Skip to content

Latest commit

 

History

History
1004 lines (631 loc) · 320 KB

NSIs.md

File metadata and controls

1004 lines (631 loc) · 320 KB
Raw

Myths about FISA, Patriot Act & Post-9/11 National Security Investigations debunked

The Bullshit asymmetry principle, or Brandolini's law:

The amount of energy needed to refute bullshit is an order of magnitude bigger than to produce it.

"From the outset, I approached my responsibilities as a member of the Review Group with great skepticism about the NSA. I am a long-time civil libertarian, a member of the National Advisory Council of the ACLU, and a former Chair of the Board of the American Constitution Society. To say I was skeptical about the NSA is, in truth, an understatement. I came away from my work on the Review Group with a view of the NSA that I found quite surprising. Not only did I find that the NSA had helped to thwart numerous terrorist plots against the United States and its allies in the years since 9/11, but I also found that it is an organization that operates with a high degree of integrity and a deep commitment to the rule of law. Like any organization dealing with extremely complex issues, the NSA on occasion made mistakes in the implementation of its authorities, but it invariably reported those mistakes upon discovering them and worked conscientiously to correct its errors. The Review Group found no evidence that the NSA had knowingly or intentionally engaged in unlawful or unauthorized activity. To the contrary, it has put in place carefully-crafted internal procedures to ensure that it operates within the bounds of its lawful authority."

—Geoffrey Stone, Edward H. Levi Distinguished Service Professor of Law at the University of Chicago

Due to the media and NGO sensationalist reporting concerning a series of leaked documents, from Edward Snowden: blogs and NGOs, TV shows and other forms of information consumption have grossly misunderstood NSA and FBI's capabilities and authorities after September 11, 2001. The misunderstanding didn't help from the fact that Snowden himself, was a contracted, low-end IT systems administrator who never worked directly with any programs concerned in the leaked material. His fatal misunderstanding led to a flood of falsehoods. The conclusion of a critical examination of the leaked material, confirms exactly what the Government has always said, matching perfectly with the unclassified and declassified record—totally refuting Snowden's narrative. This repository will also cover many issues not subject to Snowden's disclosure, pre and post.

Notes:

  • Right-click on a embeded link to open. Clicking directly will cause the current tab to load the link.
  • Install the official wayback machine browser addon, from archive.org, to aid in any 404 errors. I try to fix them myself, but still a good addon to have.
  • The bulk (pun intended) of this file is to quote directly from the primary source records. This is done so in order to avoid the "it's just an opinion" knee-jerk reaction predilection.
  • Highly recommended reading material, National Security Investigations and Prosecutions, 3rd edition

Contents

  • FISA applications

    • As a warrant

      FISA requires a finding of probable cause that the target is a foreign power or an agent of a foreign power and that each facility or place at which the electronic surveillance is directed is being used, or is about to be used, or that the property or premises to be searched is, or is about to be, owned, used, possessed by, or is in transit to or from, a foreign power or an agent of a foreign power. Rather than focusing on probable cause to believe that a person has committed a crime, the FISA standard focuses on the status of the target as a foreign power or an agent of a foreign power. The probable cause threshold which the Government must satisfy before receiving authorization to conduct electronic surveillance or a physical search under FISA complies with the Fourth Amendment's reasonableness standard.[1] This has been ruled on by over 16 Federal Courts and the Supreme Court.[2]

    • Conservatism with respect to FISA

      Both the DOJ IG report concerning 9/11, and a seperate review, found DOJ's attorneys were overly strict on the probable cause standard—exceeding the legal and Constitutional requirements.

      As noted by the 9/11 IG review, "The handling of the Moussaoui case also highlighted the conservatism of the Department and the FBI at the time with regard to the use of FISA. At the time of the Moussaoui investigation there was a widespread perception in the FBI that OIPR was excessively restrictive in its approach to obtaining FISAs. The perception was that OIPR would not plead “new” foreign powers – foreign powers that had not previously been pled to the FISA Court – and that OIPR required more support to go forward than the probable cause that what was required by the FISA statute. This perception caused the FBI to be less aggressive in pursuit of FISA warrants that did not fit the standard pattern.

      This perception was discussed in the May 2000 report of the Attorney General’s Review Team (AGRT) that was established to review the FBI and the Department’s handling of the Wen Ho Lee FCI investigations and FISA application. The report stated that in interviews with FBI personnel, “a consistent theme that has emerged has been the FBI’s substantial frustration with what it perceives to be OIPR’s general lack of aggressiveness in the handling of FISA applications.” The AGRT concluded that OIPR was too conservative in its handling of the Lee FISA application and three factors suggested that the FBI’s general complaint of undue conservatism had merit. First, the AGRT found that OIPR had never had a FISA application turned down by the FISA Court and that “this record suggests the use of ‘PC+’ [probable cause plus], an insistence on a bit more than the law requires.” Second, the AGRT asserted that while some disputes between agents and lawyers were to be expected, the fact that the complaints about OIPR came from all levels within the FBI as well as the frequency and the intensity of the complaints suggested that this concern was not arising out of the normal tension between agents and lawyers. Third, the AGRT stated that OIPR applied too conservative an approach to the Lee application, which suggested it did so across the board because of the significance of and attention received within OIPR by the Lee application. We heard similar complaints from FBI Headquarters managers and NSLU attorneys that OIPR was too conservative. FBI employees made two arguments in support of this assertion. First, FBI employees said that OIPR required more than what FBI employees believed was necessary under FISA to get a FISA warrant. One former unit chief told the OIG that OIPR’s standard for probable cause was “too high.” The former head of NSLU told the OIG that OIPR attorneys often asked for details about the investigation that were not related to the issue of probable cause. He asserted that, by comparison, Title III applications were “far cleaner and far more succinct” than the FISA applications. As an example of OIPR’s conservatism, another NSLU attorney asserted to the OIG the fact that in FISA applications involving a particular terrorist organization as the foreign power, OIPR required a substantial number of pages worth of facts to support the assertion that it was a terrorist organization, despite the fact that this terrorist organization was designated as a foreign terrorist organization by the State Department.[3] [4]

    • Preparation & Approval of FISA Applications

      FISA Titles I and III: The FBI's FISA process is initiated when a case agent begins drafting a FISA Request Form for submission to OI (DOJ's Office of Intelligence). The FISA Request Form requires that the case agent provide specific categories of information to OI, the most important of which is a description of the facts and circumstances that the agent views as establishing probable cause to believe the target of the application is a foreign power or an agent of a foreign power. In particular, the FISA Request Form states that the case agent should provide a complete description of all material facts regarding a target to justify FISA authority or, in the case of renewals, to justify continued FISA coverage. In the case of FISA renewals, the form also asks the case agent to describe in detail any previous information that requires modification or correction. After the case agent prepares the FISA Request Form, in ordinary circumstances, the supervisory chain in the relevant field office will receive the request for approval, including the SSA, CDC, ASAC, and the SAC, before the request is sent to the appropriate FBI Headquarters substantive division Unit Chief (UC). The UC reviews and approves the request, assigns it to the appropriate FBI Headquarters substantive division SSA Program Manager, and to OGC's National Security and Cyber Law Branch (NSCLB) for assignment and review.

      Once the FISA Request Form is submitted to NSCLB, an NSCLB line attorney reviews the request and provides feedback to the case agent. Once the draft is finalized, the NSCLB line attorney approves the FISAMS request and routes the form to the appropriate FBI Headquarters Section Chief for review and approval. The FBI Headquarters Section Chief reviews the request and, if approved, submits the request to the appropriate Deputy Assistant Director (DAD) for approval in the case of an expedited request, or, if not, directly to OI. Once in OI, the request is then assigned to an OI line attorney from one of three units within OI's Operations Section: the Counterintelligence Unit, the Counterterrorism Unit, or the Special Operations Unit. The OI attorney prepares the read copy application using the information provided by the FBI and works with the NSCLB attorney and FBI case agent to obtain additional information, frequently resulting in a "back and forth" between OI and the FBI. According to NSD, as part of this back and forth process, OI will ask whether the FBI is aware of any "exculpatory" information that relates to the target of the application, as well as any derogatory information that relates to sources relied upon in the application. An OI supervisor, usually the relevant Unit Chief or Deputy Unit Chief, then reviews the draft read copy. Neither the FISA statute nor FISC procedures dictate who in the Department must approve the read copy before it is submitted to the FISC. In most instances, once the FBI case agent affirms the accuracy of the information in the read copy, the OI supervisor conducts the final review and approval before a read copy is submitted with the FISC. However, in some cases, multiple OI supervisors, or even senior NSD leadership, may review the read copy, particularly if it presents a novel or complicated issue or otherwise has been flagged by the OI supervisor for further review.

      Not all FISA requests from the FBI culminate in the filing of an application with the FISC. Sometimes the back and forth process between the OI attorney and the case agent does not result in sufficient factual information for a showing of probable cause or sometimes investigative objectives and needs change during the drafting process, obviating the FBI's desire for FISA authority on a particular target.

      After a read copy is filed, OI may receive feedback from the court through the FISC legal advisor. The OI attorney will then work with the case agent to address any issues raised by the legal advisor, such as by providing additional information to the FISC legal advisor and making any requested revisions before preparing the final application. Occasionally, the feedback from the court leads the FBI, in consultation with OI, to decide not to submit a final application, or to limit the authorities sought in the final application. At the same time the read copy is filed with the FISC, OI sends the completed FISA application (referred to as the "FISA Certification Copy" or "cert copy") and a one-page cover memorandum ( cert memo) signed by the OI supervisor to the case agent for final review within the FBI. This process in OI is sometimes referred to as "signing out" a FISA.

      After receiving the cert copy and cert memo, an FBI agent, not necessarily the case agent, is assigned to complete an accuracy review of the application. After any additional edits necessitated by the accuracy review are made, the agent and an SSA sign the FISA Verification Form, also known as the Woods Procedures or "Woods Form," and send the application package to the FBI Headquarters substantive division Program Manager who, according to the FISA SMP PG, must Review the FISA application and coordinate the FISA accuracy and approval process that takes place at FBI Headquarters.

      The Headquarters Program Manager is responsible for ensuring that the supervisory personnel in the field office have completed and documented their reviews of the application; determining whether another field office should also review the application for factual accuracy; verifying and providing documentation for any factual assertions identified by the field office as requiring Headquarters verification; and notifying OI and NSCLB of any factual assertions in the application that could not be verified so that the necessary action is taken to remove the unverified information from the declaration. If all factual assertions have been verified and documented, the Headquarters Program Manager will sign the affidavit in the application declaring under penalty of perjury that the information in the application is true and correct. The Program Manager then submits the application package to NSCLB for final legal review and approval by an NSCLB line attorney and Senior Executive Service-level supervisor. Ultimately, if the NSCLB line attorney and a Senior Executive Service-level supervisor approve the FISA cert copy, they both sign the cert memo, and the complete application package is then taken to the FBI Director's Office for review and approval. If the FBI Director signs the cert copy, the paper copy of the signed application is delivered to OI. OI then provides the signed application package to the final signatory who, as discussed above, is usually the NSD AAG but can sometimes be the DAG or Attorney General.

      In addition to receiving the final application and cert memo, the NSD AAG (or DAG or Attorney General) typically receives an oral briefing from senior OI managers. The NSD AAG receives the application for the first time during or shortly before the oral briefing, unless the application was submitted for his or her review beforehand, which is not typical. During the oral briefing, senior OI managers present all the FISA applications awaiting final Department approval. Once the FISA application is approved and signed by the NSD AAG, OI will submit it to the FISC for its final consideration.[5]

      FISA Title I, Title III, and Title VII Sections 703 and 704, All require individual court orders based on probable cause.[6]

      Bulk BR: Applications under Title V of FISA for bulk collection of phone call metadata records are normally handled by the weekly duty judge using a process that is similar to the one described above, albeit more exacting. The government typically submits a proposed application of this type more than one week in advance. The attorney who reviews the application spends a greater amount of time reviewing and preparing a written analysis of such an application, in part because the Court has always required detailed information about the government's implementation of this authority. The judge likewise typically spends a greater amount of time than he or she normally spends on an individual application, carefully considering the extensive information provided by the government and determining whether to seek more information or hold a hearing before ruling on the application.[7]

      702: The government's submission of a Section 702 application typically includes a cover filing that highlights any special issues and identifies any changes that have been made relative to the prior application. The government has typically filed proposed (read copy) Section 702 applications approximately one month before filing a final application. Proposed Section 702 applications are reviewed by multiple members of the Court's legal staff. At the direction of the Presiding Judge or a judge who has been assigned to handle the Section 702 application, the Court's legal staff may request a meeting with the government to discuss a proposed application. Also at the direction of the Presiding Judge or a judge who has been assigned to handle the Section 702 application, the Court legal staff may request additional information from the government or convey a judge's concerns about the legal sufficiency of a proposed Section 702 application. Following these interactions, the government files a final Section 702 application, which the government may have elected to amend based on any concerns raised by the judge.[8]

      Non-bulk BR: The process begins when an FBI case agent in a field office determines that in a counterterrorism or counterintelligence investigation there is a need for business records or other items for which the appropriate investigative authority is Section 215. First, the agent must prepare a business records request form that requires the agent to provide, among other thing, the following information: a brief summary of the investigation, a specific description of the items requested, an explanation of the manner in which the requested items are expected to provide foreign intelligence information, and the identity of the custodian or owner of the requested items. The request is reviewed and approved by the Squad's Supervisory Special Agent, the Chief Division Counsel, and the Special Agent in Charge at the FBI field office. The request is then sent to FBI Headquarters for further review and processing. The field office request is forwarded to FBI headquarters to both the "substantive desk" (in the Counterterrorism Division or Counterintelligence Division) and the Office of General Counsel's National Security Law Branch (NSLB). Both review the request and determine whether it merits further processing. The field agent may be contacted for additional information or clarification. If a request is rejected, no additional work is done by the substantive desk or NSLB. If the request is approved, an NSLB attorney drafts the application package that will be forwarded to OI. The application includes a specific description of the items requested, a description of the underlying investigation, a description of how the FBI expects the requested items to further the investigation, and the custodian of records. The NSLB attorney also drafts the order for the FISC Judge's signature, which specifies the items to be produced and the time period within which items must be produced.

      The NSLB attorney works with the case agent and other FBI personnel to obtain the information the NSLB attorney believes is necessary to include in the application. The draft application package is reviewed by NSLB supervisors and forwarded to OI after any additional revisions are made as a result of the NSLB's supervisor's review. The NSLB attorney forwards the draft application package to OI, and the request is assigned an OI attorney. The OI attorney works with the NSLB attorney, case agents, and occasionally FBI intelligence analysts to finalize the draft application package. The OI attorney may ask for additional information about the items requested or about the underlying investigation and may include additional information in the application. The draft application package is then reviewed by an OI supervisor, called an Associate Counsel, who may also have concerns or questions that must be resolved. Upon completion of the final version, the signatures of designated senior FBI personnel are obtained and the package is prepared for presentation to the FISC by an OI attorney.

      OI schedules the case on the FISC's docket for a hearing and provides the FISC with a copy of the application and order, which is called a "read" copy. The FISC, through a FISC legal advisor, may contact OI prior to the hearing with additional questions or for clarification after reviewing the read copy of the application and order. OI and the FBI then address any of the Court's questions or concerns and make any necessary revisions to the application and order prior to the hearing. The application package is then formally presented to the FISC for its review and approval at the scheduled hearing. At the hearing, the judge may request additional information from the government. In addition, the judge ay make handwritten changes to the order, such as length for time the recipient to produce the items, and, if so, will sign the order with the handwritten modifications.[9]

      Some might be tempted to argue, "Well, news orgs said in 2020 that the IG said a concerning number of FISA applications contained errors or missing records in the Woods files, therefore the process is invalid!" The reality is more complicated than that. The IG acknowledged a serious limitation in its review, "our review did not seek to determine whether support existed elsewhere for the factual assertion in the FISA application (such as in the case file."[10]

      A follow-up review, by OI and field offices examined the "elsewhere", in total: OI identified two material errors among hundreds of pages of statements of facts in the 29 FISA applications audited by the OIG and reviewed by the CDCs, and these two material errors did not invalidate the authorizations granted by the Court in the applicable dockets. In addition, of the 29 applications reviewed, OI identified a total of 201 non-material errors or unsupported facts, none of which rendered invalid the Court's authorizations in the applicable dockets.[11]

    • The rubber-stamp myth

      The above application process helps explain why the Court approves so many applications: By the time they get to the Judge, it has spent several weeks or months in process—in and out of factual and legal scrutiny. However, that's not all: The FISC has on many occasions demonstrated its willingness to terminate programs it authorises if significant non-compliance incidents are not adequately remedied; or, barring individuals from signing documents, even if they're mere mistakes. In September 2000, the government came forward to confess error in some 75 FISA applications related to major terrorist attacks directed against the United States.[12] One FBI agent was barred from appearing before the Court as a FISA affiant. This action before OPR had finished its investigation into the matter. OPR’s report, which was issued on May 15, 2003, concluded that “none of the errors in the [Terrorist Organization No. 1] and [Terrorist Organization No. 2] related FISA applications were the result of professional misconduct or poor judgment by the attorneys or agents who prepared or reviewed them.”[13] This incident led to the creation of the Woods procedures.

      Declassified materials supports the conclusion that the FISC exercises thorough review of surveillance applications. Examples FISC cases to illustrate various ways in which the FISC has scrutinized proposed surveillance: (1) the FISC uses its review powers to require successive rounds of briefing, questioning, and hearings; (2) the FISC gains the technical knowledge necessary to understand the implications of proposed surveillance; (3) the FISC focuses on government compliance when determining whether it should permit surveillance; (4) the FISC modified a significant number of recent surveillance applications; and (5) the FISC has proactively required the government to justify surveillance techniques the FISC anticipates arising in future cases. Examples to demonstrate this indisputable fact will be listed in the FISC oversight section.

  • Gaps 9/11 revealed

    Prior to the attacks of 9/11, the NSA intercepted and transcribed seven calls from hijacker Khalid al-Mihdhar to a facility associated with an al Qa’ida safehouse in Yemen. However, NSA’s access point overseas did not provide the technical data indicating the location from where al-Mihdhar was calling. Lacking the originating phone number, NSA analysts concluded that al-Mihdhar was overseas. In fact, al-Mihdhar was calling from San Diego, California.[1]

  • Immediate Solution, 6 Oct 2001

    • Stellarwind

      Counsel to the Vice President drafted the 4 October 2001 Authorization that established the President's Surveillance Program (PSP), under which NSA could routinely collect on a wire, for counterterrorism purposes, foreign communications originating or terminating in the United States. Under the PSP, NSA did not target communications with both ends in the United States, although some of these communications were incidentally collected.[1] This activity was approved under Presidential authorization, every 30 days,[2] so long as their was a continuing threat posed by AQ and associated groups.[3] [4] The authorizations changed over time, first eliminating the possibility that the Authority could be interpreted to permit collection of communications with both ends in the United States and adding an additional qualification that metadata could be collected for communications related to international terrorism or activities in preparation for international terrorism.[5]

      NSA PSP operations began on 6 October 2001 and ended on 17 January 2007 and involved the collection, analysis, and reporting of two types of information: metadata and content. NSA assumed that the PSP was temporary and did not immediately formalize processes and procedures for operations, which were quickly set up to provide SIGINT on terrorist targets. As the Authorization continued to be renewed, NSA implemented special procedures to ensure that selectors used for metadata analysis and domestic selectors tasked for content collection were linked to al-Qa'ida, its associates, or international terrorism and that related decisions were documented. NSA did not target communications with both ends in the United States under PSP authority, although some of these communications were incidentally collected, the OIG found no intentional violations of the authorization.[6]

      In addition, as PSP operations stabilized and the Authorization continued to be renewed, NSA management designed processes and procedures to implement the Program effectively while ensuring compliance with the Authorization and protecting U.S. person information. By April 2004, formal procedures were in place, many of which were more stringent than those used for non-PSP SIGINT operations. One analyst commented that the PSP "had more documentation than anything else she had ever been involved with."[7] A CT Product Line employee stated: "... nowhere else did NSA have to report on selectors and how many selectors were rolled off [detasked] and why."[8]

      The value of the PSP was that SIGINT coverage provided confidence that someone was looking at the seam between the foreign and domestic intelligence domains to detect and prevent attacks in the United States.[9] There were 3 "baskets" of activity conducted under PSP: [10]

      • Basket 1 Non-bulk content collection: The first Presidentially-authorized activity after the 9/11 attacks was the collection of the content of certain international communications (telephone and internet) reasonably believed to involve a member of a terrorist organization. From the outset this activity was limited by NSA to "one-end international" communications—that is, to or from the United States. This content collection activity was directed at groups engaged in international terrorism and, starting March 2004, was limited to international communications reasonably believed to involve an individual associated specifically with al Qaeda or its affiliated organizations. When publicly acknowledged in December 2005, this content collection activity was referred to as the "Terrorist Surveillance Program." The TSP authorization ended in February 2007 and was initially replaced by orders of the FISC, which were later supplanted by Congressional amendments to FISA that authorized the NSA to collect certain communications of non-US persons located overseas.

      • Basket 2 Telephony metadata: The second activity undertaken by the NSA after the 9/11 attacks pursuant to the same Presidential authorization, entailed the bulk collection of telephony "metadata"—which is information derived from call detail records that is limited to, the date, time and duration of the telephone calls, as well as the phone numbers used to place and receive the calls. This activity was transitioned to an order of the FISC starting in May 2006.

      • Basket 3 Internet metadata: The third activity undertaken by the NSA after the 9/11 attacks, again pursuant to the same presidential authorization, was the bulk collection of internet metadata, which is: Header/router/addressing information, such as the "to," "from," "cc," and "bcc" lines on an email, as opposed to the content or subject lines of a standard email. As well as the size of the email and time it was sent. President Bush removed this activity from authorization due to internal concerns, on the 26 March, 2004. This activity was brought back by an order of the FISC starting in July 2004 after further modifications and added safeguards, until December 2011, when the NSA decided not to seek reauthorization of this activity.

      To conduct contact chaining under the PSP, the Authorization required that NSA meet one of the following conditions: 1) at least one party to the communication had to be outside the United States, 2) no party to the communication could be known to be a U.S. citizen, or 3) based on the factual and practical considerations of everyday life on which reasonable and prudent persons act, there were specific and articulable facts giving reason to believe that the communication relates to international terrorism or activities in preparation therefor. The Associate General Counsel for Operations said that OGC's guidance was more stringent than the Authorization in that the OGC always required that the third condition be met before contact chaining began. Analysts were required to establish a link with designated groups related to international terrorism, al-Qa'ida, or al-Qa'ida affiliates.[11]

      In March, 2004, Rockefeller was "concerned about privacy safeguards" and was advised of "the 39 steps followed [by the NSA] to make sure privacy concerns were addressed."[12]

      • Oversight

      Stellarwind was overseen with regular briefs and site visits by IOB, members of Congress, NSA's IG.[13] [14]

  • Patriot Act, 26 Oct 2001

    Patriot Act was first amended on December 28, 2001.[1] All relevant provisions of the Patriot Act explicitly state: "not be conducted of a United States person solely upon the basis of activities protected by the first amendment to the Constitution of the United States."

    • Section 213

      Section 213. Allows courts, in certain narrow circumstances, to give delayed notice that a search warrant has been executed. Section 213 of USA PATRIOT Act simply codified the authority law enforcement already had for decades. Because of differences between jurisdictions, the law was a mix of inconsistent standards that varied widely across the country. This lack of uniformity hindered complex terrorism cases. Section 213 resolved the problem by establishing a uniform statutory standard. Section 213 is a vital aspect of our strategy of prevention – detecting and incapacitating terrorists before they are able to strike. The Supreme Court has held the Fourth Amendment does not require law enforcement to give immediate notice of the execution of a search warrant. The Supreme Court emphasized “that covert entries are constitutional in some circumstances, at least if they are made pursuant to a warrant.” In fact, the Court stated that an argument to the contrary was “frivolous.” Dalia v. U.S., 441 U.S. 238 (1979). In yet another case, the Court said, “officers need not announce their purpose before conducting an otherwise [duly] authorized search if such an announcement would provoke the escape of the suspect or the destruction of critical evidence.” Katz v. U.S., 389 U.S. 347 (1967). In all cases, section 213 requires law enforcement to give notice that property has been searched or seized. It simply allows agents to temporarily delay when the required notification is given. This authority can be used only upon the issuance of a court order, in extremely narrow circumstances. Courts can delay notice only when immediate notification may result in death or physical harm to an individual, flight from prosecution, evidence tampering, or witness intimidation. Under section 213, courts can delay notice if there is “reasonable cause” to believe that immediate notification may have a specified adverse result. The “reasonable cause” standard is consistent with pre-PATRIOT Act caselaw for delayed notice of warrants. See, e.g., United States v. Villegas, 899 F.2d 1324, 1337 (2d Cir. 1990)(government must show “good reason” for delayed notice of warrants).[2]

    • Section 214

      Allows the United States to obtain a FISA pen register order by certifying that the resulting information would be relevant to an investigation to protect against international terrorism or clandestine intelligence activities. Section 214 streamlined the process for obtaining pen registers under FISA. It preserved the existing court-order requirement. Now, as before, law enforcement cannot install a pen register unless it applies for and receives permission from the FISA court. Section 214 goes further to protect privacy than the Constitution requires. The Supreme Court has long held that law enforcement is not constitutionally required to obtain court approval before installing a pen register. Under long-settled Supreme Court precedent, the use of pen registers does not constitute a “search” within the meaning of the Fourth Amendment. As such, the Constitution does not require that law enforcement obtain court approval before installing a pen register. This is so because “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties,” and “when he used his phone, petitioner voluntarily conveyed numerical information to the telephone company.” Smith v. Maryland, 442 U.S. 735, 744 (1979). Section 214 explicitly safeguards First Amendment rights. It requires that any “investigation of a United States person is not conducted solely upon the basis of activities protected by the First Amendment to the Constitution.”[3]

    • Non-Bulk Section 215

      The government's first 215 order was not filed until May 2004, more than two years after the Patriot Act was enacted.[4] Section 215 contains a number of safeguards that protect civil liberties, beginning with its narrow scope. It can only be used to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities. It cannot be used to investigate ordinary crimes, or even domestic terrorism. Section 215 actually is more protective of privacy than the authorities for ordinary grand jury subpoenas. A court must explicitly authorize the use of section 215 to obtain business records. By contrast, a grand jury subpoena is typically issued without any prior judicial review. Section 215 expressly states that a U.S. person cannot be investigated solely on the basis of activities protected by the First Amendment to the Constitution of the United States. Section 215 provides for congressional oversight. Every six months, the Attorney General must “fully inform” Congress on how it has been implemented.[5] [6]

      • Legal overview

        Prior to the passage of the USA PATRIOT Act, it was difficult for the government to obtain court orders for access to business records and other tangible items in connection with national security investigations. Such records, for example, could be sought from only common carriers, public accommodation providers, physical storage facility operators, and vehicle rental agencies. See 50 U.S.C. §§ 1861-1863 (2000 ed.). In addition, intelligence investigators had to meet a much higher evidentiary standard to obtain an order requiring the production of such records than prosecutors had to meet to obtain a grand jury subpoena to require the production of those same records in a criminal investigation. As a result, section 215 of the USA PATRIOT Act made several important changes to the FISA business records authority so that intelligence agents are better able to obtain crucial information in important national security investigations. For example, just as there is no artificial limit to the range of items or types of entities that criminal prosecutors may subpoena, section 215 now allows the FISA Court to issue orders requiring the production of any business record or tangible item, and there is no limitation on the types of entities from which items may be sought. Similarly, just as prosecutors in a criminal case may subpoena any item so long as it is relevant to their investigation, so too may the FISA Court issue an order requiring the production of records or items that are relevant to investigations to protect against international terrorism or clandestine intelligence activities. Section 215 may be the most widely-criticized provision of the Act. Much of this criticism, however, has resulted from inaccurate characterizations of what is contained in the provision. Critics, for example, have complained that section 215 does not require the government to make any evidentiary showing in order to obtain a court order requiring the production of records. So long as the government certifies that the records are being sought for an international terrorism or espionage investigation, critics contend that the FISA Court has no choice but to issue the requested order.

