TOP SE CRE OMIN ONW OF ORN 1109-0002 WORKING DRAFT OFFICE OF THE INSPECTOR GENERAL NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE 24 March 2009 (U) TABLE OF CONTENTS I. (U) INTRODUCTION ..1 II. REVIEW CATEGORIES ..3 (U) APPENDIX A: About the Review (U) APPENDIX B: Presidential Authorizations (U) APPENDIX C: Timeline of Key Events (U) APPENDIX D: NSA Legal Review of the Presidential Authorization (U) APPENDIX E: Flowchart of Metadata Analysis (U) APPENDIX F: Flowchart of Content Analysis (U) APPENDIX G: Security Clearances for President's Surveillance Program (U) APPENDIX H: NSA Office of the Inspector General Reports on President's Surveillance Program WORKING DRAFT TOP SE CRE 0NflV 0F ORN TOP SE CRE OMIN 0F ORN WORKING DRAFT TOP SE CRE Background TOP SE CRE OMIN OF ORN 1109-0002 WORKING DRAFT I. INTRODUCTION (U) This Report On 4 October 2001, President George W. Bush issued a memorandum entitled FOR SPECIFIED ELECTRONIC SURVEILLANCE ACTIVITIES DURING A LIMITED PERIOD TO DETECT AND PREVENT ACTS OF TERRORISM WITHIN THE UNITED The memorandum was based on the President's determination that after the 11 September 2001 terrorist attacks in the United States, an extraordinary emergency existed for national defense purposes. The 4 October 2001 Presidential authorization delegated authority to the Secretary of Defense, who further delegated it to the Director of National Securitv Agencv/Chief. Central Securitv Service to conduct specified electronic surveillance on targets related to Afghanistan and intemational terrorism for 30 days. Because the surveillance included wire and cable communications carried into or out of the United States, it would otherwise have required FISC authority. The Authorization specified that NSA could acquire the content and associated metadata of telephony and Internet communications for which there was probable cause to believe that one of the communicants was in Afghanistan or that one communicant was engaged in or preparing for acts of intemational terrorism. In addition, NSA was authorized to acquire telephony and Internet metadata' for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States. NSA was also allowed to retain, process, analyze and disseminate intelligence from the communications acquired under the authority. 2 This report provides the classified results of the NSA Office of the Inspector General (OIG) review of the President's Surveillance Program (PSP) as mandated in the FISA Amendments Act (FAA) of 2008. It includes the facts necessary to describe from NSA's perspective: 1 (U)Metadata is data that describes content, events, or networks associated with SIGINT targets. 2 (U)The Authority changed over time. See Appendix for details. WORKING DRAFT TOP SE CRE TOP SE CRE OMIN 0NflV OF ORN 1109-0002 WORKING DRAFT establishment of the PSP (Section One) implementation and product of the PSP (Section Two) access to legal reviews of the PSP and access to information about the PSP (Section Three) interaction with the Foreign Intelligence Surveillance Court (FISC) and transition to court orders related to the PSP (Section Four) oversight of PSP activities at NSA (Section Five) (U) President's Surveillance Program Terminology For purposes of this report, the PSP, or "the Program," refers to NSA activities conducted under the authority of the 4 October 2001 memorandum and subsequent renewals, hereafter known as "the Authorization." As mandated by the FAA, this review includes activities authorized by the President between 11 September 2001 and 17 January 2007 and those activities continued under FISC authority. This includes the program described by the President in a 17 December 2005 radio address as the Terrorist Surveillance Program, which was content collected under the Authorization. TOP SE CRE OMIN OF ORN TOP SE CRE OMIN 0NflV 0F ORN WORKING DRAFT II. REVIEW CATEGORIES (U) ONE: ESTABLISHMENT OF THE AUTHORITY U0) Immediately afler the attacks of September 200], NSA considered how to work within existing SIGINT authorities to counter the terrorist threat within the United States and adjusted SIGINT processes accordingly. Shortly thereafier, in response to a White House request, the Director of NSA identified SIGINT collection gaps. The Counsel to the Vice President used this information to draft the Presidential authorization that established the PSP. (U) Actions Taken After 9/11 On 14 September 2001, three days after terrorist attacks in the United States, General Hayden approved the targeting of terrorist- associated foreign telephone numbers on communication links between the United States and foreign countries where terrorists were known to be operating. Only specified, pre--approved numbers were allowed to be tasked for collection against U.S.--originating links. He authorized this collection at Special Collection Service and Foreign Satellite sites with access to links between the United States and countries of interest, including Afghanistan. According to the Deputy General Counsel, General Hayden determined by 26 September that any Afghan telephone number in contact with a U.S. telephone number on or after 26 September was presumed to be of foreign intelligence value and could be disseminated to the FBI. NSA OGC said General Hayden's action was a lawfiil exercise of his power under Executive Order (E.O.) 12333, United States Intelligence Activities, as amended. The targeting of communication links with one end in the United States was a more aggressive use of E.O. 12333 authority than that exercised by former Directors. General Hayden was operating in a unique environment in which it was a widely held belief that additional terrorist attacks on U.S. soil were imminent. General Hayden said this was a "tactical decision." TOP SE CRE 0NflV OF ORN T-09-0002 WORKING DRAFT TOP SE CRE OMIN 0NflV 0F ORN On 2 October 2001, General Hayden briefed the House Permanent Select Committee on Intelligence (HPSCI) on this decision and later informed members of the Senate Select Committee on Intelligence (SSCI) by telephone. He had also informed DCI George Tenet. (TS) At the same time NSA was assessing collection gaps and increasing efforts against terrorist targets immediately after the 11 September attacks, . it was responding to Department of Defense (DOD), Director of Central Intelligence Community Management Staff questions about its ability to counter the new threat. (U) Need to Expand NSA Authority NSA General Hayden said that soon after he told Mr. Tenet about NSA actions to counter the threat, Mr. Tenet shared the information with the "Oval Office." Mr. Tenet relayed that the Vice President wanted to know if NSA could be doing more. General Hayden replied that nothing else could be done within existing NSA authorities. In a follow-up telephone conversation, Mr. Tenet asked General Hayden what could be done if he had additional authorities. General Hayden said that these discussions were not documented. Identifies SIGIN Collection Gaps To respond to the Vice President, General Hayden met with NSA personnel who were already working to identify and fill SIGINT collection gaps in light of the recent terrorist attacks. General Hayden stated that he met with personnel to identify which additional authorities would be operationally useful and technically feasible. In particular, discussions focused on how NSA might bridge the "international gap." An NSA Technical Director described that gap in these terms: "Here is NSA standing at the US. border looking outward for foreign threats. There is the FBI looking within the United States for domestic threats. But no one was looking at the foreign threats coming into the United States. That was a huge gap that NSA wanted to cover. Possible Solutions. Among other things, NSA considered how to tweak transit collection--the collection of communications transiting through but not originating or terminating in the United States. NSA personnel also resurfaced a concept proposed in 1999 to address the TOP SE CRE OMIN ONW OF ORN TOP SE CRE OMIN CONW 0F ORN WORKING DRAFT Millennium Threat. NSA proposed that it would perform contact chaining on metadata it had collected. would chain through masked U.S. telephone numbers to discover foreign connections to those numbers, without specifying, even for the U.S. number involved. In December 1999, the Department of Justice Office of Intelligence Policy Review (OIPR) told NSA that the proposal fell within one of the FISA definitions of electronic surveillance and, therefore, was not permissible when applied to metadata associated with presumed U.S. persons U.S. telephone numbers not approved for targeting by the FISC). Collection gaps not adequately filled by FISA authorized intercept. NSA determined that FISA authorization did not allow sufficient flexibility to counter the new terrorist threat. First, it believed that because of technological advances, the jurisdiction of the ISC went beyond the original intent of the statute. For example, most communications signals no longer flowed through radio or via phone svstems as they did in 1978 when the FISA was written. By 2001, Internet communications were used worldwide, undersea cables carried huge volumes of communications, and a large amount of the world's communications passed through the United States. Because of language used in the Act in 1978, NSA was required to obtain court orders to target email accounts used by non-U.S. persons outside the United States if it intended to intercept the communications at a webmail service within the United States. Large numbers of terrorists were using such accounts in 200 1 . Second, NSA believed that the FISA process was unable to accommodate the number of terrorist targets or the speed with which they changed their communications. From the time NSA sent FISA requests to the OIPR until the time data arrived at NSA, the average wait was between four and six weeks. Terrorists could have changed their telephone numbers or internet addresses before NSA received FISC approval to target them. NSA believed the large number of terrorist targets and their frequently changing communications would have overwhelmed the existing FISA process. Emergency FISA provision not an option. NSA determined that even using emergency FISA court orders would not provide the speed and flexibility needed to counter the terrorist threat. First, although the emergency authorization provision permitted 72 hours of surveillance without obtaining a court order, it did not--as many believed--allow the Government to undertake surveillance immediately. Rather, the Attomey General had to ensure that emergency surveillance would ultimately be acceptable to the FISC. He had to be certain the court TOP SE CRE OMIN ONW OF ORN 1109-0002 WORKING DRAFT TOP SE CRE would grant a warrant before initiating emergency surveillance. Additionally, before NSA surveillance requests were submitted to the Attomey General, they had to be reviewed by NSA intelligence officers, NSA attorneys, and Department of Justice attomeys. Each reviewer had to be satisfied that standards had been met before the request proceeded to the next