5 May 2017

Cipher Brief Expert View: Changing NSA’s Email Collection Program

GENERAL MICHAEL HAYDEN

The National Security Agency (NSA) announced on Friday a change in its intelligence collection under Section 702 of the Foreign Intelligence and Surveillance Act (FISA). The move comes under the backdrop of the looming deadline of December 31, 2017 when the authorities granted by 702 will expire if not reauthorized by Congress. According to an NSA statement, the revision essentially mean that the “NSA will no longer collect certain internet communications that merely mention a foreign intelligence target.” Referred to as “about” collection, the changes to the NSA’s collection policies are related to a process known as upstream collection.

The Cipher Brief spoke with General Michael Hayden, the former director of the NSA, about what the changes are, why they were made, and what they mean for both intelligence efforts and privacy-conscience Americans.

The Cipher Brief: What is 702 collection, and what is the difference between upstream versus downstream collection?

Michael Hayden: Provision 702 is a provision of the FISA Amendment Act of 2008. Congress recognized the technological reality that many communications in America were not of America. And some previous restrictions about collecting communications in the United States needed to be modified.

You have two aspects of 702. One is the PRISM program, also known as downstream collection, which simply allowed the NSA to go to email providers — the Yahoos and Gmails of the world — and say we need everything in the account of a targeted individual. In all cases under 702, the target of the surveillance had to be a foreigner, reasonably believed to be outside the United States.

The other aspect of 702 is what is called upstream collection, which allows the NSA to physically collect on wires entering and leaving the United States against, once again, foreign targets reasonably believed to be outside the United States. It is still foreign intelligence, but the big change is the ability for the NSA to do something inside the United States that it had been unable to do before. Some of that had been previously based on the President’s Article II authorities after 9/11. But FISA 702 is a far more expansive, extensive, permanent empowerment of NSA.

TCB: What is the change being made, and why is it being done now?

MH: In the upstream collection—that’s not taking it off the server but actually physically collecting it — the foreign selector, let’s call it Badman X, the selectors were set up in a way that you were grabbing the email of Badman X, if he were sending or receiving an email, or if his email was mentioned in the body of a communication. So it was “to”, “from,” and “about.”

When you’re getting it “to” or “from,” there’s no questions that you are collecting foreign intelligence. Remember, Badman X is already known to be a foreigner, reasonably believed to be outside the United States. But if you’re using your filters for Badman X to actually look at the content of emails coming by, you could occasionally pick up an email in which both the sender and the receiver were in the United States. That’s called inadvertent collection. Of course if you are using your selectors to trigger on Badman X being mentioned in the body of an email, you would get a lot of emails, foreign-to-foreign emails, that mention Badman X. But your filters are set up that you’re going to get the U.S.-to-U.S. emails about Badman X too, and again, that’s not authorized collection. We call it inadvertent.

Once discovered, those communications would have to be flushed from the system. But many were not discovered and you ended up with an undetermined number of U.S.-to-U.S. communications that had Badman Xs, so to speak, in them. Many complained that was a violation of American privacy.

What NSA has decided to do is stop using the foreign selector, Badman X, for the content of emails. That way the only emails you would collect about Badman X were emails in which Badman X was either sending or receiving them. Now that actually means you lose some intelligence, because you’re not going to get foreign-to-foreign emails with Badman X in the body, but it also means you’re not going to get any U.S.-to-U.S. emails. Everything you pick up now is going to have at least one foreign end, because Badman X is one end, and that’s the selector for collecting the email.

TCB: If there is a U.S. to foreign communication, is that an authorized collection effort under 702?

MH: Yes, it is. And that is called incidental collection, which means that what triggered the collection was the foreign end, Badman X, and incidentally you have picked up information “to,” “from” or “about” an American. Incidental collection is allowed to continue. You just have to "minimize" the U.S. identity. But, the way the program was previously run, there were some number of inadvertent collections, again, the selector being in the body of the email, different from the “to” or “from,” and in some instances you were picking up “to” and “from,” with both ends inside the United States. That is what has stopped.

TCB: In the NSA statement, they discuss the reauthorization of 702 as well as the technical reasons behind the decision to stop “about” collection. Could you elaborate on that?

MH: You can put this into three boxes.

Operationally, they were wiling to pay the price—the NSA is going to lose some good coverage here.

Legally, they were having a bit of trouble with the FISA court [the oversight body], because FISA had put some restrictions on how the data could be queried to try and protect the U.S. identities that might be swept up. The NSA had made some mistakes in that, self reported it, and had corrected its processes, but you did have that legal compliance problem.

Finally, there is no question you have a political question coming up with the debate on 702, which has to be reauthorized before the end of this year.

TCB: And as far as the technical reasons behind this, was this related to the growth of end-to-end encryption use, HTTPS or anything like that?

MH: Nope. This is not triggered by any technological change. This is a policy, operational, and legal compliance issue. It’s going to be a little easier to be legally compliant, because you’re not going to have as much inadvertent collection. Operationally they are willing to pay the price. And politically, they want to make 702, which is still the most productive source of information the NSA has ever had, they want to make 702 more politically acceptable.

I can add another wrinkle here. After this change to halt 702 “about” collection, the law will still allow the U.S. government to query the data.

Everything I’ve told you about, up to now, is collection. Now we’re into analysis. In analyzing the lawfully collected data, even under the new system, the law allows the U.S. government to use U.S. person identities to query the data. That means law enforcement is interested in this guy named Billy Bob Jones. And the NSA is really interested in Billy Bob Jones because they think there may be terrorist threats against him.

FBI may be interested in Billy Bob for other reasons. Some object to that. That is a separate issue and will be the core issue in the 702 reauthorization debate this summer. What the NSA has done to date will be appreciated by the privacy advocates, but it doesn’t eradicate this second very important question.

TCB: What about the FBI signals intelligence collection?

MH: 702 is NSA, but you bring up a great point. FBI then gets to query the NSA data, and using the U.S. name may be more an FBI equity, rather than NSA.

TCB: You mentioned compliance issues with the NSA querying American selectors. Could you describe the context for that and why this is such an important thing now with the reauthorization coming up?

MH: Without a court order the NSA can never use a U.S. identity to collect the data. The NSA only picks up U.S. communications inadvertently or incidentally. Now you’ve got this ocean of data—all lawfully collected—and now the government, especially law enforcement, queries the data with a U.S. person identity.

The opponents to that, people who are concerned about privacy, believe that is a back door search provision that smacks of indirect targeting. In other words, I’m targeting this foreigner over here, not because I’m interested in him, but I know this U.S. person that I’m not allowed to target will call him. And so, even to this former director of NSA, using U.S. person data to query the lawfully collected foreign intelligence is a not trivial privacy question.

TCB: So the move to take away “about” collection is a direct result of privacy concerns in the lead up to the reauthorization of FISA 702?

MH: I think that was a factor in the NSA decision. It was also an operational judgment as to what it was the NSA would or would not be giving up. As I said, the NSA is going to be losing some legitimate, lawful intelligence. If you don’t collect “about,” you’re going to lose some foreign-to-foreign communications that contain "about information." The NSA made the judgment they are willing to give that up in order to prevent the inadvertent collection of U.S.-to-U.S. communications.

The Cipher Brief’s Pam Benson and Levi Maxey contributed to this report.

No comments: