FAA702 Comms memo
Jun. 25 2018 — 11:56a.m.
TOP SECRET//COMINT//NOFORN (U//FOUO) Changes to Handling of FAA-702 Collection From: Teresa H. Shea, SIGINT Director WHO (U//FOUO) This message applies to all personnel and managers of personnel who access FISA Amendments Act (FAA) 702 collection; all analysts, collection managers, dataflow managers, database administrators, etc. who work with FAA-702 data; and all intelligence oversight officers and compliance leads across the Extended Enterprise. PURPOSE (U//FOUO) This message is intended to make you aware of recent developments in NSA’s actions to manage the acquisition of FAA-702 collection; some changes we are making to our internal processes and tools in the handling and use of this data; and actions you will be required to take. RECENT DEVELOPMENTS (TS//SI//NF) FAA-702 data is acquired in two ways, directly from Internet Service Providers (PRISM) and from SSO passive sensors (upstream collection). Analysts submitting FAA-702 tasking can choose to task PRISM, upstream or both for any of their selectors. NSA has the authority to acquire communications to, from or about tasked selectors from FAA-702 collection. (TS//SI//NF) When NSA is collecting certain internet transactions in upstream collection containing tasked selectors, NSA might also be acquiring information that is NOT to, from or about tasked selectors in that collection. There are numerous internet communication activities using protocols that may include multiple communications in a single transaction. Currently our collection systems cannot break apart these multiple communications transactions (MCT). Additionally, there are certain protocols in use for which NSA is not able to distinguish a transaction which contains only a single communication from an MCT. One example of this is when a user of a webmail service accesses her inbox; if the inbox contains one email message that contains an NSA tasked selector, NSA will acquire a copy of the entire inbox, not just the individual email message that contains the tasked selector. (TS//SI//NF) The FISA Court (FISC) has expressed concern over continued use of those portions of the transactions in the upstream acquisition that are non-targeted, i.e. are not to, from or about the tasked selector. For NSA to continue to acquire FAA-702 upstream collection, NSA has agreed to implement new processes and requirements regarding the handling and use of this collection. It is important to note that these new processes only affect the upstream collection; there will be no change to handling and use of PRISM collection. NSA has two options; either turn off the acquisition of ALL upstream Derived From: NSA/CSSM 1-52 Dated: 20070108 Declassify On: 20360701 TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN collection; or put protections, i.e. usage caveats, on portions of the upstream collection that are under review. NSA leadership chose the latter rather than risk not having access to all the collection authorized for the execution of our mission. It is critical that you follow the guidance provided and implement these protections; if we do not, NSA’s ability to continue to acquire upstream collection is at risk. CHANGES TO INTERNAL PROCESSES (TS//SI//NF) NSA is implementing several steps to add protections to the use of this data; these steps will be taken over the next several days: 1. Add a cautionary banner to the content viewers/presenters of FAA-702 data for those data objects that either include or are not distinguishable from a multiple communications transaction (MCT). The banner will be displayed on both previous collection and new collection and read as follows: “This traffic could contain a multiple communications transaction (MCT) with information that is not to, from, or about tasked selectors. If this is an MCT, you are only permitted to use the discrete communication that you can positively identify as being specifically to, from, or about tasked selectors. Do not use this data until you review the additional guidance.” 2. Post additional guidance on the “go FAA” webpage; guidance will educate the NSA population across the enterprise that acquire and use FAA-702 collection on: the meaning of the banner, what steps an analyst must take if this banner appears, how to recognize an MCT, how to identify the tasked selector in an MCT, and where to get answers to questions 3. Update processes and procedures for reporting and dissemination of content from FAA-702 upstream collection. 4. Update processes and procedures for use of upstream FAA-702 data (both content and metadata) in FISA applications. ACTIONS (TS//SI) Implementation of these changes is underway; following are actions you are required to take at this time: Be ready for additional announcements regarding education and awareness messages and activities in coming days. Currently, with the exception of FISA applications, the focus is on content repositories; additional guidance will be forthcoming on the handling and use of metadata, and use for targeting, discovery and other purposes. Until you review guidance provided (step 2 above), DO NOT USE ANY DATA CARRYING THE CAUTIONARY BANNER. If you have any questions, please go to the FAA web page “go FAA”, under the “What’s New” section. TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN (U//FOUO) These new processes are temporary while this matter is under review with the FISC. We will be renewing our three FAA certifications by September 21st with revised procedures and will change our internal processes accordingly. We are also engaged with the Technology Directorate and others to determine if there are technical solutions to these issues. We will continue to keep you informed and provide guidance as we work toward resolution. Thank you for your diligence and dedication to protecting our authorities to fully execute our mission. (U//FOUO) The POC for this message is . Teresa H. Shea SIGINT Director TOP SECRET//COMINT//NOFORN