review group, and each request was certified by a senior official in the usually the Secretary or Deputy Secretary. From the time NSA sent a request to Justice's OIPR until the time data arrived at NSA, the average wait was between half. In the existing threat environment with U.S. interests at risk, NSA deemed the wait too long. Early Efforts to Amend FISA Given the limitations of FISA, there were early efforts to amend the statute. For example, shortly after 11 September, the HPSCI asked NSA for technical assistance in drafting a proposal to amend Section of FISA that would give the President the authority to conduct electronic surveillances without a court order for the purpose of obtaining foreign intelligence information. On 20 September 2001, the NSA General Counsel wrote to Judge Alberto Gonzales, Counsel to the President, asking whether the proposal had merit. We found no record of a response. We could not determine why early efforts to amend FISA were abandoned. Anecdotal evidence suggests that government officials feared the public debate surrounding any changes to FISA would compromise intelligence sources and methods. (U) NSA identifies SIGINT collection gaps to Vice President's Office. Because early discussions about expanding NSA's authority were not documented, we do not have records of specific topics discussed or people who attended General Hayden's meetings with White House representatives. General Hayden stated that after consulting with NSA personnel, he described to the White House how NSA collection of communications on a wire inside the United States was constrained by the FISA statute. Specifically, NSA could not collect from a wire in the United TOP SE CRE OMIN ONW OF ORN TOP SE CRE OMIN ONW OF ORN WORKING DRAFT States, without a court order, either content or metadata from communications links with either one or both ends in the United States. Furthermore, General Hayden pointed out that communications metadata did not have the same level of constitutional protection as content and that access to metadata of communications with one end in the United States would significantly enhance NSA's analytic capabilities. General Hayden suggested that the ability to collect communications with one end in the United States without a court order would increase NSA's speed and agility. General Hayden stated that after two additional meetings with the Vice President, the Vice President asked him to work with his Counsel, David Addington. (U) Presidential Authorization Drafted and Signed According to General Hayden, the Vice President's Counsel, David Addington, drafted the first Authorization. General Hayden described himself as the "subject matter expert" but stated that no other NSA personnel participated in the drafting process, including the General Counsel. He also said that Department of Justice (DOJ) representatives were not involved in any of the discussions that he attended and he did not otherwise inform them. General Hayden said he was "surprised with a small when the Authorization was signed on 4 October 2001, and that it only changed the location from which NSA could collect communications. Rules for minimizing U.S. person information still had to be followed. SIGINT Activity Authorized by the President On 4 October 2001, the President delegated authority through the Secretary of Defense to the Director of NSA to conduct specified electronic surveillance on targets related to Afghanistan and international terrorism for 30 days. Because the surveillance included wire and cable communications carried into or out of the United States, it would otherwise have required FISC authority. F) The Authorization allowed NSA to conduct four types of collection activity: Telephony content Intemet content TOP SE CRE OMIN 0F ORN TOP SE CRE OMIN 0F ORN 1109-0002 WORKING DRAFT Telephony metadata Intemet metadata F) NSA could collect the content and associated metadata of telephony and Intemet communications for which there was probable cause to believe that one of the communicants was in Afghanistan or that one. communicant was engaged in or preparing for acts of international terrorism. In addition, NSA was authorized to acquire telephony and Intemet metadata for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States. NSA was also allowed to retain, process, analyze and disseminate intelligence from the communications acquired under the authority. Subsequent Changes to the Authorization After the first Presidential authorization, the specific terms, wording, or interpretation of the renewals periodically changed. (See Appendix for a completed listing of changes.) Domestic Collection. The wording of the first authorization could have been interpreted to allow domestic content collection where both communicants were located in the US. or were U.S. persons. General Hayden recalled that when the Counsel to the Vice President pointed this out, General Hayden told him that NSA would not collect domestic communications because 1) NSA was a foreign intelligence agency, 2) NSA infrastructure did not support domestic collection, and 3) his personal standard was so high that there would be no problem getting a FISC order for domestic collection. F) Afghanistan. In January 2002, after the Taliban was forced out of power, Afghanistan was no longer specifically identified in the Authorization. Iraqi Intelligence Service. For a limited period of time surrounding the 2003 invasion of Iraq, the President authorized the use of PSP authority against the Iraqi Intelligence Service. On 28 March 2003, the DCI determined that, based on then current intelligence, the Iraqi Intelligence service was engaged in terrorist activities and presented a threat to U.S. interests in the United States and abroad. Through the Deputy DCI, Mr. Tenet received the President's concurrence that PSP authorities could be used against the Iraqi Intelligence Service. NSA ceased using the Authority for this purpose in March 2004. TOP SECRE OF ORN TOP SE CRE OMIN OF ORN WORKING DRAFT (U) TWO: IMPLEMENTATION OF THE AUTHORITY AND RESULTING SIGINT PRODUCT General Hayden said that although he felt comfortable exercising the Presidential authorization and believed it to be legal, he recognized that it was politically sensitive and controversial and would be subjected to scrutiny at some point in time. He and NSA leadership strove to ensure that NSA personnel executed the terms of the Authorization with care and diligence and that they not go beyond that which was authorized. PSP-related operations began on 6 October. Early on, personnel worked under the assumption that the Authorization was temporary and that operations would stop in the near future. After it became evident that the Authority would be continuously renewed, management focused on designing processes and procedures for Program activity. (UIIFOUO) Stand Up of Operations On 4 October 2001, after receiving the Authorization, General Hayden informed the SIGINT Director and other key personnel of NSA's new authorities and asked the NSA General Counsel if the Authorization was legal. The General Counsel said that the next day, 5 October, he told General Hayden that he believed it was legal (see Appendix D). Under General Hayden's direction, immediate steps were taken to implement the temporary authority. A 24-hour watch operation, the Metadata Analysis Center (MAC), was created in the Signals Intelligence Directorate (SID). The first Program Manager was identified and informed of his new responsibilities. A cadre of experienced operational personnel was chosen to implement the Program. Office space was identified to accommodate newly assigned personnel. TOP SE CRE OMIN OF ORN 1109-0002 WORKING DRAFT TOP SE CRE ONW OF ORN A new security compartment with the temporary cover term STARBURST was established? Fifiy computer servers to store and process data acquired under the new authority were orderedfi Initial funding of $25 million for PSP operations was obtained from the DCI. On Saturday and Sunday, 6 and 7 October, small groups of operational personnel were called at home and asked to report to work for special PSP clearance briefings. On Monday, 8 October 2001, Columbus Day, General Hayden briefed the programmers, and mathematicians that had been selected to implement the Authorization. At that briefing, General Hayden said he did not share the specific content of the Authorization with attendees but relayed key information such as: The Authorization came from the President. The Authorization was temporary. The Authorization was intended to be an early warning system of impending terrorist attacks in the United States. The NSA General Counsel had reviewed the Authorization and concluded that it was legal. NSA would do exactly what the Authorization stated and "not one electron or photon more." The Authorization should be kept secret and it required strict compartmentation. Attendees had to sign a non-disclosure agreement. General Hayden stated that afier he briefed the attendees, he tumed the briefing over to the General Counsel to discuss the terms of the Authorization. A permanent cover term, STELLARWIND, was assigned to Program information on 31 October 2001. F) Because of the heightened terrorist threat, at NSA's request, a vendor diverted a shipment of servers intended for other recipients to NSA, where they arrived under police escort on 13 October 2001. TOP SE CRE OMIN 0NflV 0F ORN 10 TOP SE CRE OMIN OF ORN WORKING DRAFT (U) Early Operations Within one week, approximately 90 NSA employees were cleared for access to the PSP. On 11 October 2001, the Associate General Counsel for Operations and the NSA Deputy General Counsel were cleared for the Program and agreed with the NSA General Counsel's determination that the Authorization was legal. NSA OGC did not formally document its opinions or legal rationale (see Appendix D). The MAC was created to analyze metadata obtained under PSP authorization. By 7 October 2001, it was a 24-hour 7-day a week watch center with 20 reporters, and software developers working in three shifts. Many MAC employees were former Russian traffic with manual call chaining analysis experience. Initially, the MAC reported directly to General Hayden and the Deputy Director. The MAC Chief briefed the Director every week, and the Deputy Director visited MAC spaces for a briefing each evening. While the MAC was setting up to analyze PSP metadata, the Counterterrorism (CT) Product Line was realigning to conduct PSP content tasking and analysis. The MAC and the CT Product Line worked closely together to coordinate efforts and share information. The CT Product Line was growing rapidly as handpicked employees were moved to support the new mission. Within 30 days, the PSP was fully operational. While awaiting deliveryof requested computer servers, the FBI and CLA gave NSA lead telephone numbers, and the MAC was able to immediately chain within the United States with SIGINT collected overseas. Private sector partners began to send telephony and Intemet content to NSA in October 2001. They began to send telephony and Intemet metadata to NSA