(Updated: Jan 19, 2018)
Since the starting fourth dimension of the Snowden-revelations, nosotros non solely learned close the diverse collection programs together with systems of the National Security Agency (NSA), precisely also close the diverse legal authorities nether which the means collects Signals Intelligence (SIGINT).
Bceause these rules are rather complex, the next overview volition present which laws together with regulations principle the operations of the NSA, showing what they are allowed to collect where together with nether which conditions. Also mentioned are diverse collection programs that run nether these authorities.
The overview provides a full general impression of the most of import elements of the diverse laws together with regulations together with does non pretend to endure consummate inwards every detail. For example, provisions for emergency collection are non included. Also, some of these laws together with regulations principle the function of other US intelligence agencies too, precisely hither the focus is on the NSA.
Collection INSIDE the US:
Targeted collection - US persons & foreigners:
- Section 105 FISA
- Section 703 FISA Amendments Act (FAA)
Targeted collection - Foreigners:
- Transit Authority
- Section 702 FISA Amendments Act (FAA)
- Downstream Collection (PRISM)
- Upstream Collection
Bulk collection - US persons:
- Section 402 FISA (PR/TT)
- Section 215 USA PATRIOT Act (BR FISA)
- USA FREEDOM Act (USAFA)
Collection OUTSIDE the US:
Targeted collection - US persons:
- Sections 704 & 705 FISA Amendments Act (FAA)
Targeted & Bulk collection - Foreigners:
- Executive Order 12333
- Classified Annex Authority (CAA)
- Special Procedures governing Communications Metadata Analysis (SPCMA)
- Raw SIGINT Availability Procedures
Diagram amongst a determination tree showing the diverse legal authorities
nether which NSA tin collect Signals Intelligence (SIGINT)
(Click to enlarge)
- Inside the US - Targeted collection - US persons - |
Section 105 FISA
- Effective since Oct 25, 1978.
- For communications of US citizens together with foreigners, whether through a "facility" or individually, inside the US, for which there's a probably drive that they are agents of a unusual mightiness or connected to an international terrorist group. Initially also for foreigners exterior the US using an American webmail provider.
- Collection takes house at telephone together with cyberspace backbone switches, wireless networks, Internet Service Providers together with information centers at over seventy locations within the United States.
- Requires an individualized warrant from the FISA Court (which takes betwixt iv together with half-dozen weeks), precisely if no US soul volition probably endure overheard, solely a certification yesteryear the Attorney General is required.
- Collection programs: BLARNEY, COWBOY (under FAIRVIEW), PERFECTSTORM (under STORMBREW)
Section 703 FISA Amendments Act (FAA)
- Effective since July 10, 2008; expires on Dec 31, 2017.
- For communications of a US soul outside the US, when at that spot is probably drive that this soul is an officer, employee, or agent of a unusual mightiness or related to an international terrorist group.
- Requires an individualized warrant from the FISA Court.
- Collection takes house within the U.S. (see Section 105 FISA).
- In practice, NSA manifestly FAIRVIEW, STORMBREW, SILVERZEPHYR (under OAKSTAR), ORANGEBLOSSOM (under OAKSTAR)
Section 702 FISA Amendments Act (FAA)
- Effective since July 10, 2008; expired on Dec 31, 2017, precisely was reauthorized inwards Jan 2018 for some other 6 years, which is until the cease of 2023.
- For communications to or from foreigners who are reasonably believed to endure exterior the United States.
- Requires an annual certification yesteryear the Attorney General (AG) together with the Director of National Intelligence (DNI), which has to endure approved yesteryear the FISA Court. Certifications are known that cause got been approved for:
- Counter-Terrorism (CT, since 2007)- Companies acquire a directive ordering them to cooperate. In render they are granted legal immunity together with are compensated for reasonable expenses.
- Foreign Government (FG, since 2008; including some cyber threats since 2012)
- Counter-Proliferation (CP, since 2009)
- Cyber Threats (planned inwards 2012)*
- Dissemination rules differ slightly per certification. Ordinarily, US soul identifiers cause got to endure masked, precisely unevaluated information may endure shared amongst FBI together with CIA, together with unusual information may endure shared amongst the v Eyes partners.
- Unencrypted information may endure retained for upwardly to v years, or for a longer flow inwards answer to an authorized unusual intelligence or counterintelligence requirement, equally determined yesteryear the NSA's SIGINT Director.
Section 702 FAA has 2 components, each amongst slightly dissimilar rules:
Downstream Collection (PRISM)
- Only cyberspace communications "to" together with "from" specific electronic mail addresses or other types of identifiers. Filtering solely allowed for selectors, non for keywords.
