Executive Branch Intelligence Surveillance & Privacy

DNI Report on Signals Intelligence Reform

Wells Bennett
Tuesday, February 3, 2015, 10:29 AM
Today's document details the implementation of reforms that the President announced a little more than a year ago.  For background on the directive, Lisa Monaco's statement from the White House is here.

Published by The Lawfare Institute
in Cooperation With
Brookings

Today's document details the implementation of reforms that the President announced a little more than a year ago.  For background on the directive, Lisa Monaco's statement from the White House is here. The report opens as follows:

                                            OVERVIEW

Over the course of the past eighteen months, the United States has undertaken a comprehensive effort to examine and enhance the privacy and civil liberty protections we embed in our signals intelligence (SIGINT) collection activities.
As part of this process, we have sought — and benefited from — a broad cross section of views, ideas, and recommendations from oversight bodies, advocacy organizations, private companies, and the general public. This effort has resulted in strengthened privacy and civil liberty protections; new limits on signals intelligence collection and use; and increased transparency.
On January 17, 2014, President Obama signed Presidential Policy Directive-28, Signals Intelligence Activities (PPD-28) and delivered an address at the Department of Justice on the steps we are taking to reform certain intelligence activities. As we mark the one-year anniversary of these events, it is a good time to report on the status of a range of ongoing reform efforts.
As this report shows, the Intelligence Community has made significant progress implementing many reforms. However, our work is not done. To that end, the Office of the Director of National Intelligence will issue another public report in 2016 about the Intelligence Community’s on-going progress to implement these reforms.
A simultaneously issued "Fact Sheet" regarding implementation says a bit more about the executive branch's efforts of the past year:

                                         FACTSHEET

Over the past eighteen months, the United States has undertaken a comprehensive effort to examine and enhance the privacy and civil liberty protections embedded in our signals intelligence (SIGINT) collection activities.
As part of this process, we have sought — and benefited from — a broad cross section of views, ideas, and recommendations from oversight bodies, advocacy organizations, private companies, and the general public. This effort has resulted in strengthened privacy and civil liberty protections, new limits on the collection and use of signals intelligence, and increased transparency.
On January 17, 2014, President Obama signed Presidential Policy Directive-28, Signals Intelligence Activities (PPD-28) and delivered an address at the Department of Justice on the steps we are taking to reform certain signals intelligence activities.
To mark the one-year anniversary of these events, we have prepared an online report to update the public on our reform efforts, including the implementation of PPD-28 and other actions taken based upon recommendations from several independent review groups. This report is posted on IC on the Record.

PRESIDENTIAL POLICY DIRECTIVE-28 Signals Intelligence Activities

  • PPD-28 states, “our signals intelligence activities must take into account that all persons should be treated with dignity and respect, regardless of their nationality or wherever they might reside.” This commitment reiterates long-standing SIGINT collection principles; limits Intelligence Community elements’ ability to use signals intelligence collected in bulk to six specific purposes; requires an annual Cabinet-level review of SIGINT priorities and requirements in light of potential risks to national security interests and relationships abroad; and requires each Intelligence Community element to update or issue new policies and procedures that implement safeguards for all personal information collected through SIGINT, regardless of nationality, consistent with technical capabilities and operational needs.
  • All Intelligence Community elements have completed new policies or revisions to existing policies to implement the requirements of PPD-28. You can read each agency’s policies on IC on the Record. The protections in these policies and procedures include new limits on the retention and dissemination of personal information for persons of all nationalities, as well as additional oversight, training, and compliance requirements.
  • In addition, the Intelligence Community, in partnership with the National Security Council, has elevated the process by which SIGINT requirements and priorities are identified, so that the heads of the relevant departments and agencies can better evaluate SIGINT collection in light of its potential risks to national interests and our law enforcement, intelligence, and diplomatic relationships abroad. The process of reviewing signals intelligence collection covered almost seven dozen countries and organizations and resulted in restrictions on the current signals intelligence collection posture.

SECTION 215 Bulk Telephony Metadata Program

  • In his remarks on January 17, 2014, the President ordered a transition that would end Section 215 bulk metadata program as it currently exists.
  • To begin this transition, the Intelligence Community in February 2014 began operating the telephony metadata collection program under new constraints directed by the President to provide enhanced privacy protections, including seeking advance approval from the Foreign Intelligence Surveillance Court for each query term (except in an emergency) and limiting the results of queries to two “hops” (or steps removed from a phone number associated with a terrorist organization) instead of three, limiting the number of potential results from each query.
  • Then, based on recommendations from the Department of Justice and the Intelligence Community, the President proposed that the government end the bulk collection of telephony metadata records under Section 215 of USA PATRIOT Act, while ensuring that the government has access to the information it needs to meet its national security requirements. The Administration supported the USA FREEDOM Act as a means of enacting this proposal, and we continue to call on Congress to reform Section 215 in a manner consistent with the President’s proposal.
  • In addition to the reforms announced in the President’s January 17 address, the Privacy and Civil Liberties Oversight Board (PCLOB) conducted a comprehensive review of the Intelligence Community’s activities under Section 215 and made 12 recommendations. The Intelligence Community is working to address the majority of these recommendations.

