KLAYMAN v. OBAMA et al
Filing
31
REPLY to opposition to motion re 13 MOTION for Preliminary Injunction filed by LARRY E. KLAYMAN, CHARLES STRANGE, MARY ANN STRANGE. (Attachments: # 1 Exhibit 1 - Letter to Senator Grassley, # 2 Exhibit 2 -- Supplemental Affidavit of Larry Klayman, # 3 Exhibit 3 -- NSA Touhy Request, # 4 Text of Proposed Order)(Klayman, Larry)
<![CDATA[
TOP SECRET//COMINT//NOFORN
UNITED STATES GOVERNMENT
Memorandum
OC-034-12
DATE:
3 May 2012
REPLY TO
ATTN OF:
SID Oversight & Compliance
SUBJECT:
(U//FOUO) NSAW SID Intelligence Oversight (IO) Quarterly Report – First Quarter Calendar
Year 2012 (1 January – 31 March 2012) – EXECUTIVE SUMMARY
TO:
SIGINT Director
I.
(U) Overview
(U//FOUO) The attached NSAW SID Intelligence Oversight (IO) Quarterly Report for the First Quarter
Calendar Year 2012 (1 January – 31 March 2012) identifies NSAW SID compliance with E.O. 12333, DoD
Regulation 5240.1-R, NSA/CSS Policy 1-23, USSID SP0018, and all related policies and regulations.
(U//FOUO) Detailed incident narratives are provided in the attached annexes. The number of incidents in
each category and a reference to the annex related to each incident category are contained in the body of the
report.
(U//FOUO) As part of SID Oversight and Compliance’s (SV) charge to provide comprehensive trends and
analysis information as it pertains to incidents of non-compliance, this Executive Summary provides analysis
and evaluation of incidents reported throughout the current quarter to better address the “whys” and “hows”
behind NSAW SID’s compliance posture.
(U//FOUO) Section II, Metrics, has been broken down into several sub-sections: metrics and analysis of
NSAW SID-reported incidents by authority, type, root cause, and organization. Also included is an assessment
of how incidents were discovered (i.e., methods of discovery) for SID-reported incidents (see Figure 7).
(U//FOUO) Significant Incidents of Non-compliance and Report Content follow in Sections III and IV,
respectively.
(S//REL) Overall, the number of incidents reported during 1QCY12 increased by 11% as compared to the
number of incidents reported during 4QCY11. This included a rise in the number of E.O. 12333 incidents, as
well as for incidents across all FISA authorities. The majority of incidents in all authorities were database
query incidents due to human error. Of note, S2 continued to be the NSAW SID organization with the largest
number of reported incidents (89%), although S2 experienced an overall decrease in reported incidents. SV
noted an overall improvement in timeliness regarding 1QCY12 IO Quarterly Report submissions from the SID
elements.
Page 1 of 13
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
II.
(U) Metrics
a. (U//FOUO) NSAW SID-reported Incidents by Authority
(TS//SI//REL TO USA, FVEY) Figures 1a-b compares all categories of NSAW SID-reported incidents
(collection, dissemination, unauthorized access, and retention) by Authority for 2QCY11 – 1QCY12. From
4QCY11 to 1QCY12, there was an overall increase in incidents of 11%. There was also an increase of 11% for
both E.O. 12333 and FISA incidents. The increase in incidents reported for 1QCY12 was due to an increase in
the number of reported Global System for Mobile Communications (GSM) roamer 1 incidents, which may be
attributed to an increase in Chinese travel to visit friends and family for the Chinese Lunar New Year holiday.
(U//FOUO) Figure 1a: Table of the Number of NSAW SID-reported Incidents by Authority
(U//FOUO)
E.O. 12333
FISA
TOTAL
2QCY11
396
150
546
3QCY11
390
198
588
4QCY11
601
176
777
1QCY12
670
195
865
(U//FOUO)
(U//FOUO) Figure 1b: Line Graph of the Number of NSAW SID-reported Incidents by Authority
U//FOUO
800
Number of Incidents
700
600
500
400
E.O. 12333
300
FISA
200
100
0
2QCY11
3QCY11
4QCY11
1QCY12
Quarter
U//FOUO
(TS//SI//NF) FISA Incidents: As reflected in Figures 1a-b, during 1QCY12, NSAW SID reported a total
of 195 FISA incidents, 185 of which were associated with unintentional collection. NSAW SID also reported 6
incidents of unintentional dissemination under FISA authority and 4 incidents of unauthorized access to Raw
1
(U//FOUO) Roaming incidents occur when a selector associated with a valid foreign target becomes active in the U.S.
Page 2 of 13
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
SIGINT FISA data. Figure 2 illustrates the most common root causes for incidents involving FISA authorities
as determined by SV.
