSA application ofthe RAS standard no longer applies after March 2014 NSA's implementation and operation oftbe automated query process no longer applies after March 2014-NSA never implemented the process and withdrew its request to do so NSA's description of significant changes in the way in which the BR metadata is received from providers and significant changes to the controls NSA has in place to receive store process and disseminate BR metadata and the number of instances since the preceding report that NSA disseminated in any form USP information outside NSA The 30-day reports also include NSA's attestation that the CT nexus was completed and disseminations were approved by a designating approving authority before disseminating USP information de1ived from BR-unique metadata U Table 24 summarizes the provisions of BR Order 13- J 58 for oversight and the controls implemented by NSA to maintain compliance U Table 24 Oversight Provisions and Controls U I'fet10t Provision II Control NSA's OGC and ODOC will ensure that personnel with query access to BR metadata receive appropriate and adequate training and guidance regarding the procedures and restrictions for collection storage analysis dissemination and retention of the BR metadata and the results of queries of the BR metadata NSA's OGC and ODOC will ensure that all NSA personnel who receive query results in any form first receive appropriate and adequate training and guidance regarding the procedures and restrictions for the handling and dissemination of such information See Table 14- Access and Training Provisions and Controls NSA will maintain records of all such training OGC will provide DoJ NSD copies of all formal briefing and training materials including all revisions used to train NSA personnel concerning the authority 'fOP 8ECRE'fh'SI t ' OFORN 55 II DOCID 4273474 TOP SECRETh'SI INOfi'OftN ST-14-0002 NSA's ODOC will monitor implementation and use of software and other controls including user authentication services and the logging of auditable information referenced above SV performs 100 percent audits of queries performed using query tools by mission and technical personnel to verify that only authorized personnel who have the required credentials queried BR metadata selection terms used to query BR metadata for intelligence analysis purposes were RAS approved at the time of the query and queries for intelligence analysis purposes remained within the number of authorized hops from RAS approved seeds NSA's OGC will consult with DoJ NSD on all significant opinions that relate to the interpretation scope and or implementation of this authority NSA OGC confirmed that NSA has always consulted with and received advance approval from DoJ NSD and the FISC before implementing significant changes to the BR FISA program NSA OGC saves all correspondence with DoJ NSD in an accesscontrolled network folder At least once during the authorization period NSA's OGC ODOC DoJ NSD and any other appropriate NSA represen tatives will meet to assess compliance with the Court's orders Included in this meeting will be a review of NSA's monitoring and assessment to ensure that only approved metadata is acquired The results of this meeting will be reduced to writing and submitted to the Court as part of any application to renew or reinstate the authority DoJ NSD meets with OGC ODOC and the BR Lead to review the Quarterly Compliance Report which summarizes the results of weekly tests performed by NSA to ensure that it is receiving only the BR metadata authorized by the Order DoJ NSD submits summaries of these meetings in writing to the FISC as part of the applications to renew the authority At least once during the authorization period DoJ NSD will meet with the NSA's OIG to discuss their respective oversight responsibilities and assess NSA's compliance with the Court's orders NSA OIG meets with DoJ NSD at least onpe during BR authorization periods to discuss oversight responsibilities and NSA's compli nce with the requirements of the Order Notes from these meeting are documented in I I At least once during the authorization period NSA's OGC and DoJ NSD will review a sample of the justifications for RAS approvals for selection terms used to query the BR metadata In 2013 NSA OGC and SV met with DoJ NSD at least once during BR authorization periods and review a sample of the justifications for RAS approvals for selection terms used to query the BR metadata o 3 -P l 86-36 o As of 28 March 2014 BR Order 14-67 the FISC no longer required OGC and DoJ NSD to conduct periodic reviews of RAS approved selection terms The government sought this change as a result of the President's January 2014 directive under which NSA began submitting selection terms to the FISC for RAS approval U ff'Ot10j U BR FISA Program Incidents of Non -Compliance UNFOUQ1 FISC Rules ofProcedure require that NSA report con ections ofmaterial facts and disclosures of non-compliance with FISC Orders NSA also must determine whether Congressional notifications are required Our review focused on the process for identifying and reporting incidents of non- compliance the incidents reported in 2013 to the Court and other external overseers and the controls NSA has instituted to mitigate recutTence of compliance incidents TOP SBCRETHSI i'IOFOR 56 DOCID 4273474 TOP SEiCRGBPTH81 I t OFOR N ST -14-0002 U FISC Rules of Procedure U The FISC Rules of Procedure 1 November 2010 adopted pursuant to 50 U S C 1803 g govern FISC proceedings Rule 13 Correction ofMisslatement or Omission Disclosure of Non-Compliance is the procedure that NSA follows when notifying the Court through DoJ NSD of BR FlSA misstatements and compliance incidents U Rule l 3 a Corr ection of M ateria l Facts 1f the government discovers that a submission to the Court contained a misstatement or omission of material fact the government must immediately in writing inform the Judge to whom the submission was made of 1 U the misstatement or omission 2 U necessary corrections 3 U the facts and circumstances relevant to the misstatement or omission 4 U modifications the government bas made or proposes to make in how it will implement any authority or approval granted by the Court and 5 U bow the government proposes to dispose of or treat information obtained as a result of the misstatement or omission U Rule 13 b Disclosure of Non -Compliance Ifthe government discovers that any authority or approval granted by the Court bas been implemented in a manner that did not comply with tbe Court's authorization or approval or with applicable law the government must immediately in writing Ulform the Judge to whom the submission was made of 1 U the non-compliance 2 U tbe facts and circumstances relevant to the non-compliance 3 U modifications the government bas made or proposes to make in how it will implement any authority or approval granted by the Court and 4 U how the government proposes to dispose of or treat information obtained as a result of the non-compliance U Identifying and Reporting Incidents of Non- Compliance U Identifying incidents of non-compliance U q 'OU01 NSA typically discovers incidents of non-compliance with the BR Order during its operation of the BR FISA program Because of the program' s sensitivity suspected anomalies are reported out of an abundance of caution Training a pillar of the compliance framework provides a heightened sense of awareness for personnel to identify potential violations of the BR Order A second pillar monitoring and assessment includes manual and technical controls to detect abnormalities A weekly BMD meeting attended by BR FISA program stakeholders provides a forum for addressing potential problems U f'OUO When a possible incident is discovered it is communicated to the BR FISA Authority Lead OGC ODOC SV and if appropriate TV and S2 BR FISA program stakeholders meet to discuss the facts and determine with OGC's concurrence whether a potential violation of the Order bas occurred If OGC believes an incident has or may have occurred even if all tbe facts have not been TOP SE CRBTHSI NOFOR ' 57 DOCID 4273474 TOP S'gCRETh'SI I OF OR N ST-14-0002 gathered preliminary notification to DoJ NSD is made shortly after notice to the DIRNSA other NSA leadership BR FISA program stakeholders and OIG Upon receiving initial notification from OGC DoJ NSD starts drafting a preliminary notification to the Court U F0007 Once the facts have been gathered and OGC has made an initial determination that a violation of the BR Order has occurred OGC finalizes a notification ofnon-compliance and forwards it to DoJ NSD which makes the final determination as to whether there has been an incident of non- compliance that must be reported to the FISC IfDoJ NSD determines that an incident has occurred it prepares a draft notification to the Court coordinates the notification with NSA finalizes the draft and files the notification with the Court U f'OUO DoJ NSD often files a preliminary notification with the Court and if needed will follow up later with additional notifications In some cases the preliminary notification of an incident serves as the fmal notice More than one notice to the Court to address an incident is typically required when at the time of the preliminary notification o U F OUO NSA does not have all the facts the Court needs to fully understand or address the incident or o U f'OUO Remedial follow-on action may be needed U i 'OUO For the four incidents ofnon-compliance first reported to the Court in 2013 two required additional information therefore final notices were filed separately One of the incidents included a notice of material misstatement because NSA had previously fi led a declaration to the Court that contained inaccurate information U Congressional notifications U FOUO In addition to the requirement to notify the FISC DIRNSA has a statutory obligation to keep the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence fully and currently informed of all significant intelligence activities 42 NSA resolves doubts about notification in favor of notification In addition to notifying Congress and the Director ofNational Intelligence DNl DIRNSA must notify the Undersecretary of Defense for Intelligence USD l and other USD I staff as USD I guidance directs For all BR FISA incidents of non- compliance reported by Congressional notifications to the intelligence committees NSA also notifies the Senate and House Committees on the Judiciary U f'OUO NSA's Legislative Affairs Office LAO manages NSA 's liaison with the Congress and DNI DoD the IC and other U S government departments and agencies regarding matters of concern to the Congress LAO is NSA' s focal point for 42 U See 50 U S C 3091 as implemented by Intel ligence Community Directive 112 Congressional Notification 16 November 2011 TOP SBCRBTHSI NOFORN 58 DOCID 4273474 'fOP SECRE'fHSI NOFORN ST -14-0002 Congressional inquiries correspondence questions for the record and RFis directed to NSA U FOUO NSA Policy 1-33 Relations with the Congress 22 July 2005 provides guidelines for identifying matters that OGC and LAO must consider reporting to the Congressional intelligence committees under 50 U S C 3091 and 3092 The guidelines do not constitute a comprehensive list of what must be reported Compliance incidents are assessed under a general guideline to consider for reporting matters that the intelligence committees have expressed a continuing interest in or which otherwise qualify as significant intelligence activities or failures UHFOU01 NSA works to keep Congressional intelligence committees fully and currently informed about the Agency's activities more than what is required under the guidelines outlined in NSA CSS Policy 1-33 U ffOUO OGC's analysis ofthe incidents ofnon-compliance that occurred in the BR FISA program in 2013 resulted in three of the four incidents reported as Congressional notifications U 2013 Incidents of Non-Compliance U FOUO In 2013 NSA reported four incidents of non-compliance to the Court The following are NSA's reports oftbe incidents and the actions NSA took to mitigate recurrence T S H Stilh tilJN o t ic e o f C o mup li an c e I -9 enrut J - r -- b 3 P L 86-36 I 1 - - - - --- - - I PSJS'ShS'NF la fNSA l st conducted a que1y of the BR metadata with a RAS approved US person selection term the US erson is current sub eel to Court -authorized electronic surveillance ' ' ' 1 j - - T e - q-t te-ry - y ie e _ n_e_ w_ i e-n t ijz ers_ e ie-ve_d '6 1f ' z ii sed bjFthe s afffrrU S piirson as rh'e selection--term The analyst then sent thoseD b 3 -P L 86 36 --U S perso'fl identifiers fo r fi trther tasking to an e-mail alias that included NSA persoiirie - who hgd not completectiher quired BR m e tarjqta training to receive que1y results containing U S per son JI1 ormation The analyst also enleh zi thec Jdentiflers into certain analytic and tasking toohr-to w h tq_ NSA personnel without the required BR metadata training have access TS S'ShS'NF The same day the analyst 's NSA supervisor realiz d thclt lhe 0 U S person identifiers had been shared within NSA with analysts who had not received the training required to receive them The supervisor took steps to immediately detask the identifiers delete them from the analytic tools and recall the e-mail message processes which had been successfully completed on or about March 22 2013 The analytic and tasking tools had returned no collection or results and afollow-up e-mail was sent to all addresses on the e-mail alias instructing that anyone without the required training should destroy all copies of the original e-mail sent to the alias notification was required for this TOP SBCRETJ SI OFORN 59 DOCID 4273474 TOP SECRET Sf NOf OftN ST-14-0002 I - - o -- b 1 b 3 -P L 86-36 o o o u TS SIHUf Controls put in place to mitigate recurrence The BR Order requires that results of queries ofBR metadata may be shared among NSA analysts for intelligence analysis before minimization subject to the requirement that all NSA personnel who receive query results in any form first receive appropriate and adequate training and guidance regarding the procedures and restrictions for handling and disseminating such information Analysts who run queries and obtain results on BR metadata receive annual OVSC 1205 training regarding the rules and restrictions on sharing BR metadata query results Before analysts share BR-detived query results containing USP information they must confrrm that the recipient has the credential to receive BR metadata information Analysts are reminded to vet_-i_f Y s pie nC s credentials To help mitigate recurrence the analyst's supervisor reiterated to the analyst the requirements for sharing BR metadata query results and the portions of the OVCS1205 training related to sharing I I fT8f Sb' Hf Notice-o f Gompliance-lncidend b 3 ' P L 86 f -----------------' T$ J J 'P NSA technical personnel discovered that NSA '5 t1 - had inadvertently retained files containing call detail records that were more than five b J p L-86 36 ears o d Sper Jf c_ally these call detail records which had been produced pursuant to the Court's Primmji 'Odlers I I These call detail r ecm ds _were among those used in connection with a migration ofcall detail records to a new sysie1n l See Declaration Docket Number BR Jl-57 at 13 n 8 describing migration o frecords to a replacement system The call Ctetqil records could be accessed or used by only technical personnel who had received app1 0p r ate and adequate training to access call del ail records I I ToW8 hWFJ I NSA technical personnel destroyed the call detail records used in the migration of records that had been inadvertently retained past the retention limit offive years As a result of the destruction NSA is unable to provide an estimate regarding the volume of data destroyed For recovery back-up purposes NSA has retained those call detail records used in the migration ofrecords that did not exceed the retention limit and will use those records in accordance with the requirements of the Court's Prima1y Orders TS Sl HF On 7 May 2013 NSA submitted a Congressional notification ofthe compliance incident to the House Permanent Select Committee on Intelligence the Senate Select Committee on Intelligence and the House and Senate Committees on the Judiciary Copies were also provided to Congressional affairs offices at the ODN1 USD I and Dol On 7 May 2013 the NSA OIG notified the ATSD IO of the incident and Congressional notification 'b 3 -P l 86-36 TSHSI iNT' Controls put in place to mitigate recurrence In response to this _ ipcident technical personnel developed a script that searches for ingest and backup file s inl servers containing BR metadata older than four years 11 months Before the preservation order if such files were identified the script would send automated reminders weekly for three weeks and then daily until the files had been I TOP SBC RETHS I rOFORl'l 60 DOCID 4273474 'fOP S CRE'f 91 N OP ORN ST -14-0002 manually deleted 43 No files matching the criteria have been identified since the il l3 Pi 6 3s $ C t Ip_rwas developed Before the preservation order thel Idatabase which - ingest s files from lhel I servers automatically deleted files before they r acbed the fiye-year mark NSA maintains location resttictions for machjnes and directories that hold BR-m _t data files TSHSIHNF Notice of Comp liance I - idents '-------------------------------------------- FS S%WNf9 r l j ni n ar-y NSA informed the - NSD 's Office ofIntelligence OJ that in the course ofreviewing its formal reporting to 6 1 - ' he F SC it hadjrf e t fi ff t f B l f a cl__q q_p Z ' t nt i ing CJ_ S p rso information that b 3 P _ 86-36 zt had notre orted m th1r -da re orts to t71e Court These dissemmatzons l I For each BR metadata product an authorized official made the required CT determination prior to d4_semination NSA and OJ continue to investigate the facts and circumstances con cern ing this matter and the DoJ will provide a thorough explanation of this matter to the Cow i b 3 -P L 86-36 -l T 8' S' '81 S 'i' W J F i n a l _ _ _ _ _ _ f'- na n o tice oJ 9 omplianc Incidents I I af fi led with the Court The notice -- -- -- ---r-- -- indicated that the 4 1JJ inati ons in total- were not included in the thirly-day ' ' ' ''' - rrrpo ns beciiziS7Lciuhe time the incidents occurred l I NSA relied on a b 1t ' single individual to keep reports ofdisseminations that occurred during each reporting b 3 -P L 86-36 'jje'fiod andJQ provide information about those disseminations for inclusion in the thirtyday reports inciaiii mently t b disseminations described above were not recorded and as result information about them w iS not-inclu d q in the thirtv-dav reports Currently as discussed in a notice in this matter filed wilh the Courd I NSA 's Information Sharing Services ISS office maintains records of the CT determinations for each disseminated BR metada ta product containing U S person information NSA 's ISS now also verifies the accuracy of statements regarding disseminations that are included in each thirty day report by confirming that its records reflect the number of disseminations described in each report TSf SM W Along with the final notice a supplemental report to the Court provided additional details and NSA 's attestation that before dissemination the USP information was determined to be related to CT information and necessary to understand the CT information or to assess its importance TS - SI Hf On 20 September 2013 NSA subwtted a Congressional notification of the compliance incident to the House Permanent Select Committee on Intelligence the Senate Select Committee on Intelligence and the House and Senate Committees on the Judiciary Copies were also provided to the Congressional affairs offices at ODN1 USD I and Dol On 12 September 2013 the NSA OIG notified the ATSD IO about the incident and pending Congressional notification 43 U ffeY On 21 March 2014 the U S District Court for U1e Northern District of California issued a preservation order against the destruction ofBR metadata TOP SECifB'f SI NOf OltN 61 DOCID 4273474 'fOP SECKE'f Sf NOPORN ST-14-0002 TSI Slh' W Controls put in place to mitigate recurrence In response to this incid _ut l I NSA issued the BR FISA Reporting Process SOP that documents external reporting requirements and organizational responsibilities and defin es a standardized repeatable process for tbe creation coordination and release of mandatory FISC reports for the BR FISA program The SOP states that as b _ 3J P L 86-a6 part o f incide n L r mediation the BR program committed to refine the manual report process and create a softW'ate -rool j to help automate accounting ofBR EJ SA disseminations I o o o I U FOUbj NSA's corporate dissemination tracking tool was implemented in December 2013 Before this disseminations were tracked manually Since then all disseminated reports detived fi om BR metatada have been tracked in 1 I ' om roo Preliminary I t----- --- 1 NSA recei v Ji ' ' lcalT'deiail records for t esttifi vurvoses -1 o l'a San1i j 'b 1 b 3 -P b 8 - 6 I I I NSA notified the NSD 's OJ th a l -Cl o -- o i if - Wf'l A delered frill lcal detailrecords I I Prior to its destJ uctiO'n the I I was stored at all times on servers b -50 USC 024 i accessible only to technical personnel and was not available for intelligence analysis NSA and Of continue to investigate the facts and circumstances concerning this matter andJhe DoJ will provide a thorough explanation ofthe matter to the Court upon compl'etiO JJ of the investigation b 3 P L '- 86-36 17' m FioaH - I znal_flf ti C Qj Comp lia nae fncident l fwa_ j Jed'Wi fffllie C ii f L NSA identified tn the samJJle I 1--- L ---- L -----------------L---- '''' ''''''''' ' ' 1------rl 1Ca 71 d - e-t a- i1 -'reco rd's l b 1 b 3 -P L 86-36 t ' ' b 3 -P L 8E TS SI GBP W On 17 December 2013 NSA submitted a Congressional notification of the compliance incident to the House Permanent Select Committee on Intelligence Senate Select Committee on Intelligence and the House and Senate Committees on the Judiciary Copies were also provided to the Congressional affairs offices at the ODNI and USD I On 2 December 2013 the NSA OIG notified the ATSD IO of the incident and pending Congressional notification TOP SECR e'fh'SIHNOift ltN 62 DOCID 4273474 TOP SECRETf Sf NOFORN ST -14-0002 'fS SliYNfi' Controls put in place to mitigate recurrence NSA filed a Notice of Material Misstatement because in a previous declaration to the Court NSA stated that it bad e p S LJ9 X J c iye s amp1el j records l I and that N SA had notl'fi1ed tt1e l 10r testmg prov1'ders tbat lt d'd 1 not want ' ' ' '' ''' b 1 I I b l R CS I inform tion NSAwas nor rb leto verify As b 3 -50'l J c 3 f 1 i n illlplementmg control NSA modrfied the way 1t performs the VoA on the d eclar a ion to the Court so that all organizations associated with the BR FISA p o gr paltiC ip tte in the VoA process and review the entire document The BR HS A Autlio rity Ldtd jpit ated quarterly meetings with stakeholders to compare the pre i'ou flnal B i tOr d lth th e J W declaration to identify changes and ensure that the new dec ration is review_ d fO'r iccuracy Since the incident NSA has not received sauipiel recorasl I I dis s s-e d J iAs t t th - ' -- TS Sl Uf As in the Sampling section l feed daily and weekly to verify that it does not contain CSLI data The PIAsr------ identified no CSLI data since thel feed became operati oiiru lL _ __ I U fOOO The four incidents of non-compliance were inc1uded in NSA's first third and fourth quarters 2013 Report to the intelligence Oversight Board on NSA Activities U f OUO For a list ofthe incidents ofnon-compliance from 2010 through 2012 see Appendix B U NSA Use of the BR FISA Authority U fOU t Although no formal process has been implemented to assess the effectiveness of the BR FISA authority NSA asserts that the authority has made valuable contributions to the CT intelligence mission and that it plays an important role for NSA intelligence analysts tasked with identifying potential ten orist threats to the U S homeland and U S interests abroad U Methods Used to Assess Effectiveness U NSA ' s BR FISA program was developed to assist the U S government in detecting communications between known or suspected terrorists operating outside the United States and others inside the United States as well as communications among operatives within the United States The 9 11 Commission identified that detecting and linking such communications as a critical intelligence gap i11 the aftermath of the attacks on 11 September 2001 TS Sl Hf Based on requests from the Senate Select Committee on Intelligence to determine the value of the program NSA and FBI personnel developed in February 2014 the BR FISA Bulk Metadata NSA FBI Process for FBI Feedback plan that describes NSA's responsibility to deliver to the FBI spreadsheets with BR information and the FBI's responsibility to summarize use for NSA The plan called for FBl'sl Ito categotize selection terms in the BR FISA b 1 report as follows b 3 -P L 86-36 'fOP S'ECRETHSI rOFORN 63 DOCID 4273474 TOP i CR-ETh'SI IN OFOR N ST-14-0002 o U i'FOUO Not ofinterest-selection term is technically flawed or the characteristics make it worthless for research o U lfOUO Known to the FBI-FBI is aware ofthe selection term independently o U F OUO Known to the FBI with additional information-FBI is aware of the selection term independently but NSA reporting provides amplifying information to aid FBI investigations o U 'FOUO Unknown to the FBI-the FBI was not aware of the selection term TSHSfh' W UnderJlle plan -1 b 1 '' ' would send BR-unique leads to FBI field offices - - b 3 P L 6-36 I U JPY0 U02 1 b 3 -P L 86-36 U JPY000 BR FISA program leadership recognizes that there is no process to track program effectiveness They agreed on the need to track effectiveness but were unable to determine how to do so Feedback is difficult to obtain One former BR FISA program leader asked How do you assess the effectiveness of an authority when we don't get feedback from the customer Tgf gl W Another limitation on NSA 's abilit to determine the effectiveness of the BR FISA program '6 1 b 3 -P L 86 36' TOP SECRBTHSI I t rOFOR t r 64 DOCID 4273474 TOP SEiCRETI Sf fNOFORN ST -14-0002 U Table 25 Selection Terms in Approved Status as of 31 December 2013 by Target Office of Primary Interest b 1 b 3 -P L 86-3 Ti iL' tJF 6 ' 3FP L s 3 - --- - U rOU011 - - I INSA tmplemented the BR FISA Bulk Metadata Monthly Internal Report for SID The report includes o o o U fOUOJ Number of approved RAS selection terms o U f OUO Number ofqueties o U f OUO BMD volume and o U IFOUO Number of personnel by organjzation and work role with program access approved to disseminate USP information and approved as HMCs U Contributions from BR FISA Authority that Support the CT Intelligence Mission U 2013 highlights ffSHSIHHF NSA does not assert that information from the BR FISA program does by itself identify or thwart plots Instead information obtained through the program plays a complementary role within a larger body of intelligence and CT investigations It is impot1ant to note that BR metadata may sometimes be the single source of intelligence However typically acquisition and analysis of BR met adata are designed to fill gaps in information gathered under other collection authorities By helping close those gaps NSA personnel report that BR data contributes to comprehensive efforts to identify and address threats to the homeland The following are highlights from the BR FISA program in 2013 o TSh'SII -tW I I I -I oo 7 TOP SECRETh'SI NOFORN 65 b 1 b 3 -P L 86-36 b 3 -18 usc 798 b 3 -50 usc 3024 i DOCID 4273474 TOP SECRGBPT ISI INOFORN ST-14-0002 - - - o TSh'SI lW I 'b 1 - b 3 P L 86- - b JJ -18 usc 798 b 3 -50 usc 3024 if U On 2 J June 2013 in response to a request from the House Permanent Select Committee on Intelligence after unauthorized public disclosures NSA provided to that committee and the Senate Select Committee on Intelligence the House and Senate Committees on the Judiciary and tbe Defense subcommittees of the House and Senate Appropriations Committees a list of 54 events in which the BR FISA or FAA 702 authorities or both contributed to the production of SIGINT and to the IC' s understanding of terrorism activities U Analyst Use of the Authority U FOUO NSA senior management believe that the BR FISA program is important to intelligence analysts tasked with identifying potential tetTorist threats to the U S homeland primarily in support of the FBI by enhancing their ability to detect prioritize and track terrorist operatives and their support networks in the United States and abroad By querying BR metadata intelligence analysts are said to o U JPY0UO Detect domestic and foreign selection terms in contact with domestic and foreign selection terms associated with foreign terrorist organizations 3 -P L 86-36 'fOP S ECRE'fh'Sff i'IOFORN 66 DOCID 4273474 'fOP S CRE'fh'SI N Of Oft N ST -14-0002 o UJ q QUOj Discover selection terms with which the foreign and domestic selection terms associated with foreign tetTorist organizations are in contact and o U fFOUO Detect possible terrorist-related communjcations between communicants inside the United States U Identifying threats U IFOU01 NSA has many sources ofinformation that provide indications of potential terrorist activity against the United States and its interests abroad The best analysis typically occurs when analysts evaluate information obtained from all those sources to dissemjnate to the FBI and the IC as complete a picture as possible of potential terrorist threats Although BR metadata is not the sole source of information available to NSA CT personnel