as early as November 2001. (UIIFOUO) On-Going Operations After operations began and it became evident that the Authorization was likely to be renewed indefinitely, NSA management became increasingly focused on designing processes and procedures to implement the Program effectively and to ensure compliance with the AuthorizationTOP SE CRE OMIN 0NflV OF ORN 1109-0002 WORKING DRAFT (U) Organizational Structure NSA conducted all PSP analysis and reporting at its headquarters at Ft. Meade, Maryland, within the SIGIN Directorate. Specifically, tasking approvals, analysis, and reporting were conducted in the CT Product Line within SID, Analysis and Production. Collection of data was managed in SID, Directorate for Acquisition. No PSP activities were managed at NSA field sites. will insert high level SID org chart from 2001 here] Although the formal chain of command for SIGINT operations was through SID, in practice, the Director and Deputy Director of managed the Program while keeping the SIGINT Director informed. Over time, the SIGINT Director became more involved, but the Director and Deputy Director always maintained direct operational control. Program Manager. Five officials held the Program Manager position over the life of the Initially, the Program Manager reported to the Chief of the CT Product Line. In 2004, the Program Manager position was restructured as the SID Program Manager for CT Special Projects and elevated to report to the SIGINT Director. This allowed the Program Manager jurisdiction of PSP elements across SID, not just those within the Directorate for Analysis and Production. At that time, the position was also formally designated as a senior level civilian position. A small staff was added to form the Program Management Office. SID Analysis and Production. Initially, the MAC analyzed PSP metadata (data that describes the content, events, or networks associated with SIGINT targets), while SIGINT Development in the CT Product Line analyzed non-PSP metadata. The CT Product Line performed PSP content analysis. SIGINT Development, a separate organization within the SID, managed approvals for content tasking. In 2004, the analysis and production of metadata and content were consolidated into a new organization called the Advanced Analysis Division (AAD). AAD was divided into three teams: intemet metadata, telephony metadata, and content. Coordination with FBI and CIA. By 2004, four FBI integrees and two CLA integrees, operating under SIGINT authorities in accordance with written agreements, were co-located with NSA PSP- The Chief of the CT Product Line was Acting Program Manager for a brief time in 2004. TOP SE CRE OMIN ONW 0F ORN 12 (U) Metadata TOP SE CRE 0NflV OF ORN WORKING DRAFT cleared The purpose of co-locating these individuals was to improve collaborative analytic efforts. SID Data Acquisition. Through the life of the Program, data collection was managed by Special Source Operations in SID, Data Acquisition Directorate. Collection managers were responsible for putting telephone numbers and email selectors on PSP-authorized collection by private sector companies and taking them off collection. The authority to collect bulk telephony and Internet metadata significantly enhanced NSA's ability to identify activity that may have been terrorist-related. Contact chaining is the process of building a network graph that models the communication (e-mail, telephony, etc.) pattems of targeted entities (people, organizations, etc) and their associates from the communications sent or received by the targets." Metadata is data that describes other data, specifically information that describes the content, events or networks associated with SIGINT targets. For example, for an email message, it would include the sender and recipient email addresses. It does not contain the subject line or the text of the email; they are considered to be content. Likewise. for a telephone conversation. metadata would include the called number and the calling number as well as the duration ofthe call. Although NSA had the capability to collect bulk telephony and Intemet metadata prior to the PSP, its application was limited because NSA did not have the authority to collect communications in which one end (the number being called or the recipient address of an e-mail) was in the United States. PSP significantly increased the data available to NSA and allowed them to create more thorough Contact chaining. This gave NSA the key to an early warning system--the ability to identify individuals in the United States or individuals outside the U.S. using U.S. telecommunications structures in contact with a foreign target, a terrorist. Because metadata was not constitutionally protected, NSA did not consider it to be as sensitive as content collection. Nevertheless, processes were set up to document requests for metadata analysis and justifications for conducting such analysis under Program authority. The 5 Additional chaining can be performed on the associates' contacts to determine pattems in the way a network of targets may communicate. Additional degrees of separation from the initial target are referred to as "hops." For example a direct contact is one hop away from the target. A contact of the direct contact would be described as being 2 hops away from the target. The resulting contact-graph is subsequently analyzed for intelligence and to develop potential investigative leads. TOP SECRE I3 ST-09-0002 WORKING DRAFT TOP SE CRE OMIN OF ORN following describes the process used to obtain requests, conduct analysis, and report results under the PSP. (See Appendix for a flowchart of the end-to-end process.) Requests for Information and Leads. Contact chaining analysis requests were received from FBI, CIA, or NSA. Requests typically took one of two forms, Requests for Information (RF 1) and Leads. RFIS were specific questions about a target's telephone numbers or email addresses, called "selectors" at NSA. Leads were more general requests about a target's' contacts. Requestors submitted leads to discover new investigative leads. Contact chaining requests were documented from the inception of the PSP. Approvals to Chain. Prior to chaining, NSA counterterrorism shift coordinators reviewed chaining requests to determine whether they met criteria provided by the OGC and based on the terms of the Authorization. They had to have enough information to identify a terrorism nexus and demonstrate compliance with criteria required by the Authorization before analysis could begin. Shift coordinators either approved requests, approved them for 1-hop (direct contact) analysis, or denied them. Approved requests were passed to for contact chaining. Analysis. NSA used a variety of tools to conduct metadata analysis and view the results. NSA's primary tool for conducting metadata analysis, for PSP and traditional SIGINT collection, was MAINWAY. MAINWAY was used for storage, contact chaining, and for analyzing large volumes of global communications metadata. At the beginning of the PSP, only the Navigator" tool was available to View MAINWAY output. Over time, new tools and new processes, such as automated chaining alerting, were created to improve efficiency. To obtain the most complete results, used data collected under PSP and non-PSP authorities. Typically, they analyzed networks with two degrees of separation (two hops) from the target. determined if resulting information was reportable. F) In addition, an automated chaining alert process was created to alert of new potentially reportable selectors. Previously approved selectors were compared to incoming MAINWAY data authorized by the PSP, E.O. 12333, or the FISC. Alerts of direct contacts with approved selectors were reported to NSA for further analysis and potential reporting to FBI and CIA. TOP SE CRE OMIN 0NflV 0F ORN 14 (U) Content TOP SE CRE OMIN 0F ORN WORKING DRAFT Storage. NSA stored metadata obtained under PSP authorities in a protected database. Only cleared and trained were given access to PSP metadata. Reporting. Reports based on metadata analysis were typically referred to as "tippers." Tippers contained contact chaining analysis results relevant to terrorism or with potential links to terrorism that warranted the attention of the FBI or the CIA for further investigation. Before releasing reports with U.S. person information, obtained permission to do so in accordance with established NSA dissemination procedures. F) For each published report, NSA retained documentation of the analysis, supporting RFI or lead information, and a justification statement explaining the link to terrorism. If a report was not published, documentation was not retained. Counterterrorism personnel manually updated information in a computer tracking system to reflect the disposition of chaining requests. Collection and analysis of content is NSA's traditional wav of reporting SIGINT. Content generally refers to words spoken during a telephone conversation or the written text of an email message. NSA collection of the content of telephony and Intemet communications under the PSP improved its ability to produce intelligence on terrorist--related activity. For example, by allowing NSA access to links carrying communications with one end in the United States, NSA significantly increased its access to transiting foreign communications, with both communicants outside the United States. General Hayden described this as "the real gold of the Program." And, by allowing the intercept of international communications, NSA was able to identify threats within the United States. From the start of the Program until January 2007, NSA issued 490 reports based on PSP--derived content information. Also, as shown below, approximately 37,664 telephony and Intemet selectors were tasked for PSP-authorized content collection during that time period. Only 8 percent were U.S. targets. The vast majority (92 percent) were foreign. TOP SE CRE OMIN 0NflV 0F ORN 15 TOP SE CRE OF ORN ST-09-0002 WORKING DRAFT Approximate Number of Selectors Targeted for PSP Content Collection 4 Oct 2001 to 17 Jan 2007 U.S. Telephony U.S. E-mail (406) Foreign E-mail (19,000) NSA leadership considered selectors for targets located in the United States to be extremely sensitive. As such, processes were set up to ensure strict compliance with the terms of the Authorization. The following describes the general process for tasking, collecting, storing and reporting telephony and Intemet content under the PSP. (See Appendix for a flowchart of the end-to-end process.) Tasking Approvals. Under the PSP, each domestic selector tasked for content collection was formally approved and tracked. submitted content collection requests, also called tasking packages, to the Chief of CT for approval. Tasking packages contained a narrative analysis, conclusion, supporting information, documentation, and a checklist of package contents. In the Chief 's absence, the Deputy Chief of CT or the Program Manager could approve the requests. The approving officials reviewed the tasking packages to ensure that the proposed target and related metadata selectors