Documents
Metadata Policy Conference (2008)
Aug. 25, 2014
NSA: for the foreseeable future. was has separate definitions of what
constitutes content based on EU 12333 and FISNPAA collection. PISA considers
communications data to be part of the content of the communication, hence FISA has
no separate concept of metadata. All discussions at the conference were therefore
focused on "standard" collection under the authorityr of ED 12333.
3. There is a constitutional expectation of privacy within the US. Fer
communications data this is harder to quantify than fer content. New procedures will
permit a differentiation between content and communications data allowing fer far
greater data usage and advancing ether related changes. A tension remains
bebveen the desires to minimise shared data containing US identifiers. and engaging
more openly to supportthe foreign mission.
3. It is harder to define what constitutes a US identifier with DNI data - where unclear
it is treated as US. MBA is moving from minimised records within their databases to
minimising identifiers within reports. Sharing unmasked US identifiers with second
party SIGINT partners will be easier than with some US domestic partners.
it]. All: All SIGINT agencies seek to protect their equities. especially relating to
Special Source Exploitation
11.3pecial categories ofdata were considered in the contest of their potential to
contribute to pattern of life analysis. An increasing amount of new data types are
available to SIGINT agencies. some proving difficult to categorise as either content or
communications data. The conference agreed to step back from trying to categorise
the data and simply to focus on what is shareable in bulk.
Comment Page: 3
12. L'Jonsideration was given as to whether any types of data were prohibited, fer lawn "mils"-
esample medical= lggl= religiogs or restricted business information, which may be
regarded as an intrusion of privacy. Given the nascent state of many of these data
types then no. or limited. precedents have been set with respect to proportionality or
propriety, or whether different legal considerations applies to the "ownership" ofthis
data compared with the communications data thatwe were more accustomed to
handle. It was agreed that the conference should not seekto set any automatic
limitations. but any such difficultcases would have to be considered by "owning"
agency on a case-by-case basis.
(comment: NBA normally considers any taroet data {pattern of life or other} that can
be characterized as ?foreign intelligence? as proper for collection. analysis and
production.
NSA: for the foreseeable future. was has separate definitions of what
constitutes content based on EU 12333 and FISNPAA collection. PISA considers
communications data to be part of the content of the communication, hence FISA has
no separate concept of metadata. All discussions at the conference were therefore
focused on "standard" collection under the authorityr of ED 12333.
3. There is a constitutional expectation of privacy within the US. Fer
communications data this is harder to quantify than fer content. New procedures will
permit a differentiation between content and communications data allowing fer far
greater data usage and advancing ether related changes. A tension remains
bebveen the desires to minimise shared data containing US identifiers. and engaging
more openly to supportthe foreign mission.
3. It is harder to define what constitutes a US identifier with DNI data - where unclear
it is treated as US. MBA is moving from minimised records within their databases to
minimising identifiers within reports. Sharing unmasked US identifiers with second
party SIGINT partners will be easier than with some US domestic partners.
it]. All: All SIGINT agencies seek to protect their equities. especially relating to
Special Source Exploitation
11.3pecial categories ofdata were considered in the contest of their potential to
contribute to pattern of life analysis. An increasing amount of new data types are
available to SIGINT agencies. some proving difficult to categorise as either content or
communications data. The conference agreed to step back from trying to categorise
the data and simply to focus on what is shareable in bulk.
Comment Page: 3
12. L'Jonsideration was given as to whether any types of data were prohibited, fer lawn "mils"-
esample medical= lggl= religiogs or restricted business information, which may be
regarded as an intrusion of privacy. Given the nascent state of many of these data
types then no. or limited. precedents have been set with respect to proportionality or
propriety, or whether different legal considerations applies to the "ownership" ofthis
data compared with the communications data thatwe were more accustomed to
handle. It was agreed that the conference should not seekto set any automatic
limitations. but any such difficultcases would have to be considered by "owning"
agency on a case-by-case basis.
(comment: NBA normally considers any taroet data {pattern of life or other} that can
be characterized as ?foreign intelligence? as proper for collection. analysis and
production.