        This portrayal of section 215, however, is categorically false. Pursuant to section 215, a judge “shall” issue an order “approving the release of records if the judge finds that the application meets the requirements of this section.” 50 U.S.C. § 1861(c)(1) (emphasis added). As a result, before issuing an order requiring the production of any records under section 215, a federal judge must find that the requested records are sought for (and thus relevant to) “an authorized investigation . . . to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities.” 50 U.S.C. § 1861(b)(2).

        Section 215’s opponents also claim that the provision is open to abuse and fishing expeditions because court orders under section 215 are subject to less oversight and a lower burden of proof than are grand jury subpoenas in criminal investigations. Once again, however, this criticism is completely inaccurate. Section 215 orders, in fact, are subject to greater judicial oversight than are grand jury subpoenas, which prosecutors regularly use to obtain business records in criminal investigations. A court must explicitly authorize the use of section 215 to obtain business records. A grand jury subpoena for such records, by contrast, is typically issued without any prior involvement by a judge. Section 215 orders are similarly subject to greater congressional oversight than are grand jury subpoenas. Every six months, the Attorney General must “fully inform” the House and Senate Intelligence Committees “concerning all requests for the production of tangible things” under section 215. 50 U.S.C. § 1862(a). There is no similar mechanism, however, for congressional oversight of grand jury subpoenas. Section 215 orders are also subject to the same burden of proof as are grand jury subpoenas -- a relevance standard. Just as grand jury subpoenas may be issued to obtain records that are relevant to a criminal investigation, a court may issue orders requiring the production of records under section 215 that are relevant to an authorized international terrorism or espionage investigation. Some critics have complained that section 215 does not contain a “relevance” standard because the word “relevance” is not specifically mentioned in the provision itself. Section 215, however, states that the FISA Court may only enter an order requiring the production of records if such records are “sought for an authorized investigation conducted in accordance with [50 U.S.C. § 1861(a)(2)] to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities.” 50 U.S.C. § 1862(a). This is the equivalent of a relevance standard because if records are irrelevant to an investigation, then they are not being “sought for” that investigation.[7]

        March 15, 2020, the USA PATRIOT Act version of Title V expired. For investigations initiated on or after March 15, 2020, or that are not investigating offenses that began or occurred before March 15, 2020, the USA PATRIOT Act version of Title V is no longer available, meaning that the pre-USA PATRIOT Act version applies. For such investigations, instead of being able to apply for an order to obtain “any tangible thing,” the government may only seek to obtain records from (1) common carriers (e.g., an airline or a bus company, not a telecommunications company), (2) public accommodation facilities (e.g., hotels), (3) physical storage facilities, and (4) vehicle rental facilities. Instead of relevance to the investigation, the government must also provide specific and articulable facts giving reason to believe that the person to whom the records pertain is either a foreign power or an agent of a foreign power.[8]

      • Use, oversight and compliance

        Between 2002, and 2005, only 21 applications were submitted—all were approved.[9] However, 31 applications were withdrawn.[10] Some applications were never submitted to OIPR, due to hesitancy, despite clear legal and factual grounds: On November 25, 2003, a field office submitted to NSLB a Section 215 request for [redacted], however, an NSLB supervisor would not permit the request to go forward because of the political controversy surrounding Section 215 requests for information from libraries. The NSLB attorney who reviewed the request told the OIG that she attempted to get approval for the request but that her supervisor denied it because it involved a library. [11] The average approval time for 215 applications was above 200-300 days.[12] A provision of the USA PATRIOT Improvement & Reauthorization Act of 2005, required the Department of Justice Inspector General (IG) to audit the FBI's use of National Security Letters (NSLs) and Section 215 order for Business Records. The first Section 215 audit covers Calendar Years 2002 to 2005. The first NSL audit covers Calendar Years 2003 to 2005. The second reports respectively cover Calendar Year 2006. All 4 reports find 0 illegal use of these authorities. The two 215 audit reports found 4 instances of "improper" use, however, these reports explain these non-compliance cases as innocent errors that were promptly resolved. They also discussed "noteworthy matters" (neither improper or illegal). In the first report, "We found: Two instances of improper use of Section 215 authority, both of which involved combination 215 orders and arose out of the pen register/trap and trace authority contained in the orders. We did not identify any instances involving improper or illegal use in connection with pure Section 215 orders or authority." In the second report, "In this review, we did not identify any illegal use of Section 215 authority. However, we identified two instances where the provider produced records that were in response to, but were outside the scope of, a FISA Court order." Two additional IG reports between 2007 to 2009 and, 2012 to 2014, studied 215 orders, they did not independent describe non-compliance, just reiterated Department reporting to FISC. No intentional violations were described. Further, on a semiannual basis, the Attorney General shall fully inform the Permanent Select Committee on Intelligence of the House of Representatives and the Select Committee on Intelligence of the Senate concerning all requests for the production of tangible things under section 1861 of this title.[13]

        First 215 audit: (2002 to 2005)

        The first "improper use", during our review of FBI case files at one of the field offices we visited, we learned that the field office had obtained an order for a pen register/trap and trace device on a telephone number that was no longer used by the subject. This resulted in FBI receiving unauthorised information, between March 2005 and October 2005.

        According to FBI documents, In January 2005, the case agent obtained subscriber information for the telephone number in question through a National Security Letter. The response to the NSL stated that while the telephone number had previously belonged to the target, it no longer did. Despite this reporting, on February 2005, an application for a FISA PR/TT order for this telephone number that was no longer belonged to the target was submitted to OIPR. The order was scheduled to expire in spring 2005, and before it expired the FBI obtained a full-content FISA order for the same telephone number and two others. In September 2005, the case agent (who initiated the request) transferred to another squad and a new case agent was assigned to the case. In early October 2005, the new case agent was advised by a translator, who had been assigned to the case for only two days, that the language being spoken on the telephone calls was not the language the FBI believed it to be. The new case agent became concerned and requested the FISA coverage be terminated immediately. In addition, on the same day, he notified his squad supervisor and an attorney from OIPR about the possible over collection of information. Upon further investigation, including a review of the response to the NSL about the subscriber information, the new case agent learned on October 11, 2005, that the telephone number did not belong to the target. The FBI field office notified the Counterterrorism Division at FBI Headquarters of the possible ever collection of information in an EC dated November 29, 2005. While reviewing the case file for another reason in March 2006, the new case agent saw for the first time the EC from another field office dated February 2005, stating that the telephone number no longer belonged to the target. The new case agent discussed the matter with his supervisors and prepared an EC to report a possible IOB violation. This EC was sent to FBI Headquarters on April 3, 2006. On June 29, 2006, NSLB reported the matter to the IOB. In its explanation to the IOB about the incident, the FBI reported, "It appears that [the case agent] overlooked the text in the NSL and EC. Information about the reason for the violation was reported. On July 7, 2006, the FBI informed OIPR of the IOB matter. On July 23, 2006, OIPR reported the matter to the FISC.[14]

        Second "improper" use, The OIG became aware of the second instance of improper use during our review of the Section 215 combination applications that were provided to the OIG by OIPR. We learned that the FBI inadvertently collected certain telephone numbers pursuant to a PR/TT order because the telephone company did not advise the FBI that the target had discontinued using the telephone line until [redacted] weeks after the fact, at which time, the FBI discontinued collecting information. On March 9, 2006, the FBI field office reported to FBI Headquarters and NSLB that a possible IOB violation had occurred and around this time provided to OIPR a compact disc containing the over-collected data. On April 7, 2006, OIPR notified the FISC of the over collection and had provided the FISC the disk containing the data that had been deleted from FBI databases. On July 17, 2006, NSLB reported the violation to the IOB.[15]

        Second 215 audit: (2006)

        While it "did not identify any illegal use of Section 215 authority", it did identify, "two instances where the provider produced records that were in response to, but were outside the scope of, a FISA Court order." Case 1, a company provided data that was outside the scope of the FISA request and Court order, it made the mistake by providing information pursuant to a previous order on the target subject. Two months until it was noticed, and reported on as an IOB violation. Case 2, In response to a pure Section 215 order processed in 2006 and signed by the FISA. Court in 2007. the FBI received information beyond the time period authorized by the order, an additional 2 months. At the time of the report, the Government was still determining if this information was voluntarily provided or not.[16]

  • National Security Letters (NSLs)

    • Legal overview

      NSLs have been used for decades under 4 statutes: Electronic Communications Privacy Act (18 U.S.C. § 2709); the National Security Act (50 U.S.C. § 3162), the Right to Financial Privacy Act (12 U.S.C. § 3414), and the Fair Credit Reporting Act (15 U.S.C. §§ 1681u.

      The September 11 attacks prompted a reevaluation of the law enforcement and intelligence tools that were available to detect and prevent terrorist attacks. Among the topics Congress and the Department of Justice considered was the use of national security letters. The Department reported in Congressional testimony that "in many cases, counterintelligence and counterterrorism investigations suffer substantial delays while waiting for NSLs to be prepared, returned from Headquarters, and served. Section 505 of the Patriot Act broadened the FBI's authority by:

      • Eliminating the requirement that the information sought in an NSL must pertain to a foreign power or an agent of a foreign power and substituting the lower threshold that the information requested be relevant to or sought for an investigation to protect against international terrorism or espionage, provided that the investigation of a United States person is not conducted "solely on the basis of activities protected by the first amendment of the Constitution of the United States";

      • Permitting, as a consequence of this lower threshold, national security letters to request information from communication providers, financial institutions, and consumer credit agencies about persons other than the subjects of FBI national security investigations so long as the requested information is relevant to an authorized investigation; and Permitting Special Agents in Charge of the FBI's 56 field offices to sign national security letters, thus significantly expanding approval authority beyond senior FBI Headquarters officials.[1]

      The Patriot Act did not alter existing provisions in the statutes barring recipients of national security letters from disclosing their receipt of the letters and from disclosing the records provided. These so-called "gag order" provisions prohibited NSL recipients from challenging NSLs in court. Similarly, NSL authorities prior to the Patriot Act did not provide an express mechanism by which the FBI could enforce an NSL in court if a recipient refused to comply. The Patriot Act also did not include any express enforcement mechanism.[2]

      The Patriot Reauthorization Act modified the non-disclosure requirements regarding national security letters. An NSL recipient may now disclose the NSL in connection with seeking legal advice or complying with the NSL.[3] In addition, the Patriot Reauthorization Act permits the NSL recipient to challenge compliance with the NSL and the non-disclosure requirement in federal court. In addition, the government may seek judicial enforcement of NSLs in the event of non-compliance.[4]

      The vast majority of the NSLs and approval ECs examined in random samples substantially complied with the Patriot Reauthortzation Act certification requirement and FBI policy related to non-disclosure and confidentiality requirements, OIG believes this compliance record was largely due to the prompt guidance the FBI OGC issued on the date the Act was signed, the availability of new NSL forms on its intranet website and periodic guidance FBI OGC attorneys provided to the field as questions arose.[5]

    • Use, oversight and compliance

      First NSL audit: (2003 to 2005)

      Found 0 illegal activities under this authority. However, found 26 possible IOB violations. Additionally, it found 12 of the 22 possible IOB violations identified by the OIG were due to FBI errors, and 10 were due to errors on the part of third party recipients of the NSLs. It concludes, "Our review did not reveal intentional violations of national security letter authorities, the Attorney General Guidelines, or internal FBI policy. Rather, we found confusion about the authorities available under the various NSL statutes... Our review also found that the FBI did not issue comprehensive guidance describing the types of NSL-related infractions that needed to be reported to FBI-OGC as possible IOB violations. We noted frequent exchanges between Division Counsel and NSLB attorneys about what should and should not be reported as possible IOB violations which we believe showed significant confusion about the reporting requirements. However, the FBI did not issue comprehensive guidance about NSL-related infractions until November 2006, more than 5 years after the Patriot Act was enacted. We believe the lack of guidance contributed to the high rate of unreported possible IOB violations involving national security letters that we found.[6]

      Second NSL audit: (2006)

      Found, "examination of the 34 possible NSL-related intelligence violations reported by the FBI to the IOB in 2006 did not evidence deliberate or intentional violations of NSL statutes, Attorney General Guidelines, or internal FBI policy. Although the majority of the possible intelligence violations—20 of 34, or 59 percent—arose from FBI errors, most were a consequence of errors in the telephone number listed in the NSL." And, "In our examination of FBI OGC decisions that resulted in determinations not to report possible violations to the IOB, we agreed with the FBI OGC's reasoning for not reporting 44 of the 50 matters. Among the six other matters, we identified four FBI OGC decisions in which the rationale for not reporting the possible intelligence violations to the IOB was inconsistent with prior FBI OGC decisions and two FBI OGC decisions that were unpersuasive. Three of these possible intelligence violations were attributable to FBI error, two resulted from third party errors, and one involved both a third party error and an FBI error."[7]

      Third NSL audit: (2007 to 2009)

      The third audit showed improvements to FBI handling of NSLs, through its updated NSL subsystem. The report finds there was an increase in potential violations—as caused by the "heightened attention and obligation to report potential violations." The report finds, "Of the 112 NSL-related potential intelligence violations reported to the IOB, 21 involved a substantive typographical mistake in an NSL causing the FBI to request and in some cases receive information not relevant to an authorized investigation. Another 79 potential IOB violations involved unauthorized collections caused by initial third party errors. In each instance, the NSL return data constituted an overcollection that included information the provider was prohibited by statute to disclose to the FBI. Sixty-six of these 79 unauthorized collections occurred in one matter after the case agent failed to recognize that a third party provider produced telephone toll billing records for a telephone number not requested in the NSL and not relevant to the investigation. Compounding the initial third party error, the case agent uploaded the records into an FBI database and issued 5 new NSLs, each requesting telephone subscriber information for 13 telephone numbers appearing in the records mistakenly produced by the provider." The 8 remaining potential violations happened in 3 matters:

      1. An FBI field division served an NSL request pursuant to the ECPA after the originating field division closed the authorized investigation.

      2. An FBI field division issued five NSL letters pursuant to the ECPA from a preliminary investigation that lacked predication. Before issuing the NSLs, the field division opened a preliminary investigation that was initially classified as a computer intrusion investigation and later reclassified as a "technical support to terrorism investigation." According to the FBI OGC's written adjudication of this potential IOB matter, FBI policy required that an investigation classified as "technical support to terrorism investigation" must have as its predicate a concurrent counterterrorism investigation. At the time the field division issued the five NSLs, however, a predicate counterterrorism investigation had not been opened. The FBI OGC determined that the matter should be reported to the IOB because issuing the NSLs from an unpredicated investigation violated the ECPA and Attorney General Guidelines.

      3. An FBI field division analyst altered the date range specified in an NSL for financial records before serving the NSL by crossing out the beginning date of January 1, 2006, and substituting a new date of September 17, 2004. The analyst did not obtain approval from the SAC of the originating field division for the changed request. In response to the altered NSL, the FBI received records that were outside the date range requested by the originating division and not relevant to the investigation. According to its adjudication memorandum, the FBI OGC determined the matter should be reported to the IOB because an FBI error resulted in the overcollection of information not relevant to the investigation. Based upon the information provided in the reporting EC and in the written adjudication, we concluded that the facts in this matter gave rise to two separate violations: issuing an NSL request without the approval of an SAC and requesting information not relevant to an authorized investigation.

      The OIG concludes, "Our examination of the 112 NSL-related potential IOB violations reported to the IOB did not reveal deliberate violations of NSL statutes, Attorney General Guidelines, or internal FBI policy. Although 33 of these violations resulted from initial FBI errors, we found that most of the errors were typographical mistakes in the telephone number, e-mail address, or name identified in the NSL"[8]

  • Exigent Letters (2002-2006)

    • Origins

      The analysis of telephone records associated with the September 11 hijackers and their associates became the primary responsibility of a newly created squad in the FBI's New York Field Division known as Domestic Terrorism 6, or DT-6. DT-6 developed close working relationships with several communications service providers due to the heavy volume of FBI requests for telephone records. In early 2002, the New York Field Division, with the approval of FBI Headquarters, entered into a contract with Company A that provided for a Company A fraud detection analyst to be co-located with DT-6 to respond to the FBI's increased need for telephone records. To provide this support, the Company A analyst accessed Company A's telephone records databases from a computer work station installed for his use at the New York Field Division. The Company A analyst was able to respond immediately to FBI telephone records requests and also was available to respond to requests after normal business hours. According to an FBI Supervisory Special Agent (SSA) who worked in the New York Field Division, this arrangement proved to be highly beneficial to the FBI's ability to investigate terrorist threats and was soon used to support a wide variety of FBI counterterrorism investigations. At first, the FBI obtained records from the on-site Company A analyst solely through grand jury subpoenas issued in the PENTTBOM investigation. An SSA assigned to the DT-6 squad said this process was also facilitated by the co-location of several Assistant United States Attorneys (AUSA) at the FBI's New York Field Division's offices. As a result, FBI agents were able to quickly obtain grand jury subpoenas from the co-located AUSAs to serve on the Company A analyst prior to obtaining responsive records. Eventually ASUAs left the Office.[1] The on-site Company A analyst told us that he therefore began to provide records in response to a letter from the FBI—called an "exigent letter''- which stated that exigent circumstances had prompted the request and that subpoenas requesting this information have been submitted to the U.S. Attorney's Office who will process and serve them formally to Company A as expeditiously as possible. According to the SSA who signed the first of these exigent letters in November 2002, the exigent letters were issued as "placeholders" to enable the FBI to secure the records promptly. However, the letters still committed the FBI to serve grand jury subpoenas on Company A after the records were provided, which the FBI did. The FBI NY Field Division issued 37 exigent letters between November 2002 and April 2003. In 2002, the FBI reassigned several SSAs who had been working in the New York Field Division to temporary duty assignments at FBI Headquarters to help set up the CAU as a new unit in the FBI Headquarters' Counterterrorism Division (CTD). In 2003, one of the Company A analysts who had worked at the FBI's New York Field Division's offices was also reassigned to work in the CAU. The overlap in Company A personnel who worked in the New York Field Division and later at FBI Headquarters contributed to the migration of the exigent letter practice to FBI Headquarters in 2003.[2] We determined that a CAU SSA issued the CAU's first exigent letter to the Company A analyst, then still located at the New York Field Division, on March 14, 2003. When the three communications service providers' employees were located in the CAU, CAU personnel issued similar exigent letters to these individuals. These exigent letters issued by CAU personnel were for the most part identical to the exigent letters issued by the New York Field Division in its criminal investigations after the September 11 attacks. we determined that from March 14, 2003, through November 13, 2006, CAU personnel issued a total of 722 exigent letters to the 3 on-site communications service providers.[3]

    • Cause of the problem

      Nearly all of the 15 SSAs we interviewed who worked in the CAU told us that when they arrived at the CAU they had little or no experience in national security investigations. In addition, all but 2 of the 29 FBI employees we interviewed who were assigned to work in the CAU said they had limited or no prior experience working with NSLs. None of the SSAs we interviewed said that the FBI provided them training on the legal and internal FBI requirements for issuing NSLs until after the OIG's first NSL report was issued in March 2007.[4] To some degree, the collegial relationship between the providers' employees and CAU personnel fostered a productive working relationship. If the FBI had properly trained its personnel on the lawful methods for obtaining telephone records from the on-site providers and if the interactions between CAU personnel and the providers' employees were properly supervised, our observations about the team identity and informal social interactions would not be remarkable. However, we found that the proximity of the on-site providers' employees to CAU personnel, combined with the lack of guidance, supervision, and oversight of their interactions with FBI employees contributed to some of the serious abuses identified in this review.[5]

    • FISA applications

      The IG had concern that perhaps information from exigent letters was used in submission to FISA applications to the FISC. OIG asked the Department's National Security Division (NSD) to help us determine whether the Department had sought orders from the FISA Court based on any information obtained in response to exigent letters or other requests. The NSD and the OIG determined that four FISA applications contained a total of five inaccurate statements. The small sample of FISA applications that we reviewed, we found that FBI personnel filed inaccurate sworn declarations with the FISA Court to the effect that subscriber or calling activity information was obtained in response to NSLs or a grand jury subpoena, when in fact the information was obtained by other means, such as exigent letters. In our review, we identified a sample of 37 applications to the FISA Court, which sought FISA electronic surveillance or pen register /trap and trace orders for 35 unique telephone numbers which were examined by the NSD and the FBI.[6] In these 37 applications, the NSD and the OIG identified 4 FBI declarations that together contained 5 inaccurate statements as to the source of the subscriber or calling activity information relied upon to support the declarations. The four declarations containing these inaccurate statements were signed by four different FBI SSAs. These four declarations stated that NSLs were the source of the subscriber or calling activity information, when, in fact, NSLs were not the source for the information contained in the FISA application. Rather, for two of these inaccurate statements, exigent letters not NSLs were used to obtain records that were the sources of the information in the FISA applications. In another inaccurate statement, the records cited in an application to the FISA Court were obtained in response to a letter referring to the FBI's emergency voluntary disclosure authority, not in response to an NSL as the application stated. In another inaccurate statement, the FBI obtained the information informally by a verbal request, not in response to an NSL as the application stated. In another application, the NSD determined that a "trash cover" was the source of the FBI's information about the subscriber information, not an NSL as the application stated.[7]

      NSD officials stated that in addition to concluding that the ECPA did not provide for exclusion of evidence for violations of the statute, the NSD also examined each of the applications addressed in FISA Cases 1, 2, 3, and 4 and determined that the inaccurate information was not substantive in nature but rather concerned only the manner in which information was obtained. The NSD officials stated that they concluded that the misstatements were non-material because the underlying substantive information provided in the misstatements was correct and that only the procedural manner in which it was obtained was misstated (e.g., in FISA Case 1 the declaration stated that subscriber information was obtained from an NSL rather than from an exigent letter). We agree with the NSD that the inaccurate statements were non-material for purposes of Rule 10(b) of the FISA Court Rules of Procedure.[8]

      Following up this finding, NSD and FBI, it was noted that, "beginning in February 2006, FISA declarations have been subject to a more rigorous fact-checking process than was in place prior to that date. As part of that process, NSD and the FBI conduct "accuracy" reviews of FISA declarations on a regular basis.[9] Further, NSD stated in 2010 it would examine the universe of relevant FISA applications that would fall within the scope of the IG recommendation. On February 2, 2013, Chief of NSD's Oversight Section advised the OIG that the NSD completed a review of the applications. Out of the 4, 379 total numbers, only 1 such number was identified responsive. It was determined that the statements in the FISA application as to the source of the subscriber information for that telephone number were accurate."[10]

    • Purging

      Beginning in late 2006 and concluding in April 2009, the FBI analyzed whether it would retain telephone records it acquired in response to exigent letters.[11] The FBI identified a universe of 4,379 unique telephone numbers from the exigent letters that it determined must be analyzed to establish whether records related to each number should be retained or purged. The FBI decided it would retain the records related to a total of 3,352 telephone numbers (76 percent) because they fell into one of the three categories that justified retention under the decision tree described above. The FBI determined that records for a total of 739 telephone numbers (17 percent) would be purged from FBI databases because the records did not fall into one of the three categories for retention. The FBI could not locate any telephone records in FBI databases for the remaining 288 telephone numbers (7 percent) and, accordingly, no purging was necessary.[12] The FBI review team also analyzed the records obtained for the telephone numbers listed in exigent letters and the blanket NSLs to determine if the FBI had acquired any records beyond the records specified in the legal process that formed the basis for the decision to retain the records. Specifically, the review team examined whether any records obtained and uploaded into FBI databases in response to exigent letters or listed in the blanket NSLs included records outside the date range of the dates specified in the corresponding legal process. Based on its review, the FBI identified records related to 302 unique telephone numbers that it decided to purge due to overcollections.[13]

    • Impact to criminal investigations

      The FBI OGC determined that 266 telephone numbers listed in exigent letters and in 3 of the 11 blanket NSLs were related to criminal investigations or domestic terrorism investigations for which NSLs are not an authorized technique under the ECPA NSL statute, the Attorney General's NSI Guidelines, or FBI policy. According to the FBI OGC, it located appropriate legal process (either grand jury subpoenas or FBI administrative subpoenas) issued to the on-site providers before or after the FBI obtained records for 16 of these 266 telephone numbers, and the FBI determined that it will retain these records. The FBI OGC determined that it would retain records requested in grand-jury subpoenas if a grand jury had been em panelled at the time the legal process was issued and the subpoena was served either before or after the records were obtained. Of the remaining 250 telephone numbers, the FBI could not locate legal process for 167 telephone numbers. The FBI therefore directed the CAU to purge the records in FBI databases on these telephone numbers. The FBI review team informed us that there were no responsive records in FBI databases for the remaining 83 telephone numbers. The FBI OGC informed us that a court-ordered wiretap had been instituted that targeted 1 of the 266 telephone numbers. The wiretap was instituted 11 days after the date of an exigent letter seeking records on that telephone number. The FBI OGC directed the field division "to determine whether any information from the ... exigent letter was utilized to establish probable cause for the [wiretap]." The FBI OGC advised us in March 2009 that the field office stated that probable cause for the wiretap was established by independent means. As a result of the FBI's analysis, the FBI has decided to retain records for 16 of the 266 telephone numbers related to criminal or domestic terrorism investigations and to purge records for 167 telephone numbers."[14]

      In summary, "there were no intentional attempts to obtain records that counterterrorism personnel knew they were not legally entitled to obtain... no FBI employee obtained telephone records for reasons other than a legitimate investigative interest. FBI employees involved in this matter obtained the telephone records at issue to perform their critical mission to prevent a terrorist attack or otherwise to support a counterterrorism investigation.”[15]

  • Stellarwind transition to FISA

    NSA first attempted to bring PSP under FISA in Sep, 2002.[1]

    • Patriot Act

      • Bulk PR/TT (basket 3), July 2004

        Under the program NSA was permitted to collect certain electronic communications metadata such as the “to,” “from,” and “cc” lines of an email and the email’s time and date. This collection was done only after the Foreign Intelligence Surveillance Court approved the government’s applications, and pursuant to court order generally lasting 90 days. NSA was not permitted to collect the content of any electronic communications. Like NSA’s bulk telephony metadata program under FISA section 501, this program was subject to several restrictions approved by the FISC, such as:

        • The information could be used only for counterterrorism purposes.
        • The information had to be stored in secure databases.
        • The databases could be queried using an identifier such as an email address only when an analyst had a reasonable and articulable suspicion that the email address was associated with certain specified foreign terrorist organizations that were the subject of FBI counterterrorism investigations. The basis for that suspicion had to be documented in writing and approved by a limited number of designated approving officials identified in the Court’s Order. Moreover, if an identifier was reasonably believed to be used by a United States person, NSA’s Office of General Counsel would also review the determination to ensure that the suspected association was not based solely on First Amendment-protected activities.
        • NSA was required to destroy the bulk metadata after a set period of time.[2]

        PR/TT Orders have permitted NSA to reply on the Court's findings of probable cause that a US person selector is used by an agent of one of the Foreign Powers in lieu of a formal RAS determination by one of the designated approval authorities and NSA's OGC. The PR/TT Orders made no exception for a probable cause finding by anyone else; in other words, NSA could not rely on the Attorney General's findings of probable cause under an emergency authorization in advance of a Court review. In that circumstance, NSA would be required either to proceed with a formal RAS determination through a designated approval authority and NSA's OGC or to wait for Court's ratification of the Attorney General's finding.[3]

        A SID study in 2011 found that as Bulk PR/TT operated under extremly strict Court restrictions, it was no longer of operationale value. SID recommended to the NSA Director to allow the authority under the then-current Court Order to expire, so it did. They then subsequently purged all data.[4]

        Since the Emphatic Access Restriction was put in to place, SID Oversight and Compliance has conducted a complete (100 percent) audit of all PR/TT metadata queries, and this audit has confirmed that there haas been no Inappropriate access to the sensitive PR/TT metadata via Intelligence analysis tools. Compliance audits have determined that the EAR has prevented all queries on non-RAS approved identifiers from accessing the metadata. NSA intends to continue with full auditing capability of all queries using Intelligence analysis query tools.