it is a component of the information that analysts rely on to execute threat identification and characterization BR metadata can add to the IC's and law enforcement community's understanding and evaluation ofthreat information and the need to take investigative action U Agility U BMD NSA personnel assert enables the Agency to quickly analyze communications and contact chains Unless the data is aggregated it may not be feasible to detect communication chains that cross communication networks and authotities The ability to query accumulated metadata from multiple authotities significantly increases NSA 's ability to rapidly detect persons who are affiliated with foreign terrorist organizations and might otherwise go undetected U Hops U FOUO When NSA performs a contact -chainjng query on a terrorist-associated selection term analysts are able to detect not only the direct contacts made by that first tier of contacts but also the additional tiers of contacts out to the maximum number ofpermjtted hops from the seed selection term I b 3 -P L 86-36 provides a more complete picture of those who associate with terrorists or are engaged in teJTorist activities The ability to look at a network beyond the fi rst hop enables analysts to potentially identify the core of a network focusing and prioritizing resources efficiently against threats U Historical data TSf 81 HFj Another advantage that SID leadership ascribes to the BR FISA program is that the BR metadata is historical I 1 jhistg_r cal connecti ns_ are critical to ndersta d g newly tdenuhed targets and metadata may__contam hnks that are umque pomt1J 1g to potential targets ofinterest that may otherwise 'be mi sed I TOP SE CRBTHSI t OFOR ' 67 b 1 b 3 -P L 86-36 DOCID 4273474 'fOP SECRE'f 181 INOFOR N ST-14-0002 U Tradecraft U If OUOJ Analysts report that BR metadata analysis enriches their understanding of the communications tradecraft ofterrorist o eratives who rna be conduct attacks aoainst the United States _ t---------- --------------------' - - b 3 -P L 86-36 U Complementary U iq OUO The BR FISA program SID leadership asserts complements information that NSA collects by other means increasing the value to the Agency and linking possible terrorist-related telephone communications between communicants based solely inside the United States As a complementary tool to other intelligence authorities the NSA's access to BR metadata increases the likelihood of detecting terrorist cell contacts within the United States The BR FISA program provides NSA the information necessary to perform call chaining that can enable analysts to obtain a much broader understanding of the target and as a result allow NSA to provide to the FBI and the IC a more complete picture of possible terrorist-related activity inside the United States - b 3 -P L 86-36 U Prioritizing U f'OU0 1 The BR FISA program assists with applying limited a lytic and linguistic resources available to the CT mission I lhave the highest probability of connection to terrorist targets Analysis of BR metadata can help analysts prioritize communications of non- USPs that it acquires under other authorities because such persons are of heightened interest if they are in a communication network with persons in the United States U f'OUO SID leadership asserts that without the ability to obtain and analyze BR metadat a NSA would lose a tool for detecting communication chains that link to selection terms associated with known and suspected terrorist operatives which can '3 t- 6 -36 1ead to Jh i- tification of previously unknown persons of interest The BR FISA _ - pr gram allows efficientd I potential terrorist activities Any other means that might be used to conduct si'milat aualyses would require multiple time-consuming steps that would frustrate rapid anaiysis in e Jerging situations and could fail to capture some information available througii' BR t P etadata If BR metadata is not aooreoated and retained for a time NSA could not d eiect I I U Fotmer DIRNSA General Alexander testified to the Senate Committee on the Judiciary in December 2013 U Measuring the value ofthe BR FfSA authority by the number of plots exposed to date misses the point and presents us with a false choice The BR FISA authority is similar to an insurance policy designed to make sure that the gap exposed after 9 11 doesn't happen again with perhaps even more catastrophic consequences As with an insurance 'fOP S ECR-E'fh'Sif i'IOFOR ' 68 DOCID 4273474 ST -14-0002 policy on your bouse you don't determine its value by asking bow many times you've collected on the policy to date-you want to have it for the possible fire or flood or theft in the future Combined with the limitations on the program the potential benefit in allowing us to uncover the bidden terrorist in tbe U S still provides a unique value consistent with the protection ofprivacy rights TOP SECRE'fh'81 NOf OltN 69 DOCID 4273474 'fOP SECKE'f Sf NOPORN ST-14-0002 Ill U FAA 702 U Background U The FAA 702 certifications S W Section 702 ofFAA Procedures for Targeting Certain Persons Outside the United States other than United States Persons states that the Attorney General and the DNI may jointly authorize for the period of up to one year the targeting of persons who are not USPs and who are reasonably believed to be located outside the United States to acquire foreign intelligence information This authotity is granted on the basis of annual certifications made by the Attorney General and the DNI to the FIS -1 certifications identify categories offoreign intelligence information sought through this acquisition - f H1 ti 3 -P L 8 36 ' b 3 -50 usc 3024 if 8 W The NSA targeting and minimization procedures establish the processes that the Agency must follow and the requirements that it must satisfy to comply with the limits the statute and the Constitution impose on the use ofthis surveillance The targeting procedures must be reasonably designed to limit acquisition under the 1 IFAA 702 certifications to non- USPs reasonably believed to be located outside the United States to acquire foreign intelligence information and to prevent intentional acquisition of communications in which the sender and all intended recipients are known at the time of acquisition to be in the United States 45 The purpose ofthe minimization procedures is to establish controls over the acquisition retention and dissemination of non- publicly available USP information U FOUO In addition to targeting and minimization procedures FAA 702 requires the Attorney General in consultation with the DNl to adopt guidelines to ensure compliance with the limitations in the Act on acquisition of communications These are documented in Guidelines for the Acquisition of Foreign Intelligence Information Pursuant to the Foreign Intelligence Surveillance Act of 1978 Approved by the Attorney General in 2008 the guidelines reinforce the targeting procedures establish U Acquisition is the collection by NSA or the FBI through electronic means of non-public communications to which they are not intended parties 45 TOP SECRE'fh'SI NOFOltN 70 DOCID 4273474 'fOP S CRE'f 91 NOPORN ST -14-0002 requirements for application ofthe targeting procedures and establish requirements for obtaining court orders U fFOUO The government's FAA 702 certifications targeting procedures and minimization procedures but not the Attorney General Guidelines require FISC approval The FAA 702 certifications are accompanied by affidavits from the heads of elements of the IC such as the DIRNSA that describe the Agency's basis for assessing that acquisition will be consistent with statutory authorization and limits U Methodology and Scope U fOUO Our review of the FAA 702 control fiamework incidents of noncompliance and NSA's use ofthe authority to support its mission was based largely on FAA 702 stakeholder interviews and reviews of policies procedures and other program documentation The OIG's Special Study Assessment ofManagement Controls Over FAA 702 revised and reissued 29 March 2013 was also used as a resource That study examined the controls designed to ensure compliance with FAA 702 and the targeting and minimization procedures associated with the 2011 certifications Given the time constraints for the current review and the agreement with staff of the Senate Committee on the Judiciary we did not vetify through testing that all controls were operating as desctibed by FAA 702 program stakeholders 46 U A OUO Our review focused on the processes and controls in place in 2013 Two documents filed annually with each FAA 702 certification delineate NSA's procedures for complying with the FISA Amendments Act of2008 o U A OUO Procedures Used by the National Security Agency for Targeting Non- United States Persons Reasonably Believed to be Located Outside the United States to Acquire Foreign Intelligence Information Pursuant to Section 702 of the Foreign Intelligence Surveillance Act of 1978 as Amended FAA 702 Targeting Procedures and o U Minimization Procedures Used by the National Security Agency in Connection with Acquisitions ofForeign intelligence Information Pursuant to Section 702 of the Foreign Intelligence Surveillance Act of 1978 as Amended the FAA 702 Minjmization Procedures U FOUQ1 For calendar year 2013 the petiod under review different versions of these documents were in effect because of changes made at the annual certification renewal and special amendments to the procedures o U Targeting Procedures o 87' 'tff Procedures approved with the 2012 renewal oftbe authority effective 24 September 2012 through 10 September 2013 46 U I H U07 The NSA OIG has conducted several audits and special studies on the effectiveness of certain FAA 702 program controls 'fOP CRE'f SI NOFOR ' 71 DOCID 4273474 TOP SECRETf Sf NOFORN ST-14-0002 o o Sh'HF These procedures were not changed for the 2013 certification renewal and remained effective 10 September 2013 through 28 August 2014 U Minimization Procedures g - - o f84 Procedures approved for the 2012 certification renewal approved by the FISC 24 August 2012 were effective 24 'b Hf - - PJ mb L20 12 tbrough 23 September2013 1 I b 3 -P L 8 -36 b 3 -50 usc 3024 i U FOUO An amended version oftbe 2013 minimization procedures approved 13 November 2013 added special procedures for assessing - NSA s ahHliy t o use collection received when NSA'-sl Posttasking checks were not functioning properly and procedures for handling data collected during a period in 2013 when these checks were not performing as intended o I U We also examined implementing procedures and controls for the Attorney General's targeting guidelines U FAA 702 Program Control Framework U iFOUO The FAA 702 control framework describes how NSA targets collects retains accesses queries disseminates and purges FAA 702 data and the oversight mechanisms to comply with FAA 702 certifications including FISC-approved targeting and minimization procedures This section summarizes the provisions of the targeting and minimization procedures and the controls implemented for each phase of the FAA 702 production cycle U Targeting U Provisions of FAA 702 certifications S 4W The FAA 702 targeting procedures set forth the measures that NSA uses to determine whether a prospective target is eligibl e for targeting under this authority Each prospective target must meet three criteria The individual must be a non- USP reasonably believed to be located outside the United States who possesses or is likely 47 U A target is a person or entity against which intelligence operations are conducted Foreign intelligence is obtained by tasking U1e target's selectors e g e-mail addresses to acquire information pursuant to one ofNSA 's authorities TOP SE CRETh'SI IHOFOR 72 DOCID 4273474 TOP SEiCRGBPT SI INOFOR N ST -14-0002 to communicate foreign intelligence information consistent with on _g f the D FAA 702 certifications 48 - - W W The targeting procedures t ate thar wh NSA proposes to direct surveillance at a prospective target1jt does only after it has learned something about the prospectiv targec O tihe facilities the individual uses to communicate For example NSA pe rsonnel may examine lead information obtained from a non-NSA element - - - such as tips fi om the CIA o-r FBt I so b t Y 1 19 b l -P L 86-36 b 3 -5o sc 3024 if S W NSA personnel must also assess whether the prospective target possesses or is likely to communicate foreign intelligence information concerning a foreign power a d her the proposed target is appropriate under one of the _ jFAA 702 certtficatwns --- I b 3 -P L 86-36 U Targeting process overview U f'OU0 1 To initiate targeting under FAA 702 authority NSA personnel must research the prospective target to determine whether it meets the requirements of this authotity and to identify selectors that will yield communications from the prospective target 50 Mission analysts operate within an assigned mission team see '6 3FP L 86 36 - - - s__ nd Tra ng section d follow targeting guidanc_e established by SID Analysts and P to du t19 on--tbe basts of t4 f A A 702 Targetmg Procedures to - com Jete the anal sis t - i i i dt - r a The TR documents information supporting the targeting decision and L J-s-su ec t_t o-a t least two levels ofreview before targeting Additional revi ews may be performed by the SID Data Acquisition S3 office of Targeting Strategy and Mission Integration TSMI and SV U -FOUO Mission analysts are responsible for the initial research and identification of potential targets within their organization's assigned missions Analysts must complete a training regimen involving general courses on legal authorities and annual courses on FAA 702 procedures to be eligible to submit TRs under this authority and access and handle FAA 702 data see the Access and Training section U Provisions of FAA 702 certifications-eligibility for targeting Sh'HF Foreignness determination The targeting procedures require that NSA personnel examine as appropriate under the circumstances three categories of information to determine whether the intended target is a non-USP reasonably believed to be outside the United States the foreignness determination The 48 U FAA does not define the term reasonable belief but the Act requires that NSA adopt targeting procedures to ensure that FAA 702 acquisition is limited to targets reasonably believed to be outside the United States 49 U Facilities are communication vehicles used by targets including telephone numbers and e-mail addresses NSA tasks these tacilities or selectors to obtain foreign intelligence from approved targets 50 U Selectors are unique identifiers of targets entities against which intelligence operations are conducted such as telephone numbers and e-mail addresses used for tasking initiating SJGINT collection tor the target's selectors TOP SECRETh'SI I t OFORK 73 DOCID 4273474 TOP SEiCRGBPT ISI INOFORN ST-14-0002 determination is based on the totality of information available about the prospective target's location and status as a USP and may be obtained from any one or a combination ofthese sources E W I - -- a ------ ------------' 6 f 1t b 3' P L 6-36 -- ' - - ---- --------------- 1 - -r - 1 _ o _ l _S _ 'fq r _ --' l i - - - - - - - - - - - - - - - - - - - ' 1 1 - Sh # l L-1_ _ _ _ U FOU01 Foreign intelligence purpose for targeting In addition to the foreignness determination NSA personnel must assess whether the prospective target possesses is expected to receive and or is likely to communicate foreign intelligence pursuant to one ofthe FAA 702 certifications 51 Each certification identifies categories offoreign intelligence see Background at the beginning ofFAA 702 section and specifies activities for which foreign intelligence collection is approved S W Targeting must also comply with the Attorney General's Guidelines for the Acquisition of Foreign Intelligence lnjbrmation Pursuant to the Foreign Intelligence Surveillance Act of I 978 which reiterates the five targeting activities prohibited by FAA 702 o U Intentionally targeting a person known at the time of acquisition to be in the United States o U Reverse targeting that is targeting a non- USP outside the United States for the purpose of targeting a particular known person reasonably believed to be in the United States o Sf NF Intentionally targeting a USP reasonably believed to be outside the United States o U Intentionally acquiring communications as to which the sender and all intended recipients are known at the time of acquisition to be in the United States and o U Targeting inconsistent with the Fourth Amendment to the Constitution of the United States 51 U Foreign intelligence in formation is defined in FISA as 1 information that relates to and if concerning a USP is necessary to the ability ofthe United States to protect against- A actual or potential attack or other grave hostile acts of a foreign power or an agent of a foreign power B sabotage international terrorism or the international proliferation of weapons of mass destruction by a foreign power or an agent of a foreign power or C clandestine intelligence activities by an intelligence service or networ k of a foreign power or by an agent of a toreign power or 2 information with respect to a foreign power or foreign territory that relates to and if concerning a U S person is necessary to- A the national defense or the security ofthe United States or B the conduct of the foreign affairs of the United States TOP SBCRBTHSI I rOFORl'l 74 DOCID 4273474 'fOP SECRE'fh'SI fNOFORN ST -14-0002 U Ta rgeting control procedures S W Target research -foreignness o - o - r 'l P b 6_36 U IFOUO Target research-foreign intelligence determination NSA mission - analysts task targets that are aligned with the National Intelligence Priorities FranJ ework can be linked to one of the foreign intelligence purposes specified in the approp riate FAA 702 certification and generally are withln the analysts' assigned mission area s 3 1 I - b 3 -P L 86-36 U IfOUO Targeting request Once mission analysts com lete the research for the propg_ - 9 J r g_ t J4 e y musLde v elop and submit a TR Identified for an eligible target The TR documents t _e_a_n T'y -s t -s T e-te_rm _ t_n-at Io ns that the prospective targets meet the standards in the targeting procedures Once the TR has been reviewed and approved see Targeting Authorization the selector identified in the TR is used to initiate collection To complete a valid TR mission analysts must compile specific information to demonstrate that based on the totality of the circumstances determined from the research performed there is a reasonable belief that the proposed target is foreign not a USP and not within the Unjted States and is likely to produce foreign intelligence consistent with one of the FAA 702 certifications The TR must include U Raw data is data that has not been evaluated for foreign intelligence or processed to handle USP identities pursuant to the minimization procedures Metadata is dialing routing addressing or signaling information associated with a communication but does not include information concerning the substance of the communication 53 U The National Intelligence Priorities Framework translates national foreign intelligence objectives and priorities approved by the President into specific prioritization guidance for the IC It serves as guidance for U S foreign intelligence analysis and collection 52 'fOP SECifB'f SI NOFORN 75 DOCID 4273474 TOP SECRE'ff SI NOf OftN ST-14-0002 o L U Fouo l 1 rr -P L 86-36 W -OU-8 1 vr I U Sources supporting the determination of foreignness o I 54 U f'OU01 Mission analysts must create permanent documentation ofthe information sources used to establish foreignness Copies ofthe source information are saved in a restricted access SharePoint site SV maintains This repository facilitates approval of the TR as well as internal and external oversight U Qt JQ Th ee system supports targeting compliance as the mission analyst creates the TR The system requires - b 3 -P L 86-36 o SHSlt REL TO USA FVE Y Detailed information establishing the fordgnnes s ofthe selecto-r- 1 b f - 1 b 3 -P L 86-36 L -----------------' b 3 -50 usc 3024 i o U FOUOJ Target information including the TAR o U fOUQ1 Completion ofkey fields to document information about the prospective target e g authorized targeting purpose how the individual was determined to be outside the United States basis for expectation that targeting the individual will produce foreign intelligence and o U Identification of the appropriate FAA 702 certification U fFOVO ThQ system also b 3 -P L 86-36 o U Identifies conflicting data within the TR o U Captures references to supporting documentation o g t L TO USA FVGBPY o b 1 b '3J P L 86-36 I r I S t LR l L TO ugA P fEJPY 1 l 54 U Targeting Rationale is a brief justification for targeting a selector intended to explain the connection between the proposed target and a foreign intelligence purpose I f Ma b T SA f EJPY 1 _ I _ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - b 1 b 3 -P L 86-36 TOP 8BCRETHSI t OFORN 76 DOCID 4273474 TOP SECRE'f'h'Sf INOI OltN ST -14-0002 b 1 b 3 -P L 86-36 '_ n Jt --1 4_ --- ___ - _ ttiRfr --- b l P L 86-36 b f -s fus 3024 i 'o o I ------------------------------------------------ '' J ' L I'T' II T II n T T ' U l o o H I - LJ 'T f'o T TC' 'J '-' u r rr ' A l __ 7 - _ - L b ti l -P _L' 86-3 b 3 -So us_c 3024 i o - o - _ Tg fgl -H I I -- 1------------------------------------ ' 'fOP 8ECR-E'fHSI NOFOR t ' 77 DOCID 4273474 TOP SEiCRGBPT ISI INOFORN ST-14-0002 - oo b 1 b 3 P l 86-36 -- - - - -- 1 - Ho b 3 _-5o sc 3024 i o 1----------------------------- o I o o '3 -P L 86-36 U fFOU01 U fFOUO I I - I 1 I 1o -fb 1 SH W l IL -_ _ _ _ _ _ _ _____ 1 - - - -- _ b 3 -P L 86-36 T E h' Sh' P W I _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ____ _ I __ L - 'fgJ - '36 ' b 3 - 0 USC 3Q24 i r----- - J - I TSnI 'SIt1I 'REL TO us11 A pi'TGBP-u I o 1 1 o U Provisions of FAA 702 certifications-authorization to target U fFOUO Approval to task a prospective target's selectors requires that the TR entry for that tasking be reviewed to verify that it contains the necessary citations to source information that led the analyst to reasonably believe that the individual is a TOP SECRET 81 NOFORl' 78 DOCID 4273474 TOP SECRET SI NOFORN ST -14-0002 non- USP outside the United States and is linked to the appropriate FAA 702 certification U Targeting authorization-c ontrols U fOUO NSA has implemented a multi-level review process to approve a 11 proposed targeting U If'OU j Releaser review Submitted TRs are first reviewed by the mission releaser Normally the releaser is in the same organization as the mission analyst Releasers must complete the same training courses as mission analysts They examine the TRs for completeness and compliance with the FAA 702 Targeting Review Guidance developed and maintained by the Mission and Compliance staff part ofthe Directorate for Analysis and Production within NSA 's Signals fntelligence Directorate 58 U OUO Adjudication the final tpp roval of the TR known as adjudication is a critical control point in tasking - -selectors und er FAA 702 authotity and is performed by personnel designated as ' _ mis sion adj udicators TRs were initially subject to adjud-ication by SVbut- '-1- ---___ b 3 -P L- 8 o36 1 Ithe responsibility was moved to the mission groups within the SIGINT Analysis and Production organization where specially trained and experienced analysts usually fi om the same organization as the targeting analyst perform adjudication 59 Adjudicators must complete the same courses as other mission personnel as a prerequisite for access to FAA 702 data see the Access and Training section They must also complete a specific course on adjudication and receive on-the-job training in their mission office before they are permitted to adjudicate independently Adjudicators receive advice and updated information from the staff of the SIGINT Analysis and Production organization SV and OGC on developments affecting the application of the FAA 702 authority The majority of adjudicators have two or more years experience in adjudication Adjudicator performance is monitored by the Miss ion and Compliance staff in SID's Directorate for Analysis and Production CNREL TO USA FVEY Adjudicators review TRs for accuracy evaluate the evidence in the TR supporting the foreignness of the proposed target examine the TAR statement for tbe individual's foreign intelligence value and verify that the TR supports eligibility for targeting under the specified FAA 702 certification As part of their TR reviews adjudicators recreate the steps taken by the mission analyst to independently confirm that the supporting data is accurate and that the most current information available is used to support a reasonable belief that the prospective target U As part of the Operavous Sta lf for j'he S2 the staff jncludes teams who provide support and oversight of SID's use ofF AA 702 sue ICS203 U mdl I S203A7 ------- - - - _ _ _ _ _ _ _ _ _ _ _ _ ___ 58 59 ooo oo 11l' l b 3 -P L 86-36 'fOP SECRE'f SI NOFORP'I 79 DOCID 4273474 'fOP SECHT 1 'q OF OR N ST-14-0002 is foreign Following the same procedure as mission analysts diudicators l t '1f - I Ito determ 1ne whether there is supporting or contrary information regarding the foreignness of the individual Adjudicators must complete a series of checks manually or assisted by technology b 3 -P L 86-36 b JFP L- 86 36 U 1JPY9UO l ___ _ _ _ _ ___ l for an initial foreignness determination 60 TSh'SI REL TO USA FVEY Reviewing_the database of selectors o ___1_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _-----41 fil '1''f 1 b 3 -P L 86-36 o 1 hether there was information indicating that the individual was not foreign I U lfOU07 Accessing the SV4 SharePoint Site to determine whether there is information that would preclude the cun ent tasking request from being app_nwed l b 3 y G g6 3EL o ' -U1- f_O_U-rO- l -------------- rL _ _ _ - _ _ _ ___ ------------' -- - U OU01 If adjudicators are able to confi - thanhe prospec tiy J rget meets the FAA 702 requirements for tasking they approve the target's selector 'foi tasking D However if there is an error or required information is absent in the TR adjudicators must ensure that corrective action is taken before approving the TR 1 I TSHSI tJF In most instances if adjudicators identify updated foreignness information they substitute that information in the TR to ensure that the TR is current If adjudicators find an error such as inaccurate foreignness information insufficient evidence to support foreignness or an incomplete TAR statement adjudicators may deny the TR and return it to mission analysts for correction When the TR is corrected the TR goes back to the mission releaser and the mission adjudicator As part ofthe approval process adjudicators upload documentation of the sources su ortina the taraetina decision to the SharePoint site that SV maintains - - - I - - -- - o - - 80 'fOP SECifB'fh'SI NOFORN _ - DOCID 4273474 TOP SECRE'f'f Sf NOfi'OftN ST -14-0002 bj 1 - b 3 -P L 86-36 U FOUO' The targeting review process is summarized in Figure 8 U Figure 8 FAA 702 Targeting Review Process FAA 702 Targeting Rellie V I ' rNIO ' n o - l U t Qt o'lrf W1W dllc I'OIK 1 8JttfW'Id UtkJPY0i o ecod fDriaop d i CMft AAy U GBPtqlfii S 1 Wh - q J'fH lmrdloto aOIWQIIIKJ trO cmrf t o tl - 'l t - fl thtfl lrYtl hHe'tW'tiiM fl tRX WW I orG U VI llatkr IV Utoq atU' Sbflw iltttM J'leMdtC'J U Provisions of FAA 702 certifications-approval of TRs from other agencies U tr'OtJ07 The FAA 702 minimization procedures set forth processes NSA uses for the acquisition retention use and dissemination of information acquired under FAA 702 U if OUO In accordance with Section 6 c of the minimization procedures NSA provides the CIA and the FBI unminimized communications acquired pursuant to FAA 702 for targets nominated by the respective agencies and approved for tasking in accordance with NSA's tar etino rocedures --- - _-- -- -- --- Both the CIA and the FBI must handle unminimized communications received from NSA in accordance with their FISC-approved minimization proceq ure S 'ad pted by the Attorney General in consultation with the ODNI b 3 -P L 86-36 Irfi f'Tto o t aa nl'J l-r---------------- ----------------------------J I 1 l tJIL lh'ft O H H O H H b 3 -P L 86-36 'fOP SECifB'f SI NOFORN 81 DOCID 4273474 'fOP S CRE'f 91 N OP ORN ST-14-0002 U FOUO Controls over approval of CIA and FBI TRs Sh'REL TO USA FJPYEY The CIA and the FBI submit requests for tasking selectors of prospective targets to NSA which reviews the foreignness information and the foreignness justification for the prospective target and approves the selectors for tasking upon an assessment that there is a reasonable belief that the prospective target is a non-USP outside the United States and that collection will produce forei on intelli aence information oursuant to one of the aoorove d certifications I I f 1y b p -P L 86 36 o U FOUO Table 26 summarizes the targeting provisions oftbe FAA 702 targeting procedures and the controls NSA has implemented to maintain compliance U Table 26 Targeting Provisions and Controls l Ss' SIH NF Provision Control U Foreignness -Acquisition targets only non-USPs reasonably believed to be outside the United States U F6tffi' The TR documents the support for NSA's determination of the prospective target's foreign ness TG 6 1 REL TO USA F fEY The targeting systemc J enforces completion of required fields including foreignness information identifies conflicting data flags selectors ineligible for _ taskinol - I b 1 l and captures source I b 3 -P L 86-36 information supporting targeting U All TRs are subject