NATIONAL SECURITY AGENCY

CENTRAL SECURITY SERVICE
FORT GEORGE G. MEADE, MARYLAND 20755-6000

 

FOIA Case: 
11 March 2019

RAMYA KRISHNAN

ADI KAMDAR

KNIGHT FIRST AMENDMENT INSTITUTE
AT COLUMBIA UNIVERSITY

475 RIVERSIDE DRIVE SUITE 202

NEW YORK, NY 10115

AVI ASHER-SCHAPIRO

COMMITTEE TO PROTECT OURNALISTS
330 7th AVE, 11th FLOOR

NEW YORK, NY 10001

Dear Ms. Krishnan and Mr. Schapiro:

This letter accompanies ?nal response to the 19 October 2018 Freedom
of Information Act (FOIA) request on behalf of the Knight First Amendment Institute,
and the 20 November 2018 FOIA request on behalf of the Committee to Protect
Journalists for the following:

1. All procedures or guidance for determining whether to warn, or for delivering
a warning to, an intended victim or those responsible for protecting the intended
victim, pursuant to Directive 191;

2. All records concerning the duty to warn under Directive 19 1 as it relates to
Jamal Khashoggi, including any records relating to duty to warn actions with respect
to him;

3. All records concerning any ?issue aris[ing] among IC elements? regarding a
determination to warn Jamal Khashoggi or waive the duty to warn requirement, or
regarding the method for communicating threat information to him.

The request on behalf of the Knight First Amendment Institute was assigned FOIA
Case Number 105522, and the request on behalf of the Committee to Protect Journalists
was assigned FOIA Case Number 105832. On 20 November 2018, the Knight First
Amendment Institute ?led a complaint which included NSA, initiating the litigation
regarding the above?described FOIA requests. Your cases have been processed in
accordance with FOIA.

FOIA Case: 105522A
Item 1

Two documents (21 pages) responsive to item 1 are enclosed: (1) 
Policy Instruction 2-0003 (Duty to Warn) and (2) Duty to Warn Operating Procedures.1
Certain information has been deleted from the enclosures, as explained below.

Some of the information deleted from the documents was found to be currently
and properly classi?ed in accordance with Executive Order 13526. This information
meets the criteria for classi?cation as set forth in Subparagraph of Section 1.4 and
remains classi?ed SECRET as provided in Section 1.2 of the Executive Order. The
information is classi?ed because its disclosure could reasonably be expected to cause
serious damage to the national security. Because the information is currently and
properly classi?ed, it is exempt from disclosure pursuant to the ?rst exemption of the
FOIA (5 U.S.C. 

In addition, this Agency is authorized by various statutes to protect certain
information concerning its activities. We have determined that such information exists
in these documents Accordingly, those portions are exempt from disclosure pursuant
to the third exemption of the FOIA (5 U.S.C. 552(b) which provides for the
withholding of information speci?cally protected from disclosure by statute. The
statute applicable in this case is Section 6, Public Law 86-36 (50 U.S.C. 3605).

Items 2 and 3

Regarding items 2 and 3 of your requests, we have determined that the fact of
the existence or non-existence of the materials you request is a currently and properly
classi?ed matter in accordance with Executive Order 13526, as set forth in
Subparagraph of Section 1.4. Thus, we can neither con?rm nor deny the existence
of responsive records, pursuant to the ?rst exemption of the FOIA (5 U.S.C. 
which provides that the FOIA does not apply to matters that are speci?cally
authorized under criteria established by an Executive Order to be kept secret in the
interest of national defense or foreign relations and are, in fact, properly classi?ed
pursuant to such Executive Order.

In addition, this Agency is authorized by various statutes to protect certain
information concerning its activities. The third exemption of the FOIA provides for the
withholding of information speci?cally protected from disclosure by statute. Thus, the
existence or non-existence of the information is also exempted from disclosure
pursuant to the third exemption. The speci?c statutes applicable in this case are 18
U.S.C 798; 50 U.S.C 3024(i); and Section 6, Public Law 86-36 (50 U.S.C. 3605).

NSA collects and provides intelligence derived from foreign communications to
policymakers, military commanders, and law enforcement of?cials. We do this to help
these individuals protect the security of the United States, its allies, and their citizens
from threats such as terrorism, weapons of mass destruction, foreign espionage,
international organized crime, and other hostile activities. What we are authorized described in Executive Order 12333. Information about how

 

1 Please note that the policy instruction cited in Duty to Warn Operating Procedures, CSS
Policy Instruction 1 1-0002 (Duty to Warn), is an unpublished version of 2-0003. 11-0002 was
the numbering given to 2-0003 prior to publication.

FOIA Case: 105522A

NSA conducts signals intelligence activities is available on the websites of NSA
and the Of?ce of the Director of National Intelligence 

Please be advised that NSA has completed its processing of your cases.

