Page 19 - pclob usa freedom
P. 19
TOP SECRET//SI//NOFORN
75
of a subscriber or customer, or cell-site location or global positioning system information.
NSA represents that, since the start of the program in November 2015, it never received any
76
prohibited categories of information from providers under the program.
(U) NSA then used System 1 to check the validity of CDRs produced by the providers.
Among other things, the system checked the code indicating the FISA court order to ensure the
77
collection occurred pursuant to a valid order. This step did not allow NSA to verify that the
CDR accurately described a phone call that had in fact occurred, or that the data did not contain
78
errors. Rather, NSA used this validation effort to ensure that the CDR fields were plausible—
that is, it sought to detect when, on its face, a CDR could not have been a valid response to the
specific selection term. For example, if a field should have a date, NSA systems confirmed there
was a valid and appropriate date in that field. In other fields, NSA systems checked for a
particular number of digits or a particular formatting, with the goal of ensuring the CDRs were
properly formatted and not facially incorrect. If one of these validation checks failed—for
79
example, a field that should have a date did not have one—the records were held for review by
technical personnel to identify the nature of the anomaly. This prevented NSA analysts from
80
accessing certain types of potentially unauthorized or incorrect CDRs.
(U) If the CDRs from the provider passed the validation steps, they were passed by
System 1 into other repositories, including the internal metadata repository, where they could be
81
accessed by NSA analysts. NSA regularly checked its internal repository to obtain further
CDRs. Related CDRs associated with a specific selection term (first-hop CDRs) were
82
automatically distributed to the other providers to obtain second-hop records. Similarly, first-
75 (U) 50 U.S.C. § 1861(k)(3)(B) (“The term ‘call detail record’ . . . does not include the contents . . . of any
communication; the name, address, or financial information of a subscriber or customer; or cell site location or
global positioning system information.”).
76 (U) NSA briefing to the Board (May 23, 2019).
77 (U) See NSA USA Freedom Act Transparency Report at 14 (“NSA’s minimization procedures . . . require the
Agency to inspect CDRs received from a provider through manual and/or automated means to confirm that the
CDRs are responsive to the FISC’s production order.”); NSA briefing to the Board (Mar. 26, 2019).
78 (U) The system did not enable NSA to verify the accuracy of the records maintained by the providers
themselves—a reason it took years to discover the data-integrity issues discussed in Part II(B) of this report. See
NSA USA Freedom Act Transparency Report at 14 (“NSA plays no role in ensuring that the provider-generated
CDRs accurately reflect the calling events that occurred over the provider’s infrastructure[.]”); NSA briefing to the
Board (May 23, 2019).
79 (U) See NSA USA Freedom Act Transparency Report at 5; NSA briefing to the Board (Mar. 26, 2019).
80 (U) See NSA USA Freedom Act Transparency Report at 5; NSA briefing to the Board (Mar. 26, 2019).
81 (U) See NSA USA Freedom Act Transparency Report at 5–8; NSA briefing to the Board (Jan. 23, 2019).
82 (U) See NSA USA Freedom Act Transparency Report at, 5–8; NSA briefing to the Board (Jan. 23, 2019).
16
TOP SECRET//SI//NOFORN