- Collection is done yesteryear the FBI's DITU, which acquires the information from at to the lowest degree nine major American cyberspace companies. This results inwards both stored together with hereafter communications.
- Raw (unminimized) information may endure shared amongst FBI together with CIA.
- Data are retained for a maximum of v years.
- NSA is permitted to job US soul identifiers for querying already-collected information when there's a reasonable expectation that this volition render unusual intelligence.*
- Collection program: PRISM
Upstream Collection
- Both cyberspace together with telephone communications. The cyberspace communications may endure "to", "from" together with "about" specific electronic mail addresses or other types of identifiers, including IP addresses together with cyber threat signatures. The "about" collection of American e-mails together with texts was halted on Apr 28, 2017.
- Collection takes house within the US, at major telephone together with cyberspace backbone switches. This solely results inwards hereafter communications.
- Raw (unminimized) information may non endure shared exterior NSA.
- Data are retained for a maximum of 2 years.
- Collection programs: FAIRVIEW, STORMBREW
- Inside the US - Bulk collection - US persons -
Section 402 FISA (PR/TT)
- Effective since Oct 25, 1978.
- Since July 14, 2004, orders from the FISA Court allowed the NSA to collect domestic internet metadata inwards volume nether this authority. These metadata included the "to", "from", together with "cc" lines of an e-mail, equally good equally the e-mail’s fourth dimension together with date.
- Only for Counter-Terrorism purposes.
- Collection took house within the US, yesteryear acquiring the metadata from large American telecommunications providers.
- Query results could solely endure accessed yesteryear especially trained NSA analysts, together with could solely endure shared for a counter-terrorism purpose.
- Data were beingness retained for a maximum of v years.
- Collection terminated inwards Dec 2011 for "operational together with resources reasons" together with all information were deleted, equally the requirements could also endure fulfilled nether 702 FAA together with SPCMA authorities.FAIRVIEW
Section 215 USA PATRIOT Act (BR-FISA)
- Effective since Oct 26, 2001; expired equally of May 31, 2015.
- Since 2006, orders from the FISA Court allowed the NSA to collect domestic telephone metadata inwards volume nether this authority. These metadata included the originating together with receiving telephone number, the date, fourth dimension together with duration of the call, and, since 2008, the IMEI together with IMSI number.
- Only for Counter-Terrorism purposes: at that spot must endure a Reasonable together with Articulable Suspicion (RAS) that the question term belongs to a unusual terrorist organization. The Emphatic Access Restriction (EAR) tool ensured that analysts solely did queries on RAS-approved selectors.FAIRVIEW, STORMBREW
During a 180-day transition period, the NSA continued the collection of volume telephony metadata nether department 215 USA PATRIOT Act, which was until Nov 29, 2015. In this period, telephony metadata could solely endure queried later on a judicial finding that at that spot is a Reasonable, Articulable Suspicion (RAS) that the selector is associated amongst an international terrorist group. The results had to endure express to metadata within 2 (instead of 3) hops of the seed term.
USA FREEDOM Act (USAFA)
- Effective since June 2, 2015.
- Allows the NSA to asking metadata from telephone companies based upon specific pick price for which there's a Reasonable, Articulable Suspicion (RAS) that they are associated amongst a unusual mightiness or an international terrorist group. These metadata may consist of "session-identifying information", similar originating together with receiving numbers, IMSI, IMEI together with telephone calling menu numbers, together with the date, fourth dimension together with duration of the call. Collection of, together with contact chaining on place information is prohibited.
- Requires a warrant from the FISA Court approving specific telephone numbers or other identifying selectors.
- NSA provides these selectors to the telecommunications providers, who cause got to create the results of their queries (one or 2 hops from the initial selector) inwards a useful format, on a daily basis, together with for a flow of upwardly to 180 days.
- Companies providing these information are granted legal immunity together with volition endure compensated for reasonable expenses.
- All records that are non unusual intelligence information cause got to endure destroyed promptly.
- Query results may endure fully shared amongst CIA together with FBI.
- Also, unusual terrorists may endure tracked for upwardly to 72 hours when they acquire into the US, amongst authorization yesteryear the Attorney General.
- Outside the US - Targeted collection - US persons -
Section 704 & 705 FISA Amendments Act (FAA)
- Effective since July 10, 2008; expires on Dec 31, 2017.
- Collection takes house exterior the United States.
- Data may endure retained for upwardly to v years, or for a longer flow inwards answer to an authorized unusual intelligence or counterintelligence requirement, equally determined yesteryear the NSA's SIGINT Director. Inadvertent collection of US information has to endure destroyed upon recognition, precisely the Attorny General tin authorize exceptions.
