The November NSA Trove III: More Details on the Bulk Telephony Metadata Program

Next in the November NSA Trove: the filling in of some additional detail, and in five different FISC-related documents, regarding the collection and handling, by the NSA, of telephony metadata on a mass scale. In the first, a July 17, 2006 letter, the NSA advises that it is providing---pursuant to a prior order of the FISC---a report to Attorney-General Gonzales from the NSA Inspector General and General Counsel “assessing the adequacy of the management controls for the processing and dissemination of U.S. person information” contained in bulk telephony metadata. The brief report itself finds, in its entirety:

The management controls designed by the Agency to govern the processing, dissemination, security, and oversight of telephony metadata and U.S. person information obtained under the Order are adequate and in several aspects exceed the terms of the Order. However, due to the risk associated with the collection and processing of telephony metadata involving U.S. person information, three additional controls should be put in place, specifically, Agency management should (1) design procedures to provide a higher level of assurance that non-compliant data will not be collected and, if inadvertently collected, will be swiftly expunged and not made available for analysis; (2) separate the authority to approve metadata queries from the capability to conduct queries of metadata under the Order; and (3) conduct periodic reconciliation of approved telephone numbers to the logs of queried numbers to verify that only authorized queries have been made under the Order.

Similar reporting followed, exactly one month later---only this time the filing was made by the executive branch with the FISC itself.  On August 17, 2006, the NSA submitted this report to the court, detailing the methods by which NSA analysts queried telephony metadata between May 24 and August 2, 2006, as well as any reportable issues during that time period, as part of its application for renewal of authority to collect such records. The report first addresses the role of “data integrity analysts,” who access all collected metadata to “assur[e] the quality, accuracy and utility of the information received” before its use by intelligence analysts. These data integrity analysts discovered that while the NSA had guaranteed to the FISC that telephony metadata would not include a caller’s “name, address, or financial information,” approximately one in one hundred thousand records, or 0.001%, included a caller’s credit card number where one was used to make the call, while a smaller number of records included a proper name when one was used to place a collect call. While arguing in a footnote that credit card numbers on their own do not violate the prior FISC order because they do not reveal “anything about the financial situation, purchasing habits, payment record, or any other such private information,” the NSA acknowledged that “there exists a respectable argument that a credit card number is financial information” and so did not make use of this information. Instead, the NSA developed software to mask credit card digits and proper names when collected, and the report describes the complicated efforts by the NSA and the unnamed data provider to prevent future provision of the identifying information. The report goes on to describe the NSA’s procedures when applying the FISC’s previously disclosed “reasonable articulable suspicion” (“RAS”) standard for querying archived data, including a number of factors “militating in favor of using a particular phone number” for querying. These are:

• Contact between the phone number in question and that of a person reasonably believed to be a member or agent of an unnamed group,
• Other contact involving a person reasonably believed to be a member or agent of an unnamed group in which the telephone number in question is conveyed, and
• Open source information indicating a telephone number is used by a person who is reasonably believed to be a member of an unnamed group.

Through various forms of intelligence gathering, the NSA reported that it put together an “alert list” of 3,980 telephone numbers used to automatically query archived data and reveal new contacts. The alert list included both foreign numbers that met the RAS standard and domestic numbers that met the additional requirement that they not be included based solely on activities protected by the First Amendment, as required by the prior FISC order. However, the NSA revealed that there were over 300 domestic numbers on the alert list before the FISC order that were added under a different standard. About half of those numbers were the subject of authorized electronic surveillance, while the other half were added after coming in direct contact with a known foreign seed number. The NSA promised to remove the numbers from that latter category from the alert list. In addition to telephone numbers revealed by the automated alert system, the NSA queried archived data using telephone numbers discovered through other intelligence gathering means that met the FISC’s criteria. Third in our quintet is this document, a cover latter dated September 5, 2006.  In it, then-Attorney General Alberto Gonzales and Department of Justice Counsel for Intelligence Policy James A. Baker describe some attached “interim standard minimization procedures” for retention and dissemination of tangible things by the Federal Bureau of Investigation. In the cover letter, Gonzales indicates three purposes for the minimization procedures: First, minimize retention and prohibit dissemination of Americans’ private information except as is consistent with foreign intelligence needs. Second, require that such private information that is not foreign intelligence information not be disseminated except insofar as their identity is necessary to understand or assess the importance of foreign intelligence information. And third, allow for the retention and dissemination of information for law enforcement purposes. Next, on September 1, 2009, the NSA gave a presentation to the FISC on the agency’s efforts to comply with FISC orders pertaining to the collection and use of business records. While redacting the entirety of the timeline of FISC’s authorization for such collection, the business records workflow diagram, and an operation used as an example of the use of the business records program, the mostly disclosed slides do show the business records process, the analytic workflow, and the structure of oversight and compliance. The most interesting (although not the clearest) of these are the oversight and compliance slides, which show how the NSA’s then-newly created Director of Compliance fits into the overall agency structure. It appears that, based on a “Compliance Structure” diagram, the Director of Compliance participates directly in business records activities and is positioned similarly to the NSA’s Inspector General. Lastly, in this May 8, 2009 letter, the NSD provides the FISC with “preliminary notice of a possible compliance incident regarding the National Security Agency’s (NSA) activities.” The Court had approved an application for tangible things on March 5, 2009; this Order prohibited the government from accessing business records metadata in the relevant docket except “‘for the purposes of ensuring data integrity and developing and testing any technological measures designed to enable NSA to comply with the Court’s orders,’ and for contact chaining and . . . using Court-approved telephone identifiers or, in the case of imminent threat to human life, telephone identifiers that NSA has determined meets the Court’s reasonable articulable suspicion standard.” On April 30, 2009, the NSA informed the NSD that “NSA data integrity analysts place certain BR metadata . . . in a repository” that “NSA has determined should not be queried/tasked.” The next day, the NSD told the NSA to no longer place that information there. On May 4, 2009, NSA informed the NSD that other information was being placed in these repositories, which “a limited number of analysts at NSA . . . use these repositories to determine if a telephone identifier of interest should not be queried/tasked,” even if they were not authorized to do so under the FISC Order. The NSA attempted to block access to the relevant metadata in the repositories, and stated that “it would no longer place BR metadata in repositories for the purposes described above, absent authorization from the Court.” On May 5, 2009, the NSD concurred. The letter concludes with an indication that NSD and the NSA are continuing to investigate the matter, and will inform the Court of the outcome.