For the Civil Rights Litigation Clearinghouse collection of FISA matters, see our special collection
On November 18, 2013, the Director of National Intelligence authorized the declassification and public release of numerous orders approving the National Security Agency's ("NSA") so-called "Bulk Internet Metadata Program" under Section 402 of the Foreign Intelligence Surveillance Act of 1978 ("FISA"), commonly referred to as the Pen Register and Trap and Trace (PR/TT) provision, or Section 214 of the USA PATRIOT Act. Press release available here
. On August 11, 2014, the Director of National Intelligence authorized another declassification and public release of additional documents regarding the now-discontinued NSA Bulk Electronic Communications Metadata Program pursuant to Section 402 of FISA. Press release available here
Under the program, the NSA collected records from large telecommunication companies about electronic communications metadata. These records included the "to," "from," "cc," and "bcc" lines of an email and the email's time and date. The program did not authorize the collection of content of any electronic communications. Once collected, the records were stored for several years and were authorized to be queried, used, and disseminated only in accordance with "minimization rules" proposed by the government and approved by the Foreign Intelligence Surveillance Court ("FISC"). The most basic aspect of the minimization rules was that the metadata records were to be queried only when there was a reasonable suspicion, based on specific and articulated facts, that the identifier used as the basis for the query was associated with specified foreign terrorist organizations.
NSA collection of email metadata began in 2001, as part of the "President's Surveillance Program." Apparently the government took the position that internet metadata could be collected lawfully without court order because the NSA did not actually "acquire" communications until particular items were selected for review, after they showed up via query. But after Department of Justice lawyers raised objections to this theory, and accordingly to the program's legality, the Attorney General sought judicial ratification of the internet metadata program under the FISA pen/trap provisions, and the FISA Court blessed it in an order dated July 14, 2004. Except for a brief period in 2009, the FISC reauthorized the program approximately every 90 days until the Obama administration discontinued it in 2011. As of April 2014, only three FISC opinions and four FISC orders related to the internet metadata collections program have been released. All the opinions and orders have been significantly redacted. They nonetheless explain a good deal about how the program worked.
The volume of material collected was "enormous" from its beginning, as the first of these opinions explains. At the start, the government aimed "to build a meta data archive that will be, in relative terms, richly populated with [redacted] related communications." As the Court reported the government's initial intentions, "[s]ome proportion of these communications-less than half, but still a huge number in absolute terms-can be expected to be communications [redacted] who bear no relation to [redacted]." In 2009 or 2010, however, the government "in comparison with prior dockets, [sought] authority to acquire a much larger volume of metadata at a greatly expanded range of facilities." The growth in volume and scope included extending collection beyond the "streams of data with a relatively high concentration of Foreign Power communications" that had previously been the focus. Until the program ended, in 2011, the pen/trap bulk collection began to reach "electronic communications, the vast majority of which, viewed individually, are not relevant to the counterterrorism purpose of the collection, and many of which involve United States persons."
The FISC initially approved the internet metadata program in 2004 in an opinion by Judge Colleen Kollar-Kotelly under docket PR-TT [redacted], NS-DC-0028
in this Clearinghouse.
In June 2009, Judge Walton had granted the government renewed authority to continuing collecting internet metadata, NS-DC-0029
in this Clearinghouse. Judge Walton allowed the government to continue collection despite the continued compliance issues but ordered the government to provide additional information regarding the issues and to fix the issues.
This matter began in October 2009 when it was time to apply for renewed authority. Sometime before October 31, 2009, the government submitted a preliminary notice
of a potential compliance incident. In the notice, the NSA stated that it had stopped collecting metadata and ceased querying metadata currently in the NSA's database until the compliance issues were resolved.
Along with the notice, the NSA submitted an "end-to-end review" report
that was a thorough system engineering and process review of the Internet Metadata Collection Program. The review included one previously reported compliance issue and eleven newly identified areas of concern, as well as the NSA's minimization and oversight procedure, and the NSA's future architecture.
The government began to apply for renewed authority, but abandoned the application.
Probably on October 30, 2009, Judge Walton issued a Supplemental Order
in response to the government's report and a subsequent application to renew authority and then abandonment of that application. Judge Walton ordered the government to stop collecting new metadata and to stop accessing all metadata previously collected, whether authorized or beyond the scope of authorization. Judge Walton did allow for access in the event of an imminent threat to human life, but required the government to provide a written report describing the circumstances within one business day.
After October 31, 2009, the government submitted a Declaration
of Lieutenant General Keith B. Alexander, Director of the NSA. General Alexander addressed the NSA's implementation of the authorization to collect Internet Metadata. General Alexander described the handling of the metadata, including the practices of sharing query results both within the NSA and with other agencies. General Alexander also described the compliance issues previously identified.
Along with the declaration, the Department of Justice submitted a report
based on the NSA's report submitted earlier. The DOJ's report fully discussed the compliance issues, including (1) the retention of PR-TT metadata beyond the authorized time period; (2) RAS-approval based on attorney general emergency authorization; (3) use of PR-TT metadata [redacted]; (4) improper dissemination of the results of queries to the PR-TT metadata; and a fifth redacted compliance issue. The DOJ also described the NSA's compliance efforts and the issues identified by the Court.
The next ruling, in NS-DC-0030
in this Clearinghouse, was a 117-page opinion (probably) issued in July 2010 by FISC Judge John D. Bates. It reviews the history of the internet metadata program in greater detail, and grants the government's application in part and denies in part.Jessica Kincaid - 01/31/2015