Release of the 20th Joint Assessment of Section 702 Compliance


Release of the 20th Joint Assessment of Section 702 Compliance

 

April 2, 2021

Today, the DNI, in consultation with the Department of Justice, is releasing in redacted form the 20th Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, Submitted by the then Attorney General and the Director of National Intelligence (“Joint Assessment”). This Joint Assessment covers the timeframe of December 2017 – May 2018. The DNI is releasing this semiannual assessment proactively, in keeping with the Principles of Intelligence Transparency for the Intelligence Community

The FISA Amendments Act of 2008, which was in effect during the reporting period for this 20th Joint Assessment, required the Attorney General and the DNI to assess compliance with Section 702 procedures over each six-month period and to submit such assessments to the Foreign Intelligence Surveillance Court (FISC) and relevant congressional committees.  A joint team of experts (the Joint Oversight Team) from DOJ and ODNI conduct these assessments.

The Joint Assessments describe the extensive measures the Government undertakes to ensure compliance with FISC-approved targeting and minimization procedures for Section 702; to accurately identify, record and correct errors; to take responsive actions to remove any erroneously obtained data; and to minimize the chances that mistakes will recur.  As was the case in past Joint Assessments, the Joint Oversight Team found in the 20th Joint Assessment that the agencies continued to implement the procedures in a manner that reflected a focused and concerted effort by IC personnel to comply with the requirements of Section 702.

In this semiannual assessment, DOJ and ODNI note that two types of compliance incidents drove the increase in the overall compliance incident rate to 4.39%.  Certain of the compliance incidents described in this assessment, including those regarding the Federal Bureau of Investigation (FBI) queries discussed below, have been described in other materials previously released to the public, most notably, the FISC’s October 2018 opinion addressing the Government’s annual certification of its Section 702 program.

As described in this and prior semiannual assessments, this overall compliance incident rate remains an imperfect proxy insofar as the rate compares the total number of compliance incidents (regardless of their cause) to the average number of tasked facilities (which may be unrelated to the number of certain types of compliance incidents, such as the number of times the acquired data was disseminated or queried erroneously).  To better promote oversight and inform the public’s understanding of compliance trends and their potential to affect privacy and civil liberties, this assessment therefore also includes narrative descriptions of compliance incidents and provides an additional metric that is specific to the compliance incident rate for National Security Agency (NSA) targeting decisions.

In the first category of incidents, one office in the NSA misunderstood how one of NSA’s tasking tools worked and did not appropriately review multiple accounts prior to tasking, which resulted in numerous accounts being incorrectly tasked.  The erroneously tasked accounts were detasked and the information collected from these taskings was purged.  After becoming aware of the incidents, NSA issued additional training to its personnel about the tasking requirements on the use of its tasking tools.

The second category of incidents involved misapplication by FBI personnel of the query standard in the FBI querying procedures.  Two events, each involving large numbers of queries conducted using FBI’s “batch query” tool (which allows FBI personnel to run numerous identifiers simultaneously), resulted in approximately 98% of the FBI’s compliance incidents. These two batch query incidents involved numerous queries conducted by the tool but pertained to a small subset of users.

Informed by these and other FBI query incidents, the FISC assessed the FBI’s use of query terms in opinions the court issued on October 18, 2018, September 4, 2019, and December 6, 2019.  In the 2018 opinion, the FISC found that the FBI’s querying procedures were not consistent with Section 702 or the Fourth Amendment in part because they did not require adequate documentation of justifications for U.S. person queries.   In response to the Court’s opinions, the FBI made system modifications necessary to meet query recordkeeping and documentation requirements and provided training on these new modifications.  The previously released December 2019 FISC opinion discusses these changes.  The FBI incidents discussed in this 20th Joint Assessment were reported to the FISC in a reporting period (December 2017 – May 2018) that preceded the 2018 and 2019 court opinions and the FBI’s implementation of these remedial actions.

ODNI has previously released a number of prior joint assessments, which may be found on IC on the Record and Intel.gov.


Below is today’s release, in redacted form:

20th Joint Assessment (dated November 2020): reporting period December 1, 2017-May 31, 2018