•
63% (123) of 1QCY12 FISA incidents can be attributed to Operator Error as the root cause, and
involved:
o Resources ( i.e., inaccurate or insufficient research information and/or workload issues (60);
o Lack of due diligence (i.e., failure to follow standard operating procedures) (39);
o Human error (21) which encompassed:
Broad syntax (i.e., no or insufficient limiters / defeats / parameters) (12);
Typographical error (6);
Query technique understood but not applied (2); and
Incorrect option selected in tool (1); and
o Training and guidance (i.e., training issues) (3).
(U//FOUO) The Resources root cause category accounted for the largest percentage of Operator Error
incidents under FISA authorities for 1QCY12. Analysis identified that these incidents could be reduced if
analysts had more complete and consistent information available about selectors and/or targets at the time of
tasking and if analysts consistently applied rules for conducting queries.
•
37% (72) of 1QCY12 FISA incidents can be attributed to System Error as the root cause, and
involved:
o System limitations (i.e., system lacks the capability to ‘push’ real-time travel data out to
analysts, system/device unable to detect changes in user) (67);
o System engineering (i.e., system/database developed without the appropriate oversight
measures, data flow issues, etc.) (4); and,
o System disruptions (i.e., glitches, bugs, etc.) (1).
(U//FOUO) The System Limitations root cause category accounted for the largest percentage of System
Error incidents under FISA authorities for 1QCY12. The largest number of incidents in the System Limitations
category account for roamers where there was no previous indications of the planned travel. These incidents are
largely unpreventable. Consistent discovery through the Visitor Location Register (VLR) occurs every quarter
and provides analysts with timely information to place selectors into candidate status or detask. Analysis
identified that these incidents could be reduced if analysts removed/detasked selectors more quickly upon
learning that the status of the selector had changed and more regularly monitored target activity. This analysis
indicates that continued research on ways to exploit new technologies and researching the various aspects of
personal communications systems to include GSM, are an important step for NSA analysts to track the travel of
valid foreign targets.
Page 3 of 13
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
(U//FOUO) Figure 2: 1QCY12 FISA Incidents – Root Causes
U//FOUO
11%
Operator | Human Error (21)
20%
Operator | Due Diligence (39)
Operator | Resources (60)
Operator | Training (3)
34%
31%
System | Disruptions (1)
System | Engineering (4)
2%
System | Limitations (67)
2%
U//FOUO
Total: 195
(TS//SI//REL TO USA, FVEY) Delayed Detasking FISA Incidents: As reflected in Figures 1a-b, during
1QCY12, NSAW SID reported a total of 195 FISA incidents. 19 (10%) of the total FISA incidents were
associated with detasking delays. Of the 19 delayed detasking incidents, 12 (63%) of these incidents occurred
under NSA FISA Authority, 5 (27%) occurred under FAA 702 Authority, 1(5%) occurred under FAA 704
Authority, and 1 (5%) occurred under FAA 705(b) Authority. Figure 3a illustrates the detasking delay incidents
versus all other FISA incidents reported during 1QCY12. Figure 3b illustrates the detasking delay incidents by
FISA Authority reported during 1QCY12.
(U//FOUO) Figure 3a: 1QCY12 Detasking FISA
Incidents vs. All other FISA incidents
(U//FOUO) Figure 3b: 1QCY12 FISA Incidents
by Authority – Delayed Detaskings
U//FOUO
U//FOUO
5% 5%
10%
NSA Establishment FISA
(12)
FAA 702 (5)
Delayed Detasking (19)
27%
90%
Other Incidents (176)
63%
FAA 704 (1)
FAA 705(b) (1)
Total: 19
Total: 195
U//FOUO
U//FOUO
Page 4 of 13
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
(TS//SI//REL TO USA, FVEY) As depicted in Figures 3a and 3b, of the 19 delayed detasking FISA
incidents, 15 (79%) resulted from a failure to detask all selectors, 2 (11%) resulted from analyst not detasking
when required, 1 (5%) resulted from partner agency error, and 1 (5%) resulted from all tasking not terminated
(e.g., dual route).
b. NSAW SID-reported Collection Incidents by Sub-Type and Authority
(U//FOUO) Figures 4a-b depicts NSAW SID-reported collection incidents by Authority (E.O. 12333 and
all FISA Authorities), and identifies the primary sub-types for those incidents. An explanation of the more
prominent collection incident sub-types follows the graphs.
