dChan
Anonymous ID: d48bd5 Aug. 31, 2018, 2:54 p.m. No.2822348   🗄️.is 🔗kun   >>2399 >>2529

(lb)

 

>>2822254

NOTE: brief excerpts provided, much more at link below.

 

Foreign Intelligence Surveillance Court Approves New Targeting and Minimization Procedures: A Summary

 

https://www.lawfareblog.com/foreign-intelligence-surveillance-court-approves-new-targeting-and-minimization-procedures-summary

 

FTA:

The court points out that upstream Internet collection comprises only about 9 percent of the NSA’s Internet collection, yet it presents the most legal challenges due to the presence of multiple communication transactions (MCTs). MCTs are communications that might take the form of multiple e-mail or other Internet messages—such as an email inbox—that are transmitted together as one bundled package.

 

One particular scenario poses specific legal challenges: In upstream surveillance, domestic email messages sent by U.S. persons may be collected because the “tasked selector” (an email or phone number of foreign intelligence value) was merely mentioned in an email or other electronic communication. This is known as “about” collection, because the target is neither the sender or recipient of the communication, but instead was mentioned within the communication itself. Due to the frequency with which U.S. communications are collected this way, a “complicated set of minimization rules was adopted for handling different types of MCTs,” to mitigate the legal concerns.

 

However, in 2011, FISC found these minimization procedures to be deficient, prompting the government to include a “sequestration regime for more problematic categories of MCTs,” and limit retention of U.S. person information to a two-year period. Most importantly, NSA analysts were prohibited from using “known U.S.-person identifiers” to search through upstream collection results. Largely based on the above changes, the FISC approved the procedures.

 

NSA Targeting and Minimization Procedures

The court welcomed the revised NSA’s targeting procedures, which, it noted, abandoned so-called “‘abouts’ collection.” (As mentioned above, “‘abouts’ collection” [sic] was of particular concern since it meant that “upstream Internet collection was ‘more likely than other forms of Section 702 collection to contain information of or concerning United States persons with no foreign intelligence value.’”) But the amended targeting procedures avoid these concerns by restricting acquisitions “to communications to or from persons targeted in accordance with [the] procedures.”

 

Additionally, the revised minimization procedures require “that Internet transactions acquired after March 17, 2017, that are not to or from a person targeted” be destroyed, and that their acquisition be reported to the court “as an incident of non-compliance.” Moreover, the new minimization procedures take what the court calls an “‘all-or-nothing’ approach” to MCTs: Should the NSA determine that any discrete communication within an MCT is from a domestic sender to solely domestic recipients, the NSA will destroy the entire MCT, unless the Director of the NSA “makes the required waiver determination for each and every domestic communication contained in the MCT.”

 

However, the amended minimization procedures would allow analysts to query upstream data for U.S. person identifiers, subject to the standard 702 query requirements/determinations, and with records of such determinations. Because the data against which such queries could be run is now more limited, the court was “satisfied that queries using U.S.-person identifiers may now be permitted.” The court concluded that, based on the totality of the circumstances, the NSA targeting procedures meet the requirements of § 1881a(d)(1).

 

NCTC “Raw Take” Sharing

On September 26, 2016, the government proposed that, “for the first time,” the NCTC be allowed to access certain “unminimized information acquired by NSA and FBI.” The court approved this access, noting that the information NCTC will receive is “subject to the same limitations as the CIA (no upstream Internet collection and no telephony)." Historically, NCTC’s access had been limited to minimized Section 702 information residing in FBI’s “general indices and relating to certain categories of investigations concerning international terrorism.”

 

But the court noted that it had “recognized NCTC’s role as the government’s primary organization for analyzing and integrating all intelligence pertaining to international terrorism and counterterrorism,” each time it had previously authorized sharing FISA-acquired information with NCTC. And the rationales that had justified those authorizations “appl[y] with equal force” here. Specifically, the court concluded that—given the volume of information at issue and the time pressure inherent in terrorism investigations—“access to raw Section 702-acquired information will enhance NCTC's ability to perform its distinct mission.”

