Stanford CIS

Today’s ODNI and Section 702 News

By Jennifer Granick on

Today, the Office of the Director of National Intelligence (ODNI) announced that it would stop some of the surveillance it conducts on the telecommunications backbone under authority granted by section 702 of the FISA Amendments Act. That announcement came in the form of a press release, a statement, and was reported in a New York Times article by reporter Charlie Savage.

Wow.

Here’s some background, and some questions Congress and the courts are going to need to answer going forward. (For more information, check out my book, American Spies, or this series of blog posts (one, two, three) by Jadzia Butler and me on section 702.

When conducting surveillance of communications as they travel over fiber optic cables (the “Upstream” program), the NSA has been collecting not just communications to and from foreign intelligence targets, but also about those targets. If the stream of internet packets contains a selector associated with a foreign intelligence target, the NSA has been acquiring the entire “internet transaction” containing that selector. This “about” collection means collection takes place even when the relationship between the communicants and the intended target is attenuated—no one is talking to the target.

Further, about communications can pull unrelated messages into the NSA’s coffers. Using this surveillance technique, the government “tasks” a given selector (such as an email address or phone number) in the stream of internet data flowing through particular network gateways (known as the “internet backbone”). If the stream of internet packets contains the selector, the Upstream program will acquire the entire “internet transaction” containing that selector. Some transactions only include one communication (Single Communications Transactions – SCT’s), while others contain multiple discreet communications (Multiple Communications Transactions – MCT’s). Because of the way the NSA conducts Upstream collection, if any communication within an SCT or MCT is “to,” “from,” or even “about” a tasked selector, the entire transaction is collected. The collection of MCT’s further removes the nexus between the communicants and the intended target because any communication that is embedded within a transaction that happens to include a communication that so much as mentions the targeted selector can get swept up.

Read the full post at Just Security.