The differences for these sections are:
Section 704 FAA
- For collection against a US soul exterior the US, when at that spot is probably drive that this soul is an officer, employee, or agent of a unusual mightiness or related to an international terrorist group.
- Requires an individualized warrant from the FISA Court, for a flow of upwardly to ninety days.
Section 705(a) FAA
- For communications of a US soul reasonably believed to endure exterior the United States.
- Requires an individualized warrant from the FISA Court.
- Collection may accept house both inside together with outside the United States.
Section 705(b) FAA
- For communications of a US soul reasonably believed to endure exterior the US, when at that spot is already an existing FISA Court club for collection against this soul within the US nether section 105 FISA.
- Requires authorization yesteryear the Attorney General.
- Outside the US - Targeted & Bulk collection - Foreigners -
Executive Order 12333
- Effective since Dec 4, 1981.
- For communications betwixt foreigners exterior the US.
- Requires no external approvals, except for plumbing equipment NSA's mission equally laid yesteryear the US authorities together with prioritized yesteryear the National SIGINT Committee.
- Collection takes house exterior the US together with for all unusual intelligence purposes. However, Presidential Policy Directive 28 (PPD-28) from Jan 17, 2014, limits volume collection to the next 6 purposes:
- Espionage together with other threats yesteryear unusual powers- Data may endure shared amongst other US intelligence agencies, equally good equally amongst unusual partner agencies.
- Threats from terrorism
- Threats from weapons of mass destruction
- Cybersecurity threats
- Threats to US or allied armed forces
- Threats from transnational crime
- Dissemination of US soul identifiers is solely allowed when necessary together with personal information should non endure inappropriately included inwards intelligence reports.
- Unencrypted information from targeted collection are retained for upwardly to v years, unless it is determined that continued retentivity is required; encrypted information are retained for an unlimited flow of time.
- Collection programs: WINDSTOP (incl. INCENSER, RAMPART-A (incl. SPINNERET, MOONLIGHTPATH, AZUREPHOENIX, etc), DANCINGOASIS, MYSTIC, together with many more.
Under EO 12333, at that spot are several additional authorizations:
Classified Annex Authority (CAA)
- Effective since 1988.
- For communications of US persons exterior the US, for whom there's probably drive that they are agents of a unusual mightiness or engaged inwards international terrorism.
- Requires prior blessing yesteryear the Attorney General, express to a flow of fourth dimension of upwardly to ninety days.
- Also for communications of a US soul who is held captive yesteryear a unusual mightiness or a terrorist group, which requires blessing of the Director of NSA.
ICREACH
- Information Assurance -
Besides collecting Signals Intelligence, the NSA is also responsible for Information Assurance (IA). This mission is conducted nether the next authorities:
National Security Directive 42
("National Policy for the Security of National Security Telecommunications together with Information Systems", 1990)
N.S.A. Gets More Latitude to Share Intercepted Communications
- Emptywheel.net: The Yahoo Scan: On Facilities together with FISA
- Emptywheel.net: While It Is Reauthorizing FISA Amendments Act, Congress Should Reform Section 704
- IC on the Record: FACT SHEET: Implementation of the USA FREEDOM Act of 2015
- Emptywheel.net: Internet Dragnet Timeline - Phone Dragnet Timeline - 10 Goodies USA Freedom Act Gives the Intelligence Community
- Webpolicy.org: Executive Order 12333 on American Soil, together with Other Tales from the FISA Frontier
- IC on the Record: Transition from the USA PATRIOT Act to the USA FREEDOM Act
- DNI.gov: Documents Regarding the Now-Discontinued NSA Bulk Electronic Communications Metadata
- Americanbar.org: Section 214 together with Section 215 FISA
- National Research Council: Bulk Collection of Signals Intelligence: Technical Options (pdf) (2015)
- NSA Civil Liberties together with Privacy Report close Targeted SIGINT Activities nether EO 12333 (pdf) (2014)
- Privacy together with Civil Liberties Oversight Board study close the Surveillance Program Operated Persuant to Section 702 FISA (pdf) (2014)
- Legal fact sheet: Executive Order 12333 (pdf) (2013)
- The Department of Defense Directive close NSA/CSS (pdf) (2010)
- NSA OGC: Course on legal compliance together with minimization procedures (pdf)
- Memo close Reauthorization of the FISA Amendments Act (pdf)
- NSA OGC: FISA Amendments Act of 2008 - Section 702 - Summary Document (pdf)
Tidak ada komentar:
Posting Komentar