OTHER INITIATIVES Related to the Bulk Collection of Signals Intelligence

  • As noted above, PPD-28 imposes limitations on the use of SIGINT collected in bulk.
  • Moreover, over the past several months, a committee of independent experts from top technology firms and academia assessed the technical feasibility of creating software-based alternatives as substitutes for bulk collection. The committee just released its report, which concluded that there is no software-based alternative which will provide a complete substitute for bulk collection in the detection of some national security threats, but the report suggested other steps to reduce risks to privacy and civil liberties, as well as to improve oversight of bulk collection activities. We are currently reviewing how to address these important findings.

SECTION 702 Of the Foreign Intelligence Surveillance Act

  • Section 702 allows the government to acquire foreign intelligence information concerning non-U.S. persons reasonably believed to be located outside the United States. As announced by the President in his January 17 address, we will provide additional privacy protections for U.S. persons whose communications are incidentally collected under Section 702. This new executive branch policy limits the ability to retain, query, and use in criminal cases this type of information.
  • In addition, in 2014, the PCLOB conducted an in-depth review of the Intelligence Community’s activities under Section 702. The PCLOB found them to be lawful and important to national security, and offered ten recommendations to enhance privacy and civil liberties protections for both U.S. and non-U.S. persons. The Intelligence Community has agreed to make changes to address all of these recommendations. The Intelligence Community has agreed to address all of these recommendations.

ENHANCING TRANSPARENCY

  • We have declassified and publicly released an unprecedented amount of information about current programs, much of which relates to the government’s use of FISA authorities. We have published the first IC Annual Transparency Report, disclosing statistics on the government’s use of National Security Letters and FISA authorities.
  • We have also declassified certain aggregate FISA data so that communications providers can disclose to the public additional information about how they respond to requests they receive from the government.In addition, providers can now also make public additional information about the number of National Security Letters they receive.
  • We recently issued the Principles of Intelligence Transparency, which we will implement this coming year to further enhance transparency while protecting intelligence sources and methods.

OTHER KEY MEASURES

  • National Security Letters. The FBI will amend its use of National Security Letters to ensure that the non-disclosure requirement placed on recipients will terminate within a fixed time period, absent a demonstrated need for further secrecy.
  • Judicial Redress for Citizens of Certain Countries. In furtherance of its commitment to protecting privacy in the law enforcement context, the Administration is working with Members of Congress on legislation to give citizens of designated countries the right to seek judicial redress for intentional or willful disclosures of protected information, and for refusal to grant access or to rectify any errors in that information.
  • Whistleblower Protections. As we have strengthened the security of our systems, we have also reaffirmed the process by which Intelligence Community personnel can report suspected violations of law or other ethical and legal concerns without fear of retaliation. Within each agency there are multiple officials designated to receive ethical, legal, or other concerns from intelligence employees. In addition, intelligence personnel may leverage the Inspector General for the Intelligence Community, the Civil Liberties and Privacy Officer in the Office of the Director of National Intelligence, or, consistent with the Intelligence Community Whistleblower Protection Act, speak to Members of Congress.

MOVING FORWARD

As we continue to implement these and other reforms, we will also carefully review progress to identify any additional protections that might be needed. In particular, we expect to focus on:
  • Privacy Protections: Over the next year, Intelligence Community elements will continue to implement the requirements their PPD-28 policies and procedures. In addition, the Intelligence Community will continue to work to update agency guidelines under Executive Order 12333 to protect the privacy and civil liberties of U.S. persons.
  • Section 215 of the USA PATRIOT Act Capability: We will continue to work with Congress to enact legislation preserving essential capabilities of the bulk telephony metadata collection program without the need for the government to hold the data in bulk before Section 215 of the USA PATRIOT Act sunsets in June 2015.
  • Transparency: We have established a senior working group to continue to identify ways the Intelligence Community can increase transparency without harming national security. Expect to hear more from us on this effort.
  • Annual Reports: In January of 2016 we will provide our next annual report on our progress implementing SIGINT reforms.

Wells C. Bennett was Managing Editor of Lawfare and a Fellow in National Security Law at the Brookings Institution. Before coming to Brookings, he was an Associate at Arnold & Porter LLP.

Subscribe to Lawfare