Book Read Free

The Snowden Reader

Page 19

by David P Fidler


  TOP SECRET//COMINT//NOFORN/MR

  UNITED STATES

  FOREIGN INTELLIGENCE SURVEILLANCE COURT

  WASHINGTON, D.C.

  IN RE PRODUCTION OF TANGIBLE THINGS

  FROM [REDACTED] Docket Number: BR 08–13

  ORDER

  On December 12, 2008, the Foreign Intelligence Surveillance Court (“FISC” or “Court”) re-authorized the government to acquire the tangible things sought by the government. . . . Specifically, the Court ordered [REDACTED] to produce, on an ongoing daily basis for the duration of the order, an electronic copy of all call detail records or “telephony metadata” created by those companies. . . . The Court found reasonable grounds to believe that the tangible things sought are relevant to authorized investigations being conducted by the Federal Bureau of Investigation (“FBI”) to protect against international terrorism. . . . In making this finding, the Court relied on the assertion of the National Security Agency (“NSA”) that having access to the call detail records “is vital to NSA’s counterterrorism intelligence mission” because “[t]he only effective means by which NSA analysts are able continuously to keep track of [REDACTED], and all affiliates of one of the aforementioned entities [who are taking steps to disguise and obscure their communications and identities], is to obtain and maintain an archive of metadata that will permit these tactics to be uncovered.” . . . NSA also averred that

  [t]o be able to exploit metadata fully, the data must be collected in bulk. . . . The ability to accumulate a metadata archive and set it aside for carefully controlled searches and analysis will substantially increase NSA’s ability to detect and identify members of [REDACTED].

  . . .

  Because the collection would result in NSA collecting call detail records pertaining to . . . communications of United States (“U.S.”) persons located within the U.S. who are not the subject of any FBI investigation and whose metadata could not otherwise be legally captured in bulk, the government proposed stringent minimization procedures that strictly controlled the acquisition, accessing, dissemination, and retention of these records by the NSA and the FBI. . . . The Court . . . directed the government to strictly adhere to these procedures. . . . [and] ordered that:

  access to the archived data shall occur only when NSA has identified a known telephone identifier for which, based on the factual and practical considerations of everyday life on which reasonable and prudent persons act, there are facts giving rise to a reasonable, articulable suspicion that the telephone identifier is associated with [REDACTED]; provided, however, that a telephone identifier believed to be used by a U.S. person shall not be regarded as associated with [REDACTED] solely on the basis of activities that are protected by the First Amendment to the Constitution. . . . (emphasis added)

  In response to a Preliminary Notice of Compliance Incident dated January 15, 2009, this Court ordered further briefing on the non-compliance incident to help the Court assess whether its Orders should be modified or rescinded; whether other remedial steps should be directed; and whether the Court should take action regarding persons responsible for any misrepresentations to the Court or violations of its Orders. . . .

  A. NSA’s Unauthorized Use of the Alert List

  The government reported . . . that, prior to the Court’s initial authorization [of the telephone metadata program] on May 24, 2006 . . . , the NSA had developed an “alert list process” to assist the NSA in prioritizing its review of the telephony metadata it received. . . . Following the Court’s initial authorization, the NSA revised this alert list process so that it compared the telephone identifiers on the alert list against incoming FISC-authorized Business Record metadata (“BR metadata”) and SIGINT collection from other sources, and notified NSA’s counterterrorism organization if there was a match between an identifier on the alert list and an identifier in the incoming data. . . . The revised NSA process limited any further analysis of . . . the BR metadata to those telephone identifiers determined to have met the “reasonable articulable suspicion” standard (hereafter “RAS-approved identifiers”). . . . However, because the alert list included all identifiers (foreign and domestic) that were of interest to counterterrorism analysts who were . . . tracking [REDACTED], most of the telephone identifiers compared against the incoming BR metadata were not RAS-approved. . . . Thus, since the earliest days of the FISC-authorized collection of call-detail records . . . , the NSA has on a daily basis, accessed the BR metadata for purposes of comparing thousands of non-RAS approved telephone identifiers on its alert list against the BR metadata in order to identify any matches. Such access was prohibited by the governing minimization procedures under each of the relevant Court orders, as the government concedes. . . .

  The government’s submission suggests that its non-compliance . . . resulted from a belief by some personnel within the NSA that some of the Court’s restrictions on access to the BR metadata applied only to “archived data.” . . . That interpretation . . . strains credulity. It is difficult to imagine why the Court would intend the applicability of the RAS requirement—a critical component of the procedures proposed by the government and adopted by the Court—to turn on whether or not the data being accessed has been “archived.” . . . Indeed, to the extent that the NSA makes the decision about where to store incoming BR metadata and when the archiving occurs, such an illogical interpretation . . . renders compliance with the RAS requirement merely optional.