(U//FOUO) Figure 4a: NSAW SID-reported Collection Incidents Under E.O. 12333 Authority
U//FOUO 582
600
491
500
2QCY11
3QCY11
4QCY11
1QCY12
400
300 251 262
200
100
4 1 5 1
2 1 3 0
No FISC/AG
Auth
Computer
Network
Exploitation
(CNE)
74 53 70 97
9 6 2 2 18 26 23 22 14 16 7 27 2 4 0 5
0
Roamers
Database
Queries
Task/Detask
Delays/Errors
USP
Transit
Program*
Other
Inadvertent
U//FOUO
(U//FOUO) Figure 4a: During 1QCY12, NSAW SID reported a 39% increase of database query incidents
under E.O. 12333 Authority. Human Error accounted for 74% of E.O.12333 database query incidents.
(TS//SI//REL TO USA, FVEY) International Transit Switch Collection*: International Transit switches,
FAIRVIEW (US-990), STORMBREW (US-983), ORANGEBLOSSOM (US-3251), and SILVERZEPHYR
(US-3273), are Special Source Operations (SSO) programs authorized to collect cable transit traffic passing
through U.S. gateways with both ends of the communication being foreign. When collection occurs with one or
both communicants inside the U.S., this constitutes inadvertent collection. From 4QCY11 to 1QCY12, there was an
increase of transit program incidents submitted from 7 to 27, due to the change in our methodology for reporting and
counting of these types of incidents. (*See Annex G in SID’s 1QCY12 IO Quarterly Report for additional details
regarding these incidents.)
Page 5 of 13
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
(U//FOUO) Figure 4b: NSAW SID-reported Collection Incidents Under
All FISA Authorities
U//FOUO
100
90
80
70
60
50
40
30
20
10
0
2QCY11
81
87
3QCY11
4QCY11
1QCY12
95
69
55
49
54
36
18
1
Roamers
0
0
0
No FISC/AG
Auth
2
0
0
0
Computer
Network
Exploitation
(CNE)
7
7
5
Database Queries
5
12
18
Task/Detask
Delays/Errors
19
17
0
2
1
USP
Other Inadvertent
U//FOUO
(U//FOUO) Figure 4b: During 1QCY12, NSAW SID reported an increase of 9% of roamer incidents under
all FISA Authorities. There was also a 260% increase in database query FISA Authority incidents during
1QCY12. Human Error accounted for the majority of all FISA Authorities database query incidents (74%).
(U//FOUO) Roamers: Roaming incidents occur when valid foreign target selector(s) are active in the U.S.
Roamer incidents continue to constitute the largest category of collection incidents across E.O. 12333 and FAA
authorities. Roamer incidents are largely unpreventable, even with good target awareness and traffic review,
since target travel activities are often unannounced and not easily predicted.
(S//SI//NF) Other Inadvertent Collection: Other inadvertent collection incidents account for situations
where targets were believed to be foreign but who later turn out to be U.S. persons and other incidents that do
not fit into the previously identified categories.
(TS//SI//REL TO USA, FVEY) Database Queries: During 1QCY12, NSAW SID reported a total of 115
database query incidents across all Authorities, representing a 53% increase from 4QCY11. E.O. 12333
Authority database query incidents accounted for 84% (97) of the total, and all FISA Authorities database query
incidents accounted for 16% (18).
(U//FOUO) Figure 5 illustrates the most common root causes for incidents involving database queries as
determined by SV.
•
99% (114) of the 1QCY12 database query incidents are attributed to Operator Error as the root
cause, and involved:
o Human error (85) which encompassed:
Broad syntax (i.e., no or insufficient limiters / defeats / parameters) (55);
Typographical error (17);
Boolean operator error (6);
Query technique understood but not applied (4);
Not familiar enough with the tool used for query (2); and
Page 6 of 13
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
Incorrect option selected in tool (1)
o Lack of due diligence (i.e., failure to follow standard operating procedure) (13)
o Training and guidance (i.e., training issues) (9); and
o Resources (i.e., inaccurate or insufficient research information and/or workload issues) (7).
(U//FOUO) The remaining 1 database query incident can be attributed to System Error as the root cause
and occurred due to a mechanical error with the tool.
(U//FOUO) Analysis identified that the number of database query incidents could be reduced if analysts
more consistently applied rules/standard operating procedures (SOPs) for conducting queries.
(S//SI//NF) Auditors continue to play an important role in the discovery of database query incidents,
identifying 70 (61%) of the 115 reported database query incidents.
(U//FOUO) Figure 5: 1QCY12 Database Query Incidents – Root Causes
1%
8%
6%
Operator | Human Error
(85)
Operator | Due Diligence (13)
11%
Operator | Resources
Operator | Training
74%
(7)
(9)
System | Disruptions
(1)
Total: 115
(TS//SI//REL TO USA, FVEY) Of the 115 database query incidents reported for 1QCY12, Figure 6 identifies
the database involved and the associated percentage of the total. Databases considered to be Source Systems of
Record (SSR) have been labeled as such.