to at least two levels of review prior to targeting Additional reviews may be performed by TSMI or SV Reviewers examine available information to validate accuracy of the foreignness determination and that conflicting information has been resolved 63 U An MCT is an Internet tnnsaction that contains more than one discrete communication within it If one of the communications within an MCT references a tasked selector and one end of the transaction is foreign the entire MCT transaction will be acquired tl1rough upstream Internet collection techniques Since this can include discrete communications that do not contain the tasked selector use of such information must meet specific requirements 'fOP 8 CRE'f SI I 'OFOR ' 82 b 3 -P L DOCID 4273474 TOP SECR-ETHSf NOPOftN ST -14-0002 lTC' IC' llr oJ 'r n'1 - --- _ '-' fl I I l TC' tlC' finr T b 3 P L 86 3S - b 3 -50 usc 3024 i - - -rn 1 I ' ' ' ' ' -- I I d S Sh' NF ' - NSA will maintain ' f St O'rds of'S lectors t 1 Jto support compliant tasKing New TRs will be compared with these records before targeting I NSA maintains these records in a database of oI I I This tool is used in target I research by analysts and interfac-es with t o identify ineligible selectors proposed for targeting The information generated is reviewed by the adjudicators and any conflicts sho_uld be resolved before the TRs are approved b 3 -P L 86 36 U Foreign Intelligence Purpose ofTargeting - NSA will assess whether the target possesses or is likely to communicate foreign intelligence pursuant to one of the approved certifications U fF6t le The TAR Statement documents why targeting is requested and indicates the tie to a foreign intelligence purpose specific to the FAA Certification under which targeting is requested This is subject to adjudication U NSA may provide unminimized communications acquired pursuant to FAA 702 to the CIA and FBI 9 IREL TO USA F'lfEY The CIA and FBI may nominate targets and selectors for acquisition subiect to NSA's tarqetinq 1 oo' b orocedures l b 3 -P L 86-36 JThe CIA ana t-t SI nave tnelr own mm1m1zat1on proceaures ror processing the unminimized data that they receive UI FOUO Tasking requests must be supported by citations to the information that led to the analyst's reasonable belief of the foreignness of the target Approval of the TR will include review of the citation U The adjudication review includes examination of the citations supporting the foreignness determination maintained in the SV SharePoint site T II Ihi F U Provisions of FAA 702 Certifications and other Guidance-PostTargeting Review S W In accordance with the targeting procedures set forth in each FAA 702 certification NSA analysts are required to conduct post-targeting reviews of all selectors tasked under FAA 702 authotity The targeting procedures state that Such analysis is designed to detect those occasions when a person who when targeted was reasonably believed to be located outside the United States has since entered the United States and will enable NSA to take steps to prevent the intentional acquisition of any communication as to which the sender and all intended recipients are known at the time of acquisition to be located in the United States or the intentional targeting of a person who is inside the United States TOP SEC R eTHSf NOFOlt 83 DOCID 4273474 TOP SECRETI SI INOFORN ST-14-0002 U Post-targeting Sh qf NSA has implemented four procedures to ensure that targeted persons continue to meet the criteria specified in the FAA 702 targeting procedures SHREL TO USA FVE1' Post-targeting controls-obligation to review NSA has implemented a process called Obligation to Review OtR that bas two provisions The first requires that upon tasking a selector the mission team that initiated tasking must review collection from that tasking within 5 business days ofthe receipt oftbe 'b 1 initial piece of traffic from FAA 702 collection An e-mail notification is sent to b 3J P b- 6-36 mission team members notifying them of the receipt and the 5 day review b 3 -5o_us c -3o2 i requirement The mission analyst must review a sample ofthe content ofthe -cp _lection to determine that oo o li The selector is being used by the intended target o U The o gef is- v lid under the requested FAA 702 certification and SHR EL TO US2 I rvitY L ----------------1 U FOUO Ifthe reviewing analyst determines that all three requirements have been satisfied thus making the tasking valid under FAA 702 authority no further action is required If any of the thT e re uirements is not satisfied the selector must be immediately detasked in the system removed from collection The selector 3 86 36 b -P L cannot be resubmitted for tasking until all requirements have been satisfied Detasking is discussed further in Monitoring Collection section - 3 -P l 86-36 U IFOUO The second provision of the OtR process requires the mission - office to conduct an ongoing review of at least a sample of the content from ongoing --- oUection to ensure that the target continues to meet the critetia for targeting under FAA 702 After the initial review has been com leted a sam le of collection is reviewed '-'-t J J l v vur o v 1 l J1 II Sh'f EL TO USA FVGBPY 1 ' I o b 1 TOP SECifB'fh'SI NOFOltN 84 b 3 -P l 86-36 DOCID 4273474 TOP SECRETHSI NOPOftN ST -14-0002 U FOUO Post-targeting controls-monitoring collection Mission analysts must monitor collection for indications that the target no longer meets the foreignness requirements is not associated with the tasked selector or is not linked to a valid foreign intelligence purpose tied to an FAA 702 certification If it is determined that the target or the selector is no longer appropriate for tasking under this authority NSA will have to take actions that might include detasking the selector reporting a compliance incident recalling intel1igence reports and purging collected communications U $ 0UO If c ti og indicates user of a tasked selector is an individuar wno is not the intended target and is not of foreign intelligence value or is 'i 'i p c 86-'36 or may b e - JSP or is in the United States the mission office must immediately and identify remove from co Hedio1i 'iHI selectors collection ineligible for retention Additional research may be performed before detasking if there is evidence that the information on the user's USP status or location is not correct Unless there is a strong reason to doubt this information from collection it is presumed valid and detasking should occur immediately If review of collection identifies communications in which the sender and all intended recipients are determined to have been within the United States at the time of collection domestic communications those communications must be destroyed with limited 64 except1ons U If analysis of the collection fmds that the selector is no longer used by the target the selector must be removed from tasking 65 U FOUO Attorney-client pti vileged communications are subject to special procedures designed to prevent privileged information fro m being used in prosecution Should review of collection identify communications between persons known to be under criminal indictment in the United States and their attorneys review of the communication must be discontinued and OGC notified for guidance on handling the communjcation 66 64 U FOUO If the domestic communication collected is not related to an incident see Incident Reporting DIRNSA may approve a destruction waiver to allow retention ofthe collection SffSIHREL m v l I U FOUO Monitori iii commu cations between a person known to be under criminal indictment in the iJtlited States and an attorney representing iJiiil indi vi dual in the matter under indictment must cease once the relationship has been identified The acquired communicatioil's mustJ e logged and NSD notified so that measures rnay be taken to protec1 such communications fi om review or use in crin-lln'iil proseY utions 66 TOP SBCRETh'SI NOFORN 85 - b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i DOCID 4273474 TOP SECRGBPT SI I t OFOR N ST-14-0002 U F0 007 If authorized collection incidentally acquires a foreign communication of or concerning a USP e g an FAA 702 target is communicating with a USP or about a USP the communication may in general only be retained if the USP information qualifies as foreign intelligence or the information is evidence of a ctime and is provided to appropriate federal law enforcement authorities Domestic communications including communications of a target who has entered the United States must in general be destroyed upon recognition unless DIRNSA or the Acting DIRNSA approves retention of the communication for one of the limited reasons listed in Section 5 ofNSA's FAA 702 minimization procedures b 3 -P L 86-36 U fOUO For intelligence collected from upstream Internet collectio Osubject to MCTs NSA mission analysts must identify and carefully review collection containing MCTs made available for analytic review While NSA automatically segregates certain MCTs and does not pass them to repositories accessible to analysts there may still be information in some MCTs that is not eligible for retention If a discrete communication within an MCT is not to fi om or about a tasked selector but otherwise contains foreign intelligence information and the discrete communication is not to or from an identifiable USP or a person reasonably believed to be in the United States the MCT may be retained to the same degree that a discrete communication could be retained If any portion of the MCT contains a domestic communication the entire MCT must be purged unless there is no underlying compliance incident and DIRNSA approves a destruction waiver U For selectors removed fi om tasking all communications collected after the target no longer meets the requirements of FAA 702 must be identified for purging through incident reporting and the purge adjudication process see the Purge section TSf S f Uf Post-targetinp controls-detection of targets that may have - - r Jh e United StatesL lin addition to analyst review of b ' 'ff' -selector com ru ica ions NSA has implemeoted l b 3 PL 6 3o- for mdtcatiOns that the user of a tasked selector bas entered the Umted b u i S- _fu_ s_ o jmmediately detasks the roaming selector and send s a message tO' mi's sioi1 analysts notifying them that the selector has been detasked It is the analysts' responsibility to identify and detask additional selectors for the target and develop the information ecessary to produce an incident report Though NSA may not have had pri or notice oft4e target's intention to travel FAA 702 may not be used to target individuals in the Unjted States see the Incident Reporting section S REL TO USA FVEJPY 1 IL -------------- 'fOP 8ECRE'fi 81 NOFOR 86 b 3 -P L SE DOCID 4273474 TOP SECRBTHSI 1 - 0 FOR N ST -14-0002 - - b 1 b 3 -P L 86-36 b 3 -50 usc 3024 C' J n r T O'T'r T T ' I - -- c II - - b 1f b 3 -P L 86-36 U FOOO Post-targeting controls-periodic selector review As discussed 702l earlier NSA is required to regularly confirm that all selectors tasked under continue to meet targeting requirements In addition to these ongoing reviews defaults all FAA 702 targeting to a one year review To maintain acquisition for the target mission analysts must confirm that continued tasking ofthe selector is j expected to acquire foreign intelligence relevant to the FAA 702 certificatiop under b 3 -P L 86 _3 6 which the targeting was executed FA U ff' Oue Table 27 summarizes the post-targeting provisions ofthe FAA 702 targeting procedures and the controls implemented by NSA to maintain compliance U Table 27 Post-Targeting Provisions and Controls 91 91 NF II Provision 1r Control U 0 1 1 97 Post-targeting analysis is performed to detect when a person reasonably believed to be outside the United States when targeted has since entered the United States This will allow NSA to take steps designed to prevent acquisition of domestic communications or the targeting of a USP U Analysts are required to monitor collection to determine whether the target continues to meet targeting criteria including foreignness U Analysts receive obligation to review notices upon first receipt of collection for newly tasked Internet selectors and every thirty days commencing with the date of first collection after the last review The notice is repeated until collection has been reviewed U Annual reviews confirm that a target remains eligible for targeting and continues to be expected to produce foreign intelligence relevant to the FAA 702 certification under which it was approved SffSIIIREL T9 I JSA FVEY NSA will routinely compare tasked selectors with information collected from em l b o l leA J l 'l JPY 1 I 67 TS fSlh'REL TO USA FYE' I TOP SECRETh'SI NOFOR N 87 o 1 b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i DOCID 4273474 'f'Ofl SECim'f' 1 'lq OFOR ST-14-0002 b 'f ''' b 'J' P o L 86-36 b 3 -50 usc 3024 i - '' - o SifSimJF NSA will routinely compare selectors tasked lor detasking of the selector and purge of any non-compliant communications SNFtEL TO UOA F'o'EY See Table 26- second control - U Automatednotices ares e nUo missi on te amS P 9 11 f lr t r c iP t S SI Ir NSA will ' ofcollection for n ewly taske'd lntei'net' sele'clO'fs a'nd every tfilrty' for in 'li cations that a foreign target has entered or days commencing with the date of fi rst collection after the last intends to enter the United review The notice is repeated until collection has been reviewed States I b 3 -P L 8E U If NSA determines that a target has entered the United States it will take the necessary steps to assess whether the incident represents non-compliance with the targeting procedures and report such occurrences to DoJ and ODNI and purge related communications from NSA databases as required U See the Incident Recognition and Reporting section U If NSA determines that a target has entered the United States and the target's selectors were not detasked before entry it is reported to DoJ and ODNI as an incident DoJ assesses which incidents represent non-compliance with the targeting procedures and reports such occurrences to the FISC NSA purges related communications from NSA databases as required In some cases DIRNSA may grant a destruction waiver so NSA can retain collection that is otherwise subject to purge U If NSA determines that a target who at the time of targeting was believed to be a non-USP is in fact a USP it will terminate collection without delay and report the incident to DoJ and ODNI and purge such collection from its databases U See the Incident Recognition and Reporting section U As soon as it becomes apparent that a communication is between a person who is known to be under criminal indictment in the United States and an attorney who represents that individual in the matter under indictment monitoring of that communication will cease and the communication will be identified as an attorney-client communication in a log maintained for that purpose U Annual FAA training requires that such communications be brought immediately to OGC's attention for further instruction OGC maintains e-mail records o $ uch _ b 3 -P L 8E DoJ nas ag'reed that the communications process used to quarantine these communications is a sufficient process for documenting the information I I S '81 JPJF U Incident Recognition and Reporting U Provisions of FAA 702 certifications- incident reporting U f'OUOJ The targeting procedures state that NSA will conduct ongoing oversight and report incidents ofnon-compliance to the NSA OIG and OGC and ensure that corrective actions are taken to address deficiencies Reporting is required for incidents of non- compliance that result in the intentional targeting of a person TOP SEC RETHS I i'IOFOR 88 DOCID 4273474 T l' SECimT Sf NOfi'OftN ST -14-0002 reasonably believed to be located in the United States the intentional targeting of a USP or the intentional acquisition of any communication in which the sender and all intended recipients are known at the time of acquisition to be located within the United States NSA must report these incidents within five business days oflearnjng about them The Agency must purge from its databases information acquired by intentionally targeting a USP or a person not reasonably believed to be outside the United States at the time oftargeting Ifpost-targeting analysis shows that the target is inside the United States or a USP acquisition must be terminated without delay Inadvertent acquisition of domestic communications is addressed in the minimjzation procedures see the Purge section NSA also reports incidents of non- compliance with the FAA 702 minimization procedures Some examples include incomplete minimization ofUSP information improper queries ofraw data and technical errors that affect systems controls over the data such as retention beyond the required destruction date U Incident reporting controls U fFOUO Training and management communications emphasize the fact that incidents can occur at any point in the collection targeting dissemination access and retention of SIGINT communications and stress the importance of immediate reporting of instances of non- compliance Individuals do not have to prove that the activity is noncompliant to report an incident SV works with the mission team that reports the matter to develop an incident report with complete and accurate information If the incident involves a system or a system's performance TV involves all appropriate subj ect matter experts including SI D SV TD and OGC to assess the situation and evaluate its effect on compliance under the authority OGC informs DoJ and ODNI of incidents that may indicate non-compliance with FAA 702 DoJ in coordination with ODNI makes the final determination whether an incident is reportable to the FISC U f'OUO The OIG receives internal incident reports from SV and TV Notices of non-compliance 13b notices that DoJ files with the FISC are made available to the OIG The OIG uses this information to develop the Intelligence Oversight Quarterly Report which is prepared with OGC and sent to the President's Intelligence Oversight Board through DoD The incidents and notices of non- compliance are also used as input to OIG inspections and intelligence oversight reviews U FOUO The annual FAA 702 training required of all individuals handling information obtained under this authority addresses incident recognition reporting and processing It defines two types ofreportable events incidents ofnoncompliance and changes in the target's status U JPY000 Reportable compliance incident An FAA 702 compliance incident occurs when NSA violates FAA 702 statutory requirements or targeting and minimization procedures or has made materially inaccurate representations to the FISC or has othe1wise not performed in a manner consistent with previous representations to the FISC For example ifNSA tasked a foreign intelligence target reasonably believed to be outside the United States at the time of tasking and later TOP E CR T 81 NOFORN 89 DOCID 4273474 TOP SECRET SI INOFOR N ST-14-0002 learned that the target planned to travel to the United States but did not detask the selector before the target's entry into the United States this would be reported as a compliance incident U A 'OUO Reportable compliance incidents may also result fi om actions taken by communication service providers For example provider error could cause distribution to NSA of communications for selectors not tasked under FAA 702 U fFOUOj Change in target status After tasking selectors associated with a target that meets all requirements ofthe targeting procedures NSA may identify information about the target that was not available when the targeting decision was made This information may show that the target is a USP or is located in the United States making the target ineligible for targeting These changes in target status though not incidents of non-compliance must be reported U fFOUQj Incident reporting and documentation SV has a significant role in reporting incidents of non- compliance with FAA 702 SV developed an operating procedure that addresses the multiple means of incident discovery and the actions SV personnel fo11ow for each There are three primary sources from which SV may identify incidents ''' ' b 3 -P L 86-36 o o o U FOUO Detask notifications -produced byOw'9 e i sion personnel remove selectors from collection A detargeting reas6n is associated with each notification some ofwhich may indicat _ atCincident e g the user of the tasked selector has been identified as a USP ___ _ _ _ _ ___ ltai ts that appear to have roamed into the U fOUO Communications of incidents reported by analysts query reviewers and others involved in processing or monitoring collection This may include errors by communication service providers Sh'Siffl U L 'fO USA F'fEY For each incident SV works with personnel familiar with the occurrence to create a permanent record including significant detail about the incident and its resolution for example the s e t4 i utended target l - - j method ofi nddeiif di'scovery detasking information and b t1'C_ -dates of collection to be purged SV creates an entry in the database of selectors b -P L- 6 _ associated with targets that have roamed into the United States or have been 3 8 36 b 3 -50 usc 3024 i identified as USPs to identi selectors associated with targets identified as meeting c rtain criteria aen erates a notice to analysts entering TRs This entry is required when incidents identify l rtarg t located in the United Staies l or a target idebtifie4 s a USP I I b 3 -P L 86-36 U J'FOUO TV is responsible for overseeing the reporting and mitigation of incidents that affect TD personnel and systems For each incident information regarding the incident's root cause and mitigation is gathered and documented There are four primary ways in which incidents in TD are discovered 'fOP S ECRE'fh'Sif i'IOFOR ' 90 DOCID 4273474 I OP SECJm T I N 61 0ft N ST -14-0002 o U FOUO Technical personnel or analysts find data that is not protected labeled or transferred as expected o U f OUO Audits of queries submitted by TD personnel are reported when they do not comply with the minimization procedures o U fOUO Upon analysis of a system for TV certification instances of potential non-compliance are reported and o U fOUO Technical personnel self report incidents U FOUO SV and TV provide the incident reports to OGC to assess whether the incident is a matter of non-compliance with tbe FAA 702 certifications and targeting and minimization procedures and is reportable to NSA's overseers see the Oversight section U FOUO Incident remediation Several types of activities may be necessary to resolve compliance incidents or changes in status for example detasking selectors purging communications ineligible for retention recalling disseminated reports based upon communications subject to purge correcting system errors and training The actions taken are documented in the incident report and if appropriate the notice of non-compliance filed with the FISC Depending on the magnitude of an incident of non-compliance e g a system error affecting the functioning oftargeting controls the FISC may require supplemental reports on progress in correcting the matter SV and OGC coordinate such reports with DoJ an d ODNJ U F'OUO Table 28 summmizes the incident reporting provisions ofthe FAA 702 targeting procedures and the controls implemented by NSA to maintain compliance The provisions are documented in the oversight and compliance requirements in the targeting procedures U Table 28 Incident Reporting Provisions and Controls UI Fet107 II Provision Control U NSA will conduct ongoing oversight activities and will make necessary reports including those relating to incidents of non-compliance to the NSA OIG and OGC U FAA 702 training addresses incident identification documentation and the process for self-reporting U FOUO SV and TV document the incident with assistance of the individuals who identified the matter and provide the information to OGC for review OGC in turn f01wards the incident to DoJ and ODNI U NSA will ensure that necessary corrective actions are taken to address identified deficiencies U The incident report documents measures taken to remediate the incident e g detasking and purge of communications U FOUO NSA will report to DoJ NSD and ODNI incidents of non- compliance including over collection by electronic communications service providers within five business days after determining non- compliance U SV TV and OGC manage the incident reporting process to assure that initial reporting is performed within five business days of the identification of non-compliance U 'fOP SECRE'fHSI NOFORN 91 DOCID 4273474 'fOP SECitE'f Sf NOI OltN ST-14-0002 U Collection U NSA's FAA 702 minimization procedures require that collection ofinformation by targeting non-USPs reasonably believed to be outside the United States be conducted in a manner designed to the greatest extent feasible to minimize the acquisition of information not relevant for the purpose under which the collection was authotized Steps to assure that acquisition meets this requirement start with target research and approval and the determination that the proposed target meets the criteria for eligibility under FAA 702 NSA has incorporated additional measures in its collection process to comply with this limitation U Collection mechanisms for FAA 702 communications U NSA has two collection mechanisms for FAA 702 ------- 6' 3 -P L 86-36 communications are obtained by the FBI through compelled collection from ISPs and include onJy communjcations to which a tasked selector is a party For upstream Internet collection and telephony collection the communication service providers who control the telecommunications infi astructure over which the communications travel are legally compelled to make available to NSA communications related to tasked selectors Upstream collection of Internet-based selectors may include communications to or from the tasked selector as well as communications in which the selector is referenced within an Internet transaction The latter is called abouts collection because the communication is neither to nor from the tasked selector but about the selector i e the selector is contained within the communjcation Communications acquired from telephony selectors are only to or fi om the tasked telephone number i e abouts collection is not a factor U Provisions of FAA 702 certifications-filters s t 1 3 t t F f NSA 's FAA 702 tar etin roced -state t - t -- - - - - - - - - - - - _ - -- - -- 1g -P L oo L -__ emplo i an Internet Protocol filter to ensure that the person from whom it seeks to obtain foreign intelligence information is located in a foreign country 1 U Collection controls for telephony and upstream Internet communicationscommunications not to or from the target t'T'C' 1 C I r 1 ll l t ' j g P t 86 6 b 3 -50 usc 3' l24 i 'fOP SECitE'f SI NOFOltN 92 _ 86 36 DOCID 4273474 TOP SECRETf Sf NOFORN ST -14-0002 o The providers should deliver only communications meeting these criteria to NSA o lbl J U Provisions of FAA 702 certifications-analysis of selector targeting status bl_ 3 P 86- - _ SIIREL TO USA FVEY NSA's FAA 702 targeting procedures set forth criteria b -50 Us - 024 olfor ip itiating collection on a target Once a target's selector has been placed on - - colleciion -th e Agency continues to evaluate collection and use other tools to identify 'chao _ges in the sfatu s Qt to cation of the target e g change in USP status such as - information that the individual_ has been granted permanent resident status in the U ted Stales pr information tha'fthe-ta rget is entering the United States If these chabges occur 'or--it is determined that the farget is no longer producing foreign intelligell ce the selectot is removed fi om collect1on cb Dges in tarcretin status ma be rocessed immediate u Qn identification in NSA s st'ems ------ -- Th is re mres N A to - ---------- - L- ---- r------- --- U Collection controls-verification that collection is for currently tasked targets f For each source of collection NSA em lo s rocesses to determine whether b 1 are seudfti g cO'minunications only for selectors currently tasked d b p -P L 86-36 _a_u-th o-t- iz_e_d GBP- -' or collection o I I ' l U FOUO Collection for telephony - - Je ctors l I - b 3 P L 86-36 o TSI Slh W Upstream collection for Internet-based selectors TOP SECR eTh'Sff NOFOR ' 93 b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i DOCID 4273474 'fOP SECRE'fHSI fNOFORN ST-14-0002 thH1r-- b 3 -P L 86-36 b 3 -50 usc 3024 i L - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 TSHSIHNF A situation kn 9 WD as iL---- - T ______ IL c an re s u lt i n th e unintended lGquisitiofi o non- target comp 11 1 uications -- ---- ----- -- ---- ------' c A NSA implemented a verification ' ' ' ' ' Pf6ce ss to address this situation that is another check performed before upstream '6 1r Internet communications are forwarded to analyst -accessible repositories for I I l b 3 P t 86-36 p rO'cessing J b 3 -50 usc 3024 i -- 1----------------------------r-' l lJ '1 ' 1 - 'b 1 b 3 -P l 86 6 b 3 -50 usc 3024 i U Provisions of FAA 702 certifications----t pstream Internet transactions U Background Upstream Internet collection includes acquisition oftwo types of communications not present in downstream collection abouts communications and multiple communications transactions MCTs Abouts communications are those that are not to or from the target selector but whose contents include the selector For example if a target's e-mail address is within the body ofthe Internet communication between other individuals the communication is about the