What Queries of Metadata Derived from Upstream Data Might Include

In this post, I explained that at virtually the exact moment the NSA shut down the PRTT dragnet in 2011, FISC permitted it to start querying metadata derived from upstream collection. After that happened, it started distinguishing between data that was “handled” according to minimization procedures and data that was “processed” before being intelligible.

In this post, I want to talk about what we can learn about metadata derived from FAA 702 from the opinion that authorized it and this document which based on the date, I assume pertains at least to upstream 702 derived metadata (from which the two kinds of MCTs most likely to include domestic communications would be excluded).

First, assuming that this querying document does include upstream, then it means that entirely domestic communications might be included in the querying. The opinion allows,

NSA to copy metadata from Internet transactions that are not subject tosegregation pursuant to Section 3(b) without first complying with the other rules for handlingnon-segregated transactions – i.e., without ruling out that the metadata pertained to a discretewholly domestic communication or to a discrete non-target communication to or from a U.S.person or a person inside the United States.

This means that after the data comes in to NSA and the two types of metadata most likely to include domestic MCTs are segregated, it can be made available to metadata analysis. The NSA prevented queries of segregated data via technical means.

NSA’s technical implementation will ensure that USP metadata queries of FAA 702 collection will only run against communications metadata derived from FAA 702 [redacted] and telephony collection.

The document stated that “NSA’s Technical Directorate (TD) continues to work to implement this requirement.” It’s not clear whether that language dates to December 16, 2011, when it was first written, or to August 19, 2013, when it was most recently revised.

Yet even assuming that technical protection occurred, there would still be Americans in the pool. According to John Bates’ estimate from the same year, there might be 46,000 domestic communications in there that ended up in the batch because the domestic communication that made mention of targeted selector transited internationally, which led them to get caught in filters supposedly targeted at international traffic.

The opinion mandates that, if after doing the analysis, the analyst realizes she has a completely domestic communication, she has to destroy it (though that requirement would get softer the next year). But a footnote also reveals that the means of determining if a selector was American was not failsafe.

NSA will rely on an algorithm and/or a business rule to identify queries of communications metadata derived from the FAA 702 [redacted] and telephony collection that start with a United States person identifier. Neither method will identify those queries that start with a United States person identifier with 100 percent accuracy.

Moreover, in an apparent bid to have this querying process interact relatively seamlessly with Special Procedures Communications Metadata Analysis (SPCMA — a way to query EO 12333 metadata incorporating US person identifiers), the standards were lackadaisical. As with SPCMA, an analyst had to come up with a foreign intelligence justification, but that’s just a “memory aid” in case the analyst gets questioned about it “long after the fact” in a fact check. Analysts don’t have to seek approval before they use a particular selector to query and they’re not required to attach any supporting documentation for their justification (this was in 2013, so requirements may be stronger in the wake of the PCLOB report). And SPCMA training is considered adequate to query metadata derived from 702.

In other words (again, assuming this pertains to upstream querying), there are several risks: that US person data will get thrown in the mix, that it won’t get identified by an algorithm as such, and so that that query result will lead to further spying on a US person without getting destroyed.

Still, as made clear, the alternative is SPCMA, which offers even fewer protections than 702 querying.

One more thought: the NSA report on the aftermath of Bates’ upstream decision (and the implementation of the 2012 certificates) revealed the PRISM providers incurred cost with the transition between certificates. It’s actually quite possible that the upstream metadata queries would come to constitute a critical part of the targeting process, effectively identifying what Goole or Yahoo content might be of interest at the metadata stage, only then to submit that to the provider for the content. If that’s true, it would be somewhat easy to end up targeting a US person for content collection via such upstream searches (though that presumably would be captured in the post-targeting process).

2 replies
  1. SpaceLifeForm says:

    Loopholes 101.

    Under ‘this program’ or ‘that program’, or any other ‘program’, (it’s a shell game), there is really no reason to believe that anything has really changed or will change.

    “NSA’s Technical Directorate (TD) continues to work to implement this requirement.”

    And they can ‘continue to work’ on it as long as they want. Not just a ‘slow walk’, but never really doing anything except to continue to say that they are ‘working on it’. Who is really ever going to know for sure or not? Certainly not the Gang of Eight.

    The effort that may be put into the systems would more likely be to make the analysts job easier, not to protect privacy.

  2. SpaceLifeForm says:

    Funny numbers. Actually, they are not just ‘funny numbers’, they are complete BS, made from whole cloth. And 42 is the answer to everything.


    The National Security Agency vacuumed up more than 151 million records about Americans’ phone calls in 2016 via a new system that Congress created to end the agency’s once-secret program that collected Americans’ domestic calling records in bulk, a new report disclosed on Tuesday.

    The report, an annual surveillance review published by the Office of the Director of National Intelligence, offered the first glimpse of how the new system, created by the USA Freedom Act of 2015, is working. It showed that the agency was still gathering a large number of calling records under the replacement system.

    The N.S.A. took in the 151 million records despite obtaining court orders to use that system on only 42 terrorism suspects in 2016, along with a few left over from late 2015, the report said. The volume of records was apparently a product of not only the exponential math involved in gathering years of phone records from every caller a step away from each suspect, but also because of duplication: A single phone call logged by two companies counted as two records.

    [Pure BS. Even if two telcos involved,that is “only 75 million calls, spread over 42 suspects
    ? Riiight. Complete BS. You are now talking about nearly 2mil calls per suspect per year.
    5 thousand plus calls a day? Sheesh, you do not any anti-terrorist work at all, just keep them tied up on the phone!]

Comments are closed.