The IT Law Wiki


1038520-600px national security agency.svg large.png

The National Security Agency was created in 1952 as an agency of DoD by secret Executive Order. For decades its existence was not made public, and the only extensive public description of its operations were provided in the book, The Puzzle Palace,[1] which the agency tried to prevent from being published.

The NSA operates under the U.S. Code's Title 50, which governs intelligence activities, and in a combat support role under Title 10, which governs military activities. It is intricately entwined (and currently shares a dual-hatted leader) with U.S. Cyber Command, which operates under Title 10. While this arrangement increases efficiency by preventing duplication between the two organizations, it poses difficult challenges for effective oversight.

The NSA collects signals and communications intelligence on foreign targets of concern to the United States. The NSA collects an immense amount of traffic, and one of its key daily tasks is to reduce millions of intercepts down to a few thousand for analysts to review. Computers do this filtering using specialized software. Linguists and analysts with area or subject expertise then review the much smaller set of filtered intercepts to determine their importance. At the end of this daily process, a small number of intercepts is found to be useful.

The NSA is responsible for developing and prescribing cryptographic standards and principles that are technically secure and sound; development and executive management of DOD cryptographic hardware and software systems; and providing specialized support to the President, SecDef, and operating forces (e.g., national intelligence support teams and other special capabilities).

The NSA prepares processed reports, some of which are available in the routine traffic circulated among agencies. Other, more sensitive reports are closely held and handled in special dissemination channels. On rare occasions, the NSA will also provide raw traffic (for example, translated text of actual intercepts) to senior policymakers. Intelligence analysts at other agencies rely on input from the NSA in developing their own analyses, and the NSA can be tasked by agencies to collect intelligence on specific problems or to search databases. The NSA has finite collection and analytical resources, so high-priority assignments can bump long-term or less-important collection projects. Signals and communications intercepts provide very valuable intelligence, but sophisticated targets like Al Qaeda use a variety of techniques to evade interception.

NSA material is usually highly classified, not only because of the sensitivity of the material, but also because of the sensitivity of the collection techniques. Currently, signals and communications intelligence is one of the most important sources of information that the Department of Homeland Security (DHS) uses to issue alerts, but the actual intelligence upon which the alert is based is not shared with local authorities.


National Security Decision Directive 145 (NSDD 145), the Computer Security Act of 1987, and the mid-1990 revision of NSDD 145 (resulting in NSD 42) have progressively restricted NSA to an emphasis on defense systems, leaving civilian (notably civil government) system security concerns to NIST. Partly as a result of the changing policy context, NSA has moved to diminish its interaction with commercial organizations, most notably by scaling back the NCSC.


  1. James Bamford, The Puzzle Palace (1983).


See also[]