On October 28, 2014, ODNI General Counsel Robert Litt appeared on the Steptoe & Johnson Cyberlaw Podcast, discussing the USA Freedom Act and Presidential Policy Directive-28.
Mr. Litt’s interview begins at 28:34 of the podcast.
On October 28, 2014, ODNI General Counsel Robert Litt appeared on the Steptoe & Johnson Cyberlaw Podcast, discussing the USA Freedom Act and Presidential Policy Directive-28.
Mr. Litt’s interview begins at 28:34 of the podcast.
Interim Progress Report on Implementing PPD-28
October 17, 2014
By Robert Litt and Alexander W. Joel
As the President said in his speech on January 17, 2014, “the challenges posed by threats like terrorism, proliferation, and cyber-attacks are not going away any time soon, and for our intelligence community to be effective over the long haul, we must maintain the trust of the American people, and people around the world.”
As a part of that effort, the President made clear that the United States is committed to protecting the personal information of all people regardless of nationality. This commitment is reflected in the directions the President gave to the Intelligence Community on that same day, when he issued Presidential Policy Directive/PPD-28, Signals Intelligence Activities.
New Standards for Safeguarding Privacy
PPD-28 reinforces current practices, establishes new principles, and strengthens oversight, to ensure that in conducting signals intelligence activities, the United States takes into account not only the security needs of our nation and our allies, but also the privacy of people around the world.
The Intelligence Community already conducts signals intelligence activities in a carefully controlled manner, pursuant to the law and subject to layers of oversight, focusing on important foreign intelligence and national security priorities. But as the President recognized, “[o]ur efforts will only be effective if ordinary citizens in other countries have confidence that the United States respects their privacy too.”
To that end, the Intelligence Community has been working hard to implement PPD-28 within the framework of existing processes, resources, and capabilities, while ensuring that mission needs continue to be met.
In particular, PPD-28 directs intelligence agencies to review and update their policies and processes - and establish new ones as appropriate - to safeguard personal information collected through signals intelligence, regardless of nationality and consistent with our technical capabilities and operational needs.
Released Today - The PPD-28 Interim Report
As we work to meet the January 2015 deadline, PPD-28 called on the Director of National Intelligence to prepare an interim report on the status of our efforts and to evaluate, in coordination with the Department of Justice and the rest of the Intelligence Community, additional retention and dissemination safeguards.
The DNI’s interim report is now being made available to the public in line with our pledge to share as much information about sensitive intelligence activities as is possible, consistent with our national security.
The report is the product of many months of work within the Intelligence Community and with our partners in the other parts of the United States Government, and it draws on conversations agencies have held with outside stakeholders.
Key Privacy Principles for the Intelligence Community
We encourage you to read the whole report released today. It articulates key principles for agencies to incorporate in their policies and procedures, including some which afford protections that go beyond those explicitly outlined in PPD-28. These principles include the following:
In the coming months, we will continue to work to complete this review. Taken together, these principles make meaningful progress towards the President’s goal of ensuring that ordinary citizens in other countries have confidence that the United States respects their privacy, too.
Robert Litt is the General Counsel for the Office of the Director of National Intelligence.
Alexander W. Joel is the Civil Liberties Protection Officer for the Office of the Director of National Intelligence.
Joint Statement from the Office of the Director of National Intelligence and the U.S. Department of Justice on the Declassification of Renewal of Collection Under Section 501 of the Foreign Intelligence Surveillance Act
September 12, 2014
Earlier this year in a speech at the Department of Justice, President Obama announced a transition that would end the Section 215 bulk telephony metadata program as it previously existed, and that the government would establish a mechanism that preserves the capabilities we need without the government holding this bulk data. As a first step in that transition, the President directed the Attorney General to work with the Foreign Intelligence Surveillance Court (FISC) to ensure that, absent a true emergency, the telephony metadata can only be queried after a judicial finding that there is a reasonable, articulable suspicion that the selection term is associated with an approved international terrorist organization. The President also directed that the query results must be limited to metadata within two hops of the selection term instead of three.