      • Bulk BR 215 (basket 2), May 2006

        "The production of all call detail records of all persons in the United States has never occurred under this program." —Judge Eagan

        The transition of bulk telephony metadata collection from Presidential Authorization under the Stellarwind program to FISA authority relied on a provision in the FISA statute that authorized the FBI to seek an order from the FISA Court compelling the production of "any tangible things" from any business, organization, or entity, provided the items are for an authorized investigation to protect against international terrorism or clandestine intelligence activities. See 50 U.S.C. § 1861. Orders under this provision commonly are referred to as "Section 215" orders in reference to Section 215 of the USA PATRIOT ACT, which amended the "business records" provision in title V of FISA. Metadata defined here, refers to Call Detail Records (CDRs), which are narrowly defined as: Time, date, duration of the call & calling/receiving numbers. Only calls that are one end foreign/one end domestic. No names, content, Cell Site Location Information (CSLI), etc.

        This conclusion does not mean that the scope of Section 215 is boundless and authorizes the FISC to order the production of every type of business record in bulk—including medical records or library or book sale records, for example. As noted above, the Supreme Court has explained that determining the appropriate scope of a subpoena for the production of records “cannot be reduced to formula; for relevancy and adequacy or excess in the breadth of [a] subpoena are matters variable in relation to the nature, purposes and scope of the inquiry.” Okla. Press Pub. Co. v. Walling, 327 U.S. 186, 209 (1946). In other contexts, the FISC might not conclude that collection of records in bulk meets the “relevance” standard because of the nature of the records at issue and the extent to which collecting such records in large volumes is necessary in order to produce information pertinent to investigations of international terrorism. For example, the Government’s ability to analyze telephony metadata, including through the techniques discussed above, to discover connections between individuals fundamentally distinguishes such data from medical records or library records. Although an identified suspect’s medical history might be relevant to an investigation of that individual, searching an aggregate database of medical records—which do not interconnect to one another—would not typically enable the Government to identify otherwise unknown relationships among individuals and organizations and therefore to ascertain information about terrorist networks. Moreover, given the frequent use of the international telephone system by terrorist networks and organizations, analysis of telephony metadata in bulk is a potentially important means of identifying terrorist operatives, particularly those persons who may be plotting terrorist attacks within the United States. Although there could be individual contexts in which the Government has an interest in obtaining medical records or library records for counterterrorism purposes, these categories of data are not in general comparable to communications metadata as a means of identifying previously unknown terrorist operatives or networks.[4]

        There are two means for which bulk BR metadata was used:

        • An alert list was created under Stellarwind, with already RAS-approved numbers, associated with terrorists—a new number coming in, if in contact with a known number, would generate an alert.[5] If the alert was against a domestic number, the alert system masked (i.e., concealed) the domestic number.[6] This process was stopped in 2009, due to a non-compliance incident, described in the 2009 Walton Opinion herein.
        • A number was manually queried into the database. To do so, the number had to have a reasonable, articulable suspicion that it was associated with terrorism, and not based solely on the first amendment. This remained unchanged, from when it operated under Stallarwind.[7]

        NSA may access BR metadata for purposes of obtaining foreign intelligence information only through queries of the BR metadata to obtain contact chaining information using selection terms approved as seeds. A seed is a selection term approved for querying BR metadata. All selection terms to be used as seeds with which to query BR metadata must first be approved by the S214 Chief or Deputy Chief or one of the 20 specially authorized HMCs in the SID Analysis and Production Directorate. Approval shall be given only after the designated approving official has determined that based on the factual and practical consideration of everyday life on which reasonable and prudent persons act, there are facts giving rise to a RAS that the selection term to be queried is associated with specified terrorist groups per Court order. If the selection term is reasonably believed to be used by a USP, the NSA's OGC must first determine that the USP is not regarded as associated based solely on the basis of activities that are protected by the First Amendment to the Constitution. RAS approvals shall be effective for 180 days for any selection term reasonably believed to be used by a USP and one year for all other selection terms (non-USPs).[8]

        Determining seed selection terms for requesting RAS approval:

        Analysts working CT missions focus on lead selection terms, which can be derived from multiple sources. Analysts apply a wide range of tradecraft in determining which selection terms to pursue RAS approval. Analysts making determinations whether selection terms are eligible to be used as seeds under the BR FISA authority must consider all the facts they know or reasonably can know before submitting requests for RAS approval. Looking at the totality of the circumstances, analysts evaluate whether there is a RAS that the selection terms are used by persons associated with one of the terrorist organizations in the BR Order. The level of proof demanded by the RAS standard is less than a preponderance of evidence or probable cause. Nonetheless, the RAS standard requires more than a mere hunch or uninformed guesswork. Analysts must have an "articulable reason," supported by at least one source, for suspecting that the person using the selection term is associated with one of the terrorist organizations in the BR Order. As authorized by the BR Order, if selection terms are subject to ongoing FISC-authorized electronic surveillance based on a finding of probable cause that the selection term is used or about to be used by persons associated with one of the identified foreign powers, NSA may use the selection term to query the BR metadata without obtaining RAS because probable cause, a higher standard, has already been met. OGC review is still required here, if concerning USP terms.[9] [10] [11]

        OGC First Amendment review of seed selection terms associated with USPs:

        NSA is prohibited from establishing RAS on a USP selection term based solely on activities protected by the First Amendment. RAS requests containing selection terms associated with USPs were forwarded to the NSA OGC for a First Amendment review. automated email notifications to designated OGC Attorneys until review was completed. OGC reviewed RAS requests and source documentation, as well as the RAS determinations made by HMCs, and determined whether NSA intended to target an individual based solely on activities protected by the First Amendment. If there were indications that the RAS requests were based solely on such activities, OGC would dent the RAS requests (denoted as "Disapproved".[12]

    • Content Orders/2007 Protect America Act

      The last stellarwind transition. The Department first began work on bringing Stellar Wind's content collection activity (basket 1) under FISA in March 2005, shortly after Alberto Gonzales became Attorney General. Gonzales told us that he initiated discussions about making this change with OLC Principal Deputy Assistant Attorney General Bradbury. Gonzales told us that placing content collection under FISA authority would also eliminate the constitutional debate about the activity and would reassure people that the President was acting according to the Constitution and the law. Gonzales said that, in his view, it is better to conduct activities such as content collection without a direct order from the President when possible. Gonzales added that in 2001 nobody thought it was possible to bring Stellar Wind under FISA authority. In response to Gonzales's request, Bradbury, working with attorneys in OLC and the Office of Intelligence and Policy Review (OIPR) as well as with NSA personnel, devised a legal theory, summarized below, for bringing under FISA the Stellar Wind program's content collection activities while preserving the "speed and agility" many Intelligence Community officials cited as the chief advantage of the NSA program. In June 2005, Bradbury, together with Associate Deputy Attorney General Patrick Philbin, presented the legal theory to White House officials David Addington, Harriet Miers, and Daniel Levin and received their approval to continue work on a draft FISA application.[13]

      NSA was skeptical as to whether a FISA approach would be feasible, in view of the substantial administrative requirements under the FISA Court's PR/TT Order. The NSA also believed that the FISA Court would be reluctant to grant the NSA the operational flexibility it would insist on in any content application, resulting in less surveillance coverage of telephone numbers and e-mail addresses used by persons outside the United States. In May 2006, at the first of the FISA Court's semiannual meetings that year, the Department provided the Court a draft of the application for content collection to obtain feedback on the government's unconventional approach to the FISA statute. None of FISA Court judges indicated whether the application would be granted if filed, but some identified concerns with certain aspects of the proposal. At this time, Congress and the Administration were also discussing how to modernize the FISA statute to authorize the type of electronic surveillance that the content application sought. Work on the application was temporarily suspended as the Department focused its attention on working with Congress to craft this legislation. However, this suspension of work on the content application was brief. Bradbury said he concluded by the fall of 2006, as Congress was heading for recess, that there would be no legislative reform of the FISA statute in the foreseeable future that would address content collection as it was being conducted under Stellar Wind. As a result, the Department pressed forward with the draft content application to the FISA Court. In November 2006, at the second of the Court's semiannual meetings, the Department presented an updated draft of the application that incorporated feedback received from members of the Court during the previous semiannual meeting. On December 13, 2006, the Department formally filed the content application with the Court.[14] [15]

      The two main components of the government's approach to content collection in the FISA application that are critical for understanding one judge's approval of the application and another judge's later rejection of essentially the same application. First, the government proposed an interpretation of the term "facility" in the FISA statute that was broader than how the term was ordinarily, but not always, applied. Section 1805(a)(3)(B) of FISA provides that the Court may order electronic surveillance only upon the finding that there is probable cause to believe that "each of the facilities or places at which the electronic surveillance is directed is being used, or is about to be used, by" a group involved in international terrorism. The term "facilities" generally was interpreted to refer to individual telephone numbers or e-mail addresses at which surveillance is "directed." The government sought to include under this definition, the gateway or cable head that foreign targets use for communications. Second, the government's application requested that senior NSA officials be authorized to make individualized findings of probable cause about whether a particular telephone number or e-mail address was being used by a member or agent of one of the application's targets. Ordinarily, a FISA Court judge makes this probable cause determination. To implement this transfer of authority, the government proposed that NSA officials make the probable cause determinations as part of requirements called "minimization procedures," which are detailed rules that govern how the government must handle communications that it intercepts pertaining to U.S. persons. The FISA statute provides that each FISA application must include, and the FISA Court must approve, minimization procedures that the agency will follow with respect to communications intercepted pursuant to a FISA Court order.

      Minimization procedures, in the FISA context, ordinarily govern the handling of intercepted communications involving U.S. persons after the acquisition has been approved by the FISA Court. In other words, a FISA Court authorizes the agency to intercept the communications of particular selectors, and the agency follows the minimization procedures with respect to how it retains, uses, and disseminates any U.S. person information it collects under the Court's order. However, the government proposed as part of the content application that the minimization procedures also encompass how the NSA acquires the communications. Specifically, the application proposed that the NSA could intercept the communications of specific selectors if the agency officials determined there was probable cause to believe that (1) the selector is being used by a member of agent of a terrorist organisation and (2) the communication is to or from a foreign country. The application referred to this as the minimization probable cause standard." This, the content application had a two-prong "minimization probable cause standard"; (1) probable cause to believe a selector is being used by a member or agent of a targeted group, and (2) probable cause to believe the communication intercepted is to or from a foreign country.[16]

      In short, the government's content application asked the FISC to find probable cause to believe that specific groups were engaged in international terrorism, and that specific gateways and cable heads were being used by terrorists in their communications. Then, within these parameters, NSA officials would make probable cause findings (subsequently reviewed by the FISC) about whether individual telephone numbers or internet communications addresses are used by members or agents of various terrorist groups and whether the communications of those members and addresses are to or from a foreign country. When probable cause findings were made, NSA would direct the telecommunications companies to provide the content of communications associated with those telephone numbers and internet communications addresses.[17]

      On 10 January 2007, Judge Malcolm J. Howard approved the Government's 13 December 2006 content application as it pertained to foreign selectors—telephone numbers and internet communications addresses reasonable believed to be used by individuals outside the United States. However, Howard did not approve the domestic selectors portion of the application. Howard advised DOJ to file a separate application for the international calls of domestic selectors that took a more traditional approach to FISA. DOJ did this in an application filed on 9 January 2007, which Howard approved the following day.[18] This would bring about what was known as the "large content orders." The word "large" comes from a leaked stellarwind classification guidance document. However, the numbers reflect anything other than "large"—by a different leaked document, the NSA's IG draft. It notes, "The Foreign Content Order negatively affected SIGINT exploitation. Most notably, the number of foreign selectors on collection dropped by 73 percent, from 11,000 selectors under PSP to 3,000 under the order. In addition, the administrative workload for NSA analysts to put critical foreign selectors on collection was so burdensome that the order became operationally unsustainable. Domestic Content Order did not create a similar loss in collection because so few domestic numbers were tasked at that time. It did, however, slow operations because of the documentation required, and it took considerably longer to task under the order than under the PSP. Over time, the scope of the Domestic Content Order gradually decreased to a single selector tasked for collection. In January 2009, the FBI, at NSA’s request, assumed responsibility for the Domestic Content Order and became the declarant before the FISC."[19]

      The DOJ's first renewal application to extend foreign selectors was filed on 20 March 2007 with Judge Roger Vinson, the FISC duty Judge that week. On 29 March 2007, Vinson orally advised DOJ that he could not approve the application, and on 3 April 2007, he issued an order and memorandum opinion explaining the reasoning for his conclusion. Vison suggested that, "Congress should also consider clarifying or modifying the scope of FISA and of this Court's jurisdiction with regard to such facilities..." Vinsion's suggestion was a spur to Congress to consider FISA modernization in the summer of 2007. In May 2007, DOJ filed, and Vinson approved, a revised foreign selectors application that took a more traditional approach to FISA. The Vinson order caused that significant impact, described above. The situation accelerated the government's efforts to obtain legislation that would amend FISA to address the government's surveillance capabilities within the United States directed at persons located outside the United States. The Protect America Act, signed into law on 5 August 2007, accomplished this objective by authorising the NSA to intercept inside the United States any communications of non-US persons reasonable believed to be located outside the United States, provided the purpose of the acquisition pertains to foreign intelligence. The PAA effectively superseded Vinson's foreign selectors order and the government therefore did not seek to renew the order when it expired on 24 August 2007.[20]

    • 2008 FISA Amendment Act

      The FISA Amendments Act of 2008 (FAA) was signed into law as Public Law 110-261 on July 10, 2008. According to the FAA's legislative history, Congress had two primary goals in passing the FAA. First, Congress wanted to provide a sound statutory framework, consistent with the Constitution, enabling the targeting of persons reasonably believed to be located outside of the United States for the acquisitions of foreign intelligence information, while simultaneously affording additional protections to United States persons whose communications are targeted for collection or collected incidentally. In striking this balance, Congress discarded the PAA's redefinition of the term "electronic surveillance," which had excluded from FISA's individualized order requirement all persons outside the United States, including U.S. persons, and instead promulgated a specific authorization for the acquisition of communications from non-U.S. persons located outside the United States without an individualized order. The result was a sharply narrowed statute under which U.S. persons overseas could no longer be targeted without an individualized warrant, as had been possible prior to the FAA. Second, Congress wanted to provide civil immunity for those electronic communication service providers who had provided assistance to the Intelligence Community under the PSP pursuant to written assurances that the program had been authorized by the President and determined to be lawful.[21]

      The FAA authorizes the collection of foreign intelligence information from persons reasonably believed to be located outside of the United States. The Act contains separate sections authorizing such collection under three different circumstances: targeting non-U.S. persons outside the United States (Section 702); acquisitions inside the United States targeting U.S. persons outside the United States (Section 703); and other acquisitions targeting U.S. persons outside the United States (Section 704).[22]

      • Sec. 702 (basket 1)

        Content collection programs of TSP, (basket 1 of Stellarwind), transitioned to this authority. FISA Section 702, 50 U.S.C. § 1881, permits the Government to target non-U.S. persons located outside the United States who are likely to communicate or possess foreign intelligence information.[23] What is the definition of foreign intelligence information? As defined by Section 1801(e): (1) information that relates to, the ability of the United States to protect against — (A) actual or potential attack or other grave hostile acts of a foreign power or agent of a foreign power; (B) sabotage, international terrorism, or the international proliferation of weapons of mass destruction by a foreign power or agent of a foreign power; or (C) clandestine intelligence activities by an intelligence service or network of a foreign power or by an agent of a foreign power; or (2) information with respect to a foreign power or a foreign territory that relates to, and if concerning a United States person is neccessary to — (A) the national defense or the security of the United States; or (B) the conduct of the foreign affairs of the United States. Don't believe the unclassified or declassified record? Snowden's leaks say the same thing.[24] [25] [26]

        As PCLOB noted in its 2023 report, "Every court to have reached a decision on the program has found it to be constitutional and reasonable under the Fourth Amendment... the Board recognizes and reaffirms its 2014 conclusion that the Section 702 program is not bulk collection"[27] Further, again, the Government doesn't do collection directly. FBI Data Acquisition/Intercept Section within the Operational Technology Division: "All the data the Government receives pursuant to FISC orders from Yahoo is collected by Yahoo (i.e., the FBI does not perform collections in Yahoo's network). Yahoo is free to change the manner and means of its collection at any time—it only needs to coordinate with the FBI on the process and data format for delivery to the Government."[28] Independently agreed upon by the Yahoo Manager, Legal Department Compliance team: "as correctly stated in the FBI declaration, all information provided by Yahoo is collected by Yahoo. To my knowledge, the government has never directly performed collections of data on Yahoo's network and upon information and belief, it does not contemplate doing so pursuant to the Directives."[29]

        • Targeting, selector analysis, Adjudication, OtR

          Below is a few pre/post-targeting protections under FAA 702. This is not a comprehensive discription.

          Targeting request. Once mission analysts complete the research for the proposed target, they must develop and submit a Targeting Request (TAR) identified for an eligible target. The TR documents the analyst's determinations that the prospective targets meet the standards in the targeting procedures. Once the TR has been reviewed and approved (see Targeting Authorisation), the selector identified in the TR is used to initiate collection. To complete a valid TR, mission analysts must compile specific information to demonstrate that, based on the totality of the circumstances determined from the research performed, there is a reasonable belief that the proposed target is foreign (not a USP and not within the United States) and is likely to produce foreign intelligence consistent with one of the FAA 702 certifications.[30] NSA has implemented a multi-level review process to approve all proposed targeting.

          Releaser review. Submitted TRs are first reviewed by the mission releaser. Normally, the releaser is in the same organization as the mission analyst. Releasers must complete the same training courses as mission analysts. They examine the TRs for completeness and compliance with the FAA §702 Targeting Review Guidance developed and maintained by the Mission and Compliance staff, part of the Directorate for Analysis and Production within NSA's Signals Intelligence Directorate.[31]

          Adjudication. The final approval of the TR known as adjudication, is a critical control point in tasking selectors under FAA 702 authority and is performed by personnel designed as mission adjudicators. TRs were initially subject to adjudication by SV but, was moved to mission groups within the SIGINT Analysis and Production organization, where specially trained and experienced analysts, usually from the same organization as the targeting analyst, perform adjudication. Adjudicators must complete the same courses as other mission personnel as a prerequisite for access to FAA §702 data. They must also complete a specific course on adjudication and receive on-the-job training in their mission office before they are permitted to adjudicate independently. Adjudicators receive advice and updated information from the staff of the SIGINT Analysis and Production organization, SV, and OGC on developments affecting the application of the FAA 702 authority. The majority of adjudicators have two or more years experience in adjudication. Adjudicator performance is monitored by the Mission and Compliance staff in SID's Directorate for Analysis and Production. Adjudicators review TRs for accuracy, evaluate the evidence in the TR supporting the for foreignness of the proposed target, examine the TAR statement for the individual's foreign intelligence value, and verify that t he TR supports eligibility for targeting und er the specified FAA 702 certification. As part of their TR reviews, adjudicators recreate the steps taken by the mission analyst to independently confirm that the supporting data is accurate and that the most current information available is used to support a reasonable belief that the prospective target is foreign.[32] [33]

          Post-targeting. NSA has implemented four procedures to ensure that targeted persons continue to meet the criteria specified in the FAA §702 targeting procedures.

          Obligation to Review. NSA has implemented a process called Obligation to Review (OtR) that ha s two provisions. The first requires that, upon tasking a selector. the mission team that initiated tasking must review collection from that tasking within 5 business days of the receipt of the initial piece of traffic from FAA §7 02 collection. An e-mail notification is sent to mission team members notifying them of the receipt and the 5 day review requirement. If the reviewing analyst determines that all three requirements have been satisfied, thus making the tasking valid under FAA 702 authority, no further action is required. If any of the three requirements is not satisfied, the selector must be immediately detasked in the system (removed from collection). The selector cannot be resubmitted for tasking until all requirements have been satisfied. The second provision of the OtR process requires the mission office to conduct an ongoing review of at least a sample of the content from ongoing collection to ensure that the target continues to meet the criteria for targeting under FAA 702.[34]

        • PRISM

          PRISM is not an undisclosed collection or data mining program.[35] Nor is it a "backdoor" access, unknown to ISPs. In PRISM collection, the government sends a selector, such as an email address, to a United States-based electronic communications service provider, such as an Internet service provider (“ISP”), and the provider is compelled to give the communications sent to or from that selector to the government. PRISM collection does not include the acquisition of telephone calls. The National Security Agency (“NSA”) receives all data collected through PRISM. In addition, the Central Intelligence Agency (“CIA”) and the Federal Bureau of Investigation (“FBI”) each receive a select portion of PRISM collection.[36]

          Key words were never a feature of 702 or Stellarwind. A selector must be a specific communications facility that is assessed to be used by the target, such as the target’s email address or telephone number. Because such terms would not identify specific communications facilities, selectors may not be key words (such as “bomb” or “attack”), or the names of targeted individuals (“Osama Bin Laden”) [37] [38]

        • Upstream

          Upstream collection differs from PRISM collection in several respects. First, the acquisition occurs with the compelled assistance of providers that control the telecommunications “backbone” over which telephone and Internet communications transit, rather than with the compelled assistance of ISPs or similar companies. Upstream collection also includes telephone calls in addition to Internet communications. Data from upstream collection is received only by the NSA: neither the CIA nor the FBI has access to unminimized upstream data. About 9% of 702's collection from Upstream.[39] [40]

          • "Abouts"

            An “about” communication is one in which the selector of a targeted person (such as that person’s email address) is contained within the communication but the targeted person is not necessarily a participant in the communication. Rather than being “to” or “from” the selector that has been tasked, the communication may contain the selector in the body of the communication, and thus be “about” the selector.[41] NSA employs either an internet IP filter to ensure that the person from whom it seeks to obtain foreign intelligence information is located overseas, or, [redacted] it is through these measures that NSA prevents the intentional acquisition of internet communications that contain a reference to a targeted selector where the sender all intended recipients are known at the time of acquisition to be located in the US.[42] [43]

          • MCT

            An MCT is an Internet “transaction” that contains more than one discrete communication within it. If one of the communications within an MCT is to, from, or “about” a tasked selector, and if one end of the transaction is foreign, the NSA will acquire the entire MCT through upstream collection, including other discrete communications within the MCT that do not contain the selector. An internal, independent technical review that sampled 702 data, out of 140.9 million datasets, only 10 were wholly domestic in incidental collection, due to MCTs. Those came from only two unique users.[44] Effective January 2012, NSA implemented a process for analyzing and processing upstream internet collection to ensure that only MCTs devoid of wholly domestic communications will be forwarded for further analysis.[45]

        • "Backdoor searches" myth

          Querying lawfully collected Section 702 collection is NOT the initiation of new surveillance or a new search protected under the Fourth Amendment; it is simply intelligence agencies reviewing the data they have already collected. The best way to think of this is if you were to use the “search” bar in your inbox to search your email – you are only looking through the information you currently have in your possession. It is also analogous to a search of previously collected evidence by a local law enforcement agency—an activity which occurs every day in American in full conformity with the constitution. Indeed, several Courts, outside of FISC, have confirmed this is lawful and Constitutional.[46] [47]

        • Batch queries

          Sensational headlines claimed that the FBI "conducted up to 3.4 million warrantless searches of Americans' electronic data in 2021". This, of course, is not supported by the underlying source material.

