(Updated: September 17, 2017)
Below is a glossary of terms related to the NSA and the recent releases of (de)classified documents about the collection of foreign signals intelligence.
This listing is under construction!
Analysis - A process in the production step of the intelligence cycle in which intelligence information is subjected to systematic examination in order to identify significant facts and derive conclusions.
Archived data - Data stored in NSA's analytical repositories, not including those involved in the processing and other steps that occur in order to make incoming collection useful for analysis or analysts (however, the FISA court intended "archived data" to mean all metadata held at NSA, including those in processing).*
Atomic SIGINT Data Format (ASDF) - The metadata that gets generated for almost every internet communication session that is collected through NSA's passive SIGINT systems.*
Bulk collection - The collection of large quantities of signals intelligence data which, due to technical or operational considerations, is acquired without the use of discriminants like specific identifiers, selection terms, etc.
Case notation - All intercepted signals get a case notation which identifies the network being intercepted. An Iraqi army message would be denoted as IQM, intercepted French diplomatic messages as FRD.* FBI FISA data are designated SQF and NSA FISA data as SQC.
Close Access collection - The targeting, collection, and/or processing of unintentional emanations from information proecessing equipment. Also: a program to develop special unique sensors and systems to collect uninitetional emanationd and/or signals from information processing equipment to exploit TEMPEST vulnarabilities.
Codeword - A word used with a classification to indicate that the material was derived through a sensitive source or method, constitutes a particular type of sensitive compartmented information, or is accorded a limited distribution
Code word - The two-word form is used to designate the operations, plans, or activities of military, diplomatic, intelligence, or other organizations
Collect - In SIGINT, when used generically, to search, acquire, monitor, and record electromagnetic emissions. Contrast with intercept. Note: Collection implies the keeping and using of the material collected. Intercept, on the other hand, is not limited until and unless it becomes collection.
Collection - Acquisition of information or intelligence information, and the processing of the information into a form more suitable for the production of intelligence.
Computer Network Attack (CNA) - Efforts to manipulate, disrupt, deny, damage or destroy information resident in computers and computer networks, or the computers and networks themselves. *
Computer Network Defense (CND) - Efforts to defend against the Computer Network Operations of others, especially directed against US and allied computers and networks. *
Computer Network Exploitation (CNE) - Efforts to collect intelligence and enable operations to gather data from target or adversary automated information systems (AIS) or networks.*
Computer Network Operations (CNO) - Term that comprises Computer Network Exploitation (CNE), Computer Network Attack (CNA) and Computer Network Defense (CND) collectively.
Consolidated Intelligence Center - Located in Wiesbaden, Germany. Was created as part of the consolidation of the US military presence in Europa. It supports the US European Command, the US Africa Command and the US Army Europe.*
Contact Chaining - A process by which computer algorithms automatically identify the telephone numbers or e-mail addresses that a particular number or e-mail address has been in contact with, or has attempted to contact. The algorithms not only identify the first contacts made by the seed number or address, but also the further contacts made by the first tier, and so on.*
Corporate Partner Access - Access to communication systems through cooperation with corporate partners like commercial telecommunication companies and internet service providers.
Correlated selectors - A communications address, or selector, is considered correlated with other communications addresses when each additional address is shown to identify the same communicant(s) as the original address.*
Cover name - A word or number used to conceal the identity of a person, place, or thing. The term is a two-word form
Cover term - The word that NSA uses for the codename of a program
CRITICOMM - Communications system developed by NSA to ensure critical information would be delivered to the President within 10 minutes upon recognition. Messages sent on the system are called CRITICs.*
Cryptologic Center - Regional centers of the NSA with delegated SIGINT authority. Known centers are Georgia (Augusta), Texas (San Antonio), Hawaii (Honolulu), Colorado (Denver), Europe (Griesheim, Germany) and a Remote Operations Cryptologic Center for Afghanistan. Originally established in 1995 as Regional SIGINT Operations Center (RSOC)
Cryptology - The art and science of making codes/ciphers and breaking them. Cryptology breaks out into two disciplines: Cryptography (making or using codes/ciphers) and Cryptanalysis (breaking codes/ciphers).
Cuts - Extracts of conversations collected by NSA
Deep Dive - A type of XKEYSCORE collection which enables sessionisation at data rates of 10 gigabit a second.*
Development - Finding new things, like new targets (Target Development) and new collection methods (SIGINT Development).
Dictionary computers - These are holding full lists of general and specific intelligence targets and operate the filter systems. They also hold the names of organisations who should receive such information when it is detected.
