Page 60 - pclob usa freedom
P. 60

TOP SECRET//SI//NOFORN


               compliance. 292   Automated checks now ensure that analysts whose training has lapsed lose
               access to systems for which the training is required.
                       D.  (U) Transparency and Public Understanding


                       (U) Since the unauthorized disclosures by an NSA contractor in 2013, the intelligence
               community has taken important steps to enhance transparency, oversight, and compliance.  Some
               of these steps were initiated by NSA; others were mandated by Congress in the USA Freedom
               Act and other laws. 293

                       (U) As noted in Part I of the report, the CDR program was based on a publicly debated
               statute that clearly authorized the government to obtain records out to two hops from the target
               number on an ongoing basis. 294

                       (U) The plain text of the USA Freedom Act enabled Members of Congress, the media,
               outside experts and advocacy groups, and ordinary Americans to anticipate the broad attributes
               of the CDR collection that it authorized, even if specific operational details would remain
               classified.

                       (U) Further, the CDR program was subject to ongoing oversight from all three branches
               of government.  Outside NSA, these included the FISA court, congressional committees, and the
               Privacy and Civil Liberties Oversight Board.  NSA and the Department of Justice notified the
               FISA court, Congress, and the Board of compliance incidents and data-integrity issues as they
               were discovered. 295   NSA also issued several public disclosures about these issues over the life
               of the program and published a detailed, unclassified description of the program’s technical
               architecture shortly after it began. 296

                       (U) The government also provided quantitative data about its use of the CDR authority
               and the number of records NSA received.  Each year, beginning in 2014, ODNI has released an
               Annual Statistical Transparency Report that provides detailed information about the volume of
               collection and the number of targets surveilled under various authorities, including the USA

               292  (U) Cf. NSA/CSS Inspector General, Declassified Report on the Special Study of NSA Controls to Comply with
               the FISA Amendments Act §§ 704 and 705(b) Targeting and Minimization Procedures, ST-15-0005, at 7–8 (Jan. 7,
               2015) (citing reliance on “manual checks that analysts perform before querying data” as factor contributing to non-
               compliant queries).
               293  (U) See, e.g., USA Freedom Act, Pub. L. No. 114-123, 129 Stat. 268, §§ 401–02, 502, 601–05 (June 2, 2015).
               294  (U) 50 U.S.C. § 1861(b)(2)(C), (c)(2)(F); see also H.R. Rep. 114-109, at 17 (May 8, 2015).
               295  (U) External oversight was relevant to several principles: it enhanced the program’s transparency, helped to
               ensure data quality, and made provided accountability.  See The White House, National Strategy for Trusted
               Identities in Cyberspace, Appendix A (Apr. 2011).

               296  (U) NSA USA Freedom Act Transparency Report.

                                                             57


                                                TOP SECRET//SI//NOFORN
   55   56   57   58   59   60   61   62   63   64   65