selector An MCT is an Internet transaction that contains more than one discrete communication lf one of those discrete communications is to from or about a tasked selector and if the active end ofthe transaction is foreign the entire MCT transaction will be acquired through upstream Internet collection This can include other discrete communications that do not contain the tasked selector If the targeted selector is not the active user in the transaction the MCT can include other discrete communications that do not contain the task ed selector U Provisions NSA's FAA 702 minimization procedures require NSA to 'fOP SECR-E'f 81 i'IOFOR ' 94 DOCID 4273474 'fOP S CRE'f 91 N OP ORN ST -14-0002 take reasonable steps post-acquisition to identify and segregate through technical means Internet transactions that cannot be reasonably identified as containing single discrete communications where the active user of the transaction i e the electronic communjcations account address identifier used to send or receive the Internet transaction to or from a service provider is reasonably believed to be located in the United States or the location of the active user is unknown U fFOUOj Internet transactions that cannot be identified as meeting the above definition must be segregated and retained in an access-controlled repository from which transactions may not be moved except for processing to render them intelligible unless they are determined not to contain discrete communications for which the sender and all intended recipients are reasonably believed to be in the United States Any such transactions moved to data repositories accessible by analysts are required to be identified as having been previously segregated 68 NSA's FAA 702 minimization procedures also specify that Internet transactions acquired through NSA's upstream Internet collection techniques on or before 31 October 20 II be destroyed upon recognjtion U Upstream Internet collection controls-multiple communication transactions TS SI iNf Effective January 2012 NSA implemented a process for analyzing and processing upstream Internet collection to ensure that only MCTs devoid ofwholly domestic communications will be forwarded for further analysis This process applied to all upstream data that bad been sequestered starting I November 201 I 69 Three criteria are used to sort these communications and determine whether they would be withheld from use by analysts sequestered in a collection store or sent to data stores accessible by analysts the type of communication discrete or MCT the active user oftbe selector and the location of the active user The minimization procedures require that sequestered communications be accessible only to s eciall trained ersonnel to determine whether the rna be authoriz ed for use _ _ o o m b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i As ------ ------ ---------- ------ NSA reported to the FISC all FAA 702 upstream Internet transactions acquired before November 2011 whether or not they were MCTs were deleted Additional controls are required when MCTs available to analysts are used for example to support reporting of foreign intelligence see the Sbming and Dissemination section b 1J t 3 -P _L 8 _6 oo3 s _ _ _ _ _ __ 8 ' Ts#s Il t ' J ough the minimization procedures permit NSA to pass previously segregated communication to repositories accesslb'le to analysts NSA has not done so Si'IS_I IRLL TO USA r ' 't ' n l I the only FAA 702 data forwarded to analyst -a essibl e repositories was datal Ior where the target was the active user The hltnainder was sequestered pending development of decision logic to assess MCTs The data was also excluded from I I 69 TOP S CRET 81 NOFORN 95 DOCID 4273474 TOP SECRETh'Sf NOFOftN ST-14-0002 U Table 29 summarizes the collection provisions of the FAA 702 minimization procedures and the controls implemented by NSA to maintain compliance I U Table 29 Collection Provisions and Controls Q I 1 - p 1 I _ L Jo U II Provision Contror U Acquisition of information by targeting non-USPs reasonably believed to be outside the United States will be conducted in a manner designed to the greatest extent feasible to minimize the acquisition of information not relevant to the pu rpose for which it was authoriz 9 ' ' IJ U Targeting controls see Table 26 are the fi rst measures employed to limit collection to communications of targets that meet the requirements of the targeting procedures The foreignness requirements and the post-targeting analysis of communications serve to minimize collection of communications not authorized for acquisition e g domestic communications I I L -IU- - - - o --------------------L- It 3 -P L 86-36 ' 'b l- b 3 -P L --86 _ 36 b 3 -50 usc l024 i -3 'IfF o Acquisition U Internet protocol filtering is performed on collection I 1 1t venfy that at least one end of each transact or i ln t er n et Pir o to c ol fi llt elr o j j a _ 1 --ls t r o e-lg n_ 'O In I Y trans ctions meeting this criterion should be j of communications not to or from the target will employ an 3 o uot lol- I I1 ' b 1 b 3 -P L 86-36 delivered fC' NSA r I I 1 1'------------ T' ---- - I i o U NSA will take reasonable steps post-acquisition to identify and segregate through technical means Internet transactions that cannot be reasonably identified as containing single discrete communications where the active user of the transaction is reasonably believed to be located in the United States or the location of the active user is unknown U NSA has implemented proc-edures to analyze upstream Internet collection Only discrete tran actions a_6q MCTs meeting certain criteria are made accessible to an l_ysts H3 -P L 6-36 U If6t1et r P U Repositories U Provisions of FAA 702 certifications-repositories U ffffl JOT NSA's FAA 702 targeting procedures require that NSA establish processes for ensuring that raw traffic is labeled and stored only in authorized repositories and is accessible only to those who have had proper training see the Access and Training section TOP SBCRBTHSI rOFORl'l 96 DOCID 4273474 TOP SECRE'f'f SI NOfOltN ST -14-0002 U Control framework for access to FAA 702 repositories U FOU0 7 Several control procedures are employed to ensure that FAA 702 data is stored in repositories that meet standards fo r security and compliance and that access to the data is properly controlled From the time of collection data is processed through interim systems before it reaches thq lapproved source systems for 70 FAA 702 reporting The remainder of this sectwn describe s Jour types of controls focusing on their application to thq l - o U f OUO System security accreditation o U f OUO System certification o U FOUO Data flow management and o U FOUO Data tagging b 3 -P L 86-36 U FOUO Approval for NSA systems to store and process FAA 702 data U ffOUOJ Accreditation TS is responsible for managing the risk on all NSA networks and the computer systems and devices connected to those networks TS's responsibilities include o U J'FOUO Guiding prioritizing and overseeing the development of information assurance programs necessary to ensure protection of information systems and networks by managing the NSA Information Security Program o U fFOUO Serving as the Director NSA Authorizing Official to accredit all NSA information systems o U FOUO Conducting information systems security and accreditation and risk management programs and o U f OUO Establishing maintaining and enforcing NSA information systems security policies and implementation guidelines U Accreditation is the official management decision to permit operation of information systems in specific environments at acceptable levels of risk based on the implementation of an approved set of technical managerial and procedural safeguards U FOUO When accrediting systems TS uses the National Institute of Standards and Technology NIST Risk Management Framework to determine the appropriate level of risk mitigation to protect systems information and infi astructure NIST Special Publication 800-37 Guide for Apply ing the Risk Management Framework to Federal Information Systems February 201 0 describes the six steps in the framework TOP SBCRBTHSI rOFORl'l 97 DOCID 4273474 TOP SECRET Sf NOf OftN ST-14-0002 o U F OUO Categorize the information system and the information processed stored and transmitted by that system based on an impact analysis risk assessment o U fOUO Select an initial set ofbaseline security controls for the information system based on the security categorization tailoring and supplementing the security control baseline as needed based on an organjzational assessment of risk and local conditions o U ffOUO Implement the security controls and describe how the controls are employed within the information system and its environment of operation system developers o U IfOUO Assess the security controls using appropriate assessment procedures to determine the extent to which the controls are implemented correctly operating as intended and producing the desired outcome with respect to meeting the security requirements for the system independent testing by TS o U fOUOj Authorize information system operation based on a determination of the risk to organizational operations and assets individuals other organjzations and the nation resulting from the operation of the information system and the decision that this risk is acceptable and o U f OUO Monitor the security controls in the infotmation system on an ongoing basis including assessing control effectiveness documenting changes to the system or its environment of operation conducting security impact analyses of the associated changes and reporting the security state of the system to designated organizational officials U fFOU0 1 Before a system is authotized to be put on a network it must go through the accreditation process and be approved by TS Once implemented systems are b fJ -P L 86-36 subject to reaccreditation every three years or when significant changes occur that may affect the risk assessment The dates through which the FAA 702 repositories are accredited are hsted in Table 30 U JFOl IO Table 30 Accreditation Status of NSA I_ _ _ -' FSHREL l9 lelEUR 1 F' EJPY stem named In the System Sicurity Plan SSP b 1- b 3 -PL 86 a TS REL TO USA FVEY TOP SECRET 811 NOFORN 98 DOCID 4273474 'fOP S CRE'fh'SI N Of Oft N ST -14-0002 U IFOUOJ Certification In addition to system accreditation all systems containing FISA data must be certified by TV4 the NSA authority for certifying automated systems to ensure they are compliant with the legal and policy regulations protecting USP privacy Dol and the FISC are notified when NSA designates a _q e w l I U f OU In2010 NSA began certifying FISA ystems a s part ofan effort to ensure that they comply with the legal aJ td policy regulations protecting USP privacy This included the repositories that c6ntrun FAA 702 metadata Personnel fi om various organizatioq s within SID and TD performed the initial certifications TV subsequ _p tly assuliJ ed responsibility for system certification and developed the NSA corporate database for registering NSA systems their compliance certification and data flows It is NSA's authoritative source for all compliance certifications b 3 -P L 86-36 U FOUO The Agency 's certification process currently evaluates system controls for compliance with purge data retention and age-off data access querying dissemination data tagging targeting and analytical processes These mission functional areas are defined by the Comprehensive Mission Compliance Program ODOC administers Through this program compliance certification requirements are developed to address required compliance controls The compliance requirements administered by the TV2 requirements team form the basis for the criteria against which systems are certified for compliance U ffOUO To be certified to handle FISA data systems must receive TV certification through the Compliance Certification process The TV4 certification dates for the h at contain FAA 702 data and which can be used as sources to support dissemination are listed in Table 31 I UI FOU9 Table 31 Co pli _nce Certification Status of NSA _l_ _____ l b 3 -P L 86-36 fFSfJREL 1'8 USA f v I II I System Certification Date li o o b ' 1 b 3 -P L 86-JS - U IFOUOJ TV provided new compliance certification guidance in May 2014 Systems other than those being decommissioned within twelve months which meet the following ctiteria should be recertified by TV b 3 -P L 86-36 o U IfOt JOJ Systems with two significant system-related incidents in a twelve month period or three total o U FOUO FISA systems that have not been certified within two years 'fOP SE CRE'fHSI rOFOR r 99 DOCID 4273474 TOP SECttET Sf NOfORN ST-14-0002 o U t'OUOJ Systems with a major upgrade affecting compliance functionality or o U P'OUO' Systems planning to process under a new authority e g addition of FISA data U IF0007 Owners of all affected FISA systems were notified in June 2014 that they should com lete recertific tio if their systems met these guidelines - -s' ' ''''' months ofthe repos1tonesl b 3 -P L 86-36 are scheduled To be decommissioned and were exempted from this L ----- ---' req uirement l U Data flow management C IREL 'fO U A F VC i' USSIDs define a set of controls and operating procedures forthe United States SIGINT System USSID DA3511 Data Acquisition Directorate Targeting and Data Flow Management defines a process intended to assure that only desired SIGINT is delivered to intended users in the time fi ame and format required SJ '811 KEL 'fO USA F YEJPYJI lis responsible for yovertng end-to-end mana m ent-- of-Itifernet and telephony___ t c ollecti n houses the access data __ _ - maiiag _r s r spon sible- fortestmg and setting up new data flow paths that traverse the ''' s lt f processing--infrastructure The O Data Governance Team governs the 3 86 36 b -P L processing and disttibution of data collected within NSA 's SIGINT system oversees the documentation and review of all new dataflow requests and implements processes designed to ensure that NSA compliance standards are maintained throughout the development ofnew data flows 8 SI REL TO USA FVEY The Data Governance Team manages the data flow process Customers must complete Dataflow Management Requests DMR to initiate or modify data flows DMRs require detailed information including the status of bH 1 - _ system certifications system accreditation plans types of data to be processed oLu 4 1 I authotities for collection and 1 documentation of data flows DMRs are evaluated and approved by a triage team L- --- -t' ' ---- - ---- ------ l pon triage earn concurrence the DMR is given to th Targ ting and Tasking and Qata Delivery organizations for testing and 1mp ementation -----DMR-s are omplete on c e all required approvals are obtained and data flows become operationar---- _ l b 3 -P L 86-36 U Data tagging U FOU01 Historically NSA has managed data access by implementing restrictions on data storage including the use oflogical database partitions Data flows were designed to place data in these partitions for example according to the FAA 702 certification under which the communications were acquired To access the data personnel bad to have appropriate training and be given access to certain systems and missions matching the data partitions where the data was stored TOP SECRETHSI 1 0FOR I 100 DOCID 4273474 'fOf S CRE'fHS I N OFOR N ST -14-0002 U $ 0 UO As NSA uew me'Chaiiisms --ror h 3 -P L 86-36 storing and accessing data are being developed Data tags are created for ea cb ' i coJlection record identifying the authority under whjcb the data wa S'collected as well as several other ieces of information used in mauaoin o tbe data over its life c cle 71 Thus to access raw data acquired under the 3 -P L 86-36 certification fo r FAA 702 analysts must be approved for access to such collection as part of an authorized mission and fulfill the trairung requirements for the authority -- -- U FOUO Data tags also serve to maintain compliance with limitations on the scope of queries as well as age-off and purge requirements U FOUO' Table 32 summarizes the repository provisions oftbe FAA 702 targeting and micimization procedures and the controls NSA implemented to maintain compliance U Table 32 FAA 702 Repository Provision and Controls U II Provision II Control U All systems processing FAA 702 data must complete a security accreditation process U All FAA 702 repositories are certified compliant with the legal and policy regulation protecting USP privacy U Data flows must be approved YO and SV to ensure compliance U Data tags are applied to rdentify the authority under which the information was acquired The tags also serv e to manage access tn nrl f th rlata j U Ifflt te7 NSA has established processes for ensuring that raw traffic is labeled and stored only in authorized repositories II l U b 3 -P L 86-36 U Access and Training U Provisions of FAA 702 certifications U The FAA 702 targeting procedures state that NSA will develop and deliver training to ensure that intelligence personnel responsible for approving the targeting of persons under that authority as well as analysts with access to the raw data acquired pursuant to FAA 702 understand their responsibilities and the procedures that apply to this acquisition '- _c_s_RGBP_L u_sj_ _r_'_'c_v_21-------------------------------- _ - _ _ _ _ _ _ _ _ l __ To__ TOP SECRETf 81 rOFORN 101 t ' oo - b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i DOCID 4273474 'f'Ofl SECitE'f' Sf IN Ofi'OftN ST-14-0002 U Control framework for restricting access to FAA 702 collect ion to authorized person nel fi'S iSINtff NSA requires that users having access to FAA 702 data have one or more credentials be current on the required training and be assigned to approved mlSSlOnS ' 1 3 z- ' ' l'li' 1 Required crede ntial Onel b -f' L 86-36 lcre d entials is needed to access FAA o I - acces data coUected under the l - I FAX 702 certifications IF_ - JL ------------ 702 data l is reauired to 7 Cf REL T USA FVErij Obtaining the credential To obtain any of the credentials a request must be su_ r r l it ted inl I Only individuals who bold the requested credential w ay subm1Csomeone for the credential The request is first revi yv e d by--the - xssociate Directorate for Security and Counterintelligence Q - to d'efermine whether the applicant has satisfied certain security criteria If approved oill by Q the request is forwarded to SV for final adjudication SV reviews the request 86-36 u f 3 -R L L h Lt be m d'1v1'dua1 1 s curTent on requrre d trammg and tbat the request '' ''' - ven'fymg i r e W Q S a valid mls siOifjusti-fieation JJ a _I__1 equirements are met SV approves the - ederitia t t ll Ifor entry to NSA's security a ruabase I Iretrieves _ iriform tion froml ---l an Q _ everal other corporate authoritative source systems that proyide lhe s atus of individuals'' appr oyed missions traiujng and clearances Using this i'n'foQ11ati ii i lcalculates iaily- a listo f individuals who gualify for FAA 70 t access NSA systems use the information fro-ml to detennine what data the indiv t duals are authorized to access SID maintains the authority rules verifies for individuals to access data which determine wbatl j I U fFOU01 Obtaining access to mission resources SID policy designates las NSA's tool for the proper administration and implementation of access to SIGINT data in NSA repositories it facilitates the administrative process of acquiring access to tools and databases Access sponsors submit individuals for access The sponsors determine the appropriate SIGINT authority for users assigning them to a mission documented in the mission correlation table a master list of all analytic production elements that have been approved for SIGINT missions The table facilitates database access by providing a record of databases needed to perform SIGINT missions The access sponsor nominates a user for access to raw SIGINT databases sources and tools in support of a stipulated mission The sponsor ensures that auditors are assigned to the mission to review queries of mission H ''''' ''oo t- da d H H H H 1Je e ds H u se r accessHinfor mationHtol I I ' JPY 3 1 86 36 t - - - - - - U FOUO lCrede rliii W as originai Y t bilshoo for flSA a and reonjres lrajn jng n NSA 's _ Standard Minimization Pro e Q ures for FISAinform a rioH - L ter di fterent verst011s ot iL --____ 1 Iwere established for p_arricular categodes of F f A---1 permits access to FAA 702 data acqUired before the establishment oftllej redentialln l I 72 r'hel TOP SB CRE'fh'SI OFORN 102 DOCID 4273474 'fOP SECRET 81 0 F OR N ST -14-0002 o U LfOU0 1 Maintaining access Automated and manual procedures provide assurance of continuing eligibility to access FAA 702 data Users and access sponsors are responsible for removing users' access when they no longer qualify for a missiou E_ c hl Imission is also requiTed to have au intelligence oversight officer who performs periodic reviews to ensure that individuals assigned to mis sions are still eligible for access U FOU0 1 Enforcement of required traiuing is supported by the production of o o automated notices to individuals well in advance of their training expiration date b 3 -P L 86-36 N al s unti'1 the trammg 1s comp 1eted If tratrung ottces are pro duce d at regu1ar mterv e xpires Jhe individual is automatically removed from access to FAA 702 data 73 C ' - 6 D i Jii rn J I Icalculates daily a Jist of individuals who interfaces with several corporate qualify for FAA 702 acc ess -1 authoritative source systems that provide the status of individual's approved missions training and clearances For systems that use data tags user information in I l is compared with the data tags applied to the communications before giving the individuals access to the data If the user does not possess the combination of requirements identified in the data tag access to that data is denied U FOUO Appropriate and adequate training NSA CSS Policy 1-23 requires that Agency personnel complete 10 training annually U FOUO' To qualify for access to data acquired under an FAA 702 certification persons must have completed specific training courses within the last 12 months All courses are developed by NSA's ADET in conjunction with the OGC mission subj ect matter experts and mission compliance professionals All NSA analysts who perform targeting functions must take the first three courses listed next the last is mandatory only for personnel requiring access to FAA 702 data o U LfOUO OVSClOOO - NSA CSS Intelligence Oversight Training -the Agency's core IO course provided to the workforce to maintain a high degree of sensitivity to and understanding of intelligence laws regulations and policies associated with the protection ofU S person privacy tights Personnel are familiarized with the major tenets ofthe four core IO documents Executive Order 12333 as amended Department of Defense Regulation 5240 1-R Directive Type Memorandum 08-052 and NSA CSS Policy l-23 OVSC I 000 is web-based and includes knowledge checks for 74 proficiency o U ffOUOf OVSCll 00 - Overview of Signals Intelligence Authorities - the W 3 P l 86-36 - SIGINT core IO course provides an introduction to various legal authorities - - - _ ' - o I 73 CU 1 lctoesI not verify the individuals' - 7o2 ti aiiill1g sfiitus f ___________ 74 U IFOUO E O 12333 United Stales Intelligence Activities DoD Regulation 5240 1-R Procedures Governing the Activities ofDoD Intelligence Components That A feel US Persons DTM-08-052 DoD Guidance for Reporting Questionable Intelligence Activities and Significant or Highly Sensitive Mailers 'fOP SECRE'fHSI NOFORN 103 DOCID 4273474 TOP SECRGBPT SI INOFOR N ST-14-0002 governing NSA operations Upon completion personnel should be able to identify applicable surveillance authorities at a high level define the basic provisions ofthe authorities and identify situations requiring additional authority OVSC I LOO is web- based and includes knowledge checks for proficiency All personnel in the U S SIGINT System USSS working under NSA SIGINT authority with access to raw SIGINT are required to complete OVSC1100 o U fOUOj OVSCI800 -Legal Compliance and Minimization Procedures an advanced SIGINT intelligence oversight course which explains policies procedures and responsibilities within missions and the obligations ofthe USSS to protect U S person and foreign partner privacy rights OVSC 1800 is web-based and includes competency examsl l Pers ogg l 'Nho do not pass the test after l -attempts must complete remedial trainillg -All analystsjQ_ he USSS working 1 1nder DIRNSA SIGINT authority with access to raw SIGINT are-required - to c oiil pl t e OVSC 1800 annually - 't 3 -P L 86-36 I I o S ion -xpl ains U FOUO OVSC1203 FISA Amendments Act FAA 702 the legal policies and targeting and mini1 9 izati6r1 procedures FAA m ndates The course is web based and incl gdes -a competency exam Personnel who do not pass the test after ------------ -- attempts must complete remedial training All analysts who require access to FAA 702 data must take this course annually l I I U FOUO Other courses are also required before analysts can access NSA targeting tools The first four of these are required for all NSA analysts who perform targeting functions while the last is mandatory only for those analysts targeting under FAA 702 o U POUOj CRSK1300 Foundations of Smart Targeting a web-based course that covers targeting policy processes and concepts available assistance targeting tools research and collection o U FOUO CRSKJ 30 J Foundations of Smart Targeting Research available in web-based format beginning January 2015 the course focuses on elements of the targeting process requiring research the research process and the tools and databases used in research o U FOUOj CRSKJ 302 Foundations of Smart Targeting Targeting a webbased course that includes collection source considerations the target workflow process creating TRs finding and assessing collection results and documenting sources o U FOUO CRSK1303 Foundations ofSmart Targeting Targeting Maintenance a web-based course that focuses on resolving compliance problems managing traffic and maximizing the intelligence value oftasked sel ectors TOP SECRETh'SI NOFOR N 104 DOCID 4273474 TOP SECRETHSI fNOF ORN ST -14-0002 o U f OUO CRSKI304 FAA Section 702 Practical Applications a webbased course required for all NSA analysts who conduct targeting under FAA 702 It is scenario -based and addresses compliant TRs targeting maintenance and incident reporting U f'OUO Adjudicator training In addition to the above courses mission personnel who grant final approval ofFAA 702 TRs must take a course on the approval process be approved by their FAA 702 mission lead receive hands-on training by personnel with adjudication experience and be approved by S2 Mission and Compliance staff Upon approval elements in SID will upgrade the individual's access role iQto allow adjudicati-on ofTRs TiJj 3 -P L 86-36 H o H o U fOtJO CRSKJ 305 - FAA Section 7Q 2 Targeting Adjudication - a course that explains NSA resourcesJor validailng selectors and foreignness TRS' ' determining whether submitted TRs should be explanations in0 approved and follow-up actions after a TR bas been approved or denied U Access requirements for technical personnel to FAA 702 repositories U fOUO Technology Directorate personnel who directly support repositories and systems that contain raw SIGINT data or activities that utilize raw SIGINT must complete OVSCIOOO OVSCIIOO and OVSCJ806 training annually OVSC 1806 is the same course as OVSC1800 see above but bas an additional lesson on the system compliance certification process Technical personnel who support FISA systems and whose responsibilities may include direct access to FISA data are also required to attend a briefing administered by OGC and TV Upon completion of the briefing SV Irecording the user's attendance at the briefing and theiT update s1 autho'fization for access u Identification of access vulner - jl it Y i -----' U I F0y0 is iJ e f' i e scheduled to be decommissioned in 20t 7 - - relies- on a con tb ination of - ' ' ' to protect access to data does interface d 'f h d' 'd al owever It oes not ven y t at an m IVl u 1s current on trammg 76 as part of its access control - Wit 'o G'4ffiL TO USP 'li 'teJPY 1 an individual with authorized access to FISA data discovered that FAA 702 data had been included in the results of a query o ldata The individual bad received FAA 702 training when she was I U j ' U ffOUS l isNSA s Corpora t e Al l h Q i - on Service See the Obtaining the Credential s cti6n for more in formatia o_n_o_nr-- wl ooooo o ' -P L _ 86 36 3 'fOP ECRE'f 81 NOFOR ' 105 DOCID 4273474 TOP SECRGBPT 81 I t OFOR N ST-14-0002 assigned to a different mission so her access to the data was not in violation of the FAA 702 targeting and minimization procedures However the access did violate SID policy because the mission to which the individual was assigned was not autbotized for FAA 702 77 Investigation of the occurrence led to the discovery that personnel without the required FAA 702 training could access FAA 702 data in I Iif they have th credential 78 To date no incidents have been identified of individuals who have not received FAA 702 training querying 1 land receivl g FAA 702 data 79 I U FOUO When SV personnel discovered this vulnerability they worked with TD to initiate ccfrrective measur s - 1 lwas updated to add ne w t ors to FAA 702 data collected on or after that date The new COIs i em ul te_ the acc s e6il'trols required for ther FAA 02 _systems i cludin controlling ceess based upon the authonty under which 1t was ob_t n e d _ - I l siriiilar process will be implemented