(…) “On January 7, 2016, the NSA Inspector General, George Ellard, released a report on NSA Controls & FISA compliance. Starting on page ii:
Agency controls for monitoring query compliance have not been completely developed.
The Agency has no process to reliably identify queries performed using selectors associated with 704 and 705(b) targets.
The rest of the highlights are fully redacted. But more information lay within the report (pages 6-7):
We identified another [redacted] queries that were performed outside the targeting authorization periods in E.O. 12333 data, which is prohibited by the E.O. 12333 minimization procedures. We also identified queries performed using USP selectors in FAA §702 upstream data, which is prohibited by the FAA §702 minimization procedures.
Downstream collection involves the government acquiring data from the companies providing service to the user – like Google or Facebook.
However, some Section 702 collection is obtained via “upstream” collection.
In simple parlance, upstream collection means the NSA accesses the high capacity fiber optic cables that carry Internet traffic and copies all the data flowing through those cables.
The agency is then supposed to filter out any “wholly domestic” communications that are between Americans located in the U.S.
Data collected “incidentally” on U.S. Citizens is generally not destroyed. It is minimized. As we will see later, this became a problem.
Intelligence Agencies can then search the data using “To”, “From” or “About” queries on a target of Section 702 collection.
“About” queries are particularly worrisome.
They occur when the target is neither the sender nor the recipient of the collected communication – but the target’s selector, such as an email address, is being passed between two other communicants.
For more information see, FISA Surveillance – Title I & III and Section 702.”
(…) “About” queries were abruptly halted by NSA Director Mike Rogers on October 20, 2016. This was formally announced by the NSA on April 28, 2017.
The events leading to this decision are described in this post.
Which brings us to a table from the Inspector General’s Report.
Table 3 (page 7) shows four types of violations. The most frequent violation – 5.2% of the total – came from Section 702 upstream “About” queries.
The Inspector General’s Report is heavily redacted – but even a casual reading indicates there were significant compliance and control issues within the NSA regarding the use of Section 702 data.
It’s unclear if NSA Director Rogers discovered the 702 violations and reported them in early 2015, or if it was the Inspector General who found them. Either way, Rogers became aware of Section 702 violations sometime in 2015.
Following NSA Inspector General Ellard’s report, Rogers implemented a tightening of internal rules at the NSA.
However, the NSA Inspector General’s report and Roger’s tightening of internal rules did not halt the Query Compliance Problems.
Outside Agencies – specifically the DOJ’s National Security Division and the FBI’s Counterintelligence Division – were still routinely violating Section 702 procedures.
In 2015, DOJ Inspector General Michael Horowitz (not to be confused with NSA IG Ellard) specifically requested oversight of the National Security Division. Deputy Attorney General Sally Yates responded with a 58 page Memorandum, that effectively told the Inspector General to go pound sand.
As noted earlier, John Carlin was the Head of the DOJ’s National Security Division and was responsible for filing the Government’s proposed 2016 Section 702 certifications.
This filing would be subject to intense criticism from the FISA Court following disclosures made by NSA Director Rogers. Significant changes to the handling of raw FISA data would result.
Bill Priestap remains the Head of the FBI’s Counterintelligence Division – appointed by FBI Director Comey in December 2015. See: FBI Counterintelligence Head Bill Priestap – A Cooperating Witness.”
(…) “On October 20 2016, Rogers was briefed by the NSA compliance officer on findings from the 702 NSA compliance audit. The audit had uncovered numerous “About” Query violations (Senate testimony).
On October 21, 2016, Rogers shut down all “About Query” activity. He reported his findings to the DOJ (Senate testimony & inferences from Court Ruling).
On October 21 2016, the DOJ & FBI seek and receive a Title I FISA probable cause order authorizing electronic surveillance on Carter Page from the FISA Court. At this point, the FISA Court is unaware of the Section 702 violations.
On October 24, 2016, Rogers verbally informed the FISA Court of his findings (Page 4 of Court Ruling). (Read more: themarketswork, 4/05/2018)
(Timeline editor’s note: Jeff Carlson at themarketswork.com, has done a remarkable job of reading the fine print and highlighting key details from Senate testimony, the NSA Inspector General’s report, and the FISC report that followed NSA Director Mike Rogers disclosure of 702 violations. This is a snippet of Carlson’s very informative piece and he has been kind enough to allow me to post far more than what Fair Use would normally allow. Please don’t miss the rest of his easy to understand, in-depth report.)