Direction Finding (DF) - The process of determining the azimuth of an emitter by the use of a direction finder.
Dissemination - The provision of information in suitable form to intelligence customers outside the SIGINT community, for example sending (serialized) reports to so-called consumers like policy makers in the White House.
Distributed Database - (1) A database that is not stored in a central location but is dispersed over a network of interconnected computers. (2) A database under the overall control of a central database management system but whose storage devices are not all attached to the same processor. (3) A database that is physically located in two or more distinct locations.
Distributed Processing - A design in which all data is not processed in one processor. Multiple processors in the master station or in the remote stations, or both, share the functions.
Distributed System - A computer system in which several interconnected computers share the computing tasks assigned to the system.
Emphatic Access Restriction (EAR) - A technical safeguard which is the equivalent of a firewall that prevents any automated process or subroutine from accessing Business Record (BR) FISA data.
European Technical Center (ETC) - Located in Wiesbaden/Mainz-Kastel in Germany. It's responsible for the maintenance of NSA's technical equipment. BND can also get technical assistance here for the systems they got from US manufacturers.*
Events - Another word which NSA and GCHQ use for metadata.*
Exploitation - The process of obtaining intelligence information from any source and taking advantage of it for intelligence purposes
FAA Authority - Collection under a certification that has been approved by the FISA Court. Allows collecting data inside the US about non-US persons who are reasonably believed to be outside the US.
Federated query - A query using the same term or terms in multiple NSA databases.
First Party - Each national SIGINT organisation of the UKUSA-Agreement refers to itself and its own material as "First Party". The four others are the Second Parties.*
FISA Authority - Collection based upon an order of the FISA Court. FISA includes all NSA FISA (to include Business Records (BR), Large Content & FAA) and FBI FISA (to include Pen Register Trap Trace (PR/TT)).
Foreign Intelligence - Information relating to the capabilities, intentions, or activities of foreign governments or elements thereof, foreign organizations, foreign persons, or international terrorists.
Fourth Party Collection - SIGINT collection, especially through Computer Network Exploitation (CNE), by countries that aren't part of the Five Eyes which is intercepted and used by NSA by hackinhg into this foreign country's collection systems *
Front End Processing - Processing of raw data which is conducted at the actual intercept facilities and therefore is platform-specific (e.g., surface, subsurface, air, ground-mobile).
High Side - Classified and protected NSA computer systems, as opposed to Low-side
Identification of a US person - 1.) the name, unique title, or address of a United States person; or 2.) other personal identifiers of a US person when appearing in the context of activities conducted by that person or activities conducted by others that are related to that person. A reference to a product by brand name, or manufacturer’s name or the use of a name in a descriptive sense, e.g. "Monroe Doctrine" is not an identification of a United States person.*
Indent lookup - Querying a selector (in a metadata database system) to determine the approval status of a selector. In such cases, Emphatic Access Restriction (EAR, a tool implemented in 2009) controls will prevent chaining of a selector that is not marked as approved for querying, and return an error message to the analyst.*
Inadvertent collection - When someone is deliberately targeted for surveillance, but afterwards it's learned that the target is a US citizen, resident or foreigner on US territory at the time of collection.
Incidental collection - When communications of a US citizen are collected while targeting a foreigner or a US person who is believed to be involved in terrorism.
Information Assurance - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
Information Operations (IO) - Actions taken to affect adversary information and information systems while defending one's own information and information systems. I0 is an integrating strategy.*
Intelligence - The collection, processing, integration, analysis, evaluation and interpretation of information.*
Intentional collection - Only allowed when the target is a foreign entity or a US person when there's a valid foreign intelligence reason.
Intercept - In SIGINT, to acquire electromagnetic emissions intended for others without obtaining the consent of the originator or the intended addressees. Contrast with collect. Intercept is not limited until and unless it becomes collection. Collection, on the other hand, implies the keeping and using of the material collected.
Interdiction - Covert redirection of packets with computers devices to an NSA workshop to implant spying devices.
Internet metadata - These include the information appearing on the "to", "from", "cc" and "bcc" lines of a standard e-mail or other electronic communication. Also includes information about the IP address of the computer of the sender, and of routers and servers on the internet that handled the communication during transmission. When a user logs into a web-based e-mail service, the metadata include the exchange of an IP and e-mail address, and for certain web-based e-mail accounts also the inbox metadata that are transmitted to the user are included. Internet metadata does not include information from the "subject" line or from the body of an e-mail. *
Internet transaction - A complement of packets traversing the internet, that together may be understood by devices used on the internet, and which can be rendered into an intelligible form to the user of such devices (for example an e-mail message or a text document).
Intrusive Access - Refers to Computer Network Exploitation (CNE) operations involving remote manipulation, hardware/software modifications, or sensing of environment changes in a computer device or system, and for occasionally the facilities that house the systems.*
I-Series - Traditional NSA reports, which are retained in a limited access sensitive reporting data repository. Copies of the I-Series reports are also kept in another database, which allows them to be searched with special software tools. In addition, the I-Series reports are stored on the Extended Shared Enterprise Corporate Server (ESECS). Access to these reports in ESECS is also restricted.*
Key Generator - A cipher machine that generates keys from the interatcion of two or more components.
Listening Post (LP) - Physical location which is close to a target facility and serves as a collection point for the signals of interest.
Low-Grade - Pertaining to a cryptosystem which offers only slight resistance to cryptanalysis; for example: playfair ciphers, single transposition, unenciphered one-part codes.
Low Side - Unclassified public computer systems, as opposed to High-side.
Medium-Grade - Pertaining to a cryptosystem which offers considerable resistance to cryptanalysis; for example: strip ciphers, double transposition, unenciphered two-part codes.
Metadata - The dialing, routing, addressing, or signaling information associated with a communication, which excludes any content, such as information about the substance, purport or meaning of the communication. Also called events. The two principal subsets are telephony metadata and electronic communications or internet metadata.*
Military Communications-Electronics Board (MCEB) - A decision-making body chaired by the Chairman of the Joint Chiefs of Staff, and composed of the Command, Control, Communications, and Computers (C4) heads of the Military Services, the DIA, the NSA, and DISA. This body deals with issues of interoperability and standardization between the Department of Defense and Five Eyes allies.
Minimization - A procedure to prevent that information about US persons is collected and viewed by the foreign intelligence agencies NSA and CIA.
Mission - A specific task assigned to an individual, unit or organization, e.g., the tasks assigned to an intercept station.
Monitor - In SIGINT, to observe or listen to, or for, an electromagnetic emission.
Multiplex - To combine more than one channel of information into one signal for transmission.
NSA/CSS Representative (NCR) - A title that was used for the senior representative of NSA at a variety of places, like military commands, other US government agencies and US embassies in support of 3rd Party agreements. For the latter, the senior representative is now called Special US Liaison Advisor, the others kept their old title.
NSA/CSS Representative Europe Office (NCEUR) - NSA's official European liaison office in Stuttgart
NSA Toolkit - A software application to train analytical functions.
NSA Way - Internal NSA process improvement program, since 2008.*
Off-Net Operations - Refers to covert or clandestine activities of personnel carried out in support of Computer Network Exploitation (CNE) activities.*
OPC/DPC Pairs - Originating and destination points that typically transfer traffic from one provider’s internal network to another’s *
Overhead collection - Collection of data by using flying platforms like spy satellites, spy aircraft and spy drones.
Palantir Government - A sophisticated integrated analytics platform, which provides a very rich Swing-based Graphic User Interface (GUI). The (proprietary) tool has been developed closely with US intelligence community users.*
Physical subversion - Subverts with physical access to a device or host facility. Other terms sometimes used to connote physical subversion are: Close Access enabling, exploitation, or operations; Off-net enabling, exploitation, or operations; Supply-chain enabling, exploitation, or operations; or hardware implant enabling, exploitation, or operations.*
Planning and Direction - Determination of intelligence requirements, preparation of a collection plan, issuance of orders and requests to information collection entities, and a continuous check on the productivity of collection entities.
Processing - Conversion of collected information and/or intelligence into a form more suitable for the production of intelligence.
Product - An intelligence report disseminated to users by an intelligence agency. In SIGINT terminology, the intelligence information derived from analysis of SIGINT materials and published as a report or translation for dissemination to users.
Production - Conversion of information or intelligence information into finished intelligence through the integration, analysis, evaluation, and/or interpretation of all available data and the preparation of intelligence products in support of known or anticipated customer requirements.
Query - Any instance where data is searched using a specific term or terms for the purpose of discovering or retrieving unminimized content or metadata. A query term or identifier is just like a search term that is used in an Internet search engine — the term could be, for example, an e-mail address, a telephone number, a key word or phrase, or a specific identifier that an agency has assigned to an acquired communication.*
Radio Signal Notation (RASIN) - A notation assigned permanently and jointly by the Director of NSA and Second Party headquarters to a signal after basic signal characteristics have been verified by NSA/CSS or Second Party signals analysts.
