NSA

These SMPs have not changed significantly since they were changed in the wake of the 2011 upstream ruling. The exceptions are:

(1) “of information, including non-publicly available information” was added to the first paragraph. This may suggest NSA is also using publicly available information (which you would think they would anyway, if only to integrate public Twitter and other social media) in their analysis.

(1) The third paragraph (which has a counterpart in FBI SMPs) is new. I wonder whether there have been IG access problems in the past, notably when both FBI and NSA did big 702 IG Reports in 2012?

(2) (f) I’ve added this to the FBI SMPs. But NSA and CIA SMPs, unlike FBI ones, include this language defining what identification means. FBI has been dodging this on other issues as well in recent years (including the illusory 215 SMPs), so I suspect its lack of such language suggests FBI’s interpreting it very narrowly.

(2) (j) Some of these paragraphs now marked unclassified, such as this one, were marked S/SI in 2011. That you Snowden.

(3) (k)(3) This changes an automatic loss of USP rights if someone loses their resident alien status from the 2011 SMPs.

(3) (b)(1) In 2011, this paragraph specified “in processing cycle” in the earliest practicable point, suggesting it may have gotten moved later.

(4) This takes out a paragraph (formerly paragraph 3) on retaining storage tapes.

(4) (1)(a) The “including metadata” language is newly unredacted, as another reference to obtaining metadata from upstream collection also is.

(5) Through these SMPs, including at (b)(1), add language about how to deal with upstream transactions, permitting the use of them if they’re targeted and aren’t all USPs.

(6) Paragraph 4 is the other newly unredacted discussion of metadata use.

(7-8) The destruction paragraphs 3 and 4 are both entirely new. The 2011 stuff seems to reflect a decision at the end of 2011 to destroy its upstream USP transactions. The litigation paragraph reflects some other language elsewhere.

(8) Paragraph e has counterparts in the FBI and CIA SMPs, suggesting there was a significant problem with location tracking. Unless I’m mistaken, that doesn’t show up in IOB reports (as, for example, the purge tool does).

(9) There are more strictures in place for deciding to keep domestic communications.

(10) The last (unnumbered) paragraph on the page adds the ability to share target location.

(11) Note the reference to the Master Purge List, which was a big issue in recent years (because it wasn’t functioning the way it was supposed to).

---

CIA

(1-2) CIA has better repository language than FBI.

(2) Note NCS Director gets to decide to retain things longer than 5 years (though I would assume this would change if Brennan gets his Cyber expansion).

(2) CIA gets to keep unminimized USP data if they “may be a target of intelligence activities of a foreign power.”

(2) As with NSA (though their language is different), the CIA gets to keep USP data if “a United States person has engaged or may be engaging in the unauthorized disclosure of properly classified national security information.” Surely the FBI gets to keep this too, they just describe it differently.

(2) I do believe this USP retention is unique to CIA:

The information concerns corporations or other commercial organizations the deletion of which would hamper the correlation of foreign intelligence information on the same subject;

(3) Amid a slew of USP retention clauses (including one for people who pose a threat of sabotage to any US IC facility, which is problematic), there’s entirely redacted h. My guess is this is about people who facilitate terrorism but who aren’t terrorists (or perhaps who read stuff that is bad).

(3) As with FBI, the metadata paragraph (4a) is fairly broad, and permits copying of all such metadata.

(4) As with FBI, there’s this oblique paragraph (4b) that doesn’t require tracking of queries that don’t get to the underlying FISA data.

(4) CIA, unlike FBI and NSA, explicitly limits the technical database to technical personnel.

(5) CIA has a paragraph like FBI and NSA permitting them to keep data for a year to assess whether they’ve been compromised.

(5) CIA’s Attorney Client paragraph is similar to what FBI’s used to be.

(6) It’s odd that CIA has a long passage on federal translators or technical assistance, whereas NSA has its international one. I’d expect CIA to rely on other governments too (though it does have a foreign govt dissemination section too, of similar length).

(6) Unsurprisingly, CIA has multiple ways to share with foreign governments, all but translation redacted.

(9) Bizarrely, an entire big paragraph is redacted to end the SMPs. It probably deals with USP (or domestically collected) data, by context, but that’s a WAG.