UNITED STATES FOREIGN INTELLIGENCE SURVEILLANCE COURT WASHINGTON, no. Docket Number: BR 08-13 application in the above-captioned docket 08-I Specifically, the Court ordered ORDER On December 12, 2008, the Foreign Intelligence Surveillance Court or "Court") re-authorized the government to acquire the tangible things sought by the government in its I produce, on an ongoing daily basis for the duration of the order, an electronic copy of all call detail records or "telephony metadata" created by BR08-13, Primary Order at 4. The Court found reasonable grounds to believe that the tangible things sought are relevant to authorized investigations being conducted by the Federal Bureau of Investigation to protect against international terrorism, which investigations are not being conducted solely upon the basis of First Amendment protected activities, as required by 50 U.S.C. and at 3. In making this finding, the Court relied on the 1845 3; 1862 PRODUCTION 5 MARCH 2009 assertion of the National Security Agency that having access to the call detail records "is vital to counterterrorisrn intelligence mission" because "[t]he only effective means by which NSA are able continuously to keep track 1 an of one of the aforementioned entities [who are taking steps to disguise and obscure their comrnunications and identities], is to obtain and maintain an archive of metadata that will permit - these tactics to be uncovered." BR 08-13, Application Exhibit A, Declaration of Signals Intelligence Directorate Deputy Program Manager' NSA, filed Dec. 11, 2008 Declaration") at 5. NSA also averted that [t]o be able to exploit metadata fully, the data must be collected in The ability to accumulate a metadata archive and set it aside for carefully controlled searches and analysis will substantiall increase NSA's abili to detect and LCL at 5-6. Because the collection would result in NSA collecting call detail records pertaining to of telephone communications, including call detail records pertaining to communications of United States persons located Within the U.S. who are not the subject of any FBI investigation and whose metadata could not otherwise be legallyicaptured in bulk, the government proposed stringent minimization procedures that strictly controlled the 1845 S. 1862 5 MARCH 2009 acquisition, accessing, dissemination, and retention of these records by the NSA and the BR 08-13, Application at 12, 19-28. The Court's Primary Order directed the government to strictly adhere to these procedures, as required by 50 U.S.C. 1861(c)(1). at 4-12, Among other things, the Court ordered that: access to the archived data shall occur only when NSA has identified a known telephone identifier for which, based on the factual and -practical considerations of everyday life on which reasonable and prudent persons act, there are facts giving rise to a reasonable, articulable suspicion that the telephone identifier is associated with p1'0V1 owever1er believed to be used a US. erson shall not be regarded as associated with. so eyon asiso ac v11es a are protected by the First Amendment to the Constitution. Li. at 8 (emphasis added). In response 'to a Preliminary Notice of Compliance Incident dated January 15, 2009, this Court ordered further briefing on the non-compliance incident to help the Court assess whether its Orders should he modified or rescinded; whether other remedial steps should be directed; and - whether the Court should take action regarding persons responsible for any misrepresentations to the Court or violations of its Orders. Order Regarding Preliminary Notice of Compliance Incident Dated January 15, 2009, issued Jan. 28, 2009, at 2. The government timely filed its Memorandum in Response to the Court's Order on February 17, 2009. Memorandum of the United States In Response to the Court's Order Dated January 28, 2009 ("Feb. 17, 2009 'The Court notes that the procedures set forth in the government's application and the Declaration are described in The government's application as "minimization BR 08-13, Application" at 20. - 1845 1852 PRODUCTION 5 MARCH 2009 4160" Memorandum"). A. NSA's Unauthorized' Use Ofthe Alert List 1 The government reported in the Feb. 17, 2009 Memorandum that, prior to the Court's initial authorization on May 24-, 2006 (BR 06-05), the NSA had developed an "alert list process" to assist the NSA in prioritizing its review of the telephony metadata it received. Feb. 17, 2009 Memorandum at 8. Following the Court's initial the NSA revised this alert list process so that it compared the telephone identifiers on the alert list against incoming FISC- authorized Business Record metadata metadata") and SIGINT collection from other sources, 'andinotified NSA's counterterrorisrn organization if there was a match between an identifier on I the alert list and an identifier in the incoming data. Feb. 17, 2009 Memorandum at 9-10. The revised NSA process limited any further analysis of such identifiers using the BR metadata to those telephone identifiers determined to have met the "reasonable articulable suspicion" standard (hereafter "RAS-approved identifiers") set forth above. Id; at 10-1 However, because the alert list included all identifiers (foreign and domestic) that were of interest to counter-terrorism 1 who were charged with trac1>-05, filed Aug. 18, 2006 at 14. Moreover, rather than conducting daily queries of the