These two changes were put into effect in February 2014. In addition to directing those immediate changes to the program, the President also directed the Intelligence Community and the Attorney General to develop options for a new approach to match the capabilities and fill gaps that the Section 215 program was designed to address without the government holding this metadata. After carefully considering the available options, the President announced in March that the best path forward is that the government should not collect or hold this data in bulk, and that it remain at the telephone companies with a legal mechanism in place which would allow the government to obtain data pursuant to individual orders from the FISC approving the use of specific numbers for such queries. The President also noted that legislation would be required to implement this option and called on Congress to enact this important change to the Foreign Intelligence Surveillance Act (FISA).
Consistent with the President’s March proposal, in May, the House of Representatives passed H.R. 3361, the USA FREEDOM Act. Among other things, the legislation would create a new mechanism for the government to obtain telephony metadata pursuant to individual orders from the FISC, rather than in bulk. In July, a bipartisan group of senators introduced S. 2685, an updated version of the USA FREEDOM Act, building on the legislation passed in the House. This bill would ban bulk collection under Section 215 of the USA PATRIOT Act, and certain other authorities. The Department of Justice and the Director of National Intelligence support this legislation and believe that it reflects a reasonable compromise that preserves essential Intelligence Community capabilities, enhances privacy and civil liberties, and increases transparency.
Given that legislation has not yet been enacted, and given the importance of maintaining the capabilities of the Section 215 telephony metadata program, the government has sought a 90-day reauthorization of the existing program, as modified by the changes the President announced in January. Consistent with prior declassification decisions, in light of the significant and continuing public interest in the telephony metadata collection program, DNI Clapper declassified the fact that the government filed an application with the FISC to reauthorize the existing program for 90 days, and that today the FISC issued an order approving the government’s application. The order issued today expires on December 5, 2014. The Administration is undertaking a declassification review of this most recent court order, and when complete, the ODNI will post the documents to its website and icontherecord.tumblr.com.
Statement by the Office of the Director of National Intelligence and the U.S. Department of Justice on the Declassification of Documents Related to the Protect America Act Litigation
September 11, 2014
On January 15, 2009, the U.S. Foreign Intelligence Surveillance Court of Review (FISC-R) published an unclassified version of its opinion in In Re: Directives Pursuant to Section 105B of the Foreign Intelligence Surveillance Act, 551 F.3d 1004 (Foreign Intel. Surv. Ct. Rev. 2008). The classified version of the opinion was issued on August 22, 2008, following a challenge by Yahoo! Inc. (Yahoo!) to directives issued under the Protect America Act of 2007 (PAA). Today, following a renewed declassification review, the Executive Branch is publicly releasing various documents from this litigation, including legal briefs and additional sections of the 2008 FISC-R opinion, with appropriate redactions to protect national security information. These documents are available at the website of the Office of the Director of National Intelligence (ODNI), and ODNI’s public website dedicated to fostering greater public visibility into the intelligence activities of the U.S. Government, icontherecord.tumblr.com. A summary of the underlying litigation follows.
FISC Proceedings
In Re: Directives Pursuant to Section 105B of the Foreign Intelligence Surveillance Act involved a challenge by Yahoo! to directives issued by the Director of National Intelligence (DNI) and the Attorney General under the PAA. The PAA was the predecessor to the Foreign Intelligence Surveillance Act (FISA) Amendments Act of 2008 (FISA Amendments Act of 2008 or FAA). The directives issued to Yahoo! under the PAA required it to assist the U.S. Government in acquiring foreign intelligence information through the surveillance of targets reasonably believed to be located outside the United States. Yahoo! refused to comply with the directives, and the U.S. Government initiated proceedings in the FISC to compel compliance.
Yahoo! opposed the U.S. Government’s motion to compel compliance with the directives primarily on the ground that the directives violated the Fourth Amendment rights of its customers. On April 25, 2008, following extensive briefing by the parties, the FISC held that the directives were lawful and ordered Yahoo! to comply.
