Last week, on September 6, the US Justice Department released a declassified version of a 2004 memorandum about the STELLARWIND program.
The memorandum (pdf) is about the legality of STELLARWIND, which was a program under which NSA was authorized to collect content and metadata without the warrants that were needed previously.
Here we will not discuss the STELLARWIND program itself, but take a close look at the STELLARWIND classification marking, which causes some confusion. Also we learn about the existance of mysterious compartments that point to some highly sensitive but yet undisclosed interception programs.
> See also: The US Classification System
The first thing we see is that two portions of the classification marking have been blacked out:
1. The redacted space beween two double slashes
This is very strange, because according to the official classification manuals, there cannot be something between two double slashes in that position (see the chart below). The classification level (in this case: Top Secret) has to be followed by the Sensitive Compartmented Information (SCI) control system (here: COMINT).
But as the US classification system is very complex, there are often minor mistakes in such classification lines. If we assume there was a mistake made here too, then the first term that has been blacked out could be another SCI compartment, which had to be followed by just a single slash (for example HCS for HUMINT Control System would fit the redacted space, although that marking itself isn't classified).
If there was no mistake, however, and the double slash is actually correct, then it would be a complete new category which isn't in the (public) classification manuals. This reminds of the UMBRA marking, which also appeared unexpectedly between double slashes in a classification line.
Overview of the categories and formatting for the US classification and control markings
From the Intelligence Community Classification Manual 6.0 from December 2013
(click to enlarge)
2. The redacted space directly after STELLARWIND
The second redaction starts right after the last letter of "STELLARWIND", thereby carefully hiding the category of the redacted marking, which is determined by how it is separated from the previous term. This could be by a slash, a double slash, a hyphen or a space, each indicating a different level.
In this case, the most likely option is that "STELLARWIND" is followed by a hyphen, which indicates the next term is another compartment under the COMINT control system, equal to STELLARWIND.
Classification manuals say there are undisclosed COMINT compartments which have identifiers consisting of three alphabetical characters. This would fit the redacted space as it would read like: "COMINT-STELLARWIND-ABC".
This undisclosed compartment probably also figured in some other declassified documents, where it sometimes seems to be accompanied by a sub-compartment which is identified by three numeric characters, like for example in this and this declaration where the marking could read like "COMINT-ABC 678":
Looking at what was redacted in portions of both documents which were marked with this mysterious compartment, it seems that it's about at least two highly sensitive intelligence sources and methods. For example, pages 31-32 of this declaration suggest that this might be obtaining metadata from specific telecom companies and search them for members or agents of particular target groups.
Classified declaration of Director of National Intelligence John Negroponte, 2006
TSP = Terrorist Surveillance Program; HCS = HUMINT Control System
Note that TSP and HCS are also between double slashes
(click to open the full document in pdf)
Markings with the mysterious undisclosed COMINT compartments weren't found on any of the Snowden-documents, but only on those that were declassified by the government, which indicates that Snowden had no access to information protected by these particular compartments.
The STELLARWIND marking itself
So far, we looked at the two parts of the classification marking that were blacked out. But now we also have to look at the STELLARWIND marking itself, which wasn't redacted, but still causes confusion.
The classification marking of the 2004 memorandum of the Justice Department says "COMINT-STELLAR WIND" and according to the official formatting rules, this means that STELLARWIND is part of the COMINT control system.
Note that the same memorandum had already been declassified upon a FOIA request by the ACLU in 2011, but in that version (pdf) the codeword STELLARWIND was still blacked out from the whole document. Both documents are compared here.
As COMINT is a control system for communications intercepts or Signals Intelligence, this seems to make sense. But what is confusing, is that the internal NSA classification guide (pdf) for the STELLARWIND program from 2009, which was disclosed by Edward Snowden, says something different.
Initially this guide calls STELLARWIND a "special compartment", but from the marking rules it becomes clear that it is treated as an SCI control system. Accordingly, the prescribed abbreviated marking reads: "TOP SECRET // STLW / SI // ORCON / NOFORN". In this way we can see STELLARWIND in the classification line of the following document:
STELLARWIND is also being treated as a control system in the 2009 draft report about this program written by the NSA Inspector General, although there the classification line is also somewhat sloppy: there are double slashes between STLW and COMINT (should just be a single one), and only a single one between COMINT and ORCON (where there should have been double slashes):
Classification marking of the 2009 report about
STELLARWIND by the NSA Inspector General
(click to read the full document)
Throughout this document, the portion markings are also not always consistent. Most of them are "TS//SI//STLW//NF", but one or two times "TS//SI-STLW//NF". But as this report is a draft, it's possible that these things have been corrected in the final version, which hasn't been disclosed or declassified yet.
The 2009 Inspector General report about STELLERWIND was one of the first documents from the Snowden-leaks to be published, and it still is one of the most informative and detailed pieces about the development of NSA's interception efforts since 9/11.
In the end, it doesn't make much difference whether STELLARWIND is a control system on its own, or a sub-system of COMINT, but it is remarkable that for such an important program, the people involved apparently also weren't clear about it's exact status and how to put it in the right place of a classification line.