RAS-approved foreign telephone identifier that originally contacted the domestic number, the domestic numbers were included in the alert list as "merely a quicker and more efficient way of achieving the same Id, at 14 n6. In November 2006, the.NSA reported that it ceased this activity on August 18, 2006. Feb. 17, 2009 Alexander Declaration at 7 n.l. Eur' 7 184-8 1862 PRODUCTION 5 MARCH 2009 --164-M TUP crow//am the program to correct inaccuracies in a draft of the report prepared in August 2006 by a managing attorney in the NSA's Office of General Counsel, despite his request that recipients of the draft "make sure everything I have siad (sic) is absolutely true." Feb. 17, 2009,A1exander Declaration at 16-17; see also at Exhibit D. Further, the NSA reports: it appears there was never a complete understanding among the key personnel who reviewed the report for the SIGINT Directorate and the Office of General Counsel regarding what each individual meant by the terminology used in the report. Once this initial misunderstanding occurred, the alert list description was never corrected since neither the SIGINT Directorate nor the Office of General Counsel realized there was a misunderstanding.- As a result, NSA never revisited the description of the alert list that was included in the original report to the Court. Feb. 17, 2009 Alexander Declaration at 18. Finally, the NSA reports that "from a technical standpoint, there was no single person who had a complete technical understanding of the BR. PISA. system architecture. This probably also contributed to the inaccurate description of the alert list t1tat'NsA included in its BRFISA reports to the Court." at"19. Regardless of what factors contributed to making these misrepresentations, the Court finds that the government's failure to ensure that responsible officials adequately understood the alert list process, and to accurately report its implementation to the Court, has prevented, "The Court notes that at a hearing held on August 18, 2006, concerning the government's first renewal application (BR 06-08), the NSA's affiant testified as follows: THE COURT: All right. Now additionally, you have cause to be -- well at least I received it yesterday - the first report following the May 24- order, which is a 90-day report, and some 18 pages and I've reviewed that and you affirm that that's the best report or true and accurate to the best of your knowledge and belief. I do, sir. . Transcript of Proceedings before the Hon. Malcolm J. Howard, U.S. FISC Judge, Docket No. BR 06-08, Aug. .18, 2006, at 12. - i 1845 a 1862 PRODUCTION 5 MARCH 2009 m1fis~ for more than two years, both the government and the FISC from taking steps to remedy daily violations of the minimization procedures set forth in FISC orders and clesimied to protect ca-ll detail records pertaining to telephone communications of U.S. persons located within the United States -who are not the subj eet of any FBI investigation and Whose call detail information could not otherwise have been legally captured in bulk. C. Other Non-Compliance Matters Unfortunately. the universe of compliance matters that have_ arisen under the Court' Orders for this business records collection extends beyond the events described above. On October 17, 2008, the government reported to: the FISC. that, after the ISC authorized the NSA to increase the number of authorized to access the BR metadata to 85, the NSA trained those newly authorized on Court-ordered procedures. Sixty--Day Report for Filing in Docket NumberBR 08-08, filed Oct. 17, 2008 at 7. Despite this training, however, the NSA subsequently determined that 3 1. NSA had queried the BR metadata during a five day - period in April 2008 "without being' aware thev were doing so." lc_L (emphasis added). As a I result, the NSA used 2,373 foreign telephone identifiers to query the BR metadata without first determining that the reasonable articulable suspicion standard had been satisfied. hi Upon discovering this problem, the NSA undertook a number of remedial measures, including suspending the 31 access pending additional 'training, and modifying the NSA's tool for accessing the data so that were required specifically to enable access 1846 1862 PRODUCTION 5 MARCH 2009 ~166- TOP the BR metadata and acknowledge such access. at 8. Despite taking these corrective steps, on December II, 2008, the government informed the FISC that one analyst had failed to install the modified access tool and, as a result, inadvertently queried the data using five identifiers for which NSA had not determined that the reasonable articulable suspicion standard 'was satisfied. Notice of Compliance Incident, Docket no. BR 08-08, filed Dec. 211, 2008 at 2; ?e_e I Notice of Compliance Incident Involving Docket Number BR 08'-08, filed Jan. 22, 2009. Then, on January 26, 2009, the government informed the Court that, fi'orn approximately December 10, 2008, to January 23, 2009, two NSA 'had used 280 foreign telephone identifiers to query the BR metadata without determining that the Court' reasonable articulable "suspicion standard had been satisfied. Notice of Compliancelncident, Docket No. BR 08-13, filed January 26, 2009 at 2. It appears that these queries were conducted despite full implementation of the above-referenced sofhvare modifications to the metadata access tool, as well as the NSA's additional