BULK COLLECTION OF |
Committee on Responding to Section 5(d) of
Presidential Policy Directive 28:
The Feasibility of Software to Provide Alternatives to
Bulk Signals Intelligence Collection
Computer Science and Telecommunications Board
Division on Engineering and Physical Sciences
NATIONAL RESEARCH COUNCIL
OF THE NATIONAL ACADEMIES
THE NATIONAL ACADEMIES PRESS
Washington, D.C.
THE NATIONAL ACADEMIES PRESS 500 Fifth Street, NW Washington, DC 20001
NOTICE: The project that is the subject of this report was approved by the Governing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competences and with regard for appropriate balance.
Support for this project was provided by the Office of the Director for National Intelligence, Contract Number 2014-14041100003-001. Any opinions, findings, conclusions, or recommendations expressed in this publication are those of the author(s) and do not necessarily reflect the views of the organizations or agencies that provided support for the project.
International Standard Book Number 13: 978-0-309-32520-2
International Standard Book Number 10: 0-309-32520-X
Library of Congress Control Number: 2015933164
This report is available from
Computer Science and Telecommunications Board
National Research Council
500 Fifth Street, NW
Washington, DC 20001
Additional copies of this report are available from the National Academies Press, 500 Fifth Street, NW, Keck 360, Washington, DC 20001; (800) 624-6242 or (202) 334-3313; http://www.nap.edu.
Copyright 2015 by the National Academy of Sciences. All rights reserved.
Printed in the United States of America
THE NATIONAL ACADEMIES
Advisers to the Nation on Science, Engineering, and Medicine
The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal government on scientific and technical matters. Dr. Ralph J. Cicerone is president of the National Academy of Sciences.
The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its members, sharing with the National Academy of Sciences the responsibility for advising the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievements of engineers. Dr. C. D. Mote, Jr., is president of the National Academy of Engineering.
The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Victor J. Dzau is president of the Institute of Medicine.
The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy’s purposes of furthering knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in providing services to the government, the public, and the scientific and engineering communities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Ralph J. Cicerone and Dr. C. D. Mote, Jr., are chair and vice chair, respectively, of the National Research Council.
COMMITTEE ON RESPONDING TO SECTION 5(D) OF
PRESIDENTIAL POLICY DIRECTIVE 28:
THE FEASIBILITY OF SOFTWARE TO PROVIDE ALTERNATIVES
TO BULK SIGNALS INTELLIGENCE COLLECTION
ROBERT F. SPROULL, University of Massachusetts, Amherst, Chair
FREDERICK R. CHANG, Southern Methodist University
WILLIAM H. DUMOUCHEL, Oracle Health Sciences
MICHAEL KEARNS, University of Pennsylvania
BUTLER W. LAMPSON, Microsoft Corporation
SUSAN LANDAU, Worcester Polytechnic Institute
MICHAEL E. LEITER, Leidos
ELIZABETH RINDSKOPF PARKER, University of the Pacific, McGeorge School of Law
PETER J. WEINBERGER, Google, Inc.
Staff
ALAN SHAW, Air Force Studies Board, Study Director
HERBERT S. LIN, Chief Scientist, CSTB
JON EISENBERG, Director, CSTB
ERIC WHITAKER, Senior Program Assistant, CSTB
COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD
ROBERT F. SPROULL, University of Massachusetts, Amherst, Chair
LUIZ ANDRÉ BARROSO, Google, Inc.
STEVEN M. BELLOVIN, Columbia University
ROBERT F. BRAMMER, Brammer Technology, LLC
EDWARD FRANK, Brilliant Lime and Cloud Parity
SEYMOUR E. GOODMAN, Georgia Institute of Technology
LAURA HAAS, IBM Corporation
MARK HOROWITZ, Stanford University
MICHAEL KEARNS, University of Pennsylvania
ROBERT KRAUT, Carnegie Mellon University
SUSAN LANDAU, Worcester Polytechnic Institute
PETER LEE, Microsoft Corporation
DAVID E. LIDDLE, US Venture Partners
BARBARA LISKOV, Massachusetts Institute of Technology
JOHN STANKOVIC, University of Virginia
JOHN A. SWAINSON, Dell, Inc.
