Documents
FAA702 Comms memo
June 25, 2018
TOP SECRET//COMINT//NOFORN
(U//FOUO) Changes to Handling of FAA-702 Collection
From: Teresa H. Shea, SIGINT Director
WHO
(U//FOUO) This message applies to all personnel and managers of personnel who access FISA
Amendments Act (FAA) 702 collection; all analysts, collection managers, dataflow managers, database
administrators, etc. who work with FAA-702 data; and all intelligence oversight officers and compliance
leads across the Extended Enterprise.
PURPOSE
(U//FOUO) This message is intended to make you aware of recent developments in NSA’s actions to
manage the acquisition of FAA-702 collection; some changes we are making to our internal processes
and tools in the handling and use of this data; and actions you will be required to take.
RECENT DEVELOPMENTS
(TS//SI//NF) FAA-702 data is acquired in two ways, directly from Internet Service Providers (PRISM) and
from SSO passive sensors (upstream collection). Analysts submitting FAA-702 tasking can choose to task
PRISM, upstream or both for any of their selectors. NSA has the authority to acquire communications
to, from or about tasked selectors from FAA-702 collection.
(TS//SI//NF) When NSA is collecting certain internet transactions in upstream collection containing
tasked selectors, NSA might also be acquiring information that is NOT to, from or about tasked
selectors in that collection. There are numerous internet communication activities using protocols that
may include multiple communications in a single transaction. Currently our collection systems cannot
break apart these multiple communications transactions (MCT). Additionally, there are certain
protocols in use for which NSA is not able to distinguish a transaction which contains only a single
communication from an MCT. One example of this is when a user of a webmail service accesses her
inbox; if the inbox contains one email message that contains an NSA tasked selector, NSA will acquire a
copy of the entire inbox, not just the individual email message that contains the tasked selector.
(TS//SI//NF) The FISA Court (FISC) has expressed concern over continued use of those portions of the
transactions in the upstream acquisition that are non-targeted, i.e. are not to, from or about the tasked
selector. For NSA to continue to acquire FAA-702 upstream collection, NSA has agreed to implement
new processes and requirements regarding the handling and use of this collection. It is important to
note that these new processes only affect the upstream collection; there will be no change to handling
and use of PRISM collection. NSA has two options; either turn off the acquisition of ALL upstream
Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20360701
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
(U//FOUO) Changes to Handling of FAA-702 Collection
From: Teresa H. Shea, SIGINT Director
WHO
(U//FOUO) This message applies to all personnel and managers of personnel who access FISA
Amendments Act (FAA) 702 collection; all analysts, collection managers, dataflow managers, database
administrators, etc. who work with FAA-702 data; and all intelligence oversight officers and compliance
leads across the Extended Enterprise.
PURPOSE
(U//FOUO) This message is intended to make you aware of recent developments in NSA’s actions to
manage the acquisition of FAA-702 collection; some changes we are making to our internal processes
and tools in the handling and use of this data; and actions you will be required to take.
RECENT DEVELOPMENTS
(TS//SI//NF) FAA-702 data is acquired in two ways, directly from Internet Service Providers (PRISM) and
from SSO passive sensors (upstream collection). Analysts submitting FAA-702 tasking can choose to task
PRISM, upstream or both for any of their selectors. NSA has the authority to acquire communications
to, from or about tasked selectors from FAA-702 collection.
(TS//SI//NF) When NSA is collecting certain internet transactions in upstream collection containing
tasked selectors, NSA might also be acquiring information that is NOT to, from or about tasked
selectors in that collection. There are numerous internet communication activities using protocols that
may include multiple communications in a single transaction. Currently our collection systems cannot
break apart these multiple communications transactions (MCT). Additionally, there are certain
protocols in use for which NSA is not able to distinguish a transaction which contains only a single
communication from an MCT. One example of this is when a user of a webmail service accesses her
inbox; if the inbox contains one email message that contains an NSA tasked selector, NSA will acquire a
copy of the entire inbox, not just the individual email message that contains the tasked selector.
(TS//SI//NF) The FISA Court (FISC) has expressed concern over continued use of those portions of the
transactions in the upstream acquisition that are non-targeted, i.e. are not to, from or about the tasked
selector. For NSA to continue to acquire FAA-702 upstream collection, NSA has agreed to implement
new processes and requirements regarding the handling and use of this collection. It is important to
note that these new processes only affect the upstream collection; there will be no change to handling
and use of PRISM collection. NSA has two options; either turn off the acquisition of ALL upstream
Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20360701
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
collection; or put protections, i.e. usage caveats, on portions of the upstream collection that are under
review. NSA leadership chose the latter rather than risk not having access to all the collection
authorized for the execution of our mission. It is critical that you follow the guidance provided and
implement these protections; if we do not, NSA’s ability to continue to acquire upstream collection is at
risk.