met criteria in the Authorization. If criteria were not met, the officials requested additional information or denied the request. In limited cases, collection was approved for specific time periods. If the content contained foreign intelligence, the time period for collection would be extended. If it did not, collection was stopped. All approvals were documented in tasking packages. TOP SECRE OMIN ORN 16 TOP SE CRE OMIN OF ORN WORKING DRAFT F) Foreign selectors tasked for PSP content collection did not require formal approvals or tasking packages. were responsible for determining whether a foreign selector met the criteria for foreign intelligence Collection. After a selector was approved for PSP eentent collection, it was identified as "tasked" in the STELLARWIND Addresses Database by tasking managers who then emailed a collection tasking request to the SSO Collection Manager for telephony and Intemet content collection. Foreign selector content collection requests were sent directly to the SSO Collection Manager. They did not require special approval. SSO collection managers were responsible for ensuring that telephony and Internet content selectors were put on or taken off collection. For elepl1or1v content selectors, collection managers sent content collection tasking instructions to private sector companies. Private sector companies were responsible for implementing tasking at front-end devices to obtain the required content collection. For Internet content selectors, collection managers sent content tasking instructions directly to equipment installed at company--controlled locations. Collected data was sent back to and made available to through the HYBRID voice processing system for telephony content selectors or the PINWALE database for Internet content selectors. SSO collection managers worked with private sector companies and the CT Product Line to ensure that collected data was as intended and legally authorized. Storage. Content (voice or cll9ata_) collected under PSP was stored in protected partitions in existing NSA databases. Access to the partitions was restricted to PSP-cleared personnel. Reporting. After analyzing content data collected under Presidential authority and identifying foreign intelligence information, counterterrorism wrote reports. After an initial review within the CT Product Line, some reports were sent to SID Oversight and Compliance for a second review for U.S. person identities. reviewers determined whether the U.S. identities in the report were necessary to assess or understand the foreign intelligence information being reported was required within the conduct of recipient's official duties . If an identity was found to be unnecessary, it was not reported. Before any U.S. person information was disseminated in reporting, intemal NSA approvals were obtained as required by United States Signals Intelligence Directive SP0018 -- Legal Compliance and Minimization Procedures. TOP SE CRE OMIN 0F ORN 17 T-09-0002 WORKING DRAFT TOP SE CRE OMIN ONW OF ORN Initially, NSA responded to FBI and CIA information requests in email. These initial reports, sometimes called "Tippers" or "Snippets," were "hidden in plain sight," meaning the information in the report did not reveal the source of the information. Later, FBI and CIA wanted to understand how NSA knew certain information that could not be provided in normal reporting channels. Eventually, "tear line" reporting was established. Tear lines are used regularly by NSA as a way to report SIGINT-derived information and sanitized information in the same report to appropriately cleared individuals. The sanitized "tear line" information conveys the same basic facts as the COMINT--controlled information while hiding COMIN as the source. Dissemination of SIGINT Product F) Regardless of which organization submitted requests or leads to NSA, all resulting reports were sent to CIA and FBI. Reports answered specific RFI questions or provided new investigative leads developed from chaining analysis. Reports contained selectors of interest (potential leads) with potential terrorist connections, not full chaining results. NSA had minimal insight into how CIA and FBI used PSP products. (U) Discovery Requests (U) On occasion, the Department of Justice attomeys determine that the facts of a particular matter justify a search of NSA files and submit a search request. In response to those requests or in response to discovery orders, NSA conducts a search of its databases to locate records that may fall within the scope of DoJ's discovery obligations and Rule 16 of the Federal Rules of Criminal Procedure. Typically the search process begins with a written request from including the names and aliases of individuals. NSA attomeys work with personnel trained in the retrieval of NSA reports to craft search strategies reasonably designed to identify reporting that may be responsive to the request. These search strategies are then used to perform electronic searches of NSA repositories of disseminated foreign intelligence reports. All responsive reports, to the extent any exist, are made available for review by NSA searches only databases of reported intelligence and does not search databases containing acquired but not processed information raw traffic) or acquired and processed but not reported or disseminated TOP SE CRE OMIN ONW OF ORN 18 TOP SE CRE CONWOFORN WORKING DRAFT information/communications gists). NSA would include in its search applicable disseminated foreign intelligence derived from the PSP. After the search is completed, NSA provides all information, including PSP-derived material, to a small number of appropriately cleared individuals in the National Security Division who review the information on behalf of the and file motions on behalf of the govemment and the United States Attomey. (U) Funding for NSA Activity Authorized by the PSP NSA spent approximately $146,058,000 in CT supplemental funds for Program activities from FY02 through FY06. The funds were given annually to SID for Project MAINWAY hardware and contract support, analytic tools and contract analytic support, and collaborative partnerships with private sector companies. Funding requests were submitted annually to the PSP Program Manager and CT program budget officer. Each request had to justify why funds were needed and how the purchased item or service would support SID's PSP activities. Program Costs FY01 to FY06 (S in thousands) Category Description FY02 FY03 FY04 FY05 FY06 Total Data Metadata and $25,668 $14,050 $15,500 $21,150 $25,900 $102,268 content (including one time set-up costs) Tools and Processing, $9,700 $8,000 $8,000 $9,500 $8,000 $43,200 Systems display and manipulations capabilities Infrastructure Facilities and $590 0 0 0 0 $590 equipment to support program TOTALS $35,958 $22,050 $23,500 $30,650 $33,900 $146,058 TOP SE CRE OMIN /01? 0F ORN I9 TOP SE CRE OMIN 0NflV OF ORN ST-09-0002 WORKING DRAFT TOP SE CRE OMIN OF ORN 20 TOP SE CRE OMIN 0F ORN WORKING DRAFT (U) THREE: ACCESS TO LEGAL REVIEWS, THE AUTHORIZATION, AND INFORMATION ABOUT THE PROGRAM NSA did not have access to the original OLC legal opinion, but did have access and provided input to an OLC opinion prepared in 2004. The original Authorization and renewals were kept in the NSA Director's safe, and access to the documents was controlled. By January 2007, nearly 3,000 people had been briefed on the PSP, including members of Congress and the FISC. (U) Access to Legal Reviews The NSA did not have access to the early Ofiice of Legal Counsel (OLC) opinions supporting the Attorney General's statement that the PSP was legal. General Hayden, NSA lawyers, and the NSA Inspector General agreed that it was not necessary for them to see the early opinions in order to execute the terms of the Authorization, but felt it would be helpful to do so. NSA was, however, given access and provided comments to the OLC opinion issued in 2004. (U) Access to OLC's Original Legal Review Two NSA requests for access to the original OLC legal opinion were denied. First Request. NSA General Counsel Robert Deitz stated that he asked the Vice President's Counsel if he could see the opinion. Even though Mr. Deitz's request was denied, the Vice President's Counsel read a few paragraphs of the opinion to him over the classified telephone line. Second Request. At a 8 December 2003 meeting with the Do] Associate Deputy Attomey General to discuss collection of metadata and an upcoming NSA OIG compliance audit, NSA's IG and Deputy GC requested to see the OLC legal opinion. The Counsel to the Vice President, who unexpectedly attended the meeting, denied the request and said that any request to see the opinion had to come directly from General Hayden. General Hayden stated he never asked for or read the OLC legal opinion supporting the PSP. The Deputy GC stated that it was his TOP SECRE OF ORN 21 1109-0002 WORKING DRAFT TOP SE CRE /01? ONW OF ORN understanding that the opinion was not shared with NSA because it was considered confidential legal advice to the President. The IG, GC, and Deputy GC agreed that their inability to read the OLC opinion did not prevent or impair them from executing and overseeing the Program. They were able to determine legality of the Program independently from (see Appendix D). However, the IG said that he found the secrecy surrounding the legal rationale to be "odd." Specifically, he said that it was "strange that NSA was told to execute a secret program that everyone knew presented legal questions, without being told the underpinning legal theory." The IG, GC, and Deputy GC all stated that they had yet to see the fiill text of the original OLC opinion. Access to the May 2004 Opinion In 2003 and 2004, the Associate Deputy Attomey General and the OLC Assistant Attomey General visited NSA to receive briefings on the PSP. On 04 May 2004, NSA, at the request of the OLC Assistant Attomey General, provided comments on the OLC's draft opinion on the Legality of the PSP. The OLC Assistant Attomey General submitted his opinion on 06 May 2004. Access to the Presidential Authorization F) As directed by the White House, access to the original Presidential authorization and subsequent renewals was controlled. (C) The Vice President's Counsel drafted the Authorizations and personally delivered them to NSA. On a few occasions, NSA picked up the Authorization at the White House. (C) The first Authorization and subsequent renewals were kept in a safe in the Director's ofiice. Initially, access was limited to General Hayden and a few others, including three OGC attomeys, Program Managers, and certain operational personnel. Those with access were not allowed to disseminate the Authorizations. Importantly, most NSA operations personnel, including the Chief of the CT Product Line, who approved tasking for content collection, were not allowed to see the actual authorization. Rather, OGC answered targeting, infonnation sharing, and implementation legal questions on an "on call" basis for operators. When the Authorization changed, OGC TOP SE CRE OMIN OF ORN 22 TOP SE CRE OMIN 0NflV OF ORN WORKING