Contact-Chaining Memo

(S//SI//REL) New Contact-Chaining Procedures to Allow Better, Faster AnalysisFROM: [redacted]

[redacted]

Run Date: 01/03/2011

(U//FOUO) Editor’s note: A briefing will be held on 7 January from 1000-1130 in the Friedman Auditorium at NSAW regarding the new procedures described below. All SID employees are welcome to attend.

(S//SI//REL) Analysts and Mission Managers: On 29 November, SIGINT [redacted] signed SID Management Directive (SMD) 424, which changes procedures regarding metadata analysis. Specifically, these new procedures permit contact chaining, and other analysis, from and through any selector, irrespective of nationality or location, in order to follow or discover valid foreign intelligence targets. (Formerly analysts were required to determine whether or not selectors were associated with US communicants.)

(U) The Impact
(S//SI//REL) These new procedures allow NSA to fully exploit communications metadata (which is strictly defined in the procedures), for foreign intelligence purposes, without the restrictions associated with selection of communications content. The impact of the new procedures is two-fold. In the first place it allows NSA to discover and track connections between foreign intelligence targets and possible 2nd Party or US communicants. In the second place it enables large-scale graph analysis on very large sets of communications metadata without having to check foreignness of every node or address in the graph. Analysts in S2 have used this to great benefit over the past year and a half under a pilot program.

(U) Compliance Issues
(S//SI//REL) SIGINT Management Directive 424 (“SIGINT Development -- Communications Metadata Analysis”) provides guidance on the NSA/CSS implementation of the “Department of Defense Supplemental Procedures Governing Communications Metadata Analysis” (SPCMA), as approved by the U.S. Attorney General and the Secretary of Defense. The SPCMA covers communications metadata collected under Executive Order 12333 authorities.

(S//SI//REL) As does any new authority or capability, the Supplemental Procedures (SPCMA) come with a cost in terms of additional care that we must take with respect to compliance responsibilities and obligations. The primary new responsibility is the requirement:

• to enter a foreign intelligence (FI) justification for making a query or starting a chain,

and

• to perform spot-checks of user queries.

Additionally, the analyst must remain cognizant of minimization procedures associated with retention and dissemination of US person information. SPCMA covers analytic procedures and does not affect existing procedures for collection, retention or dissemination of US person information.

(S/SI//REL) SPCMA obligations also include the need for additional training on what the procedures do and do not cover, advisory banners on SPCMA enabled metadata databases, query auditing, and annual reports to the Department of Justice. Details on this implementation are included in SMD-424.

(U) Next Steps
(S//SI//REL) In order to take advantage of the Supplemental Procedures (SPCMA), analysts will need to be identified for use of SPCMA through their mission-management chain and complete the online informational briefing. This will be managed through GATEKEEPER and/or the Account Admin processes. In addition to the required online informational briefing, a series of live information briefings are being planned. The first of these will be held in the Friedman Auditorium on 7 January from 1000-1130, and is open to all SID employees.

(C//REL) POCs: The A&P Product lines have identified the following individuals to be SPCMA POCs for their respective organizations. We anticipate that they will be conducting small group SPCMA sessions more tailored to their particular missions.

[redacted]

[redacted]

[redacted]

[redacted]

[redacted]

[redacted]

[redacted]

[redacted]

[redacted]

[redacted]

[redacted]

[redacted]

[redacted]

[redacted]

[redacted]

[redacted]

[redacted]

[redacted]

(U//FOUO) Please consult with your local POCs above, or (in the absence of one), you may contact [redacated], for information.