          While FBI receives Section 702 collection for only a small percentage of the total Section 702 targets (approximately 4.4% in March 2022), the frequency with which FBI uses U.S. person query terms is greater than other agencies. The difference in frequency is largely attributable to FBI’s domestic-focused mission versus the other agencies’ foreign-focused missions. FBI queries are often initiated through tips and leads relating to domestic matters, provided by the public and domestic partners, meaning they are more likely to involve U.S. persons.

          Because investigative activities can vary widely from year to year, the statistics are not necessarily representative of the number of such queries conducted in prior years or indicative of future investigative needs. Particular to calendar year 2021, there were two factors that contributed to significant fluctuations throughout the year. In the first half of the year, there were a number of large batch queries related to attempts to compromise U.S. critical infrastructure by foreign cyber actors. These queries, which included approximately 1.9 million query terms related to potential victims—including U.S. persons—accounted for the vast majority of the increase in U.S. person queries conducted by FBI over the prior year.

          A batch query is when FBI runs multiple query terms at the same time using a common justification for all of the query terms. Each of the query terms in a batch query is counted as a separate query. The number of FBI queries does not reflect the number of U.S. persons associated with these queries. For example, a single U.S. person might be associated with 10 unique query terms including name, social security number, passport number, phone number, multiple email addresses, etc. These 10 identifiers could be run 10 different times throughout the reporting period, resulting in 100 queries associated with a single individual. Query terms may also be associated with a U.S. company rather than a specific U.S. person. These particular large batch queries were reviewed by the Department of Justice and found to be compliant with the FBI’s Section 702 querying procedures. Separately, in June and August, FBI made several changes to systems that store unminimized Section 702 acquired information designed to ensure compliance with FBI’s Section 702 querying procedures. Specifically, FBI added an additional approval process for batch queries involving 100 or more query terms. FBI also modified two important systems that allow FBI to query across multiple datasets to require FBI personnel to affirmatively “opt-in” to querying unminimized FISA Section 702-acquired information. Following these changes, the average monthly number of FBI U.S. person queries run against unminimized Section 702-acquired collection decreased. All of the factors that coincided in 2021 provide examples of how the number of U.S. person queries may fluctuate in future years based upon both investigative needs and/or changes in policy and system design. Finally, certain steps FBI has taken to ensure U.S. person protections apply to all U.S. person queries result in an over counting of U.S. person queries. More specifically, FBI has the capability to run queries in which a single query action might include hundreds or thousands of query terms. FBI counts such query actions as hundreds or thousands of queries, not one query. However, if even one query term in such a query action is associated with a U.S. person, every term in the query action carries the U.S. person label. This means that if one term in a 100 term query action is associated with a U.S. person, the query action will be counted as 100 U.S. person queries, even if some of the query terms are not associated with a U.S. person. This system design ensures that all potential U.S. person query terms are captured, but results in an over counting of the number of U.S. person queries actually conducted by the FBI. For this reason, the total number of FBI U.S. person queries is referred to as “fewer than” the total number of queries labeled as U.S. person queries.[48]

          The number of FBI queries does not reflect the number of U.S. persons associated with these queries. For example, a single U.S. person might be associated with 10 unique query terms including name, social security number, passport number, phone number, multiple email addresses, etc. These 10 identifiers could be run 10 different times throughout the reporting period, resulting in 100 queries associated with a single individual. Query terms may also be associated with a U.S. company rather than a specific U.S. person.[49]

        • 2021/2022 reform compliance

          The FBI has, since June 2021, has successfully implemented a number of means to further reduce hits on USPs when conducting normal and batch job queries.

          • The FBI instituted a policy requiring FBI attorney approval prior to conducting a batch job that would result in 100 or more queries. The FBI attorney pre-approval requirement is designed to ensure that there is additional review in situations where one incorrect decision could potentially have a greater privacy impact due to the large number of query terms.
          • In the fall of 2021, at the direction of the FISC, the FBI modified its systems containing unminimized Section 702 information to require a case-specific justification for every query using a U.S. person query term before accessing any content retrieved by such a query from unminimized Section 702 information. Previously, personnel were permitted to use a pre-populated common justification, when applicable, for the query. These case-specific justifications are subject to review and audit by DOJ as part of its regular oversight reviews.
          • In March 2022, the FBI instituted a new policy requiring enhanced pre-approval requirements for certain sensitive queries, such as those involving elected officials, members of the media, members of academia, or religious figures. Under the new policy, an FBI attorney must review these queries before they are conducted. The FBI's Deputy Director must also personally approve certain queries before they can be conducted. This measure was designed to ensure that there is additional review at a leadership level of queries that reflect particular investigative sensitivities.

          Independent, internal reviews have already found these efforts successful at "dramatically decreased" numbers. Further, the April 2022 FISC opinion has recognized the compliance benefits of the new approach, "The Court is encouraged by the amendments to the FBI's querying procedures and the substantial efforts to improve FBI querying practices, including heightened documentation requirements, several system changes, and enhanced guidance, training, and oversight measures. There are preliminary indications that some of these measures are having the desired effect."[50]

          The same judge who issued the April 2022 opinion, in reviewing the FBI’s querying over the last year and during periods after our reforms went into effect, found improvement in multiple areas. The Court made several statements throughout the Opinion highlighting the effectiveness of the reforms:

          • Page 83: “There are further indications that these measures are having the desired effect.”
          • Page 87: “…there is reason to believe that the FBI has been doing a better job in applying the query standard.”
          • Page 88: “The information reported regarding the FBI’s recent implementation of the querying standard is encouraging,” and “On balance…FBI application of the querying standard appears to have improved.”
          • Page 93: the Court cited “recent indications that the FBI is improving its implementation of Section 702 querying requirements” when finding the FBI’s querying and minimization procedures to be consistent with the statute and the Fourth Amendment.

          The Court found the FBI’s compliance rate with the query standard to be over 98% after our reforms were implemented.

          • Page 84/85: The Court calculated the FBI’s rate of non-compliance with the query standard as about 1.7% for queries against Section 702 data, and about 1.8% for all FISA queries.

          • New accountability procedures in June 2023 defining specific consequences for employees who fail to properly abide by policies the FBI has put in place:

            • An initial incident would trigger immediate suspension of FISA access while employee: (1) retakes all mandatory FISA training, (2) executes a signed certification that will be placed in the employee’s personnel files, and (3) receives mandatory one-on-one counseling with their field office attorney.
            • Subsequent incidents within a 24-month period would require further measures, up to and including indefinite loss of FISA access, reassignment to a new role, and/or referral to FBI’s Inspection Division to review potentially reckless conduct.

          • Evaluating Field Office Executive Leadership on FISA Compliance:

            • A new FISA Compliance “Field Office Health Measure” (FOHM) will take effect with the beginning of the new fiscal year in October 2023. This new FOHM will ensure accountability across the leadership ranks for following the relevant FISA safeguards.
            • Each year, field office executive leadership (i.e. special agents in charge and assistant directors in charge) are evaluated on a series of health measures for their field offices, which can affect eligibility for promotion and annual bonuses.[51] [52]

  • Room 641A

    In 2006, AT&T technician, Mark Klein, claimed this room was part of AT&T's effort to send data to the NSA. As a result, EFF filed a lawsuit against the company. In Jewel v NSA, on April 25, 2019, ruling from the Northern District of California, the Court concluded that the evidence presented by the plaintiff's experts was insufficient; "the Court confirms its earlier finding that Klein cannot establish the content, function, or purpose of the secure room at the AT&T site based on his own independent knowledge." Lastly, the documents attached to Klein’s declaration are not excepted from the hearsay objection on the basis that they are admissible business records. The timing of the creation of these attachments indicate that they were not simultaneous records of acts or events that were occurring at or around the time of the documents’ creation." The ruling noted, "Klein can only speculate about what data were actually processed and by whom in the secure room and how and for what purpose, as he was never involved in its operation." The Court further went on to discredit other experts called upon, citing their heavy reliance on the Klein declaration.[1]

  • TIA

    Contrary to conspiracy theorists, the Terrorism Information Awareness (TIA) program, was a research and development program that integrated advanced collaborative and decision support tools; language translation; and data search, pattern recognition, and privacy protection technologies into an experimental prototype network focused on combating terrorism through better analysis and decision making. Under its prior name "Total Information Awareness", which created in some minds the impression that TIA was a system to be used for developing dossiers on U.S. citizens. That was not DoD’s intent in pursuing this program. Rather, DoD’s purpose in pursuing these efforts was to protect U.S. citizens by detecting and defeating foreign terrorist threats before an attack. Further, Congress specified that, "These tools may be used only in connection with “lawful military operations of the United States conducted outside the United States” or “lawful foreign intelligence activities conducted wholly overseas, or wholly against non-United States citizens.”[1] [2] [3] [4] [5]

  • 12333

    At a high level, the Order articulates broad principles for foreign intelligence activities, including intelligence collection that occurs outside of the territorial United States. It does not authorize any one intelligence-gathering effort, and there is no single EO 12333 surveillance “program.” The Order therefore differs from statutes, such as FISA, that often provide detailed rules and procedures for individual surveillance techniques or programs.[1]

    EO 12333 contains three parts. Part 1 establishes the goals of U.S. intelligence and assigns roles and responsibilities to the entities that comprise the IC. That Part is discussed in Section B.1 below. Section B.2 covers EO 12333 Parts 2 and 3. Part 2 of the Order explains the need for foreign intelligence information and establishes principles that balance that need with the protection of the rights of U.S. persons. It specifically requires IC elements to adopt certain procedures for the collection, retention, and dissemination of information concerning U.S. persons and the use of specific collection techniques. EO 12333 Part 3 addresses oversight, instructs intelligence agencies on how to implement the Order, and defines certain terms. As with other elements of U.S. law, the Order does not operate in a vacuum. Other executive orders, policy directives, statutes, or the like may impose requirements above and beyond those contained in EO 12333. For example, activities subject to FISA must also comply with that Act’s requirements.[2]

    The Order bans some activities outright. No intelligence agency may participate in assassinations. No intelligence agency may conduct human experimentation, except in conformance with broadly applicable HHS guidelines. No intelligence agency may conduct covert action intended to influence United States political processes, public opinion, policies, or media. Moreover, the Order forbids an element of the IC from participating in or requesting any person to undertake activities forbidden by the Order.[3]

    Further, the Order states that “[n]o one acting on behalf of elements of the Intelligence Community may join or otherwise participate in any organization in the United States on behalf of any element of the Intelligence Community without disclosing such person’s intelligence affiliation,” except where the activity is conducted “in accordance with procedures established by the head of the Intelligence Community element concerned or the head of a department containing such element and approved by the Attorney General, after consultation with the [DNI].”For example, under the CIA’s Attorney General-approved guidelines “a CIA officer who had not disclosed their affiliation could not propose a new policy for the organization, suggest a new course of action, attempt to convince members to modify an established practice, or otherwise in any way attempt to influence the activities of the organization.”[4]

    On Feb 10, 2022, Senator Wyden once again made headlines with his lies distorting details of a CIA program during his reelection run. He alleged, per a letter that was approved for declassification that he wrote, that the CIA operates a program that collects, in bulk, US Person data, akin to the discontinued BMD program 215 of the PA. It should be noted that declassification isn't an accuracy review, nor endorse the content. With the letter, the CIA also declassified a PCLOB report on the program, though heavily redacted. However, Senator Wyden counted on the media not reading this document, as it makes clear: 1) The program targeted financial records belonging to ISIS: "This report examines the CIA’s financial data activities conducted under E.O. 12333 in support of counterterrorism efforts with respect to the network of the Islamic State in Iraq and the Levant, or ISIL."[5] 2) That the program didn't intentionally collect USP data, that unintentional collection must be avoided as much as possible: "This review focuses on E.O. 12333 collection activities that are directed against non-U.S. entities and non-USPs[6]...officials also emphasized that targeters try to limit the amount of information about USPs that is collected. [redacted] examples of such limits focus on avoiding information that is clearly identifiable as US-focused. For example, [redacted] stated that CIA operators would try to avoid collection information [redacted] believed to have a connection to the US. Similarly, [redacted] CIA operators would try to avoid [redacted] asserts that it follows routine steps to limit USP data."[7] 3) CIA has an effective means to mask and delete USP data: "The CIA OIG reviewed the filters used [redacted] and related procedures and concluded that they are 'effective in identifying USP information in bulk financial data'. OIG described a separate process by which the CIA’s [redacted] takes steps to “minimize,” i.e., delete, segregate, or mask USP information in certain collections before the data is transferred.[8] OIG conclude that the procedures “were effective in ensuring that only minimized bulk financial data are disseminated." The CIA OIG also “confirmed that USP information masked on the [redacted] is also masked on the [redacted]"[9] The Senator also lied about not being briefed. His committee was, as unclassified documents confirm.[10]

    Political pundits and conspiracy theorists claimed that in Obama's last week in office, he eroded civil liberties and Constitutional rights for Americans regarding surveillance authorities. This, of course, was fake news. Indeed, the EO update to 12333 further enhanced protection of privacy and civil liberties, and Constitutional rights.[11] [12]

  • Xkeyscore

    Despite claims, Xkeyscore is not a discreet intelligence collection program. Instead, it is an analytic processing, indexing and discovery tool. NSA analysts are prohibited from running US-person queries in Xkeyscore, subject to very narrow exceptions. Analysts can run US-Person queries only with a probable-cause order from the FISC, consent, or approval from the Attorney General. All xkeyscore queries are subject to robust, technologically advanced logging and auditing: Analysts must provide detailed, non-formulaic justifications for each query. Each query is logged; these logs include the analyst's justification and various other telltale details about the query. NSA's auditing systems identify queries that may be insufficiently tailored or non-compliant. Human auditors familiar with the analyst's mission then review every query deemed to pose a risk of noncompliance. Under NSA rules, queries based on broad criteria must be tailored to avoid returning information that is not foreign intelligence. If an analyst's query returns information about an American, NSA policies limit how that info can be used, and disseminated.

    The auditing architecture is noteworthy because the system enabled meaningful scrutiny, in close to real time, and appears to be much more effective and comprehensive than the post hoc site visits and manual spot checks. For example, If an analyst has not completed the mandatory trainings, he or she will not receive the credential needed to access Xkeyscore data—though completion of training is insufficient to gain access. An NSA system enforces training and other access limitations. Prior to accessing Xkeyscore, NSA personnel must have completed mandatory training and be assigned to a mission in the system. That is, the NSA analyst would need to have a job (which would have one or more "missions") that required access to Xkeyscore data. Moreover, each authorized mission must have at least two auditors assigned to it. Any time a user attempts to access Xkeyscore, the system confirms there are still at least two valid auditors.[1] [2]

  • Stingrays

    Cell-site simulators permit the tracking of mobile telephones in the course of criminal investigations. Special agents and Technical Enforcement Officers may use cell-site simulators to help 1) locate cellular devices whose unique identifiers are already known to law enforcement, or 2) determine the unique identifiers of an unknown device by collecting limited signaling information from devices in the simulator user’s vicinity. A cell-site simulator receives and uses an industry standard unique identifying number assigned by a device manufacturer or cellular network provider. When used to locate a known cellular device, a cell-site simulator initially receives the unique identifying number from multiple devices in the vicinity of the simulator. Once the cell- site simulator identifies the specific cellular device for which it is searching, it will obtain the signaling information related only to that particular device. When used to identify an unknown device, the cell-site simulator obtains signaling information from non-target devices in the target’s vicinity for the limited purpose of distinguishing those from the target device. Mobile identifier information collected from non-target devices will be deleted within 24 hours in all cases. Initial contact with a cell-site simulator represents a general location of the mobile handset but does not provide specific location (i.e., GPS) details about any device.

    There are two specific cell-site simulator missions: target location and target development. In a target location mission, a specific mobile identifier is entered into the cell-site simulator. The cell-site simulator will then check all mobile identifiers until the requested mobile identifier is located and will reject all other mobile identifiers. During a target development mission, all mobile identifiers will be captured and processed afterward to identify the target number. Non-target data in the area will be deleted within 24 hours. By transmitting as a cell tower, cell-site simulators acquire the identifying information from cellular devices. This identifying information is, however, limited. Cell-site simulators provide only the relative signal strength and general direction and radius of the subject cellular device, and do not obtain or download precise location information from the device or its applications, so they do not function as a Global Positioning Satellites locator.

    Importantly, cell-site simulators used by special agents and Technical Enforcement Officers must be configured as pen registers18 (requiring a search warrant) and may not be used to collect the contents of any communication, in accordance with 18 U.S.C. § 3127(3).19 This includes contents of any communication stored on the device itself. Cell-site simulators do not remotely capture emails, texts, contact lists, images, or any other data from the device. Moreover, cell-site simulators used by Immigration and Customs Enforcement are not capable of collecting subscriber account information (e.g., an account holder’s name, address, telephone number) or the contents of the device’s communications. Immediately after either the target is located or the phone is identified, an operator of a cell-site simulator must delete all data collected, including all non-target mobile identifiers.

    Special agents and Technical Enforcement Officers must obtain a search warrant supported by probable cause and issued pursuant to Rule 41 of the Federal Rules of Criminal Procedure (or applicable state equivalent). The use of cell-site simulators must be done in a manner that is consistent with the requirements and protections of the United States Constitution, including the Fourth Amendment, and applicable statutory authorities, including the pen register statute (18 U.S.C. § 3121). Although exigent circumstances do not require a warrant under the Fourth Amendment, cell-site simulators still require court approval, consistent with the Pen Register Statute’s emergency provisions in order to be lawfully deployed. When an officer has the requisite probable cause, a variety of exigent circumstances may justify dispensing with a warrant. These include the need to protect human life or avert serious injury, etc.[1] [2] [3] [4] [5]

  • Commercial data/CAI

    Senator Wyden once again started lying to the public, in January 2024, claiming that DoD agencies such as the NSA, DIA, etc. can just buy American commercial data for spying. However, declassified documents he himself managed to get released expose this lie: Once again, he was hoping no one would actually bother to read those documents. Indeed, law explicitly provide the ability for DoD to purchase such information for critical infrastructure protection, as a December 11, 2023 Pentagon letter reads, "With respect to DoD personnel security, the Defense Security Components are required by law to integrate relevant and appropriate information from various sources, including...publicly available, and commercial data sources, consumer reporting agencies, social media, and such other sources as determined by the Director of National Intelligence." See 5 U.S.C. § 11001, Enhanced Personnel Security Programs... During the conduct of authorized intelligence activities , Defense Intelligence Components follow U.S. Attorney General - approved procedures set forth in Manual 5240.01, which governs the collection, retention, querying, and dissemination of United States Person Information (USPI), and rely on internal implementing policies, procedures, and guidance while carrying out their lawful intelligence missions. Defense Intelligence Components go to significant lengths to avoid ingesting or accessing USPI that could be included in CAI, and to verify that USPI is not inadvertently acquired or accessed. In these activities, Defense Intelligence Components evaluate their intelligence collection opportunities to assess whether those opportunities raise U.S. person privacy concerns, to include the collection opportunities that raise special circumstances based on the volume, proportion, and sensitivity of the USPI likely to be acquired, as required by Section 3.2 (e) of DoD Manual 5240.01, Special Circumstances Collection," and take additional steps, including obtaining authorization from the Defense Intelligence Component head or his designee before initiating such collection and applying more restrictions on the retention, querying, and dissemination. When making a determination that special circumstances exist, the Defense Intelligence Component head or his designee also must consider whether further enhanced safeguards are also appropriate, and if so, the Defense Intelligence Component must apply further retention restrictions in accordance with Section 3.3 (g) of DoD Manual 5240.01. Enhanced safeguards include stringent , prophylactic privacy protections that, as the term suggests , exceed the baseline handling requirements in DoD Manual 5240.01. For CAI, these enhanced safeguards are carefully tailored to mitigate the unique risks presented by the CAI at issue and can be implemented holistically across all phases of the intelligence cycle. Where enhanced safeguards are applied to mitigate the impact of DoD's access to, acquisition of, and use of CAI on US Persons."

    In response to question 4 by the Senator, "identify the DoD components that are, without a court order, buying AND using data acquired about Americans" the Pentagon responds with, "DoD Components, to include Defense Intelligence Components, buy commercial data, which includes information associated with electronic devices being used outside and possibly inside the United States, to conduct lawful DoD missions, such as intelligence, personnel security, and cybersecurity." The NSA responds, "NSA does not buy and use location data collected from phones known to be used in the United States either with or without a court order. Similarly, NSA does not buy and use location data collected from automobile telematics systems from vehicles known to be located in the United States. Finally, NSA does buy and use commercially available netflow (i.e. non-content) data related to wholly domestic internet communications and internet communications where one side of the communication is a US Internet Protocol address and the other is located abroad. For example, such information is critical to protecting the US Defense Industrial Base."[1] [2]

  • The Vulnerabilities Equities Process (VEP)

    The VEP balances whether to disseminate vulnerability information to the vendor/supplier in the expectation that it will be patched, or to temporarily restrict the knowledge of the vulnerability to the USG, and potentially other partners, so that it can be used for national security and law enforcement purposes, such as intelligence collection, military operations, and/or counterintelligence. All of these determinations must be informed by the understanding of risks of dissemination, the potential benefits of government use of the vulnerabilities, and the risks and benefits of all options in between. In the course of carrying out USG missions, the USG may identify vulnerabilities that cyber actors could exploit. In the vast majority of cases, responsibly disclosing a newly discovered vulnerability is clearly in the national interest. However, there are legitimate advantages and disadvantages to disclosing vulnerabilities, and the trade-offs between prompt disclosure and withholding knowledge of some vulnerabilities for a limited time or adopting a mitigation strategy short of full disclosure can have significant consequences. It is also important to recognize that the USG has not created these vulnerabilities.[1] [2] [3]

  • Watchlisting

    To no one's surprise, terrorist watchlisting nominations cannot be based on First Amendment activities. Not only is this publicly stated policy, but confirmed in leaked documents.

    • From the FBI's Counterterrorism policy Directive and Policy Guide explains, "To protect civil liberties and privacy, every watchlisting nomination must meet the watchlisting standard. The watchlisting of individuals based solely on activities protected by the First Amendment; on the race, ethnicity, national origin, or religion of the subject; or for political or retaliatory purposes is prohibited."[1]

    • As the IC-Wide, Watchlisting Guidance addresses,[2] "First Amendment protected activity alone shall not be the basis for nominating an individual for inclusion on the Terrorist Watchlist. Examples:

      Free Speech. The exercise of free speech, guaranteed by the US Constitution, includes more than simply speaking on a controversial topic in the town square. It includes such symbolic or other written, oral and expressive activities as carrying placards in a parade, sending letters to a newspaper editor, wearing a tee shirt with a political message, placing a bumper sticker critical of the President on one's car, and publishing books or articles. The right to free speech under the US Constitution applies to US persons wherever they are located and non-US persons located inside the United States.

      Exercise of Religion. The free exercise of religion overs any form of worship of a deity—even forms that are not widely known or practiced—as well as the right not to worship any deity. Protected religious exercise also extends to dress that is worn or food that is eaten for a religious purpose, attendance at a facility used for religious practice, observance of the Sabbath, raising money for evangelical or missionary purposes and proselytising.

      Freedom of the Pres. Freedom of the Press includes such matters reasonable access to news-making events, making documentaries, and the posting of "blogs."

      Freedom of Peaceful Assembly. Freedom of peaceful assembly, often called the right to freedom of association, includes gathering with others to protest government action, or to rally or demonstrate in favor of or in opposition to, a social case. The right includes more than just public demonstrations—it includes, as well, the posting of group websites on the internet, recruiting others to a lawful cause, marketing a message, and fundraising.

      Petition the Government for redress of Grievances. The right to petition the government for redress of grievances includes, for example, writing letters to Congress, carrying a placard outside the city hall that delivers a political message, recruiting others to one's cause, and lobbying Congress or an Executive Agency for a particular result.

      Equal Protection. The Equal Protection Clause of the US Constitution provides in part that: 'No State shall make or enforce any law which shall... deny to any person within its jurisdiction the equal protection of the laws.' The US Supreme Court has made it clear that this applies as well to the official acts of any US Government personnel. Nominations, therefore, shall not be based solely on race, ethnicity, national origin, or religious affiliation. Any activities relating to this Guidance that are based solely on such considerations are invidious by definition, and therefore, unconstitutional."

    Several US Federal Appeals Courts have also confirmed that the TSDB falls within compliance to the Constitution..[3] [4] [5]

    Between 2016 and 2017, Terry Albury leaked classified FBI information. His stated justification was that he was concerned that he was doing violated the 1st and 4th amendments of citizens with surveillance authorities. He leaked to the media, what he claimed was evidence of FBI wrong-doing, however, a cursory reading of the material confirms that he misled the public: 0 wrong-doing, 0 violation of privacy and civil liberties, 0 abuses, 0 violation of law or Constitution. Indeed, the documents extensively detail the protections US citizens and aliens in the US enjoy.[6] [7] [8] [9]

  • 2012 NCTC AGG

    In 2012, sensationalist reporting from the WSJ claimed that the National Counterterrorism Center (NCTC), as a result of changes in March of that year to AG guidelines, allowed NCTC access to data from other agencies, on any and all Americans, for no reason. The headlines that followed, as well as the original WSJ piece, distort reality—either by gross incompetence or a deliberate. Congress established the National Counterterrorism Center (NCTC) within the Office of the Director of National Intelligence (ODNI) to integrate and analyze all intelligence possessed or acquired by the United States Government pertaining to terrorism, and to ensure that all agencies with a counterterrorism mission have access to that intelligence to perform their duties. In November, 2008, the DNI and the Attorney General approved guidelines governing how NCTC identifies terrorism information in datasets that other federal agencies have already lawfully obtained pursuant to their own authorities, and prescribing protections for the information to be shared with NCTC (the 2008 Guidelines).[1]

    The 2008 Guidelines established three “tracks” for NCTC to access or acquire such information from other federal agencies. Under Track 1, NCTC analysts would have account-based access to a relevant agency dataset, while under Track 2, NCTC would submit query terms for the providing agency to perform the search and return responsive information. Under Track 3, the agency dataset would be replicated (copied) at NCTC so NCTC could use its analytic tools to identify terrorism information; if NCTC could not “promptly” identify terrorism information in the replicated dataset, the 2008 Guidelines required NCTC to “promptly remove” the information. As implemented at NCTC, this generally required the removal of information within 180 days.