Sincerely,

JOHN R. CHAPMAN
Chief, Of?ce
NSA Initial Denial Authority

Encls:
a 

Doc ID: 6652973 Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)

UNCLASSIFIEDW

NATIONAL SECURITY AGENCY
3 CENTRAL SECURITY SERVICE



POLICY INSTRUCTION
2-0003
0.. I .

Issue Date: 20 May 2018
Revised:

   

 

 

(U) DUTY TO WARN
(U) PURPOSE AND SCOPE

(U) This policy instruction implements Intelligence Community Directive (ICD) 191,
"Duty to Warn? (Reference and supplements United States Signals Intelligence (SIGINT)
Directive (USSID) CRI252, "Reporting of Threat Warning Information? (Reference It
establishes procedures for providing waming regarding threats of intentional killing serious
bodily inim-y, and kirk-rapping to specific individuals or groups.

(U) This policy instruction applies to amp/(new.

(U) This policy instruction is not intended to, and does not. create any right or bene?t,
substantive or procedural. enforceable at law or in equity, by any party against the United States;

its departments, other agencies, or entities; its Of?cers. employees, or agents: or any other
person.

PAUL M. 

General. US. Army
Director, NSA/Chief, SS

 

 

Endorsrf 
Chief. olicy
86-36

 

 

 

Approved for Release by NSA on 03-08-2019, FOIA Case 105522 (litigation)

NC 

 

 

 

Doc ID: 6652973 Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)


Policy Instruction 2-0003 Dated: 20 May 2018

(U) Encls:
Annex A Duty to Warn Procedures
Annex Dispute Resolution Procedures
Annex Duty to Warn Procedures for Second Party Reports and Reports from
Second Party Collection
Annex Contact Information

(U) DISTRIBUTION:
KIM
12
P134 (Vital Records)

This policy instruction supersedes National Security Agency CR-679-01, ?Terrorist
Threat Advisories-Reporting Threat to Civilian Entities,? dated 3 December 2007.

(U) OPI: National Security Operations Center (NSOC), K1, 963-37775.

(U) No section of this document shall be released without approval from the Of?ce of Policy
(P12).

(U) POLICY

1. (U) Any element that collects or acquires credible and speci?c information
indicating an impending threat of intentional killing, serious bodily injury, or kidnapping
directed at a person or group of people (hereafter referred to as ?intended victim?) shall have a
dug to warn the intended victim or those responsible for protecting the intended victim, as
appropriate (Reference This includes threats where the target is an institution, place of
business, structure, location, or electronic infrastructure that supports life. The term ?intended
victim? includes both US. persons, as de?ned in Executive Order 12333, ?United States
Intelligence Activities? (Reference and non-US. persons.

2. (U) shall execute its duty to warn in accordance with the Duty to Warn
Procedures in Annex A, rather than through the Terrorist Threat Advisory procedures outlined in
Reference b. The procedures for sharing Threat Warning Tippers, also outlined in Reference b,
shall remain the same.

3. Duty to warn may be waived if any of the following waiver justi?cations
apply:

a. The intended victim, or those responsible for ensuring the intended
victim?s safety, is/are already aware of the speci?c threat;

b. The intended victim is at risk only as a result of the intended
victim?s participation in an insurgency, insurrection, or other armed con?ict;

2


NSA FOIA Case 105522 Page 0002

Doc 6652973 Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)


Policy Instruction 2-0003 Dated: 20 May 2018

c. There is a reasonable basis for believing that the intended victim is
a terrorist, a direct supporter of terrorists, an assassin, a drug traf?cker, or involved in
violent crimes;

(1. (weer-199 Any attempt to warn the intended victim would unduly endanger
US. Government personnel, sources, methods, intelligence operations, or defense
operations;

e. The information resulting in the duty to warn determination was
acquired from a foreign government with whom the US. has formal agreements or
liaison relationships, and any attempt to warn the intended victim would unduly endanger
the personnel, sources, methods, intelligence operations, or defense operations of that
foreign government; or

f. (U) There is no reasonable way to warn the intended victim.

4. (UNI-1986) Issues concerning whether threat information is credible and speci?c, so
as to permit a meaningful warning, shall be resolved in favor of informing the intended victim if
none of the waiver justi?cations above are present.

5. If issues arise among organizations or between and
Intelligence Community (IC) elements regarding a determination to warn an intended victim or
waive the duty to warn requirement, the methods of communicating the threat information to the
intended victim, or the timely receipt of related feedback from the receiving customer of?ces,
resolution shall occur at the lowest practical and authorized level in a manner that does not
unnecessarily delay the timely noti?cation of threat information to the intended victim.

6. (U) If an issue in dispute between the IC elements has been elevated to the Director,
NSA/Chief, SS and attempts at resolution remain at an impasse, the
shall notify the Director of National Intelligence (DNI). The DNI will
facilitate resolution of the issues that have been referred.