to addre access controls roL r at -a-----J - o_btaJo dl A review is urrently - undetway regarding action to take l_ I - ' foc d I j _ o ro s r i i sr i ' n b 3 -P L 86-36 3 02 U Table 33 Access and Training Provisions and Controls U Provision Control U NSA will develop and deliver training regarding the applicable procedures to ensure that intelligence personnel responsible for approving the targeting of persons under FAA 702 as well as analysts with access to the acquired foreign intelligence information understand their responsibilities and the procedures that apply to this acquisition U F'O't10 NSA has a list of courses required annually for analysts to qualify for access to data acquired under FAA 702 This includes OVSC1203 a course specific to FAA 702 U To access NSA targeting tools all analysts must complete four courses on targeting Analysts targeting under FAA 702 must also take a course on application of the authority U Adjudicators who grant the final approval ofTRs under FAA 702 must also complete a course on adjudication specific to the authority U Fet feJ Technology Directorate personnel who support FISA systems must complete OVSC1 000 1100 and 1806 annually and attend a briefing administered by OGC and TV 77 COREL TO USA FVBY SID Management Directive 421 states that FlSA access is based on current mission need and does not follow individual analysts when they move to new missions or location s unless speci tied in the document authorizing the assignment Persons changing missions jobs or locations must provide re-justification to v l ough their management chains for FISA access or access to unminimized unevaluated content in the new L S_ 'b ' l P 8 o3 J'OSitLOll o 7 S U f wrthont I Icredential analysts cannot access FAA 702 data and most other types of FJSA data Tli credential was originally established for FISA data and requires training in NSA's standard minimization procedures for FISA information 79 TSl Sih'Nf OfNSA's O SIGIN I rt j_ i O - rized tor FISA access lare also authorized to access FAA 702 data TOP SBCRBTHSI rOFORl'l 106 b 1 b 3 -P L 86-36 DOCID 4273474 TOP SECRE'f'f Sf Nt ft ltftq ST -14-0002 U NSA has established processes to ensure that raw traffic is accessible in authorized repositories only to those who have had the proper training UifFeol le Access to FAA 702 foreign intelligence and the ability to submit and approve targeting under the authority require certain credentials and access to mission resources databases sources and tools The approval is not granted unless the required training has been completed See above information regarding l aecess - b 3 -P L 86-36 U U Querying Repositories of Collected FAA 702 Data U Provisions of FAA 702 certifications-queries U Minimization procedures permit use of computer selection terms to scan storage media containing communications acquired pursuant to FAA 702 and to select communications for analysis with certain limitations Query selection terms e g telephone numbers and key words and phrases must be formed in a manner reasonably likely to ren1rn foreign intelligence information Collection obtained through NSA upstream Internet collection techniques may not be queried using selection terms of an identifiable USP U Compliance controls-query compliance U fFOUO Queries ofraw SIGINT databases are subject to USSJD CRI610 SIGINT Production and Raw SIGINT Access revised 12 February 2013 which requires that o U iFOUO All user organizations designate two auditors to review daily those queti es presented for their review 80 o U f OU0 1 Auditors be familiar with the targets and types of queties executed within their missions o U fOU0 1 SV provide trruning for new auditors on their responsibilities and certify them as compliant before conducting audits 81 o U f OUOj SV conducts periodic super audits of interactive raw SIGINT database queries verifying that selectors were foreign on the date the super audit is performed and examining tbe query terms to determine compliance with NSA policy 82 o U f OUO NSA mruutain a non-editabl e file of ail such database queries for a minimum of one year U 1 INSA implemented an approach to query review that uses stTatified sampling based upon historical rates of queries identified as reportable to determine the queries from each database to be presented for audit or r view Thel system passively logs queries but the queries are not subject to audit NSA is develqping a process to provide additional oversight for queries against this system 81 U i 'Auditors are now required to take NSA Raw Traffic Database Auditor Training OVSC31 01 every years and must be cleared to the security level required for the authority under which the analyst performed the query subject to audit 2 - cUt The system used to test tor i g l _ nessl Idoes not maintain an historical record of _ - foreignness ofthe tasked selector L ---- 1 _ 80 I two b 3 -P L 86-36 'fOP 8ECRE'fh'Sif NOFOR t ' 107 DOCID 4273474 TOP SECRETHSI fNOFORN ST-14-0002 o U fOUO All queries be driven by a foreign intelligence purpose and o U JPY0 UO An audit record of the selection terms be created and reviewed per NSA policy by the originating organization U ffOUQ Mission auditors are assigned to each missio11 _u sing thel __ - _ tool described in the access section The t ool-requih s that missions have designated auditors before r t wpersonner c-a n he approved for the missions Auditor qualific-atiO'iis l ndude target knowledge expertise in the mission area familiatity with - the type of queties to be reviewed ability to mentor analysts to improve query b 3 -P L 86-36 execution attainment of all credentials required for the data reviewed and completion of all required training Queries presented to auditors are required to be audited within 24 hours of receipt or on the next normal duty day U FOUO SV developed OVSC31 01 NSA Raw Traffic Database Auditor Training to prepare auditors for post-query review The course provides instruction on use of the corporate query audit system incident identification incident reporting and maintenance of records of audits to support SV super audits and DoJ ODNI reviews I Sh'Sfi REL TO USA Fy X Thel system a legacy system which predates J JSSID CRT6'f6 and is scheduled to be decommissioned does maintain a log -- _ __ 'Ofquenes for five years The system has not yet been modified to provide these b 3 -P L 86-3 o Ys to the co orate loa ino and auditin s stem U FOI JO Queries not using USP selection terms U FOUO FAA 702 systems provide records of queries to the corporate logging and auditing system for user generated queries ofraw SIGINT content 83 These records are the source for daily post-query reviews by auditors and SV query oversight These systems also maintain records of query reviews U IFOUtn Auditors examine queries to determine whether they have a valid foreign intelligence purpose Auditors also evaluate query selection terms to determine whether they were constructed so as to avoid obtaining information on USPs The review is intended to balance the pursuit of fo reign intelligence and protection of USPs' Fourth Amendment rights When a tasked FAA 702 selector is used as a query term and the selector is foreign the corporate query logging and auditing system does not present the query for review by an auditor because the term bas been reviewed by a releaser and an adjudicator as part of the TR approval for tasking 84 during the targeting process l fa tasked selector is used as a query term and the U f One ofthel l does norsend qliery -red5i'ds'Totl1e NSA co rpoi a ieuloggTi gu i ' f3 -P L 86-36 auditing system This system is scheduled to be decommissioned 84 U feBS The query auditing and logging system obtains current tasked selectors fronQatid erifies U1eir foreignness against NSA SlGlNT databases 83 TOP SECRETN'SI INOFORN 108 DOCID 4273474 TOP SEiCRGBPTH81 I t OFOR N ST -14-0002 selector is not foreign it is subject to review by an auditor Queries using selection terms that are not approved selectors are subject to auditor review Uilf'OI J Provisions of FAA 702--queries using USP selection terms U FOUO A 3 October 2011 FISC Order approved the use of modified minimization procedures that permit queries of data collected under the authority only for foreign intelligence purposes using USP query terms subject to specific NSA review procedures and external oversight Such queries can only be performed using FAA 702 telephony communications and Internet communications obtained from downstream collection Use ofUSP identifiers to query FAA 702 collection must be approved in accordance with NSA procedures NSA is required to maintain records of all USP identifiers approved for use as selection terms These query procedures are subject to oversight by DoJ and ODNl U FOUO Compliance controls-queries with USP selection terms U FOUOJ NSA adopted internal procedures governing use ofUSP identifiers for queries of communications coHected under FAA 702 Upstream Internet collection is not approved for such queries DoJ and ODNI reviewed and approved these procedures The Senate and House Intelligence Committees were informed ofthese changes There are three sets ofprocedures for approval ofthese queries o U FOUO Queries ofmetadata o U FOUO Emergency queries of content and o U IfOUO NSA's annually required course on FAA 702 OVSCI203 includes training on the use ofUSP identifiers to query raw data collected under the authority The NSA FAA web page also contains the documented and approved procedures for these queties Although metadata queties are not subject to pre-approval the query and a foreign intelligence justification must be recorded to support external oversight The justification must document the analytic knowledge linking the selector to a foreign target or foreign intelligence purpose Content queties using USP identifiers are subject to pre-approval by S2 SV and OGC SV maintains records of all queries using USP identifiers and includes such queries in its query oversight U Table 34 summarizes the query provisions ofNSA's FAA 702 minimization procedures and the controls implemented by NSA to maintain compliance TOP SECRETHSI 1 0FOR I 109 DOCID 4273474 TOP SECRE'fHSf NOf OftN ST-14-0002 U Table 34 Query Provisions and Controls S 1 5 11 P L TO USJ Po'EY lil Provision U Storage media data repositories containing communications acquired pursuant to FAA 702 may be queried to identify and select communications for analysis Query terms such as telephone numbers and key words or phrases will be limited to those selection terms reasonably likely to return foreign intelligence information 'ti 3 L - II Control U Queries of FAA 702 databases may only be conducted for foreign intelligence purposes and are subject to review by mission auditors who must have target knowledge expertise in the mission area and have completed training on raw traffic database auditing The review evaluates whether the query was for a valid foreign intelligence purpose U SV conducts periodic super audits of these queries ef ei IREL TO us a F' IE'1 ' NSA maintains a file of all database queries for at least one year in the corporate logging and auditing system for user cfii'eries onaw s1G 1NT content r J gene ratea _ -------- 11 U Identifiers of an identifiable USP may hot be used as terms to query any Intern communication acquired through upstream Internet collection Use of USP identifiers a terms to query communications must be approved in accordance with NSA procedures NSA will maintain records of all USP identifiers approved for use as selection terms U fFet lEUR1 DoJ and ODNI will conduct oversight of NSA's queries using USP identifiers I U All personnel receive annual training on U P query procedures which can only be performed fodorelgn intelligence pu rposes against FAA 702 telephon't coJ nmunications and Internet communications The SV web page prov1des mstructions for requesting approval of such queries using a process that DoJ and ODNI approved U JF6t 167 Queries of upstream Internet collection using USP terms are prohibited U Queries of metadata are not subject to pre-approval but the query and foreign intelligence justification must be documented U Content queries using USP terms follow request and documentation procedures and are subject to pre-approval by SV and OGC U SV maintains records of all queries using USP identifiers and includes these queries in its oversight of query review I I I I U See the Oversight section 6ff6 11 REL 'Fe U 3A f'O I U Sharing and Dissemination U Sharing UIJ'FOOO As stated in the Access and Training section targeting procedures require that all personnel accessing or otherwise handling raw data acquired pursuant to FAA 702 must be current on training fo r the authority This imposes restrictions even within NSA on the use of information obtained under this authority U Unminimized communications acquired pursuant to FAA 702 may be provided to the CIA and FBI for targets each has identified to NSA Each agency has minimization procedures for handling data collected under this authority and must TOP SE CR eTh'SI NOFOlt 110 DOCID 4273474 TOP SECHT Sf NOfi'OftN ST -14-0002 handle communications provided by NSA in accordance with those procedures CmTently unminimized data shared with the CIA and FBI is limited to communications detived from downstream collection U Dissemination U The NSA minimization procedures apply to dissemination of all information acquired under FAA 702 including non-publicly available information concerning USPs acquired by targeting non- USPs approved under the NSA targeting procedures There are several restrictions on dissemination of information acquired under this authority o U FOU0 1 Discr ete Communication s w ithin an MCT Analysts seeking to disseminate information obtained from a discrete communication within an MCT must assess whether the communication is eligible for dissemination e g not a domestic communication and document that assessment in the comments fi eld of the reporting tool in a manner that supports internal and external oversight o U f OUO Attorn ey -C lient Commun ication s Dissemination ofUSP attorney-client privileged communications must be reviewed by the NSA OGC NSA must cease review of communications between a person known to be under criminal indictment in the United States and an attorney representing that individual in that matter segregate such communications maintain a record of the identified attorney-client communications and notifY Dol so that appropriate procedures may be established to protect such communications fi om review or use in a criminal prosecution while preserving foreign intelligence information in the communication o U fFOUO Domestic C ommunication s A domestic communication may only be disseminated if DIRNSA has approved a destruction waiver for that communication documenting its eligibility for retention and dissemination Such communications must contain information that meets one offour criteria significant foreign intelligence technical database information necessary to assess a communication' s vulnerability evidence of a crime or information concerning a threat of serious harm to life or property Communications acquired when there was no reasonable belief at the time of tasking that a target was a non-USP located outside the United States are not eligible for destruction waivers If a waiver has been obtained NSA may share domestic communications that do not have foreign intelligence value but are believed to contain evidence of a crime with appropriate federal law enforcement authorities in accordance with applicable laws and regulations 85 Without a destruction waiver NSA is authorized to notify the FBI if information in a domestic communication indicates that a target has entered the United States The Agency may also provide information to the CIA and 85 U 50 U S C l 806 b and 1825 c require that the communications be released with a statement that U1e Attorney General must approve use of the information in a criminal proceeding USC 1806 b is not li mited to FAA 702 domestic communications it applies to all disseminations to law enforcement TOP SECRE'f gf NOFOR N 111 DOCID 4273474 TOP SECRETf Sf NOFORN ST-14-0002 FBI for collection avoidance purposes NSA may retain domestic communications shared with the CIA and FBI for six months and must restrict further use or dissemination of communications whose destruction bas been waived by placing the identifiers for these communications on the MPL o U Foreign Communications of or Concernin g USPs These communications may be disseminated ifthe identity ofthe USP is deleted and a generic term substituted so that the information cannot reasonably be connected with an identifiable USP This process is refened to as masking Otherwise dissemination of intelligence based on such communications may only be made to recipients requiring the identity of the USP to perform their official duties and only if at least one of eight additional requirements is met o U The USP consented to dissemination or the information is publici y available o U The USP identity is necessary to understand the foreign intelligence information or assess its importance o U The communication or information indicates that the USP may be a foreign power an agent of a foreign power residing outside the United States and holding an official position in the government or military forces of a foreign power a corporation or other entity owned or controlled directly or indirectly by a foreign power or acting in collaboration with an intelligence or secur ity service of a foreign power and the USP has or bas bad access to classified national security information or material o U The USP may be the target of intelligence activities of a foreign power o U The USP is engaged in unauthorized disclosure of classified national security information only if the originating agency has verified that the information has been properly classified o U The USP communication was authorized by a court order and the communication may relate to the foreign intelligence purpose ofthe surveillance o U The USP may be engaging in international tenorist activities or o U There is evidence that the USP is engaging in a criminal activity o U Foreign Communication of or Concernin g a Non- USP may be disseminated in accordance with other laws regulations and policies provided that the communications are eligible for retention under FAA 702 o U Collaboration witb Foreign Governments Consistent with the authority accorded NSA by E O 12333 the Agency maintains cryptologic liaison relationships with certain foreign governments Information derived from FAA 702 collection that has been evaluated for foreign intelligence and minimized for USP information may be disseminated to these foreign TOP SECRETHSI rOFOR r 112 DOCID 4273474 TOP SECRGBPT ISI INOFORN ST -14-0002 governments 86 Dissemination of infotmation of or concerning a USP must comply with the restrictions described in Foreign Communications of or Concerning USPs above as well as with those described fo r MCTs above NSA is permitted to disseminate unminimized communications to foreign partners to obtain technical or linguistic assistance to determine the meaning or significance of the information 87 U Sharing FAA 702 with authorized NSA personnel U fFOUO Analysts authorized to access FAA 702 communications are trained to ensure that individuals with whom they wish to discuss such communications have appropriate credentials I l penn Jts review ofan individual's training and clearances The training also addresses NSA p'Olicy hich states that e-mailing unminimized and unpublished data to anyone even otJ iefNSA ttersonnel violates compliance controls such as effective auditing b 3 -P L 86-36 U Provision of unminimized communications to CIA and FBI U FOUO As described in the Targeting section NSA must approve selectors nominated by these agencies based upon compliance with NSA taraetincr rocedures F ved selectors Internet communica ions are routed to the re q uesting agency based p mation in he r R NSA'poilcy stateL s- t --a-t -an- a l-ys_t_s_s --ou n-o-t- s ru- e___ - u nmi J hnizea and li r1e aluated communications received pursuant to this collection ' ' ' ' ' with the CIA and FBI for selectors tasked on behalf of those agencies collaboration ' ' on such collection is permit ted when analysts from the CIA or FBI access the b 3 -P L 86-36 uuminimized communications from their own agencies' FAA 702 data repositories The required annual FAA 702 course OVSCJ203 provides training on these restrictions which are designed to assure accountability of dissemination if recall or purge becomes necessary U General dissemination requirements U f'OUO Limits on use of reported FAA 702 communications Analyst training OVSC1203 instructs that use or disclosure of information derived from FAA 702 communications in any criminal proceeding immigration proceeding or any other legal or administrative proceeding is prohibited without the advance authorization ofthe Attorney General oftbe United States To prevent such use NSA internal procedures require that disseminations ofFAA 702 derived information include the Intelligence Purposes Only caveat that prohibits use of the information without approval This is included in the FAA 702 training 86 U ffeB Collected tratftc that has been evaluated to determine whether it contains foreign intelligence and has been subject to minimization to protect USP identities is referred to as evaluated minimized traffic or EMT 87 U Dissemination tor technical or linguistic assistance is subject to speci'fk restrictions limiting the use ofthe information by the foreign government to translation or analysis ofthe communications allowing dissemination only to the individuals perlorming the analysis or translation restricting the foreign government from making a permanent record of the information and requiring destruction or return to NSA ofU1e information disseminated TOP SECRET 81 NOFORN 113 DOCID 4273474 TOP SECRE'f'f SI NOfOftN ST-14-0002 U fOUOJ Reporting documentation Consistent with the purge requirements in the minimization procedures NSA is required to account for and must be able to trace its disseminations based on FAA 702 communications The annual training addresses the documentation that analysts must complete to fulfi 11 this requirement o L W7 The collection authority specific FAA 702 certificatio piece of traffic used in the report and o - b 3 -P L 86-36 U A source verification statement documenting an identifier for each piece of traffic and confirming that the source was not ineligible for retention or subject to purge A new reporting tool first introduced in 2013 performs the source verification automatically Successful completion ofthis process with no flags confirms the traffic may be used as a source for reporting StfSf REL TO USA FVEY An NSA reporting policy document Sourcing Requirement and Verification Guidance ISS-054-10 revised 8 May 2012 provides reporting and dissemination guidance The policy requires that individuals releasing reports verify that the reports do not contain information that should have been purged fiom raw SIGINT databases This must be performed within 24 hours of the report release using the Master Purge List SIGINT reporters are also required to include traffic source identifiers for all reports and enter source verification statements in the reporting tool to confirm that this review bas been performed - b 3 -P L 86-36 SHSf REL TO USA FVEY The primary analyst reportinf tools used in 2013 performed automated verification o o u es against NSA s Iat the time of r p ortxelease --If none of the scii irce records for the report matched records in the purge system the report would be released If a match to the identifier for a purged record was found the release would be stopped and the individual releasing the report would be notified The policy requires that a manual source verification check be performed for reports released through means without automated source verification In 2014 a new analyst reporting tool was implemented that also includes automated source verification see the Purge section U Disseminating communications involving MCTs U FOUO The FAA 702 am1Ual training course OVSC1203 addresses procedures that analysts must perform for upstream Internet collection containing MCTs to comply with the minimization procedures The training identifies the requirements for disseminating single discrete communications within MCTs The course also explains requirements for documenting the analysis that supports tbe decision that communications are eligible for reporting An NSA reporting policy document Source Record Entries for Reporting from FAA 702 Multiple Communications Transaction ISS-185-11 requires that compliance be documented in NSA reporting tools SV performs oversight of tbe documentation supporting use of certain MCTs for reporting see the Oversight section 'fOP ECU'f 1 N OI OltN 114 DOCID 4273474 TOP SECRETHSI fNOFORN ST -14-0002 U Disseminating attorney-client communications U f'OUOJ In OVSC1203 analysts are trained on the requirement that NSA OGC personnel pre-approve disseminations of information involving USP attorney -client privileged communications U FOUO Disseminating domestic communications Dissemination of domestic communications is limited to those communications for which DIRNSA has approved a destruction waiver documenting their eligibility for retention 88 Such communications must contain information that meets at least one of five criteria significant foreign intelligence technical database information information necessary to assess communications vulnerabilities evidence of a crime or information concerning a threat of serious harm to life or property Destruction waivers are discussed in the Oversight and Purge sections Training on retention and use of domestic communications is included in OVSC1203 UI FOUO Disseminating foreign communications of or concerning USPs U FOUO OVSCJ 203 addresses the requirement to exclude information fi om reporting that would allow a reader to determine a USP's identity unless the identity qualifies for dissemination under the terms of the FAA 702 minimization procedures NSA' s Information Sharing Services Group ISS reviews exceptions to this ''masking requirement ISS handles requests for release ofUSP identities U Disseminating foreign communications of or concerning a non -USP Foreign communications of non- USPs that contain foreign intelligence are eligible for dissemination subject to other applicable laws and policies U Dissemination to foreign governments Information obtained under FAA 702 may be disseminated to foreign governments in three ways addressed in OVSCI203 I 51 SIIIRGBPL TO USA f'Jl 'r' l i rP L 86-36 -----------------r rr _ 88 U ffOUet A destruction waiver is not required for dissemination of domestic communications to notify the FBI of the target's presence in the United States or to notify the FBI or CIA for collection -avoidance purposes TOP SE CRET SI IHOFOR 115 i DOCID 4273474 'fOP SECRET lSI I OFORN ST-14-0002 o 6 3 -P L 86-36 U 1-Af '- -fA- 1 J - _ l-8m b dissemination must be performed in accordance with special handling procedures and requires the approval of SV and OGC who maintain records and report this activity to DoJ and ODNI L -_ _ _ SHREL TO USA FV HY Dissemination of collection acquired when posttasking technical checks are not functioning properly In 2013 NSA identified b l1Y - g o J i and reported an incident in which a system modification caused incomplete ksee the Po sFTargefiri secfiO'rir Aineri fe f H production o4 minimization procedures approved in November 2013 required application of mc e q y - - t t NSA d veloped in response t the incident These pro ed res mcluded addittonal yenficatlon of target locat10n before FAA commumcatlons lpost-tasking technical checks are not acquired during a peri o d vheq functioning as intended are used for targeting and dissemination These procedures were the subject of several communications across SID as well as training sessions and are documented onNSA' s FAA 702 web page U f OUO Table 35 summarizes the sharing and dissemination provisions ofthe FAA 702 targeting and minimization procedures and the controls implemented by NSA to maintain compliance U Table 35 Sharing and Dissemination Provisions and Controls 8fif4F II Provision II Control U NSA has established processes to ensure that raw traffic is accessible in authorized repositories only to those who have had the proper training U Annual FAA 702 training addresses analyst responsibility for ensuring that individuals with whom they wish to discuss FAA 702 communications have the necessary credentials and training llf F SV adjudicates TRs from CIA and FBL If U NSA may provide to the CIA and FBI unminimized communications acquired approved the al encies will receive unminimized communica1ions pursuant to FAA 702 These communications will be based upon targets that each agency I For requested targets whose selectors identifies to NSA are aireadv tasked bv NSA SID personnel will r I '6 - dual routel Ito provide j lnternet commumcations to the b 3 -P L 86 3 requesung agency U Minimization procedures require NSA be able to purge communications that meet specific requirements U To account for and trace dissemination based on FAA 702 communications and to comply with purge requirements analysts must document certain information for the data sources in each report including the certification under which data was collected and a statement verifying that each piece of traffic used was confirmed as eligible for retention This is addressed in annual analyst training and NSA