training of its .5 And, as noted below with regard to the routine use of the tool fiom May 2006 until February 18, 2009, the NSA continues to uncover examples 'of systemic noncompliance. . In summary, since anuary 15, 2009, it has finally come to light that the FISC's authorizations of this vast collection program have been premised on a flawed depiction of how 4 5On October 17, 2003, the government reported that all but four who no longer required access to the BR rnetadata had completed the additional training and were provided access to the data. Sixty--Day Report -for Filing in Docket Number BR 08-08, filed Oct. 17, 2008 m8nd - TOP SEC i .1 1345 a 1862 PRODUCTION 5 MARcHi2oos TOP the NSA uses BR metadata. This rnisperception by the FISC existed from the inception of its authorized collection in May 2006, buttressed by repeated inaccurate statements made in the government"s submissions, and despite a government-devised and Court-mandated oversight - regime. The minimization procedures proposed by the govemment in each successive application and approved and adopted as binding by the orders of the FISC have been so frequently and systemically violated that it can fairly be said that this critical element of the overall BR regime has never functioned effectively. D. Reassessment of BR Metadataifiluthorization In light of the foregoing, the Court returns to fundamental principles underlying its authorizations. In order to compel the production of tangible things to the government, the Court must find that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation' (other than a threat assessment) to obtainiforeign intelligence information not concerning a U.S. person or to protect against international terrorism or clandestine intelligence activities, provided that such investigation of a US. person is not conducted solely on the basis of activities protected by the First Amendment. 50 U.S.C. 1861. The government's applications have all acknowledged that, of the of call detail records NSA receives per day (currently over per day), the vast majority of individual records that are being sought pertain neither . flee, BR 08-13, Application at 19-20. In other words, TOP SEC 1845 1862 PRODUCTION 5 MARCH 2009 ~188- nearly all of the call detail records collected pertain to communications of non-U.S._ persons who are the subject of an FBI investigation to obtain foreign intelligence information, are communications of US. persons _who are not the subj ect of an FBI investigation to protect against international terrorism or clandestine intelligence activities, and are data that otherwise could not be legally captured in bulk by the 'govemment. Ordinarily, this alone would provide sufficient grounds for a judge to deny the application. . Nevertheless, the FISC has authorized the bulk collection of call detail records this case based upon: (1) the government's explanation, under oath, of how the collection of and access to such data are necessary to analytical methods that are vital to the national security of the United States; and (2) minimization procedures that carefully restrict access to the BR metadata and include specific oversight requirements. Given the Executive responsibility for and expertise in determining how best to protect our national security, and in light of the scale of this bullc collection program, the Court must rely heavily on the government to monitor this program to ensure that it continues to be justified, in the View of those responsible for our national security, and that it is being implemented in a manner that protects the privacy interests of US. persons as required by applicable minimization procedures. To approve such a program, the Court must have every confidence that the government is doing its utmost to ensure that those responsible for implementation fully comply with the Court's orders. The Court no longer has such confidence. 1346 a 1852 aaocucruom 5 MARCH 2009 ~1aa~ ror With regard to the value of the BR. metadata program, the government points to the 275 reports that the NBA has provided to the FBI identifying 2,549 telephone identifiers associated with the targets. Feb. l7, 2009 Alexander Declaration at 42. The government's submission also cites three examples in which the FBI opened three new preliminary investigations of persons in the U.S. based on tips from the BR rnetadata program. 15;, FBI Feedback on Report, Exhibit J. However, the mere commencementof a preliminary investigation, by itself, does not seem particularly significant. Of course, if such an investigation led to the identification of a previously unlcnown terrorist operative in the United States, the Court appreciates that it would be of immense value to the government. In any event, this program has been ongoing for nearly three years. The time has come for the government to describe to the Court hovv, based on the information collected and analyzed during that time, the value of the program to the nation's security justifies the continued collection and retention of massive quantities of US. person information. Turning to the government's implementation of the Court--ordered rninirnization procedures and oversight regime, the Court takes note of the remedial measures being undertaken by the government as described in its recent filings. In particular, the Court welcomes the Director of the NSA's