  The NSA also suggests that the NSA OGC’s [Office of General Counsel] approval of procedures allowing the use of non-RAS-approved identifiers on the alert list to query BR metadata not yet in the NSA’s “archive” was not surprising, since the procedures were similar to those used in connection with other NSA SIGINT collection activities. . . . If this is the case, . . . the non-compliance is not a terminological misunderstanding, but the NSA’s decision to treat the accessing of all call detail records . . . no differently than other collections under separate NSA authorities, to which the Court-approved minimization procedures do not apply.

  B. Misrepresentations to the Court

  The government has compounded its non-compliance . . . by repeatedly submitting inaccurate descriptions of the alert list process to the FISC. Due to the volume of U.S. person data being collected . . . , the FISC’s orders have all required that any renewal application include a report on the implementation of the Court’s prior orders, including a description of the manner in which the NSA applied the minimization procedures. . . .

  In its report to the FISC accompanying its first renewal application . . . on August 18, 2006, the government described the alert list process as follows:

  NSA has compiled . . . an “alert list” of telephone numbers used by members of [REDACTED]. This alert list serves as a body of telephone numbers employed to query the data. . . .

  [. . .] Each of the foreign telephone numbers that comes to the attention of the NSA as possibly related to [REDACTED] is evaluated to determine whether the information about it provided to NSA satisfies the reasonable articulable suspicion standard. If so, the foreign telephone number is placed on the alert list; if not, it is not placed on the alert list.

  The process . . . applies also to newly discovered domestic telephone numbers considered for addition to the alert list, with the additional requirement that NSA’s Office of General Counsel reviews these numbers and affirms that the telephone number is not the focus of the analysis based solely on activities that are protected by the First Amendment. . . .

  . . .

  As of the last day of the reporting period . . . , NSA had included a total of 3980 telephone numbers on the alert list, . . . after concluding that each of the foreign telephone numbers satisfied the [RAS standard], and each of the domestic telephone numbers was either a FISC approved number or in direct contact with a foreign seed that met those criteria. . . .

  To summarize the alert system: every day new contacts are automatically revealed with the 3980 telephone numbers contained on the alert li
st described above, which themselves are present on the alert list either because they satisfied the reasonable articulable suspicion standard, or because they are domestic numbers that were either a FISC approved number or in direct contact with a number that did so. These automated queries identify any new telephone contacts between the numbers on the alert list and any other number, except that domestic numbers do not alert on domestic-to-domestic contacts. . . . (emphasis added).

  This description was included in . . . all subsequent reports to the Court. . . .

  The NSA attributes these material misrepresentations to the failure of those familiar with the program to correct inaccuracies in a draft of the report prepared in August 2006 by . . . the NSA’s Office of General Counsel. . . . Further, the NSA reports:

  it appears there was never a complete understanding among the key personnel who reviewed the report for the SIGINT Directorate and the Office of General Counsel regarding what each individual meant by the terminology used in the report. Once this initial misunderstanding occurred, the alert list description was never corrected since neither the SIGINT Directorate nor the Office of General Counsel realized there was a misunderstanding. As a result, NSA never revisited the description of the alert list that was included in the original report to the Court.

  . . . Finally, the NSA reports that “from a technical standpoint, there was no single person who had a complete technical understanding of the BR FISA system architecture. This probably also contributed to the inaccurate description of the alert list that NSA included in its BR FISA reports to the Court.” . . .

  Regardless of what factors contributed to making these misrepresentations, the Court finds that the government’s failure to ensure that responsible officials adequately understood the NSA’s alert list process, and to accurately report its implementation to the Court, has prevented, for more than two years, both the government and the FISC from taking steps to remedy daily violations of the minimization procedures . . . designed to protect [REDACTED] call detail records pertaining to telephone communications of U.S. persons located within the United States who are not the subject of any FBI investigation and whose call detail information could not otherwise have been legally captured in bulk.

  C. Other Non-Compliance Matters

  Unfortunately, the universe of compliance matters . . . extends beyond the events described above. On October 17, 2008, the government reported to the FISC that, after the FISC authorized the NSA to increase the number of analysts authorized to access the BR metadata to 85, the NSA trained those newly authorized analysts on Court-order procedures. . . . Despite this training, however, the NSA subsequently determined that 31 NSA analysts had queried the BR metadata during a five day period in April 2008 “without being aware they were doing so.” . . . (emphasis added) As a result, the NSA analysts used 2,373 foreign telephone identifiers to query the BR metadata without first determining that the reasonable articulable suspicion standard had been satisfied. . . .