(U) PROCEDURES

7. (UHF-GHQ) Annex A contains duty to warn procedures, which are
consistent with Reference a.

(U) RESPONSIBILITIES
8. (U) The Director, NSA/Chief, SS shall:

a. Provide information to the DN1, upon request, regarding
duty to warn procedures and actions; and

3


NSA FOIA Case 105522 Page 0003

Doc ID: 6652973 Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)

UNCLASSIFIEDHOR-OW
Policy Instruction 2-0003 Dated: 20 May 2018

b. (U) Notify the DN1 when an issue in dispute among the IC elements requires
the resolution.

9. (UHF-GHQ) The Director, Operations (X) shall serve as the ?nal adjudicator for
internal disputes regarding duty to warn during normal business hours when such
disputes cannot be resolved at a lower level.

10. (U) The Director, National Security Operations Center (NSOC) shall:
a. Manage the duty to warn process at and

b. Maintain records on duty to warn determinations, including
decisions to waive the requirement and any actions taken to warn the intended victim

(Reference 

ll. The NSOC Senior Operations Of?cer (300) shall serve as the ?nal
adjudicator for internal disputes regarding duty to warn after normal business hours
when such disputes cannot be resolved at a lower level.

12. The NSOC Senior Reporting Of?cer (SRO) shall manage duty to warn
post-publication requests after normal business hours.

 

13. The Chief, Information Sharing and Collaboration shall manage
duty to warn post-publication requests during normal business hours.

 

 

 

14. (UHF-GHQ) Of?ce- level (i e. ,Alpha management or operations staff shall
approve duty to warn waiver requests.

15. The Branch Chief, Section Chief, Division Chief, Operations Of?cer, or
Chief of Operations 1n the appropriate target office shall af?rm Whether threat info'rmation lS
credible and speci?c, so as to permit meaningful warning.

 

(3) -P.L. 86-36

 

16. (U) employees shall:

 

 

a. (U) Identify credible and speci?c information indicating an impending threat
of intentional killing, serious bodily injury, or kidnapping of an individual or group and
shall immediately report this information to their management for a determination on
whether to warn the intended victim; and

b. Submit duty to warn waiver requests, if any of the waiver
justi?cations apply (see paragraph 3), to Of?ce-level management or operations staff.

4


NSA FOIA Case 105522 Page 0004

Doc ID: 6652973 Approved for Release by NSA on Case 105522 (Litigation)


Policy Instruction 2- 0003 Dated: 20 May 2018

(U) REFERENCES
17. (U) References:

a. (U) Intelligence Community Directive (1CD) 191, ?Duty to Warn,? dated
21 July 2015.

b. (UHF-GHQ) USSID CR 1252, ?Reporting of Threat Warning Information,?
dated 26 November 2007, revised 18 February 2010.

c. (U) Executive Order 12333, ?United States Intelligence Activities,? as
amended.

(U) DEFINITIONS

18. (U) Duty to Warn A requirement to warn US. and non-U.S. persons of impending
threats of intentional killing, serious bodily injury, or kidnapping (Reference 

19. Intentional Killing The deliberate killing of a speci?c individual or group of
individuals (Reference 

20. (U) Kidnapping The intentional taking of an individual or group through force or
threat of force (Reference 

21. (U) Employee person employed by, assigned or detailed to, or acting
for an element within (derived from Reference 

22. (U) Serious Bodilv Iniurv An injury that creates a substantial risk of death or
causes serious, permanent dis?gurement or impairment (Reference 

5


NSA FOIA Case 105522 Page 0005

Doc ID: 6652973 Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)



(U) ANNEX A
(U) DUTY TO WARN PROCEDURES

1. (U) The employee identi?es or is informed of credible and speci?c
information indicating an impending threat of intentional killing, serious bodily injury, or
kidnapping of an individual or group.

2. The employee immediately reports the information to a
manager their Branch Chief, Section Chief, Division Chief, Operations Of?cer, or Group
Chief).

3. (U) The employee?s manager consults with the Target Of?ce Chief (or the
Target Of?ce Chief?s designee) and determines whether the threat information is credible and
speci?c, so as to permit a meaningful warning.

4. (WW) If the employee?s manager determines that the threat
information is credible and speci?c, the employee assesses whether any of the waiver
justi?cations apply. If any apply, the employee requests a waiver from their Of?ce-
level Alpha management or operations staff:

a. The waiver requester sends the appropriate justi?cation, brief
description of the threat, and information on which the threat is based with a link to or
copy of the report in which the threat is documented.

b. The Of?ce?level reviewer responds by approving or denying the
waiver request. If they approve the waiver, then they include the NSOC threat warning
alias to document the response with NSOC.

