IC ON THE RECORD

Release of the 21st Joint Assessment of Section 702 Compliance

August 10, 2021

Today, the DNI, in consultation with the Department of Justice, is releasing in redacted form the 21^st Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, Submitted by the then Attorney General and the Director of National Intelligence (“Joint Assessment”). This Joint Assessment covers the timeframe of June 1, 2018, through November 30, 2018. The DNI is releasing this semiannual assessment proactively, in keeping with the Principles of Intelligence Transparency for the Intelligence Community.

The FISA Amendments Act of 2008, which was in effect during the reporting period for this 21^st Joint Assessment, required the Attorney General and the DNI to assess compliance with Section 702 procedures over each six-month period and to submit such assessments to the Foreign Intelligence Surveillance Court (FISC) and relevant congressional committees. A joint team of experts (the Joint Oversight Team) from DOJ and ODNI conduct these assessments.

The Joint Assessments describe the measures the Government undertakes to ensure compliance with FISC-approved targeting, minimization, and querying procedures for Section 702; to accurately identify, record and correct errors; to take responsive actions to remove any erroneously obtained data; and to minimize the chances that mistakes will recur. As was the case in past Joint Assessments, the Joint Oversight Team found in the 21^st Joint Assessment that the agencies continued to implement the procedures in a manner that reflected a focused and concerted effort by Intelligence Community (IC) personnel to comply with the requirements of Section 702.

As with prior semiannual assessments, this assessment provides an overall compliance incident rate that includes all categories of incidents from all of the agencies responsible for implementing Section 702. However, as previously explained, the overall compliance incident rate remains an imperfect proxy insofar as the rate compares the total number of compliance incidents (regardless of their cause) to the average number of tasked facilities (which may be unrelated to the number of certain types of compliance incidents, such as the number of times the acquired data was disseminated or queried improperly).

The imperfections of this rate are particularly evident in this reporting period’s rate of 33.54%, which was significantly impacted by a single type of incident (batch queries), and in particular one incident conducted by a single individual. When these improper queries are excluded from the compliance incident rate, the overall rate is generally consistent with the rates reported in previous periods.  To better promote oversight and inform the public’s understanding of compliance trends and their potential to affect privacy and civil liberties, this assessment therefore also includes narrative descriptions of the types of compliance incidents that occurred and provides an additional metric that is specific to the compliance incident rate for NSA targeting decisions, which was 0.20% [1] for this reporting period.

For this joint assessment, FBI’s query compliance incident rate was largely the consequence of a single batch query that did not meet the appropriate standard and included more than 100,000 queries, each of which constituted a separate incident. That batch query resulted in about 97% of the total IC-wide compliance incidents identified by NSD’s sampling and oversight. It is worth noting that none of those queries actually returned any Section 702 collection. A second incident involving another batch query resulted in just under 2,000 improper queries. Together, the two incidents made up almost 99% of the IC’s compliance incidents and resulted in the significant increase in the overall compliance incident rate, as noted above.

The period covered by this 21^st Joint Assessment, during which these incidents occurred, preceded the FBI’s implementation of remedial actions taken within the past few years to enhance compliance with the applicable query standard. In its 2018, 2019, and 2020 Section 702 opinions addressing the Government’s annual certification of its Section 702 program, the FISC discussed certain FBI query compliance incidents. In its 2018 Section 702 opinion addressing the Government’s annual certification of its Section 702 program, which followed the period covered by this 21^st Joint Assessment, the FISC found that the FBI’s querying procedures were not consistent with Section 702 or the Fourth Amendment in part because they did not require adequate documentation of justifications for U.S. person queries. In response to the Court’s opinion, as well as opinions in 2019 and 2020, the FBI made system modifications necessary to meet query recordkeeping and documentation requirements and provided training on these new modifications. The previously released December 2019 and November 2020 FISC opinions discuss the measures FBI has taken to address the query compliance issues.

ODNI has previously released a number of prior joint assessments, which may be found on IC on the Record and Intel.gov.

Below is today’s release, in redacted form:

21^st Joint Assessment (dated March 2021): reporting period June 1, 2018-November 30, 2018

ODNI Releases Annual Intelligence Community Transparency Report  

April 30, 2021

Today, consistent with the Foreign Intelligence Surveillance Act of 1978 (FISA), as amended (codified in 50 U.S.C. § 1873(b)), and the Intelligence Community’s (IC) Principles of Intelligence Transparency , ODNI is releasing the eighth annual Statistical Transparency Report Regarding Use of National Security Surveillance Authorities.

This report provides the public not only statistics, but also contextual information, regarding the scope of the government’s use of FISA authorities, National Security Letters, and other national security authorities.  In conjunction with other publicly released material, this report adds insight into the rigorous and multi-layered oversight framework governing the IC that safeguards the privacy and civil liberties of United States (U.S.) person and non-U.S. person information acquired pursuant to these national security authorities.