ERNEST J. WILSON, University of Southern California
KATHERINE YELICK, University of California, Berkeley
Staff
JON EISENBERG, Director
VIRGINIA BACON TALATI, Program Officer
SHENAE BRADLEY, Senior Program Assistant
RENEE HAWKINS, Financial and Administrative Manager
HERBERT S. LIN, Chief Scientist
LYNETTE I. MILLETT, Associate Director
ERIC WHITAKER, Senior Program Assistant
For more information on CSTB, see its Web site at http://www.cstb.org, write to CSTB, National Research Council, 500 Fifth Street, NW, Washington, DC 20001, call (202) 334-2605, or e-mail the CSTB at cstb@nas.edu.
This page intentionally left blank.
Preface
In January 2014, the President addressed the nation and the broader global community to explain U.S. policy regarding the collection of foreign intelligence. Shortly thereafter, the White House released Presidential Policy Directive 28 (PPD-28), in which Section 5(d) requested the Director of National Intelligence (DNI) to “assess the feasibility of creating software that would allow the IC more easily to conduct targeted information acquisition [of signals intelligence] rather than bulk collection.”1
The Office of the Director of National Intelligence (ODNI) then asked the National Academies to form a committee to study this question, and discussions led to the charge to the committee shown in Box P.1. Note that the charge does not request recommendations, and the analysis and conclusions of the Committee on Responding to Section 5(d) of Presidential Policy Directive 28: The Feasibility of Software to Provide Alternatives to Bulk Signals Intelligence Collection are made with this in mind.
The committee assembled for this study included individuals with expertise in national security law; counterterrorism operations; privacy and civil liberties as they relate to electronic communications; data mining; large-scale systems development; software development; Intelligence Community (IC) needs as they relate to research and development; and networking and social media. See Appendix C for biographical information.
______________
1 The White House, Presidential Policy Directive/PPD-28, “Signals Intelligence Activities,” Office of the Press Secretary, January 17, 2014, http://www.whitehouse.gov/sites/default/files/docs/2014sigint_mem_ppd_rel.pdf.
BOX P.1
The Charge to the Committee
A committee appointed by the National Research Council will assess “the feasibility of creating software that would allow the U.S. intelligence community more easily to conduct targeted information acquisition rather than bulk collection,” as called for in section 5(d) of Presidential Policy Directive 28. To the extent possible, it will consider the efficacy, practicality, and privacy implications of alternative software architectures and uses of information technology, and explore tradeoffs among these aspects in the context of representative “use cases.” The study will consider a broad array of communications modalities, e.g., phone, email, instant message, and so on. It will not address the legality or value of signals intelligence collection. The study will identify and assess options and alternatives but will not issue recommendations.
Specifically, the committee will address the following:
1. What are a small set of representative use cases within which one can explore alternative software architectures and uses of information technology, and consider trade-offs?
2. What is the current state of the software technology to support targeted information acquisition? What are feasible and likely trajectories for future relevant software development; near, mid, and far term? What are possible technology alternatives to bulk collection in the context of the use cases?
3. What are relevant criteria or metrics for comparing bulk collection to targeted collection (e.g. effectiveness, response time, cost, efficacy, practicality, privacy impacts)?
4. What tradeoffs arise with the technology alternatives analyzed in the context of the use cases and criteria/metrics?
5. How might requirements for information collection be altered in light of this analysis?
6. What uncertainties are associated with the assumptions and analyses, and how might they affect the basis for decisions?
With 5 months from study inception to delivery, the study committee was not blessed with a luxury of time. The committee sought to be responsive to the context in which the report was requested. In general terms, the committee saw its mission as exploring whether technological software-based alternatives to bulk collection might be identified in order to retain, to the extent possible, current intelligence capabilities while intruding less on parties that are not of known or potential interest to the IC. The legal protections provided by the Fourth Amendment and legislation such as the Foreign Intelligence Surveillance Act distinguish between foreign and U.S. persons; a factor that informed the committee’s thinking.
The technological focus of this report is not limited to the metadata of domestic telephone communications, even though most public controversy has been pointed in this direction. Nor is the legal environment presumed to be only that governed by Section 215 of the Foreign Intelligence Surveillance Act—the legal authority under which the collection of telephone metadata has occurred. This report addresses the question of alternatives to bulk collection, without regard to the specific authorities and restrictions that control the various types of bulk collection. The types of communications of potential interest include any type of electronic communication. In the committee’s view, signals intelligence has come to embrace almost any data stored on an electronic device. In a future that contains the Internet of Things, the scope will be even greater.
Furthermore, the committee chose to interpret its technological mandate broadly by considering a variety of approaches to reducing the degree of intrusiveness into the affairs of parties that are not of interest for intelligence purposes. Broadly, these approaches include the following:
• Collecting and/or storing less information,
• Better protecting the information that is collected or stored against theft or compromise, and
• Rigorously enforcing the rules governing use of collected or stored information.
Following its charge, the committee tried to confine its attention to technical aspects of signals intelligence and to avoid straying into legal and policy matters as much as possible. Despite this focus, there are areas of overlap and interdependence. For example, the more complex the rules and regulations established by policy and law, the more difficult it is to use automation to enforce them.
The situation with respect to bulk collection was a moving target during the time the report was written. During the final several weeks when the committee was responding to reviewers’ comments, the Senate considered the USA Freedom Act (S.2685); this bill would have changed the collection of bulk business records. Providing value in this report meant focusing on collection options and their implications, rather than more narrowly tailoring the discussion to what the law presently provides. Thus the committee did not attempt, for example, to discuss what the implications of the proposed legislation might be on collection.
ODNI requested an unclassified report, with a classified annex if necessary. Nothing learned in classified briefings changed the committee’s view or provided information essential to understanding the most important points of this report. The committee thus produced an entirely unclassified report, with no classified annex. The committee believes this
unclassified report suffices to answer its charge to the best of its ability. One consequence of this approach is that some details must be omitted to protect sources and methods that the IC rightly guards with care.
An unclassified report risks being overtaken by newly declassified material. As this report was being finalized, documents were being declassified by the IC (see http://icontherecord.tumblr.com/) and released as a result of Freedom of Information Act requests. As a result, numerous omissions are bound to appear in the report; these omissions are not expected to change the committee’s fundamental arguments, although new information may change details along the way.
The committee met six times in person, with the first meeting in mid-June 2014, and held numerous conference calls. Open sessions during its meetings were devoted to briefings from outside parties, and closed sessions were devoted to committee deliberations.
ACKNOWLEDGMENTS
The complexity and classified aspects of the issues explored in this report meant that the committee had much to learn from its briefers. The committee is grateful to many parties for presentations on:
• June 30-July 2, 2014. Joel Brenner (Joel Brenner LLC, the Chertoff Group, and former Inspector General, National Security Agency [NSA]), Carmen Medina (Deloitte Consulting LLP and former Deputy Director for Intelligence, Central Intelligence Agency [CIA]), Mark Maybury (The MITRE Corporation), General Keith B. Alexander (retired), Chris Inglis (former Deputy Director, National Security Agency), Wesley Wilson (ODNI/National Counterterrorism Center), Robert Brose (ODNI), William Crowell (Alsop-Louie Partners), Stephanie O’Sullivan (ODNI), David Honey (ODNI), and Marjory Blumenthal (Office of Science and Technology Policy).
• August 4-6, 2014. Jeff Jonas (IBM), Mark Lowenthal (Intelligence and Security Academy), and Philip Mudd (New America Foundation, Mudd Management, and former Deputy Director, CIA Counterterrorism Center).
• August 27-29, 2014. David Grannis (Senate Select Committee on Intelligence) and Kate Martin (Center for National Security Studies).
• September 8-10, 2014. Alexander Joel (ODNI), J.C. Smart (Georgetown University), Peter Highnam (Intelligence Advanced Research Projects Activity), and members of the Privacy and Civil Liberties Oversight Board.
The committee requested but did not receive comments from the American Civil Liberties Union, the Electronic Frontier Foundation, and the Electronic Privacy Information Center.
The committee appreciates the support of David Honey (Assistant Deputy Director of National Intelligence for Science and Technology [ADDNI/S&T]), Steven D. Thompson (Senior S&T Advisor), John C. Granger (Senior Advisor to the ADDNI/S&T), and their colleagues from ODNI who helped make this study possible and the many officials of ODNI and NSA who briefed the committee or answered its questions. In addition, the committee acknowledges the intellectual contributions of its staff, Alan Shaw (Study Director, Air Force Studies Board), Herbert S. Lin (Chief Scientist, Computer Science and Telecommunications Board [CSTB]), and Jon Eisenberg (Director, CSTB); consultants Alex Gliksman (AGI Consulting, LLC), M. Anthony Fainberg (Institute for Defense Analyses), and Allan Friedman (George Washington University); and Eric Whitaker (Senior Program Assistant, CSTB), who provided administrative support.
THE COMMITTEE’S PERSPECTIVE ON ITS CHARGE
This report is part of the national discussion about the balance between the powers of government and the rights of the governed, as the government tries to carry out its constitutionally mandated responsibilities. As indicated above, the committee was asked a question about technology. Accordingly, this report emphasizes technology but also attends to the need for effective and trustworthy processes, even as more sophisticated technologies are developed. But neither technology nor process—alone or together—can guarantee the proper balance between collective and individual security.
This page intentionally left blank.
Acknowledgment of Reviewers
This report has been reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise, in accordance with procedures approved by the National Research Council’s Report Review Committee. The purpose of this independent review is to provide candid and critical comments that will assist the institution in making its published report as sound as possible and to ensure that the report meets institutional standards for objectivity, evidence, and responsiveness to the study charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process. We wish to thank the following individuals for their review of this report:
Steven M. Bellovin, Columbia University,
Joel F. Brenner, Joel Brenner LLC,
Fred H. Cate, Indiana University,
George R. Cotter, Isologic, LLC,
William P. Crowell, Alsop Louie Partners,
Michael V. Hayden, Chertoff Group,
Raymond Jeanloz, University of California, Berkeley,
Anita K. Jones, University of Virginia,
Orin S. Kerr, George Washington University,
Peter Lee, Microsoft Research,
Kate Martin, Center for National Security Studies, and
Cynthia Storer, Coastal Carolina University.
Although the reviewers listed above have provided many constructive comments and suggestions, they were not asked to endorse the report’s conclusions, nor did they see the final draft of the report before its release. The review of this report was overseen by Samuel H. Fuller, Analog Devices, Inc., and William H. Press, University of Texas, Austin. Appointed by the National Research Council, they were responsible for making certain that an independent examination of this report was carried out in accordance with institutional procedures and that all review comments were carefully considered. Responsibility for the final content of this report rests entirely with the authoring committee and the institution.
Contents
1.2 Presidential Speech of January 2014 and PPD-28
1.4.1 The U.S. Constitution and the Legal and Regulatory Framework
1.4.2 Policy and Practical Controls
1.4.3 Legal Authorities for Collection and Use of Information
2.1 A Conceptual Model of the Signals Intelligence Process
2.2 Bulk and Targeted Collection
2.3 Definitions of Critical Terms
3.2 Finding Alternate Identifiers
3.2.4 How Metadata Are Used in Finding Alternate Identifiers
3.3.1 Use Case 4—Extension of the Scenario
3.3.2 Use Case 5—The Immediate Response After a Terrorist Incident
3.3.3 How Metadata Are Used in Triage
4.1.1 Information about the Past
4.1.5 Increasing the Likelihood That Needed Information Is Available
4.2 Alternatives to Bulk Collection
5 CONTROLLING USAGE OF COLLECTED DATA
5.1 Why It Is Important to Control Usage
5.4.2 Restricting Queries Automatically
5.4.3 Audit/Oversight Automation
6.1 The Future of Signals Intelligence
6.1.1 More Data, Data Types, and Sensors; More Computing and Storage
6.3.1 Technologies for Isolation
6.3.2 Other Technologies for Protecting Data Privacy
6.3.3 Approving Queries and Their Results Automatically
6.3.4 Audit/Oversight Automation
6.3.5 Formal Expression of Laws and Regulations
6.3.7 Measuring Effectiveness of Intelligence Techniques and the Value of Data
6.4 Engagement with the Research Community
A Observations about the Charge to the Committee
C Biographical Information for Committee Members, Consultants, and Staff