 

 

 

 

5. If none of the waiver justi?cations apply or the waiver request is denied,
the employee informs the element that will issue the warning that a duty to warn
noti?cation is in progress:

a. (U) If the intended victim is located in the United States, the 
employee or their manager informs the Federal Bureau of Investigation (FBI), through
the Representative (NCR) FBI if appropriate. (See Annex for FBI contact
information.)

b. (U) If the intended victim is located outside of the United States, the 
employee or their manager informs the DN1 Representative/Chief of Station
through the ic Services Group (CSG) Central Intelligence

 

 

A enc CIA), and, if appropriate
(See Annex 12 for CIA contact information86?36 Annex A to Policy Instruction 2-0003
Dated: 20 May 2018

 

 

 

 

A-l


NSA FOIA Case 105522 Page 0006

Doc ID: 6652973 Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)

UNCLASSIFIEDW

6. (WW The employee submits a pro-active post-publication release

request against the report containing the threat information, whereby the employee
shall:

 

a. Go to

b. Select the appropriate task type from the menu based on the
classi?cation of the, original report, the end recipient, and inclusion of unmasked
identities. . . 

 

 

 



c, (U) Complete the form providing the following information:

0
0

 

 

1) Email Address At minimum, the employee

(3) - L- 86'36 I shall include their email address or of?ce alias; their of?ce?s operations team

 

alias, post-pub team alias, and NSOC desk alias; and the NSOC SRO
land appropriate liaison element

[and
I

2) Justification - Detail the purpose for sharing this
information with the intended recipient. (For example: ?[Appropriate
Classi?cation] This is a pro-active Duty to Warn (DTW) release to [Name of
Potential Victim/s] based on [Report Serial Number]. We believe that [Name of
Potential Victim/s] is in imminent danger. We request that this information be
relayed to the intended recipient as soon as possible to allow them time to take
appropriate precautions?)





'0




3) (ll/$669) Handling Precedence If the threat is imminent, submit
the request with URGENT precedence. If the threat is not imminent, submit the
request with Immediate or Priority precedence.

4) (U/i?FOb?e) Release Classification The classi?cation of requests
varies, but is o?en UNCLASSIFIED. The most appropriate classi?cation should
allow the intended recipient to receive the warning at the chosen classi?cation,
but is not unnecessarily sanitized if the recipient is authorized for SECRET or
reporting.

5) (U) Proposed Sanitization Use the below format in the Proposed
Sanitization text ?eld:

Annex A to Policy Instruction 2-0003
Dated: 20 May 2018
A-2


NSA FOIA Case 105522 Page 0007

Doc ID: 6652973

Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)


 

 

Please pass this to CIA (if threat is outside of US.) or FBI (if threat is in US) with the text to be
released:

[Appropriate Classi?cation] This is a pro-active Duty to Warn (DTW) release to [Name of
Potential Victim/s] based on [Report Serial Number]. We believe that [Name of Potential
Victim/s] is in imminent danger. We request that this information be relayed to the intended
recipient as soon as possible to allow them time to take appropriate precautions.

Per ICD 191, NSA is required to document and maintain records on speci?ed duty
to warn actions, one of them being how and when threat information was delivered to the
intended victim. We kindly request noti?cation of your Agency?s actions within 5 business days
from the date of noti?cation for this purpose.

 

 

Text to Be Released:

[Appropriate Classi?cation] [Warning language goes here] (*If the language is
UNCLASSIFIED, it must be approved by Of?ce~level Chief of Operations, Deputy Chief of
Operations, Chief, or Deputy Chief.)

 

 

 

a) If the post-publication re uest is marked Immediate
and submitted dur1 ring normal business hours 
assigns the request through standard .post-p'ublication procedures and
includes the NSOC Threat Warning aliasl

 

I

 

 

(b

(3) 8 6_36 b) If the post-publication request is marked Immediate

 

 

and submitted after normal business hours, the NSOC SRO processes the
t, . request. NSOC should reach out to the appropriate target of?ce designee
for advice or concurrence before any release after normal business hours.

7. The post-publication request is formally reviewed 1n accordance with
standard post- u?plication processes, which include Collection, Exploitation, and 
Operations? Sec?ond Party; and Third Party reviews, as appropriate.

 

8. the NSOC SRO provides the a) aproved release language to the
customer, who is responsible for providing the warning. Elm the NSOC SRO informs the
customer that once the approved language is released, the customer has 5 business days to
provide feedback on language use.

 

Annex A to Policy Instruction 2-0003
Dated: 20 May 2018
A-3


NSA FOIA Case 105522 Page 0008

 

Doc ID: 6652973 Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)

UN 

(U) ANNEX 
(U) DISPUTE RESOLUTION PROCEDURES

1. Any internal disputes among employees or organizations
should be resolved at the lowest practical and authorized level. The Director of Operations shall
be the ?nal adjudicator for internal disputes during normal business hours; the NSOC
800 shall be the ?nal adjudicator after normal business hours.

2. When an customer disputes a duty to warn waiver
determination, the customer may request that SS reconsider:

 

I 86?36

 

a. (U) During normal business hours:

 

l) The Chief, or?hi?tijeviews the request to
reconsider and consults with the N.S.OC SOO, 



2) (U) The Chie Chie decides whether to uphold the duty to
warn waiver determination.

 

 

 

 

 

 

 

 

 

 

 

b. (U) A?er normal business hours:

 

l) The NSOC 800 reviews the request to reconsider and
consults with the appropriate operations desks on the NSOC ?oor.

2) (U) The NSOC SOO decides whether to uphold the duty to warn
waiver determination.

3. If an employee has not received feedback from an SS
customer on the uses of its released duty to warn language and has made reasonable and
documented steps to receive feedback, the affiliate may contact the appropriate
liaison of?ce (NCR FBI or CSG CIA) to facilitate resolution. (See Annex for NCR
FBI and CSG CIA contact information.)

4. (U/Fe?e) When an employee disputes a customer?s decision to deliver
threat information to an intended victim in an expeditious manner without prior consultation or
noti?cation, the employee may contact the appropriate liaison of?ce 
NCR FBI or CSG CIA) to facilitate resolution.

Annex to Policy Instruction 2-0003
Dated: 20 May 2018
B-l


NSA FOIA Case 105522 Page 0009

Doc ID: 6652973 Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)



(U) ANNEX 

(U) DUTY TO WARN PROCEDURES FOR SECOND PARTY REPORTS AND
REPORTS FROM SECOND PARTY COLLECTION

1. The Chie?Dor the NSOC SRO informs the appropriate Special United
States Liaison Of?ce (SUSLO) as soon as duty to warn threat information is identi?ed.

 

2. The SUSLO coordinates with the Security Of?cer
to ensure duty to warn requiremehts are met. The SUSLO should engage with the partner
according to established sharing 'guidelines. (See SUSLO contact information in Annex D.)
Contact NSOC for afterhours support.

 

(3) -P.L. 86?36

 

 

 

Annex to Policy Instruction 2-0003
Dated: 20 May 2018
C-l


NSA FOIA Case 105522 Page 0010

 00 ID: 6652973 Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)



(U) ANNEX 
(U) CONTACT INFORMATION

FBI CT Watch:
534-1463

 

 

 

 

FBI Strategic Information and Operations Center:
534-1463 

 



(unease) NCR FBI: . 





- a?or -o?u se?cure) 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

I . 1
NCR FBI Personnel Roster ?v 
SG CIA- 
935-0209 (secure) - - . . 
2214$ .
86?36
?33 
. 
. . 
NSOC Senior Ogerationf Officer (851213?!
963-3777 (secure) . . . 
(UHF-996) NSOC Directorate of ngrationgl?agerations Management 
96 - 9 1" -

 



 

 

0


(UHF-9H9) 1? SS Cell Senior Leader 

966-6073 (secure)

 

Annex to Policy Instruction 2-0003
Dated: 20 May 2018
D-l


NSA FOIA Case 105522 Page 0011

DOC 6652973 Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)



(UMP-GHQ) 59;; Senigr Of?cer (SRO):

963-3278 (secure) .

 

 

 

.
995-7201 (secure) .

 

 

 

 

86-36

 

 

 

 

SUSLO-Canberra: . 
263-2100 (secure) 

. 
262-2034 (secure) . 


SUSLO-Wellington:
717-8639/8638 (secure)

 

Annex to Policy Instruction 2-0003
Dated: 20 May 2018
D-2


NSA FOIA Case 105522 Page 0012

Doc ID: 6652974 Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)



(U) DUTY TO WARN
STANDARD OPERATING PROCEDURES
JULY 2017

(U) This document provides procedures for United States SIGINT System 
elements in meeting duty-to-wam responsibilities IAW Intelligence Community Directive (ICD)
191, Duty to Warn. The procedures established in this document are intended to supplement
those outlined in NSA Policy Instruction 1 1-0002, Duty 0 Warn.

Policy
What is a threat?

0 (U) elements that collect or acquire credible and specific information indicating an
impending threat of intentional killing, kidnapping, or serious bodily injury directed at a
person or group of people (hereafter referred to as intended victim) have a duty to warn
the intended victim.l This includes threats where the target is an institution, place of
business, structure, location, or electronic infrastructure that supports life. Intended
victims include both US. persons, as de?ned in Executive Order 12333, ?United States
Intelligence Activities,? and non-US. persons.

What can be waived?