Raw SIGINT - Any SIGINT and associated data that has not been evaluated for foreign intelligence purposes and/or minimized.*
Raw Traffic - Intercepted traffic showing no evidence of processing for COMINT purposes beyond sorting by clear address elements, elimination of unwanted messages, and the inclusion of a case number or an arbitrary traffic designator.
Realms - A label assigned by the intelligence community. A realm appears to be a continually updated list of everything the NSA can gather about how a specific corporation routes communications on the Internet, and any known device on these networks.*
Reconnaissance - A mission undertaken to obtain, by visual observation or other detection methods, information about the activities and resources of an enemy or potential enemy; or to secure data concerning the meteorological, hydrographic or geographic characteristics of a particular area controlled by or of potential use by an adversary.*
Records - Call detail records or telephony metadata records, unknown what these comprise
Remote subversion - Subverts without physical access to a device or host facility: obtains unauthorized permission. Other terms sometimes used to connote remote subversion are: Computer Network Exploitation; Endpoint access, exploitation, or operations; On-net access, exploitation, or operations; Software implant access, exploitation, or operations; or accessing or exploiting data at rest.*
Reverse collection - Getting to the communications of a US person by targeting a foreign entity that communicates with this US person on a regularly basis. This is generally not allowed.
Search - Search is the process which finds and assigns meaningful names to energy events in the RF spectrum. This can range from a very general type of search (e.g., any RF signals that are detected) to very tightly defined searches (e.g., a certain ELINT emitter). There are three modes of search – manual, interactive, and automatic; and two search techniques – general and directed –within each mode.
Second Party - SIGINT material originated by one of the other four countries from the UKUSA-Agreement is called Second Party. SIGINT from any other source is called Third Party.*
Selection - As applied to manual and electronic processing activities, means the intentional insertion of a name, cable address, telex number or answer back, address, telephone number, email address, or other alphanumeric device or identifier into a computer scan dictionary or manual scan guide for the purpose of identifying messages or information of interest and isolating them for further processing.*
Selection term - The composite of individual terms used to effect or defeat selection of particular communications or information. It comprises the entire term or series of terms so used, but not any segregable term contained therein. It applies to both electronic and manual processing. Also called Selector.*
Selector - A telephone number or an electronic communications identifier like an e-mail or an IP address. Can also be divided in Soft and Strong Selectors. See also: Selection term.
Sensor - A technical device designed to detect and respond to one or more particular stimuli and which may record or transmit a resultant impulse for interpretation or measurement; often called a technical sensor. “Special sensor” is an unclassified term used, as a matter of convenience, to refer to a highly classified or controlled technical sensor.
Serialized report - The primary means by which NSA provides foreign intelligence information to intelligence users, most of whom are not part of the SIGINT community. A report can be in electrical, hard-copy, video, or digital form. Serialized reports are identified by a year, a production agency, a channel, and a serial number. Other reports are called Informal reports.
A serialized report is formatted and produced persuant to USSID CR1400 and has a reference serial number, contains foreign intelligence information derived from SIGINT, and goes to approved users of intelligence.*
Service Cryptologic Component (SCC) - Term used to designate, separately or collectively, elements of the Army, Navy, Marine Corps, Air Force, and Coast Guard assigned to the CSS by the Secretary of Defense for the conduct of cryptologic operations funded by NSA/CSS. The Commanders of the SCCs represent the interests of their Military Service cryptologic force.
Service Cryptologic Element (SCE) - Components of the three US military services whose SIGINT activities are subordinate to DIRNSA/CHCSS. The SCEs are the US Army Intelligence and Security Command, the Naval Security Group, and the Air Force Air Intelligence Agency.
Session - A data interchange between two computers, such as being logged on into an internet service or e-mail is being transferred
Shaping - Redirecting a target's network traffic so it passes sensors of the passive collection system in order to be collected and processed (active-passive integration).
Signals Intelligence (SIGINT) - Intelligence information comprising, either individually or in combination, all Communications Intelligence (COMINT), Electronics Intelligence (ELINT), and Foreign Instrumentation Signals Intelligence (FISINT), however transmitted.
Soft Selector - Search terms (like keywords) not being strong selectors (like telephone numbers or e-mail addresses).