DRAFT summarized those changes in emails distributed to key program executives or communicated changes in due diligence meetings. Such limited access to the Authorization was documented in an IG investigation as a primary cause of two early violations of the Authorization. At the IG's recommendation, in March 2003, General Hayden began issuing Delegation of Authority letters that explained the Authorization as it applied to executing the Program. A new Delegation of Authority was promulgated with each renewal of the Authorization. The Delegation of Authority letters were sent to the Program Manager and the two managers of the SID CT Product Line and not further disseminated. (See Section Six.) (U) Access to Program Information Between 4 October 2001 and 17 January 2007, NSA cleared over 3,000 people for the PSP. The majority worked at NSA. Others were fiom the CIA, the FBI, the Department of Justice, Congress, the FISC, the ODNI, the White House, and the PSP Clearance Totals Agency Number of Cleared Personnel NSA 1,936 CIA 460 FBI 467 DOJ 64 Congress 60 TOP SE CRE OMIN 0NflV 0F ORN 23 T-09-0002 WORKING DRAFT TOP SE CRE ONW 0F ORN FISC 14 ODNI 13 White House 14 DOD (excluding NSA) 5 Total 3,033 Within the first 30 days of the Program, over 190 people were cleared into the Program. This number included Senators Robert Graham and Richard Shelby, Congresswoman Nancy Pelosi, President George W. Bush, Vice President Richard Cheney, Counsel to the Vice President David Addington, and Presidential Assistant 1. Lewis "Scooter" Libby. By 31 January 2002, FISC Judge Royce Lamberth was cleared. By June 2002, over 500 people had been cleared, including two additional members of Congress, Senator Daniel Inouye and former Senator Theodore Stevens, as well as FISC Judge Colleen Kollar-Kotelly. See Appendix for a list, by date, of the number of people briefed into the Program. (U) Non-Operational Personnel F) Knowledge of the PSP was strictly limited at the express direction of the White House. General Hayden, over time, delegated his PSP clearance approval authority for NSA, FBI, and CIA operational personnel working the mission to the NSA PSP Program Manager. For members of Congress, FISC, outside counsel for providers, and the NSA IG, General Hayden had to obtain approval from the White House. From the start, General Hayden and NSA leadership pushed to keep members of the legislative and judicial branches of government informed. General Hayden said he told the Vice President that OMIN 0NflV OF ORN 24 TOP SE CRE OF ORN WORKING DRAFT concems about the lawfulness of the Authorization but worried about the politics. After some hesitancy, the White House gave General Hayden permission to brief certain members of Congress. In addition, the Chief Judge of the FISC was first cleared in January 2002 (see Section Interactions with Members of Congress. Between 25 October 2001 and 17 January 2007, General Hayden, sometimes supported by operational target experts from the CT Product Line and SSO office, conducted over 49 briefings to members of Congress or their stafi. (See Appedix for a complete list of briefings.) General Hayden first briefed the following members of Congress on 25 October 2001: Chair - House Permanent Select Committee on Intelligence Ranking Minority Member of the House Permanent Select Committee on Intelligence Chair Senate Select Committee on Intelligence Vice Chair -- Senate Select Committee on Intelligence In addition, NSA received and responded to a variety of Program-related inquiries from members of Congress, including Senators Inouye, Stevens, Pelosi, and Rockefeller. General Hayden always believed that the PSP was legal. He said that during the many PSP-related briefings he gave to members of Congress, no one ever said that NSA should stop what it was doing. He emphasized that he did not just "flip through slides" during the briefings. They lasted as long as attendees desired. Interactions with the FISC. On 31 January 2002, Chief Judge Royce Lamberth was briefed on the PSP and on 17 May 2002, his successor, Colleen Kollar-Kotelly, was briefed. A law clerk was also briefed in April 2004. (See Section Five.) The Clearance Process F) NSA managed the NSA clearance process. Clearance requests were submitted to the PSP Program Office for Program Manager approval or disapproval. Access was granted only to those who needed 1109-0002 WORKING DRAFT TOP SE CRE OMIN CONW OF ORN to perform assigned job duties. The Program Manager questioned access requests with unclear justifications. Approved requests were forwarded to the Program security officer, who performed a security check. If the security check yielded nothing to impede access, individuals were instructed to go to the security office to read the "Security Pre-Brief Agreement" and sign a "Sensitive Compartmented Information Nondisclosure Agreement" form. NSA's General Counsel also had the authority to read in Attomeys from other agencies. On 20 May 2005, the Program Manager changed the PSP clearance request and re-certification process. The Project Security Officer assigned to Special Source Operations in the SIGINT Directorate assumed responsibility for the PSP clearance process. (Special Source Operations managed all PSP-related collection for NSA.) Additionally, the Program Manager initiated PSP clearance briefings. From 4 October 2001 until 23 May 2005, a two-level PSP clearance structure was used. One level was limited to the "fact of" Program existence. A second level included access to PSP targeting data through a "must know" principle. Access lists were maintained in the SSO Security Director's office on an internal SSO compartmented LAN. F) Regular zero-based reviews were conducted by the SSO Security Director's office quarterly to validate that cleared individuals had a continuing need for access to PSP information. The clearance did not automatically transfer with individuals who moved to new assignments. The clearance had to be re-justified for the new position, or the individual would be debriefed from the Program. TOP SECRE OMIN 0NflV 0F ORN 26 TOP SE CRE OMIN 0NflV OF ORN WORKING DRAFT (U) FOUR: NSA PRIVATE SECTOR RELATIONSHIPS To conduct foreign intelligence-gathering activities under the PSP, NSA required the assistance of private companies, which provided access to international communications chokepoints in United States. Immediately after 11 September 2001, some private companies contacted NSA to offer support. Subsequent to PSP authorization, NSA sent request letters to companies stating that their assistance was authorized by the President with legal concurrence of the Attorney General. (U) Need for Private Sector Cooperation The United States carries out foreign intelligence activities through a variety of means. One of the most effective means is to partner with commercial entities to obtain access to information that would not otherwise be available. Telephony Most intemational telephone calls are routed through a small number of switches or "chokepoints" in the international telephone switching system en route to their final destination. The United States is a major crossroads for intemational switched telephone traffic. For example, in 2003, circuit switches worldwide carried approximately 180 billion minutes of telephone communications. Twenty percent of this amount, over 37 billion minutes, either originated or terminated in the United States, and another thirteen percent, over 23 billion minutes, transited the United States (neither originating nor terminating here). is authorized under Executive Order 12333 to acquire transiting telephone calls.] F) NSA determined that under the Authorization it could gain access to approximately 81% of the intemational calls into and out of the United States through three corporate partners: COMPANY A had access to 39%, COMPANY 28%, and COMPANY 14%. NSA did not seek assistance from local exchange carriers, because that would have given NSA access primarily to domestic callsTOP SE CRE OMIN ONW OF ORN 1109-0002 WORKING DRAFT Internet Communications Al Qaeda and associated terrorist organizations have made extensive use of the Intemet. It is their preferred method of communication. Terrorists use Intemet communications, particularly web- based services, because they are ubiquitous, anonymous, and usually free of charge. They can access Web--based email accounts and similar services from any origination point around the world. The United States is a major Internet communications hub. The industry standard for characterization of the volume of Intemet communications is bandwidth, which measures the amount of digital data transmitted in one second -- bits per second or bps. For example, data available from 2002 shows that at that time, worldwide international bandwidth was more than 290 Gbps7. Of that total, less than 2.5 was between two regions that did not include the United States. The United States is also home to computer servers providing Internet communications services often used by terrorists. The majority of known terrorist email addresses that NSA has tracked are hosted on U.S.- based providers or forei n--mana ed roviders hosted on servers in the united Evolution of NSA Partnerships with Private Sector (U) History of NSA Partnerships with Private Sector As far back as World War II, NSA has had classified relationships with carefully vetted U.S. companies that assist with essential foreign intelligence-gathering activities. NSA maintains relationships with over 100 U.S. companies. Without their cooperation, NSA would not be able respond to intelligence requirements on a variety of topics important to the United States. Two of the most productive SIGINT collection partnerships that NSA has with the private sector are with COMPANY A and COMPANY B. These two relationships enable NSA to access large volumes of foreign-to-foreign communications transiting the United States is an abbreviation for Gigabits per second, which can also be described as one billion bits per second or 1,000,000,000 bps. TOP SE CRE OMIN ONW 0F ORN 28 TOP SECRE ONWOF ORN WORKING DRAFT through f1ber--optic cables, gateway switches, and data networks. They also provide foreign intelligence authorized under the FISA. According to General Alexander, General Hayden's replacement as Director of if the relationships with these companies were ever terminated, the U.S. SIGINT system would be irrevocably damaged, because NSA would have sacrificed America's home field advantage as the primary hub for worldwide telecommunications. (U) Partnerships after 11 September 2001 According to the former Deputy Chief of SSO, between 11 September 2001 and the 4 October 2001 Authorization, COMPANY A and COMPANY contacted NSA and asked "what can we do to help?" COMPANY personnel approached NSA SSO personnel through an existing program. They said they noticed odd pattems in domestic calling records surrounding the events of 11 September and offered call records and analysis. With no appropriate authority under which to accept the call records, NSA suggested the company contact the FBI. Partnerships Supporting the PSP