Monday, November 18, 2013

In June of this year, President Obama directed me to declassify and make public as much information as possible about certain sensitive programs while being mindful of the need to protect sensitive classified intelligence activities and national security. Since then, I have authorized the declassification and public release of numerous documents pertaining to the government's collection under Sections 501 and 702 of FISA.



Today I authorized the declassification and public release of additional documents relating to collection under Section 501, bringing the total to nearly 2000 pages of documents released to the public so far, including 20 orders and opinions of the Foreign Surveillance Court, 11 pleadings and other documents submitted to the Court, 24 documents provided to Congress, and 20 reports, training slides, and other internal documents describing the legal basis for the programs and how they operate. The information released today includes a number of internal NSA documents, training slides and internal guidance, which demonstrate the care with which NSA's foreign intelligence collection pursuant to Section 501 is run, managed, and overseen. Also included is the United States Signals Intelligence Directive 18 which details policies and procedures to ensure NSA's missions and functions are conducted in a manner that safeguards the constitutional rights of U.S persons, and two opinions from the Foreign Intelligence Surveillance Court concerning a now-discontinued NSA bulk electronic communications metadata program. These documents were properly classified and their declassification was not done lightly.



Release of these documents reflects the Executive Branch's continued commitment to making information about this intelligence collection program publicly available when appropriate and consistent with the national security of the United States. Additionally, they demonstrate the extent to which the Intelligence Community kept both Congress and the Foreign Intelligence Surveillance Court apprised of the status of the collection program under Section 215. Some information has been redacted because these documents include discussion of matters that continue to be properly classified for national security reasons and the harm to national security would be great if disclosed. These documents will be made available at the website of the Office of the Director of National Intelligence and at ICOntheRecord.tumblr.com, the public website dedicated to fostering greater public visibility into the intelligence activities of the U.S. Government.



James R. Clapper

Director of National Intelligence

Today's Releases

Training. The documents released today include a number of internal NSA documents, including training slides and internal guidance. These documents explain in detail rules that have been put in place to ensure compliance with the law and to protect privacy rights in conducting the NSA's signals intelligence mission. Together, these documents demonstrate the care with which NSA's foreign intelligence collection pursuant to Section 501 is run, managed, and overseen. Each of the training documents details the efforts that NSA makes to ensure that the restrictions under which NSA operates are ingrained in the workforce charged with implementing the authority granted by Congress and authorized by the FISC.



Minimization Procedures. In addition, as part of the Government's continuing effort to provide the public with additional information about how NSA conducts its activities, the DNI is publicly releasing United States Signal Intelligence Directive 18. This directive details policies and procedures designed to ensure that NSA's missions and functions are conducted as authorized by law and in a manner that is consistent with the Fourth Amendment to the Constitution. The directive sets forth the minimization policies and procedures regarding NSA's SIGINT activities, including the rules for the collection, retention, and dissemination of information about U.S. persons.



Electronic Communications Metadata Collection Opinions. Finally, the DNI has authorized the declassification and public release of two opinions of the FISC concerning a now-discontinued NSA bulk electronic communications metadata program. The FISC authorized this program under Section 402 of FISA, the Pen Register and Trap and Trace (PR/TT) provision. Previous public releases by the DNI, including the FISC's opinion from October 3, 2011, referenced this program, and the fuller explanation of the program provided by today's release extends the DNI's commitment to providing greater transparency for FISA activities. Except for a brief period, the FISC reauthorized this program approximately every 90 days from its inception until it was discontinued in 2011. Throughout its operation, the program was briefed to the Intelligence and Judiciary Committees of Congress and generally referenced in the then-classified white papers provided to Congress during reauthorization of the USA PATRIOT Act in 2009 and 2010.



The discontinued PR/TT program shared certain similarities to the NSA's bulk telephony metadata programâthe subject of previous releasesâin that the PR/TT program sought only the metadata associated with electronic communications and not their content; moreover, querying the metadata for both programs was permitted only for authorized counterterrorism purposes. Additionally, both programs operated with similar access, retention, and dissemination restrictions proposed by the Government and approved by the FISC. Given these operational similarities, many of the documents released today address both programs, sometimes side by side, even though, as noted above, the PR/TT program was conducted pursuant to a different legal authority from that authorizing the NSA's bulk telephony metadata program. At all times, the PR/TT program collected metadata from only a small percentage of world wide electronic communications traffic.