decision to order "end--to-end system engineering and process reviews (technical and operational) of NSA's handling" of BR metadata. Feb. 17, 2009 Alexander Declaration at 21. However, the Court is very disturbed to learn that this ongoing exercise has identified additional violations of the Court's orders, including the routine accessing of BR "1846 1852 PRODUCTION 5 MARCH .2009 -170- FTOP metadata from May 2006 to February 18, 2009, through another NBA analytical tool known as i using telephone identifiers that had not been determined to meet the reasonable articulable suspicion standard. BR 08-13, Notice of Compliance Incident, filed Feb. 26, 2009 26, 2009 Notice"). In its last submission, the government describes technical measures implemented on February 20, 2009, designed to prevent. any recurrences of the particular forms of non- compliance uncovered to date. This "technical safeguard" is intended to prevent "any automated process or subroutine," such as "fiorn accessing the BR FISA data," and to prevent from performing manual chaining[6] on numbers that havenot been marked as RAS approved." _S_e_e Supplemental. Declaration of Lieutenant General Keith B. Alexander, United States Army, Director of NSA, filed Feb. 26, 2009 ("Feb. 26, 2009 Alexander Declaration") at '7 n.2, On the strength of these measures, the governrnent submits thati"the Court need not take any further remedial action." Feb. 26, 2009 Notice at 6. After considering these measures in the A context of the historical record of non-compliance and in View of the Court's authority and responsibility to "cleterrnine [and] enforce compliance" with Court orders and Court--approVed procedures, 50 U.S.C. l803(i), the Court has concluded that firrther action is, in fact, necessary. The record before the Court strongly suggests that, from the inception of this ISA BR 5 In context, ""chaining" appears torefer to the form of querying the BR metadata known. as "contact chaining." _S__ge Declaration at 6. 1845 1862 PRODUCTION 5 MARCH 2009 -171"- TOP SECRET 4 program, the NSA's data accessing technologies and practices were never adequately designed to comply with the governing minimization procedures. From inception, the NSA. employed two separate automated processes -- the daily alert list and the A 'tool -- that routinely involved queries based on telephone. identifiers that were not RAS-approved. flee supra pp. 4-6, 13-14. As for manual queries, the minimization procedures required to use RAS- approved identifiers whenever they accessed BR metadata, yet thousands of violations resulted. from the use of identifiers that had not been RAE-approved by who were not even aware . that they were acce-ssing'BR metadata. flmfi pp.- 9-10. Moreover, it appears that the NSA or at least those persons within the NSA with knowledge of the governing minimization procedures are still in the process of determining how the NSA's own systems and personnel interact with the BR metadata. Under these circumstances,.no one inside or outside of the NSA -can represent with adequate certainty whether the NSA is complying with those procedures. In fact, the government acknowledges that, as of August 2006, "there was no single person who had a complete understanding of the BR FISA system architecture." Feb. 17, 2009 Alexander Declaration at 19. This situation evidently had not been remedied as of February 18, 2009, when personnel determined," only as a result of the "end-to--end review of NSA's technical infrastructure" ordered by the Director of the NSA on January 15, 2009, that the tool accessed the BR metadata on the basis of telephone identifiers that had not been RAS-<>-end review has not been completed. at 10. Nonetheless, the government submits that the technical safeguards implemented on February 20, 2009 "should prevent recurrences"'of the identified forms of non--compliance, id_. at 9 (emphasis added), and ""expect| s| that any further problems NSA personnel may identify with the infrastructure will be historica rather than current, at 10 (emphasis added). However, until this end-to-end review has been completed, the Court sees little reason to believe that the most recent discovery of a systemic, ongoing violation - on Plebmary 18, 2009 - will be the last. Nor does the Court share the government's optimism that technical safeguards implemented to respond to one set of problems will fortuitously be effective against additional problems identified in the future. Moreover, even with regard to the particular forms of non--compliance that have been identified, there is reason to question whether the newly implemented safeguards will be effective. For example, as discussed above, the NSA reported on October 17, 2008, that it had deployed software modifications that would require to specifically enable access to BR metadata when performing manual queries, but these modifications did not prevent hundreds of additional violations by who inadvertently accessed BR metadata through queries using telephone identifiers that had not been RAE'-approved. sunm pp. 9-10; Feb. 26, 2009 Alexander Declaration at 4. The Court additionally notes that, in a matter before another judge of the FISC, lthe mere existence of software solutions was not sufficient to ensure their efficacy: .. 