Special Study of NSA Controls to Comply with Signals Intelligence Retention Requirements

Document Date: 

Thursday, December 12, 2019

Document Notes: 

 

FINDING 1: NSA’s Primary ContentRepositoryHas Retained a Small Percentage of a Large Number of SIGINT Data Objects beyondLegal and Policy Retention Limits

 

FINDING 2: Retention Guidance Is Outdated

 

FINDING 3: Oversight Supporting Retention Compliance Is Insufficient

 

FINDING 4: The Policy Instruction for Early Age-Off of Raw SIGINT is Unclear

 

Conclusion

The OIG’s findings in this review reflect significant risks for noncompliance with legal and policy requirements governing the retention of SIGINT data. Those requirements include established minimization procedures for NSA SIGINT authorities, meaning that the deficiencies identified in our review have the potential to impact civil liberties and individual privacy. ..... The Agency agreed with all of the OIG’s recommendations and has taken action sufficient to close four of them. The OIG determined that the actions the Agency plans to take meet the intent of the remaining recommendations.

 

 

NSA Statement on NSA Inspector General Special Study

Release No: PA-001-19 Dec. 12, 2019

In this case, the IG identified an error rate involving substantially less than one-tenth of 1% of items that should have been deleted. NSA treats this seriously and has implemented steps to further reduce the possibility of errors, consistent with the OIG report.