35. ?still a pilot. this proyides minimised data to Sigint-cleared
and appropriately trained across the US Intelligence community. Second
Party deriyed data is currently net made available to US Intelligence Community
{although GCSE has agreed that theier Etle
metadata may be shared}. but such data would be yalued. In the hope that such
agreement will be forthcoming, NBA has persuaded ether US ?agencies to make
almost 100 bn preyiously records shareable with the 5-eyes yia GLUEIAL
READH. is treated as though with only DNFI records and fields shown to
ly'laking DNI ayailable through ICREAGH is currently restrigteg due to
limited automated {general counsel approyed} methods topreyented?by?lel??s?pelisyen
minimize Ell-ll metadataatiee.
36. 'Deconfliction' is not formalised through ICREACH. Query records can potentiallyr
be used to alert that other are looking at the same data.
Deconflicting operations remains a tough challenge reguiring increased coordination
of operations and collaboration.
3?.There is interest in the relationship bebyeen the implementation of {a
U3. UNI initiatiye to link all LLS. IG to common tools} and sharable
databases and allow for greater collaboration} and IGREAGH inasmuch as it may
affect Second Parties? internal procedures and access issues with domestic
agencies.
33. ENSCIDE: This is a specific method of groyigimsharing uniminimized
SIGINT data to fee if had collected it itself} in support ofthe latter's
operational missiongeanddgata from Second Parties is shared with BIA in
accordance with special agreementsbetwe_en NSA and eagh sEong
39. GCHD are employing methods and For military SIGINT needs GGHD
uses races1 to reach back to UK and repositories. The military's work
within the ambit of the National SIGINT Drganisation comes under the authority of
GCHD.
4D. NSA shares US SIGINT data with all US SIGINT elements that operate under
operational controlageecies. With Second there is an initial
minimisation of the data when gossible; howeyer all segom games hgye agreeg to
abide by US. minimization criteria; Efor US intelligence agencies NSA mustdeere?is
fastener: minimigsing-ef the data, before sharing and for other US agencies {such as
law enforcement} A onl royi er i ?technical su ort? mission.
all such data is minimized before
restricted data set.}
Comment Page: 6 I
The was In statement but no:
mined at the time.
35. ?still a pilot. this proyides minimised data to Sigint-cleared
and appropriately trained across the US Intelligence community. Second
Party deriyed data is currently net made available to US Intelligence Community
{although GCSE has agreed that theier Etle
metadata may be shared}. but such data would be yalued. In the hope that such
agreement will be forthcoming, NBA has persuaded ether US ?agencies to make
almost 100 bn preyiously records shareable with the 5-eyes yia GLUEIAL
READH. is treated as though with only DNFI records and fields shown to
ly'laking DNI ayailable through ICREAGH is currently restrigteg due to
limited automated {general counsel approyed} methods topreyented?by?lel??s?pelisyen
minimize Ell-ll metadataatiee.
36. 'Deconfliction' is not formalised through ICREACH. Query records can potentiallyr
be used to alert that other are looking at the same data.
Deconflicting operations remains a tough challenge reguiring increased coordination
of operations and collaboration.
3?.There is interest in the relationship bebyeen the implementation of {a
U3. UNI initiatiye to link all LLS. IG to common tools} and sharable
databases and allow for greater collaboration} and IGREAGH inasmuch as it may
affect Second Parties? internal procedures and access issues with domestic
agencies.
33. ENSCIDE: This is a specific method of groyigimsharing uniminimized
SIGINT data to fee if had collected it itself} in support ofthe latter's
operational missiongeanddgata from Second Parties is shared with BIA in
accordance with special agreementsbetwe_en NSA and eagh sEong
39. GCHD are employing methods and For military SIGINT needs GGHD
uses races1 to reach back to UK and repositories. The military's work
within the ambit of the National SIGINT Drganisation comes under the authority of
GCHD.
4D. NSA shares US SIGINT data with all US SIGINT elements that operate under
operational controlageecies. With Second there is an initial
minimisation of the data when gossible; howeyer all segom games hgye agreeg to
abide by US. minimization criteria; Efor US intelligence agencies NSA mustdeere?is
fastener: minimigsing-ef the data, before sharing and for other US agencies {such as
law enforcement} A onl royi er i ?technical su ort? mission.
all such data is minimized before
restricted data set.}
Comment Page: 6 I
The was In statement but no:
mined at the time.