Special Signals - ? ("supersecret" *)
Special US Liaison Advisor (SUSLA) - Representative of NSA in major Third Party countries. The title is followed by the name of the country, so for example the NSA representative in Germany is the Special US Liaison Advisor, Germany (SUSLAG). Before 2006 these officials were called NSA/CSS Representative (NCR), a title that was used for the senior representative of NSA at a variety of places, like military commands, other US government agencies and US embassies in support of 3rd Party agreements. For the latter, the senior representative is now called Special US Liaison Advisor, the others kept their old title.
Strong Selector - A specific identifier like a name, an e-mail or an IP address, a phone number, an IMEI, IMSI, IMN, RHIN or FHIN number, an NSA Case Notation,* and internet ID, a cookie, a mail token, an AppProcIP or an AppProcMac *
Supply Chain Operation - Interdiction activities that focus on modifying equipment in a targets supply chain.*
Surveillance - The systematic observation of aerospace, surface, or subsurface areas, places, persons, or things by visual, electronic, photographic, or other means.*
Survey Site - Surveys are short-term collection efforts to determine the volume and types of signals can be intercepted at the site. If the site turns out to be productive, a permanent collection site may subsequently be established.
System Title - Cryptographic system titles are short identification labels used to create a logical reference mechanism for all cryptographic systems and which identifies the users. Cryptographic system titles are assigned on the basis of cryptography, target country, and entity.
Tangible things - Another word for business records or metadata, which NSA and FBI collect from US telecommunication providers.
Target Development - The process by which an analyst can extend his/her knowlegde of a known target by observing elements of metadata that relate to that target.*
Target Discovery - The process whereby an analyst can discover targets by observing metadata as it relates to behaviors characteristic of his/her target set, regardless of whether or not the newly discovered selectors are related to known targets.*
Targeting - Instructions about what data should be collected by the various collection platforms.
Technical Extracts of Signals (TEXSIG) - A unique designator assigned to a new signal by a SIGINT field element (USSS or Second Party) or to a signal under analysis or cryptoanalytic development by the headquarters of NSA/CSS and Second Parties (jointly assigned).
Telephony metadata - These include the telephone number of the calling party, the number of the called party, as well as the date, time and duration of the call.* Later, also the IMEI and IMSI numbers were included.
Third Party - SIGINT material from other nations and sources outside the UKUSA alliance. However, a number of non English-speaking countries have made security agreements for the exchange of raw data and end product reports. These arrangements are supplementary to the UKUSA arrangements and integrate, to a greater or lesser degree, the third parties into the UKUSA network.*
Tippers - Reports based on metadata analysis, like finding new suspects through contact chaining
Traffic Analysis - The cryptologic discipline that develops information from communications about the composition and operation of communications structures and the organizations they serve. The process involves the study of traffic and related materials and the reconstruction of communications plans to produce signals intelligence.
Transaction - Any set of data that travels across the internet together such that it may be understood by a device on the internet. Such an internet transaction can contain multiple communications, referred to as a Multi-Communication Transaction (MCT), or just a single one, referred to as a Single Communication Transaction (SCT).*
Transit Authority - Collection of foreign intelligence from communications which originate and terminate in foreign countries, but transit the territory of the United States. Collection of these communications are authorized under Executive Order 12333.
Upstream - Interception of communications as they transit through (fiber-optic) backbone cables and other related infrastructures of internet and telephony networks.
United States Cryptologic System (USCS) - The USCS is the aggregate of NSA’s dual missions of SIGINT and INFOSEC. The term USCS is not interchangeable with the term USSS.
United States SIGINT System (USSS) - The United States SIGINT System consists of the SIGINT missions of NSA/CSS, the Service Cryptologic Elements, those elements of the CIA that perform SIGINT activities, and other U.S. Government entities authorized by the Secretary of Defense to conduct SIGINT activities. This term has been superseded by USCS.
Unminimized SIGINT - SIGINT that has not been reviewed to delete or mask US person information not meeting the standards for permanent retention and dissemination under the Classified Annex to Department of Defense Procedures Under E.O. 12333, these Procedures, or other procedures approved by the Attorney General.*
US Person - (1) A US citizen; (2) An alien known by the intelligence community to be a permanent resident alien; (3) An unincorporated association substantially composed of US citizens or permanent resident aliens; (4) A corporation incorporated in the United States, except for a corporation directed and controlled by a foreign government or governments. A corporation or corporate subsidiary incorporated abroad, even if partially or wholly owned by a corporation incorporated in the United States, is not a US person. Both American citizens and foreigners located in the United States.*
Links and Sources
- The 1999 Maritime SIGINT Architecture Technical Standards Handbook (pdf)