(TS//SI//REL TO USA, FVEY) Note that the total number of databases involved in the database query
incidents in Figure 6 does not equal the number of database query incidents reflected in Figure 5 or in the
1QCY12 SID IO Quarterly Report because a database query incident may occur in more than one database.
Page 7 of 13
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
(U//FOUO) Figure 6: 1QCY11 Database Query Incidents – Database(s) Involved
U//FOUO
CLOUD/ABR
DISHFIRE
FASTSCOPE
MARINA (SSR)
OCTAVE
PINWALE (SSR)
SIGINT NAVIGATOR
TRACFIN
TRANSX
TUNINGFORK
UTT
XKEYSCORE
Unknown
1%
7%
20%
1%
13%
1%
3%
2%
2%
1%
20%
28%
1%
Total: 119
(8)
(16)
(1)
(24)
(1)
(34)
(1)
(2)
(2)
(4)
(1)
(24)
(1)
U//FOUO
(U//FOUO) NSAW SID-reported Incidents – Method of Discovery
(U//FOUO) Figure 7 depicts the most prominent method(s) of discovery for incidents reported by NSAW
SID elements for 1QCY12. As SV’s assessment of root causes matures, and as corrective measures are
implemented, identification of how incidents are discovered will provide additional insight into the
effectiveness of those methods.
(U//FOUO) Figure 7: 1QCY12 Incidents – How Discovered
U//FOUO
553
600
500
400
300
200
100
83
0
36
77
7
1
6
12
10
67
5
3
2
3
0
Total: 865
U//FOUO
Page 8 of 13
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
(U//FOUO) For 1QCY12, of the 865 reported incidents, 553 (64%) were discovered by automated alert.
444, (80%) of the 553 incidents that were discovered by automated alert occurred via the VLR and other
analytic tools, such as SPYDER, CHALKFUN, and TransX.
c. (U//FOUO) NSAW SID-reported Incidents by Organization
(U//FOUO) Figure 8 illustrates the total 1QCY12 NSAW SID-reported incidents by primary SID Deputy
Directorate (DD) level organization. S2, having the largest NSAW SID contingent of reported incidents,
accounted for 89% of the total incidents for the quarter, a proportion consistent with the overall size of the S2
organization. As compared to 4QCY11, S2 experienced an overall 8% reduction in incidents occurrences.
(U//FOUO) Figure 8: 1QCY12 Incidents by NSAW SID Organization
U//FOUO
2%
2%
7%
S1
1
S2 772
S3 56
F74 MOC 4
SSG 14
ST
89%
1
2nd Party /Various 17
Total: 865
U//FOUO
(U//FOUO) Figure 9 provides a look into S2 (by Product Line) as the NSAW SID organization with the
largest number of reported incidents. For 1QCY12, three Product Lines accounted for 72% of S2’s reported
incidents. These Product Lines were: the and Korea Division (S2B) with 28% of the reported incidents, the
International Security Issues Division (S2C) with 23% of the reported incidents, and the China, and the Office
of Middle East & Africa (S2E) with 21% of the incidents. As compared to 4QCY11, this resulted in an increase
of 16% for S2B, a reduction of 35% for S2C, and an increase of 9% for S2E. The number of incidents reported
by the remaining seven Product Lines held relatively steady from 4QCY11 to 1QCY12.
Page 9 of 13
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
(U//FOUO) Figure 9: 1QCY12 S2 Incidents by Product Line
(U//FOUO)
4%
S2A
S2G
29
60
S2J
Total: 772
25
S2H
23%
17
S2I
8%
159
S2F
21%
61
S2E
28%
174
S2D
8%
2%
213
S2C
3%
32
S2B
4%
2
(U//FOUO)
(U//FOUO) Figures 10a-b illustrates the operator related (Figure 10a) and system related (Figure 10b)
root causes associated with the 772 incidents reported by S2. 30% of the incidents were due to operator related
errors that resulted in an incident. 70% of the incidents were due to system related issues that resulted in an
incident.
(U//FOUO) Figure 10a: 1QCY12 S2 Incidents – Operator Related Root Causes
(U//FOUO)
4%
1%
Human Error 71
Information Resources 80
31%
30%
29%
Lack of Due Diligence 68
70%
35%
Personnel Resources 2
Training&Guidance 9
Total: 230
(U//FOUO)
(U//FOUO) 30% of the S2-reported incidents during 1QCY12 are attributed to Operator Error as the root
cause, and involved:
•
Resources (i.e., inaccurate or insufficient research information and/or workload issues, and
personnel resource issues) (82);
Page 10 of 13
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
•
•
•
Human error (i.e., selector mistypes, incorrect realm, or improper query) (71);
Lack of due diligence (i.e., failure to follow standard operating procedures) (68); and
Training and guidance (i.e., training issues) (9).