0 (U) ICD 191 includes provisions whereby NSA can determine under what circumstances
the duty to warn requirement may be waived. The following are examples of appropriate
waiver justifications, although this is not an inclusive list:

0 (U) The intended victim, or those responsible for ensuring the intended victim?s
safety, is already aware of the specific threat;

0 (U) The intended victim is at risk only as a result of the intended victim?s
participation in an insurgency, insurrection, or other armed con?ict;2

 

I 86-36

 

 

Duty to warn, in accordance with ICD 191 and NSA Policy 11-0002, does not apply to cyber-related
threats in the strict sense that tactics, techniques, and procedures do not directly pose the threat of
physical harm to an individual. elements that identify cyber incidents that could indirectly result in threat to
life indications of crippling networks supporting transportation or communications via cyber means) should
consult bet-rel t'ed blanket dissemination authorities and guidance on the Dissemination Guidance and
Production Servicesijweb page (?go reporting?).

2 The Director of Policy for the Office of the Director of National Intelligence has stated that ICD 191 is
not intended to pose a burdensome requirement of providing a waiver for each individual scenario in an armed
con?ict, such as in Iraq where terrorists and armed forces are engaged. NSA should reduce the documentation
requirements for waivers when the threat activity consists of an ongoing con?ict between terrorist and other armed
combatants. With this in mind, documentation of a Duty to Warn waiver request is not required in situations when
the threat is against US. declared Foreign Terrorist Organizations or persons/elements participating in an armed
con?ict unless civilians or non-participants in these organimtions/actions are at risk.



We 
Approved for Release by NSA on 03-08-2019, FOIA Case 105522 (litigation)

 

 

 

 

 

Doc ID:

 

 

50%? pproved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)
86?36 

 

0 (U) There is a reasonable basis for believing that the intended victim is a terrorist,
a direct-supporter of terrorists, an assassin, a drug trafficker, or involved in violent
crimes; -

1879915) S'gnals intelligence activities undertaken in support of military
operations I



0 (U) Any attempt to warn the intended victim would unduly endanger US.
Government personnel, sources, methods, intelligence operations, or defense
operations;

0

 

0 (WW The information resulting in the duty to warn determination was
acquired from a foreign government with whom the US. has formal agreements
or liaison relationships, and any attempt to warn the intended victim would
unduly endanger the personnel, sources, methods, intelligence operations, or
defense operations of that foreign government; or

0 (U) There is no reasonable way to warn the intended victim.

Process

(U) Identify Threat

0 The analyst, management, operations officers, or the National Security
Operations Center (NSOC) identifies or is informed of possible duty-to-wam
information.3' 4

The possible threat is raised to designated target office POC (typically
Division or Office-level Operations Of?cer or Chief of Operations).

(U) Assess Threat

The analyst/management/operations staff assess the threat to determine if the
threat is speci?c, credible, and impending, as defined below, and/or if it meets any waiver
requirements.

 

3 In the event that a threat is identi?ed in a 2nd Party report, the identifying target of?ce should follow
the procedures for warning/waiving in accordance with 2nd Party post-publication procedures.

 

4 (UNFGUO) In the event that a threat is identi?ed by a customerl I

the organization that originated the report must still follow the subsequent proce'dures for assessing the
threat and'determining whether or not it meets the requirements for a warning or a waiver. If a warning was already
issued, the originating organization should reference the previous warning in their response. If a threat that meets the
criteria for warning was not yet warned, the organization should approve appropriate warning language and assess
why the threat was not properly identified'proactively wamed by NSA. If a customer identi?es a threat that requires
a waiver, the organization should deny the formal ieqiiest and document the target of?ce-level waiver approval as
detailed in this SOP. - . 

86-36

 


NSA FOIA Case 105522 Page 0014

 

 

 

DOC ID: 6652974 Approved for Re ease by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)



Specific information provided identi?es or suggests a potential target, period
or area to be attacked. This may require more than one piece of information to
make the determination.

Credible the information could be accurate in general terms. Attacker
capability, the target exists, elements of the report are true, etc.

Impending will likely happen at some point in the future. This could be hours,
days, weeks, or months

(U) Make Determination to Warn or Request Waiver

Based on assessment of threat, the appropriate target of?ce designee5 shall
make determination to issue a warning or approve a waiver requests.

0 The target of?ce will consult with key stakeholders, including IIA
Ops, the NSOC $00, and the Collection Exploitation and 
Operations (CECO) DirectorateEas needed, in order to make the waiver
determination. - 

The NSOC Senior Operations Of?cer (800) will make this
determination for time-sensitive situations/after hours, in consultation with the
(3) ?p L. 8 6?36 appropriate target of?ce, the Directorate of Operations, Operations Manager

(DOOM) and/or the Counterterrorism Operations Cell Leader (N 

 

 

 

 

(U) Issue Warming or Waiver

When the determination is made that a warning should be issued, the following steps
should be followed:

0 Formal Request: The originating of?ce will submit a pro-
active Post-Rublication release request against the report containing the threat.

 

0 Go to: I

 

0 Select the appropriate Task Type (ORCON, NON-ORCON, FORREL, IDENT)
from the menu based on the classi?cation of the original report, the end recipient,
and/or the inclusion of unmasked identities.

