Bulk Collection of Signals Intelligence Technical Options (2015) / Chapter Skim
Currently Skimming:
Summary
Summary
Pages 1-12
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 1... ...
These responses include other activities called for in PPD-28 as well as in a study of big data and privacy by the President's Council of Advisors on Science and Technology that is largely focused on civilian applications.2 1 The White House, Presidential Policy Directive/PPD-28, "Signals Intelligence Activities," Office of the Press Secretary, January 17, 2014, http://www.whitehouse.gov/sites/default/ files/docs/2014sigint_mem_ppd_rel.pdf. 2 President's Council of Advisors on Science and Technology, Big Data and Privacy: A Techno logical Perspective, Executive Office of the President, May 2014, http://www. hitehouse.gov/ w sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy_-_may_2014.pdf.
|
From page 2... ...
The IC prefers targeted collection because it narrows its attention as much as possible during collection to use its limited resources efficiently, to comply with rules about what is allowed, and to limit intrusions on privacy. This report, like PPD-28, focuses on a subset of SIGINT, a broad subset termed "communications or information about communications."5 This includes electronic communications between people and those between people and services such as Internet search providers, message services, and banks.
|
From page 3... ...
8 For recent reports that deal with policy associated with signals collection, see two re ports from the Privacy and Civil Liberties Oversight Board: Report on the Telephone Records Program Conducted under Section 215 of the USA Patriot Act and on the Operations of the Foreign Intelligence Surveillance Court, January 23, 2014, http://www.pclob.gov/library/215-Report_ on_the_Telephone_Records_Program.pdf, and Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, July 2, 2014, http://www. pclob.gov/library/702-Report.pdf.
|
From page 4... ...
Narrowing applies to choosing signals from which to extract data, filtering the extracted data, querying collected data, and disseminating the results. For example, for domestic telephony metadata collected in bulk under the authority of FISA Section 215, a query is allowed only when 10 The sources of the signals are a separate topic that the committee did not consider, although some examples are given later in the report.
|
From page 5... ...
Often, queries on bulk collections are sufficiently constrained that very little of the collected data is ever Figure S-1 examined. Additional rules usually require collected data to be destroyed after a certain time.
|
From page 6... ...
If past events become interesting in the present -- because of new circumstances such as identifying a new target, a nonnuclear nation that is now pursuing the development of nuclear weapons, an individual who is found to be a terrorist, or new intelligence-gathering priorities -- then historical events and the data they provide will be available for analysis only if they were previously collected. If it is possible to do targeted collection of similar events in the future, and if they happen soon enough, then the past events might not be needed.
|
From page 7... ...
The next section outlines the key technical elements required to control and automate usage. TECHNICAL ELEMENTS OF AUTOMATED CONTROLS An automated system for controlling usage of bulk data with high assurance has three parts: isolating bulk data so that it can be accessed only in specific ways, restricting the queries that can be made against it, and auditing the queries that have been done.
|
From page 8... ...
Auditing usage of bulk data is essential to enforce privacy protections. Isolation provides confidence that every query is permanently logged and that the log cannot be altered.
|
From page 9... ...
Automation of auditing is an area that has been neglected by government, industry, and academia. Automated controls and auditing of SIGINT data held and accessed securely may allow sufficiently thorough unclassified inspection of the privacy-protecting mechanisms of the SIGINT process to allay privacy and civil liberty concerns.
|
From page 10... ...
13The FISA Section 215 program collects "only a small percentage of the total telephony metadata held by service providers" (President's Review Group on Intelligence and Communications Technologies, Liberty and Security in a Changing World, 2013, p.
|
From page 11... ...
15 See also Ibid., Recommendation 3. 16 Examples of manual procedures for target approval are in National Security Agency, NSA's Civil Liberties and Privacy Protections for Targeted SIGINT Activities Under Executive Order 12333, NSA Director of Civil Liberties and Privacy Office Report, October 7, 2014, https://www.nsa.gov/civil_liberties/_files/nsa_clpo_report_targeted_EO12333.pdf.
|
From page 12... ...
New uses by the government of private-sector databases would also raise new privacy and civil liberties questions. Advanced targeting methods may require a great deal of computing, so that filters should be cascaded to first apply cheap tests, followed by more expensive filters only if earlier filters warrant.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.