Additional Information on the Discontinued PR/TT Program

The Program



Under the now-discontinued PR/TT program, the FISC, after finding that the Government's applications satisfied the requirements of FISA and the Constitution, approved orders that enabled the Government to collect electronic communications metadata, such as the âto,â âfrom,â and âccâ lines of an email and the email's time and date. This program did not authorize the collection of the content of any electronic communications. Under this program, NSA could not read the content of any electronic communications for which the metadata was acquired. Like NSA's bulk telephony metadata program, this program was subject to several restrictions approved by the FISC, such as:



The information had to be stored in secure databases.

The information could be used only for counterterrorism purposes.

The databases could be queried using an identifier such as an email address only when an analyst had a reasonable and articulable suspicion that the account or email address was associated with certain specified foreign terrorist organizations that were the subject of FBI counterterrorism investigations. The basis for that suspicion had to be documented in writing and approved by one of the 22 designated approving officials identified in the Court's Order. Moreover, if an identifier was reasonably believed to be used by a United States person, NSA's Office of General Counsel would also review the determination to ensure that suspected association was not based solely on First Amendment-protected activities.

NSA was required to destroy the bulk metadata after a set period of time.

The Documents Released



The first PR/TT document released today is an opinion and order from the FISC that carefully analyzed and approved the Government's application to initiate this collection program. The Court's detailed 87-page opinion and 18-page order demonstrate the Court's searching and exhaustive review of the proposed program prior to its implementation. The opinion not only details the program's legal basis but also explains the procedures that NSA was required to follow in administering the program. The Court concluded that the NSA collection program was permissible under both FISA and the Constitution.



The second PR/TT document released today is a 117-page FISC opinion, which authorized NSA to re-initiate the program following the Government's suspension of the program for several months to address compliance issues identified by the Government and brought to the Court's attention. As the Court's opinion explains, these incidents involved three general categories of compliance issues: (1) access to the metadata; (2) disclosure of query results and information derived from them; and (3) overcollection. Because of the significance and complexity of these incidents, the Government did not seek an order from the FISC to renew the program when it expired on its normal schedule, thus essentially suspending the program for several months. As detailed in the opinion released today, the Government addressed these concerns during that period and, after a careful review, the FISC approved the Government's application to resume collection on a modified basis.



As previously stated, this electronic communications metadata bulk collection program has been discontinued. The Intelligence Community regularly assesses the continuing operational value of all of its collection programs. In 2011, the Director of NSA called for an examination of this program to assess its continuing value as a unique source of foreign intelligence information. This examination revealed that the program was no longer meeting the operational expectations that NSA had for it. Accordingly, after careful deliberation, the Government discontinued the program.



Both of these opinions contained extensive technical discussions of the particular means by which the collection was to be accomplished, particular targets of the collection, and other sensitive intelligence matters that must remain classified. Accordingly, they are being released in redacted form.

Executive Branch Initiatives

Upon discovery in 2009 of longstanding compliance issues associated with NSA's electronic communications and telephony bulk metadata collection programs, NSA recognized that its compliance and oversight structure had not kept pace with its operational momentum and the evolving and challenging technological environment in which it functioned. NSA, in close coordination with the Office of the Director of National Intelligence and the Department of Justice, therefore undertook significant steps to address these issues from a structural, managerial, and training perspective. The Director of NSA ordered comprehensive reviews of both of these collection programs to ensure that they were being implemented in accordance with all applicable legal requirements. Concurrently, NSA created the position of Director of Compliance to focus on the NSA-wide structural, managerial, and training improvements necessary to keep NSA's activities consistent with the law, policies, and procedures designed to protect privacy.



NSA continues to enhance training for both operational and technical personnel. NSA has added additional technology-based safeguards and has implemented procedures to ensure accuracy and precision in its filings before the FISC. NSA has also enhanced its oversight coordination with the Office of the Director of National Intelligence and the Department of Justice. NSA's senior leadership is directly involved in and responsible for compliance efforts across NSA, including regular senior leadership reviews of NSA's privacy compliance program.



Since 2009 and the discovery of the compliance incidents related to NSA's bulk metadata programs, the Government has continued to increase its focus on compliance and oversight. Today, NSA's compliance program is directly supported by over three hundred personnel, a threefold increase in just four years. This increase was designed to address changes in technology and authorities enacted as part of the FISA Amendments Act to confront evolving threats. This increase also reflects the commitment on the part of the Intelligence Community and the rest of the Government to ensuring that its intelligence collection activities are conducted responsibly and in accordance with the law.



The Government continues to evaluate whether additional information concerning the use of FISA authorities can be made public, consistent with protecting national security.

LIST OF RELEASES



Reports to Congress

The Attorney General's Annual Reports on Requests for Access to Business Records under FISA for Years 2006-2012



April 10, 2009 NSA notification memorandum to SSCI on the status of the on-going NSA-initiated end-to-end review of its bulk telephony metadata programs conducted pursuant to Section 501 of FISA, and bulk electronic communications metadata program conducted pursuant to Section 402 of FISA.



June 29, 2009 NSA notification memorandum to SSCI on the status of the on-going NSA-initiated end-to-end review of its bulk telephony metadata program conducted pursuant to Section 501 of FISA, and bulk electronic communications metadata program conducted pursuant to Section 402 of FISA.



December 1, 2010 NSA memorandum to SSCI explaining that NSA does not acquire cell site location information pursuant to the bulk electronic communications metadata program, and with the exception of a limited sampling for testing purposes, does not acquire such information pursuant to the bulk telephony metadata program.



Production to Congress of a May 23, 2006 Government Memorandum of Law in support of its Application to the FISC for authorization to conduct bulk telephony metadata collection under Section501 of FISA. Included with the Memorandum of Law is a copy of United States Signals Intelligence Directive 18 (USSID 18), which prescribes policies and procedures, and assigns responsibilities, to ensure that NSA's signals intelligence activities are conducted in a manner that is appropriate under the Fourth Amendment to the Constitution.



April 27, 2005 Prepared Testimony from Alberto R. Gonzales, Attorney General of the United States, and Robert S. Mueller, III, Federal Bureau of Investigation, United States Department of Justice Before the Select Committee on Intelligence discussing the government's use of USA PATRIOT Act authorities in combating international terrorism.

FISC Submissions, Opinions and Orders

Opinion of the FISC granting the Government's application seeking the collection of bulk electronic communications metadata pursuant to Section 402 of FISA, the Pen Register and Trap and Trace (PR/TT) provision.



Opinion of the FISC granting the Government's application seeking to re-instate NSA's bulk electronic communications metadata program following the Government's suspension of the program for several months to address compliance issues identified by the Government and brought to the Court's attention.



Order and Supplemental Order of the FISC in response to the Government's reporting of a compliance incident related to NSA's dissemination of certain query results discovered during NSA's end-to-end review of its bulk telephony metadata program, and ordering the Government to report on a weekly basis, any disseminations of information from that program outside of NSA and provide further explanation of the incident in its final report upon completion of the end-to-end review.



July 17, 2006 Court-ordered NSA Inspector General and General Counsel report on the adequacy of the management controls for the processing and dissemination of U.S. person information collected under NSA's bulk telephony metadata program. The report finds that although the NSA-designed management controls governing the processing, dissemination, security, and oversight of telephony metadata and U.S. person information are adequate, several aspects exceed the terms of the Court's Order, and proposes additional controls to enhance the protection of US person information.



August 17, 2006 NSA Presentation for the FISC regarding NSA's bulk telephony metadata program pursuant to Section 501 of FISA, and notification of two compliance issues concerning the collection.



September 1, 2009 NSA Presentation for the FISC regarding NSA's bulk telephony metadata program pursuant to Section 501 of FISA for the purpose of demonstrating NSA's compliance with the Court's Orders, and NSA's operational use of the bulk telephony metadata program in its counterterrorism missions while appropriately protecting privacy.



September 5, 2006 Cover filing submission to the FISC of the standard minimization procedures governing the retention and dissemination by the Federal Bureau of Investigation of information received by FBI pursuant to Section 501 of FISA.



May 8, 2009 Government Memorandum to the FISC providing preliminary notice of a compliance incident identified during the ongoing NSA-initiated end-to-end review of NSA's bulk telephony metadata program under Section 501 of FISA.



July 20, 2009 Order of the FISC approving the Government's request for authorization to provide the application and orders in docket number BR 06-05 to congressional committees consistent with the Government's congressional reporting requirements.