F) Once the Authorization was signed on 4 October 2001, NSA began a process of identifying and visiting commercial entities requesting their support. While requesting help from corporate entities to support the PSP, NSA personnel made it clear that the PSP was a cooperative program and participation was voluntary. NSA knew that the PSP was an extraordinary program and understood if companies viewed it as too much of a liability. NSA Approaches to Private Sector Companies 2001: On Columbus Day, 8 October 2001, NSA Special Source Operations (SSO) personnel responsible for the access relationships with corporate partners COMPANY A, COMPANY B, and COMPANY were called in to work and informed that the President had authorized the PSP on 4 October 2001. The SSO personnel were tasked with initiating a dialog with the respective TS/SCI-cleared officials from COMPANIES A, B, and to seek their cooperation under the new Authorization. Over the next few business days, SSO personnel met separately with ofiicials from the three companies. Each company agreed to cooperate. TOP SE CRE OMIN 0F ORN 29 7109-0002 WORKING DRAFT TOP SE CRE OMIN OF ORN Upon confirmation that formal NSA letters requesting their assistance were forthcoming, the providers, acting independently and officially unaware of the cooperating agreements with other companies, initiated collection to support the PSP. 2002: In early 2002, NSA SSO personnel met with the Senior Vice President of Govemment Systems and other employees from COMPANY E. Under the authority of the PSP, NSA asked COMPANY to provide call detail records (CDR) in support of security for the 2002 Olympics in Salt Lake City. On 11 February 2002, the company's CEO agreed to cooperate with NSA. On 19 February 2002, COMPANY submitted a written proposal that discussed methods it could use to regularly replicate call record information stored in a COMPANY facility and potentially forward the same information to NSA. Discussions with COMPANY continued in 2003. However, the COMPANY General Counsel ultimately decided not to support NSA. On 5 September 2002, NSA legal and operational personnel met with intemet provider COMPANY D's General Counsel to discuss the PSP and ask for the company's support. COMPANY provided support, but it was minimal. (For a description of COMPANY D's support, see page "What Providers On 29 October 2002, NSA legal and operational personnel met with intemet provider COMPANY F's Legal and Corporate Affairs personnel, and a former NSA OGC employee hired by COMPANY as independent counsel. NSA requested COMPANY F's support under the PSP for email content. At the meeting, COMPANY requested a letter from the Attomey General certifying the legality of the PSP. In December 2002, NSA's Commercial Technologies Group was informed that the company's CEO agreed to support the PSP. According to NSA's General Counsel, COMPANY did not participate in the PSP because of corporate liability concerns. F) 2003: In April 2003, NSA legal and operational personnel met with the President and Chief Operating Officer, General Counsel, and other personnel from private sector COMPANY G. After the meeting, the company's General Counsel wanted to seek the opinion of outside counsel. NSA determined the risk associated with additional disclosure outweighed what COMPANY would have provided. NSA decided to not pursue a partnership with this company. TOP SE CRE OMIN 0NflV 0F ORN 30 TOP SE CRE OMIN /01? 0NflV OF ORN WORKING DRAFT NSA Letters to Private Sector F) The Director sent letters to private sector companies requesting their assistance with the PSP. NSA OGC drafted the letters for the Director, tracked each renewal of the President's_authorization and modified the letters accordingly, and ensured the letters were delivered to the companies. Between 16 October 2001 and 14 December 2006, NSA sent 147 request-for-assistance letters to private sector partners. COMPANY A: 44 Letters COMPANY B: 44 Letters COMPANY C: 46 Letters COMPANY D: 11 Letters COMPANY E: 2 Letters F) 2001. In his first PSP-related letter on 16 October 2001 to COMPANIES A, and C, General Hayden stated that the National Security Agency and the Federal Bureau of Investigation required their assistance "to collect intelligence vital to the national security arising from the events of 11 September 2001," and specifically requested that they "provide survey, tasking and collection against international traffic, some of which terminates in the United States; provide aggregated call record information; and supply computer to computer data which can be used to determine the communicants." Their assistance was "needed to identify members of intemational terrorist cells in the United States and prevent future terrorist attacks against the United States." These first letters also stated that the requested assistance was authorized by the President with the legal concurrence of the Attorney General, pursuant to Article II of the Constitution. 2002: Subsequent letters were sent to COMPANIES A, B, and by General Hayden (or his deputy) each time the President reauthorized the PSP. Throughout 2002, these written requests for assistance referenced the 16 October letter; repeated the need to provide the Presidentially-authorized assistance; emphasized that such assistance was necessary to counter a fiiture terrorist attack; and stated that such assistance was reviewed by the Attomey General and had been determined to be a lawful exercise of the President's powers as Commander-in-Chief. Starting in mid-2003, the wording of the letters was revised but in substance remained the same. Two request letters for assistance were sent to private sector COMPANY E. The first letter was sent on 26 February 2002, and TOP SE CRE 0NflV OF ORN 31 1109-0002 WORKING DRAFT TOP SE CRE OMIN 0NflV OF ORN the last letter was sent on 14 March 2002. All letters were signed by General Hayden. F) In addition to the letters sent to COMPANY A, COMPANY B, COMPANY and COMPANY E, eleven request letters for assistance were prepared for intemet provider COMPANY D. The first letter was on 9 October 2002 and the last letter was 11 September 2003. All letters were signed by General Hayden or his designee. 2003: In June 2003, COMPANY Us General Counsel and Chief of Stafi requested a written Attorney General opinion on the legality and lawfulness of the PSP, to include a directive to comply. COMPANY cited corporate liability concerns as their reason. On 8 August 2003, the Attorney General sent a letter stating that the request for support was a lawful exercise of authorities assigned to the President under Article II of the Constitution. Additionally, the Attorney General directed COMPANY to comply with NSA's request. F) 2004: On 26 March 2004, the President amended his 11 March 2004 authorization after deciding to discontinue bulk collection of Intemet metadata. Before ll March 2004, all authorizations covering Internet metadata collection (as well as content collection and telephony metadata collection) were approved for form and legality by the Attorney General. Accordingly, NSA's 12 March 2004 letters to the companies stated that the most recent authorization had been approved for form and legality by the Counsel to the President, not the Attomey General as with previous authorizations. 2005: Beginning 19 September 2005 through 14 December 2006, new Director General Alexander, or his designee, signed the request letters to the companies. 2006 Attorney General Letters. On 24 January 2006, the Attomey General sent letters to COMPANIES A, B, and C, certifying under 18 U.S.C. 251 that "no warrant or court order was or is required by law for the assistance, that all statutory requirements have been met, and that the assistance has been and is required." F) 2006 DNI Letters. On 13 April 2006, the Director of National Intelligence (DNI) sent letters to Companies A, B, and to underscore the continuing critical importance of their assistance. The DNI letter also stated that the "intelligence obtained from their assistance has been and continues to be indispensable to protecting the country and the American people from terrorist attacks." TOP SE CRE OMIN 0F ORN 32 TOP SE CRE WORKING DRAFT F) Letters for COMPANIES A, B, C, and were couriered to the companies' local facility. COMPANY sometimes picked up its letters at NSA Headquarters. Letters for COMPANY were stored at NSA since no one at the company had the proper clearance to store them. PSPAuthorized'Support to NSA F) Private sector companies provided assistance to NSA under the PSP in three categories: telephone and Intemet Protocol content, Metadata from Call Detail Records, and Intemet Protocol Metadata. F) The PSP allowed content to be collected if the selected communication was one-end foreign or the location of the communicants could not be determined. Selectors (email addresses and telephone numbers) were provided by NSA's Office of Counterterrorism. Content: Telephony. Under the PSP, companies provided the content of one-end-foreign intemational telephone calls (telephony content) and the content of electronic communications (email content) of al Qaeda and its affiliates. COMPANIES A, B, and provided telephony content from communications links they owned and operated. They had been providing telephony content to NSA before 2001 under FISA and E.O. 12333 authorities. NSA began to receive telephony content from COMPANIES A and on 6 October 2001 and COMPANY on 7 October 2001. This support ended on 17 January 2007. Content: Internet Email. COMPANIES A, B, and provided access to the content of Al Qaeda and Al Qaeda--afi'iliate email from communication links they owned and operated. NSA received email content from COMPANY A as early as October 2001 until 17 January 2007, from Company beginning February-March 2002 through 17 January 2007, and from COMPANY from April 2005 until 17 Januaiy 2007. From April 2003 through November 2003, COMPANY provided a limited amount of email content under the PSP. It did not provide PSP- related support after November 2003, but it did provide support under FISA. F) Metadata from Call Detail Records. COMPANIES A and provided Call Detail Records to NSA. The records were used by NSA Counter-Terrorism metadata to perform call chaining and network reconstruction between known al Qaeda and al Qaeda-affiliate telephone numbers and previously unknown telephone numbers with which they had been in contact. Providers generated Call Detail Records as a normal course of doing business billing purposes and traffic TOP SE CRE OMIN 0NflV OF ORN 33 1109-0002 WORKING DRAFT TOP SE CRE OMIN ONW OF ORN engineering). Records included all call events from the companies' long distance and intemational communication networks. The Call Detail Records were aggregated as large files by TS/SCI-cleared groups at COMPANY A and COMPANY and forwarded, on an hourly or daily basis, across classified communications circuits to a PSP-restricted NSA data repository. COMPANY A provided PSP-authorized CDRs as early as November 2001, and COMPANY began to provide CDRs in February 2002. Both continued to provide this support