February 25, 2015 / by emptywheel

 

NSA’s Dysfunctional Post-Tasking Checks

I noted this in both my working threads on the NSA, CIA and FBI minimization procedures, but it deserves more attention. Sometime in the last several years, the process by which NSA determines whether something they’ve collected is of a person in the US started going flukey, during certain periods. So now there’s a subset of data that analysts — at NSA, CIA, and FBI — all have to check for foreignness before they use it. That also means there is US person data that has been collected but not properly identified.

All three minimization procedures have a paragraph like this:

In the event that NSA seeks to use any information acquired pursuant to section 702 during a time period when there is uncertainty about the location of the target of the acquisition because the [redacted] post-tasking checks described in NSA’s section 702 targeting procedures, NSA will follow its internal procedures for determining whether such information may be used (including, but not limited to, in FISA applications, section 702 targeting, and disseminations). Except as necessary to assess location under this provision, NSA may not use or disclose any information acquired pursuant to section 702 during such time period unless NSA determines, based on the totality of the circumstances, that the target is reasonably believed to have been located outside the United States at the time the information was acquired. If the NSA determines that the target is reasonably believed to have been located inside the United States at the time the information was acquired, such information will not be used and will be promptly destroyed.

Both the fact that this section appears in the Destruction of Raw Data section in NSA’s SMPs (and not the section dedicated to challenges with upstream collection), and the fact that it appears in both the CIA and FBI SMPs (suggesting this is data they’d be getting in raw format, which they don’t get from upstream collection), suggest that this is general 702 data, not upstream data, where NSA has been known to have had a problem in the past.

The fact that the same paragraph, almost verbatim, shows up in all three places, plus the language about using such data for FISA applications, suggests this language came from or is in the SMPs to keep the FISA Court happy. Indeed, there’s probably a nice FISC opinion that explains how FISC learned that NSA’s targeting process was flawed.

We know this problem was identified sometime between October 2011 and July 2014 because this language doesn’t show up in the 2011 NSA SMPs. There are few things that are identifiable in the Intelligence Oversight Board reports that could be a dysfunction that would merit a FISC order, though there are a number — such as these two redacted paragraphs on Systems Errors in the middle of the FISA section of the Q1 2013 (which covers the last three months of 2012) report that might be such a problem.

Screen Shot 2015-02-25 at 8.56.26 AM

Or perhaps the problem is even more recent, meaning it would have been reported in the 2 years of IOB reports we don’t have.

To be sure, it appears FISC has required that all agencies accessing raw data do the kind of location checks that the failed system would otherwise have done. So US person data won’t be used, it’ll just sit in NSA’s (or CIA or FBI’s) servers until it is discovered.

But this is one of a number of examples we see in the IOB reports (the purge process, which was also not working for a while, is another; that seems to have been or is being fixed with the Master Purge List that appears in these SMPs) where the software checks designed to protect Americans failed. That doesn’t indicate any animus or ill-intent. But it does suggest the complexity of this system continues to result in failures that — regardless of intent — also present a privacy risk.

Copyright © 2015 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2015/02/25/nsas-dysfunctional-post-tasking-checks/