(U//FOUO) Analysis found that analysts could reduce the number of incidents if there was more
comprehensive research information available at the time of tasking as well as through better use of defeats,
more careful review of data entry to avoid typographical errors and omissions, and by following SOPs more
consistently.
(U//FOUO) Figure 10b: 1QCY12 S2 Incidents – System Related Root Causes
(U//FOUO)
< 1%
System Engineering 1
System Limitations 541
30%
70%
99%
Total: 542
(U//FOUO)
(U//FOUO) 70% of the S2-reported incidents during 1QCY12 are attributed to system issues as the root
cause, and involved:
• System limitations (i.e., system lacks the capability to ‘push’ real-time travel data out to analysts,
system/device unable to detect changes in user) (541); and
• System engineering (i.e., data tagging, configuration, design flaws, etc.) (1).
(TS//SI//REL TO USA, FVEY) System Limitations, the largest percentage of System Error root cause, can
be attributed to situations where a valid foreign target is found roaming in the United States without indication
in raw traffic.
III.
(U) Significant Incidents of Non-compliance
(TS//SI//NF) Business Record (BR) FISA. As of 16 February 2012, NSA determined that approximately
3,032 files containing call detail records potentially collected pursuant to prior BR Orders were retained on a
server and been collected more than five years ago in violation of the 5-year retention period established for
BR collection. Specifically, these files were retained on a server used by technical personnel working with
the Business Records metadata to maintain documentation of provider feed data formats and performed
background analysis to document why certain contain chaining rules were created. In addition to the BR
Page 11 of 13
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
work, this server also contains information related to the STELLAR WIND program and files which do not
appear to be related to e ither of these programs. NSA bases its determination that these files may be in
violation of docket number BR 11-191 because of the type of information contained in the files (i.e., call
detail records), the access to the server by technical personnel who worked with the BR metadata, and the
listed "creation date" for the files. It is possible that these fi les contain STELLARWIND data, despite the
creation date. T he STELL ARWIND data could have been copied to this server, and that process could have
changed the creation date to a timeframe that appears to indicate that they may contain BR metadata.
Additional details regarding this incident can be found in the "Bulk Metadata FISA" Annex, ANNEX R
(Item Rl ) in SID's 1QCY12 10 Qua1terly Report.
(S//SI//REL TO USA, FVEY) Detasking De lay. Four sel
ned active after multiple
2012, a South Asia Language
indications were received that the target he ld a U.S.
Analysis Branch (S2A51) senior linguist was
selectors for OCfAVE
migration when it was discovered that the tasking record
that there were four selectors
that were in active status even though his tasking file indicated he held a U.S. g reen card as of03
October 20 I I. On 09 March 2012, the S2A51 senior linguist de tasked the four selectors, and on 13 March
2012, the S2A51 senior linguist requested the 881 c uts in
from those four
selectors be purged. On 13 March 2012, a senior
Branch
(S2A52) researched S2A52's locally held file of
that an S2A52 analyst had indications in intercept on 09 September 201
·ght have a U.S.
green card. It was also recorded in the
fi
S2A52 had s ubmitted a request to the
.B., the date of the S2A52 request to DHS was
Department of Homeland Security
not recorded) and learned from DHS on 28 September 2011 that Qw-eshi had obtained a U.S. green card as
ol
10. The
·
Y and discovered that S2A52 had
On 14 March 2012, S2A5 submitted a
con1taiJ the name of
t1ed
Customer Relationships,
Information Sharing Services Branch (S12) approved ISS/BDA-068-12 on 16 March 2012. Serialized
dissemination of U.S. person information did occur. On 13 March 2012, the S2A51 senior linguist who
ad not been detasked reminded the other two me mbers of the
found that these num
Governmental Unified Targe tin g Tool (UTT) Group for S2A5 to check all S2A5 databases for
officials who have U.S. (and Second Pmty person) status before submitting selectors for tasking. Additional
details regarding th is incident can be found in the Unintentional Collection under E.O. 12333 Authority
Annex, "Collection as a Result of Tasking En-ors or De tasking Delays", ANNEX E (Item El) and in the
"Unin tentional Dissemination of U.S. Person Information Collected Under E.O. 12333, FISA, and FAA
Authorities", Annex M (Item M15) in SID's 1QCYI 2 1 Quarterly Report.
