OCR of the Document

View the Document >>

[Author Name Redacted], National Security Agency, NSA Staff Processing Form, Subject: (S//REL) SSO’s Support to the FBI for the Implementation of their Cyber FISA Orders, December 21, 2011. Secret//Rel to USA, FVEY.

- FIB TO USA VEY SECURITY CLASSIFICATION NSA STAFF PROCESSING FORM TO EXREG CONTROL NUMBER KCC CONTROL SIGINT DIR 2012-704 8353 1 13-11 THRU ACTION EXREG SUSPENSE SUBJECT APPROVAL KCC SUSPENSE IGN RE SSO's Support to the FBI for Implementation of j 3 Am ELEMENT SUSPENSE their Cyber FISA Orders CI imam-non V2 V3 V07 SUMMARY RECOMMENDATION Approve the provision of the assistance to FBI with the proviso that the FBI remains responsible for any additional expenses incurred PURPOSE To obtain the SIGINT Director's approval for the Of ce of Special Source Operations to provide ongoing technical assistance to the Federal Bureau of Investigation FBI for the implementation of the various orders they have obtained and will obtain from the Foreign Intelligence Surveillance Court FISC in certain ber cases invol vin a ents of forei powers ea - soon The preparation of this Staff Processing Form was a collaborative-effort between 880 and the NSA Of ce of General Counsel OGC BACKGROUND On December 20 2011 NSA received a request for technical assistance from the FBI seeking access to infrastructure established by NSA for collection of foreign intelligence from US telecommunications providers The FISC has issued a number of orders at the request of the FBI authorizing electronic surveillance directed at communications related to computer intrusions being conducted by foreign powers The orders include some that are limited to pen register trap and trace PRTT information as well as others that authorize collection of content The rst of these for which NSA assistance has been requested is directed at communications related to intrusions Conducted by the Docket Number 11-91 regarding what FBI refers to as STYGIAN FLOW In mid 2011 prior to receipt of the request for technical assistance 880 became aware of plans to seek these orders and has been in discussions with FBI throughout the latter half of the year in the belief that use of NSA's collection processing infrastructure would allow the FBI to COORDINATIONIAPPROVAL NAME AND DATE NAME AND DATE OFFICE OFFICE OGC 3037 f S3 i eZO'x Z NTOC omemxroa mm s3ss M 2011 12 210i qz m 1600' FORM AS79605 REV NOV zoo arcades A6796 FEB 05 which is obsolete mwmm 3 up secunml CLASSIFICATION Derived From Manna 1 52 Dated a January 2007 TO USA VEY Dectassify On 20320108 SV POC 20111221 TO USA FVEY sacumrv Page 2 of 4 CATS 2012-704 TO USA FVEY SSO's Support to the FBI for Implementation of their Cyber FISA Orders maximize the value of the collection without incurring the expenses associated with duplication of that infrastructure Although FBI conducts numerous electronic surveillances without assistance the vast majority of them are directed against targets located inside the United States and U S providers served with ISC orders are ordinarily able to identify and deliver to the FBI most if not all of the targets' communications that they carry That is because such electronic surveillance is typically effected at a point or points in the provider s infrastructure in physical proximity to the target's location In the case of computer intrusions being conducted by foreign powers the providers may be carrying a target's communications but it is much more dif cult to identify and locate them because the communications in question will enter and leave the United States via any convenient path and their path may be obscured to avoid detection In other words in these cases because the target's location is outside the United Statues and not well-characterized effecting the surveillance via traditional means is not effective However in support of FAA and in anticipation of the need to conduct similar collection activities for computer network defense purposes over the last decade NSA has expended a signi cant amount of resources to create collection processing capabilities at many of the chokepoints operated by U S providers through which international communications enter and leave the United States Collection at such chokepoints is much better suited to electronic surveillance directed at targets located outside the United States than BI's traditional means of collection In theory FBI could rely on the orders it has obtained to direct U S providers to conduct surveillance at these chokepoints without relying on NSA capabilities but it would take a considerable amount of time to do so and FBI would have to reimburse the providers to recreate duplicate what NSA has already put in place The cost alone would be prohibitive and the time lost in doing so would necessarily