through the end of the PSP, and support continues today under the FISC Business Records Order. COMPANY provided select PSP-authorized CDRS from December 2002 through March 2003. F) Internet Metadata. The last category of private sector assistance was access to Intemet Protocol (IP) metadata associated with communications of al Qaeda (and affiliates) from data links owned or operated by COMPANIES A, B, and C. In order to be a candidate for PSP IP metadata collection, data links were first vetted to ensure that the preponderance of communications was from foreign sources, and that there was a high probability of collecting al Qaeda (and affiliate) communications. NSA took great care to ensure that metadata was produced against foreign, not domestic, communications. F) COMPANY A began providing PSP IP metadata collection as early as November 2001. Although COMPANY began providing CD-ROMS of PSP IP metadata in October 2001, an automated transfer of data was not available until February-March 2002. The Presidential authority to collect IP metadata was terminated in March 2004. COMPANY A and COMPANY IP metadata collection resumed after the FISC Pen Register/Trap Trace Order authorizing this activity was signed on 15 July 2004. COMPANY provided IP metadata beginning in April 2005. TOP SE CRE OMIN 0NflV OF ORN 34 TOP SE CRE OMIN OF ORN WORKING DRAFT This page intentionally left blank. TOP SE CRE OMIN ORN 35 TOP SECRE 0NflV OF ORN 1109-0002 WORKING DRAFT (U) FIVE: INTERACTION WITH THE FISC AND TRANSITION TO COURT ORDERS Until 2006, N8A's PSP-related interaction with members of the FISC was limited to informational briefings to the Chief Judge. Chief Judge Royce Lamberth, Judge Colleen Kollar-Kotelly, who replaced Judge Lamberth as Chief Judge in May 2002, and one law clerk were the only members of the FISC that NSA had briefed on the PSP In the spring of 2004, NSA's interaction with Judge Kollar- Kotelly increased as NSA and began transitioning PSP-authorized activities to FISC orders in 2004. It was not until after parts of the PSP were publicly revealed in December 2005 that all members of the FISC were briefed on the Program. (U) NSA's Interaction with the FISC General Hayden stated that from the start of the PSP, he and other NSA leaders recognized the importance of keeping all three branches of the Govemment informed of the Program and pressed the White House to do so. In all of its interactions, neither NSA nor Do] presented before the FISC the factual and legal issues arising from the PSP in any case or controversy. Therefore, the FISC did not express any View or comment on the legality or illegality of the PSP. NSA Briefings on the PSP to Members of the FISC The White House first permitted NSA to brief the Chief Judge of the FISC in January 2002. General Hayden stated that on 31 January 2002, he provided Judge Lamberth a very detailed PSP briefing, and the Deputy Assistant Attomey General in the OLC explained the Program's legality. General Hayden stated that this briefing was prompted by a concern expressed by DOJ that PSP-derived information would be used in ISA applications On 17 May 2002, General Hayden briefed incoming Chief Judge Kollar-Kotelly, with Judge Lamberth in attendance, on the PSP. In a TOP SE CRE OMIN 0NflV OF ORN 36 TOP SE CRE OF ORN WORKING DRAFT letter to the Counsel for Intelligence Policy dated 12 January 2005, Judge Kollar-Kotelly stated that, on that date, she was also shown a short legal memorandum, prepared by the Deputy Assistant Attorney General in the OLC, that set out a broad overview of the legal authority for conducting the PSP. Judge Kollar-Kotelly added that she was allowed to read the memorandum but not to retain it for study. F) NSA records show that Judge Kollar-Kotelly was briefed again on 12 August 2002 at the White House. Although we found no documentation of the purpose of the meeting or topics discussed, Judge Kollar-Kotelly stated in the January 2005 letter to the Counsel for Intelligence Policy that, at her request, she was permitted to review the Authorization of the PSP on that date. In response to a New York Times "warrantless wiretapping" story published in December 2005, General Alexander briefed all FISC members on the PSP on 9 January 2006.9 (U) Transition of PSP Authorities to FISC Orders The transition of PSP-authorized activities to FISC orders was precipitated by preliminary results of OLC legal review of the components of the Program. In March 2004, OLC found three of the four types of collection authorized under the PSP to be legally supportable. However, it determined that, given the method of collection, bulk Intemet metadata was prohibited by the terms of FISA and Title Consequently, the White House Counsel rather than the Attorney General signed the 11 March 2004 Authorization. NSA Implements Controversial 9 Scullin did not attend this briefing, but was later briefed on 31 January 2006. Judge Bates, a new judge, was briefed on 21 March 2006. OLC ultimately issued three opinions: 15 March 2004, 6 May 2004, and 16 July 2004. TOP SE CRE OMIN OF ORN 37 1109-0002 WORKING DRAFT TOP SE CRE OMIN 0NflV 0F ORN Until March 2004, NSA considered its collection of bulk Internet metadata under the PSP to be legal and appropriate. Specifically, NSA leadership, including OGC lawyers and the IG, interpreted the terms of the Authorization to allow NSA to obtain bulk Internet metadata for analysis because NSA did not actually "acquire" communications until specific communications were selected. In other words, because the Authorization permitted NSA to conduct metadata analysis on selectors that met certain criteria, it implicitly authorized NSA to obtain the bulk data that was needed to conduct the metadata analysis. On 11 March 2004, General Hayden had to decide whether NSA would execute the Authorization without the Attorney General's signature General Hayden described a conversation in which David Addington asked, you do it At that time, General Hayden also said that he asked Daniel Levin, Counsel to the Attorney General, in March 2004 if he needed to stop anything he was doing. Mr Levin said that he did not need to stop anything and lV-A/32a- After conferring with NSA operational and legal personnel, General Hayden stated that he decided to continue the PSP because 1) the members of Congress he briefed the previous day, 10 March, were supportive of continuing the Program, 2) he knew the value of the Program, and 3) NSA lawyers had determined the Program was legal. Eight days later on 19 March 2004, the President rescinded the authority to collect bulk Intemet metadata and gave NSA one week to stop collection and block access to previously collected bulk Intemet metadata. NSA did so on 26 March 2004. To close the resulting collection gap, Do] and NSA immediately began efforts to recreate this authority in what became the order. By January 2007, the remaining three authorities had also been replicated in FISC orders: the Business Records (BR) Order, the Foreign Content Order, and the TOP SE CRE OMIN ONW OF ORN 38 TOP SE CRE OMIN OF ORN WORKING DRAFT Domestic Content Order. On 1 February 2007, the final Authorization was allowed to expire and was not renewed. Transition of Internet Metadata Collection to Pen Register/T rap and Trace Order Authority F) According to NSA personnel, the decision to transition Internet metadata collection to a FISC order was driven by At a meeting on 26 March 2007, directed NSA representatives from OGC and SID to find a legal basis, using a FISC order, to recreate NSA's PSP authority to collect bulk Internet metadata. F) After extensive coordination, and NSA devised the theory to which the Chief Judge of the FISC seemed amenable. and NSA worked closely over the following months, exchanging drafts of the application, preparing declarations, and responding to questions from court advisers. NSA representatives explained the capabilities that were needed to recreate the Authority, and personnel devised a workable legal basis to meet those needs. In April 2004, NSA briefed Judge Kollar--Kotelly and a law clerk because Judge Kollar--Kotelly was researching the impact of using PSP-derived information in FISA applications. In May 2004, NSA personnel provided a technical briefing on NSA collection of bulk Internet metadata to Judge Kollar--Kotelly. In addition, General Hayden said he met with Judge Kollar--Kotelly on two successive Saturdays during the summer of 2004 to discuss the on-going efforts. The ISC signed the first order on 14 July 2004. Although NSA lost access to the bulk metadata from 26 March 2004 until the order was signed, the order essentially gave NSA the same authority to collect bulk Intemet metadata that it had under the PSP, except that it specified the datalinks from which NSA could collect, and it limited the number of people that could access the data. The FISC continues to renew the approximately every 90 days. Transition of Telephony Metadata Collection to the Business Records Order According to NSA General Counsel Vito Potenza, the decision to transition telephony metadata to the Business Records Order was driven by a private sector company. After the New York Times article was published in December 2005, Mr. Potenza stated that one of the PSP providers expressed concem about providing telephony metadata to NSA under Presidential Authority without being compelled. Although OLC's TOP SE CRE OMIN 0NflV 0F ORN 39 ST-09-0002 WORKING DRAFT TOP SE CRE OMIN 0NflV OF ORN May 2004 opinion states that NSA collection of telephony metadata as business records under the Authorization was legally supportable, the provider preferred to be compelled to do so by a court order." As with the Order, Do] and NSA collaboratively designed the application, prepared declarations, and responded to questions from court advisers. Their previous experience in drafting the PRTT Order made this process more efficient. The ISC signed the first Business Records Order on 24 May 2006. The order essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had under the PSP. And, unlike the PRTT, there was no break in collection at transition. The order did, however, limit the number of people that could access the data and required more stringent oversight by and reporting to DOJ. The FISC continues to renew the Business Records Order every 90 days or so. (See Appendix H.) Transition of Internet and Telephony Content Collection to the Foreign and Domestic Content Orders According to NSA OGC, the transition of PSP content collection to FISC orders was driven by had contemplated a transition in July 2004 when the FISC's signing of the order indicated its willingness to authorize PSP activities under court order. Given this precedent, concluded the FISC might also accept content collection. However, little progress was made until June 2005 when the OIPR with NSA OGC and SID representatives began researching the feasibility of collecting PSP content under court order. In essence, DOJ and NSA needed to find a legal theory that would allow NSA to add and drop thousands of foreign targets for content collection. Because the law was more restrictive for content than metadata, NSA had serious reservations about whether it would be possible to find a workable solution using a FISC order at that time, especially given the large number of selectors to be tasked and the complexity from legal and operational perspectives. For example: In addition to the telephony metdata that NSA was receiving from private sector companies as business records, it was also obtaining "live" telephony metadata from its own SIGINT collection sources. It continued until mid-2005. will include a reference to the corresponding notification here.