I For example:

0 NON-ORC ON A warning derived from a non-ORC ON report
for a recipient whose country is part of the original releasability
marking;

 

5 Of?ce-level management or operations staff is required to approve all waivers; however, the determination to warn
can be made at lower levels, as appropriate.


NSA FOIA Case 105522 Page 0015

Doc ID: 6652974

Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)



ORCON A warning derived from a ORCON report for a
recipient whose country is part of the original releasability
marking;

FORREL A warning derived from any report for a recipient
whose country is NOT part of the original releasability marking;
IDENT A warning that includes the unmasked identity of a US.
or 2??1 Party individual, which was masked in the original report.

0 Complete form in accordance with requested information.

I Email Address: At a minimum you should include your email or your
of?ce alias, your "e?s Ons team vour f?ce?s post-pub team, your

 



86-desk, and the appropriate 
. Marin elementl

 

 

 

I ustification: Detail the purpose for sharing this information with the
intended recipient. A sample justification is provided below:

(Appropriate Classi?cation) This is a pro-active Duty to Warn
(DTVIO release to (Name of Potential Victim/s) based on (Report
Serial). We believe that (Name of Potential Victim/s) is in
imminent danger. We request that this information be relayed to
the intended recipient as soon as possible to allow them time to
take appropriate precautions.

I Handling Precedence: If the threat is imminent, submit the request with
URGENT precedence. If not imminent, submit the request with
Immediate or Priority Precedence.

URGENT - Imminent, Identi?able Threat. Final recipient needs to
take immediate, operational action military operation, arrest).

I Release Classification: The classi?cation of the request will vary, but
will often be UNCLASSIFIED. The requestor should determine the
appropriate classification to ensure that the intended recipient is able to
receive the warning at the chosen classi?cation, but it is not unnecessarily
sanitized, if the recipient is authorized for SECRET or reporting.

I Proposed Sanitization: Complete the proposed text ?eld in accordance
with the following format:

Please pass this to CIA (if threat is outside of US) or FBI (if threat is in US) with the text to
be released:

semi-19m
NSA FOIA Case 105522 Page 0016

DOC ID: 6652974 Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)



(Appropriate Classi?cation) This is a pro-active Duty to Warn (DTW) release to (Name of
Potential Victim/s) based on (Report Serial). We believe that (Name of Potential Victim/s)
is in imminent danger. We request that this information be related to the intended
recipient as soon as possible to allow them time to take appropriate precautions.

Per 191, NSA is required to document and maintain records on speci?ed
duty to warn actions, one of them being how and when threat information was delivered to
the intended victim. We kindly request notification of your Agency?s actions within 5
business days from the date of notification for this purpose.

Text to Be Released:
(Appropriate Classi?cation) Your warning language goes here. *If the language is
UNCLASSIFIED, it will need to be approved by Office-Level Chief of Ops, Deputy Chief of
Ops, Chief or D/Chief.

 

 

If immediate action is needed durin normal business hours, the
Information Sharing and Collaborationl Iwill assign the

request through_e_st_abl'shed- st'- bli?ation rocedures and include the NSOC
.Thrcat W-airi-irig-aiiasl Ion all duty-to-

86?36 warn emailcommunications.

 

 

 

 

If immediate action is needed after business hours, the NSOC Senior
Reporting Of?cer (SRO) will process the request. NSOC should reach out to
appropriate target of?ce designee for advice/concurrence before any release after
business hours.

0 Review: The Post-Pub request is formally reviewed in
accordance V'Qith standard procedures, which includes a CECO, 2nd Party, or 3rd Party
equity revieWJas appropriate, in accordance with standard post-pub processes.



(UHF-6669 Proy'ide Release Language to Customer:

0 provides the approved release language to the designated
customer, he will be responsible in providing the warning.

0 SRO will inform the customer that when approved language is
released, the customer(s) has ?ve business days to provide feedback on language
use.

 

 

 

 

 

NOTE: As soon as a decision to issue a warning is reached, the target
of?ce should begin coordinating with the element that will issue the warning to
inform them that a duty to warn noti?cation is in progress.

I If the intended victim is located in the United States, the analyst,
Ops element, or next level supervisor will inform the FBI Via the 24-hour

gee-amine-
NSA Case 105522 Page 0017

Doc ID: 6652974 Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)



watch listed below, through the Representative (NCR) FBI if
appropriate, that a duty-to-warn noti?cation is in progress.

If the intended victim is located outside of the United States,
the analyst, Ops element, or next level supervisor will inform the
through the Services Group (CSG) CIA, and, if

 

 

 

 

a ro riate 
?int cluty-to-wam noti?cation is in progress. I

When the determination 18 made that a waiver should be approved, the following;
steps should be followed: . .




(UHF-989) The requester of the Waiver should contact and/or send an email to their 
of?ce?s approval authority requesting that a Duty to Warn waiver be approved. The email
subject line should read, ?Action: DTW Waiver Request (very brief threat title).?