“We are pleased to publish ODNI’s eighth annual statistical transparency report,” said Ben Huebner, Chief, ODNI Office of Civil Liberties, Privacy, and Transparency. “The Intelligence Community remains committed to providing the public with information regarding how important national security authorities are used in practice.  The information in today’s report will help foster continued public dialogue regarding how the Intelligence Community protects national security, our privacy, and our liberty.”

Additional public information on national security authorities is available at the Office of the Director of National Intelligence’s (ODNI) website, www.dni.gov and the Intelligence Community’s public website, www.intel.gov.

RELEASE OF DOCUMENTS RELATED TO THE 2020 FISA SECTION 702 CERTIFICATIONS

April 26, 2021

Today the Office of the Director of National Intelligence, in consultation with the Department of Justice, releases documents related to the Foreign Intelligence Surveillance Court’s (FISC) approval of the 2020 Certifications under Section 702 of the Foreign Intelligence Surveillance Act (FISA). 

On November 18, 2020, the FISC issued a classified Memorandum Opinion and Order approving the 2020 Certifications and the associated targeting, minimization, and querying procedures (linked below). In the Memorandum Opinion, the Court examined the proposed procedures, both as written and in the context of how prior procedures had been implemented by the government, and found that the proposed procedures satisfy the requirements of FISA and the Fourth Amendment. 

One focus of the November 2020 opinion was on the Federal Bureau of Investigation’s (FBI) queries of unminimized Section 702-acquired information. The Court took note that since its most recent opinion on Section 702, FBI had implemented system changes to comply with recordkeeping and documentation requirements for such queries and had deployed mandatory training for all FBI personnel with access to unminimized Section 702-aquired information. The Court, however, stated it “continues to be concerned about FBI querying practices involving U.S.-person query terms, including (1) application of the substantive standard for conducting queries; (2) queries that are designed to retrieve evidence of crime that is not foreign-intelligence information; and (3) recordkeeping and documentation requirements.” See p. 39. The Court examined specific compliance incidents (see pp. 39 – 44) and evaluated the manner in which FBI implemented various changes to systems (see pp. 44 – 52). The Court noted that a majority of these query incidents occurred prior to FBI implementing system changes and deploying mandatory training intended to address these compliance matters, and that the COVID-19 pandemic had subsequently severely limited the ability of the government to monitor the FBI’s compliance once these system and training changes had been put in place.  See pp. 41, 43, 49-50.  As a result, the Court concluded that the improper queries do not undermine the Court’s determination that FBI’s querying and minimization procedures meet the applicable statutory and Fourth Amendment requirements, but stated that it would “continue to closely monitor the government’s reporting in order to evaluate whether the querying procedures are being implemented in a manner consistent with the statute and the Fourth Amendment.”  See pp. 41, 44, and 49-50.  The Court also imposed new reporting obligations on the government to facilitate its oversight.  See pp. 51, 63, and 66.

In addition to releasing the FISC opinion, ODNI is releasing the targeting, minimization, and querying procedures filed with the 2020 Certifications.  Links to these documents are provided below.  The documents are also posted in full-text searchable format on Intel.gov.

• FISC’s November 2020 Opinion

2020 Targeting Procedures

(released pursuant to the IC’s Principles of Transparency)

• FBI’s 2020 § 702 Targeting Procedures court stamped October 19, 2020
• NSA’s 2020 § 702 Targeting Procedures court stamped October 19, 2020

2020 Minimization and Querying Procedures

(released pursuant to 50 U.S.C. § 1881a(e))

• CIA’s 2020 § 702 Minimization Procedures court stamped October 19, 2020
• FBI’s 2020 § 702 Minimization Procedures court stamped October 19, 2020
• NCTC’s 2020 § 702 Minimization Procedures court stamped October 19, 2020
• NSA’s 2020 § 702 Minimization Procedures court stamped October 19, 2020

2020 Querying Procedures

(released pursuant to the IC’s Principles of Transparency)

• CIA’s 2020 § 702 Querying Procedures court stamped October 19, 2020
• FBI’s 2020 § 702 Querying Procedures court stamped October 19, 2020
• NCTC’s 2020 § 702 Querying Procedures court stamped October 19, 2020
• NSA’s 2020 § 702 Querying Procedures court stamped October 19, 2020

Background on Section 702

Section 702 was enacted as part of the FISA Amendments Act of 2008 (FAA) and most recently reauthorized by the FISA Amendments Reauthorization Act of 2017. Section 702 permits the Attorney General and the DNI to jointly authorize, through certifications, the targeting of (i) non-U.S. persons (ii) who are reasonably believed to be located outside the United States (iii) to acquire foreign intelligence information. These certifications are accompanied by targeting procedures, minimization procedures, and querying procedures that are each designed to ensure that the Government’s collection is appropriately targeted against non-United States persons located overseas who may possess or are likely to communicate foreign intelligence information and that any such collection is appropriately handled in a manner that protects privacy and civil liberties.

