For the Civil Rights Litigation Clearinghouse collection of FISA matters, see our special collection
On November 18, 2013, the Director of National Intelligence authorized the declassification and public release of numerous orders approving the National Security Agency's ("NSA") so-called "Bulk Internet Metadata Program" under Section 402 of the Foreign Intelligence Surveillance Act of 1978 ("FISA"), commonly referred to as the Pen Register and Trap and Trace (PR/TT) provision, or Section 214 of the USA PATRIOT Act. Press release available here
. On August 11, 2014, the Director of National Intelligence authorized another declassification and public release of additional documents regarding the now-discontinued NSA Bulk Electronic Communications Metadata Program pursuant to Section 402 of FISA. Press release available here
Under the program, the NSA collected records from large telecommunication companies about electronic communications metadata. These records included the "to," "from," "cc," and "bcc" lines of an email and the email's time and date. The program did not authorize the collection of content of any electronic communications. Once collected, the records were stored for several years and were authorized to be queried, used, and disseminated only in accordance with "minimization rules" proposed by the government and approved by the Foreign Intelligence Surveillance Court ("FISC"). The most basic aspect of the minimization rules was that the metadata records were to be queried only when there was a reasonable suspicion, based on specific and articulated facts, that the identifier used as the basis for the query was associated with specified foreign terrorist organizations.
NSA collection of email metadata began in 2001, as part of the "President's Surveillance Program." Apparently the government took the position that internet metadata could be collected lawfully without court order because the NSA did not actually "acquire" communications until particular items were selected for review, after they showed up via query. But after Department of Justice lawyers raised objections to this theory, and accordingly to the program's legality, the Attorney General sought judicial ratification of the internet metadata program under the FISA pen/trap provisions, and the FISA Court blessed it in an order dated July 14, 2004. Except for a brief period in 2009, the FISC reauthorized the program approximately every 90 days until the Obama administration discontinued it in 2011. As of April 2014, only three FISC opinions and four FISC orders related to the internet metadata collections program have been released. All the opinions and orders have been significantly redacted. They nonetheless explain a good deal about how the program worked.
The volume of material collected was "enormous" from its beginning, as the first of these opinions explains. At the start, the government aimed "to build a meta data archive that will be, in relative terms, richly populated with [redacted] related communications." As the Court reported the government's initial intentions, "[s]ome proportion of these communications-less than half, but still a huge number in absolute terms-can be expected to be communications [redacted] who bear no relation to [redacted]." In 2009 or 2010, however, the government "in comparison with prior dockets, [sought] authority to acquire a much larger volume of metadata at a greatly expanded range of facilities." The growth in volume and scope included extending collection beyond the "streams of data with a relatively high concentration of Foreign Power communications" that had previously been the focus. Until the program ended, in 2011, the pen/trap bulk collection began to reach "electronic communications, the vast majority of which, viewed individually, are not relevant to the counterterrorism purpose of the collection, and many of which involve United States persons."
The FISC initially approved the internet metadata program in 2004 in an opinion by Judge Colleen Kollar-Kotelly under docket PR-TT [redacted], NS-DC-0028
in this Clearinghouse.
The government first began reporting compliance issues with the internet metadata collection program in February 2009, described in NS-DC-0063
in this Clearinghouse. The government's reports were prompted by a FISC order to investigate compliance issues in the internet metadata collection program after compliance issues were discovered in the phone metadata collection program under Section 215, described in the FISC matter BR 08-13, NS-DC-0011
in this Clearinghouse. While the government reported issues with the internet metadata collection program, the government also implemented new procedures to correct the issues. As a result, FISC Judge Reggie Walton granted the government's request for authorization for 90 days.
However, compliance issues continued to plague the internet metadata program. Sometime before May 29, 2009, the government submitted a supplemental declaration
of the Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate. The declaration explained that new compliance issues had just come to light--NSA analysts who were not specifically authorized to query the PR/TT metadata nonetheless had access to the results of queries of the PR/TT metadata. These unauthorized analysts also disseminated the results outside the NSA. As a result, the government failed to provide the correct number of all the reports disseminated outside of the NSA in the report included with the government's previous application for renewed authority. The government did not include the reports made by the unauthorized NSA analysts, so the number of reports was actually higher than previously reported. The government promised to provide the corrected number of reports within 30 days.
After reviewing the government's written submissions and holding a hearing on this matter, Judge Reggie Walton concluded that it was appropriate to grant renewal of the authority requested by the government. In his (non-disclosed) order authorizing the renewal, Judge Walton required the government to take steps to address the compliance issues. In addition, on May 29, 2009, Judge Walton issued a supplemental order
requiring the government to take provide additional information and to take other steps in addition to those addressed by the primary order authorizing the renewal.
The government's written submissions included a 90-day report on the three processes used for conducting automated queries of internet metadata collected, including that unauthorized NSA analysts were provided with automated results. This information was new to the Court. In addition, the government reported that one of the three automated querying processes continued for weeks beyond the date on which the government previously assured the Court all automated querying had stopped. To address these issues, Judge Walton ordered the government not to resume automated querying of the PR-TT metadata results without prior approval of the Court.
The government also reported that unauthorized NSA analysts were provided with manual query results. To address this issue, Judge Walton ordered the government to stop sharing the results of properly predicated manual queries with unauthorized NSA analysts.
The government's written submissions also included a preliminary notice of compliance incident that described the NSA's "master list" that is used to purge unwanted information from various NSA data repositories. The DOJ believed that such use of PR-TT metadata, at least in some respects, exceeded the authority granted by the FISC. The government reported that the NSA was no longer using PR-TT metadata to add information to the master list in a manner that violated the Court's orders, but still using the metadata to purge unwanted information from various data repositories. To address this issue, Judge Walton ordered the government to cease using the "master list" or to show cause why the continued use of the master list was necessary and appropriate within 20 days.
Judge Walton also ordered the government to provide a detailed description of the NSA's handling of the PR-TT metadata, including the dissemination of reports to other agencies, in connection with the completion of its end-to-end review. Judge Walton also ordered the government to provide the correct number of reports disseminated outside the NSA.
Before June 18, 2009, the government submitted a response
to the FISC's Supplemental Order, along with a supporting declaration
of the NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate. The government addressed the order to show cause why the NSA's continued use of the master list was necessary and appropriate; to explain why any ongoing use of PR-TT metadata in connection with a particular (undisclosed) topic was consistent with the FISC's orders; and to explain why it was necessary and appropriate to share the unminimized results of properly predicated manual queries of the PR-TT metadata with NSA analysts other than the ones authorized. The government argued that all of these practices were necessary to the success of the NSA's counterterrorism mission. The government still did not have the corrected number of reports disseminated outside the NSA, but promised that it would submit a corrective declaration within the 20 day time frame.
As promised, the government submitted another response
, and the corrective declaration
on June 18, 2009. This declaration provided a complete and updated description of the NSA's dissemination practices, as well as the corrected number of reports disseminated.
By the time the government submitted all of the corrective declarations and reports, it was time to apply for renewed authorization in June 2009, which is described in NS-DC-0029
in this Clearinghouse. This matter includes a FISC primary order issued by Judge Reggie Walton granting the government renewed authorization and government memorandum in response to a non-disclosed FISC supplemental order. Jessica Kincaid - 01/28/2015