  Upon discovering this problem, the NSA undertook a number of remedial measures, including suspending the 31 analysts’ access pending additional training, and modifying the NSA’s tool for accessing the data so that analysts were required specifically to enable access to the BR metadata and acknowledge such access. . . . Despite taking these corrective steps, on December 11, 2008, the government informed the FISC that one analyst had failed to install the modified access tool and, as a result, inadvertently queried the data using five identifiers for which NSA had not determined that the reasonable articulable suspicion standard was satisfied. . . . Then, on January 26, 2009, the government informed the Court that, from approximately December 10, 2008, to January 23, 2009, two NSA analysts had used 280 foreign telephone identifiers to query the BR metadata without determining that the Court’s reasonable articulable suspicion standard had been satisfied. . . . It appears that these queries were conducted despite full implementation of the above-referenced software modifications to the BR metadata access tool, as well as the NSA’s additional training of its analysts. . . . And, . . . the NSA continues to uncover examples of systematic noncompliance.

  In summary, . . . the FISC’s authorizations of this vast collection program have been premised on a flawed depiction of how the NSA uses BR metadata. This misperception by the FISC existed from the inception of its authorized collection in May 2006, buttressed by repeated inaccurate statements made in the government’s submissions, and despite a government-devised and Court-mandated oversight regime. The minimization procedures proposed by the government . . . and approved and adopted as binding by the orders of the FISC have been so frequently and systematically violated that it can fairly be said that this critical element of the overall BR regime has never functioned effectively.

  D. Reassessment of BR Metadata Authorization

  In light of the foregoing, the Court returns to fundamental principles underlying its authorizations. In order to compel the production of tangible things to the government, the Court must find that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation . . . to obtain foreign intelligence information not concerning a U.S. person or to protect against international terrorism or clandestine intelligence activities, provided that such investigation of a U.S. person is not conducted solely on the basis of activities protected by the First Amendment. . . .

  The government’s applications have all acknowledged that, of the [REDACTED] call detail records NSA receives per day . . . nearly all . . . pertain to communications of non-U.S. persons who are not the subject of an FBI investigation to obtain foreign intelligence information, are communications of U.S. persons who are not the subject of an FBI investigation to protect against international terrorism or clandestine intelligence activities, and are data that otherwise could not be legally captured in bulk by the government. Ordinarily, this alone would provide sufficient grounds for a FISC judge to deny the application.

  Nevertheless, the FISC has authorized bulk collection of call detail records in this case based upon: (1) the government’s explanation, under oath, of how the collection of and access to such data are necessary to analytical methods that are vital to the national security of the United States; and (2) minimization procedures that carefully restrict access to the BR metadata and include specific oversight requirements. Given the Executive Branch’s responsibility for and expertise in determining how best to protect our national security, and in light of the scale of this bulk program, the Court must rely heavily on the government to monitor this program to ensure that it continues to be justified, in view of those responsible for our national security, and that it is being implemented in a manner that protects the privacy interests of U.S. persons as required by applicable minimization procedures. To approve such a program, the Court must have every confidence that the government is doing its utmost to ensure that those responsible for implementation fully comply with the Court’s orders. The Court no longer has such confidence.

  With regard to the value of the BR metadata program, the government points to the 275 reports that the NSA has provided to the FBI identifying 2,549 telephone identifiers associated with the targets. . . . The government’s submission also cites three examples in which the FBI opened three new preliminary investigations of persons in the U.S. based on tips from the BR metadata program. . . . However, the mere commencement of a preliminary investigation, by itself, does not seem particularly significant. . . . [T]his program has been ongoing for nearly three years. The time has come for the government to describe to the Court how . . . the value of the program to the nation’s security justifies the continued collection and retention of massive quantities of U.S. person information.

  Turning to the government’s implementation of the Court-ordered minimization procedures and oversight regime, the Court takes note of the remedial measures being undertaken by the government. . . . In particular, the Court welcomes the Director of the NSA’s decision to order “end-to
-end system engineering and process reviews (technical and operational) of NSA’s handling” of BR metadata. . . . However, the Court is very disturbed to learn that this ongoing exercise has identified additional violations of the Court’s orders, including the routine accessing of BR metadata from May 2006 to February 18, 2009 . . . using telephone identifiers that had not been determined to meet the reasonable articulable suspicion standard. . . .

  In its last submission, the government describes technical measures implemented . . . to prevent any recurrences of the . . . non-compliance uncovered to date. . . . On the strength of these measures, the government submits that “the Court need not take any further remedial action.” . . . After considering these measures in the context of the historical record of non-compliance and in view of the Court’s authority and responsibility to “determine [and] enforce compliance” with Court orders and Court-approved procedures, . . . the Court has concluded that further action is, in fact, necessary.

  The record before the Court strongly suggests that, from the inception of this FISA BR program, the NSA’s data accessing technologies and practices were never adequately designed to comply with the governing minimization procedures. From inception, the NSA employed two separate automated processes—the daily alert list and the [REDACTED] tool—that routinely involved queries based on telephone identifiers that were not RAS-approved. . . . As for manual queries, the minimization procedures required analysts to use RAS-approved identifiers whenever they accessed the BR metadata, yet thousands of violations resulted from the use of identifiers that had not been RAS-approved by analysts who were not even aware that they were accessing BR metadata. . . .

 

‹ Prev