Yahoo! then appealed to the FISC-R.
FISC-R Proceedings
On August 22, 2008, following briefings and oral argument, the FISC-R issued a classified opinion, affirming the FISC’s decision that the directives were lawful. In its decision, the FISC-R first held that Yahoo! had standing to challenge the directives based on the Fourth Amendment interests of its customers that Yahoo! was alleging. Turning to the merits of the case, the FISC-R rejected Yahoo!’s Fourth Amendment challenge to the directives.
No rehearing or further review in the U.S. Supreme Court was sought.
The FISA Amendments Act
The PAA expired in February 2008 and was ultimately replaced with the FISA Amendments Act of 2008, codified as Title VII of FISA. The FISA Amendments Act incorporates many of the provisions and procedures that the FISC-R found important to its holding that the U.S. Government’s surveillance was constitutional. The FISA Amendments Act also builds in additional safeguards that did not exist in the PAA. For example:
The FISA Amendments Act, by requiring those and other safeguards, is even more protective of the Fourth Amendment rights of U.S. persons than the statute upheld by the FISC-R as constitutional.
Newly Declassified Documents Regarding the Now-Discontinued NSA Bulk Electronic Communications Metadata Pursuant to Section 402 of the Foreign Intelligence Surveillance Act
August 22, 2014
Following a declassification review by the Executive Branch, the Department of Justice released on August 6, 2014, in redacted form, 38 documents relating to the now-discontinued NSA program to collect bulk electronic communications metadata pursuant to Section 402 of the FISA (“PRTT provision”). View the August 6, 2014 Document Release.
Additional Documents
On August 21, 2014, the following two additional documents were released in relation to this same declassification review:
The Truth About Executive Order 12333
By ALEXANDER W. JOEL
August 18, 2014
Politico Magazine
Alexander W. Joel is the civil liberties protection officer for the Office of the Director of National Intelligence and reports directly to Director of National Intelligence James R. Clapper.
In the Aug. 14 issue of the New York Times, reporter Charles Savage describes whistleblower actions taken by former State Department employee John Napier Tye. Tye, who was the section chief for Internet freedom in the State Department’s Bureau of Democracy, Human Rights, and Labor before stepping down in April, questioned whether the rules governing certain overseas intelligence surveillance activities adequately protect information that intelligence agencies “incidentally collect” about Americans while targeting the communications of foreign nationals overseas. In a Washington Post op-ed on July 18, Tye pointed out that such intelligence collection may be regulated not by the Foreign Intelligence Surveillance Act (FISA), but by Executive Order 12333. That order, updated in 2008 by President George W. Bush, helps govern the activities of the intelligence community.
Under EO 12333, intelligence agencies may collect, retain, and disseminate information about Americans “only in accordance with procedures … approved by the Attorney General … after consultation with the Director [of National Intelligence].” Tye noted that he is not familiar with the details of these procedures, but nonetheless said that Americans should be troubled by “the collection and storage of their communications” under the executive order.
As the civil liberties protection officer for the director of national intelligence (DNI), I work with intelligence agencies on these procedures, and would like to describe how they safeguard privacy and civil liberties.
But first I want to commend Tye for raising his concerns through the processes established for that purpose. Using those processes, he has been able to review his concerns with intelligence oversight bodies as well as with the public, all while continuing to protect classified information.
At the outset, remember that FISA, with very limited exceptions, requires the government to seek an individualized court order before it can intentionally target a United States person anywhere in the world to collect the content of his or her communications. The FISA court must be satisfied, based on a probable cause standard, that the United States person target is an agent of a foreign power, or, as appropriate, an officer or employee of a foreign power.
But even when the government targets foreign nationals overseas in response to valid foreign intelligence requirements, it will inevitably collect some communications about Americans. As the Privacy and Civil Liberties Oversight Board noted in its examination of Section 702 of FISA, “[t]he collection of communications to and from a target inevitably returns communications in which non-targets are on the other end, some of whom will be U.S. persons.” Indeed, when Congress first enacted FISA in 1978, it required the government to follow what are called “minimization procedures.” These procedures, which must be approved by the FISA court, restrict what the government can do with collected information about U.S. persons (such as for how long that information may be retained, and under what circumstances it may be shared).
