Page 66 - pclob usa freedom
P. 66

TOP SECRET//SI//NOFORN



               II.     (U) Root Causes of the Compliance Incidents and Data-

                       Integrity Challenges


                       (U) The Board reviewed in detail each compliance incident or data-integrity problem
               reported during the program’s life.  We found no malfeasance or intentional abuse by NSA
               personnel in implementing this program.  Nor did we find any instance in which the agency
               intentionally sought to obtain information that it may not have been authorized to receive.  NSA
               personnel worked diligently to diagnose, report, and repair the problems encountered during the
               program’s operation and to delete erroneously provided information once it was discovered.

                       (U) The compliance incidents arose, with limited exception, 316  from issues that were
               latent in the records NSA received from the providers.  Phone companies’ billing systems are
               understandably designed to meet their own business needs.  By contrast, NSA’s mission of
               extracting reliable intelligence from these CDRs while complying with statutory restrictions,
               court orders, and other legal obligations required a high level of precision and certainty about the
               attributes of the data.

                       (U) While we found no intentional attempts to collect more data than authorized,
               unintentional over-collection, triggered by anomalies in the first-hop data returned by providers,
               proved a recurrent problem.  The program involved a complex, machine-to-machine technical
               architecture, with limited human intervention once initial, court-approved selection terms entered
               the system.  One side effect was that errors in the data could “cascade[] across large numbers of
               records, with lagging human awareness.” 317   In other words, the system, by design, automatically
               pulled in second-hop records before a human could evaluate the first-hop results.  With ordinary
               requests for one hop of CDRs, by contrast, a human FBI agent or analyst would review the initial
               results.  Before using any first-hop results to seek additional, second-hop records, that agent or
               analyst would work to distinguish meaningful connections from irrelevant or erroneous data,
               including by using information acquired under other legal authorities.

                       (U) By all accounts, NSA technical and analytical personnel demonstrated diligence and
               considerable ingenuity in uncovering, diagnosing, and working to repair each problem as it
               arose.  NSA also built checks into the system in an attempt to prevent collection errors before
               they occurred, and updated those checks as new problems were discovered. 318   The fact that
               irregularities continued despite these exertions reflects the unique technical and compliance
               challenges that attended this program.




               316  (U) See Part II(B).
               317  (U) Julian Sanchez, Senior Fellow, Cato Institute, Remarks at Privacy and Civil Liberties Oversight Board Public
               Forum on the USA Freedom Act (May 31, 2019).
               318  (U) See Part II(A).
                                                             63




                                                TOP SECRET//SI//NOFORN
   61   62   63   64   65   66   67   68   69   70   71