reporting policy U A new reporting tool first introduced in 2013 performs the source verification automatically Successful completion of this 'fOP SECR e'fh'SI 1 0FOR t ' 116 b 3 -P L 86- DOCID 4273474 TOP SECRGBPT SI INOFOR N ST -14-0002 process with no flags confirms the traffic is not subject to purge and may be used as a source for reporting U A dissemination based on communications of or concerning a USP that are eligible for retention may be made if the identity of the USP is deleted and a generic term or symbol is substituted so that the information cannot reasonably be connected with an identifiable USP Otherwise dissemination of intelligence based on communications of or concerning a USP may only be made to a recipient requiring the identity of such person for the performance of official duties and only if at least one of eight criteria is met U This requirement is consistent with NSA reporting policy for all reporting based on communications of USPs U NSA analysts seeking to use a discrete communication within an MCT for reporting must document that specified analysis has been performed U If'et loet Annual FAA 702 training includes the requirements for reporting based upon discrete communications within an MCT and the documentation required SV reviews this documentation for certain MCTs See Oversight SID Oversight and Compliance U All proposed disseminations of information constituting USP attorney -client privileged communications must be reviewed by the NSA OGC before dissemination U Monitoring of attorney-client communications between a person known to be under criminal indictment in the United States and an attorney representing that individual in the matter under indictment must cease once the relationship has been identified Acquired communications must be logged and the National Security Division of the DoJ notified so that appropriate procedures may be established to protect such communications from review or use in criminal prosecutions while preserving foreign intelligence information contained therein U Annual FAA 702 training addresses procedures analysts must perform to disseminate this data OGC notifies DoJ NSD of such communications and advises mission personnel on dissemination U Minimization procedures require that domestic communications be promptly destroyed upon recognition unless DIRNSA approves the communication for a destruction waiver Domestic communications for which a destruction waiver is approved may be disseminated If a waiver has been obtained NSA may share domestic communications believed to contain evidence of a crime with appropriate federal law enforcement authorities in accordance with applicable laws and regulations Without a destruction waiver NSA is authorized to notify the FBI if information in a domestic communication indicates that a target has entered the United States and may provide information to both the CIA and FBI for collection avoidance purposes U Annual FAA 702 training addresses this requirement TOP SECRETHSI INOFORN 117 DOCID 4273474 TOP S'gCRETh'SI NOFOR N ST-14-0002 Sf1' Et 'f8 I IS a AI'El1' NSA is permitted to disseminate evaluated minimized information to foreign partners 0 I EL TO us FVEY NSA policy requires that dissemination of EMT acquired pursuant to FAA 702 other than as serialized product must be approved by the SIGINT Director and a record of the dissemination provided to SV U NSA may disseminate raw data to a foreign government for technical or linguistic assistance U Annual FAA 702 training addresses the requirement that such dissemination must be approved by SV and OGC who will manage the restrictions on this dissemination keep the required records and report to DoJ and ODNI If NSA seeks to use information Sfff fi Procedures addressing the requirements acquired pursuant to FAA 702 when there is for use of data acquired when post-tasking uncertainty about the location of the target of checks are not functioning as intended J lpost tasking were communicated to mission personnel and are the acquisition becausei checks described in NS 's FAA 702 ' documented on the FAA 702 web page targeting procedures were not functfo_ning properly NSA will follow internal procedures for determining whether such informatio l may' be used ---- U Purge Sfltlf b 1 b 3 -P L 86-36 U Background ShREL rO USA FYEY The Post-Targeting section documents the requirements for destruction of communications and the processes that may identify a change in the target's location or USP status These processes include analyst review of comm_1 1_gi ations -l Iand receipt of information from other - - -- - ag endes If the circumstances result in unauthorized collection the non-compliant b 1 data will be identified and purged 89 The period of the unauthorized collection is b 3 -P L 86-36 included in an incident report documented by SV and is used by the purge b 3 -50 usc 3024 i adjudicator who initiates the purge process U FOUO Compliance controls-purge of FAA 702 communications 90 Manual and automated controls support the purge process SID's Mission SupportSystems and Data Compliance Group within the Directorate for Analysis and Production developed a purge information web page to guide analysts This page includes instructio us to purge communications collected under FAA 702 authority The directions call for analysts to contact SV ifthey believe that purge ofFAA 702 data is required because nearly all cases requiring purges also require incident reports S SIHREL TO USA PVGBPY0 The purge web page describes two types of purges 1 incident or parametric purges which are necessary when the reason for the purge affects all collection for a target or selector over a period of time SID's Mission Support-Systems and Data Compliance Group performs these and 2 purge upon 89 U Purge refers to the deletion of communications from systems that were acquired as a result of unauthorized collection or otherwise are not authorized tor retention pursuant to the minimization procedures 9 From the time of collection L------------------- The Jg llowing description focuses on tb e TOP SBCRETh'SI N R - -- -- 118 ' ' ' ' L - - - - - 1 b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i DOCID 4273474 TOP SECRBTHSI 1 - 0 FOR N ST -14-0002 recognition or analyst -driven purges A parametric purge is applied for example to remove communications collected after a target is determined to be in the United States Purge upon recognition for FAA 702 is for example required when I NSA identifies a discrete domestic communication within an MCT requiring the entire MCT to be purged or 2 a legally acquired foreign communication between a foreign target and a USP or a communication in which the subject is a USP found to have no foreign intelligence value U f OUO NSA bas implemented a mission compliance standard for purges which states that consistent with NSA's FAA 702 minimization procedures and absent a destruction waiver some or all communications data acquired under the authority must be purged if any ofthe following crite1ia are satisfied o U The targeted person is confirmed or believed to be a USP regardless of location purge all communications o U The targeted person was confirmed or believed to be in the United States at the time of collection roamer purge collection acquired during period of U S travel o U A person was incorrectly targeted purge all collection o U The tasked selector is known or suspected to be used by a USP purge all communications from known date of use by the USP 91 o U The tasked selector was known or suspected to be accessed from withjn the United States purge communications from date of access o U The tasked selector was tasked before being approved for tasking remained tasked for any reason after collection was no longer authorized or was tasked under the wrong authority purge all collection o U An incorrect selector was tasked purge all collection o U The communication is one in which the sender and all intended recipients were in the United States at the time of acquisition of the communication purge affected communications or o UNfOUO The communication otherwise qualifies as a domestic communication as defined in the FAA 702 minimization procedures and DIRNSA or the Acting DIRNSA has not executed a destruction waiver to authorize continued retention ofthe communicati on purge affected communications U FOUO Purge processes Purging involves four processes nominate data to purge adjudicate purge nominations execute purge actions and verify purge atons Other systems are certified to bold certain data copied or derived f q m data b 3 -P L 86-36 91 I Sh'NRl - - - __-----------------------------' TOP SECRBTHSI NOFORN 119 I 6H1 b 3 -P L 86-36 DOCID 4273474 'f'Ofl SECH'f' 81 NOPOltN ST-14-0002 objects These systems have their own purge processes The following description focuses on the I 1 ' '6' '3 -P L 86-36 U fOUO Nomination fo r purge Nomination involves identification of the selectors and time period for which communications must be destroyed For FAA 702 most are identified in incident reports and SV determines whether purge is required and documents the date range for purge in the incident report Purges of specific data objects are also initiated by analysts recognizing content that meets minimization criteria but which is not an indicator of a compliance incident This process is known as purge upon recognition For this type of purge the identifiers of the affected communications are placed on the MPL in discover state before a modified version ofthe process described below is followed U If OUOJ Adjudicating purge nominations Purge adjudication is the process whereby the purge adjudication authority SID's Mission Support-Systems and Data Compliance Group determines the validity and accuracy of a nominated purge request locates the data required for destruction and places the data obj ects on the master purge list MPL The goal of adjudication is to ensure compliance with purge criteria without over-purging communications at the expense of mission The adjudicator o U fOUO Evaluates the nomination against the purge criteria unless a determination was made during incident processing o U fOUO Using logical parameters provided in the nomination determines and issues search criteria for discovery of potentially affected communications in tbel l-9 o 92 I o U fOUO Enters identifiers of affected data objects in the MPL in discover state to prevent use as a source for new SIGINT reporting or other controlled uses and to initiate checks to determine if the objects were used in prior SIGINT reporting o U ffOU j Manages the impact of pending or approved destruction waivers that may exclude specific objects from purge o U If OOO For data objects requiring purge changes MPL state of their I-to identifiers to purge and issues purge execute orders to thel delete those objects and o U FOUO Records the decision to purge release or quarantine the data objects in the corporate purge tracking system bvbich retaib'S ' b 3 -P L 86-36 - U FOUO The di - Qye ry proeess iq erfol n d-by a limited number of individuals with special access tor each 'fOP SECRE'fHSI rOFOR r 120 DOCID 4273474 TOP SECRETHSI fNOFORN ST -14-0002 submitted data identifiers with historical records of actions taken and crossreferences to original compliance incidents and or purge nominations that caused them to enter the purge process Uf q OUO For purges stemming fi om system or technical errors collection and or technical subject matter experts are typically relied upon to conduct or assist with purge discovery Some aspects of the adjudication process may be modified based on the details ofthe specific incident UifFOU0 1 Executing purge actions The purge executor receives purge decisions from the adjudication authority issues execute orders tol hstem Q W iiers b'Jr3 -P L 86-36 containing the unique identifiers ofthe data to be purged cogflrms rec eipt oftlie orders changes the MPL state for those identifi rs to ' 'ptirge and reniins records of the purge action for five years I l syste owners r e--resp- nsible for processing the orders rendering the specified dat t unrecoverable and confirming completion of purge execute orders U fFOUOj Verifying purgc t actions Procedures are performed to provide additional assurance thaf'system owners have purged required SIGINT data from NSAr-----1 SV obtains random samples of data from the master purge list and deter runes--whether the data objects have been removed from the systems selected for rev1ew U JPY0 UO Automation to support purge processing Much ofthe purge process is performed manually NSA is developing a system to automate more of the purge process in phases between I I U fOUO Reports affected by purge actions SIGINT reporting procedures require MPL checks to prevent publication of new reports with sources that were subj ect to purge Additional measures are taken to detect and adjudicate alreadydisseminated SIGINT products affected by a compliance incident or specific data identified during purge discovery Incident reports include information SV obtained from the mission team on reports issued related to the target or collection referenced in the incident Another source of information is a daily query run by NSA's management information systems for SIGINT production against the MPL to identify reports sourced from communications listed on the MPL whether because of an incident or purge-upon-recognition U If'OUOJ When SIGINT products with potentially tainted sources are identified the Reports under Review RUR team coordinates with the mission team that issued the report the purge adjudication authority SV and OGC as necessary to determine and complete appropriate actions This may include requesting a destruction waiver to permit retention ofthe traffic and allow the report to stand removing the MPLlisted traffic completely from the report and revising and reissuing the report or recalling the report The RU R team maintains a list of affected reports and their status that is updated when the report analysis is complete The purge adjudication TOP SECRE'f SI 1 0FORN 121 b 3 -P L 86- DOCID 4273474 TOP SECRET SI INOFOR N ST-14-0002 authority makes necessary changes to the status of the communication identifiers on the MPL depending on the action taken U f'OUO Table 36 summatizes the purge provisions ofthe FAA 702 targeting and minimization procedures and the controls NSA has implemented to maintain compliance U Table 36 Purge Provisions and Controls 91 'f4F Ill Provision U - Control - ll l U Telephony communications and Internet communications acquired with the assistance of the FBI from Internet service providers that are not approved for retention under the standards set forth in the minimization procedures and that are known to contain communications of or concerning USPs will be destroyed upon recognition Annual FAA 702 training addresses post-targeting review of target communications and situations requiring destruction of communications which most often require notification to SV and an incident report U Internet transactions acquired through NSA's upstream collection techniques that do not contain information that meets the retention standards set forth in the minimization procedures and that are known to contain communications of or concerning USPs will be destroyed upon recognition U Annual FAA 702 training addresses post-targeting review of target communications and situations requiring destruction of communications which most often require notification to SV and an incident report U Internet transactions that are identified and segregated pursuant to the requirements for processing MCTs and are subsequently determined to contain a discrete communication in which the sender and all intended recipients are reasonably believed to be in the United States will be handled as domestic communications U Annual FAA 702 training addresses post-targeting review of target communications and situations requiring destruction of communications which most often require notification to SV and an incident report U ffit l6t A communication identified as a domestic communication and if applicable the Internet transaction in which it is contained will be promptly destroyed upon recognition unless DIRNSA or the Acting DIRNSA approves a destruction waiver after determining the communication meets one or more of four specific conditions U Annual FAA 702 training addresses post-targeting review of target communications and situations requiring destruction of communications which most often require notification to SV and an incident report UI Fetle- Any communications acquired through the targeting of a person who at the time of targeting was reasonably believed to be outside the United States but is in fact inside the United States at the time such communications were acquired and any communications acquired by targeting a person who at the time of targeting was believed to be a non-USP but was in fact a USP at the time such communications were acquired will be treated as domestic communications under these procedures TOP U Annual FAA 702 training addresses post-targeting review of target communications and situations requiring destruction of communications which most often require notification to SV and an incident report SHREL TO USA F'II'EY In addition to ana review of communications investigation ofL__J c J lotices from others involved in pr_ ocessmg FAA 7Q2 information and receipt ofinformation from oth r agencies may identify an incident If the circumstan c es of the collection req uire an incident report anaiYs ts and SV work tqgether to determine the extent of the communicatici ns affected This is used to document the purg e parameters in an SECR e'fh'SI NOFOlt 122 b 1 b 3 -P L 86-36 DOCID 4273474 TOP SECRETI SI INOFORN ST -14-0002 incident report which becomes the source for the purge adjudication process U i Communications identified for purge are subject to adjudication to determine whether the nominated data objects are consistent with the purge criteria communications affected by the incident have been properly identified destruction waivers pending or approved may affect the 1 I I I I The adjudicator adds the relevant data - to th Master Purge List MPL to prevent its use in targefing and re porting and issues pu rge execute orders to appropriate syster n s U Owners of the FAA 702J execute the purge orders remove data matchmg the included identifiers and acknowledge completion of each order U Fett01 NSA's management information system for SIGINT reporting queries the MPL daily to identify data objects added to the list that may be associated with issued reports The Reports under Review team uses this information and incident report data concerning reporting associated with the affected communications to follow up with mission personnel for recall or reissuance of the reports U SV randomly samples records from the MPL comparing them to the FAA 702 repositories to assure completeness of purge 'b 3 P C g$ jG tum I e f JF For information acquired pursuant to SHPJF SID guidance NSA Procedures for the Use of FAA 702 704 or 705 b Collection last revised FAA 702 during a period whenl post-tasking checks were not functioning 15 November 2013 was updated to provide properly resulting in uncertainty about the manual procedures for evaluating data when location of the target of the acquisition if NS NSA's post-task n gl checks are not determines that the target is reasonably properly f unctloning believed to have been inside the United State - at the time the information was acquired such information will not be used and will be 1 promptly destroyed 3 -P L 86-36 I S Jf4F U Retention of Data U Provisions of FAA 702 certifications U JPY0UO The retention criteria in the minimization procedures apply only to communications not subject to purge based upon other minimization requirements see the Post-Targeting section U FOUO NSA minimization procedures state that telephony b 3 -P L 86communications will be retained no longer than five years from the expiration date of the certification authorizing collection unless NSA analysts have determined that the communications meet the retention standards set forth in the minimization procedures for example communications necessary to understand foreign intelligence information Communications for which SIDDIR has approved longer retention and for which a purge was not otherwise required may also be retained 'fOP S ECRE'fh'SI i'IOFOR ' 123 DOCID 4273474 'fOP S CRE'ff 91 N OFOR N ST-14-0002 Communications for which DIRNSA has waived destruction may also be retained in accordance with the terms of the destruction waiver U In general NSA may not retain Internet transactions obtained through upstream collection techniques longer than two years from the expiration date ofthe certification authorizing collection However NSA may be able to retain certain Internet transactions longer if at least one discrete communication within the upstream Internet transaction would otherwise meet the retention standards and each discrete communication within the transaction is to from or about a tasked selector or not to from or about a tasked selector and is also not to or from a USP or person reasonably believed to be in the United States The minimization procedures also required destruction of all upstream Internet transactions acquired before November 2011 U Retention control procedures U Fot JO System certification The NSA system certification process implemented in 2010 see the Repositories section includes the Agency's requirements for compliance with the FAA 702 retention limits established in the minimization procedures To be certified FAA 702 systems must 1 limit retention of unminimized data records to the authorization and retention periods of the certification under which they were collected 2 retain data with an approved age-off waiver beyond the normal age-off pe1iod SID Director waiver and 3 provide a means to identify data records to be retained beyond the maximum retention period specified by the collection authority under which it was obtained 93 UJ qLOU01 Data tagging Data tags are now associated with most collection before it is made available to data stores accessible to analysts The tags include the certification under which the communications were obtained further supporting NSA's ability to identify records that meet the criteria for removal from system repositoties based upon age-off requirements associated with each certification In 2014 new data tags were implemented to distinguish among the retention periods for upstream Internet transactions two years downstream collection five years and telephony data five years U fFOUOJ implementation and monitring rage-off Pro a ' tmplemented to age-off data 10 FAA 70 Though lhe o nmmtzatwn procedures require data be aged -off within two or five years of expiration of the certification depending upon the source of collection the processes NSA uses for determining age-off result in earlier removal of data see Table 37 94 h 3 -P L 86-36 U NSA 's FAA 702 minimization procedures provide no maximum retention period tor foreign commtmications detennined to contain foreign intelligence information The age-off requirements apply to communications for which such a determination has not been made 94 U ffffl ffi The FAA 702 certifications are renewed annually Expiration oftl1e certification in effect for any collection would occur somewhere between 1 and 365 days of that collection NSA applies age-off criteria to time of collection or recording date not the expiration ofthe certification 93 'fOP SECRETHSI NOFORN 124 DOCID 4273474 TOP SECRE'f'f SI N Ofi'OftN ST -14-0002 b -3 - L 86-36 U Table 37 System Age-Off Procedures - tfS1191h't4F rr II II If II I -torData Age Off TeleDhon and ' I IJO striim Internet Collection Procedure 1 Monitoring for Com llance with Age Off Cnteria for Data Age-Off l1 1l b 3 - P L 89-36 b 3 -so usc 3024 i U fFQ YO Enterprise data header EDH is a small set of metadata tags applied to a piece of mission data so that it can be identified protected tracked and handled throughout its life cycle ill only accept data with an EDH t U fFetro Systems scheduled to be decommissioned _ b 3 -P L 86-36 i U Ifflt10' DTOI date and time of intercept - - T1 I '' H 111' oo - I b 1 TS SI It4F b 3 -P L 86-36 U JPY0U01 Table 38 summarizes the retention provisions oftbe FAA 702 targeting and minimization procedures and the controls NSA implemented to maintain compliance TOP SECR e'f SI NtlftlltN 125 DOCID 4273474 TOP SECRETHSI INOFORN ST-14-0002 U Table 38 Retention Provisions and Controls U IFOt16 II Provision U Telephony communications and Internet communications acquired by or with the assistance of the FBI from Internet SeN ice Providers may not be retained longer than five years from the expiration date of the certification authorizing the collection unless NSA determines that each communication meets the retention -st_a_n_da_r_d_s_in_th_e_se___ _p_ro_c_e_d_ur_e_s_ -------- U Internet transactions acquired through NSA's upstream collection may not be retained longer than two years from the expiration date of the certification authorizing the collection unless NSA determines that each communication meets the retention standards in these procedures Additional requirement regarding MCTs are addressed in the Purge section U Internet transactions that are identified and segregated pursuant to the procedures for MCTs will be retained in an access-controlled repository U Any information contained in a segregated Internet transaction may not be moved or copied from the segregated repository or otherwise used for foreign intelligence purposes unless it has been determined that the transaction does not contain any discrete communication as to which the sender and all intended recipients are reasonably believed to be located in the United 1---S_ta_te_s_ _ _ _ _ _ _ _ _ _ _ _ _ _ _----1 U Any Internet transactions acquired through NSA's upstream collection techniques prior to 31 October 2011 will be destroyed upon recognition II Control U System certification required of all FAA 702 systems includes retention standards consistent with minimization procedures U Data tags are now associated with most collection before it is made available to data stores accessible to analysts Data tags support identification of records for age-off Ut l lutilizes -a software tool to search for data beyonq thEf required age-off procedure A irnilar tool is being developed fori - ' h 3 -P L 86-36 U NSA has implemented a segregation process and sequestered MCT data is maintained in a collection store where it is not available for analytic use None of the data subject to sequestration has been transferred to repositories accessible to analysts U NSA has deleted all identified upstream Internet collection acquired before November 2011 If additional data is identified that was subject to this purge requirement NSA deletes it upon recognition U These controls are documented in the Collection section U U Oversight U Provisions of FAA 702 certifications- internal and external oversight UI FOUO The FAA 702 targeting and minimization procedures provide that NSA will conduct the following oversight o U Implement a compliance program with ongoing oversight of its exercise of FAA 702 authority including the associated targeting and minimization procedures o U Develop and deliver training regarding procedures to ensure that intelligence personnel responsible for approving targeting of persons under these procedures as wel1 as analysts with access to the acquired foreign intelligence infotmation understand their responsibilities and the procedures that apply to this acquisition 'fOP iECR-E'fh'S ff i'IO F OR ' 126 DOCID 4273474 fOI' SECttET Sf NOfi'OftN ST -14-0002 o U Establish processes for ensuring that raw traffic is labeled and stored only in authorized repositories and is accessible onJy to those who have had the proper training o U fOUO Conduct ongoing oversight activities and make necessary reports to the NSA OIG and OGC including reports of non- compliance o U Ensure that corrective actions are taken to address identified deficiencies o U Conduct periodic spot checks of targeting decisions and intelligence disseminations to ensure compliance with established procedures and conduct periodic checks of queries in data repositories o Sf Uf Report incidents of non- compliance with the targeting and minimization procedures within five business days of discovery to the Dol NSD and ODNI's oversight team 95 U DoJ NSD and ODNI oversight requirements include o U Oversee NSA's exercise ofthe FAA 702 authority including bi-monthly reviews to evaluate the implementation ofthe procedures o U Oversee NSA's activities with respect to use ofUSP identifiers to query communications collected under FAA 702 U NSA oversight U A 'OUO NSA operates a comprehensive oversight framework to maintain compliance with the FAA 702 targeting and minimization procedures The NSA organizations that perform oversight are described below U FOUO FAA 702 Authority Lead is responsible for the implementation and operation ofthe FAA 702 authority for NSA The FAA 702 Authotity Lead serves on NSA's corporate Authorities Integration Group and works with other NSA mission Authority Leads and corporate legal policy compliance and technology personnel to coordinate implementation ofNSA mission authorities The FAA 702 Authority Lead addresses the tactical and strategic elements ofthe program interacts regularly with NSA's OGC ODOC TO LAO and SID routinely interacts with DoJ NSD ODNI FBI and CIA provides direction regarding daily operational and technical questions and coordinates