Two months ago, we ran a post explaining the NSA's minimization procedures based on a copy of the procedures (dating from June 2009) that had been leaked to the Guardian. In light of the mass declassification that occurred this week, however, we now have access to a more recent version of the minimization procedures (dating from October 2011). The new procedures remain largely the same from the 2009 version to the 2011 one---much of the language is verbatim the same. There are a few changes, however, that are important and deserve to be noted. In particular, the procedures were revised to satisfy the FISA Court's concerns about multi-communications transactions; indeed, these revisions were the big part that gave Judge Bates sufficient comfort so as to allow him ultimately to grant the government's move for recertification.
Accordingly, we've taken the text of the post from two months ago and updated it to reflect the guidance offered by the 2011 procedures, taking care to point out any particularly important changes.
The law requires that collection under Section 702 be subject to court-approved minimization requirements---that is, requirements that the agency not retain or disseminate material it inadvertently sweeps up that it is not allowed to collect. All bulk collection necessarily sweeps more broadly than legitimate foreign intelligence against legitimate targets, so the intelligence community has long used minimization as a way of limiting itself post-acquisition to those materials that fall legitimately within its purview. The 2011 version, in contrast to the 2009 version, carefully notes that these materials include Internet transactions acquired through the NSA's upstream collection techniques, regardless of whether the transactions include a single discrete communications or multiple discrete communications.
The minimization requirements under Section 702 require personnel to "destroy inadvertently acquired communications of or concerning a United States person at the earliest practicable point in the processing cycle at which such communication can be identified" if it "does not contain foreign intelligence information" or "evidence of a crime." All such material acquired on U.S. persons must be destroyed within five years from the expiration date of the certification authorizing the collection. Reflecting the government's efforts to satisfy Judge Bates, however, there is exception to this five-year rule for Internet transactions, which must be destroyed after two years.
As communications get reviewed, analysts have to assess whether they pertain to a legitimate target and contain foreign intelligence information or evidence of a crime. Only those that do "may be processed." Communications that do not meet the standard for retention and that contain U.S. person information "will be destroyed upon recognition, and may be retained no longer than five years in any event" (again, with a two year limit for Internet transactions). Communications that were the result of targeting of someone who was reasonably believed to be overseas but is, in fact, located domestically "will be treated as domestic communications. . . ."
The 2011 procedures add some separate minimization rules for the processing of Internet transactions acquired through the NSA's upstream collection. After acquiring the transactions, the NSA must reasonably identify and segregate those transactions that may contain multiple communications and that were either sent or received by a person located in the United States, or whose location is unknown. These transactions are then placed in an "access-controlled repository" where they can be further analyzed by trained NSA analysts. Any segregated transactions may not be used until an analyst confirms that they do not contain a discrete communication where "the sender and all intended recipients are reasonably believed to be located in the United States." If the NSA does run across any transactions that contain such a communication, that transaction must be destroyed.
For those Internet transactions that are not segregated, the NSA must run an additional check before using any discrete communications within a transaction: it must assess whether the communication "1) is a communication as to which the sender and all intended recipients are located in the United States; and 2) is to, from, or about a tasked selector, or otherwise contains foreign intelligence information."
The section on Internet transaction processing then concludes with a redacted paragraph.
Regardless of where they are found, all domestic communications "will be promptly destroyed upon recognition unless the Director . . . of NSA specifically determines, in writing," that the communication is legitimate foreign intelligence, contains evidence of a crime, contains "technical data base information . . . or information necessary to understand or assess a communications security vulnerability," or contains information "pertaining to a threat of serious harm to life or property." The NSA is allowed, if a domestic communication suggests that a legitimate target has entered the United States, to alert the FBI, and when domestic communications indicate evidence of a crime, it is allowed to give that information "to appropriate Federal law enforcement authorities. . . ."
Meanwhile, foreign communications involving U.S. persons can be retained and used only if necessary for the maintenance of technical databases, if it involves evidence of a crime, "if the identity of the United States person is deleted and a generic term or symbol is substituted," if the U.S. person has consented, or in certain other situations: if the U.S. person is meaningfully tied to a foreign power, if "the identity of the United States person is necessary to understand foreign intelligence information or assess its importance," of if the person may be "engaging in international terrorist activities," for example.
The minimization procedures contemplate emergency deviations in exigent circumstances, and they require that these be reported to the Justice Department and the ODNI.
Finally, an interesting question raised by one other change from the 2009 version of the minimization procedures to the 2011 one. A paragraph has been inserted in the first section ("Applicability and Scope") that clarifies what the terms "NSA" and "NSA personnel" actually encompass; those terms refer to "any employees of the National Security Agency/Central Security Service . . . and any other personnel engaged in Signals Intelligence (SIGINT) operations authorized pursuant to section 702 of the Act if such operations are executed under the direction, authority, or control of the Director, NSA/Chief, CSS (DIRNSA)." Was the paragraph included in order to expand the scope of the procedures--and encompass someone or some group who was previously not included--or inserted instead to circumscribe the scope of the procedures and exclude someone or some group from being covered? Or is the paragraph just added clarification without real legal import?