Page 16 - pclob usa freedom
P. 16

TOP SECRET//SI//NOFORN


               II.  (U) NSA’s Collection of CDRs under the USA Freedom

                       Act


                       (U) NSA worked with telephony providers to create a technical architecture to collect and
               use CDRs under the USA Freedom Act.   This included technical processes and infrastructure
                                                      51
               to use approved specific selection terms to obtain, analyze, and control access to the CDRs.
               NSA released an unclassified description of this architecture in January 2016.   The architecture
                                                                                          52
               remained essentially constant throughout the life of the program until NSA began dismantling it
                                                                       53
               in the summer of 2019, after the program was suspended.
                       (U) Some of these technical processes were developed to ensure compliance with the
               minimization procedures approved by the FISA court in 2015, when the program began.  The
               procedures governed NSA’s handling, retention, and dissemination of the CDRs obtained from
               providers under the USA Freedom Act.  For example, the minimization procedures required an
               initial review of records to confirm that the CDRs were generally responsive to the court’s order,
               mandated specific storage standards, and imposed rules for sharing US person information.
                                                                                                       54
                       A.     (U) Program Architecture Used to Collect CDRs under

                              the USA Freedom Act

                       (U) Under the USA Freedom Act, CDRs could be collected and used in emergency
               situations (a terrorist attack or an imminent threat) or in day-to-day counterterrorism
               investigations.  In the immediate aftermath of a terrorist attack, collection of USA Freedom Act
               CDRs may have occurred as an emergency authorization, which had to be approved by the
                                 55
               Attorney General.   To seek an emergency authorization, NSA personnel would collaborate
                                                                                                           56
               with FBI counterparts to prepare the proposed authorization for the Attorney General’s review.
               Only after the Attorney General approved the request could the government direct the providers



               51  (U) See 50 U.S.C. § 1861(j) (“The Government shall compensate a person for reasonable expenses incurred for
               producing tangible things or providing information, facilities, or assistance in accordance with an order issued with
               respect to an application . . . or an emergency production . . . or otherwise providing technical assistance to the
               Government under this section or to implement the amendments made to this section by the USA FREEDOM Act of
               2015.”).
               52  (U) NSA Civil Liberties and Privacy Office, Transparency Report: The USA FREEDOM Act Business Records
               FISA Implementation (Jan. 15, 2016) (“NSA USA Freedom Act Transparency Report”).
               53  (U) NSA Notice to the Board (Aug. 30, 2019).
               54  (U) NSA Minimization Procedures for CDRs.
               55  (U) 50 U.S.C. § 1861(i); see also NSA briefing to the Board (May 23, 2019).

               56  (U) 50 U.S.C. § 1861(i); see also NSA briefing to the Board (May 23, 2019).

                                                             13


                                                TOP SECRET//SI//NOFORN
   11   12   13   14   15   16   17   18   19   20   21