input to reports to Congress and the FISA Court U fFOUO Authorities Integration Group AIG is administratively assigned to ODOC and reports to the NSA Deputy Director The AIG works directly with SID and Information Assurance Directorate authority leads including the FAA 702 Authority Lead and holds weekly meetings with the authority leads and corporate process leads e g TD ODOC OGC to bring legal policy compliance technology and mission areas together to provide recommendations on the implementation ofthe 95 U ODNI's oversight team is comprised of ODNI's Office ofGeneral Counsel ODNl's Civil Liberties and Privacy Offi ce and ODNl 's Office ofU1e Deputy Director ofNational Intelligence for Intelligence Integration Mission Integration Division TOP SECRETh'81 NOFORl'l 127 DOCID 4273474 TOP SECRBT 81 INOFORN ST-14-0002 authorities The AIG focuses on the activities of each authority internal and external to ensure that they are coordinated and integrated across NSA The AIG acts as a forcing function within NSA facilitating discussion among the Directorates to promote better understanding ofhow decisions affect the various authorities The AIG updates the NSA Deputy Director quarterly on each authority Uh'fOUO' Office of tbe Director of Compliance ODOC is responsible for developing and directing the execution of compliance strategies and activities focused on protecting USP privacy during the conduct of authorized NSA missions ODOC has the authority to develop implement and mollitor a Comprehensive Mission Compliance Program for the Agency which addresses 1 integration of compliance strategies and activities across NSA mission technology and policy organizations 2 a training and education program for compliance and 3 maintenance of and reporting on the status of mission compliance The CMCP' s focus is on mission compliance particularly in Signals Intelligence and Information Assurance operations including the technology base on which they function The key objective ofthe CMCP is to provide reasonable assurance that the legal authotities and policies affecting USP privacy are reliably and verifiably followed by NSA The CMCP includes activities and funding to support compliance with FAA 702 such as compliance target validation and query tools U fOUG ODOC's monitoring activities provide continuous assessment to determine whether internal controls are operating as intended Its assessments help management evaluate the effectiveness ofthe compliance program and its components For example ODOC reviews compliance activities associated with queries in NSA repositories including those related to FAA 702 I o U FOUO ODOC analyzes hueries w 6 3 -P L 86-36 fo rwarded to the query audit database that could tndtcate a problem in communicating with the repositories queried o U FOUO It vetifies that all queties requiring post-query review are assigned to reviewers o U FOUO It monitors the number of queries selected for review and the timeliness of review and o U FOU j It tracks the super audits performed by SV see the Oversight section U fFOOO In addition ODOC performs Compliance Vulnerability Discovery CVD reviews that focus on high- risk areas within the CMCP to discover compliance weaknesses In 2013 ODOC completed two CVDs focused on mission compliance with SIGINT authorities Table 39 summarizes these CVDs TOP SECRET 181 NOFORN 128 DOCID 4273474 Tt P SECitE'f'h'Sf NOF ORN ST -14-0002 U Table 39 Compliance Vulnerability Discovery Reviews Uitfet10j I II Date U SIGINT II II 'AuthcfrftYll I ' If 05 03 13 FISA FAA 702 07 17 13 All CVD Review Multiple Communications Transactions Data Taaaing I Scope of the Review I Reviewed data from NSA systems for proper taaaina to support designation of these systems I o as I b 3 -P L 86-36 Reviewed implementation of controls to segregate unauthorized data from NSA's FAA 702 Upstream Multiple Communications Transactions U U FOUO' ODOC has also implemented processes to ensure that NSA representations to external overseers are accurate and NSA personnel have a consistent understanding ofprogram activities VoA and verification of implementation reviews are performed on written NSA representations that describe the Agency's acquisition processing retention analysis and dissemination and form the basis for legal opinions FISC Orders and Executive Branch decisions In 2013 ODOC conducted VoAs with FAA 702 stakeholders for the affidavits and targeting and minimization procedures supporting renewals of FAA 702 certifications One verification of implementation was conducted in June 2013 with NSA external partners DoJ NSD and ODNI on procedures for implementing the FAA 702 targeting procedures U ffOUO SV implements the SIGINT compliance program across NSA SV establishes SIGINT compliance standards and provides guidance across the global SIGINT enterprise manages incidents of non- compliance monitors compliance in high risk areas resolves problems and verifies compliance through audits and by managing the SIGINT Intelligence Oversight Officer program SV manages resources to ensure that NSA corporate systems and capabilities align with CMCP solutions C REL TO USA FYE l To maintain NSA's compliance with the FAA 702 targeting and minimization procedures SV o Si t W I I I 1 8 I 86 S -- - OUC b 3 -50 l sc 3024 1f Adjudicates TRs for selectors nominated by the CIA and FBI t thzu Ig the same process used for NSA TRs o L ReL TO USA FVEY Performs post-taskliig analy is for FAA 702 sel ectors suspected of being accessed within the United Sfatesl _______ TOP SBCRETHSI OFORN 129 DOCID 4273474 TOP SECRE'ff Sf NOf OftN ST-14-0002 o U AAOUO Investigates all incidents ofnon-compliance with FAA 702 targeting and minimization procedures coordinating with TV when a potential incident involves a system SV works with the mission team to document FAA 702 incidents promptly reports them to OGC OIG and ODOC and maintains a permanent record o UJ q QUO Works with mission personne 1and OGC to process destruction waivers as needed o UI f0 U0 1 Conducts super audits of que1ies of raw SIGINT databases that provide records of queries to the corporate logging and auditing system to analyze the quality of query reviews by auditors o U ffOUQj Completes Purge Verification Activities quarterly fo and certain other stores that hold FAA 702 data to assess NSA's effectiveness in purging non-compliant SIGINT o U tfOUO Oversees use ofMCTs as a source for reporting and verifies completion of required documentation 96 o U flVOUO Serves as the FAA 702 tasking liaison for the NSA enterprise IC customers FBI and CIA and overseers from DoJ NSD and ODNI l b 3 -P L 86 -36 o U FOUO Provides documentation for review by DoJ NSD and ODNI SV reviews lfor each selector tasked and reviews records of information shared with NSA SIGINT partners for compliance with b 3 -P L 86-36 dissemination requirements Records of database queries using USP query terms and records ofUSP reporting are also provided to overseers SV coordinates responses by NSA organizations to questions from DoJ NSD and ODNI during their review of information SV made available ' o U fi' OU6 Pre-approves USP content queries in conjunction with OGC o U AAOUO Participates in the verification of accuracy process for renewals of certifications and targeting and minimization procedures o U AAOUO Partners with the Associate Directorate for Education and Training to develop and implement oversight and compliance training for tbe SIGINT workforce SV co-develops and reviews all updates ofthe FAA 702 course U AAOU0 7 SID Analysis and Produ ction Mission and C om plia nce Office This office supports all areas ofNSA's SIGINT operations by overseeing 96 -fflhNFTTiuee types ofMCTs are made available to analysts Two types oftransactions made available to analysts after the MCT sequestration process are those that contain only discrete communications no MCTs and those where the active user of the selector is a targeted individual SV performs oversight of the third type where the active user of the selector is a non-targeted individual outside the U S an example of abouts collection SV examines these MCTs for compliance with NSA reporting guidance ISS-185-1 1 which states that analysts are only authorized to use those discrete portions ofMCTs containing the targeted selector TOP SECRET 81 NOFORN 130 DOCID 4273474 TOP SECRETHSf NOfOftN ST -14-0002 o U FOUO FAA 702 adjudication and training interfacing with analysts on bow to use the authority approving new adjudicators who meet training and mission requirements and reviewing adjudicated TRs for compliance o Sh'N Pr Dual-route adjudication approving provision of the results of targeting to the CIA or FBI for selectors already on NSA collection o b f '''' ' ''' b 3 -P L 86-36 SH REL TO USA FVEY FISA and production metrics providing feedback to management on use oftbe authority and analyst adjudicator performance o 8 f REL TO USA FVEY The application ofthe authority e g in struction s for maintaining compliance wbenJL - ---- - - ------ ---- -- a were not operating targeting and adjudication checklists and general guidance on the analytic use ofthe authority U FOl JeJ TD Office of Compliance TV is responsible for identifying assessing tracking and mitigating compliance tisks including USP privacy concerns in NSA mission systems across the extended enterptise including systems that hold FAA 702 data TV manages the system compliance certification process continuous compliance monitoring and technical compliance incident reporting and also trains technical personnel TV performs VoAs for areas assigned to it in NSA representations U lGBP 0001 1 - '' b 3 -P L 86-36 ITV began certifying FISA systems including the FAA 702 systems to ensure compliance with the law and policies protecting USP privacy see the Repositories section U The Office of tbe General Counsel provides legal advice to NSA and is the liaison to DoJ NSD for NSA' s FAA 702 program One of its main oversight responsibilities includes independently assessing potential incidents of noncompliance U OGC receives reports of potential incidents of non-compliance from SV OGC compiles FAA 702 incidents daily provides them to DoJ NSD and ODNI and makes an initial determination whether incidents represent non-compliance with the FAA 702 certifications and targeting and minimization procedures OGC notifies DoJ NSD and the ODNI's oversight team of potential incidents of non-compliance with the targeting procedures within five business days of discovery as FAA 702 targeting procedures require OGC reviews all proposed disseminations of information constituting USP attorney-client privileged communications before dissemination as NSA's FAA 702 minimization procedures require For all violations ofNSA's FAA 702 targeting and minimization procedures OGC coordinates input from NSA organizations and edits the content for factual and legal accuracy DoJ NSD prepares Rule 13 notices in coordination with ODNJ TOP SECIU T 181 rOFORN 131 DOCID 4273474 TOP SECR-ETHSI NOf OltN ST-14-0002 U OGC performs additional oversight responsibilities including o U IfOUOJ Reviews requests to perform content queries using USP selection terms Only OGC approved selection terms can be used to perform content queries ofUSP information - 8-h offf l mr ----- 1 b 3 P L ss 36 -- ------ -- -- --' bK3 0U C-3 24 i __ o U FOUO Participates in the VoA process o UI fOUO Reviews and makes updates to the FAA 702 course as necessary U Office of tbe Inspector General OIG conducts audits special studies inspections investigations and other reviews ofthe programs and operations ofNSA and its affiliates OIG oversight includes 97 o U Performing audits and special studies ofthe FAA 702 program o U Receiving notification of incident reports for all NSA authorities including FAA 702 saved in the Agency's corporate incident reporting database o Uh'FOUO Reviewing Congressional notifications and notices filed with the FISC ofincidents ofnon-compliance with FAA 702 targeting and minimization procedures o U Preparing Intelligence Oversight Quarterly Reports in coordination with the DIRNSA and OGC that summarize compliance incidents for all authotities occmTing during quarterly review periods and forwarding the reports to the President's Intelligence Oversight Board through the ATSD IO 97 o U Performing intelligence oversight reviews during OIG inspections ofjoint and field sites o U Maintaining the OIG Hotline responding to complaints including allegations ofSIGINT misuse by NSA affiliates operating under DIRNSA's authority o U Reporting immediately to the ATSD IO a development or circumstance involving an intelligence activity or intelligence personnel that could impugn the reputation or integrity of the rc or otherwise call into question the propriety of an intelligence activity U In 2014 the ATSD IO was changed to the Office of the Senior DoD Intelligence Oversight Official TOP I CRI T 1 0FORN 132 DOCID 4273474 'fOP SECitE'f 1 FOlt ST -14-0002 U FOUOJ The OIG reviews management controls maintains awareness of compliance incidents and stays informed of changes affecting NSA authorities including FAA 702 OIG reviews of the FAA 702 program allow it to independently assess compliance with minimization procedures Since the Agency obtained FAA 702 authority in January 2008 the OIG has completed annual reviews of reports containing references to USP identities and targets later determined to be in the United States as the statute requires The OIG bas also completed two special studies of the program Table 40 U Table 40 OIG Reviews of the FAA 702 program Sfii P Date II lf lssuiC I 3 29 13 10 29113 I OIG Review - JL U Assessment of Management Controls Over FAA 702 ST-11-0009 Scope of the Review ' U Reviewed management controls for maintaining compliance with targeting and minimization procedures I o - o I U External oversight e HJF b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i U 7JPY 0 UO DoJ NSD and ODNI closely coordinate to perform oversight to ensure that NSA's FAA 702 program is compliant with the statute and FISC rulings DoJ NSD is the primary liaison between NSA and the FISC for all matters pertaining to the FAA 702 program DoJ NSD and ODNI oversight includes o U fOUO Reviewing and approving annual certification renewals and updates ofthe associated targeting and minimization procedures and filing them for FISC approval o U Providing guidance to the NSA OGC on legal opinions relating to the interpretation scope and implementation ofthe FAA 702 authority o U f OUO Reviewing briefings on NSA proposals to substantially modify systems or processes supporting FAA 702 This allows NSD to determine that the modifications are lawful and that the Attorney General AG and the FISC are aware of the scope and nature oftbe changes o U Evaluating and investigating potential incidents ofnon-compliance with the statute or procedures and reporting any matter determined to be a compliance incident to the FISC o U Reviewing NSA briefings and training transctipts to ensure that they accurately describe the requirements ofthe FAA 702 Orders o -fS 'iqf j Performing bi-monthly reviews ofNSA authorities unde _ thel _ __ FAA 702 certifications The reviews include NSA's targeting aecisions TOP SBCRBTHSI rOFORl'l 133 b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i DOCID 4273474 TOP CRETHSI INOFOftN ST-14-0002 including source documentation supporting these determinations to assess compliance with NSA targeting procedures and AG Acquisition Guidelines The reviews also examine database queries using USP query terms aud disseminations of serialized reporting and EMT o U Prepa1ing the pe1iodic reports the statute requires W DoJ submits the Semiannual Reporls of the AG Concerning Acquisitions under Section 702 of the FJSA to Cougress and the FISC I ____ --- ___ b ' 1T - io n t t n t acg i1n toreign certifications by NSA and FBI While the CIA does not acquire the c d d d ill1011natwn It may receive unmtrum1ze ata that NSA and FBI acquue The AG's semiannual reports focus on analysis of incidents ofnoncompliance with targeting and minimization procedures by NSA and FBI and j ncidents of non-compliance with minjmization procedures by CIA b 3 -P L 86-36 b l SO USC l Q24 i - 2 S f Jointly the AG and the DNJ submit the Semiannual Assessments of Compliance wilh frocedures and Guidelines Issued Pursuant to Section 702 of the FISA to Congre s and the FISC These repmts summarize the oversight performed on implemep tatiou of the FAA 702 authority trends in targeting and minimization e g cha pges in tbe number of selectors w1der collection and statistics on use oftheQ ertifications and compliance incidents with the FAA 702 authority for NSA FBI and the CIA o U ODNI hosts bi-montbJy interagency meetings and a weekly phone call to discuss FAA 702 implementation and compliance matters ifl The FISC reviews and when satisfied that the legal requirements have been met approves a11 renewals of certifications and targeting and minjmization procedures for the FAA 702 authority that have been authorized by the AG and DNJ 98 In addition the FISC reviews representations NSA made regarding the operation of the program and Rule 13 notices of incidents of non- compliance fil ed by DoJ NSD on behalf of NSA If the Court finds that incidents of non- compliance result from processes inconsistent with the targeting aud m R mization procedures e g incomplete applic ig_r t of the-1 identification NSA will be requji Q Jo_ change its 'internal systems or procedures and report to the Court on tbe _ - p f'o gress made to achieve compliance Tbe Court may also determine that additional measures or changes are required to the targeting and minimization procedures e g b 1 sequestration of MCTs ifit deems that NSA processes do not adequately protect b 3 -P L 86-36 USPs 98 U fi'OUO The AG and DNI autJ10rize the collection of data pursuant to FAA 702 using targeting and minimization procedures adopted by the AG in consultation with the DNI The FISC must approve the certifications and associated procedures that the AG and DNI have authorized 'fOP SECRE'fHSI I rOFOR r 134 DOCID 4273474 TOP 8EiEURRGBPT ISI INOFORN ST -14-0002 UhJPY0UO Table 41 summarizes the oversight provisions ofthe FAA 702 targeting and minimization procedures and the controls NSA implemented to maintain compliance U Table 41 Oversight Provisions and Controls Sflf4r II Provision Control II U U NSA will implement a compliance program and will conduct ongoing oversight with respect to its exercise of the authority under FAA 702 including the associated targeting and minimization procedures NSA operates a comprehensive oversight framework to maintain compliance with the FAA 702 targeting and minimization procedures This compliance framework is collectively managed by the NSA organizations described above U NSA will develop and deliver training regarding the applicable procedures to ensure intelligence personnel responsible for approving the targeting of persons under these procedures as well as analysts with access to the acquired foreign intelligence information understand their responsibilities and the procedures that apply to this acquisition U ffetle SV partners with the Associate Directorate for Education and Training to develop and implement oversight and compliance training for the SIGINT workforce SV co-developed and reviewed all updates of the FAA 702 course OGC also reviews and updates the FAA 702 course U NSA will establish processes for ensuring that raw traffic is labeled and stored only in authorized repositories and is accessible only to those who have had the proper training U IFOUO TV certifies FISA systems periodically including the FAA 702 systems to ensure that they comply with law and policy protecting USP privacy TV's certification process evaluates system controls for maintaining compliance in a number of areas including data tagging and data access U NSA will conduct ongoing oversight activities and make any necessary reports including those relating to incidents of non-compliance to the NSA OIG and OGC in accordance with the NSA charter Ut 'FOUO SV and TV investigate incidents of non-compliance with FAA 702 targeting and minimization procedures SV works with mission teams to document FAA 702 incidents SV promptly reports potential incidents to OGC and ODOC and maintains a permanent record When a potential incident involves a system TV manages the incident investigation U The OIG receives notification of incident reports for all NSA authorities including FAA 702 The OIG also receives Congressional notifications and notices filed with the FISC of incidents of non-compliance with the FAA 702 targeting and minimization procedures U ffetle OGC receives notifications of potential incidents of non- compliance for all NSA authorities OGC compiles FAA 702 incidents daily which it provides to DoJ NSD and ODNI and assesses whether incidents represent possible non- compliance with the FAA 702 certifications and associated targeting and minimization procedures TOP SECRET 4'SI OFOR l 135 DOCID 4273474 'fOP S CRE'f'h'SI IN Ofi'Oft N ST-14-0002 U NSA will ensure that necessary corrective actions are taken to address any identified deficiencies U SV and TV investigate all incidents of non- compliance with FAA 702 targeting and minimization procedures and monitor corrective actions U OIG performs audits and special studies of the FAA 702 program tracks recommendations until completion U NSA will conduct periodic spot checks of targeting decisions and intelligence disseminations to ensure compliance with established procedures and conduct periodic spot checks of queries in data repositories U 1 SV performs oversight of targeting decisions queries and dissemination and provides documentation for review by DoJ NSD and ODNI to support their oversight of NSA's implementation of FAA 702 SV also conducts super audits of queries of raw SIGINT databases U OGC reviews all proposed disseminations of information constituting USP attorney -client privileged communications before dissemination U ffet te NSA will report incidents of noncompliance with the targeting and minimization procedures within five business days of discovery to the DoJ NSD and ODNI OGC and ODNI CLPO U 1 OGC notifies external overseers of incidents of possible non-compliance with the targeting procedures within five business days of discovery OGC coordinates input by NSA organizations for Rule 13 notices prepared by DoJ NSD in coordination with ODNI for all violations of the FAA 702 targeting and minimization procedures U DoJ NSD and ODNI perform bi-monthly reviews of NSA authorities under the_ FAA 702 certifications DoJ NSD and ODNI review NSA's targeting decisions including the source documentation supporting these 1 - - - - - - - - - - - - - - - - - - - i determinations to assess compli nce with NSA U Iffit te DoJ NSD and ODNI will oversee targeting procedures and Attorn y General's NSA's activities with respect to use of USP AG Acquisition Guidelines NSD and ODNI identifiers to query communications collected also review queries and disseminations of under FAA 702 serialized reporting and EMT DoJ NSD and ODNI will oversee NSA's exercise ofthe FAA 702 authority which will include bi-monthly reviews to evaluate the implementation of the procedures I 3 fi F U FAA 702 Incidents of Non-Compliance b 1 b 3 -P L 86-36 b J -50 usc 3024 i U fF OUO FISC Rules of Procedure requiTe NSA to report to the FISC corrections ofmaterial facts and disclosures ofnon-compliance'' with FAA 702 In addition NSA determines whether Congressional notifications are required U FISC Rules of Procedure U FOUO The FISC Rules ofProcedure govern all FISC proceedings Rule 13 Correction of Misstatement or Omission Disclosure of Non-compliance is the procedure NSA follows when notifying the Court through DoJ NSD ofincidents of non-compliance with FAA 702 U Rule 13 a Correction ofMaterial Facts Ifthe government discovers that a submission to the Court contained a misstatement or omission of material fact the 'fOP SECRE'fHSI NOFORN 136 DOCID 4273474 TOP SECRETI SI INOFORN ST -14-0002 government must immediately in writing inform the Judge to whom the submission was made of 1 U the misstatement or omission 2 U necessary corrections 3 U the facts and circumstances relevant to the misstatement or omission 4 U modifications the government has made or proposes to make in how it will implement any authority or approval granted by the Court and 5 U how the government proposes to dispose of or treat information obtained as a result of the misstatement or omission U Rule 13 b Disclosure of Non -compliance If the government discovers that an authority or approval granted by the Court has been implemented in a manner that did not comply with the Court's authotization or approval or with applicable law the government must immediately in writing inform the Judge to whom the submission was made of 1 U the non-compliance 2 U the facts and circumstances relevant to the non-compliance 3 U modifications the government has made or proposes to make in bow it will implement any authority or approval granted by the Court aud 4 U bow the government proposes to dispose of or treat information obtained as a result ofthe nou-compliance U Identifying and Reporting Incidents of Non-compliance U Identifying incidents of non-compliance U $ All potential incidents ofnon-compliance with FAA 702 certifications and targeting and minimization procedures are reported to SV or TV upou discovery by analysts and others operating under the autbotity as documented in the FAA 702 Program Control Framework section -Incident Recognition and Reporting Training provides a heightened sense of awareness for personnel to identify potential violations Incidents may also be discovered through oversight mechanisms addressed in the FAA 702 Program Control Framework section Post-Targeting and Oversight Monjtoring and oversight include manual and technical controls to detect abnormalities U Ifi'OUO After review of the incident SV or TV forwards documentation to OGC If OGC believes a violation of the targeting and minimization procedures has or may have occurred even if all the facts have not been gathered preliminary notification is sent to DoJ NSD OGC notifies DIRNSA ofinstances ofnon-compliance as appropriate Upon receiving initial notification from OGC DoJ NSD drafts in conjunction with ODNl a notification to the Court should one be required under the FISC Rules of Procedure 'fOP S ECRE'fh'Sif i'IOFOR ' 137 DOCID 4273474 'fOP SECitE'f Sf NOf OftN ST-14-0002 U FOOO Once the facts have been gathered and OGC has made an initial determination that a non-compliant FAA 702 event has occurred OGC finalizes a notification of non-compliance and forwards it to DoJ NSD and ODN1 which make the final determination as to whether there has been an incident ofnon-compliance that must be reported to the FISC If DoJ NSD and ODN1 determine that an incident of non-compliance has occurred DoJ drafts a notification which is coordinated with the IC elements involved finalizes it and files the notice with the Court U FOUO Dol NSD often follows up on preliminary notifications with one or more additional notifications In some cases the preliminary notification of an incident serves as the final notice of that incident 99 b 3 -P L 86-36 U FOUO In 20B O incidents ofnon-compliance 13 b s were filed with the FISC for matters identified in that calendar year None ofthese incidents involved inaccurate information in previously filed declarations to the Court requiring that a Rule 13 a notice of correction of material fact be filed U Congressional notifications U q OUO DIRNSA as head of an IC element has a statutory obligation to keep the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence fully and currently informed of all significant intelligence activities 100 NSA resolves doubts about notification in favor of notification In addition to notifying Congress and the Director ofNational Intelligence DIRNSA must notify the USD I and other USD I staff as directed by USD I guidance For all FAA 702 incidents ofnon-compliance reported to Congressional intelligence committees NSA also provides discretionary notifications to the Senate and House Committees on the Judiciary U F0001 NSA's LAO manages NSA's liaison with the Congress and with the DN1 DoD the IC and other U S government departments and agencies regarding matters of concern to Congress LAO is NSA ' s focal point for Congressional inquities correspondence questions for the record and RFis directed to NSA U If0007 NSA CSS Policy 1-33 provides guidelines for identifying matters that OGC and LAO must consider reporting to the Congressional intelligence committees under 50 U S C 309 J and 3092 The guidelines do not constitute a comprehensive Jist of what must be reported Compliance incidents are assessed under a general guideline to consider reporting matters that the intelligence committees have 99 U AOQU67 DoJ NSD f iles the Quarterly Report to the Foreign Intelligence Surveillance Court Concerning Compliance Matlers Under Section 702 of the Foreign Intelligence Surveillance Act which includes incidents DoJ NSD and ODNI determined to be violations of the targeting and minimization procedures 13 b s as well as all other incidents determined not to meet the reporting requirements of 13 b This quarterly report to the FISC also provides supplemental information on previously reported compliance incidents 100 U 50 U S C 309 1 as implemented by Intell igence Community Directive I J 2 Congressional Notification 16 November 2011 requires the head ofe ach element ofthe JC to inform CongTess on significant intelligence activities TOP SECRET SI NOFORH 