    Reviews conducted in the aftermath of the December 25, 2009 terrorist attack found that the federal counterterrorism community had failed to adequately identify, correlate, and fuse together the discrete pieces of intelligence available in different databases. As a result, the President directed, among other things, that enhancements be pursued to improve knowledge discovery, database integration, cross-database searches, and the ability to correlate biographic information with terrorism intelligence. In pursuing such changes, and in light of its operational experience, NCTC recognized it needed to retain replicated datasets for longer periods to identify previously unknown relationships to terrorism information, which might become evident only after time-consuming correlation with other datasets, or with the discovery of new information at later points in time.

    In March, 2012, the DNI, the Attorney General, and the Director of NCTC approved the updated NCTC Guidelines. The Guidelines now provide that datasets likely to contain significant terrorism information may be temporarily retained for up to 5 years (or a shorter period as determined with the providing agency, known as the "data provider"). The updated Guidelines carry forward the same three-track framework from the 2008 Guidelines, while adding specificity on how data is obtained, retained, and disseminated, and providing for enhanced safeguards and oversight mechanisms to protect important privacy and civil liberties interests throughout the information sharing lifecycle.

    These 3 tracks only relate to the following 3 types of data already in the lawful and Constitutional possession of the Government: International travel, immigration status records and financial related, where banks may submit what they believe to be suspect financial transactions.[2] [3]

    • “Reasonable belief” standard. The Guidelines only apply to datasets that are reasonably believed to contain terrorism information. Moreover, NCTC may only retain United States person information (and other information protected under the Guidelines) within such datasets beyond the temporary retention period if it is reasonably believed to constitute terrorism information.
    • Respect for First Amendment-protected activities. The Guidelines prohibit access, acquisition, retention, use, or dissemination of U.S. person information solely for the purpose of monitoring activities protected by the First Amendment or the lawful exercise of other legal rights.
    • Track 1. For Track 1 – account-based access - the Guidelines provide that NCTC will access such datasets only for the purpose of identifying terrorism information; if information acquired by NCTC under this track is subsequently determined not to constitute terrorism information, NCTC must promptly purge the information from its systems. The Guidelines further provide that the initial query term used in such access shall be a known or suspected terrorist identifier or other piece of terrorism information (“terrorism datapoints”), and that while NCTC may follow up on positive query results to explore a known or suspected terrorist’s network of contacts or supports, its activities must be “designed to identify information that is reasonably believed to constitute terrorism information.
    • Track 2. Track 2 involves submitting query terms to the data provider. The Guidelines include similar protections to those described above: the query terms must consist of terrorism datapoints; if information returned by the data provider is not terrorism information, it must be purged; and NCTC’s activities must be designed to identify information that is reasonably believed to be terrorism information.
    • Protections during identification and acquisition of datasets. Before acquiring a dataset under Track 3, the Guidelines require that the Director of NCTC, in coordination with the data provider, make a finding that the dataset is “likely to contain significant terrorism information” and that NCTC’s purposes “cannot effectively be served through Tracks 1 or 2.” The NCTC Director must also consider whether NCTC’s purposes can be served by replicating a portion of the dataset, such as through limiting the types of records, or the number of fields that NCTC is given access to. As previously noted, NCTC and the data provider must also establish Terms and Conditions specifying dataset-specific protections, including the temporary retention period, which cannot exceed five years, but may be shorter if required by law, executive order or regulation, or if determined to be appropriate in coordination with the data providing agency. NCTC is required to use reasonable measures to identify and mark or tag United States person information in the datasets.
    • Pattern-based queries. The Guidelines provide that, “[t]o identify information reasonably believed to be terrorism information contained in Track 3 data, NCTC may conduct ... pattern-based queries and analyses.”However, NCTC must still satisfy the requirement that queries be designed solely to identify information reasonably believed to be terrorism information, and to minimize the review of information protected under the Guidelines that is not terrorism information. In addition, to the extent any pattern-based queries constitute "data mining" as defined by the Data Mining Reporting Act of 2007, NCTC would be required to report this activity to Congress, together with a description of the applicable safeguards.
    • Periodic Review of the Need For Continued Track 3 Access. The Guidelines require NCTC to conduct periodic reviews of all Track 3 datasets, in coordination with CLPO, to determine whether continued Track 3 access remains appropriate. In conducting these reviews, consideration is to be given to the purpose for which Track 3 access was initially chosen, whether that purpose has in fact been fulfilled through Track 3 access, and whether such purposes might now be fulfilled through Tracks 1 or 2 (as well as other relevant privacy and civil liberties considerations applicable to the dataset being reviewed).[4]

    Independent audits have confirmed NCTC abides by these restrictions.[5] NCTC cannot be considrered a "spy agency", as it cannot direct, execute or engage in collection activities.[6]

  • Terrorist Screening Center (TSC)

    On October 2003, the Terrorist Screening Center (TSC) was created, to consolidate and streamline terrorist watchlisting. A leaked document confirms that by design and intention, the Terrorists Screening Database (TSDB) conformed to the Constitution of the United States, that being: People were not nominated for watchlisting due to Constitutional protected activities. Free speech; exercise of religion; freedom of the press; freedom of peaceful assembly; petition the Government for redress of grievances and equal protection all applied to US persons in the US and abroad, and non-US persons in the US.[1] Several US Federal Appeals Courts have also confirmed that the TSDB falls within compliance to the Constitution.[1] [2] [3] [4]

  • CIA/NYPD

    Naturally, after 9/11, various States across the country requested requests for Intelligence Community support for counterterrorism investigations. A 2011 AP article alleged improper CIA activities involving NYPD. However, an independent investigation that reviewed thousands of records, many personnel, Congressional briefings, and more—found no violations of law, policy, or EO had occurred.[1]

  • Miscellaneous allegations

    • Political pundits and sensationalist headlines claimed in 2005, that the Pentagon was spying on Americans for anti-war demonstrations and groups. This sparked two members of Congress to request an independent IG investigation into the matter. This allegations concerns a database called Threat And Local Observation Notice (TALON). TALON was created under the DoD's Counterintelligence Field Activity (CIFA). The IG investigation however, found that this wasn't any sort of intelligence program. It found that TALON was a reporting system for community tips provided to DoD and law enforcement, on possible threats to DoD facilities. This enabled Commanders to protect their personnel and facilities. Further, "CIFA did not use the information in an attempt to monitor First Amendment activities of U.S. persons."[1] [2]

    • Allegations arose that since 2001, the FBI had been targeting certain domestic advocacy groups such as PETA, Greenpeace, etc. However, an investigation that examined a 6-year period from Jan 2001 to Dec 2006, found, "the evidence in our review did not indicate that the FBI targeted any of the groups for investigation based on their First Amendment activities."[1]

    • Political pundits claim that the Patriot Act was used to wrongfully target and arrest Brandon Mayfield, in May, 2004, in connection to the terrorist attack in Madrid—allegedly because he was a Muslim, that he was racially profiled. However, the independent DOJ Inspector General investigation found that 1. No Patriot Act authority was used, 2. The unique circumstances of Brandon Mayfield's fingerprints closely match those of the bomber, 3. Investigators did not know of his religion until during the investigation. In sum, the OIG concluded "contrary to some public speculation, the Patriot Act amendments to FISA did not affect the government's decision to seek FISA authority in the Mayfield case and did not affect the scope of information the government collected about Mayfield pursuant to the FISA surveillance and searches. We also found that the FBI did not use certain provisions of the Patriot Act in the Mayfield case, such as those relating to delayed notification searches. Moreover, the evidence indicated that, even prior to the Patriot Act, the FBI would likely have sought and been able to obtain identical FISA authorization for the searches and surveillance of Mayfield that it conducted. The OIG concluded that Mayfield's religion was not the sole or primary cause of the FBI's failure to question the original misidentification and catch its error. The primary factors Were the similarity of the prints and the Laboratory's overconfidence in the superiority of its examiners."[1]

      Some might try to invoke the 2007 Mayfield v. United States ruling to suggest the Patriot Act was unconstitutional. However, multiple post-Mayfield decisions correctly rebuked such a finding, based on its many flaws. Not surprisingly, the 2007 rulings was overturned in 2009. As one scholar finds, "Mayfield is flawed for at least four reasons: (1) The court did not properly address the constitutional significance of the federal authority created by FISA’s combination of the President’s national security powers, Congressional authorization and judicial approval; (2) The court did not adequately address why the FISA procedures are not sufficient under Keith; (3) The court failed to properly balance the Government’s national security interest in its Fourth Amendment analysis of FISA’s reasonableness; and (4) The court conducted an improper Fourth Amendment facial analysis of FISA." The author also notes, "there have already been two Federal District court decisions disagreeing with Mayfield and a third case that chose not to follow it. In the first case, United States v. Mubayyid, a District Court in Massachusetts heard motions in a criminal prosecution where the Defendants were charged with conspiracy to defraud the United States, false statements, tax fraud, and obstructing the Internal Revenue Service. The indictments charged that the defendants fraudulently obtained a charitable tax exemption for an entity that was soliciting and distributing funds for Islamic extremist activities. During its investigation, the Government obtained FISC authorization for surveillances and searches. The Defendants filed motions for disclosure of the FISA materials and motions to suppress for failing to satisfy statutory and constitutional requirements. The Mubayyid court very thoroughly set out the issues and the precedence, including Mayfield, and ultimately sided with In re Sealed Case, stating, “This Court agrees with that reasoning and accordingly concludes that FISA, as amended by the Patriot Act, does not violate the Fourth Amendment.” In the second case, United States v. Abu-Jihaad, a District Court in Connecticut heard motions in a criminal prosecution where the Defendant was charged with providing material support to terrorists and wrongfully communicating national defense information. During its investigation, the Government obtained FISC authorization for surveillances and searches. As in Mubayyid, the Defendant filed motions for disclosure of the FISA materials and motions to suppress for failing to satisfy statutory and constitutional requirements. The court denied the motions, following both In re Sealed Case and Mubayyid in holding that FISA does not on its face violate the Fourth Amendment and the collection of the FISA-derived evidence did not violate the Fourth Amendment or FISA. In its holding, the Abu-Jihaad court acknowledged Mayfield, but disregarded it, stating it was 'not at all clear why the Mayfield court held FISA unconstitutional on its face.' As demonstrated by both the previous and subsequent federal cases to review the Fourth Amendment implications of FISA’s purpose requirement, the constitutional analysis in Mayfield is flawed."[2] [3]

    • In 2008, David Murfee Faulk and Adrienne Kinne made several allegations to the ABC that the NSA listens on to anyone's domestic calls. This allegation was independently investigated by 3 seperate watchdogs that found no merit to the claims, and that indeed, they had 0 access to many SIGINT systems.[1] [2]

    • Disgraced journalist, Sharyl Attkisson, claimed in 2013 that the Obama administration was spying on her, due to her reporting on Fast and Furious and Benghazi. She hired a technician to review her computer, who conclude there was an advanced actor who gained remote access. However, an independent, expert forensic examination revealed serious flaws in their work. Ultimately concluded no such action occurred. Further exposing this hoax, the FBI confirmed that Attkisson was not subject to any FBI investigation.[1]

    • New Jersey Muslims in Syed Farhaj Hassan v. City of New York. Contrary to the headlines, this civil case was not a win for the Plaintiff's allegations. The stipulation in the 2018 settlement states, "Nothing contained in this Stipulation shall be deemed to be an admission by Defendant, or an adjudication, or finding on the merits of any of Plaintiffs’ allegations, assertions, or claims made in this action, nor an admission by Defendant that it has in any manner or way violated the rights of Plaintiffs or the rights of any other person or entity as defined in the constitutions, statutes, ordinances, rules or regulations of the United States, the State of New York, or the City of New York or any other rules or regulations of any department or subdivision of the City of New York."[1] Indeed, a fact-finding investigation by New Jersey AG found, "no evidence that the NYPD’s activities in the state violated New Jersey civil or criminal laws."[2]

    • An independent 2010 Intelligence Community Review Panel examined the Fort Hood shooting and Flight 253 incidents, among its findings, it found, "Officers in various agencies expressed everything from unease to worry about inadvertent mistakes to fear of professional rebuke if they strayed outside existing guidelines. In many cases, the panel sensed that officers had the authority they needed but were erring on the side of caution—a subtle form of risk aversion... these tendencies had practical and worrisome consequences in the two cases we studied." and, "Throughout our interviews, we were impressed with the great care taken by the Community to protect information about US Persons.... Intelligence officers in both the 25 December and the Hasan cases worked hard to stay within the guidelines, which sometimes led to excessive caution."[1]

  • PPD-28

    In 2014, a directive was issued that mostly just codified already-existing Intelligence Community practices regarding care taken to protect privacy and civil liberties, especially regarding collection of non-US persons, located abroad. PPD-28 sets out a series of principles and requirements that apply to all US Signals Intelligence Activities and for all people, regardless of nationality or location. In particular, it sets out certain requirements for procedures to address the collection, retention, and dissemination of personal information about non-US persons acquired pursuant to US signals intelligence. In summary:

    • The PPD reiterates that the US collects SIGINT only as authorised by statute, EO or other Presidential directive.
    • The PPD established procedures to ensure that SIGINT activity is conducted only in furtherance of legitimate and authorised national security purposes.
    • The PPD also requires that privacy and civil liberties be integral concerns in the planning of SIGINT collection activities. In particular, the US does not collect intelligence to suppress or burden criticism or dissent; in order to disadvantage persons based on their ethnicity, race, gender, sexual orientation, or religion; or to afford a competitive commercial advantage to US companies and US business sectors.
    • The PPD directs that SIGINT collection be as tailored as feasible and that SIGINT collected in bulk can only be used for specific enumerated purposes.
    • The PPD directs that the Intel Community adopt procedures "reasonably designed to minimize the dissemination and retention of personal information collected from SIGINT activities," and in particular extending certain protections afforded to the personal information of US persons to non-US person information.
    • Agency procedures implementing PPDF-28 have been adopted and made public.[1]

    An independent review has found that Agencies and Departments have complied with this Directive, as well as over-applied the directive, even to areas not covered by SIGINT, such as CIA's HUMINT activities, "The CIA, for example, has decided to apply PPD-28 to a broad range of activities, including some that it explicitly acknowledges "are not SIGINT." The CIA has also decided to apply PPD-28 to entire databases that contain any records it has deemed covered by PPD-28... we urge the CIA not to apply PPD-28's retention rules to [redacted] unless and until it develops a way to avoid over-application of the Directive."[2]

  • Minimization & unmasking

    Minimization

    Various authorities govern the minimization procedures of SIGINT collection: PPD-28, FISA, AG Guidelines, just to name a few. To quote a portion from the 2020 NSA Sec. 702 procedures that were approved by the FISC:

    • These NSA minimization procedures apply to the acquisition, retention, use and dissemination of information, including non-publicly available information concerning unconsenting United States persons, that is acquired by targeting non-US persons reasonably believed to be located outside the US in accordance with Section 702 of the Foreign Intelligence Surveillance Act of 1978, as amended. These minimization procedures apply in addition to separate querying procedures adopted pursuant to Subsection 702(f)(i) of the Act.

      If NSA determines that it must take action in apparent departure from these minimization procedures to protect against immediate threat to human life (eg force protection or hostage situations) and that it is not feasible to obtain a timely modification of these procedures, NSA may take such action immediately. NSA will report the action taken to the ODNI and to the NSD of the DOJ, which will promptly notify the FISC of such activity.[1]

      For domestic communications. A communication identified as a domestic communication (and, if applicable, the internet transaction in which it is contained), including information treated as a domestic communication, will be promptly destroyed upon recognition unless the Director (or Acting Director) of NSA specifically determines, in writing and on a communication-by-communication basis, that the sender or intended recipient of the domestic communication had been properly targeted under section 702 of the Act, and the domestic communication satisfied one or more of the following conditions:

      • Such domestic communications is reasonably believed to contain significant foreign intelligence information. Such domestic communications (and if applicable, the transaction in which it is contained) may be retained, handled, and disseminated in accordance with these procedures;
      • Such domestic communication does not contain foreign intelligence information but is reasonably believed to contain evidence of a crime that has been, is being, or is about to be committed. Such domestic communications may be disseminated (including US person identities) to appropriate Federal law enforcement authorities, in accordance with 50 USC 1906(b) and 1825(c), Executive Order 12333, and, where applicable, the crimes reporting procedures set out in the August 1995 Memorandum of Understanding: Reporting of Information Concerning Federal Crimes," or ant successor document. Such domestic communication may be retained by NSA for a reasonable period of time, not to exceed six months unless extended in writing by the Attorney General, to permit law enforcement agencies to determine whether access to original recordings of such communication is required for law enforcement purposes."[2]

    Agencies and Departments must also use generic terms to mask nonpublic USPII in disseminated intelligence reports (eg: US-person 1). The NSA also applies a default rule that plays a critical role in its handling of USPII: Even if USPII meets the legal standard for dissemination, the NSA nevertheless will generally mask the USPII in its initial dissemination of an intelligence report. 24 That practice allows for broader dissemination of NSA intelligence.[3]

    Unmasking

    When an element of the Intelligence Community disseminates a report that contains masked USPII, an official from another agency may request to view the USPII. That request may be granted if the standards for disclosure discussed above are met. That can occur when the agency masked the USPII in the initial dissemination of the report even though disclosure was permissible—as the NSA does as a matter of course. It can also occur when the requesting official has a unique need to view the USPII. For example, an FBI agent investigating a cyber-attack may need to know the identity of a victim mentioned in a report, even if other officials who received the report do not need to know that information.

    The year-to-year fluctuation in the number of unmasking requests can paint a misleading picture of the overall trend. For example, according to ODNI, in 2018 the number unmasking requests that the NSA granted for reports based on Section 702 collection increased significantly—from 9,529 to 16,721. But a key factor in that increase was the disclosure of the identities of numerous victims of malicious cyber-activity, which were included in only a handful of intelligence reports.Moreover, if a report contains multiple types of USPII about the same person—such as a name, email address, and IP address—and they are all disclosed, ODNI’s reports account for them as multiple disclosures. Because some reports can contain hundreds or even thousands of discrete pieces of USPII, the annual statistics can fluctuate significantly without reflecting any underlying change in disclosure practices or request trends. And notably, until the report for calendar year 2017, ODNI’s annual reports did not include USPII other than names and titles (e.g., email addresses), nor did they include USPII for corporations and associations.[4]

    Each agency has adopted a different set of procedures for evaluating unmasking requests.

    NSA. Government employees seeking disclosure of USPII in a disseminated NSA report use a web-based interface to submit requests. A requestor enters his or her name and credentials, a due date and the time sensitivity of the request (e.g., “urgent,” “routine”), the serial number of the intelligence report, the authorized recipients of the disclosure, and the justification for the disclosure. NSA personnel evaluate the request, including whether the justification is sufficient under the necessity standard, whether the urgency of the request is warranted, and whether any special restrictions, such as the Gates procedures, apply. Approval requires the concurrence of two NSA officials, one of whom is a senior official. Requests might be denied for lack of an adequate justification or because disclosure of the USPII would compromise sources or methods. Minor issues are often resolved over email with the requestor. Requests for disclosure of USPII by lower-ranking officials—such as line FBI agents—can take months to grant. If a request is approved, an email containing the USPII is sent to the requestor. The email includes a caveat stating that the information may be viewed only by the requestor and any other listed recipients. The caveat explains that no further sharing of the USPII is permitted without NSA authorization.[5]

    FBI. The FBI now processes unmasking requests through its Directorate of Intelligence. The FBI’s single-source reports contain an email address to make unmasking requests. When the Directorate of Intelligence receives a request, it coordinates with the relevant FBI field office to determine if granting the request would compromise an investigation or otherwise harm the office’s equities. A denial of an unmasking request is usually prompted by a field office’s objection. If the field office does not object, the Directorate of Intelligence applies the relevant legal standards to determine if disclosure is appropriate. It currently follows the protocol required by the 2018 directive from the Director of National Intelligence and the FBI’s implementing procedures, including a requirement that the disclosure be approved by the FBI Director or the Director’s designee. If the request is approved, the requestor is sent a written response that contains the USPII.[6]

  • Parallel construction

    There are several myths about parallel construction, such as that it essentially gives the Government a free shot to prosecute someone, and deny them fair trial. This stems from extreme ignorance of criminal law. A DOJ Inspector General report says, "We found that there is nothing inherently inappropriate about using parallel construction to re-create information originally derived from a confidential program for use as evidence in court filings, such as warrant applications, or even at trial. This practice is analogous to using conventional investigative techniques to confirm a fact initially disclosed to a law enforcement agency in a confidential tip." Put another way, it says, "Evidence that has been reconstructed in this manner is obtained through alternative, but similar, legal process, and not inappropriate to use merely because the facts were previously known to the government by other legal means." It continues, "However, the question of what must be disclosed to a defendant in discovery or under questioning by defense counsel is a separate issue from what may permissibly be relied on affirmatively in a court pleading. The question of whether and what the government will be required to disclose in discovery in such cases is governed by the Rules of Criminal Procedure (in particular, Rule 16) and by a body of case law, which may be complex and dependent upon the particular facts and jurisdiction. As in these situations, parallel construction does not supersede the government's discovery obligations, if any. Discovery obligations may lead back to the program eventually, depending on how much disclosure a court requires. This possibility exists even if the government never relies on any information developed from the program at trial or in a court filing. If complying with a discovery obligation would cause irreparable harm to a sensitive program, the government's options include seeking a protective order in sealed pleadings (likely on an ex parte basis), dismissing the particular counts that rely on the sensitive information, or in the most extreme circumstance dismissing the entire case-not ignoring discovery obligations."[1]

    In FISA, the government must notify a defendant pursuant to 50 U.S.C. 1806(c), that it intends to present evidence derived from electronic surveillance conducted under the Act. "(c) Notification by United States: Whenever the Government intends to enter into evidence or otherwise use or disclose in any trial, hearing, or other proceeding in or before any court, department, officer, agency, regulatory body, or other authority of the United States, against an aggrieved person, any information obtained or derived from an electronic surveillance of that aggrieved person pursuant to the authority of this subchapter, the Government shall, prior to the trial, hearing, or other proceeding or at a reasonable time prior to an effort to so disclose or so use that information or submit it in evidence, notify the aggrieved person and the court or other authority in which the information is to be disclosed or used that the Government intends to so disclose or so use such information." Of course, thus, the defendant can seek a motion to suppress under subsections (e)(g).[2]

  • Five Eyes

    It has been claimed by Snowden, political pundits and conspiracy theorists that the Five Eyes nations use each other's service to get around one another's domestic laws in order to violate privacy and civil liberties. In particular, Snowden charged that GCHQ and NSA used one another to do just that. However, in a review conducted by the British Parliament's Intelligence and Security Committee concluded this was utter nonsense: "It has been alleged that GCHQ circumvented UK law by using the NSA’s PRISM programme to access the content of private communications. From the evidence we have seen, we have concluded that this is unfounded. We have reviewed the reports that GCHQ produced on the basis of intelligence sought from the US, and we are satisfied that they conformed with GCHQ’s statutory duties. The legal authority for this is contained in the Intelligence Services Act 1994. Further, in each case where GCHQ sought information from the US, a warrant for interception, signed by a Minister, was already in place, in accordance with the legal safeguards contained in the Regulation of Investigatory Powers Act 2000."[1]

    Further, it was claimed that GCHQ engaged in mass surveillance, however, the British counterpart to the FISC, the IPT, ruled this was not so.[2] [3]

  • Oversight

    The following is not an exhaustive list or overview of the numerous, independent, internal and external oversight bodies.

    • Congressional

      Congressional oversight has been very thorough and independent, concerning NSA's SIGINT activities. In a SSCI committee report, published publicly in 2012, we find:

      "For the past four years, the Senate Select Committee on Intelligence has conducted robust oversight of the Executive Branch’s use of the surveillance authorities added to the Foreign Intelligence Surveillance Act (FISA) by the FISA Amendments Act of 2008 (FAA). This oversight has included the receipt and examination of over eight assessments and reviews per year concerning the implementation of FAA surveillance authorities, which by law are required to be prepared by the Attorney General, the Director of National Intelligence, the heads of various elements of the intelligence community, and the Inspectors General associated with those elements. In addition, the Committee has received and scrutinized unredacted copies of every classified opinion of the Foreign Intelligence Surveillance Court (FISA Court) containing a significant construction or interpretation of the law, as well as the pleadings submitted by the Executive Branch to the FISA Court relating to such opinions. Finally, the Committee has conducted several full hearings on both FISA generally and FAA specifically, which have been supplemented by numerous staff meetings with officials from the National Security Agency (NSA), Department of Justice (DOJ), Office of the Director of National Intelligence (ODNI), Federal Bureau of Investigation (FBI), and others.

      As Chairman of the Committee, I appreciate the efforts taken by the Executive Branch to keep the Committee fully informed regarding the implementation of the FAA and for its continued willingness to brief Members of Congress as we consider legislation to extend those provisions of the law set to expire on December 31, 2012.

      Collectively, the assessments, reports, and other information obtained by the Committee demonstrate that the government implements the FAA surveillance authorities in a responsible manner with relatively few incidents of non-compliance. Where such incidents have arisen, they have been the inadvertent result of human error or technical defect and have been promptly reported and remedied. Through four years of oversight, the Committee has not identified a single case in which a government official engaged in a wilful effort to circumvent or violate the law. Moreover, having reviewed opinions by the FISA Court, the Committee has also seen the seriousness with which the Court takes its responsibility to carefully consider Executive Branch applications for the exercise of FAA surveillance authorities."[1]

    • Executive

      • DOJ/ODNI

        The Joint DOJ/ODNI reviews concern all SIGINT activity, not just limited to FISA.

        Regular Joint DOJ/ODNI Audits.