0
(C// REL TO USA, FVEY) Unaut horized Access. On 29 December 2011, a Cryptanalysis a nd Exploitation
(CES)/Office of Target Pursuit (S31174) Branch Chief discovered that CES personnel had likely been
inappropriate ly granted access to NSA Establis hment FTSA data. Multiple external factors contributed to this
situation. First, in 2002, RAGTIME was changed to encompass both NSA Establishment FISA a nd FBI FTSA,
but due to insufficient notice regm·ding this modification, CES continued to apply the earlier rule that
RAGTIME applied only to NSA Establishment FISA data. Second, CES relied on the RAGTIME label in
CASPORT for granting access to NSA Establishment FISA data but discovered that CASPORT does not
accurately retlect NSA Establishment FTSA briefing status. Third, CASPORT often lists NSA-FTSA in the
Page 12of 13
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
"Oversight" section even though this has nothing to do with a particular user's access. CES has alerted its
workforce to look in the CASPORT "Briefing" section for the NSA Establishment FISA entry and CEScontrolled software is being updated regarding data access control. Additional details regarding this incident
can be found in the "Unauthorized Access to Raw SIGINT" Annex, ANNEX P (Item P2) in SID's lQCY 1210
Quarterly Report.
(U) Report Content
•
Upcoming Initiatives
(U//FOUO) During CY 12, SV plans to develop 'score cards' to capture and illustrate an organization 's
rep01ted quarterly activities. SV plans to use this information during scheduled feedback sessions with SID
repo1ting organizations to provide a detailed view into specific areas of high interest or concern arising from
analyzing 10 Quarterly Report metrics.
•
NSAW SID 1QCY12 IOQ Report Challenges:
(U//FOUO) SV noted an overall improvement in timeliness regarding l QCY 12 10 Quarterly Repo1t
submissions from the STD elements. SV received late submissions from STGDEV Strategy & Governance
(SSG) and SID/Deputy Directorate for Data Acquisition (S3), delaying SV's preparation of the NSAW SID TO
Quarterly Report. SV will continue to focus on outreach with SSG and S3 in order to ensure more complete
and timely report s ubmissions.
Page 13 of 13
TOP SECRET//COMINT//NOFORN
All redacted
information exempt
under (b)(1) and (b)(3)
except as otherwise
noted.
TOP SECRET//COMINT//NOFORN
('f'8//Sl/flfP) In response to the Government's compliance notice, on
28 January 2009, the Court directed the Government to file a brief and
supporting documentation describing how the compliance and misreporting
incidents occurred so the Court can determine what remedial action, if any, is
warranted. Since the Court was aware that there are similarities between
NSA's processing of telephony metadata and electronic communications
metadata under separate orders, the Court also directed the Goven1ment to
determine whether NSA bas been processing the electronic communications
metadata in accordance with the terms of the Court's orders for this category
of material. As part of this review, the Government concluded that NSA was
processing the electronjc communications metadata in accordance with the
terms of the Court's orders, with one exception. The review identified one
particular process that the Government concluded was not in conformity with
the Court's order. NSA had employed the process in a small number of cases
to approve queries against the electronic communications metadata.
Although the Agency had previously reported the process to the Court
this process, too, has been discontinued.
I
-fS7 NSA and DoJ have already identified a number of steps designed
to improve the Agency's ability to comply with the relevant orders and
implementation of these changes has begun. Also, in addition to notifying
the Court, the Government has notified a number of senior Executive Branch
officials about these compliance matters. Officials who have received such
notification include the President's Intelligence Oversight Board, the Director
of National Intelligence, NSA's Inspector General, and the Under Secretary
of Defense for Intelligence. My office is also prepared to brief the Committee
on these matters at the Committee's convenience.
(U) Should you have any questions, lease contact Jonathan E. Miller,
Associate Director of Legislative Affairs, at
vrl!.;c!~
General Counsel
Copy Furnished:
Minority Staff Director, House Permanent
Select Committee on Intelligence
2
'f'OP SECRE'f'7'/COMUft'/fl~OFOIDq=
(fS//SV/NF) FAA Certification Renewals With Caveats
2011-10-12 0850
(fS//Sl//NF) The FISA Comt signed the 20 11 FAA Certifications on 3 Oct 2011 -these
are valid until 2 Oct 2012, pennitting SSO FAA-authorized accesses to continue
operations. However, in the 80-page opinion, the judge ordered certain "upstream" or
"passive" FAA DNI collection to cease after 30 days, unless NSA implements solutions
to conect all deficiencies identified in the opinion document. PRISM operations are not
affected by these caveats. All PRISM providers, except Yal10o and Google, were
successfully transitioned to the new Certifications. We e>..'}Ject Yal10o and Google to
complete transitioning by F1iday 6 Oct. Regarding the non-PRISM FAA collection
programs, the Comt cited targeting and minimization procedures related to collection of
Multiple Conununications Transactions as "deficient on statut01y and constitutional
grotmds." SSO, Teclmology Directorate, OGC, and other organizations are coordinating a
response, which includes plruming to implement a conse1vative solution in which the
higher-risk collection will be sequestered. It is possible that this higher risk collection
contains much of the non-duplicative FAA collection resulting in FAA repo1ting from
upstream accesses. This solution is designed to comply with the judge's order; however,
the judge will have to dete1mine if it does. If the solution is installed, SSO will then work
with OPis and OGC to modify the solution over time such that the filte1ing process will
be optimized to pennit more valid collection to be processed and f01warded to OPis.