16 1845 1862 PRODUCTION 5 MARCH 2009 $173" a representations to the Court in the August 27, 200 8, hearing did not explicitly account,for the possibility that system configuration errors (such as those discussed in the government's response to question 10 below) might render NSA's overcollection filters ineffective, which was the root cause for some of the non-compliance incidents." Governrnent's Response to the Court's Order of January 16, 2009, answer no. 8 at 13. I "Troubleshooting has since revealed that a software patch that might have prevented the [compliance incident] was not present on the recently deployed selection answer no. 10 at 14. a further determined [in January 2009] that the overcollection filter had not been functioning since this site was activated on July 30, 200d." In light of what appearto-be systemic problems, this Court cannot accept the mere introduction of technological remedies as a demonstration that a problem is solved. More is required-. Thus, notwithstanding the remedial measures undertaken by the government, the Court believes that more is needed to protect the privacy of U.S. person information acquired and retained pursuant to the FISC orders issued in this matter. However, given the government's repeated representations that the collection of the BR metadata is vital to national security, and in light of the Court's prior determinations that, if the program is conducted in compliance with appropriate minimization procedures, such collection conforms with 50 U.S.C. ?186l, the Court concludes it would not be prudent to order that the government' acquisition of the BR metadata cease at this Tag? . 5 .. I 17 1846 1852 PRODUCTION 5 MARCH 2009 time. However, except as authorized below, the Court will not permit the government to access the data collected until such time" as the government is able to restore the Court's confidence that the government can and will comply with previously approved procedures for accessing such data. I created Accordingly, it is I-IEREBY ORDERED: 1. The NSA may continue to acquire all call detail records of "telephony metadata" accordance with the orders entered in the above- captioned docket on December 12, 2008; 2. The government is hereby prohibited fi*on1 accessing BR metadata acquired pursuant to orders in the above-captioned docket its predecessors for any purpose except as described herein. The data may be accessed for the purpose of ensuring data integrity and compliance with the Court's orders. Except as provided in paragraph 3; access to the BR - metadata shall be limited to the team of NSA data integrity described in footnote 5 of the ;Declaration, and individuals directly involved in developing and testing any technological measures designed to enable the to comply with previously approved procedures for accessing such data; 3. The government may request through a motion that the Court authorize querying of the BR metadata for purposes of obtaining foreign intelligence on a case-by--case basis. However, if the government determines that immediate access is necessary to protect against an imminent threat to human life, the government may access the BR metadata for suchlpurpose. In 1845 R: 1862 5 MARCH '?flfl.Cl ror tr a each such case falling under this latter category, the government shall nofify the Court of the access, in writing, no later than 5:00 Eastern Time on the next business day after such access. Any submission to the Court under this paragraph shall, at a minimum, specify the telephone identifier for which access is sought or was granted, provide the factual basis for the NSA's determination that the reasonable articulable suspicion standard has been met with regard to that identifier, and, if the access has alreadytalcen place, a statement of the immediate threat necessitating such access; 4. Upon completion of the goiremmentis end-to-end system engineering and process reviews, the governrnent shall file a report with the Court, that shall, at a minimum, include: a. an affidavit by the Director of the FBI, and affidavits by any other offi cial responsible for national security that the government deems appropriate, describing the value of the BR metadata to the national security of the United States and certifying thatithe tangible things sought are relevant to an authorized investigation (other than a threat assessment) to obtain foreign intelligence information not concerning a US. person or to protect against international terrorism or clandestine intelligence activities, and that such investigation of a U.S. person is not conducted solely on the basis of activities protected by the First Amendment; b. a description of the results of the NSA's end-to-end system engineering and process reviews, including any additional instances of non-compliance identified therefrom; "rap ososrv//Ivm .- - 1 .19 1846 1862 PRODUCTION 5 MARCH 2009 -175- c. a full discussion of the steps taken to remedy any additional non-compliance as well as the incidents described herein, and an afidavit attesting that any technological remedies have been tested and demonstrated to be successful; and d. the minimization and oversight procedures the government proposes to employ should the Court decide to authorize the government's resumption of regular access to the BR metadata. IT IS SO ORDERED, this 2nd day of March, 2009. W.) Rn/odrss. WALTON Judge, United States Foreign Intelligence Surveillance Court' TSP SECRE 1846 1862 PRODUCTION 5 MARCH 2009