At the Moment NSA Shut Down the PRTT Metadata Dragnet, FISC Permitted It to Query Upstream Metadata

In this post, I showed in really weedy inaccessible language how NSA started changing the vocabulary it uses to refer to the access to and manipulation of data in 2011. Before, almost everything used the word “processing” when what it meant was to connote “handling” according to minimization procedures. Now that “processing” is only used for special instances, I believe it serves as a kind of realm of plausible deniability in minimization procedures during which period, because the data is unintelligible, the rules obviously can’t apply.

In this post, I want to look at another change that occurred in the 2011 to 2012 transition: FISC permitted NSA to do back door searches of metadata collected under 702 upstream. It did so at precisely the moment — November to December 2011 — when NSA shut down the PRTT Internet dragnet.

In the set of minimization procedures released in 2013, this paragraph on page 6 is redacted entirely.

That passage became public in 2015, when I Con the Record released the 2014 minimization procedures.

Notwithstanding subsection 3(b)(4)b. above, NSA may use metadata extracted from Internet transactions acquired on or after October 31, 2011, that are not identified and segregated pursuant to subsection 3(b)(4)a. without first assessing whether the metadata was extracted from: a) a discrete communication as to which the sender and all intended recipients are located in the United States; or b) a discrete communication to, from, or about a tasked selector. Any metadata extracted from Internet transactions that are not identified and segregated pursuant to subsection 3(b)(4)a. above will be handled in accordance with the applicable provisions of these procedures. Any metadata extracted from an Internet transaction subsequently determined to contain a discrete communication as to which the sender and all intended recipients are reasonably believed to be located inside the United States shall be destroyed upon recognition.

The September, 20 2012 opinion re-released publicly last week revealed the discussion that remains redacted in the November 30, 2011 opinion and was redacted in the original release of the 2012 one. Starting with that November 30, 2011 opinion, FISC permitted NSA to pull the metadata off of all the upstream collection that wasn’t most likely to include entirely domestic MCT communications and do back door searches (which it had just approved for the first time on October 3, 2011) on it.

Another change to Section 3(b) of the NSA minimization procedures involves metadata. The procedures approved by the Court in the November 30, 2011 Memorandum Opinion contain a provision allowing NSA to copy metadata from Internet transactions that are not subject to segregation pursuant to Section 3(b) without first complying with the other rules for handling non-segregated transactions – i.e., without ruling out that the metadata pertained to a discrete wholly domestic communication or to a discrete non-target communication to or from a U.S. person or a person inside the United States. See Nov. 30, 2011 Mem. Op. at 15-20. Metadata
copied pursuant to this provision must be handled in accordance with the other provisions of the procedures. Id. at 16. Furthermore, in the event that NSA later identifies an Internet transaction as containing a wholly domestic communication, any metadata that has been extracted from that transaction must be destroyed. Id.

The amended procedures retain this provision, but now expressly limit it to Internet transactions acquired on or after October 31, 2011. Amended NSA Minimization Procedures at6 (§ 3(b)(4)(b)(4)). This date change accounts for the fact that, as discussed above, NSA’s upstream acquisitions before that date have been subject to an earlier set of minimization procedures that did not provide for the extraction and use of metadata by NSA. See Nov. 30,2011 Mem. Op. at 20-21. The addition of the date makes clear that although the amended NSA minimization procedures now generally apply to Section 702 information acquired by NSA underall certifications, this metadata provision continues to apply only to information acquired under the 2011 and 2012 certifications. Because this amendment serves only to preserve the status quo with respect to metadata, it presents no issue under Section 1801(h).

Along with the documents released last week, ACLU obtained four different versions of guidance for back door searches:

  • An undated one from the CIA that post-dates the PCLOB 702 report (because it references the report). It’s mostly redacted, and is most interesting for the two redacted purposes that qualify a query as a foreign intelligence query (I suspect they relate to leaks and either proliferation and/or hackers).
  • An undated “USP Queries within FAA 702 PRISM and Telephony Content Collection.” It is undated, but it was cleared for release on May 22, 2012 (perhaps as part of the last reauthorization effort). It breaks these back door searches into three categories/approval processes:
    • Identifiers approved for other kinds of querying, whether under traditional FISA or RAS approval from the now-defunct Section 215 phone dragnet program.
    • Identifiers approved under 704/705b (overseas targeting), US persons held captive, or some other emergency. (Remember that in 2013 Dianne Feinstein pretended the last category was the only one they used back door searches for.)
    • Other identifiers, for which the NSA would set its own duration for permissible querying and describe its own reason for approving the query.
  • An undated “Emergency USP Content Queries within FAA 702 PRISM and Telephony Content Collection.” Given that this is completely undated, it’s not entirely clear whether this is an amendment to the one released in 2012, but the procedures seem to be consistent with what was required under that.
  • A “USP Queries of Communications Metadata Derived from FAA [redacted] and Telephony Collection.” The file name of the document shows it was originally dated December 16, 2011, and was revised August 19, 2013. Footnote 2 in the document explains that “communications metadata” will be “the same as the description of ‘metadata’ provided in the response to question 9 within the Government’s Responses to FISC Questions re: Amended 2011 Section 702 Certification, filed on November 15, 2011, pages 3-8. Given the date, these guidelines seem to lay out the implementation of (at a minimum) the queries on metadata from upstream 702. I would guess the redaction says something like, “PRISM or SCT” or “non-MCT upstream.”

I’ll have more to say about the last document in a follow-up post, as it seems to explain what the NSA accomplished by transferring its PRTT Internet dragnet partly to upstream metadata queries.

2 replies
  1. SpaceLifeForm says:


    Hacker Fantastic @hackerfantastic

    Security sat on a wall.
    Security had a great fall.
    All the king’s horses,
    And all the king’s men,
    Couldn’t get Security back together again.

Comments are closed.