Finally, in parallel with these efforts, the OGC is contemplating filing an appeal to the
ruling.
I'IA I NAL C,~
1-(
( E NTRA SE '- URIT
'w
25 June 20l3
The Honorable Ron Wyden
United States Senate
221 Dirksen Senate Office Building
Washington, DC 20510
The Honorable Mark Udall
United States Senate
328 Hart Senate Office Building
Washington, DC 2051 0
Dear Senators Wyden and Udall:
Thank you for your letter dated 24 June 2013. After reviewing your letter, I agree that
the fact sheet that the National Security Agency posted on its website on 18 June 2013 could
have more precisely described the requirements for collection under Section 702 of the FISA
Amendments Act. This statute allows for "the targeting of persons reasonably believed to be
located outside the United States to acquire foreign intelligence information." 50 U.S.C.
188 J(a). The statute provides several express limitations, namely that such acquisition:
(1)
may not intentionally target any person known at the time of acquisition to be located
in the United States;
(2)
may not intentionally target a person reasonably believed to be located outside the
United States if the purpose of such acquisition is to target a particular, known person
reasonably beHeved to be in the United States;
(3)
may not intentionally target a United States person reasonably believed to be located
outside the United States;
(4)
may not intentionaiJy acquire any communication as to which the sender and all
intended recipients are known at the time of acqu1sition to be located in the United
States; and
(5)
shall be conducted in a manner consistent with the fourth amendment to the
Constitution of the United States. 50 U.S.C. 1881(b).
With respect to the second point raised in your 24 June 2013 letter, the fact sheet did not
imply nor was it intended to imply "that NSA has the ability to determine how many American
communications it has collected under section 702, or that the law does not allow the NSA to
deliberately search for the records of particular Americans.,. As you correctly state, this point
has been addressed publicly. 1 refer you to unclassified correspondence from the Director of
National Intelligence dated 26 July 2012 and 24 August 2012.
NSA continues to support the effort Jed by the Office of the Director of National
Intelligence and the Department of Justice to make publicly available as much information as
possible about recently disclosed intelligence programs, consistent with the need to protect
national security and sensitive sources and methods.
£;t~oe
General; U.S. Army
Director, N SNChief, CSS
Copies Furnished:
The Honorable Dianne Feinstein
Chairman, Select Committee on Intelligence
The Honorable Saxby Chambliss
Vice Chairman, Select Committee on IntelJigencc
11/13/13
Grassley Presses for Details about Intentional Abuse of NSA Authorities
Article
For Immediate Release
August 28, 2013
Grassley Presses for Details about Intentional Abuse of NSA Authorities
WASHINGTON – Senator Chuck Grassley, Ranking Member of the Senate Judiciary Committee,
is asking the Inspector General of the National Security Agency (NSA) to provide additional
information about the intentional and willful misuse of surveillance authorities by NSA employees.
He’s also asking for the Inspector General to provide as much unclassified information as possible.
The Senate Judiciary Committee has oversight jurisdiction over the Foreign Intelligence Surveillance
Act (FISA) and the intelligence courts that fall under the act’s authority.
“The American people are questioning the NSA and the FISA court system. Accountability for
those who intentionally abused surveillance authorities and greater transparency can help rebuild that
trust and ensure that both national security and the Constitution are protected,” Grassley said.
The text of Grassley’s letter is below.
August 27, 2013
Dr. George Ellard, Inspector General
National Security Agency
Office of the Inspector General
9800 Savage Road, Suite 6247
Fort Meade, MD 20755
Dear Dr. Ellard:
I write in response to media reports that your office has documented instances in which NSA
personnel intentionally and willfully abused their surveillance authorities.
For each of these instances, I request that you provide the following information:
(1) The specific details of the conduct committed by the NSA employee;
(2) The job title and attendant duties and responsibilities of the NSA employee at the time;
(3) How the conduct was discovered by NSA management and/or your office;
(4) The law or other legal authority – whether it be a statute, executive order, or regulation – that
your office concluded was intentionally and willfully violated;
(5) The reasons your office concluded that the conduct was intentional and willful;
www.grassley.senate.gov/news/Article.cfm?RenderForPrint=1&customel_dataPageID_1502=46858
1/2
11/13/13
Grassley Presses for Details about Intentional Abuse of NSA Authorities
(6) The specifics of any internal administrative or disciplinary action that was taken against the
employee, including whether the employee was terminated; and
(7) Whether your office referred any of these instances for criminal prosecution, and if not, why
not?