Anonymous ID: d48bd5 Aug. 31, 2018, 2:59 p.m. No.2822399   🗄️.is 🔗kun   >>2633

>>2822348

>>2822254 (lb)

 

FISA Section 702: What It Is & How It Works

 

https://cdt.org/insight/section-702-what-it-is-how-it-works/

 

FTA

What Is It? Section 702 of the Foreign Intelligence Surveillance Act (FISA) is a statute that authorizes the collection, use, and dissemination of electronic communications content stored by U.S. internet service providers (such as Google, Facebook, and Microsoft) or traveling across the internet’s “backbone” (with the compelled assistance of U.S. telecom providers such as AT&T and Verizon). Section 702 sunsets on December 31, 2017.

 

Are There Any Restrictions? Unlike “traditional” FISA surveillance, Section 702 does not require that the surveillance target be a suspected terrorist, spy, or other agent of a foreign power. Section 702 only requires that the targets be non-U.S. persons located abroad, and that a “significant purpose” of the surveillance be to obtain “foreign intelligence information” (the primary purpose of the surveillance can be something else entirely).

 

How Does Section 702 Work?

 

1) Certification: On an annual basis, the Attorney General and Director of National Intelligence make “certifications” authorizing 702 surveillance programs and submit these certifications to the Foreign Intelligence Surveillance Court (FISC) for approval. These certifications 1) identify categories of foreign intelligence information to be gathered, 2) contain Targeting Procedures and the Minimization Procedures approved by the AG that are meant to ensure 702 acquisition is limited to non-U.S. persons abroad, 3) attest that the targeting and minimization procedures and additional guidelines adopted to ensure compliance are consistent with the Fourth Amendment, 4) attest that a “significant purpose” of the program is to obtain foreign intelligence information, 5) attest that the program uses a U.S. electronic communications service provider, and 6) attest that the program complies with the limitations spelled out by the statute.

 

If all the certification elements are present and the minimum requirements of the targeting and minimization procedures are met, the FISC must approve the 702 surveillance program. The FISC plays no role in making the actual targeting decisions (such decisions are made by the NSA, with “nominations” from the CIA and FBI).

2) Acquisition: There are currently two known forms of 702 collection:

 

PRISM collection: the government collects all communications content to or from a targeted selector (such as an email address) directly from U.S.-based electronic communications service providers (such as Apple or Google). The NSA receives all raw (unminimized) PRISM-collected information and may also send such raw data to the CIA and FBI.

Upstream collection: the government collects all internet transactions that contain communications to, from, or “about” a targeted selector as the transactions flow through network gateways controlled by U.S.-based providers. Only the NSA may receive raw Upstream-collected information, but it may send such information to the CIA and FBI once it has gone through the NSA’s minimization process.

3) Querying and Use in Criminal Cases:

 

Querying 702 Information in Government Databases: The NSA, CIA, and FBI are permitted to query 702-acquired information by using a variety of search terms. Each individual agency’s own minimization procedures limit the search terms that analysts can use. However, it is unclear how these policies are enforced.

The Backdoor Search Loophole: The NSA, CIA, and FBI are all permitted to search 702-acquired information with U.S. person identifiers (such as names or addresses). Critics have dubbed this the “backdoor search” loophole, because it enables the government to obtain information that would have otherwise required a warrant. Today, the NSA and CIA can only query 702-gathered information with a U.S. person identifier after creating a “statement of facts showing that a query is reasonably likely to return foreign intelligence information.” However, this restriction does not apply to the FBI.

Use in Criminal Court: 702-acquired information may be used as evidence against U.S. persons in criminal court for certain broad categories of “serious crimes.” For investigations that do not fall into one of those categories, there is no restriction on using 702-acquired information to obtain other evidence that can be used in court. The use of information gathered under 702 without a warrant against U.S. persons creates an end-run around the Fourth Amendment, which requires a probable cause finding by an independent body.