Similarly, EO 12333 requires procedures to minimize how an agency collects, retains or disseminates U.S. person information. These procedures must be approved by the attorney general, providing an important additional check. The National Security Agency’s procedures are reflected in documents such as United States Signals Intelligence Directive SP0018 (USSID 18), issued in 1993 and updated in 2011. These procedures generally provide that communications may not be retained for more than five years. In addition, NSA personnel may not use U.S. person “selection terms” (such as names, phone numbers or email addresses) to retrieve communications from its collection under EO 12333 without a finding by the attorney general that the U.S. person is an agent of a foreign power (or in other similarly narrow circumstances). And even if the NSA determines that information about an American constitutes foreign intelligence, it routinely uses a generic label like “U.S. Person 1” in intelligence reporting to safeguard the person’s identity. The underlying identity may be provided only in a very limited set of circumstances, such as if it’s necessary to understand the particular foreign intelligence being conveyed.
Oversight is extensive and multi-layered. Executive branch oversight is provided internally at the NSA and by both the Department of Defense and the Office of the DNI by agency inspectors general, general counsels, compliance officers and privacy officers (including my office and the NSA’s new Civil Liberties and Privacy Office). The Department of Justice also provides oversight, as do the Privacy and Civil Liberties Oversight Board and the president’s Intelligence Oversight Board. In addition, Congress has the power to oversee, authorize and fund these activities.
Many of these protections apply expressly to information about U.S. persons. This is to be expected, in light of our legal framework and the need to ensure that foreign intelligence agencies protect national security without interfering with our democratic processes and our values. But intelligence agencies pursue their missions in a manner that provides important safeguards for all personal information. Indeed, the NSA’s extensive internal compliance system enforces key protections regardless of nationality, as shown by the letter recently issued by the NSA inspector general. That letter reported on the small number of cases over the past decade in which government employees had intentionally violated prohibitions on searching signals intelligence information; in several cases, employees were held accountable for improperly searching for information about foreign nationals.
Tye stated that none of President Obama’s recent reforms affect 12333 collection. In fact, the president recently issued Presidential Policy Directive 28 (PPD-28), which covers EO 12333 signals intelligence (SIGINT) collection. It requires that SIGINT activities be as tailored as feasible, limits the use of SIGINT information collected in bulk and directs intelligence agencies to safeguard personal information collected through SIGINT, regardless of nationality.
EO 12333 plays an important role in America’s intelligence oversight framework, so that, in the words of the order, agencies execute their missions “in a vigorous, innovative, and responsible manner that is consistent with the Constitution and applicable law and respectful of the principles upon which the United States was founded.”
I hope the facts above help inform the public discussion on EO 12333.
This OpEd was originally published in Politico Magazine, August 18, 2014.
Newly Declassified Documents Regarding the Now-Discontinued NSA Bulk Electronic Communications Metadata Pursuant to Section 402 of the Foreign Intelligence Surveillance Act
August 11, 2014
Following a declassification review by the Executive Branch, the Department of Justice released on August 6, 2014, in redacted form, 38 documents relating to the now-discontinued NSA program to collect bulk electronic communications metadata pursuant to Section 402 of the FISA (“PRTT provision”). These documents are also responsive to a Freedom of Information Act request by the Electronic Privacy Information Center. The Intelligence Community previously released information about this program to the public on November 18, 2013.