Thank you for your prompt attention to this important request. I would appreciate a response by
September 11, 2013. I also request that you respond in an unclassified manner to the extent
possible.
Sincerely,
Charles E. Grassley
Ranking Member
cc: Honorable Patrick Leahy, Chairman
© 2008, Senator Grassley
www.grassley.senate.gov/news/Article.cfm?RenderForPrint=1&customel_dataPageID_1502=46858
2/2
TOP SECRET//Sl!/ORCONtiNOF
.. . ~ Hotmall'
G~..J il
.
.'' '
.
GoL~gle
.
"'-7.AHOOJ
~..~
'
(f$//S PRISM Tasking Process
VINF)
'~"~s
~.-...v
Target Analyst inputs selectors into
Unified Taraetina Tool IUm
Pendln
swvelllanc
52 FAA Adjudicators in Each Product line
TargeUng RevlewiYaUdatlon
scoted Comms
Special FISA Oversight and Processing
(SV4)
Stored comms RMew Noti<S&tiOn
survelll&nee _ ,. ~
~ .;
-
Pendi ng StOfed Comms
Targeting and Mission Management ($343)
Final Targeting Review .-nd Relent
I
Unified Targetin g Tool (UTT)
J,
J,
PRINTAURA; Site Selector
Distribution Manager
Surveillance _ ,.
~
- Pencttng Scoted Comms
FBI
Electtonlc communlcaUons survellr
anc:e Unit (ECSU)
Restareh & V&I«Sate NO USPER$
Providers
(Google,
Yahoo, etc.)
Targeting
Sel•e:tors
J,.;-
StOfed Comms Release
FBI
Data Intercept Technology Unit (DITU)
Collection
Collection
PINWALE,
NUCLEON,
etc.
~
TOP SECRET//Sli/ORCON//NOFORN
TOP SECRET/tS I//ORCONtfNOI~
G~.. ir liiilil
'\1 Hotmall'
Coogle
""" AHOO,
y
~
<TS//SIIfNF> PRISM
,. ,.. •
pa talk4'1!
Y
ouiim
t-"""'li :_] --·-· -mail ~
Collection Dataflow
.,
I
I
I
I
I
I
I
IIIII
t roce:ssing
I
I
: FAA
:r'artitions
:
TOP SECRET//SJI/ORCON/fNOFORN :
-------------------------------------~
TOP SECRET//Slt/ORCON/INOF
~~~
G.~.. .
1(
· · ··•
(TS//Sl/INF)
~ Hotmail"
Google
....YAEOOf • ~
~ paltalkfll
Younll'!'
II:W
mail /),
-·-- -~
t.:' \ , . -
AOL
PRISM Case Notations
P2ESQC120001234
.----T
PRISM Provider
P1: Microsoft
P2:Yahoo
P3: Google
P4 : Facebook
PS: PaiTalk
P6:YouTube
P7: Skype
PS: AOL
PA: Apple
I
1:~~_)
J,
L'
Fixed trigraph , denotes
PRISM source collection
c
__;
~
Year CASN established
for selector
~
I
Serial #
I
Content Type
L
)
A: Stored Comms (Search)
B: IM (chat)
.
C: RTN-EDC (real-time notification of an e-mail event such as a logon
or sent message)
O: RTN-IM (real-time notification of a chat login or logout event)
E: E-Mail
F:VoiP
G: Full (WebForum)
H: OSN Messaging (photos, wallposts, activity, etc.)
1 OSN Basic Subscriber Info
:
J: Videos
. (dol): Indicates multiple types
TOP SECRET//SII/ORCONl : 'OFORJ'-1
TOP SECRETttSVIORCON/INOt~ ~ Hotmall'
e M 1 liiliiiil
1
(TS//SV/NF)
Ccx'lgle
YA.Hoor
a
•
REPRISMFISA TIPS
COUNTERTERRORISM
REPRISMfiSA
~... \ 1 p~~~
\(k
.J.!!.U
U! .Oln." W': p) o!t • I wel,)~,.::tj
PRISN ENTRIES
'l ~··
...
~ ~~ter-bdo'w
~
• -(4- •
v... ,
I
""'1t o<
• Sfof,.. .... ~,
· ~<:;>!
t¥'1
e. M4n~f~::o u. .. 1:>~1-'olo ~ c1
. ..._ .,
...
'"""'""'""
' ' ' '"" t ()l.;> l((lo..• "'l · ~ ,.,..vcr. ,,..,.~ ' " ""' '"''
•
,.( PII ...Mtt'.,, '"'''''' "8. " ' " ""• f ·MAO
f
ll'lot fi( I'W,Mfi:.A f Uf> ("(;.....C.>\1
Prism Cun ent Entries
v
talk"'~
You lim
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