138 DOCID 4273474 'fOP S CRE'f'h'SI IN Of'Oft N ST -14-0002 expressed a continuing interest in or which otherwise qualify as significant intelligence activities or failures U fOUO NSA works to keep Congressional inte1ligence committees fully and cuiTently informed about the Agency's activities over and above what is strictly required to be reported under the guidelines outlined in NSA CSS Policy 1-33 At a minimum however NSA must keep the Congressional intelligence committees timely informed of all major intelligence policies and activities and provide the information those Committees request U IFOOO Determining whether Congressional notification should be provided is a judgment based on the facts and circumstances and on the nature and extent of previous notifications to Cougress on the same matter Not every intelligence activity watTants Congressional notification NSA's analysis ofthe FAA 702 incidents of non-compliance filed during 2013 resulted in two incidents reported in Congressional notifications one related to a 2013 incident and the other to an incident first reported in 2012 Ireported a retention and dissemination compliance incident involving an NSA corporate database 6 1f - TSJ Sfli'NFfCongression al Notificat ion b J L 86-36 o - o - '- o o - y o o o o - ' TS SII lJPY Congressional ' Notificati n l Ipr vided esolution of a matter first reported to the Congressional intelligence committees _ ohl I 1This update reported on the actions taken to resolve the ------ ---- matter mcludmg cotTection of the affected system component purge of affected transactions verification that no disseminated reports had been based upon overcollected data and implementation of a post-acquisition review of this type of data to identify future overcollection 01 r-' U O U O ' j _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ J b 3 -P L 86-36 I TOP SECRE'fh'SI NOFOR 139 DOCID 4273474 'fOP SECitE'f Sf NOf OftN ST-14-0002 U Incidents of Non-compliance in 2013 b 3 -P L 86-36 U POUGt In 2013 DoJ reported to the CourtO incidents ofnon-compliance with FAA 702 The incidents and rates of occurrence are in Table 42 U FOUO Table 42 FAA 702 Incidents of Non-Compliance Reported in 2013 tf n ln f F Incident Type II Percentage Tasking Errors o 12% Detasking Errors 19% Non -compliance with Notification Requirement 57% Non-compliance with Documentation Requirement 5% Minimization Errors 11 6% Otheroo 1% o U Tasking errors- foreignness support was insufficient to support tasking e g foreignness was not reestablished following travel to the United States foreign intelligence purpose explanation was insufficient or a typographical error was made t U Detasking error examples include 1 delayed detasking which occurs when NSA has a foreign intelligence target reasonably believed to be outside the United States at the time of tasking and later learns that the target plans to travel to the United States but does not detask the target's selectors before the target arrives in the United States and 2 incomplete detasking of all tasked selectors when it is determined the target is no longer eligible for tasking i U Notification- NSA's targeting procedures require certain incidents be reported to NSD and ODNI within five business days even if these incidents do not involve non-compliance with the targeting procedures Specifically NSA is required to terminate acquisition and notify NSD and ODNI if NSA concludes that a person is reasonably believed to be located outside the United States and after targeting this person learns that the person is inside the United States or if NSA concludes that a person who at the time of targeting was believed to be a non-United States person was in fact a United States person U FOUO Documentation Errors-The targeting procedures require that NSA provide a citation to the source of information upon which the determination of the target's foreignness was made These errors in which the citations were not considered adequate to support the foreignness of the user of the selector tasked were identified through DoJ and ODNI review of NSA tasking 11 U Minimization errors may include errors in querying reporting and retention oo U The other incident type often pertains to instances in which systems that support compliance are not operating as intended TSI 61 INF U i OUOJ Examples ofincidents including actions NSA took to mitigate recurrence follow This information is taken from the 13 b uotices DoJ NSD filed with the FISC UI FOUO Example 1 Incident as a result of delayed detasking f liance Incident ReO ardin Section 702- Tasked _ - Si SI fF I - lNSA reported to the National Security Division NSD and t4e 0f fice of the Director of National Intelligence ODNI a delay in the detasking of o b 1 b 3 -P L 86-36 TOP SECitE'f SI OFOR t ' 140 DOCID 4273474 b 1 TOP SECRBT 81 INOP ORN o 3 R - 86-36 ST -14-0002 tbH3l-50 u sc 3024m ' 6 1y IN A determined I targbtea rr f o f the selec torS1 hid rraveted tu th u s 1 Ithat the 1 Sffl'tJf b 3 -P L 86 6 oo - an_NSA analyst deta$ l the s elector assoctated wttb the U S traveLJ 1 be analyst owever inadvert e tly dicfiiot de 'sk tne r selectors used b the target NSA discovered this and dehi'ske the same day The continued tasking of the remaining selector was not discovered until 1 lwhen the selector was immediately detasked o errorl I I U 1fi'OUO Action ta ken to mitigate recurrence The target office was reminded of the need to identify and immediately detask all facilities used by a target when the target is found to be in the United States U fF OUO NSA did not issue a Congressional notification about this incident The incident was included in the Semiannual Report ofthe Attorney General Concerning Acquisitions under Section 702 ofthe Foreign Intelligence Surveillance Act dated March 2014 U FOUO Example 2 Other incident techn ical error j b 1 ' b t ' b 3 -P L 86-36 l J 3 -P L 86-36 ' -uEUR8 lF - P reliminary Nsk lly notified the NS 6 of a incident regarding the ------ po- s f ' tas J i n - g checks NSA conqud t6help ensut e that accounts tasked for collection pursuant tti Section 702 A re not L- b e- i1J - g_u _s_e- d - rr om-1 n- - si ' de - th e U S NSA provided written notice o this incident to NS D and the 'ODNII I ' S 'NF NSA identified the followin r com liance incident as a result of its on roino S 1'clf NSA's post taskind k i ecks ar rinl nded to identif indications that users ofSection 702-tasked selectors ma bc Hriside the U S ' - 1_ _ _ _ _ ____ I _ _ o ' o TOP SECRETHSI NOii ORN _ _ b ' 141 b 3 -P L 86-36 b 3 -50 usc 3024 i ' 1 1 3 -P L 86-36 DOCID 4273474 ST-14-0002 - - 'l'fj 1 1 ' o l liiiiiiiiii -- b 3 LJJ6 '36 b 3 0 soJPY i ' ' ' ' ''' ' _ _ _ _ - 'o a 'o 'o 'o o 'o -- ' 'oo - and confirmed that there is no - -- -tSt NSA NSD and ODNI at the time continue d to investigate this incident The Department ofJustice committed to continue to inform the Court of additional information regarding thjs incident as it became available Sf JF Supplemental Final As detailed in the preliminary notice NSA determined that certain Section 702 I selectors were not beina sent from NSA s f I tQ NS f s l 1 - l y preventingl I Post -tasking 1 i i _ - - - - - - - - _- - - _li ro - m- - _-b--e r n- J c- c o ria u c te a -r--'egard inJ theseJselecL to-r sl - ' l- ll ----- b -1 b 3 L 86-36 b 3 -50 US'C- 3Q24 i o o - o 1L -s _ _w_ _J - _ _ r -IN S A m ad e a m o di fi _au- o_n_ t- o- en_s_ur_e-th_a_'-_-_-_-_-_-_-___ _ ___ 1 SA -NSA at that time continued to investigate the alert --------o-t ential f i ii 'futur com liance incident NSA has corrected thb error that - evenred 'fOP SECRE'fh'SI 1 0FORN - 142 b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i DOCID 4273474 'fOP SECKE'f Sf NOPORN - ' b 1 - -- - b 3 -P L 86-36 ST -14-0002 I _ wbjle those facil i _ w ere tas Ked f -S tion 702 acqu isiti'o With spect to the remainjng L selectors NSA bas identified o o firined period ofrldaming in the Uruted States by the intended target wruch lasteq_____Jda ys l l o accounts have been detasked 'b _S_ ' '_S_I _fh_ff_ _S_u_m_m_ar_y_o_f_a_c_ti_o_n-ta_k_e_n__ to mitigate recurrence With respect to ' r-1- - - b -P L _ 86 36 3 b 3 -SO USC 3024 i selectors discussed above NSA advises that the unique identifiers associatep with communications acquired while users were or may have been in the US wer added to NSA's Master Purge List MPL in discover status 107 1 I S t F The notice also stated that DoJ would include this issue in its quarterly report to the Court regarding Section 702 compliance occurrences and that the report would confirm that NSA bad added the communications to the MPL in purge state U ffOU07 NSA did not issue a Congressional notification about this incident The preliminary incident of non- compliance was included in the Semiannual Report of the Attorney General Concerning Acquisitions under Section 702 of the Foreign Intelligence Surveillance Act dated March 2014 U NSA Use of the FAA 702 Authority '6 1 S NSA asserts that the FAA 702 authority provides significant foreign b 3 -P L 86 36 iiitelligenee inform iQ related to the foreign intelligence categories specified in the IF AA 702 certificatio'iis -Tbe c e rtificati o ns ovet l I 6 '1' b 3 -P L 86-36 b 3 -50 usc 3024 i U Methods Used to Assess Effectiveness U FOUO NSA maintains a variety of statistics related to the FAA 702 authority that show the overall contributions to NSA SIGINT reporting how customers value and use reports and the unique access to fo reign intelligence information FAA 702 provides Data presented in this report is for calendar year 2013 unless otherwise noted and statistics are limited to NSA reporting U FAA 702 contributions to SIGINT reporting 'f Sf Sfh'R EL TO USA FVEY7 As Figures 9 and I0 show information obtained b Jr -- l E FAA 702 is a key and growing source of reportable foreign intelligence to b 3 -P L 86 6 U S govetnttrent -consumers J1 9 i ed foreign governments Of the more than - - lsiGINT reports issued in caleiidafyear20l3 0 percent were based in whole or in part on FAA 702 information 107 fS Hf' j --TOP SECRBTHSI NOFORN 143 - tl1tf1 --- bk3 P L 6 DOCID 4273474 TOP SECRETf Sf NOFORN ST-14-0002 U Figure 9 Total SIGINT Reports Issued in CY2013 b M b 3 -P L 86-36 i TS Sf REL TO USA FVEY I U Figure 10 SIGINT Reports Based in Whole or in Part on FAA 702 or PAA Collection h ' 1 - b 3 -P L 86-36 2008 2009 2010 2011 2012 fFSHSIHREL 108 2013 'fe U A I' VI t EC REL TO USA f 'EY When a report is solely sourced to an authority it indicates that a particular source was used by the analyst but does not mean that the collection was only available from that one source of collection TOP ECltE'f SI NOFORN 144 DOCID 4273474 'fOP S CRE'fh'SI N Of Oft N ST -14-0002 f t ffffl H - f1EH ffii FVEJPY7 During 2013 - 1' ' ' NSA disseminated an average of over serialized SIGINT reports a month that included information collected under the 109 FAA 702 certifications bf 3 -P L M 3 k 4' l L TO USA FVEY NSA management believes that disseminated reports basea n f - 7Q c Q_lJection further the U S government's understanding of high priority intematio naf iettq f ism t r gets Be ond disseminated re orts collection obtained under FAA 702 contributes t and hef s- 1 n-- te- l U ' '- re_n_c_e_a_n a -r- s-ts T ------ J--- di ated D TSf SIHR EL TO USA P v'BY On average during 2013 NSA SIGINT reports per month concerning international terrorism that include information de1ived fi om FAA 702 collection U Figure 11 Terrorism -Specific SIGINT Reports Sourced with FAA 702 Information CY2013 I TCOIJC' J ' b 1 b 3 PJ 86-36 o 109 U ff 8e The number of issued reports was obtained in November 2014 from NSA 's management information system for SIGINT production The number of reports for any period is net of any reports recalled after U1ey were issued 'ftlP ECitE'f 81 NOFORl' 145 DOCID 4273474 'f'Ofl SECitE'f' Sf IN Ofi'OftN ST-14-0002 'fSHSih W On average more thanl selectors were tasked for acquisition under FAA 702 during 2013 1 1 - __ 1 U Analyst Use of the Authority b 3 -P L 86-36 - - Sh ff J The FAA 702 authority is utilized broadly to suppdrt NSA missions Jts usefulness is confirmed by the above statistics as well as the fact that the number of selectors tasked to the authmity has increased 1 since 2010 SimjJarly the increase in the number ofre -prts sourced by FAA 702 commurucations has increased _ in the same period U FAA 702 Contributions to the Intelligence Mission U In 2013 NSA reported to the Senate Committee on the Judiciary that information gathered fi-om Section 702 of the FISA Amendments Act and Section 215 ofthe Patriot Act in complement with NSA's other authorities has contributed to the Unjted States government's understanding ofterrorism activities and in many cases has enabled the disruption of potential terrorist events at home and abroad U On 21 June 2013 NSA provided to several Congressional committees testimony concernjug 54 cases in which these programs conttibuted to the U S government's understanding and in many cases disruption of terrorist plots in the United States and more than 20 countries U The SIGINT Directorate provided to the OIG additional examples ofthe value of FAA 702 collection to NSA missions c ' ' ' ' - -P L 86-36 I TSI SII T - - i- - - i O l of ploq __ __ Fari t u andL I---------' T S S fh - F 11 t'b 1l-- -- b 3 -P L 86 36 b 3 -18 usc 798 b 3 -50 usc 3024 i I F3 ' z- 'l'TF J t'l ty ___ r--- '------------------------------ 1 b 3 -P L 86-JG ___ -- TS S I#t F I b f b 3 -P L 86-36 b 3 -18 usc 798 b 3 -50 usc 3024 i __ _-- ' --------------------'--o I 'fOP SRCRE'fh'SI rOFORN 146 DOCID 4273474 'fOP SECR-ET SI 1 - 0FOR N ST -14-0002 -- 1 - -T'- 0 -'10- T- f - t f b _ 3kp'J e s b -j'8- YSC798 - -- -- b 3 -50 _ US-G 3024 i - - - ----- ---_-_'___- oo J r ' J I Sectio -7021 o TS 6WlF Section 70'21- TS Sb'i fl Based on Section 702 collection disrupted the potential attack - - - IS#Sth't F- I 'b 1- b H3 P L 86-3Et_ b 3 - 18 b 3 -50 usc 798 - - usc 3024 i o -- o TSh'S h' F I -I _____ _ _ ______ TOP SECRGBPTHSI rOFOR ' 147 DOCID 4273474 TOP SEiCRETI SJ fNOFORN ST-14-0002 '1 5 St tREL TO us p 'EJGI Ibased u on information obtained ursuant to Executive Order'' 2333 and Section 702 NSA I I ' _ o _ - v Sectio '7021 0 - '' ' ' o ' b rf j------- - --- - - - _ _ _ _ _ooo_ _ _ had been arrestedL I_ _ ____ b 3 -P L 86-36 'fOP SRC RE'f SI rOFORN 148 DOCID 4273474 'fOP S CRE'f 91 NOPORN ST -14-0002 SiiltRL 'fO USAIL-r ' - _ _ _ _ _ _ _ _ _ _ _ --i g -P L 86-36 -r ' ' T _'T' r' TTC' o - ' ' b 1 b 3 -P L 86-36 b 3 -18 usc 798 b 3 -50 usc 3024 i TOP SECU'f 81 iNOFORl' 149 DOCID 4273474 'fOP S CRE'fh'SI N Of Oft N ST-14-0002 IV U ABBREVIATIONS AND ORGANIZATIONS U ADET U AlG Associate Directorate for Education and Training Authorities Integration Group CU L-1_ _ _ _ ___ L U ATSD 10 Assistant to the Secreta U U ---- ------ U BR Business Records U U L- C - D - R -------- C -a- - 11- D -e-ta- 'i'l ' R -ecord ---- __ U CIA Central Intelligence Ageiicy U CMCP Comprehensive Mission Compliance Progni U CSLI Cell site location information U CSP Communication Service Providet' U CT Counterterrorism U DIA Data Integrity Analyst U DIRNSA Director NSA U DMR Dataflow Management Request U DNI Director ofNational Intelligence ' U DoD Department of Defense U DoJ NSD Department of Justice National Security DivisioQ U DTM Directive Type Memorandum U DTOI Date and Time oflntercept U EAR Emphatic Access Restriction _ -- _ ' b 1 b 3 -P L 86-36 U EDH Enterprise data header _ - __ - --- U - ------ --____ ____ __ 1 - U E O Executive Order - U FAA FISA Amendments Act U FBI Federal Bureau of Investigation U FISA Foreign Intelligence Surveillanc-e Act U FISC Foreign Intelligence Surveillance Court U FTP File Transfer Protocol 1 U -------- L- _ - - - - - - - ' I o' r cu _ U H - ' ' Mc ----H om ____ el an-d M i-ss io-n C-oo- r- 'd in-a-to-r--____ U IC Intelligence Community U IMEI International Mobile Station Equipment Identity International Mobile Subsctiber Identity U IMSI Intelligence Oversight U IO Legislative Affairs Office U LAO U MCT Multiple Communication Transaction 'fOP SECU'f' 81 NOfOltN 150 DOCID 4273474 'f'Ofl SECitE'f' Sf INOfi'OftN ST -14-0002 U MPL U MRG U I Master Purge List Math Research Group U N C T C -- N at- io_n_ a- 1 C ou_n_t_ e tte-n o-ti sm __ Center National Security Agency Cerit l Security Service NSA Washington National Security Division National Security Operations Center Office of the Director ofNational Intelligence Office ofthe Director ofCompliance 0ff ce off Gheneral Counsel 11ce o t e 1nspector 0 enera 1 Obligation to Review _ Public key infi astructure Associate Directorate for Security and CounterintelJ t gence Reasonable Articulable Suspicion Request for information Uj -- - U S 1S Information Sharing Services Group 01 b 1 U U U U U U UU U U U U U NSA NSAW NSD NSOC ODNI ODOC 0GCIG 0 OTR PKI Q RAS RFI 0 U S2 U S2I U S2I4 U S3 U S31324 U S354 U SCA ' l b 3 -P L 86-36 Analysis and Production Counterterrorism Production Center Homeland Security Analysis Center rD a ta A cg u i si tio n ----- 'o r---------------- J SCIF Special compliance activity Sensitive Compartmented information FaCiljtf U SID U SIGINT Signals Intellig'epce Directorate Signals Intellig nce - I U SOO u l o I S enior 0 erations Officer 1 - SV Tl2 Tl222 T131 T 323 Tl6 TD TR TS I j I o I HO ' U U U U U U U U U I I i I Technology Directorate Targeting reguest ' I --- r TOP SECltE'f' 81 NOFORl'l 151 I I ' DOCID 4273474 'f'Ofl SECitE'f' Sf INOfi'OftN ST-14-0002 U L -1----- -- --- - - -----------' U U U U U U TV TV4 USD I USP USSID USSS TDOffi - of Compliance Complianc e and Ve j_fication Undersecretary of Defeus e forln t 11igence U S person U S Signals Intelligence Directive - U S STGINT System CU I U V o A------ v et ifi c-a tion-of a-ccu-rac-y TOP SECRETh'SI NOFORN 152 f j 3 -P L 86-36 DOCID 4273474 TOP SECRET ISI NOfi'OftN ST -14-0002 U APPENDIX A ABOUT THE 215 AND FAA 702 REVIEW U Reason for Review U IFOUor- In September 2013 ten members of the Senate Committee on the Judiciary requested a comprehensive independent review of the implementation of 2 L5 of the USA PATRIOT Act and 702 of the Foreign Intelligence Surveillance Act FISA Amendments Act FAA of2008 for calendar years 2010 through 2013 U Objectives U FOU01 In January 2014 the National Security Agency Central Security Service' s NSA Office of the Inspector General OIG and Committee staff agreed that the NSA OIG would review NSA's implementation ofboth authorities for calendar year 2013 The study has three objectives U Objective I o U Describe how data was collected stored analyzed disseminated and retained under the procedures for 215 and FAA 702 authorities in effect in 2013 and the steps taken to protect US Person information o U Describe the restrictions on using the data and how the restrictions have been implemented including a description of the data repositories and the controls for accessing data o U Describe oversight and compliance activities performed by internal and external organizations in support of 215 Foreign Intelligence Surveillance Court FISC Orders and FAA 702 minimization procedures U Objective II o U Describe incidents of non- compliance with 215 FISC Orders and FAA 702 Certifications and what NSA has done to minimize recurrence U Objective III o U Describe how analysts used the data to support their intelligence miSSIOnS U FOUOJ The report also provides a summary of the changes made in the implementation of both authorities for calendar years 2010 through 2012 and for 215 a list ofincidents ofnon-compliance for calendar years 2010 through 2012 TOP S CR T 81 HOFORN 153 DOCID 4273474 TOP SECR-ETHSf NOPOftN ST-14-0002 U Scope and Methodology U ffOUO Our study ofNSA's implementation ofthe Section 215 and FAA 702 authotities was based largely on program stakeholder interviews and reviews of policies and procedures and other program documentation For this review the NSA OIG documented the controls implemented that address the requirements of each authority However we did not verify through testing whether the controls were operating as described by program stakeholders U Section 215 U fFOUO Our 215 review focused on the BR FISA program control framework incidents ofnon-compliance and NSA's use ofthe authority to support its counterterrorism CT mission in 2013 To document the BR FISA control 'ij 3Hi L 86-36 _ framework we used BR Order 13-158 approved by the FISC on 11 October 2013 '- __ - - - -- and effective through 30 January 2014 and compared the requirements listed in that - - - Ordei' with J_he processes and controls NSA used to maintain compliance with that _ - Order In addition --W documented the changes implemented in the BR FISA pro gram following the-President's directives in 2014 o --- ' _ o the Office of the Director of Compliance ODOC the Authorities Integration Group AIG the Legislative Affairs Office LAO and the Office of General Counsel OGC -- -- -- -- -- -- U FAA 702 TSt SWHP In addition to FAA 702 stakeholder interviews and reviews of policies and procedures and other program documentation information obtained in the OIG's Assessment ofManagement Controls Over FAA 702 revised and reissued 29 March 2013 was also used as a resource That review examined the controls that NSA used to maintain compliance with FAA 702 and the targeting and minimization procedures associated with the 201 I certifications TSHSIHNJPY Our FAA 702 review focused on the processes and controls in place in 2013 Two primary documents filed annually with each FAA 702 certification comprise NSA's procedures for complying with the FISA Amendments Act of2008 o UIJq QUO The Procedures Used by the National Security Agency for Targeting Non-United States Persons Reasonably Believed to be Located Outside the United States to Acquire Foreign Intelligence Information Pursuant to Section 702 of the Foreign Intelligence Surveillance Act of 1978 as Amended FAA 702 Targeting Procedures and TOP SECRE'fh'Sif i'IOFOR 154 DOCID 4273474 ST -14-0002 o U FOUOj The Minimization Procedures Used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence Information Pursuanllo Section 702 of the Foreign Intelligence Surveillance Act of 1978 as Amended the FAA 702 Minimization Pro cedures U If'OUO For calendar year 2013 the period under review different versions of these documents were in effect because of changes made with the annual certification renewal and special amendments o o U q OUO FAA 702 Targeting Procedures o U ffOUO Procedures approved with the 2012 renewal of the authority effective 24 September 2012 o U FOU These procedures were not changed for the 2013 certification renewal and remained effective 10 September 2013 through 9 September 2014 U fFOUO FAA 702 Minimization Procedures o S tW Pro cedures approved for the 2012 certification renewal approved 6 1Y - - by the FISC 24 August 2012 were effective 24 September 2012 through 2JSeptember 20 3 - l I b 3 -P L 86-36 --- - - I I - - - - b h b 3 -P L 86-36 b 3 -50 usc 3024 i U IFOUO We also examined implementing procedures and controls for the Attorney General' s targeting guidelines U ffOUQ We interviewed personnel in SID Policy and Corporate Issues Staff S02 SV Analvsis and Production S2 Staff and Product Lines Data Acquisition J 1 1- and l -I Ithe 1 -- -------___ _-- - __ r 1'------ -an -td M 1 19 _n Capabili iie S T-1 QDOC the LAO a J g OGC rv - - - - o H u o' 11 b 3 -P L 86-36 U Prior Coverage U q 'QUO Since 24 May 2006 the date the original BR Order was signed the NSA OIG has completed five BR FISA program reviews Table A-1 summarizes the reviews the NSA OIG bas performed on the BR FISA program 'ft P ECitE'fi SI NOFORl'l 155 DOCID 4273474 'fOP SECKE'fi Sf NOP ORN ST-14-0002 U Table A-1 NSA OIG Reviews of the BR FISA Program TSHSI tJF Date II ls Ued ll - OIG Review - - l Scope of the Review ' 09 05 06 Assessment of Management Controls for Implementing the FISC Order Telephony BR ST-06-0018 Reviewed collection processing analysis dissemination and oversight controls 05 12 10 NSA Controls for FISC BR Orders ST -10-0004 Reviewed querying and dissemination controls summarized pilot test results for the period from January through March 2010 05 25 11 Audit of NSA Controls to Comply with the FISC Order Regarding BR ST -10-0004L Reviewed querying and dissemination controls summarized the monthly test results for 2010 10 20 11 Audit of NSA Controls to Comply with the FISC Order Regarding BR Retention ST -11-0011 Verified age-off of BR FISA metadata in 2011 to maintain compliance with the 60 month retention requirement of the BR Order 08 01 12 NSA Controls to Comply with the FISC Order Regarding BR Collection ST-12-0003 Reviewed collection and sampling controls for ensuring that NSA receives only the BR FISA metadata authorized by the BR Order o This report summarized monthly test results of the BR querying and dissemination controls during 2010 f FSl' SIHtlF U ffOUO Since the Agency obtained FAA 702 authority in January 2008 the NSA OIG has completed annual reviews ofreports containing references to USP identities and targets later determined to be located in the Uuited States as required by the statute Table A-2 summatizes the two reviews the NSA OIG bas completed ofthe FAA 702 program U Table A-2 NSA OIG Reviews of the FAA 702 Program 9HUF Date 3 29 13 OIG Review Issued U Reviewed management controls for maintaining compliance with the targeting and minimization procedures U Assessment of Management Controls Over FAA 702 ST-11-0009 I I l v 11'11 Jl ' Scope of the Review - 11 b 1 b 3 -P L 86-36 TOP SBCRET SI HOFORH 156 e UF DOCID 4273474 TOP S CltE't' Sf NOPOltrq ST -14-0002 U APPENDIX B BR FISA PROGRAM CHANGES 2010-2012 U 2010 I NSA's RAS selection term U f OOO On 25 June 2Q W management Y t md o I o U fF Uet f lthe Order requirement restricting the number of '' ' atHi1ysts allowed to access BR metadata was lifted ' ' _ _ U FOUO I Ithe Order requirement for weekly reports of BR-related disseminations was changed to monthly ftnt kP L 86-36 ' Q 011 1 ' - - l l p-r - -r- -o-s it-or_y_f io-r -t k d - _ telep lQny transaction records o cy p W _ U - 2 o1 - Uf FOuO I--- - --- 1 tl1e Ot'd r requirement for NSA to review a sample bfrecbrds obtained was changed to a revl'e Y ofNSA's monitoring and assessment toensure that only approved metadata is being -a quired o U NSA tifkd the - rt l JPet fe l 1 cu oue l I ---------- ' INSA notified the Co- rtl 'I o -- ------------------ U FOUe I the Court authorized NSA to implement an automated querying process 110 U NSA is no longer authorized to use the automated query process since it withdrew its request to do so in the renewal applications and declarations that support the BR Orders approved by the FISC beginning with BR Order 14-67 dated 28 March 2014 110 TOP SECRETHSI NOFORN 157 DOCID 4273474 TOP SECRBTHSI 1 - 0 FOR N ST-14-0002 o U FOUO On 29 November 2012 the Order requirement to track and report the number of instances since the preceding report in wbjcb NSA bas shared in any form results from queries of the BR metadata in any form with anyone outside NSA was changed to apply to only sharing of query results that contain U S person information 'fOP ECRE'fh'Sif i'IOFORi'l 158 DOCID 4273474 'fOP SECHT 11 N OFOR N ST -14-0002 U APPENDIX C BR FISA PROGRAM INCIDENTS OF NON-COMPLIANCE 2010 THROUGH 2012 U Table C-1 BR FISA Incidents 2010 through 2012 Congressional Notification Description 1 b -P L 86-36 o U fFQ Y O On 1 November 2010 Rule 10 b and 10 c notices were replaced by Rule 13 a and 13 b notices respectively t U Final Rule 10 c noticeL ---r-- --- - - - - - '6 3 -P L 86-36 U Supplemental Rule 13 b notice -- - U FOUO Final Rule 13 a and 13 b notice t o TSOSI f4F 'fOP SECRE'fi SI NOf OltN 159 DOCID 4273474 TOP SEiCRETI SI fNOFORN ST-14-0002 U APPENDIX D FAA 702 PROGRAM CHANGES U Minimization Procedures U 2011 o U FOU01 Language on upstream data added to Minjmization Procedures o U FOUO The retention period for Upstream Data is reduced to two years o U FOUO Clarified that the five-year retention period for unevaluated data began to run fi om the date of expiratiou of tbe certification under which tbe data was collected Prior versions did not specify when the five-year period began o U FOUO Permitted queries using USP identifiers to identify and select communications Requires pre-approval before any queries are made Specifically excludes queries against upstream data o U FOUO Adds requirement to segregate Internet transactions that cannot be reasonably identified as containing single discrete communications U 2012 o o 6 1T - b 3 -P L 86-36 o U IfOUOj- Limjted access to metadata from Internet transactions to data acquired on or after October 31 201 J U fetJ'CJ A dds specific requirements for DIRNSA determination that a domestic communication can be retained This includes a requirement that DIRNSA first determine that the sender or recipient of the domestic communication was properly targeted under FAA 702 - s i EE if'OU AI lr --L------------r-_____J _ U 2 013 '4' o U An amendment to the Minimization procedures was made in late 2013 A - section was added precluding NSA from using information acquired pursuant to bJ 1 FAA 70 unless NSA det rmines based n the total_ity of the circums ances that b J P L 86 36 - - tbe target ts reasonably beheved to be outs1de the Umted States at tbe ttme the b 3 -50 usc 3024 i informatiop was acquired - S REL T - us Aijr--___ ---------------- IL --- -----------------' b 1 b 3 -P L 86-36 TOP SECR BT 811 HOFOR l 160 DOCID 4273474 TOP SECR-ETHSf NOPOftN ST -14-0002 U Other Changes U 2012 o ffS fSi f W Congress notified by NSA I I b 1 b 3 -P L 86-36 b 3 -50 usc 3024 i b 1 b 3 -P L 86-36 TOP SEEUR1 e'f SI NOFORN 161                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu