Privacy and Civil Liberties Oversight Board Releases Report on NSA Data Collection Program

Privacy and Civil Liberties Oversight Board Releases Report on NSA Data Collection Program

The Privacy and Civil Liberties Board (PCLOB) released their report on telephone record surveillance under Section 702 of the Foreign Service Intelligence Act.  The report was precipitated by a public hearing held after the release of a report on Section 215 telephone records program and the operation of the FISA court. The analysis is based upon the evaluation of compliance with the statute of Section 702, and the Fourth Amendment. Additionally, attempting to address the treatment of non-U.S. persons in U.S. surveillance programs, the Board reviewed the International Covenant on Civil and Political Rights (ICCPR) and Presidential Policy Directive 28 on Signals Intelligence (PPD-28). The Board identified several areas where privacy could be threatened, and made 10 recommendations:

  1. Targeting and Tasking: The NSA’s targeting procedures should be revised to (a) specify criteria for determining the expected foreign intelligence value of a particular target, and (b) require a written explanation of the basis for that determination sufficient to demonstrate that the targeting of each selector is likely to return foreign intelligence information relevant to the subject of one of the certifications approved by the FISA court. The NSA should implement these revised targeting procedures through revised guidance and training for analysts, specifying the criteria for the foreign intelligence determination and the kind of written explanation needed to support it. We expect that the FISA court’s review of these targeting procedures in the course of the court’s periodic review of Section 702 certifications will include an assessment of whether the revised procedures provide adequate guidance to ensure that targeting decisions are reasonably designed to acquire foreign intelligence information relevant to the subject of one of the certifications approved by the FISA court. Upon revision of the NSA’s targeting procedures, internal agency reviews, as well as compliance audits performed by the ODNI and DOJ, should include an assessment of compliance with the foreign intelligence purpose requirement comparable to the review currently conducted of compliance with the requirement that targets are reasonably believed to be non-U.S. persons located outside the United States.
  1. U.S. Person Queries: The FBI’s minimization procedures should be updated to more clearly reflect actual practice for conducting U.S. person queries, including the frequency with which Section 702 data may be searched when making routine queries as part of FBI assessments and investigations. Further, some additional limits should be placed on the FBI’s use and dissemination of Section 702 data in connection with non–foreign intelligence criminal matters.
  1. U.S. Person Queries: The NSA and CIA minimization procedures should permit the agencies to query collected Section 702 data for foreign intelligence purposes using U.S. person identifiers only if the query is based upon a statement of facts showing that the query is reasonably likely to return foreign intelligence information as defined in FISA. The NSA and CIA should develop written guidance for agents and analysts as to what information and documentation is needed to meet this standard, including specific examples.
  1. FISC Role: To assist in the FISA court’s consideration of the government’s periodic Section 702 certification applications, the government should submit with those applications a random sample of tasking sheets and a random sample of the NSA’s and CIA’s U.S. person query terms, with supporting documentation. The sample size and methodology should be approved by the FISA court.
  1. FISC Role: As part of the periodic certification process, the government should incorporate into its submission to the FISA court the rules for operation of the Section 702 program that have not already been included in certification orders by the FISA court, and that at present are contained in separate orders and opinions, affidavits, compliance and other letters, hearing transcripts, and mandatory reports filed by the government. To the extent that the FISA court agrees that these rules govern the operation of the Section 702 program, the FISA court should expressly incorporate them into its order approving Section 702 certifications.
  1. Upstream & “About” Collection: To build on current efforts to filter upstream communications to avoid collection of purely domestic communications, the NSA and DOJ, in consultation with affected telecommunications service providers, and as appropriate, with independent experts, should periodically assess whether filtering techniques applied in upstream collection utilize the best technology consistent with program needs to ensure government acquisition of only communications that are authorized for collection and prevent the inadvertent collection of domestic communications.
  1. Upstream and “About” Collection: The NSA periodically should review the types of communications acquired through “about” collection under Section 702, and study the extent to which it would be technically feasible to limit, as appropriate, the types of “about” collection.
  1. Accountability and Transparency: To the maximum extent consistent with national security, the government should create and release, with minimal redactions, declassified versions of the FBI’s and CIA’s Section 702 minimization procedures, as well as the NSA’s current minimization procedures.
  1. Accountability and Transparency: The government should implement five measures to provide insight about the extent to which the NSA acquires and utilizes the communications involving U.S. persons and people located in the United States under the Section 702 program. Specifically, the NSA should implement processes to annually count the following: (1) the number of telephone communications acquired in which one caller is located in the United States; (2) the number of Internet communications acquired through upstream collection that originate or terminate in the United States; (3) the number of communications of or concerning U.S. persons that the NSA positively identifies as such in the routine course of its work; (4) the number of queries performed that employ U.S. person identifiers, specifically distinguishing the number of such queries that include names, titles, or other identifiers potentially associated with individuals; and (5) the number of instances in which the NSA disseminates non-public information about U.S. persons, specifically distinguishing disseminations that includes names, titles, or other identifiers potentially associated with individuals. These figures should be reported to Congress in the NSA Director’s annual report and should be released publicly to the extent consistent with national security.
  1. Efficacy: The government should develop a comprehensive methodology for assessing the efficacy and relative value of counterterrorism programs.

Read the full report here.

Contributing Author

Spencer KingSpencer King is the GTSC U.S. Intelligence Community Fellow.  Spencer studied at Audencia Nantes Ecole de Management and at Shenandoah University, where he graduated Cum Laude.  Spencer was the president of the Student Government Association at Shenandoah University.  At Shenandoah University, he worked for the university president’s office on lobbying, governance, and special projects.  Spencer also interned at Wolf Trap, where he facilitated strategic planning, government relations, special initiatives, and board relations/operations.

 

Tags: , , , , , , ,