        At regular intervals, the Department of Justice’s National Security Division (DOJ NSD) and the Office of the Director of National Intelligence (ODNI) jointly audit US intelligence agencies’ compliance with FISC orders relating to programs under Section 702. The joint audit is conducted on-site:

        Currently, at least once every two months, [DOJ] NSD and ODNI conduct oversight of NSA, FBI, and CIA activities under Section 702 [FISA]. These reviews are normally conducted on-site by a joint team from [DOJ] NSD and ODNI. The team evaluates and (where appropriate) investigates each potential incident of noncompliance, and conducts a detailed review of agencies’ targeting and minimization decisions. The Department of Justice reports any incident of noncompliance with the statute, targeting procedures, and minimization procedures to the FISC, as well as to Congress. Moreover, “the NSD and ODNI team lead weekly calls and bimonthly meetings with representatives from the NSA, CIA, and FBI to discuss, among other things, compliance trends and incidents that affect multiple agencies.”

        Periodic DOJ/ODNI Joint Reports.

        Using the results of their audits, the DOJ and the ODNI jointly issue quarterly compliance reports directly to the FISC. In addition to quarterly reports, the DOJ and the ODNI issue semi-annual reports on NSA compliance with targeting procedures, minimization procedures, and acquisition guidelines set forth in FISC orders governing Section 702 programs. These reports set forth the “scope, nature, and actions taken in response to compliance incidents.” DOJ/ODNI reports are available to the FISC when it reviews surveillance applications, or rules on remedial measures after receiving noncompliance notifications. Recently declassified FISC opinions show the FISC has reviewed these reports in deciding whether to approve government requests to authorize surveillance.

        In the reporting period between December 1, 2016– May 31, 2017, the 18th ODNI/DOJ audit found, "No intentional violations. Consistent with previous Joint Assessments, no instances of intentional circumvention or violation of those procedures were found during this reporting period. Compliance incident rate remains low. The compliance incident rate remained low, which is consistent with the compliance incident rate reported for other reporting periods. The majority of incidents were caused by a misunderstanding of the procedures, failure to conduct the required checks, technical issues, and inadvertent human errors."[2]

        The 23rd report finds no intentional violation, and overall low non compliance. NSA, for example, never had a tasking/detasking rate above 1%.[3]

      • NSA

        Out of the entire USIC, the NSA has the most internal and external oversight bodies: NSA's Inspector General, DoD's Inspector General, Intelligence Community Inspector General, DOJ's Inspector General, Office of the Director of Compliance, SID's Office of Compliance for Operations, (formally SV); the Office of General Counsel, CLPO and more.

        The FAA 702 targeting procedures for the 2011 certifications require that SV conduct periodic spot-checks of queries against repositories containing unevaluated and unminimized FAA 702 traffic. All queries of databases containing raw SIGINT content are subject to daily review by auditors assigned to each targeting analyst. Under U.S. Signals Intelligence Directive (USSID) CR 1610 , Section A2.9, auditors must be trained in accordance with SV standards or meet with SV for a briefing on auditor responsibilities before conducting audits. USSID CR 1610 also requires that SV conduct "super audits" of all interactive raw SIGINT database systems.

        FAA 702 Authority Lead is responsible for the implementation and operation of the FAA 702 authority for NSA. The FAA 702 Authority Lead serves on NSA's corporate Authorities Integration Group and works with other NSA mission Authority Leads and corporate, legal, policy, compliance, and technology personnel to coordinate implementation of NSA mission authorities. The FAA 702 Authority Lead addresses the tactical and strategic elements of the program; interacts regularly with NSA's OGC. ODOC , TD. LAO , and SID; routinely interacts with DoJ NSD, ODN1, FBI , and CIA; provides direction regarding daily operational and technical questions; and coordinates input to reports to Congress and the FISA Court.[4]

        Authorities Integration Group (AIG) is administratively assigned to ODOC and reports to the NSA Deputy Director. The AlG works directly with SID and Information Assurance Directorate authority leads, including the FAA 702 Authority Lead, and bolds weekly meetings with the authority leads and corporate process leads (e.g., TD, ODOC, OGC) to bring legal, policy, compliance. technology, and mission areas together to provide recommendations on the implementation of the authorities. The AIG focuses on the activities of each authority, internal and external, to ensure that they are coordinated and integrated across NSA. The AIG acts as a "forcing function" within NSA, facilitating discussion among the Directorates to promote better understanding of how decisions affect the various authorities. The AIG updates the NSA Deputy Director quarterly on each authority.[5]

        Office of the Director of Compliance (ODOC) is responsible for developing and directing thee execution of compliance strategics and activities focused on protecting USP privacy during the conduct of authorized NSA missions. ODOC has the authority to develop, implement, and monitor a Comprehensive Mission Compliance Program for the Agency, which addresses (1) integration of compliance strategies and activities across NSA mission, technology , and policy organizations; (2) a training and education program for compliance; and (3) maintenance of and reporting on the status of mission compliance. The CMCP 's focus is on mission compliance, particularly in Signals Intelligence and Information Assurance operations, including the technology base on which they function. The key objective of the CMCP is to provide reasonable assurance that the 'legal authorities and policies affecting USP privacy are reliably and verifiably followed by NSA. The CMCP includes activities and funding to support compliance with FAA 702, such as compliance target validation and query tools. ODOC's monitoring activities provide continuous assessment to determine whether internal controls are operating as intended. Its assessments help management evaluate the effectiveness of the. compliance program and its components. For example, ODOC reviews compliance activities associated with queries in NSA repositories, including those related to FAA 702. In addition, ODOC performs Compliance Vulnerability Discovery (CVD) reviews that focus on high-risk areas within the CMCP to discover compliance weaknesses. In 2013, ODOC completed two CVDs focused on mission compliance with SIGINT authorities. ODOC has also implemented processes to ensure that NSA representations to external overseers are accurate and NSA personnel have a consistent understanding of program activities. VoA and verification of implementation reviews are performed on written NSA representations that describe the Agency's acquisition, processing, retention, analysis, and dissemination and form the basis for legal opinions, FISC Orders, and Executive Branch decisions. fo 2013, ODOC conducted VoAs with FAA 702 stakeholders for the affidavits and targeting and minimization procedures supporting renew also of FAA §702 certifications.[6]

        SV implements the SIGINT compliance program across NSA. SV establishes SIGlNT compliance standards and provides guidance across the global SIGINT enterprise, manages incidents of11on-compliance, monitors compliance in high risk areas, resolves problems, and verifies compliance through audits and by managing the SIGINT Intelligence Oversight Officer program. SV manages resources to ensure that NSA corporate systems and capabilities align with CMCP solutions.[7]

        TD Office of Compliance (TV) is responsible for identifying, assessing, tracking, and mitigating compliance risks, including USP privacy concerns, in NSA mission systems across the extended enterprise, including systems that hold FAA 702 data. TV manages the system compliance certification process, continuous compliance monitoring, and technical compliance incident reporting and also trains technical personnel. TV performs VoAs for areas assigned to it in NSA representations.[8]

        "loveint." In September 2013, media went wild with accusations that NSA was rampant with its personnel spying on spouses. This was due to the release of a short letter from the NSA's IG,[9] in response to a question from a Senator. Since this happened in the same year as the Snowden leaks, journalists, political pundits and conspiracy theorists assumed this was related to the programs that Snowden exposed: Those under 702 and bulk 215 and PR/TT. However, examining the letter rather than the sensational headlines, we see where media departed from reality. Those activities have had 0 recorded abuse. The letter concerns other systems, some pre-dating 9/11.

        The letter states, "Since 1 January 2003 (to 11 September 2013), there have been 12 substantiated instances of intentional misuse of SIGINT authorities." This alone shows just how rare such misuses are. In most cases, the system prevented the access to retrieval of information.

        • Civilian employee, foreign location. In 2011, before an upcoming polygraph, the subject reported that "out of curiosity," he performed a SIGINT query of his home telephone number and his girlfriend, a foreign national. The SIGINT system prevented the query on the home number because it was made on a US person. The subject viewed the metadata returned by the query on his girlfriend's telephone.
        • Civilian employee, foreign location. In 2003, the subject tasked SIGINT collection of the number of his foreign national girlfriend without an authorized purpose for one month to determine whether she was involved with any local government officials or other activities that might get him in trouble.
        • Civilian employee, foreign location. In 2004, the subject self-reported that she tasked a foreign number she had discovered on her husband's mobile, because she suspected he was unfaithful. Tasking resulted in voice collection.
        • Civilian employee, foreign location. In 2003, the appropriate OIG was notified that an employee had possible violated USSID 18. A female foreign national employed by the US Government, with whom the subject was having sexual relations, told another government employee that she suspected that the subject was listening to her calls. That employee reported the incident. The investigation determined that, from approximately 1998 to 2003, the employee tasked nine telephone numbers of female foreign nationals, without a valid foreign intelligence purpose.
        • Civilian employee, foreign location. The employee's agency discovered that an employee had misused the SIGINT collection system between 2001 and 2003 by targeting 3 female foreign nationals.
        • civilian employee, foreign location. As the result of a polygraph examination, it was discovered that an employee had accessed the collection of communications on two foreign nationals.
        • Civilian employee, foreign location. In 2011, the subject tasked the number of her foreign national boyfriend.
        • Military member, CONUS site. In 2005, NSA OIG was notified that, on the subject's first day of access to SIGINT collection system, he queried six email addresses belong to a former girlfriend, a US person without authorization. A site review of SIGINT audit discovered the queries four days after they had occurred. The subject testified that he wanted to practice the system and decided to use her email addresses. No results were returned from query. His security clearance was terminated.
        • Civilian employee, CONUS site. In 2006, the Office of Oversight and Compliance within SID informed OIG that between 2005 and 2006, the subject had without authorization queried i two SIGINT systems the numbers of two foreign nationals, one of whom was his girlfriend. On one occasion, the subject performed a text query on his own name in a SIGINT system.
        • Civilian employee, CONSU site. In 2008, a SIGINT audit had discovered a possible violation of USSID 18. An investigation revealed that, while reviewing the communications of a valid intelligence target, the subject determined that the intelligence had a relative in the US. The subject queried the SIGINT system for the email address o the intelligence target in 2008 and used the other search terms to obtain information about the target's relative.
        • Military member, foreign location. In 2009, a military member assigned to a military tactical intelligence unit queried the communications of his wife, who was also a military member stationed in a foreign location. The misuse was discovered by a review of SIGINT audit logs.
        • Military member, foreign location. In 2009, a military united notified NSA OIG that, in 2009, a member queried a country's telephone numbers to aid in learning that countries language.

        While serious, it shows that deliberate abuse is extremely rare. It further shows the effectiveness of the oversight and audit system.

        A leaked SID Intelligence Oversight (IO) Quarterly Report, between April 2011 to January 2012, found that across all SIGINT authorities, most non-compliance incidents were due to human error, such as typographical mistakes, or delayed notice of roamer status. The vast majority of incidents were discovered by automated alerts—auditing accounted for the next common discovery, which is closely followed by self-reporting.[10]

        A declassified August 28, 2012 letter says, "NSA has invited DOJ to participate in pre- and post-order reviews that NSA's OGC hosts with NSA's operational, technical, and compliance personnel to ensure that there is a shared understanding of the collection activities. DOJ has participated in a number of these reviews already and anticipates participating in additional reviews on an ongoing basis. Benefits have been seen from these.[11]

      • PCLOB

        In its 2004 report, the National Commission on Terrorist Attacks Upon the United States, known as the 9/11 Commission, recommended the creation of what is now the Privacy and Civil Liberties Oversight Board.

        In response to the 9/11 Commission’s recommendation, President George W. Bush created the President’s Board on Safeguarding Americans’ Civil Liberties in 2004. The President’s Board ceased to meet following the enactment later that year of the Intelligence Reform and Terrorism Prevention Act of 2004, which created a Privacy and Civil Liberties Oversight Board within the Executive Office of the President. Finally, in 2007, the Implementing Recommendations of the 9/11 Commission Act (“9/11 Commission Act”) established the Board as an independent agency within the Executive Branch.

        Under the 9/11 Commission Act, the Board is comprised of a full-time Chairman and four part-time Members, each appointed by the President, with the advice and consent of the Senate, to staggered six-year terms. The Board’s statute requires that Members come from different political parties and be selected “on the basis of their professional qualifications, achievements, public stature, expertise in civil liberties and privacy, and relevant experience.” The Board’s responsibilities comprise two basic functions: oversight and advice.In its oversight role, the Board is authorized to continually review the implementation of Executive Branch policies, procedures, regulations, and information - sharing practices relating to efforts to protect the nation from terrorism, in order to ensure that privacy and civil liberties are protected. The Board also is authorized to continually review any other actions of the Executive Branch relating to efforts to protect the nation from terrorism, in order to determine whether such actions appropriately protect privacy and civil liberties and whether they are consistent with governing laws, regulations, and policies regarding privacy and civil liberties.

        In its advice role, the Board is authorized to review proposed legislation, regulations, and policies related to efforts to protect the nation from terrorism (as well as the implementation of new and existing policies and legal authorities), in order to advise the President and Executive Branch agencies on ensuring that privacy and civil liberties are appropriately considered in their development and implementation. The Board is also directed by statute to, when appropriate, coordinate the activities of federal agency privacy and civil liberties officers on relevant interagency matters.[12]

      • IOB

        The Intelligence Oversight Board oversees the Intelligence Community’s compliance with the Constitution and all applicable laws, Executive Orders, and Presidential Directives. It complements and supplements, rather than duplicates the oversight roles of the Director of National Intelligence, Department and Agency Inspectors General and General Counsels, and the Congressional Oversight Committees. It was created under EO 12334 in 1981.[13]

    • Judicial

      • FISC

        • 2009 Walton Opinion

          In a series of 2009 opinions, FISC Judge Reggie Walton issued a series of opinions addressing a compliance issue related to the NSA’s then-existing telephony metadata program. These opinions required the government to appear and explain its noncompliance, restricted the NSA from accessing the telephony metadata, and helped lead to the NSA adopting compliance management practices.[14]

          In 2009, the NSA discovered that technical systems related to a telephony metadata collection program, which existed at that time, were automatically updating an “alert list” of phone numbers. The updated alert list was automatically run against incoming metadata, and the automatically-updated portion of the list was a violation of FISC requirements that NSA analysts individually determine which phone numbers were reasonably associated with terrorist suspects. The Department of Justice reported the NSA’s “alert list” compliance incident to the FISC on January 15, 2009, announcing that as a result of this discovery, the NSA would be conducting an end-to-end review of technical systems related to the telephony metadata program.

          As a result, the FISC indicated it was considering terminating the metadata collection program, as well as holding executive officials in contempt. The FISC ordered the government to submit briefing so that it could determine:

          • Whether the FISC orders underlying the metadata program “should be modified or rescinded;”
          • Whether any “other remedial steps should be directed;” and
          • Whether the FISC should take action against “persons responsible for any misrepresentations to the Court,” including through the FISC’s contempt powers or by referring individuals to professional oversight offices.

          The government submitted responsive briefing to the FISC on February 17, 2009, supported by a declaration of the Director of the NSA. The NSA explained that the systems underlying the telephony metadata program were complex, such that no senior official within the agency had had a “complete technical understanding” of how NSA systems interacted with telephony metadata the NSA received. As a result, the NSA stated that no official had realized the “alert list” procedure was being used in a manner inconsistent with governing FISC orders. The NSA further stated it had implemented a “technical safeguard” that would prevent “any automated process or subroutine” from accessing metadata.

          The FISC responded to the NSA’s noncompliance by imposing substantial restrictions on the metadata program. The FISC prohibited the NSA from accessing the telephony metadata database. In order to query the database, the FISC required the NSA to first file a motion and receive FISC approval for every selector the NSA wished to query. The FISC stated its prohibition on the NSA accessing the metadata database would remain in force “until such time as the government is able to restore the Court’s confidence that the government can and will comply with previously approved procedures for accessing such data.”

          Approximately seven months later, the NSA had resolved compliance issues to the FISC’s satisfaction. By that time, the NSA had completed its end-to-end review of telephony metadata systems. It identified compliance issues, and provided the FISC with a report of how it intended to ensure compliance going forward. Among other measures, the NSA adopted compliance-management procedures. These included creating records of decisions to query a selector; conducting decision reviews; logging analyst activity to create audit trails; and audits. The NSA also introduced compliance training as a condition for analysts’ ability to search metadata, or to view the results of search queries.[15]

          On September 3, 2009, Judge Walton entered an order that reauthorized the telephony metadata program. This order lifted the prohibition on the NSA’s ability to query the metadata database, provided that NSA analysts first determined that there was a “reasonable and articulable suspicion” that telephone numbers to be searched were associated with terrorism suspects.

          Following the FISC’s September 3, 2009 order, the Department of Justice reported two additional compliance incidents to the FISC. Results of metadata queries had been shared with an NSA analyst who had not yet received now-mandatory training on compliance with FISC orders.

          The FISC responded it was “deeply troubled” by these incidents, which occurred “only a few weeks” after the NSA had submitted a “report intended to assure the Court that NSA had addressed and corrected [compliance] issues . . . and had taken the necessary steps to ensure compliance with the Court’s orders going forward.” On Friday, September 25, 2009, the FISC ordered the NSA to appear in person the following Monday to explain the compliance incidents under oath. The FISC’s order again indicated it was considering terminating or restricting the metadata program.[16]

          Following the hearing, the FISC was able to resolve its concerns.[17]

          For an easy-to-digest version see here. For the complex version, see here and here

        • 2011 Bates Opinion

          In response to NSA noncompliance, the FISC threatened program closure. The FISC’s response led the NSA to make substantial changes to a long-running intelligence program, and these remain in force today. In its April 2011 certification for reauthorization, the government informed the FISC that Upstream systems did not acquire discrete communications, but instead so-called “Internet transactions.” Internet transactions are a complement of data packets that can contain single or multiple communications. If the latter, they are referred to as Multiple CommunicationTransactions (MCTs). While MCTs contain emails or other communications sent to or from a targeted individual, they can also contain further communications that are unrelated to the person targeted for surveillance.[18]

          The NSA’s notification that it was collecting transactions, as opposed to communications, resulted in a months-long investigation by the FISC. The investigation revealed that present technology was unable to discern which Internet transactions constituted MCTs – and also whether particular MCTs contained communications from non-targeted persons. As a result, Upstream collected some emails of non-targeted individuals. The FISC eventually required the NSA to submit statistical analyses of Upstream collection for its review. The FISC determined that a small, but non-trivial percentage of Upstream collections constituted MCTs containing communications of non-targeted persons. The NSA acknowledged this was the case, but stated that a technical solution was not available because acquisition systems could only capture transactions, not individual communications. The NSA therefore asked the FISC to reauthorize Upstream without any changes.

          The FISC refused to reauthorize Upstream in its then-current form, instead requiring the NSA to either change or terminate the program. Its opinion evinced concern for the NSA’s compliance with its orders. The FISC began its analysis by, first, indicating it was concerned that Upstream collection appeared to be more expansive than the government had represented in the past. The FISC reviewed the NSA’s record of non-compliance with FISC orders, including the 2009 Judge Walton opinions relating to the telephony metadata program. The FISC stated it was “troubled” that the Upstream issues marked what it saw as another “substantial misrepresentation” about “the scope of a major collection program.” Second, the FISC reviewed Upstream’s minimization procedures and determined they did not minimize the number of emails belonging to non-targeted persons that the NSA retained. The FISC stated that the “NSA could do substantially more to minimize the retention” of non-target communications. As an example, the FISC stated it was “unclear” why NSA analysts would not be required to delete non-target communications that did not contain foreign intelligence information. The FISC also noted that the NSA had not demonstrated “why it would not be feasible to limit access to upstream acquisitions to a smaller group of specially-trained analysts who could develop expertise in identifying and scrutinizing MCTs” to remove non-target communications.[19]

          Lastly, the FISC applied the Fourth Amendment’s reasonableness framework and determined that Upstream’s collection of MCTs was not consistent with the US Constitution. The Court noted that although a relatively small number of non-target emails were affected via MCT acquisition, “the intrusion resulting from [the] NSA’s acquisition of MCTs is substantial.” In the FISC’s eyes, it was difficult to justify this intrusion because “the communications of concern here” were not acquired to protect national security, but “simply because they appear somewhere” in a transaction where a targeted facility also appeared. Thus, the FISC held they “do not serve the national security needs” underlying the Upstream program. Given that the FISC had determined the NSA’s minimization procedures “tend to maximize the retention of” non-target communications, they “enhanc[ed] the risk” that intrusions on privacy interest would continue to occur. As a result, the FISC stated it was “unable” to conclude that Upstream, in its present form, was reasonable under the Fourth Amendment.

          The FISC therefore declined to reauthorize the Upstream program in regards to MCT collection. Instead, the FISC gave the NSA 30 days in which it could (a) “correct the deficiencies” the FISC had identified, or (b) terminate the MCT collection portion of Upstream. With this order, the FISC effectively threatened program termination if the NSA could not remedy the problems the FISC had identified.[20]

          The FISC’s order led the NSA to propose substantial changes to the Upstream program. Going forward, the NSA agreed to:

          • Reduce the retention period for Upstream-collected transactions by three years;
          • Segregate Upstream-collected MCTs containing potentially protected communications into a separate database;
          • Only permit NSA analysts who had received MCT review training to access the MCT database;
          • Immediately destroy any MCTs containing wholly domestic communications; and
          • Flag all other MCTs as having emanated from the MCT database, thus requiring NSA analysts to make – and document – a series of determinations before using them.

          Moreover, the NSA agreed that Upstream-collected data would not be shared with any other agency.

          The FISC concluded that these measures adequately protected the non-target communications embedded within MCTs “that are most likely to contain non-target information subject to statutory or constitutional protection.”These measures have remained in place for the Upstream program since their adoption in 2011 until the present.[21]

        • 2018 Opinion

          Following the declassification of the 2018 FISC opinion, headlines quote-mined the opinion, stating that it found FBI's query and record keepings as inadequate. This is true, however, this was due to the recent changed in 2017, under the amendments Congress added. It doesn't reflect 2008 to 2018 procedures.

          The FISC found that “the minimization procedures and querying procedures to be implemented by the FBI are consistent with the requirements of Section 702(e) and Section 702(f)(1)(A)-(B) respectively and of the Fourth Amendment, except insofar as they [were] inconsistent” with those authorities in two aspects. First, the FISC found that the FBI’s retention of all query terms without differentiating which terms concern U.S. persons did not meet the requirements of Section 702(f)(1)(B) of FISA, a provision enacted as part of the FISA Amendments Reauthorization Act of 2017 requiring the Government to adopt querying procedures that, among other things, “include a technical procedure whereby a record is kept of each United States person query term used for a query.” The FISC concluded that Section 702(f)(1)(B) requires that the FBI’s query records indicate which terms concern U.S. persons.

          The FISC also concluded that the FBI’s querying and minimization procedures, as implemented, were inconsistent with Section 702 and the Fourth Amendment, in light of certain identified compliance incidents involving queries of Section 702 information. These incidents involved instances in which personnel either misapplied or misunderstood the query standard, such that the queries were not reasonably likely to return foreign intelligence information or evidence of a crime. Some of these instances involved queries concerning large numbers of individuals. While stating that the Government had taken “constructive steps” to address the identified issues, the FISC held that these steps did not fully address the statutory and Fourth Amendment concerns raised by the compliance incidents. The FISC suggested, however, that these statutory and Fourth Amendment concerns would be remedied if the Government adopted a proposal made by amici to document, in writing, the basis for the FBI’s belief that a particular query of Section 702 data using a U.S. person query term is reasonably likely to return foreign-intelligence information or evidence of crime before FBI personnel examined the content of Section 702 information returned by such queries. The 2018 Querying Procedures submitted by the other agencies, which were approved by the FISC as noted above, include this same documentation requirement.

          The Government appealed the FISC’s deficiency finding related to the FBI’s procedures to the FISC-R which, after briefings and oral arguments by the Government and amici, issued a per curiam opinion on July 12, 2019, affirming in part the FISC’s decision (hereafter FISCR’s July 2019 Opinion).

          Like the FISC, the FISC-R concluded that “Section702(f)(1)(B) is best interpreted as requiring some kind of technical procedure that requires agency personnel to memorialize, to the extent reasonably feasible, whether a query term is a United States person query term.” Because the FISC-R’s conclusion regarding Section 702(f)(1)(B) required the Government to amend the FBI’s querying procedures, it declined to reach the issue of whether the FBI’s querying and minimization procedures complied with the requirements of FISA and the Fourth Amendment.[22]

        • 2020 Opinion

          On November 18, 2020, the FISC issued a classified Memorandum Opinion and Order approving the 2020 Certifications and the associated targeting, minimization, and querying procedures. In the Memorandum Opinion, the Court examined the proposed procedures, both as written and in the context of how prior procedures had been implemented by the government, and found that the proposed procedures satisfy the requirements of FISA and the Fourth Amendment.

          One focus of the November 2020 opinion was on the Federal Bureau of Investigation’s (FBI) queries of unminimized Section 702-acquired information. The Court took note that since its most recent opinion on Section 702, FBI had implemented system changes to comply with recordkeeping and documentation requirements for such queries and had deployed mandatory training for all FBI personnel with access to unminimized Section 702-aquired information. The Court, however, stated it “continues to be concerned about FBI querying practices involving U.S.-person query terms, including (1) application of the substantive standard for conducting queries; (2) queries that are designed to retrieve evidence of crime that is not foreign-intelligence information; and (3) recordkeeping and documentation requirements.” See p. 39. The Court examined specific compliance incidents (see pp. 39 – 44) and evaluated the manner in which FBI implemented various changes to systems (see pp. 44 – 52). The Court noted that a majority of these query incidents occurred prior to FBI implementing system changes and deploying mandatory training intended to address these compliance matters, and that the COVID-19 pandemic had subsequently severely limited the ability of the government to monitor the FBI’s compliance once these system and training changes had been put in place. See pp. 41, 43, 49-50. As a result, the Court concluded that the improper queries do not undermine the Court’s determination that FBI’s querying and minimization procedures meet the applicable statutory and Fourth Amendment requirements, but stated that it would “continue to closely monitor the government’s reporting in order to evaluate whether the querying procedures are being implemented in a manner consistent with the statute and the Fourth Amendment.” See pp. 41, 44, and 49-50. The Court also imposed new reporting obligations on the government to facilitate its oversight. See pp. 51, 63, and 66.[23]

  • Pre-Snowden "whistleblower" allegations

    In 2008, David Murfee Faulk and Adrienne Kinne made several allegations to the ABC that the NSA listens on to anyone's domestic calls. This allegation was independently investigated by 3 seperate watchdogs that found no merit to the claims, and that indeed, they had 0 access to many SIGINT systems.[1] [2]

    Bill Benney, Thomas Drake, Edward Loomis, et al. These folk have appeared on many legitimate outlets, and some more—conspiracy theory-leaning, charging that they developed and proposed a new SIGINT system that 1. could have prevented 9/11 and 2. Protected privacy, known as thinthread. They then charge that this system was ignored in favour a more expansive program, one that didn't protect privacy as theirs did, (trailblazer). However, declassified documents reveal that their description of thinthread doesn't match reality. Trailblazer was a larger, NSA-wide modernization effort, not a single SIGINT program. Further, elements of thinthread were incorporated into trailblazer, and deployed. It was an apples to oranges comparison.[3]

  • Snowden

    Snowden loves to portray himself as a saint and hero: That he was a highly-regarded senior expert, a patriot who uncovered acts he deemed illegal, unconstitutional and immoral—first attempted to raise concerns through internal channels; then, after all options were exhausted and Congressional testimony from Clapper—pushed him over the edge and he decided to leak to the press. He did everything by the books, of honest character.

