Page 25 - pclob usa freedom
P. 25

TOP SECRET//SI//NOFORN


               recalled the improperly shared CDR information.  No additional improper access occurred
               during the duration of the program.

                              2.     (U) Data-Integrity Issues


                       (U) Beginning in 2017 and continuing until the program’s suspension in 2019, NSA
               sought to diagnose and overcome complex data-integrity issues in the CDRs produced by phone
               companies, which implicated a large number of records. 115   The government’s notices to the
               FISA court described these issues.  This section summarizes NSA’s repeated discovery of
               anomalies in the data it received and the agency’s response to these incidents.

                                     a.     (U) Production of Inaccurate First-Hop Numbers

                       (TS//SI//NF) In the first data-integrity incident, a provider produced inaccurate first-hop
               numbers to NSA in a subset of CDRs.  The provider’s system had been incorrectly populating
               terminating numbers (the field for a number used by the party receiving a call) with

               While System 1 was designed to detect data which may not be authorized for collection, these
               non-responsive                                                  similarly to data regularly
               accepted by System 1.  Accordingly, the system did not reject the data and instead requested
               second-hop records using the erroneous first-hop response.  As a consequence, NSA requested
               records numbers “one hop” away from the                    .
                       (TS//SI//NF) While investigating this incident, the provider identified a separate incident:
                                       records incorrectly produced to NSA as a result of a
                                  .  This error was separate from the errors related to the
                        .

                       (TS//SI//NF) The provider implemented a technical solution to prevent incorrect CDRs
               from being delivered to NSA.  NSA identified and purged CDRs that contained these
                             terminating numbers.  NSA did not identify any incorrect CDRs that were used in
               an application to the FISA court or as the source of reporting.

                                     b.     (TS//SI//NF) Production of Inaccurate Data Associated with

                       (TS//SI//NF) In another data-integrity incident, a provider produced to NSA almost
                                    CDRs with inaccurate data.  The inaccurate data was populated by the
               provider’s CDR production system, which assembles the data into CDRs,
                        Specifically, when
                                                                                             .  These
               inaccurate CDRs were created by the provider’s CDR production system over a two year period.



               115  (U) This large number of records reflected a fraction of one percent of the overall collection.
                                                             22


                                                TOP SECRET//SI//NOFORN
   20   21   22   23   24   25   26   27   28   29   30