result in a loss of foreign intelligence The assistance being sought by the FBI is limited in nature The U S providers served with Secondary Orders in this matter will assume full responsibility for the provisioning of and content collection to the FBI Since all of the authorized facilities typically known as targeted selectors in NSA parlance to date are Internet Protocol IP addresses used by the targets there is no question as to the providers' abilities to employ devices under their control routers to provision fully-compliant authorized intercept Neither the previders nor the FBI will require NSA's Government off the Shelf GOTS Digital Network Intelligence DNI collection and processing solutions TURMOIL XKEYSCORE Instead metadata and full content derived from the authorized intercept will be produced using Commercial off the Shelf COTS processing solutions If these COTS processing solutions involve components developed at expense and used primarily for NSA's Cyber survey purposes the 830 will make care il and informed decisions prior to authorizing use of these components TO USA VEY SECURITY CLASSIFICATION TO USA FVEY secumrv CLASSIFICATION Page 3 of 4 CATS 2012-704 TO USA FVEY Support to the FBI for Implementation of their Cyber FISA Orders Prior to authorizing use of the extensive secure Wide Area Networks established at the two primary providers cover terms LITHIUM and ARTIF ICE respectively as the end-to-end data delivery infrastructure to connect intercept and processing locations with the FBI's designated Cyber data repository at the Engineering Research Facility Quantico VA 880 will make careful and informed decisions to ensure this capability is undertaken on a 100% non-interference basis with NSA's current and future data backhaul needs on these same networks All data metadata and or content collected under the auspices of these ISC orders will be forwarded securely and directly to the designated FBI repository The ISC orders do contain a provision as follows personnel participating in this joint investigation may have access to raw data prior to minimization However access to raw data by NTOC members of the NCIJTF will be facilitated under the purview of the FBI and not through any actions that $80 might take as the collected data passes through NSA's secure Wide Area Networks Should the BI's cyber orders from the ISC be modified in the future to authorize raw data retention by NSA $80 will coordinate with all cognizant NSA offices Data Governance OGC SV to ensure the proper data delivery mechanism is put in place Should the FBI require a sustained and high-level of dedicated analytical resources cleared technical manpower at the providers in order to optimize the collection effectiveness of their and content orders they will contract for those services directly with the providers If on the other hand the Bl's requirement for provider analytical support is more ad hoc and aperiodic in nature during the period of time these orders remain in effect 880 will make careful and informed decisions prior to authorizing labor charges against the relevant SSO contracts with the providers for these services on behalf of the FBI Any charges that cannot be justi ed as necessary for NSA purposes will not be made unless until FBI agrees to reimburse NSA DISCUSSION If SID decides to approve the requested assistance 830 will assist the FBI in effecting any cyber orders submitted to it after the has veri ed that each of them contains language permitting NSA's involvement As stated in Attachment 1 NSA will have the opportunity to review and respond to any proposed use of ISA derived information from these collections prior to the Attorney General authorizing the use of such information in any criminal proceedings The assistance 580 is being asked to provide to the FBI will not preclude NSA's SIGINT targeting of these same fully-quali ed overseas IP addresses under the auspices of the FISA Continued TO USA FVEY sa i' m CLASSIFICATION TO USA FVEY SECURITY Page 4 of 4 CATS 2012-704 TO USA FVEY Support to the FBI for Implementation of their Cyber FISA Orders The assistanCe 880 is being asked to provide to the FBI will not preclude SIGINT targeting of these same fully-quali ed overseas IP addresses under the auspices of the ISA Amendments Act FAA of 2008 To the contrary the relatively recent discovery of these FBI Cyber FISA orders and the countless pages of SIGINT-derived evidence that was cited in the respective Applications to the FISC have already formed the basis for a dialog between OGC and the Department of Justice's National Security Division C DIRECTOR SIGNALS INTELLIGENCE DECISION CONCUR gg QMAE 5 8'27 5 NON-CONCUR DATE TO USA FVEY SECURITY CLASSIFICATION                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu