New America
Open Technology Institute

Section 702 Compliance Violations: Glossary

Collection Violations:

  • Tasking Violation: Improperly targeting a person or account for surveillance under Section 702.
  • Reverse Targeting Violation: Targeting a non-U.S. person abroad in order to acquire the communications of a U.S. person.
  • Post-Tasking Review Violation: Failure to conduct reviews after targeting a person or account for surveillance to ensure U.S. persons or persons located in the U.S. hadn’t been inadvertently targeted.
  • Detasking Violation: Failing to stop surveillance of particular targets or accounts when it was no longer authorized or needed.
  • Overcollection Violation: Collection of data beyond of that which was authorized to be collected.

Communications Access and Retention Violations:

  • Unauthorized Access Violation: When a person who is not authorized to do so accesses data collected under Section 702, including unminimized data.
  • Attorney-Client Privilege Violation: Failing to establish required review teams to ensure agents involved in prosecutions did not get access to a defendant’s privileged communications, or failing to properly mark communications that are protected by attorney-client privilege.
  • Query Violation: Conducting a search through data collected pursuant to Section 702 that did not meet requirements in minimization procedures.
  • Dissemination Violation: Improperly circulating Section 702-acquired information.
  • Data Retention Violation: Failing to delete data that were subject to a purge requirement because they were improperly collected or because they had exceeded the limit on how much time those data were permitted to be retained.

Other Minimization and Unknown Violations:

  • Documentation Violation: Failing to provide sufficient documentation to support targeting decisions.
  • Notification Violation: Failing to provide required notifications to the relevant entity in the timeframe specified by NSA targeting procedures.
  • General Minimization Violation: Violations of minimization procedures where specific details of the nature of the violation are unspecified. These violations could have pertained to requirements such as those for querying, reporting, and data retention.
  • Unknown Violation: Violations where information was either redacted such that the nature, scope, and remedy for the violation could not be discerned, or that were categorized as “Other” without additional details.