Surveillance

DNI Report on Signals Intelligence Reform

By Wells Bennett
Tuesday, February 3, 2015, 10:29 AM

Today's document details the implementation of reforms that the President announced a little more than a year ago.  For background on the directive, Lisa Monaco's statement from the White House is here. The report opens as follows:

                                            OVERVIEW

Over the course of the past eighteen months, the United States has undertaken a comprehensive
effort to examine and enhance the privacy and civil liberty protections we embed in our signals
intelligence (SIGINT) collection activities.

As part of this process, we have sought — and benefited from — a broad cross section of views,
ideas, and recommendations from oversight bodies, advocacy organizations, private companies,
and the general public. This effort has resulted in strengthened privacy and civil liberty
protections; new limits on signals intelligence collection and use; and increased transparency.
On January 17, 2014, President Obama signed Presidential Policy Directive-28,
Signals Intelligence Activities (PPD-28) and delivered an address at the Department of Justice on
the steps we are taking to reform certain intelligence activities. As we mark the one-year
anniversary of these events, it is a good time to report on the status of a range of ongoing
reform efforts.
As this report shows, the Intelligence Community has made significant progress implementing
many reforms. However, our work is not done. To that end, the Office of the Director of National
Intelligence will issue another public report in 2016 about the Intelligence Community’s on-going
progress to implement these reforms.

A simultaneously issued "Fact Sheet" regarding implementation says a bit more about the executive branch's efforts of the past year:

                                         FACTSHEET

Over the past eighteen months, the United States has undertaken a comprehensive effort to
examine and enhance the privacy and civil liberty protections embedded in our signals
intelligence (SIGINT) collection activities.

As part of this process, we have sought — and benefited from — a broad
cross section of views, ideas, and recommendations from oversight bodies, advocacy
organizations, private companies, and the general public. This effort has resulted
in strengthened privacy and civil liberty protections, new limits on the collection
and use of signals intelligence, and increased transparency.
On January 17, 2014, President Obama signed Presidential Policy
Directive-28, Signals Intelligence Activities (PPD-28) and delivered an
address at the Department of Justice on the steps we are taking to reform certain
signals intelligence activities.
To mark the one-year anniversary of these events, we have prepared an
online report to update the public on our reform efforts, including the implementation
of PPD-28 and other actions taken based upon recommendations from several independent
review groups. This report is posted on IC on the Record.

PRESIDENTIAL POLICY DIRECTIVE-28
Signals Intelligence Activities

  • PPD-28 states, “our signals intelligence activities must take into
    account that all persons should be treated with dignity and respect, regardless
    of their nationality or wherever they might reside.” This commitment reiterates
    long-standing SIGINT collection principles; limits Intelligence Community elements’
    ability to use signals intelligence collected in bulk to six specific purposes;
    requires an annual Cabinet-level review of SIGINT priorities and requirements in
    light of potential risks to national security interests and relationships abroad;
    and requires each Intelligence Community element to update or issue new policies
    and procedures that implement safeguards for all personal information collected
    through SIGINT, regardless of nationality, consistent with technical
    capabilities and operational needs.
  • All Intelligence Community elements have completed new policies
    or revisions to existing policies to implement the requirements of PPD-28.
    You can read each agency’s policies on IC on the Record.
    The protections in these policies and procedures include new limits on the
    retention and dissemination of personal information for persons of all
    nationalities, as well as additional oversight, training, and compliance
    requirements.
  • In addition, the Intelligence Community, in partnership with
    the National Security Council, has elevated the process by which SIGINT
    requirements and priorities are identified, so that the heads of the relevant
    departments and agencies can better evaluate SIGINT collection in light of its
    potential risks to national interests and our law enforcement, intelligence,
    and diplomatic relationships abroad. The process of reviewing signals intelligence
    collection covered almost seven dozen countries and organizations and resulted
    in restrictions on the current signals intelligence collection posture.

SECTION 215
Bulk Telephony Metadata Program

  • In his remarks on January 17, 2014, the President ordered a transition
    that would end Section 215 bulk metadata program as it currently exists.
  • To begin this transition, the Intelligence Community in February 2014
    began operating the telephony metadata collection program under new constraints
    directed by the President to provide enhanced privacy protections, including
    seeking advance approval from the Foreign Intelligence Surveillance Court for
    each query term (except in an emergency) and limiting the results of queries to
    two “hops” (or steps removed from a phone number associated with a terrorist
    organization) instead of three, limiting the number of potential results from
    each query.
  • Then, based on recommendations from the Department of Justice and
    the Intelligence Community, the President proposed that the government end the
    bulk collection of telephony metadata records under Section 215 of USA PATRIOT Act,
    while ensuring that the government has access to the information it needs to meet
    its national security requirements. The Administration supported the USA FREEDOM Act
    as a means of enacting this proposal, and we continue to call on Congress to reform
    Section 215 in a manner consistent with the President’s proposal.
  • In addition to the reforms announced in the President’s January 17 address,
    the Privacy and Civil Liberties Oversight Board (PCLOB) conducted a comprehensive review
    of the Intelligence Community’s activities under Section 215 and made 12 recommendations.
    The Intelligence Community is working to address the majority of these
    recommendations.