    However, a critical examination of the facts makes clear that none of it is true. In sum: He was a low-end, entry-level IT systems admin for two contracting companies. He raised 0 concerns internally to coworkers or via official channels; he tricked and captured coworker login credentials after tricking them that he needed access for his duties; and started downloading data long before Clapper's testimony. He would abuse his IT admin access to edit his own, failing annual assessment reports, and more. It is also not clear Snowden understood the numerous privacy protections that govern the activities of the IC. He failed basic annual training for NSA employees on Section 702 of the Foreign Intelligence Surveillance Act (FISA) and complained the training was rigged to be overly difficult. This training included explanations of the privacy protections related to the PRISM program that Snowden would later disclose.

    In response to his many public statements, searches were conducted across NSA for all internal correspondence Snowden had. These were released by FOIA request, disproving Snowden's claims.

    • Employment

      Most of Snowden's career at CIA and NSA, was through contractors, not direct employees. Further, the majority of his positions were entry-level, IT support roles. Only in the last few months prior to his leaks, did he take jobs demanding more skill. One was NSA's TAO, to which, as discussed below, he cheated to pass muster. Then in March 2013, he went back as a contractor to BAH, working as an network analyst at NSOC to fend against foreign actor penetration of DoD networks. He never held a senior CIA or NSA position, or senior position as a contractor.[1] [2] [3] [4]

    • Integrity

      Among many acts displaying a lack of integrity, Snowden also modified CIA's performance review software in connection with his annual performance review, by manipulating the font. This led to Snowden's recall for "professional consultations" with a head of CIA's technical officers in EU.[5]

    • Competence

      Among others, 3 areas demonstrate Snowden's incompetence:

      • In early April 2013 an individual who did not identify himself appeared at the desk of an employee in the SV training area. He asked if he could talk to someone about the OVSC1203 (FISA Amendment Act Section 702 training) course. In the words of the SY employee he seemed upset and proceeded to say that he had tried to take OVSCl 203 and that he had failed. He then commented that he felt there were trick questions throughout the course content that made him fail. ((Note: SV Training has standard responses used to respond to questions like this.)) The SV employee introduced herself and informed him that the OVSC courses did not contain any trick questions and that all of the answers to the test questions could be located within the course content. She reminded him that the course is open book and not timed. He was told that students get multiple attempts to successfully pass the course and if he was not successful after multiple attempts, he would need to contact the office for further assistance. In the view of the SV employee he seemed to have calmed down by then and said he still thought the questions tricked the students, but he would try again. He departed the SV training area and to her knowledge did not address the issue with SV training again. This interaction did not involve concerns about NSA programs and activities.[6]

      • In June 2012, Snowden installed a patch to a group of servers on classified networks that supported NSA field sites, including NSA Hawaii. Although the patch as intended to fix a vulnerability to the classified servers, the patch caused the servers to crash, resulting in the loss of network access for several NSA sites. He failed to test the patch before loading it.[7]

      • In the summer of 2012, after the unauthorised removal of records, Snowden spent months applying for employment as a NSA civilian. In September 2012, he took a test to obtain a position in the Tailored Access Operations office, after finding the test and its answers among the documents he had taken off NSA networks. He past. He took further records from TAO.[8]

    • Records access

      Snowden used blunt mass-download tools, like "wget" and DownThem All. Forensic examination confirms that Snowden's use of these tools didn't target areas of potential privacy or civil liberties concerns; rather Snowden downloaded all information from internal NSA networks and classified webpages. Exceeding the access required to do his job, Snowden next began using his systems admin privileges to search across other NSA employees' personal network drives and copy what he found on their drives. Snowden also enlisted his unwitting colleagues to help him, asking several for their security credentials so he could obtain information that they could access, but he could not. One coworker lost their security clearance and resigned from employment. Snowden fragrantly violated the privacy of his coworkers.[9] [10] [11]

    • Official channels

      Snowden's claims that he raised concerns internally. Records released by FOIA confirm Snowden lied about this.

      "Our findings are that we have found no evidence in the interviews, email, or chats reviewed that support his claims. Some coworkers reported discussing the Constitution with Snowden, specifically his interpretation of the Constitution as black and white, and others reported discussing general privacy issues as it relates to the Internet. Not one mentioned that Snowden mentioned a specific NSA program that he had a problem with. Actually, many of the people interviewed affirmed that he never complained about any NSA program. We also did not have any reflection that he asked anyone how he should/could report perceived wrongdoing.[12]

      1 email generated through the OGC web form about questions for OGC. On 5 April 2013, Snowden asked about a slide in the USSID 18 training program (OVSC1800) that listed United States legal authorities (Constitution at the top, office policies at the bottom). Snowden argued that Federal statutes should not be on the same level as (i.e. equivalent to) Executive Orders. Snowden also asked which has greater precedence, ODNI or DOD regulations (also listed on the same line). On 8 April 2013 responded that E.0.s have the "force and effect of laws" but cannot override federal statute. DOD/ODNI conflicts would be settled by date of issuance and subject matter. It should be noted this is four months after contacting Glenn Greenwald (according to Greenwald) and three months after contacting Laura Poitras (according to Poitras and Greenwald). So this email is not evidence that he tried to raise concerns about NSA procedures through official channels before turning to the media.[13]

    • Decision to leak

      Snowden claimed his "breaking point"—the final impetus for his unauthorised downloads and disclosure of troves of classified material—was March 2013 Congressional testimony by DNI Clapper. But only a few weeks after his conflict with NSA managers, on July 12, 2012—eight months before DNI Clapper's testimony—Snowden began the unauthorized, mass downloading of information from NSA networks.[14]

      Did Clapper lie to Congress? No. His answer was clearly regarding 702. Indeed, his follow-up letter confirms as such.[15] Of course, the prolific liar, Senator Wyden, deliberately put him on the spot, since Wyden knew Clapper couldn't answer a then-classified question. The Senator knew the answer, as his Committee, and all of Congress were briefed.

    • Statements about programs

      One of Snowden's more infamous quotes, he describes NSA's content collection under Sec. 702, "I, sitting at my desk, certainly had the authorities to wiretap anyone, from you, or your accountant, to a federal judge, to even the President if I had a personal email."[16] As this repository has shown, that is strictly prohibited, and not evidenced by any leaked or declassified material.

    • Chilling-effect myth

      After the Snowden leaks, wikimedia claimed, then-without evidence, that there was a "chilling-effect" among the public as a result of the (inaccurate) media portrayal of the above-discussed programs. Eventually, a model proposed by Jonathon Penney, claiming to show this effect. However, a critical examination of this model, in a landmark paper pointed out the flaws, and bias of the analysis. "The methodology used in the Penney Declaration—which purportedly shows an upward trend in page views of certain articles posted on Wikipedia through May 2013, followed by an abrupt drop and downward trend in views of those articles beginning in June 2013—is deeply flawed, inappropriate, and likely biased."[17] [18]

    • Damage

      Snowden's leaks caused grave damage to national security. 1.5 million records were taken. The topics were far and wide. From DoD/IC budget materials, to satellite locations and targets—and penetration of hard targets. Some laypeople have tried to suggest, somehow, that the leaks didn't cause damage. But the leaked material simply shows otherwise, even if we are to ignore the damage assessments. Naturally as well, the leaks concerning 702 and 215 also was grave damage, as the inherent interpretation of law counted as sources and methods—enabling terrorists to ditch mobile devices and other communications platforms identified in the leaks.[1] [2] [3] [4] [5]

  • Post-Snowden litigation

    In order to avoid repetitiveness, and due to bulk BR's simple Constitutional and Statutory analysis, I won't provide an an overview for each ruling, aside from Moalin, as they all cover the same territory. 702's litigation has addressed various components of its operation, thus each deserving of a brief description.

    • Bulk BR

      Throughout, and after its operation, bulk BR was ruled Constitutional and lawful by over 20 federal Judges, over 40 seperate instances.

      US v. Moalin (2020): In September 2020, numerous headlines repeated the claim that the 9th Circuit Appeals Court (CA9) found the bulk telephony metadata program as: "unlawful, unconstitutional and not effective." However, a clear reading of the ruling, and background legal matters, reveals this was not so—thus, upholding the Lower Court's findings it were Constitutional, authorised.

      1. Statutorily authorised. Relevance requirement satisfied: CA9 agreed (but did not rule) with Clapper (2015, CA2). A ruling that was egregiously wrong when decided. Unfortunately, the Government never had the chance appeal this ruling, because the UFA made it moot to do so—however, a seperate Federal Court did find Clapper to be deeply flawed, importantly it rebuked its relevance analysis: "Second Circuit rulings are not binding on the FISC, and this Court respectfully disagrees with that Court's analysis... to a considerable extent, the Second Circuit's analysis rests on mischaracterisations of how this program works... For the same reason, the Second Circuit's conclusion that the approach to relevance adopted by the FISC conflicts with the "other than a threat assessment" language of section 501 (b )(2)(A) is also unpersuasive. See 785 F .3d at 817." Furthermore, CA2 didn't ask or order the examination of anything ex parte, such as the information shown to the FISC, multiple times—and given specific cases demonstrating relevance. CA9 also points to Clapper's relevance discussion when it quoted the PCLOB report. While the Board reached unanimous agreement that the program was constitutional, only 3 out of 5 members said the program was not authorised under 215. They came to this conclusion by examining the relevance standard. The majority were simply wrong. In discussing standards for approving queries, the majority cite in footnote 62 'Report of the United States, In re Application of the Federal Bureau of Investigation for an Order Requiring the Production of Tangible Things, No. BR 09-09 (FISA Ct. Aug. 17, 2009)', the Mueller affidavit attached there explicitly details FBI investigations relevant to bulk BR. This inconvenient fact was either missed due to incompetence or deliberate deception, on behalf of the non-expert majority. The majority (Dempsey, Wald and Medine have 0 expertise in criminal or national security law). It's no surprise that the two that do, Brand and Collins, dissented and found that it was authorised under 215. The FBI affidavit provides statistics over 3 years (2006-08) of 27 Full investigations, 77 Intelligence information reports & details 4 specific Counterterrorism investigations to which BR has aided in, as well as BR tippers that led to re-opening previously closed investigations. The affidavit also details other investigations which revealed previously unknown contacts in the US. Therefore, CA9 was also wrong to agree with CA2's reference to the PCLOB report.

      2. CA9 did not find that the Government lied:
      People claiming the Court found the Government lied about the role & effectiveness of the program. this is based on a misunderstanding. Court actually said: "Contrary to defendants’ assumption, the government maintains that Moalin’s metadata “did not and was not necessary to support the requisite probable cause showing” for the Subchapter I application in this case. Our review of the classified record confirms this representation. Even if we were to apply a “fruit of the poisonous tree” analysis, see Wong Sun, 371 U.S. at 487–88, we would conclude, based on our careful review of the classified FISA applications and related information, that the FISA wiretap evidence was not the fruit of the metadata collection. Again, if the statements of public officials created a contrary impression, that impression is inconsistent with the facts presented in the classified record." Basically the defendants relied on their impression from Government officials, to suggest that the "tip" or "lead" info from the program, had a role to play in their Title 1 FISA app—the Court, ruled that it played no probable cause finding, nor was introduced as evidence at trial. The Government even said as much back in its 2016 brief, and never said otherwise.

      3. CA9 did not rule the program unconstitutional: "For all these reasons, defendants’ Fourth Amendment argument has considerable force. But we do not come to rest as to whether the discontinued metadata program violated the Fourth Amendment because even if it did, suppression would not be warranted on the facts of this case."

      June 2015 Mosman Opinion: Ruled Constitutional and lawful. Smacks down ACLU v. Clapper (2015). "Second Circuit rulings are not binding on the FISC, and this Court respectfully disagrees with that Court's analysis... to a considerable extent, the Second Circuit's analysis rests on mischaracterisations of how this program works... For the same reason, the Second Circuit's conclusion that the approach to relevance adopted by the FISC conflicts with the "other than a threat assessment" language of section 501 (b )(2)(A) is also unpersuasive."

      ACLU v. Clapper (2015): Overturned Clapper (2013). This erroneous opinion could not be appealed, due to the enactment of the Freedom Act, making DOJ's attempted appeal moot.

      Klayman v. Obama (2015): Overturned Klayman (2013).

      June 2014 Zagel Opinion: Judge Zagel, "I have carefully examined the noted U.S. District Court opinions, and I agree with Judge Collyer's analysis and opinion of the Klayman holding."

      March 2014 Collyer Opinion: Judge Collyer engaged in an extensive analysis of Judge Leon's opinion in Klayman, ultimately disagreeing with his conclusion that Smith v. Maryland is inapplicable to the collection of bulk telephony metadata.

      Smith v. Obama (2014): Ruled Constitutional. "While there is speculation that the NSA is tracking location, there is no evidence of that, and the agency denies it. Under these circumstances, the Court will not assume that the NSA’s privacy intrusions include location tracking... Because Jones does not apply, the weight of the authority favors the NSA. The Supreme Court’s decision in Smith, supplemented by the Circuit’s decisions in Reed, Forrester, and Golden Valley, and the two District Court decisions on point, Clapper and Moalin, support a finding that there is no Fourth Amendment violation here. The contrary view is stated by Klayman v. Obama... But Smith was not overruled, and it continues – along with the Circuit decisions discussed above – to bind this Court. This authority constrains the Court from joining Klayman."

      Klayman v. Obama (2013): Ruled unconstitutional.

      US v. Moalin (2013): Ruled Constitutional and lawful.

      ACLU v. Clapper (2013): Ruled Constitutional and lawful. "Congress is presumed to be aware of an administrative or judicial interpretation of a statute and to adopt that interpretation when it re-enacts a statute without change." Forest Grove Sch. Dist. v. T.A., 557 U.S. 230, 239-40 (2009) (quoting Lorillard v. Pons, 434 U.S. 575, 580 (1978))... There is no douht that the Congressional Committee~ responsible for oversight of this program knew about the FlSC opinions and the Executive Branch's interpretation of section 215. But what about the rest of Congress? In 2010 and 2011, Congress reauthorized section 215 without making any changes. Prior to the 2010 reauthorization, the Executive Branch made available to all members of Congress a classified, five-page document discussing the bulk telephony metadata program. The following year, when section 215 was again scheduled to sunset, senators were informed of an updated classified document available for their review. Viewing all the circumstances presented here in the national security context, this Court finds that Congress ratified section 215 as interpreted by the Executive Branch and the FISC, when it reauthorized FISA."

      "Because Smith controls, the NSA's bulk telephony metadata collection program does not violate the Forth Amendment."

      October 2013 McLaughlin Opinion: Independently reviews August opinion, finds the program Constitutional and lawful. "The Court has conducted an independent review of the issues presented by the application and agrees with and adopts Judge Eagan's analysis as the basis for granting the Application. The Court writes separately to discuss briefly the issues of "relevance" and the inapplicability of the Fourth Amendment to the production. Although the definition of relevance set forth in Judge Eagan' s decision is broad, the Court is persuaded that that definition is supported by the statutory analysis set out in the August 29 Opinion. That analysis is reinforced by Congress's re-enactment of Section 215 after receiving information about the government's and the FISA Court's interpretation of the statute. Although the existence of this program was classified until several months ago, the record is clear that before the 2011 re-enactment of Section 215, many Members of Congress were aware of, and each Member had the opportunity to learn about, the scope of the metadata collection and this Court's interpretation of Section 215. Accordingly, the re-enactment of Section 215 without change in 2011 triggered the doctrine of ratification through re-enactment, which provides a strong reason for this Court to continue to adhere to its prior interpretation of Section 215. The undersigned also agrees with Judge Eagan that, under Smith v. Maryland. 442 U.S. 735 (1979), the production of call detail records in this matter does not constitute a search under the Fourth Amendment."

      August 2013 Eagan Opinion: Ruled Constitutional and lawful. "The record before this Court thus demonstrates that the factual basis for applying the re-enactment doctrine and presuming that in 2011 Congress intended to ratify Section 215 as applied by this Court is well supported.... As discussed above, because there is no cognizable Fourth Amendment interest in a telephone company's metadata that it holds in the course of its business, the Court finds that there is no Constitutional impediment to the requested production. Finding no Constitutional issue, the Court directs its attention to the statute. The Court concludes that there are facts showing reasonable grounds to believe that the records sought are relevant to authorized investigations. This conclusion is supported not only by the plain text and structure of Section 215, but also by the statutory modifications and framework instituted by Congress. Furthermore, the Court finds that this result is strongly supported, if not required, by the doctrine of legislative reenactment or ratification. The production of all call detail records of all persons in the United States has never occurred under this program."

    • 702

      Each year, Sec. 702 is ruled Constitutional and lawful by the FISC, since 2008. Below are other Federal Courts concluding the same.

      US v. Muhtorov (2021): "In the course of surveilling a non-United States person located abroad under Section 702, the government incidentally collected Mr. Muhtorov’s communications. We conclude no warrant was required for (a) the Section 702 surveillance of the foreign target and (b) the incidental collection of Mr. Muhtorov’s communications."

      Wikimedia Foundation v. NSA (2021): Upholds Wikimedia v. NSA (2019) ruling, state secrets pervents further litigation, and other allegations have no basis. "Wikimedia had alleged that “as a technical matter, the government cannot know beforehand which communications will contain selectors associated with its targets, and therefore it must copy and review all international text-based communications transiting a circuit in order to identify those of interest.” To undermine that claim, the government offered the declarations of Henning Schulzrinne, an expert in internet technology. Schulzrinne wasn’t privy to any classified or other non-public information about how the NSA actually operates Upstream surveillance, so he instead opined that the NSA could “in theory” use a technique called traffic mirroring to conduct Upstream-style surveillance without copying Wikimedia’s communications. According to Schulzrinne, traffic mirroring requires installing a link (i.e., a fiber-optic cable) between the surveilling entity’s equipment and a mirror port on the router or switch directing Internet traffic at the target location. The router or switch is then configured to copy traffic from one link to another without interrupting the original. It can also be programmed to whitelist or blacklist certain IP addresses, thereby filtering the data before copying it. Whitelisting involves copying only communications from specific IP addresses, while blacklisting involves copying everything except communications from specific IP addresses."

      Jewel v. NSA (2021): Upholds Jewel v. NSA (2019). It should be noted that conspiracy theorists allege that the NSA deliberately deleted files in litigation of this case. However, declassified Court records confirm it didn't impact litigation, and NSA did manage to recover the relevant metadata and content, should it have been needed.1

      Schuchardt v POTUS (2020): Upholds Schuchardt (2019). Confirms Binney and Wiebe have 0 expertise, and no personal knowledge on how 702's programs work. Rules 702's PRISM not a dragnet program.

      Wikimedia Foundation v. NSA (2019): "The summary judgement record does not establish that the NSA has copied or collected any of Wikimedia's communications via Upstream surveillance conducted on an NSA-monitored circuit... Wikimedia has been unable to make this showing because it is not true, as a technological necessity, that the NSA must be copying every text-based communication that transverses a circuit that the NSA monitors. Indeed, Dr. Schulzrinne has convincingly demonstrated that there are technologically feasible methods by which the NSA could hypothetically operate Upstream surveillance that would result in the NSA not copying or collecting any of Wikimedia's communications."

      US v. Hasbajrami (2019): "PRISM, therefore, collects only the emails a given user sends from his or her account, and the e-mails he or she receives from others through that account.”

      "The incidental collection" of communications (that is, the collection of the communications of individuals in the United States acquired in the course of the surveillance of individuals without ties to the United States and located abroad) is permissible under the Fourth Amendment. We therefore conclude, in agreement with the district court, that, at least insofar as the record available to the district court is concerned, the vast majority of the evidence detailed in the record was lawfully collected."

      Jewel v. NSA (2019): "Plaintiffs rely in large part on the declarations of Mark Klein and James W. Russell and their proffered experts, as well as an additional former AT&T employee to present the relevant operational details of the surveillance program. Just as they had before when contesting the violation of their Fourth Amendment rights, Plaintiffs assert that these declarations support the contention that customers’ communications were the subject of a dragnet seizure and search program, controlled by or at the direction of the Defendants. Having reviewed the factual record in its entirety, the Court finds the Plaintiffs’ evidence does not support this claim. Plaintiffs again rely on the declaration of Klein, a former AT&T technician who executed a declaration in 2006 about his observations involving the creation of a secure room at the AT&T facility at Folsom Street in San Francisco. However, the Court confirms its earlier finding that Klein cannot establish the content, function, or purpose of the secure room at the AT&T site based on his own independent knowledge. The limited knowledge that Klein does possess firsthand does not support Plaintiffs’ contention about the actual operation of the data collection process or the alleged agency role of AT&T. Klein can only speculate about what data were actually processed and by whom in the secure room and how and for what purpose, as he was never involved in its operation. Lastly, the documents attached to Klein’s declaration are not excepted from the hearsay objection on the basis that they are admissible business records. The timing of the creation of these attachments indicate that they were not simultaneous records of acts or events that were occurring at or around the time of the documents’ creation."

      Schuchardt v Trump (2019): "Defendants have shown, by a preponderance of the evidence, that the government did not engage in dragnet-type collection activity... in light of the record now before the Court, PRISM has not been shown to be the dragnet-type collection mechanism suggested. There really is not much more to be said."

      US v. Mohamud (2016): "In sum, even assuming Mohamud had a Fourth Amendment right in the incidentally collected communications, the search was reasonable. Thus, we hold that the application of § 702 did not violate the Fourth Amendment under the particular facts of this case."

      US v. Hasbajrami (2016): "The incidental collection of Hasbajrami's communications with non-U.S persons abroad-lawfully targeted under Section 702—did not require a warrant and was reasonable in light of the Fourth Amendment's protections. For that reason, Hasbajrami's motion to suppress the evidence obtained from the Section 702 surveillance, a long with its fruits, was denied. Further, I find that the government lawfully acquired the traditional FISA information, because it was obtained based upon probable cause and in compliance with the statute's requirements."

      US v. Mohamud (2014): "The government contends once I perform an in camera, ex parte review of the relevant classified materials, I will conclude the § 702 acquisition was lawfully authorized and conducted. I made a careful de novo, ex parte review of the § 702 applications and conclude the certification required by 50 U.S.C. § 1881a(g)(2)(A) was in place. I also find that the government agents followed appropriate targeting and minimization procedures. Thus, I conclude the § 702 surveillance at issue here was lawfully conducted."

      "Subsequent querying of a § 702 collection, even if U.S. person identifiers are used, is not a separate search and does not make § 702 surveillance unreasonable under the Fourth Amendment."

      "Section 702 has numerous safeguards built into the statute. Most importantly, § 702 is aimed at acquiring foreign intelligence information in electronic communications from non-U.S. persons located outside the United States. There are additional limitations, including that the statute cannot “intentionally target a person reasonably believed to be located outside the United States if the purpose of such acquisition is to target a particular, known person reasonably believed to be in the United States[.]” 50 U.S.C. § 1881a(b)(2). Minimization procedures protect the privacy of U.S. persons whose communications are incidentally acquired."

      Jewel v. NSA (2015): "In addition, without disclosing any of the classified content of the Government Defendants’ submissions, the Court can confirm that the Plaintiffs’ version of the significant operational details of the Upstream collection process is substantially inaccurate."