CHANGES TO INTERNAL PROCESSES
(TS//SI//NF) NSA is implementing several steps to add protections to the use of this data; these steps
will be taken over the next several days:
1. Add a cautionary banner to the content viewers/presenters of FAA-702 data for those data
objects that either include or are not distinguishable from a multiple communications
transaction (MCT). The banner will be displayed on both previous collection and new collection
and read as follows: “This traffic could contain a multiple communications transaction (MCT)
with information that is not to, from, or about tasked selectors. If this is an MCT, you are only
permitted to use the discrete communication that you can positively identify as being
specifically to, from, or about tasked selectors. Do not use this data until you review the
additional guidance.”
2. Post additional guidance on the “go FAA” webpage; guidance will educate the NSA population
across the enterprise that acquire and use FAA-702 collection on:
the meaning of the banner,
what steps an analyst must take if this banner appears,
how to recognize an MCT,
how to identify the tasked selector in an MCT, and
where to get answers to questions
3. Update processes and procedures for reporting and dissemination of content from FAA-702
upstream collection.
4. Update processes and procedures for use of upstream FAA-702 data (both content and
metadata) in FISA applications.
ACTIONS
(TS//SI) Implementation of these changes is underway; following are actions you are required to take at
this time:
Be ready for additional announcements regarding education and awareness messages and
activities in coming days. Currently, with the exception of FISA applications, the focus is on
content repositories; additional guidance will be forthcoming on the handling and use of
metadata, and use for targeting, discovery and other purposes.
Until you review guidance provided (step 2 above), DO NOT USE ANY DATA CARRYING THE
CAUTIONARY BANNER.
If you have any questions, please go to the FAA web page “go FAA”, under the “What’s New”
section.
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
collection; or put protections, i.e. usage caveats, on portions of the upstream collection that are under
review. NSA leadership chose the latter rather than risk not having access to all the collection
authorized for the execution of our mission. It is critical that you follow the guidance provided and
implement these protections; if we do not, NSA’s ability to continue to acquire upstream collection is at
risk.
CHANGES TO INTERNAL PROCESSES
(TS//SI//NF) NSA is implementing several steps to add protections to the use of this data; these steps
will be taken over the next several days:
1. Add a cautionary banner to the content viewers/presenters of FAA-702 data for those data
objects that either include or are not distinguishable from a multiple communications
transaction (MCT). The banner will be displayed on both previous collection and new collection
and read as follows: “This traffic could contain a multiple communications transaction (MCT)
with information that is not to, from, or about tasked selectors. If this is an MCT, you are only
permitted to use the discrete communication that you can positively identify as being
specifically to, from, or about tasked selectors. Do not use this data until you review the
additional guidance.”
2. Post additional guidance on the “go FAA” webpage; guidance will educate the NSA population
across the enterprise that acquire and use FAA-702 collection on:
the meaning of the banner,
what steps an analyst must take if this banner appears,
how to recognize an MCT,
how to identify the tasked selector in an MCT, and
where to get answers to questions
3. Update processes and procedures for reporting and dissemination of content from FAA-702
upstream collection.
4. Update processes and procedures for use of upstream FAA-702 data (both content and
metadata) in FISA applications.
ACTIONS
(TS//SI) Implementation of these changes is underway; following are actions you are required to take at
this time:
Be ready for additional announcements regarding education and awareness messages and
activities in coming days. Currently, with the exception of FISA applications, the focus is on
content repositories; additional guidance will be forthcoming on the handling and use of
metadata, and use for targeting, discovery and other purposes.
Until you review guidance provided (step 2 above), DO NOT USE ANY DATA CARRYING THE
CAUTIONARY BANNER.
If you have any questions, please go to the FAA web page “go FAA”, under the “What’s New”
section.
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
(U//FOUO) These new processes are temporary while this matter is under review with the FISC. We will
be renewing our three FAA certifications by September 21st with revised procedures and will change our
internal processes accordingly. We are also engaged with the Technology Directorate and others to
determine if there are technical solutions to these issues. We will continue to keep you informed and
provide guidance as we work toward resolution. Thank you for your diligence and dedication to
protecting our authorities to fully execute our mission.
(U//FOUO) The POC for this message is
.
Teresa H. Shea
SIGINT Director
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
(U//FOUO) These new processes are temporary while this matter is under review with the FISC. We will
be renewing our three FAA certifications by September 21st with revised procedures and will change our
internal processes accordingly. We are also engaged with the Technology Directorate and others to
determine if there are technical solutions to these issues. We will continue to keep you informed and
provide guidance as we work toward resolution. Thank you for your diligence and dedication to
protecting our authorities to fully execute our mission.
(U//FOUO) The POC for this message is
.
Teresa H. Shea
SIGINT Director
TOP SECRET//COMINT//NOFORN