OTHER INITIATIVES
Related to the Bulk Collection of Signals Intelligence

  • As noted above, PPD-28 imposes limitations on the use of SIGINT collected
    in bulk.
  • Moreover, over the past several months, a committee of independent experts
    from top technology firms and academia assessed the technical feasibility of creating
    software-based alternatives as substitutes for bulk collection. The committee just
    released its report, which concluded that there is no software-based alternative which
    will provide a complete substitute for bulk collection in the detection of some national
    security threats, but the report suggested other steps to reduce risks to privacy and
    civil liberties, as well as to improve oversight of bulk collection activities. We are
    currently reviewing how to address these important findings.

SECTION 702
Of the Foreign Intelligence Surveillance Act

  • Section 702 allows the government to acquire foreign intelligence information
    concerning non-U.S. persons reasonably believed to be located outside the United States.
    As announced by the President in his January 17 address, we will provide additional privacy
    protections for U.S. persons whose communications are incidentally collected under Section
    702. This new executive branch policy limits the ability to retain, query, and use in criminal
    cases this type of information.
  • In addition, in 2014, the PCLOB conducted an in-depth review of the Intelligence
    Community’s activities under Section 702. The PCLOB found them to be lawful and important
    to national security, and offered ten recommendations to enhance privacy and civil
    liberties protections for both U.S. and non-U.S. persons. The Intelligence Community
    has agreed to make changes to address all of these recommendations.
    The Intelligence Community has agreed to address all of these recommendations.

ENHANCING TRANSPARENCY

  • We have declassified and publicly released an unprecedented amount of
    information about current programs, much of which relates to the government’s use of
    FISA authorities. We have published the first IC Annual Transparency Report,
    disclosing statistics on the government’s use of National Security Letters and FISA authorities.
  • We have also declassified certain aggregate FISA data so that communications
    providers can disclose to the public additional information about how they respond to
    requests they receive from the government.In addition, providers can now also make public
    additional information about the number of National Security Letters they receive.
  • We recently issued the Principles of Intelligence Transparency, which we will
    implement this coming year to further enhance transparency while protecting intelligence
    sources and methods.

OTHER KEY MEASURES

  • National Security Letters. The FBI will amend its use of National
    Security Letters to ensure that the non-disclosure requirement placed on recipients will
    terminate within a fixed time period, absent a demonstrated need for further secrecy.
  • Judicial Redress for Citizens of Certain Countries. In furtherance
    of its commitment to protecting privacy in the law enforcement context, the Administration
    is working with Members of Congress on legislation to give citizens of designated countries
    the right to seek judicial redress for intentional or willful disclosures of protected
    information, and for refusal to grant access or to rectify any errors in that information.
  • Whistleblower Protections. As we have strengthened the security
    of our systems, we have also reaffirmed the process by which Intelligence Community
    personnel can report suspected violations of law or other ethical and legal concerns
    without fear of retaliation. Within each agency there are multiple officials designated
    to receive ethical, legal, or other concerns from intelligence employees. In addition,
    intelligence personnel may leverage the Inspector General for the Intelligence Community,
    the Civil Liberties and Privacy Officer in the Office of the Director of National Intelligence,
    or, consistent with the Intelligence Community Whistleblower Protection Act, speak to
    Members of Congress.

MOVING FORWARD

As we continue to implement these and other reforms, we will also
carefully review progress to identify any additional protections that might be needed.
In particular, we expect to focus on:
  • Privacy Protections: Over the next year, Intelligence Community
    elements will continue to implement the requirements their PPD-28 policies and procedures.
    In addition, the Intelligence Community will continue to work to update agency guidelines
    under Executive Order 12333 to protect the privacy and civil liberties of U.S. persons.
  • Section 215 of the USA PATRIOT Act Capability: We will continue
    to work with Congress to enact legislation preserving essential capabilities of the bulk
    telephony metadata collection program without the need for the government to hold the data
    in bulk before Section 215 of the USA PATRIOT Act sunsets in June 2015.
  • Transparency: We have established a senior working group to continue
    to identify ways the Intelligence Community can increase transparency without harming
    national security. Expect to hear more from us on this effort.
  • Annual Reports: In January of 2016 we will provide our next annual
    report on our progress implementing SIGINT reforms.