TAMI/End-to-End Semantic Accountability
12 February 2008
9:30am - 6pm
Possible National Security Scenario for Discussion
K. Krasnow Waterman
We have a research grant from IARPA -- Intelligence AdvancedResearch
Projects Activity -- and we are to produce a privacy accountability scenario
relevant to the Intelligence Community. Jim Hendler suggested we consider the
current controversy surrounding NSA telephone surveillance practices during a
six year period between 9/11 and August 2007. The exact details are not known
because some of the relevant information is classified. The NSA has
historically focused on "foreign intelligence" and the controversy is in
response to the disclosure that the NSA surveilled telephone and internet
communications to, from, or through the United States. Much of the
controversy is about which rules applied to each situation and, therefore,
whether the NSA was in compliance or in violation. Clearly, this controversy
is both of interest to the IC and directly addresses the topic of privacy
For more information, see Wikipedia
entry on NSA controversy.
Intelligence Surveillance Act (FISA) of 1978 regulates
physical and electronic surveillance for intelligence.
- Executive Order 12333 regulated US intelligence
activities since 1981.
- Executive Order 13355 amended the rules on August
- "What do you mean by production of foreign intelligence information?
NSA/CSS’s Signal Intelligence mission is to intercept and analyze
foreign adversaries' communications signals, many of which are protected
by codes and other complex countermeasures. We collect, process, and
disseminate intelligence reports on foreign intelligence targets in
response to intelligence requirements set at the highest levels of
Executive Order 12333 authorizes agencies of the intelligence
community to produce foreign intelligence and foreign counterintelligence
consistent with applicable U.S. law and with full consideration of the
rights of United States persons. The Order defines "foreign intelligence"
and "counterintelligence" as follows:
Foreign intelligence means information relating to the capabilities,
intentions, and activities of foreign powers, organizations or
Counterintelligence means information gathered and activities
conducted to protect against espionage, other intelligence activities,
sabotage, or assassinations conducted for or on international terrorist
groups or activities."
- "Does NSA/CSS unconstitutionally spy on Americans?
No. NSA/CSS performs SIGINT operations against foreign powers or
agents of foreign powers. It strictly follows laws and regulations
designed to preserve every American's privacy rights under the Fourth
Amendment to the United States Constitution. The Fourth Amendment
protects U.S. persons from unreasonable searches and seizures by the U.S.
government or any person or agency acting on behalf of the U.S.
The following scenarios are likely familiar - conflicting rules, outside data sources, fruit of the poisonous tree.
Also, to be considered are the identities of the requestors. A judge, a plaintiff's attorney, and a
federal agency's Inspector General will likely have different authorities.
- FISA Exclusivity: One of the issues in the controversy is which rules apply.
We could build a scenario showing how the compliance findings change depending upon a Court's finding. For
example, if a court finds that FISA is exclusive, there is one outcome and if the Constitution applies, there
is a different outcome. This would provide a radical innovation for how to address court orders deciding which
- FISA & US Constitution: Conversely, if FISA and the Constitution both apply, the reasoner will
need to understand which has supremacy if it has a conflict (or have the ability to ask for supremacy while
- US Persons: Another issue is whether data about US persons was obtained. A "US person"
is a US citizen or a foreign national who has been granted permanent resident status. To determine compliance
with the rule, the system would need to reach outside the transaction log (for example, to a DHS legal permanent
resident database or a State Department US passport database).
- Communication Outside the US: The NSA asserted that one party to each conversation was
outside the United States. As with the US Persons question, in order to determine compliance, the reasoner
would likely to reach to outside the transaction log for data that provides information (conclusive or
otherwise) about the source or terminus of a communication.
- Invalidating Other Outcomes: Some of the lawsuits arising from this controversy assert that
information used in prosecution is "fruit of the poisonous tree". We could create a scenario in which, following
a finding that a different rule applies crawls back to any log that called the rule.
- Classified/Unclassified Switch: The surveillance program was classified but a variety of
information is in the public domain. Should we build a scenario that shows the ability to have a separate
secured space to access for classified data and rules?
K. Krasnow Waterman
12 February 2008