For the Civil Rights Litigation Clearinghouse collection of FISA matters, see our special collection
On November 18, 2013, the Director of National Intelligence authorized the declassification and public release of numerous orders approving the National Security Agency's ("NSA") so-called "Bulk Internet Metadata Program" under Section 402 of the Foreign Intelligence Surveillance Act of 1978 ("FISA"), commonly referred to as the Pen Register and Trap and Trace (PR/TT) provision, or Section 214 of the USA PATRIOT Act. Press release available here
. On August 11, 2014, the Director of National Intelligence authorized another declassification and public release of additional documents regarding the now-discontinued NSA Bulk Electronic Communications Metadata Program pursuant to Section 402 of FISA. Press release available here
Under the program, the NSA collected records from large telecommunication companies about electronic communications metadata. These records included the "to," "from," "cc," and "bcc" lines of an email and the email's time and date. The program did not authorize the collection of content of any electronic communications. Once collected, the records were stored for several years and were authorized to be queried, used, and disseminated only in accordance with "minimization rules" proposed by the government and approved by the Foreign Intelligence Surveillance Court ("FISC"). The most basic aspect of the minimization rules was that the metadata records were to be queried only when there was a reasonable suspicion, based on specific and articulated facts, that the identifier used as the basis for the query was associated with specified foreign terrorist organizations.
NSA collection of email metadata began in 2001, as part of the "President's Surveillance Program." Apparently the government took the position that internet metadata could be collected lawfully without court order because the NSA did not actually "acquire" communications until particular items were selected for review, after they showed up via query. But after Department of Justice lawyers raised objections to this theory, and accordingly to the program's legality, the Attorney General sought judicial ratification of the internet metadata program under the FISA pen/trap provisions, and the FISA Court blessed it in an order dated July 14, 2004. Except for a brief period in 2009, the FISC reauthorized the program approximately every 90 days until the Obama administration discontinued it in 2011. As of April 2014, only three FISC opinions and four FISC orders related to the internet metadata collections program have been released. All the opinions and orders have been significantly redacted. They nonetheless explain a good deal about how the program worked.
The volume of material collected was "enormous" from its beginning, as the first of these opinions explains. At the start, the government aimed "to build a meta data archive that will be, in relative terms, richly populated with [redacted] related communications." As the Court reported the government's initial intentions, "[s]ome proportion of these communications-less than half, but still a huge number in absolute terms-can be expected to be communications [redacted] who bear no relation to [redacted]." In 2009 or 2010, however, the government "in comparison with prior dockets, [sought] authority to acquire a much larger volume of metadata at a greatly expanded range of facilities." The growth in volume and scope included extending collection beyond the "streams of data with a relatively high concentration of Foreign Power communications" that had previously been the focus. Until the program ended, in 2011, the pen/trap bulk collection began to reach "electronic communications, the vast majority of which, viewed individually, are not relevant to the counterterrorism purpose of the collection, and many of which involve United States persons."
The FISC initially approved the internet metadata program in 2004 in an opinion by Judge Colleen Kollar-Kotelly under docket PR-TT [redacted], NS-DC-0028
in this Clearinghouse.
The government first began reporting compliance issues with the internet metadata collection program in February 2009, described in NS-DC-0063
in this Clearinghouse. The government and the FISC continued to address the compliance incidents in May 2009 in NS-DC-0064
, in this Clearinghouse. Despite these compliance issues, the FISC continued to grant renewed authorization for the collection of internet metadata in both February and May.
The next application for renewed authority came in June 2009, and on June 22, FISC Judge Reggie Walton granted renewed authority but imposed additional reporting requirements and minimization procedures. This ruling also applied to FISA docket BR 09-06 NS-DC-0013
in this Clearinghouse, which dealt with the bulk telephony metadata program. (The ODNI publicly released two different versions of this ruling for each of the two dockets. The text of each ruling is identical, but different portions have been redacted. You can see the alternate version under NS-DC-0013
In the June 22 opinion
, Judge Walton addressed the continued compliance issues. First, Judge Walton reviewed the Court's May 29, 2009, order
requiring the government to provide additional information regarding compliance issues. In particular, Judge Walton reviewed the section addressing the government's disclosure that unauthorized NSA analysts had accessed the metadata and then subsequently disseminated that information outside the NSA. That order required the NSA to submit a declaration providing a complete description of the NSA's data dissemination practices and a correction regarding inaccuracies in required reports. However, Judge Walton ultimately concluded unauthorized analysts could access the results of authorized queries as long as those unauthorized analysts had received appropriate and adequate training and guidance regarding all rules and restriction governing the use, storage, and dissemination of such information.
Second, Judge Walton addressed an additional compliance issue that was raised in the government's responses to the Court's May 29 Supplemental Order. The government disclosed that that NSA has generally failed to adhere to the special dissemination restrictions originally proposed by the government, repeatedly relied upon by the Court in authorizing the collection of the PR-TT metadata, and incorporated into the Court's orders as binding on the NSA. Specifically, the NSA disseminated outside the NSA U.S. person information derived from the PR-TT metadata without first determining that the information was related to counterterrorism information and was necessary to understand the counterterrorism information or to assess its importance as required by the Court's orders.
Third, Judge Walton addressed an additional compliance issue that was raised in the government's responses to the Court's May 29 Supplemental Order. This issue also implicated the collection of bulk business records which had last been renewed by the Court in Docket No. BR 09-06, NS-DC-0013
, in this Clearinghouse. The government disclosed that the NSA had uploaded unminimized results of some queries of metadata collected into a database to which other intelligence agencies had access. The government did assert that the NSA had terminated access by outside agencies to the database at issue on June 12, 2009.
To address these second and third issues, Judge Walton ordered the NSA to file weekly reports listing each instance in which information obtained from the internet metadata collection was shared outside the NSA. Furthermore, the NSA was required to perform an end-to-end review of the program and an explanation why the government permitted dissemination of U.S. person information outside NSA. The order also permitted non-authorized NSA analysts to receive unminimized query results for a 20-day period because it was critical to the success of NSA's counterterrorism mission.
Additionally, the version of this ruling released under the PR/TT docket appends a second ruling addressing the creation and use of "defeat lists." The Court found the continuation of the defeat list practice was reasonable and appropriate for metadata reduction and management in contact-chaining repositories.
On August 17, 2009, the government submitted a verified memorandum
of law in response to the FISC's supplemental order. The memorandum is heavily redacted, but generally argues that the FISC should continue to approve pen register applications. The memorandum analyzes the language of FISA, including the changing definition of "pen register," and the legislative history of FISA.
Ninety days after this matter's primary order on June 22, 2009, it was time for the government to apply for renewed authority. We do not have the application that the government submitted, and the government did not submit a final application. Instead, the October 2009 matter, NS-DC-0065
in this Clearinghouse, includes a report by the government and then Judge Walton's supplemental order ordering the government to stop collecting new metadata and to stop accessing all metadata previously collected, whether authorized or beyond the scope of authorization.Elizabeth Homan - 04/27/2014
Jessica Kincaid - 02/02/2015