  • Other notable cases

    • James Cromitie In 2013, a Federal Appeals Court upheld the conviction on James Cromitie, a man who desired to strike terror on American soil. He claimed his convictions were invalid because he was entrapped by the FBI and that the FBI engaged in outrageous conduct. However, the 2013 ruling determined neither to have been the case. James was the first to raise the idea of bombing synagogues. "as with all sting operations, government creation of the opportunity to commit an offense, even to the point of supplying defendants with materials essential to commit crimes, does not exceed due process limits. Once the FBI learned that Cromitie, in his very first encounter with Hussain, had expressed a desire to 'do something to America' and had given an ominous meaning to this statement by saying he wanted to die like a martyr, the FBI agents would have been derelict in their duties if they did not test how far Cromitie would go to carry out his desires. Determining whether Cromitie would go so far as to launch missiles at military aircraft was not outrageous government conduct."[1]

    • Brandon Mayfield Political pundits claim that the Patriot Act was used to wrongfully target and arrest Brandon Mayfield, in May, 2004, in connection to the terrorist attack in Madrid—allegedly because he was a Muslim, that he was racially profiled. However, the independent DOJ Inspector General investigation found that 1. No Patriot Act authority was used, 2. The unique circumstances of Brandon Mayfield's fingerprints closely match those of the bomber, 3. Investigators did not know of his religion until during the investigation. In sum, the OIG concluded "contrary to some public speculation, the Patriot Act amendments to FISA did not affect the government's decision to seek FISA authority in the Mayfield case and did not affect the scope of information the government collected about Mayfield pursuant to the FISA surveillance and searches. We also found that the FBI did not use certain provisions of the Patriot Act in the Mayfield case, such as those relating to delayed notification searches. Moreover, the evidence indicated that, even prior to the Patriot Act, the FBI would likely have sought and been able to obtain identical FISA authorization for the searches and surveillance of Mayfield that it conducted. The OIG concluded that Mayfield's religion was not the sole or primary cause of the FBI's failure to question the original misidentification and catch its error. The primary factors Were the similarity of the prints and the Laboratory's overconfidence in the superiority of its examiners."[2]

    • In 2016, Apple launched a PR stunt against a lawful Court order to aid the FBI to gain access to the Farook's Iphone, that belonged to the workplace and was not Farook's personal device. DOJ's motion to compel said that, "the Order is tailored for and limited to this particular phone. And the Order will facilitate only the FBI’s efforts to search the phone; it does not require Apple to conduct the search or access any content on the phone. Nor is compliance with the Order a threat to other users of Apple products. Apple may maintain custody of the software, destroy it after its purpose under the Order has been served, refuse to disseminate it outside of Apple, and make clear to the world that it does not apply to other devices or users without lawful court orders. As such, compliance with the Order presents no danger for any other phone." The notion that this assistance would "weaken encryption", or that this would compel Apple into making a "back-dooor" is without merit. As is demonstrated by the simple fact that an outside company was able to assist the FBI in gaining access, by using various exploits that did not impact encryption.[1] [2] [3]

    • The Curtis Culwell Center attack was a failed terrorist attack on an exhibit featuring cartoon images of Muhammad at the Curtis Culwell Center in Garland, Texas on May 3, 2015. Political pundits have claimed that undercover FBI agent encouraged Elton Simpson to commit the attacks. However, as in all cases of this nature, the FBI didn't initiate the plans or desire. Indeed, Simpson et al had evidence of terrorism links dating back to the mid 2000s. Conspiracy theorists try to quote-mine the text, "tear up Texas" as evidence of FBI "goading". However, in context, Simpson was already of this mindset by stating, "that goes without saying." The Courts have ruled, that FBI's activities here were proper, abiding by the Constitution, laws, and various governing regulations. [1]

    • Conspiracy theorists allege that the FBI "created" a terrorist, by the name of Sami Osmakac. However, in 2017, a Federal Court of Appeals smacked down this hoax, "We recognize Osmakac argues that, since he raised a serious entrapment issue, the strength-of-the-evidence factor weighs in favor of a finding of prejudice. But the government’s thorough detailing of the evidence shows that there was substantial evidence of Osmakac’s guilt, including substantial evidence of his propensity to commit a crime of this nature well before he met the CS in 40 September 2011. Osmakac provides nothing to contradict the trial record, which showed that he, not the undercover agent, initiated and greatly escalated the planned terrorist attack by asking for weapons of mass destruction."[1]

    • Contrary to conspiracy theorist reporting, Eric McDavid was not "entrapped" by the FBI. Federal Courts and a Grand Jury threw out this nonsensical claim. There is some complexity in the case from 2015, and his release—so I'll quote extensively from the Court record to correct the myths: "McDavid and two co-defendants were charged with conspiring, between June 2005 and January 13, 2006, to destroy by fire or explosives one or more targets in the Sacramento area, including the United States Forest Service Institute of Forest Genetics, the Nimbus Dam, and local cellular telephone towers, in violation of 18 U.S.C. § 844(n). McDavid’s two co-defendants pled guilty, cooperated with the United States, and testified against McDavid at trial. After a 10-day trial, the jury rejected McDavid’s entrapment defense and convicted McDavid of the crimes charged in the Indictment. The Court sentenced McDavid to 235 months in custody, and the Ninth Circuit affirmed McDavid’s conviction and sentence. United States v. McDavid, 396 Fed. Appx. 365 (9th Cir. 2010), cert. denied, 131 S.Ct. 2469 (May 16, 2011)." After his conviction and appeal loss—he filed a FOIA request.

      May 15, 2012, McDavid filed that the Government, among other things, failed "to disclose during discovery in the underlying criminal prosecution all favorable evidence material to guilt or punishment, as required under Bady v. Maryland. On or about November 6, 2014, the United States disclosed to McDavid approximately eleven documents comprised of correspondence between McDavid and a government informant who testified at McDavid’s trial, which were not disclosed during the criminal proceedings that preceded his § 2255 action (the “First Disclosure”). The correspondence delivered by the government to McDavid in the First Disclosure was not produced pursuant to McDavid’s post-convictions FOIA requests." On or about December 12, 2014, the United States disclosed to McDavid un-redacted copies of the Miami Reports (the “Second Disclosure”). Later in December 2014, the United States voluntarily agreed to disclose to McDavid un-redacted copies of certain of the remaining FOIA Documents but only after a review of those documents for sensitive information that required redaction (the “Proposed Third Disclosure”). As with the documents in the Second Disclosure, the United States had already specifically addressed the documents in the Proposed Third Disclosure in its written opposition to McDavid’s § 2255 petition, in the Walker Declaration. The United States argued that all of the FOIA Documents were either properly withheld in discovery or, alternatively, were not exculpatory or material under Brady. On or about December 15, 2014, the parties appeared before Judge Brennan and presented the outline of a proposed settlement of McDavid’s § 2255 claims.

      Beginning at least as early as November 2014, the parties acknowledged their disagreements about the merits of McDavid’s arguments but engaged in negotiations toward a comprehensive and final settlement of his claims. The United States took the position that McDavid’s § 2255 claims, including his Brady claims relating to all of the FOIA Documents, were without merit. However, the United States took a different position with respect to the eleven documents of correspondence between McDavid and the informant, which it produced in the First Disclosure. With respect to those eleven documents only, the United States concluded that this Court or a reviewing court might find its inadvertent failure to disclose those eleven documents was sufficient to justify relief under Brady. McDavid agreed. Therefore, to avoid the expense and risks of further litigation, to advance the interests of justice, and to conclude McDavid’s § 2255 action and the underlying prosecution in every respect, the parties jointly agreed to enter into a Final Settlement Agreement compromising and settling McDavid’s disputed § 2255 claims.

      After a hearing on January 8, 2015 (the “January Hearing”), the Court accepted the parties’ stipulations and agreed to enter the relief described in the Final Settlement Agreement. See Reporters Transcript of January 8, 2015 Hearing at 1-42, attached hereto as Government’s Exhibit 2 (“Govt. Ex. 2”). Specifically, the Court: (i) accepted McDavid’s waiver of indictment and plea of guilty, pursuant to a written plea agreement, to a Superseding Information that charged him with conspiracy to destroy by fire or explosives one or more targets in the Sacramento area, contrary to 18 U.S.C. §§ 844(f) and (i), in violation of 18 U.S.C. § 3714; (ii) held an immediate sentencing hearing, relied on the Pre-Sentence Investigation Report filed by the United States Probation Office for the Eastern District of California on February 21, 2008, and sentenced McDavid to time already served in custody and a two-year period of Supervised Release; (iii) granted McDavid’s motion under 28 U.S.C. § 2255 to the extent stipulated by the parties in the Final Settlement Agreement, and vacated McDavid’s conviction and sentence as finalized by the Judgment and Commitment entered by the Court on May 19, 2008, in the underlying criminal prosecution. Thereafter, the Court ordered the relief recommended by the parties in the Final Settlement Agreement and filed that Agreement. After the hearing, the Court executed and filed a new Judgment and Commitment memorializing McDavid’s new conviction and sentence, and McDavid was released from custody. McDavid served approximately 108 months in custody."

      Eric subsequently requested the Court, an Order to Show Cause. However, the Court shut this down in the final ruling on the matter: "Moreover, this Court exercised its inherent power to ask the Government 'how and why' documents were withheld when it thoroughly and painstakingly questioned the United States at the January 8, 2015, hearing regarding the very issues Defendant’s current counsel raises now. The Court is satisfied that the failure to turn over documents in this case was inadvertent, an anomaly, and an incident not likely to be repeated. No further action by this Court is required."[1] [2] [3]

  • USA Freedom Act

    The USA Freedom Act ended the bulk collection of telephony metadata and replaced it with a new procedure under which NSA sent queries to the telephone companies and received from them the responsive information. Details aside, the Act therefore changed both of the distinguishing features of the prior program. First, NSA would no longer ingest and store all of the CDRs, but only the responsive one-hop and two-hop records it received from the telephone companies in response to queries. Second, as part of this approach, the contact chaining necessary to determine the one-hop and two-hop numbers for a query would be done by the telephone companies, not by NSA. Contact chaining had to be done by the telephone companies, of course, because NSA no longer had the full set of CDRs. This was the key privacy-enhancing feature of the USA Freedom Act—it radically reduced the raw amount of metadata held by the government.

    Indeed, under the Freedom Act no single entity possessed all of the records, as each telephone company retained only its own CDRs, mainly concerning its own subscribers. This required a more complex, iterative querying process to capture cases in which one company’s subscriber called another’s. It also likely cost millions of dollars in the form of reimbursements to the telephone companies as compared to what NSA would have spent to do the work itself.[1]

    To illustrate the process, assume an NSA intelligence analyst identifies or learns that phone number (202) 555-1234 is being used by a suspected international terrorist. This is the “specific selection term” or “selector” [seed] that will be submitted to the FISC (or the Attorney General in an emergency) for approval using the RAS [reasonable articulable suspicion] standard. Also assume that, through NSA’s examination of metadata produced by the provider(s) or in NSA’s possession as a result of the Agency’s otherwise lawfully permitted signals intelligence activities (e.g., activities conducted pursuant to Section 1.7(c)(1) of Executive Order 12333, as amended), NSA determines that the suspected terrorist has used a 202 area code phone number to call (301) 555-4321. The phone number with the 301 area code is a “first-hop” result. In turn, assume that further analysis or production from the provider(s) reveals (301) 555-4321 was used to call (410) 555-5678. The number with the 410 area code is a “second-hop” result.

    Once the one-hop results are retrieved from the NSA’s internal holdings, the list of FISC-approved specific selection terms, along with NSA’s internal one-hop results, are submitted to the provider(s). The provider(s) respond to the request based on the data within their holdings with CDRs that contain FISC-approved specific selection terms or the one-hop selection term. One-hop returns from providers are placed in NSA’s holdings and become part of subsequent query requests, which are executed on a periodic basis.[2]

    People claimed that the new authority still allowed the Government to collect millions of records, by citing the first ODNI statistics report, which pinned the number at 151 million. However, as noted by Caroline Lynch then-Chief Counsel to Congressional Committees and Lara Flint who served as Chief Counsel for National Security to the Senate Judiciary Committee noted in 2917, "But that number, 151 million, may be misleadingly large. As the report explains, the government counts every instance in which two telephone numbers are in contact with each other as a separate CDR. So if a targeted selector is in repeated contact with another telephone number, each instance is counted separately. Also, the report states that “the government counts each record separately even if the government receives the same record multiple times (whether from one provider or multiple providers). Additionally, this metric includes duplicates of unique identifiers—i.e., because the government lacks the technical ability to isolate unique identifiers, the statistic counts the number of records even if unique identifiers are repeated."[3]

  • Effectiveness

    "One prime example of how an analyst leveraged several of these collection authorities to close crucial knowledge gaps on a target occurred in Fall 2009, when a CT analyst pieced together information obtained from E.O. 12333, FAA 702, and BR FISA authorities to reveal a terrorist plot on the New York subway system, which was subsequently disrupted by the FBI."[1]

    By no means is this a comprehensive list of declassified or leaked success cases.

    • Bulk BR

      • leaked

        Mu'ammar Qhadafi's assassination plot against the Saudi Crown Prince was thwarted in part due to BMD. "using many new intelligence techniques perfected after 9/11/01 with the help of the Patriot Act... the Counterterrorism Product Line (S2I) was able to provide significant metadata links to many (if not all) of the individuals implicated in the case[2]

      • Declassified

        • In BR dkt 09-09 Mueller's affidavit to support the application details the value of Bulk BR: "In a 3 year period, 2006-2008 bulk BR tips played a role, in whole or in part on: 27 full investigations, 31 intelligence information reports (IIRs) issued to foreign governments, and 46 IIRs issued to other government agencies. During the 27 full investigations, bulk BR tips helped the FBI found known and unknown members within the US. The information NSA has tipped to the FBI has also permitted FBI to acquire additional information about such individuals and their activities, including criminal activities in support of international terrorism." Four full investigation examples were provided, and confirms previously closed investigations were re-opened based upon tips, leading to additional information.

          "The FBI has also received BR FISA metadata tippers regarding domestic telephone numbers in which the FBI had little or no prior investigative interest at the time the tipper was received. In those instances, the FBI opened either a preliminary or a full investigation of the user of the domestic telephone number.

          In an even more recent example, on 2 June 2009 NSA received a request for information from the FBI pertaining to leads associated with identified terrorist groups. NSA conducted initial research on the identifiers provided by the FBI in EO 12333 metadata and subsequently sought approval from the FISC to query the identifiers against BR FISA metadata. [large redaction] Without the BR FISA metadata, a significant number of those leads would have remained undiscovered and NSA's ability to evaluate [redacted] US contacts would have been degraded."[3]

        • Najibullah Zazi. The 2009 NYC subway case. The Intelligence Community assesses that Najibullah Zazi—in consultation with or under the guidance of a Pakistan-based al Qa’ida associate—was conspiring to use Improvised Explosive Devices in the United States. BR FISA metadata played an important role in helping the IC understand more fully the range of Zazi’s connections.

          On September 6, 2009, using authorities under the FISA Amendments Act (FAA), NSA intercepted a coded email discussion between an al Qa’ida-associated email account previously accessed in Pakistan and an unknown account. NSA analysts quickly determined that the unknown account might be located in the United States and conveyed this information to the FBI in order that the FBI could obtain FISA coverage of the suspected US-based account. Through the FBI-obtained FISA, it was determined that the user of the account and an associated telephone number was Najibullah Zazi. Further investigation revealed Zazi’s presence in Colorado. The FBI passed Zazi’s mobile telephone number to NSA on the evening of 9-10 September.

          Shortly after receipt of Zazi’s telephone number from FBI—and at approximately the same time that Zazi had obtained a one-way car rental from Colorado to New York City and had begun driving to New York—NSA issued a Business Records FISA metadata report on domestic and foreign contacts of that telephone. Among those contacts identified was a phone later confirmed as belonging to a key Zazi associate Adis Medunjanin. This was the FBI’s first intelligence information about Medunjanin’s telephone number and the contact corroborated other early information about Medunjanin’s relationship with Zazi. It also magnified concerns about that relationship because, in that same report, NSA contextualized the Medunjanin phone as being in direct contact with three telephones (two domestic and one foreign) used by another extremist currently targeted in a priority FBI CT investigation. This detail, available only at the “second hop”2 and only visible due to the blending of BR FISA and SIGINT data, quickly identified the Medunjanin number as a priority lead for the FBI. The detectionand alert of the Medunjanin connection was achieved through the agility of the BR FISA program. It provided timely, key information that was unavailable through any other sources and significantly accelerated and focused the investigation."[4]

        • Ouazzani. In January 2009, while monitoring an extremist in Yemen with ties to al-Qaeda, the NSA discovered a connection with Khalid Oazzani (Ouazzani) in Kansas City. NSA immediately notified the FBI, which discovered a nascent plot to attack the New York Stock Exchange. Using a section 215 order, NSA queried telephony metadata to identify potential connections. Three defendants were convicted of terrorism offenses.

        • David Headley. In October 2009, while monitoring an al-Qaeda affiliated terrorist, the NSA discovered that David Headley was working on a plot to bomb a Danish newspaper office that had published cartoons depicting the Prophet Mohammed. He later confessed to personally conducting surveillance of the Danish newspaper :office. He was also charged with supporting terrorism based on his involvement in the planning and reconnaissance for the 2008 hotel attack in Mumbai. Information obtained through section 215 orders was utilized in tandem with the FBI to establish Headley's foreign ties and put them in context with U.S. based planning efforts.[5]

        • Moalin et al. The NSA program determined that “a number in San Diego was in indirect contact with an Al-Shabaab . . . Al Qaida East Africa member in Somalia”). It would later be determined that this San Diego-area telephone number was used by defendant Moalin.[6]

    • FAA 702

      • Leaked

        Through PRISM, NSA learns that a foreign government is attempting exfiltration of data of a Cleared Defense Contractor. NSA's NTOC alerts FBI to the imminent threat. FBI helps the CDC prevent and remove the implant, and clean their systems.[7]

      • Declassified

        • Hajji Iman. NSA, along with its IC partners, spent over two years, from 2014 to 2016 looking for Hajji Iman. This search was ultimately successful, primarily because of Section 702. Indeed, based almost exclusively on intelligence activities under Section 702, NSA collected a significant body of foreign intelligence about the activities of Hajji Iman and his associates. Beginning with non-Section 702 collection, NSA learned of an individual closely associated with Hajji Iman. NSA used collection, permitted and authorized under Section 702, to collect intelligence on the close associates of Hajji Iman, which allowed NSA to develop a robust body of knowledge concerning the personal network of Hajji Iman and his close associates. Over a two-year period, using the Section 702 collection, and in close collaboration with IC partners, NSA produced more intelligence on Hajji Iman’s associates, including their location. NSA and its tactical partners then combined this information, the Section 702 collection, which was continuing, and other intelligence assets to identify the reclusive Hajji Iman and track his movements. Ultimately, this collaboration enabled U.S. forces to attempt an apprehension of Hajji Iman and two of his associates. On March 24, 2016, during the attempted apprehension operation, shots were fired at the U.S. forces’ aircraft from Hajji Iman’s location. U.S. forces returned fire, killing Hajji Iman and the other associates at the location. Subsequent Section 702 collection confirmed Hajji Iman’s death.

        • Inside source. Based on Section 702 collection, CIA alerted a foreign partner to the presence within its borders of an al-Qaeda sympathizer. The foreign partner investigated the individual and subsequently recruited him as a source. Since his recruitment, the individual has continued to work with the foreign partner against al-Qaeda and ISIS affiliates within the country.

        • Arms shipments. Section 702 reporting helped thwart efforts of front companies seeking to obtain weapons probably bound for a rebel group in the Middle East that is hostile to U.S. interests. Information derived from Section 702 was shared with a European government which prompted that government to prevent a nearly $1 million shipment of weapons and ammunition. This European government also revoked the export license of multiple arms companies based on the intelligence.[8]

        • Shawn Parson. In October 2013, the FBI started investigating Shawn Parson, a foreign person from Trinidad and Tobago. This was done after he posted comments online expressing his desire to commit an attack against Western interests. In November 2014 Parson traveled from Trinidad and Tobago to Syria and became increasingly vocal online. The FBI’s investigation, including information collected pursuant to 702, revealed that Parson was a trusted member of a prolific ISIS network. Parson was a key player in this network. Information obtained through Section 702 coverage was instrumental in identifying additional members of Parson’s network. The FBI shared this information about Parson’s network with the rest of the Intelligence Community. Sharing Parson’s contacts with international partners was critical as it led to the identification of additional ISIS facilitators and supporters in those countries and it potentially prevented attacks in those countries as well.

        • CIA has used FISA Section 702 collection to uncover details, including a photograph that enabled an African partner to arrest two ISIS-affiliated militants who had traveled from Turkey and were connected to planning a specific and immediate threat against U.S. personnel and interests. Data recovered from the arrest enabled CIA to learn additional information about ISIS and uncovered actionable intelligence on an ISIS facilitation network and ISIS attack planning.

        • Najibullah Zazi. Zazi, again was also thwarted not just be bulk BR, but also 702. NSA FISA Section 702 collection against an email address used by an al-Qaeda courier in Pakistan resulted in the acquisition of a communication sent to that address by an unknown individual located in the United States. The message indicated that the United States-based individual was urgently seeking advice regarding how to make explosives. The NSA passed this information to the FBI. Using a National Security Letter (NSL), the FBI was able to quickly identify the individual as Najibullah Zazi. Further investigation revealed that Zazi and a group of confederates had imminent plans to detonate explosives on subway lines in Manhattan. Zazi and his co-conspirators were arrested and pled guilty or were convicted of their roles in the planned attack.[9]

    • Xkeyscore

      • Leaked

        "Over 300 terrorists captured using intelligence generated from xkeyscore"[10]

    • NSLs

      The first DOJ Inspector General audit examined NSLs between 2003 and 2005.[11] "In our review of 77 counterterrorism and counterintelligence case files and almost 300 national security letters issued in those cases, and in over 100 interviews of Headquarters and field personnel, we developed information about the importance of national security letters in these investigations during calendar years 2003 through 2005.

      While details concerning the FBI's use of national security letters in particular investigations are classified, our examination of investigative files and interviews of case agents and supervisors assigned to counterintelligence and counterterrorism squads revealed that information obtained from ECPA, RFPA, and FCRA national security letters has contributed significantly to many counterterrorism and counterintelligence investigations.

      A select few examples:

      • Counterintelligence case No. 1 A counterintelligence investigation focused on the possible involvement of the subject in exporting sensitive U.S. military technology to a foreign country. Multiple national security letters were issued to obtain information that enabled the FBI to identify the subject's role in exporting these technologies. The FBI shared the NSL-derived information with the Internal Revenue Service, which led to the initiation of a grand jury that returned money laundering charges against the subject. The FBI also shared the NSL-derived information with the Department of Homeland Security and the Department of Commerce Office of Export Enforcement. The FBI's investigation led to guilty pleas for 22 violations of the Arms Export Control Act and brokering the export of sensitive technologies without the required government licensing approval.

      • Counterterrorism case No. 1 Information provided to the FBI from the intelligence community suggested that a high-value detainee who was to be incarcerated at Guantanamo Bay had used an e-mail account. The FBI issued national security letters to obtain e-mail transactional information about the user's e-mail account, which led to additional national security letters seeking telephone toll records and subscriber information on the subject and the subject's friends and associates. Information derived from one of the national security letters established a connection between the subject and the subject of another FBI investigation. The latter individual was later convicted of providing material support to terrorism.

      • Counterterrorism Case No. 2 An FBI field office issued national security letters to ascertain the investigative subject's financial dealings. The information from the national security letters suggested bank fraud activity. A federal grand jury was convened, and grand jury subpoenas were issued to obtain financial records for use in the criminal trial. The investigative subject and his wife were convicted of bank fraud, making false statements, and conspiracy.

      • Counterterrorism Case No. 3 An FBI field division used information from national security letters in an investigation of individuals accused of being members of a Virginia jihad network. Eleven individuals were convicted of one or more charges including providing material support to terrorists and conspiracy.

      2nd DOJ IG audit, 2006:[12]

      • A field office reported that information from national security letters enabled case agents to identify pertinent e-mail addresses, telephone numbers, and bank accounts that were used to support a subject's terrorist activities. The investigators used information derived from the ECPA and RFPA NSLs to identify the extent of a subject's circle of associates and his financial network Case agents stated that information on the subject's financial network was essential in developing the money laundering portion of the case.

      • In 2006, while investigating a plot to conduct terrorist activities, a field office served ECPA and RFPA NSLs to obtain financial telephone subscriber, and telephone toll records for the subject and their associates. Using this information, investigators identified the financial associates of several of the investigation's subjects while ruling out the possibility that a larger terrorist was financing the plot.

      • The FBI is investigating the foreign intelligence activities of a subject involved with a foreign government. An NSL has been served to assist the FBI in investigating a network for procuring illicit dual-use technology for use in a weapons of mass destruction program.

      • In an FBI national security investigation, the FBI has issued NSLs that have helped to identify two FBI assets who were in contact with the subject of the investigation—contacts previously unknown to the FBl. The NSLs identified the subject's e-mail accounts, which in turn led to the issuance of additional NSLs. FBI counterintelligence personnel said that the imposition of the non-disclosure provisions in the NSLs has been critical in keeping the FBI's interest in the subject from coming to the attention of the foreign government involved in the matter.

      3rd DOJ audit, 2007-2008:

      • Finds the same as past reviews, "the use of NSLs during these early investigative steps can provide information that helps the FBI determine whether or not to pursue an investigation further. Alternative tools to obtain the same information either do not exist or are less effective.[13]

      Zazi. The NSA passed 702-acquired information to the FBI. Using a National Security Letter (NSL), the FBI was able to quickly identify the individual as Najibullah Zazi. Further investigation revealed that Zazi and a group of confederates had imminent plans to detonate explosives on subway lines in Manhattan. Zazi and his co-conspirators were arrested and pled guilty or were convicted of their roles in the planned attack.

  • Section 216

    Department field investigators and prosecutors have used section 216 in a number of terrorism and other important criminal cases. Section 216 was used in the investigation of the murder of Wall Street Journal reporter Danny Pearl, to obtain information that proved critical to identifying some of the perpetrators. Section 216 was used in a case where two unknown individuals, using a U.S.-based email account, threatened to kill executives at a company in another country unless they were paid a hefty ransom. The use of a pen register enabled Department investigators to provide the foreign authorities with critical information about the suspects' identities - which led to their prompt apprehension overseas. Investigators also have used section 216 to collect routing information about the Internet communications of (1) terrorist conspirators; (2) at least one major drug distributor; (3) thieves who obtained victims' bank-account information and stole the money; (4) a four-time murderer; and (5) a fugitive who fled on the eve of trial using a fake passport.[14]

  • Freedom Act CDRs

    When Congress passed the USA Freedom Act in 2015, it ended the lawful, Constitutional and successful program of bulk telephony metadata. Instead, if an analyst wanted to examine records related to a number, they had to get RAS determination from the FISC. If approved, the number had to be submitted to various companies, for them to conduct the analysis within their databases and provide the government the results. All advantages of the bulk program, when it operated under Stellarwind then Bulk BR, were lost. NSA determined it was too ineffective so it terminated the program itself. The United States is in a far more vulnerable position now, as it was on September 11, 2001. No one is looking at the seam between foreign and domestic.

    This inferior, neutered program basically turned into a tool to use after an attack had occurred. "NSA typically used the CDR program in response to a terrorist attack or a known terrorist threat. For example, NSA produced intelligence reports that were derived in whole or in part from the USA Freedom Act CDR program in its analysis of the Pulse nightclub shooting in 2016 and the Ohio machete attack in 2016."

    In its 4 year operation, it produced only 15 intelligence reports, FBI received unique information from two of the intelligence reports. Based on one report, FBI vetted an individual, but, after vetting, determined that no further action was warranted. The second report provided unique information about a telephone number, previously known to US authorities, which led to the opening of a foreign intelligence investigation.[15] [16]

  • Stellwarwind

    Keep in mind, Stellarwind merely just transitioned to bulk BR and 702 authorities. Their successes reflect that of Stellarwind.

    • Declassified

      "FBI briefing dated 4 May 2006 stated that STELLARWIND continues to provide timely and carefully vetted intelligence in supporting FBI's investigations in connection with [redacted] operations." The NSA IG report dedicated 7 full pages to redacted examples of FBI investigations and PSP's contributions.[17]

      In May 2007, NSA detailed to the District Court for Northern California, 6 pages of PSP successes[18]