NSA Internal Procedures, Guidance, and Training Materials

United States Signals Intelligence Directive 18 (USSID 18) dated July 27, 1993, which prescribes policies and procedures designed to ensure that NSA's missions and functions are conducted as authorized by law in a manner that is consistent with the Fourth Amendment to the Constitution. The directive sets forth the minimization policies and procedures regarding NSA's SIGINT activities, including the rules for the collection, retention, and dissemination of information about U.S. persons.



United States Signals Intelligence Directive 18 (USSID 18) dated January 25, 2011, which prescribes policies and procedures designed to ensure that NSA's missions and functions are conducted as authorized by law in a manner that is consistent with the Fourth Amendment to the Constitution. The directive sets forth the minimization policies and procedures regarding NSA's SIGINT activities, including the rules for the collection, retention, and dissemination of information about U.S. persons.



Undated PowerPoint slide describing the requirements for verifying that only metadata, and not content, is collected consistent with Court order.



Undated NSA summary of requirements for the collection of bulk telephony metadata under Section 501 of FISA



January 8, 2007 NSA web--based training slides on NSA's bulk telephony metadata program pursuant to Section 501 of FISA. Topics include: 1) Court-ordered requirements; 2) the reasonable articulable suspicion (RAS) standard; 3) First Amendment considerations; and 4) Minimization procedures governing the accessing, sharing, retention, and dissemination of information.



January 8, 2007 Interim Competency Test for NSA analysts on legal and compliance issues concerning queries of bulk telephony metadata acquired by NSA pursuant to Section 501 of FISA.



January 8, 2007 NSA PowerPoint presentation, designed for use by NSA personnel with access to the bulk telephony metadata acquired by NSA pursuant to Section 501 of FISA, for purposes of performing analytical functions, including:

(1) Court-ordered requirements;

(2) The reasonable articulable suspicion (RAS) standard;

(3) First Amendment considerations; and

(4) Minimization procedures governing the accessing, sharing, retention, and dissemination of information.

August 2009 NSA Cryptological School Course on Legal, Compliance, and Minimization Procedures. These course materials, designed for NSA personnel provided access to bulk telephony and electronic communications metadata acquired pursuant to Section 501 of FISA and Section 402 of FISA respectively, include:





(1) Background on constitutional constraints under the Fourth Amendment for NSA collection activities;

(2) Legal framework and applicable standards for collection, retention, dissemination of information under FISA and Executive Order 12333;

(3) Guidance on collection, processing, retention, and dissemination of information under United States Signals Intelligence Directive 18 (USSID 18); and

(4) Oversight and compliance issues relating to access and use of SIGINT databases and information.

August 29, 2008 NSA memorandum providing guidance on NSA policy as to the applicable legal standards for querying bulk telephony metadata acquired pursuant to Section 501 of FISA, and bulk electronic communications metadata acquired pursuant to Section 402 of FISA.



September 2008 Attorney General's Guidelines for Domestic FBI Operations, which establishes the framework for the use of authorities and investigative methods to protect the United States from terrorism and other threats to the national security, and to further United States foreign intelligence objectives, in a manner consistent with the Constitution and laws of the United States.



NSA Core Intelligence Oversight Training materials relating to NSA signals intelligence collection activities, including:

(1) Executive Order 12333; (2) December 1982 DOD Procedures Governing the Activities of DOD Intelligence Components That Affect United States Persons (DoD 5240 1-R); (3) NSA/Central Security Service (CSS) Policy 1-23, Procedures Governing NSA/CSS Activities that Affect U.S. Persons, which establishes procedures and assigns responsibilities to ensure that the signals intelligence and information assurance missions of NSA and the Central Security Service are conducted in a manner consistent with the privacy rights of U.S. persons as required by law, executive orders, DOD policies and instructions, and internal policy; and (4) DoD Guidance for Reporting Questionable Intelligence Activities and Significant or Highly Sensitive Matters (DTM 08-052).



2011 NSA Course Materials regarding NSA's bulk telephony metadata program pursuant to Section 501 of FISA, and NSA's bulk electronic communications metadata program pursuant to Section 402 of FISA. These materials contrast the differences between the authorities granted for the two programs, detail the limitations on accuse, use, and retention of information collected under these two programs, and explain the role of the two programs in the context of the broader set of NSA's SIGINT authorities.





