Intelligence Community Efforts to Protect Privacy Leave More to Be Desired, Critics Say
Protecting U.S. national security at the cost of privacy and civil liberties through signals intelligence (SIGINT) is being examined, and in some cases reformed, said a signals intelligence reform 2015 anniversary report released by the Director of National Intelligence Tuesday. “While the collection of SIGINT is necessary to protect national security ... it carries multiple risks to our relationships with other nations; our commercial, economic, and financial interests; the credibility of our commitment to an open, interoperable, and secure global internet; and the protection of intelligence sources and methods,” the DNI report said. Last week, the Privacy and Civil Liberties Oversight Board said (see 1501300049) the U.S. "intelligence community" (IC) hadn't implemented all 22 recommendations PCLOB issued in 2014 that addressed concerns related to U.S. Patriot Act Section 215 and Foreign Intelligence Surveillance Act Section 702.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
The DNI said it and the attorney general agree that, based on the data retention practices communications providers currently use, the government can end its bulk phone metadata program. But the U.S. “must collect some information in bulk in certain circumstances in order to locate new and emerging threats vital to the national security,” the report said. It said President Barack Obama can order the cessation of bulk phone metadata collection.
PCLOB welcomes IC efforts to provide more transparency for government surveillance, said Executive Director Sharon Bradford Franklin. The most significant aspect of the IC report for PCLOB is that the government has now fully implemented a Section 702 recommendation from the board to create declassified versions of the data minimization procedures for the FBI, CIA and NSA, Franklin said. The IC said it's “working to address the majority” of the 12 recommendations PCLOB issued related to Section 215 and has “agreed to address all” recommendations related to Section 702. Franklin said addressing all recommendations is much different from implementing them.
“As we continue to face threats from terrorism, proliferation, and cyber-attacks, we must use our intelligence capabilities in a way that optimally protects our national security and supports our foreign policy while keeping the public trust and respecting privacy and civil liberties,” said Lisa Monaco, who advises Obama on homeland security, in a written statement. Future implementations of these and other reforms will be shared in an annual report at Obama’s direction, she said. “While the accountability and transparency measures announced today are steps in the right direction, Congress must act” on pending bills like his USA Freedom Act, said Senate Judiciary Committee Ranking Member Patrick Leahy, D-Vt.
The release of additional information about the NSA’s surveillance activities and information on how the IC would put protections in place to preserve privacy and civil liberties is welcomed, but the “proposed reforms do no more than tinker around the edges,” said American Civil Liberties Union Legislative Counsel Neema Guliani. “The government continues to stand by a number of its troubling mass surveillance policies, despite mounting evidence that many of these programs are ineffective." That "underscores the need for action by Congress and the courts to fully reform the NSA,” said Guliani. Berin Szoka, president of TechFreedom, agreed. "The Administration can put out as many self-congratulatory reports as it wants, but they shouldn’t be taken seriously," he emailed. "The American people deserve more than vague assurances that intelligence agencies will continue to 'carefully examine' their activities."
Presidential Policy Directive-28 (PPD-28), introduced by Obama Jan. 17, 2014, “takes into account not only the security needs of our nation and allies, but also the privacy of people around the world,” the report said. Under Section 4, each IC element must update procedures, and create new ones, to ensure personal information collected through SIGINT was safeguarded to protect privacy and civil liberties. "As required by PPD-28, all Intelligence Community elements have reviewed and updated their existing policies and procedures, or have issued new policies or procedures, to provide safeguards for personal information collected through SIGINT, regardless of nationality and consistent with national security, our technical capabilities, and operational needs,” DNI's report said.
To strengthen privacy and civil liberties, the IC will now delete information collected on non-U.S. persons through SIGINT after five years, so long as the information has been determined to be irrelevant, the report said. It said information collected on a non-U.S. person can no longer be shared among intelligence agencies solely because an individual is not a U.S. citizen, and intelligence officers will attend mandatory training programs to “ensure intelligence officers know and understand their responsibility to protect the personal information of all people, regardless of nationality.” Per the DNI's request, the National Academies of Science examined whether a software-based alternative could be created as an alternative to bulk data collection. “There is no software-based alternative that will provide a complete substitute for bulk collection in the detection of some national security threats,” the report said.
The bulk collection phone program “does not permit the government to obtain or listen to the content of anyone’s telephone calls,” the report said. “Nor is the government allowed to sift indiscriminately through the telephony metadata obtained under this program.” Information collected is destroyed after five years and is used only for counterterrorism purposes, said the DNI. The IC decided to enhance privacy protections for bulk collection, said the report. It said, except in emergency circumstances, “reasonable, articulable suspicion findings” must be approved in advance by the Foreign Intelligence Surveillance Court in addition to the Department of Justice. Queries also are reduced to two hops from three hops, the report said. National security letters, which are similar to subpoenas, are often used to obtain information such as phone records and subscriber information, said the DNI. It said companies that receive a national security letter are now allowed to publicize that they received a letter within a fixed amount of time, unless the government can prove a need for further secrecy.
The IC encouraged Congress to “quickly take up and pass" the USA Freedom Act. DNI said the bill "would allow the government to end bulk collection of telephony metadata records under Section 215, while ensuring that the government has access to the information it needs to meet its national security requirements.”
"There is much, much more work to be done," said Sen. Ron Wyden, D-Ore, who urged Obama to end the phone bulk collection program. "This dragnet collection does not make our country safer, it violates the privacy of millions of Americans and the President can end it right now," said Wyden in a written statement. "The NSA, CIA and FBI should be directed to halt warrantless searches for Americans' emails and other communications. These agencies can get the information that they need quickly using regular warrants or emergency authorizations."