Release of the 21st Joint Assessment of Section 702 Compliance

Release of the 21st Joint Assessment of Section 702 Compliance

August 10, 2021

Today, the DNI, in consultation with the Department of Justice, is releasing in redacted form the 21st Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, Submitted by the then Attorney General and the Director of National Intelligence (“Joint Assessment”). This Joint Assessment covers the timeframe of June 1, 2018, through November 30, 2018. The DNI is releasing this semiannual assessment proactively, in keeping with the Principles of Intelligence Transparency for the Intelligence Community.

The FISA Amendments Act of 2008, which was in effect during the reporting period for this 21st Joint Assessment, required the Attorney General and the DNI to assess compliance with Section 702 procedures over each six-month period and to submit such assessments to the Foreign Intelligence Surveillance Court (FISC) and relevant congressional committees. A joint team of experts (the Joint Oversight Team) from DOJ and ODNI conduct these assessments.

The Joint Assessments describe the measures the Government undertakes to ensure compliance with FISC-approved targeting, minimization, and querying procedures for Section 702; to accurately identify, record and correct errors; to take responsive actions to remove any erroneously obtained data; and to minimize the chances that mistakes will recur. As was the case in past Joint Assessments, the Joint Oversight Team found in the 21st Joint Assessment that the agencies continued to implement the procedures in a manner that reflected a focused and concerted effort by Intelligence Community (IC) personnel to comply with the requirements of Section 702.

As with prior semiannual assessments, this assessment provides an overall compliance incident rate that includes all categories of incidents from all of the agencies responsible for implementing Section 702. However, as previously explained, the overall compliance incident rate remains an imperfect proxy insofar as the rate compares the total number of compliance incidents (regardless of their cause) to the average number of tasked facilities (which may be unrelated to the number of certain types of compliance incidents, such as the number of times the acquired data was disseminated or queried improperly).

The imperfections of this rate are particularly evident in this reporting period’s rate of 33.54%, which was significantly impacted by a single type of incident (batch queries), and in particular one incident conducted by a single individual. When these improper queries are excluded from the compliance incident rate, the overall rate is generally consistent with the rates reported in previous periods.  To better promote oversight and inform the public’s understanding of compliance trends and their potential to affect privacy and civil liberties, this assessment therefore also includes narrative descriptions of the types of compliance incidents that occurred and provides an additional metric that is specific to the compliance incident rate for NSA targeting decisions, which was 0.20% [1] for this reporting period.

For this joint assessment, FBI’s query compliance incident rate was largely the consequence of a single batch query that did not meet the appropriate standard and included more than 100,000 queries, each of which constituted a separate incident. That batch query resulted in about 97% of the total IC-wide compliance incidents identified by NSD’s sampling and oversight. It is worth noting that none of those queries actually returned any Section 702 collection. A second incident involving another batch query resulted in just under 2,000 improper queries. Together, the two incidents made up almost 99% of the IC’s compliance incidents and resulted in the significant increase in the overall compliance incident rate, as noted above.

The period covered by this 21st Joint Assessment, during which these incidents occurred, preceded the FBI’s implementation of remedial actions taken within the past few years to enhance compliance with the applicable query standard. In its 2018, 2019, and 2020 Section 702 opinions addressing the Government’s annual certification of its Section 702 program, the FISC discussed certain FBI query compliance incidents. In its 2018 Section 702 opinion addressing the Government’s annual certification of its Section 702 program, which followed the period covered by this 21st Joint Assessment, the FISC found that the FBI’s querying procedures were not consistent with Section 702 or the Fourth Amendment in part because they did not require adequate documentation of justifications for U.S. person queries. In response to the Court’s opinion, as well as opinions in 2019 and 2020, the FBI made system modifications necessary to meet query recordkeeping and documentation requirements and provided training on these new modifications. The previously released December 2019 and November 2020 FISC opinions discuss the measures FBI has taken to address the query compliance issues.

ODNI has previously released a number of prior joint assessments, which may be found on IC on the Record and

Below is today’s release, in redacted form:

21st Joint Assessment (dated March 2021): reporting period June 1, 2018-November 30, 2018

[1] Due to a typographical error, the report incorrectly indicates at page 6 that this incident rate was .22%. The correct percentage, .20%, can be found at page 40 of the Joint Assessment.