** TOP SE CRE OF ORN 40 TOP SE CRE OMIN ORN WORKING DRAFT NSA risked losing flexibility in the means of collection, given that facilities and collection accesses were complex and in constant flux. In executing the and Business Records Orders, the FISC's and DoJ's consistently increasing demands for information took NSA away from target-related duties. F) The process imposed by the FISA statute was not able to handle the large volume of NSA requests for FISC authorization needed after 11 September 2001. Because OLC's May 2004 opinion found that the existing Authorization for content collection was lawful, there was no pressing need to find an alternative legal vehicle. In a letter dated 21 February 2006, the NSA GC expressed the aforementioned concems, among others, to the Acting Assistant Attorney General suggesting that: . . . . now might be the right time to seek substantial revisions to the FISA. The purpose of the legislation was to protect the privacy of U.S. persons who could be subjected to surveillance, either intentionally or incidentally. Twenty-seven years later, the United States Government finds itself obtaining ISA orders so that it can cany out surveillance on foreign intelligence targets who are outside the United States and, more ofien than not, communicating only with others outside the United States. This serves no U.S. person's privacy interests, was never anticipated by the statute's drafters, and diverts valuable resources from the fight against terrorism. The FISA needs to be simplified and streamlined." F) Ultimately, Do] decided to pursue a FISC order for content collection wherein the traditional FISA definition of a "facility" as a specific telephone number or email address was changed to encompass the gateway or cable head that foreign targets use for communications. Minimization and probable cause standards would then be applied. As with the PRTT and Business Records orders, NSA collaborated with Do] to prepare the application and declarations and provided the operational requirements needed to continue effective surveillance. After 18 months of concerted effort and coordination, the FISC ultimately accepted the theory for foreign selectors but rejected it for TOP SE CRE OMIN CONW OF ORN 41 1109-0002 WORKING DRAFT TOP SE CRE domestic selectors. Consequently, on 10 January 2007, the FISC signed two separate orders: the Foreign Content Order and the Domestic Content Order. The Foreign Content Order negatively affected SIGINT exploitation. Most notably, the number of foreign selectors on collection dropped by 73 percent, from 11,000 selectors under PSP to 3,000 under the order. In addition, the administrative workload for NSA to put critical foreign selectors on collection was so burdensome that the order became operationally unsustainable. The order was eventually superseded by Congress' FISA modernization. It was temporarily replaced by the Protect America Act in August 2007 and then permanently replaced by the FISA Amendments Act in July 2008. F) The Domestic Content Order did not create a similar loss in collection because so few domestic numbers were tasked at that time. It did, however, slow operations because of the documentation required, and it took considerably longer to task under the order than under the PSP. Over time, the scope of the Domestic Content Order gradually decreased to a single selector tasked for collection in January 2009. In January 2009, the FBI, at NSA's request, assumed responsibility for the Domestic Content Order and became the declarant before the FISC. TOP SE CRE 0NflV OF ORN 42 TOP SE CRE OMIN 0F ORN WORKING DRAFT (U) SIX: NSA OVERSIGHT OF PSP SIGINT ACTIVITIES NSA Office of General Counsel and SID, Oversight and Compliance provided oversight of NSA PSP activities from October 2001 until January 2007. NSA OIG initiated PSP oversight in 2002. (U) Office of General Counsel The OGC was the first NSA organization with oversight responsibilities to leam of the PSP, and it continued to provide significant oversight over the life of the Program. The GC was briefed on 4 October 2001, the day the Authorization was signed. On 6 October, he gave the Director and Deputy Director talking points for briefing NSA personnel on the new authority. The talking points included the fact that General Hayden had instructed the GC and the lead attomey for operations to conduct routine review and oversight of PSP activities. The NSA Assistant General Counsel for Operations provided most of the Program oversight before the OIG learned of the PSP in 2002. He and his successors reviewed proposed target packages and rejected those not compliant with the Authorization, answered questions, gave briefings, reviewed program implementation, and coordinated program- related issues with Do]. (U) SIGINT Directorate The SIGINT Directorate Office of Oversight and Compliance represents the Director and the Signals Intelligence Director in overseeing compliance with authorities that govern the collection, production, and dissemination of intelligence by the National Security Agency. The Chief of was briefed on the PSP on 10 October 2001. Initially, ability to provide effective oversight was limited by insufficient staffing and a lack of methodologies to provide meaningful oversight of PSP collection. It, therefore, focused on identifying problem areas while documenting program activity. It also helped establish database partitions and assisted with data flow compliance issues to prevent uncleared personnel from seeing Presidentially-authorized collection. Later, it reviewed justification statements for tasked selectors. Also, it directed PSP-cleared SIGINT operations personnel to follow TOP SE CRE OMIN OF ORN 43 TOP SE CRE OMIN ONW OF ORN 1109-0002 WORKING DRAFT established procedures for the dissemination of U.S. person information and obtained approvals to permit dissemination of U.S. person information (U) Office of Inspector General NSA OIG conducted oversight of PSP activities from August 2002 until the Program ended in January 2007. It issued 12 formal reports and 14 Presidential Notifications on PSP activities at NSA. Investigations were conducted in response to specific incidents or violations to determine the cause, effect, and remedy. Reviews were conducted to determine the adequacy of management controls to ensure compliance with the Authorization and related authorities; to assess the efficiency and effectiveness in mitigating high-risk activities associated with the Program; and to identify impediments to satisfying the requirements of the Authorization and related authorities. Presidential Notifications were drafted for the Director's signature to notify the President's Counsel about violations of the Authorization. (See below for additional details.) Due Diligence Meetings were held by program officials to exercise "due diligence" in addressing program issues and developments. The OIG attended these meetings to stay aware of program activities. OIG also provided oversight of FISC-authorized activity previously conducted under Authorization. See Appendix for a list of OIG reports on PSP activity at NSA. TOP SE CRE 44 TOP SE CRE OMIN 0NflV OF ORN WORKING DRAFT (U) NSA IG Not Cleared until 2002 We could not determine exact reasons for why the NSA lG was not cleared for the PSP until August 2002. According to the NSA General Counsel, the President would not allow the IG to be briefed sooner. General Hayden did not specifically recall why the IG was not brought in earlier, but thought that it had not been appropriate to do so when it was uncertain how long the Program would last and before operations had stabilized. The NSA IG pointed out that he did not take the IG position until April 2002, so NSA leadership or the White House may have been resistant to clearing either a new or an acting lG. Regardless, by August 2002, General Hayden and the NSA General Counsel wanted to institutionalize oversight of the Program by bringing in the IG. General Hayden recalled having to "make a case" to the White House to clear the IG at that time. OIG concerns lead to change (C) In addition to formal recommendations made in review and investigative reports, OIG concems about access to the terms of the Presidential authorization and about the means of reporting PSP violations resulted in three major changes. (C) First, in December 2002, the IG recommended that General Hayden formally delegate authority to NSA operational personnel, some of whom had unknowingly violated tenns of the Authorization. The Counsel to the Vice President, demanding secrecy, refused to let them see terms of the authority, which had been delegated by the President to the Secretary of Defense, who delegated it to the Director of NSA. General Hayden issued the first "Delegation of Authority" letter to key operational personnel in the SID on 4 March 2003. Subsequent delegation letters were issued each time the President renewed the authority. TOP SE CRE OMIN 0F ORN 45 1109-0002 WORKING DRAFT TOP SE CRE OMIN OF ORN (C) Second, in March 2003, the IG advised General Hayden that he should report violations of the Authorization to the President. In February of 2003, the OIG leamed of PSP incidents or violations that had not been reported to overseers as required, because none had the clearance to see the report. Before March 2003, NSA quarterly reports on intelligence activities sent to the President's Intelligence Oversight Board (through the Assistant to the Secretary of Defense for Intelligence Oversight) stated that the Director was not aware of any unlawful surveillance activities by NSA other than that described in the report. Beginning in March 2003, at the IG's direction, NSA quarterly reports stated that except as disclosed to the President, the Director was not aware of any unlawful surveillance activities by NSA. Also beginning in March 2003, PSP violations, including those not previously reported to the Intelligence Oversight Board, were reported in "Presidential Notifications." Third, shortly after leaming about the Program, the IG participated in a September 2002 meeting of key cleared personnel at which important PSP matters were discussed. He recommended that these types of meetings be held every month. As a result, "due diligence" meetings were held until the Program ended. TOP SE CRE OMIN 0F ORN 46 TOP SE CRE OF ORN WORKING DRAFT This page intentionally left blank. TOP SE CRE OMIN CONW OF ORN 47 TOP SE CRE OMIN 0NflV 0F ORN 1109-0002 WORKING DRAFT WORKING DRAFT TOP SE CRE OMIN 0NflV OF ORN