0

The body of the email should include a statement requesting the waiver With
an appropriate justi?cation (see above), a brief description of the threat and information
on which the threat [8 based with a link to, or copy of, the report in which the threat is
documented. .


0

email and adds the NSOC Threat Warning Alias

 

The Of?ce- level waiver approval desiinee responds all to the waiver request

 

I Ito document Waiyer approval with NSOC
NOTE. Waiver requests containing serisiti?ve information should only be sent to the;
i Ialias.) 1 1? 1 

 

 

86?36
(U) Dispute Resolution 

 

 

If there is a dispute among internal elements, resolution should occur
with the next level managers. The Director of Operations will?be the ?nal adjudicatoi'; for
internal disputes during normal business hours; 800 will be the ?nal
adjudicator after normal business hours Disputes reqturing Director of Operations or
$00 adjudication, should be submitted threw the organizations chain of command with
required review at the target of?ce and le?vels.

0 (UM-BEG) If a customer of?ce receives a denial for a duty-to-wam request or the 
element has a duty-to-warn wai'v'er approved and there is not a release of duty to warn
information, the customer office can request a reclama (through the established Post-
Publication process) the dispute resolution process themselves. The applicable
of?ces will be engaged as needed The NCR FBI and SG CIA of?ces shall be the
initial POC for the customer of?ce

0 If a customer submits a reclama to an SS waiver, then hie?hief
in coordination with the NSOC 800 must assess the request to warn, the target of?ce
waiver, and decide to either uphold the waiver or proceed with a warning. If the reclama


NSA FOIA Case 105522 Page 0018

Doc ID: 6652974

Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)


is after hours, the NSOC SOD, in coordination with the appropriate Operations desks on
the NSOC ?oor and call-ins when needed, makes the ?nal decision on waiver
determinations.

If a element has not received feedback from a customer of?ce on the
uses of its released duty-to-warn language and has made reasonable and documented
steps to receive feedback, the element can engage the appropriate 
liaison of?ce (NCR FBI or CSG CIA) to enact the ODNI-sponsored Dispute Resolution
Process.

If a element is concerned about a customer?s use of SIGINT
information without prior consultation or noti?cation when citing imminent threat as
identi?ed in ICD 191, Section F, paragraph 12, the element should engage the
appropriate liaison of?ce (NCR FBI or CSG CIA). If the issue cannot be
resolved, either party may initiate the ODNI-sponsored Dispute Resolution Process
outlined in ICD 191.

(U) Feedback

IC elements that receive threat information from for the purpose of
delivering the information to an intended victim shall document the steps taken to deliver
the threat information to the intended victim and notify of the steps taken and
the results. Feedback should be sent to

 

 

 

 

Contact Information

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

FBI:
FBI CT Watch:
534-1463
FBI Strategic Information Operations Center: (3) -P . . 8 6-36
534-1463 . .
NCR FBI Contact Information: . . 5 .
717-7116 or 
I 
The NCR FBI Personnel Roste 
[identi?es appropriate pomts of
contact (POCs).


NSA FOIA Case 105522 Page 0019

Doc 6652974 Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)

6%

CSG CIA:

935-0209 secure) ..
(unclassi?ed) 

. I 3

 

 

 

 

 

 

 

(UH-PGHG) NSOC: 
$00 

963-3 7 secure) . 
unclassi?ed) . . 


 

 

 

DOOM: 86?36

 

 

 

 

 

I
963-3069 sec FTP) ,3
(unclassi?ed) . 

CT-LDR: 
966-60731secure) 

 

 

 

 

 

 

SRO I. 
963-3 78 (secure) 

 

SUSLO Of?ces: 

0


995-7201 secure 
(unclassi?ed)
ontact or afterhours support
SUSLO-Canberra:

263-2100 (secure)
Contact NSOC for afterhours support

 



262-2034 secure)

kunclassi?ed)

Contact NSOC for afterhours support

 

SUSLO-Wellington:
717-8639/8638 (secure)
Contact NSOC for afterhours support


NSA FOIA Case 105522 Page 0020

DOC 6652974 Approved for Release by NSA on 03/08/2019 - FOIA Case 105522 (Litigation)



Definitions

0 (U) Duty to Warn A requirement to warn US. and non-US. persons of impending
threats of intentional killing, serious bodily injury, or kidnapping.

0 Intended Victim A person or group of people, including both US. persons
(as de?ned in Reference c) and non-US. persons, and targets that are an institution, place
of business, structure, location, or electronic infrastructure that supports life.

0 (U) Intentional Killing The deliberate killing of a speci?c individual or group of
individuals.

0 (U) Kidnapping - The intentional taking of an individual or group through force or threat
of force.

0 (U) Serious Bodily Injury - Injury that creates a substantial risk of death or which causes
serious, permanent dis?gurement or impairment.


NSA FOIA Case 105522 Page 0021