Under Section 702, the FISC reviews the certifications and accompanying documents to ensure that they meet all the requirements of Section 702 and are consistent with the Fourth Amendment. The Court’s review is not limited to the procedures as written, but also includes an examination of how the procedures have been and will be implemented. Accordingly, as part of its review, the FISC considers the compliance incidents reported to it by the Government through notices and reports.

For additional background information, please refer to the 2020 Statistical Transparency Report Regarding Use of National Security Authorities for CY2019 posted on Intel.gov and IC on the Record.

Release of the 20^th Joint Assessment of Section 702 Compliance

April 2, 2021

Today, the DNI, in consultation with the Department of Justice, is releasing in redacted form the 20^th Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, Submitted by the then Attorney General and the Director of National Intelligence (“Joint Assessment”). This Joint Assessment covers the timeframe of December 2017 – May 2018. The DNI is releasing this semiannual assessment proactively, in keeping with the Principles of Intelligence Transparency for the Intelligence Community .

The FISA Amendments Act of 2008, which was in effect during the reporting period for this 20^th Joint Assessment, required the Attorney General and the DNI to assess compliance with Section 702 procedures over each six-month period and to submit such assessments to the Foreign Intelligence Surveillance Court (FISC) and relevant congressional committees.  A joint team of experts (the Joint Oversight Team) from DOJ and ODNI conduct these assessments.

The Joint Assessments describe the extensive measures the Government undertakes to ensure compliance with FISC-approved targeting and minimization procedures for Section 702; to accurately identify, record and correct errors; to take responsive actions to remove any erroneously obtained data; and to minimize the chances that mistakes will recur.  As was the case in past Joint Assessments, the Joint Oversight Team found in the 20^th Joint Assessment that the agencies continued to implement the procedures in a manner that reflected a focused and concerted effort by IC personnel to comply with the requirements of Section 702.

In this semiannual assessment, DOJ and ODNI note that two types of compliance incidents drove the increase in the overall compliance incident rate to 4.39%.  Certain of the compliance incidents described in this assessment, including those regarding the Federal Bureau of Investigation (FBI) queries discussed below, have been described in other materials previously released to the public, most notably, the FISC’s October 2018 opinion addressing the Government’s annual certification of its Section 702 program.

As described in this and prior semiannual assessments, this overall compliance incident rate remains an imperfect proxy insofar as the rate compares the total number of compliance incidents (regardless of their cause) to the average number of tasked facilities (which may be unrelated to the number of certain types of compliance incidents, such as the number of times the acquired data was disseminated or queried erroneously).  To better promote oversight and inform the public’s understanding of compliance trends and their potential to affect privacy and civil liberties, this assessment therefore also includes narrative descriptions of compliance incidents and provides an additional metric that is specific to the compliance incident rate for National Security Agency (NSA) targeting decisions.

In the first category of incidents, one office in the NSA misunderstood how one of NSA’s tasking tools worked and did not appropriately review multiple accounts prior to tasking, which resulted in numerous accounts being incorrectly tasked.  The erroneously tasked accounts were detasked and the information collected from these taskings was purged.  After becoming aware of the incidents, NSA issued additional training to its personnel about the tasking requirements on the use of its tasking tools.

The second category of incidents involved misapplication by FBI personnel of the query standard in the FBI querying procedures.  Two events, each involving large numbers of queries conducted using FBI’s “batch query” tool (which allows FBI personnel to run numerous identifiers simultaneously), resulted in approximately 98% of the FBI’s compliance incidents. These two batch query incidents involved numerous queries conducted by the tool but pertained to a small subset of users.

Informed by these and other FBI query incidents, the FISC assessed the FBI’s use of query terms in opinions the court issued on October 18, 2018 , September 4, 2019 , and December 6, 2019 .  In the 2018 opinion, the FISC found that the FBI’s querying procedures were not consistent with Section 702 or the Fourth Amendment in part because they did not require adequate documentation of justifications for U.S. person queries.   In response to the Court’s opinions, the FBI made system modifications necessary to meet query recordkeeping and documentation requirements and provided training on these new modifications.  The previously released December 2019 FISC opinion discusses these changes.  The FBI incidents discussed in this 20^th Joint Assessment were reported to the FISC in a reporting period (December 2017 – May 2018) that preceded the 2018 and 2019 court opinions and the FBI’s implementation of these remedial actions.

ODNI has previously released a number of prior joint assessments, which may be found on IC on the Record and Intel.gov.

Below is today’s release, in redacted form:

20^th Joint Assessment (dated November 2020): reporting period December 1, 2017-May 31, 2018