Under the program NSA was permitted to collect certain electronic communications metadata such as the “to,” “from,” and “cc” lines of an email and the email’s time and date. This collection was done only after the Foreign Intelligence Surveillance Court approved the government’s applications, and pursuant to court order generally lasting 90 days. NSA was not permitted to collect the content of any electronic communications. Like NSA’s bulk telephony metadata program under FISA section 501, this program was subject to several restrictions approved by the FISC, such as:
The information released on August 6, 2014, together with documents previously released, demonstrates the extent to which the IC sought and received FISC approval to collect electronic communications metadata under the PRTT provision, the oversight regime of internal checks over the program, and that Congress was kept fully apprised of the status of NSA’s electronic metadata collection. The documents released include several associated with government applications and FISC orders authorizing the collection of metadata under the PRTT program. Other documents included in this release include the report of an end-to-end review of the PRTT program undertaken by the Executive Branch, DOJ’s letter to the FISC seeking clarification on the FISC’s authorization to collect metadata, and correspondence from the NSA Inspector General.
After the 2009 discovery of certain compliance issues associated with NSA’s electronic communications and telephony bulk metadata collection programs, the Government took measures to strengthen compliance and oversight. More information on NSA’s enhanced compliance mechanisms can be found in the November 18, 2013, release.
As previously stated, this Internet communications metadata bulk collection program has been discontinued. The Intelligence Community regularly assesses the continuing operational value of all of its collection programs. In 2011, the Director of NSA called for an examination of this program to assess its continuing value as a unique source of foreign intelligence information. This examination revealed that the program was no longer meeting NSA’s operational expectations. Accordingly, after careful deliberation, the Government discontinued the program, and the metadata collected pursuant to this program has been purged.
In addition, the DOJ also released four documents that do not directly relate to bulk collection under the PRTT provision but are responsive to EPIC’s FOIA request. Like the documents relating to the bulk collection, these documents demonstrate the FISC’s judicial oversight of PRTT collection under the FISA.
Office of the Director of National Intelligence Public Affairs Office
FISC Opinion and Order
FISC Primary Order
FISC Primary Order
FISC Order and Supplemental Order
FISC Supplemental Order
FISC Primary Order
FISC Memorandum Opinion Granting in Part and Denying in Part Application to Reinitiate, in Expanded Form, Pen Register/Trap and Trace Authorization
Declaration of NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate, the National Security Agency
Government’s Response to the FISC’s Supplemental Order
Declaration of NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate, the National Security Agency
Supplemental Declaration of Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate, the National Security Agency
Government’s Response to the FISC’s Supplemental Order Requesting a Corrective Declaration
Government’s Response to a FISC Order
Declaration of Lieutenant General Keith B. Alexander, U.S. Army, Director, NSA, Concerning NSA’s Compliance with a FISC Order
Preliminary Notice of Potential Compliance Incident
Notice of Filing
Government’s Application for Use of Pen Register/Trap and Trace Devices for Foreign Intelligence Purposes
Memorandum of Law and Fact in Support of Application for Pen Registers and Trap and Trace Devices for Foreign Intelligence Purposes
Declaration of General Keith B. Alexander, U.S. Army, Director, NSA, in Support of Pen Register/Trap and Trace Application
Exhibit D in Support of Pen Register/Trap and Trace Application
First Letter in Response to FISC Questions Concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices
Second Letter in Response to FISC Questions concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices
Third Letter in Response to FISC Questions Concerning NSA Bulk Metadata Collection Using Pen Register/Trap and Trace Devices
Application for Pen Register/Trap and Trace Devices for Foreign Intelligence Purposes
Memorandum of Law and Fact in Support of Application for Pen Registers and Trap and Trace Devices for Foreign Intelligence Purposes
Declaration of General Michael V. Hayden, U.S Air Force, Director, NSA, in Support of Pen Register/Trap and Trace Application
Application for Use of Pen Register/Trap and Trace Devices for Foreign Intelligence Purposes
Declaration of NSA Chief, Special FISA Oversight and Processing, Oversight and Compliance, Signals Intelligence Directorate
Declaration Lieutenant General Keith B. Alexander, U.S. Army, Director, NSA, Concerning NSA’s Implementation of Authority to Collect Certain Metadata
NSA’s Pen Register Trap and Trace FISA Review Report
DOJ Report to the FISC NSA’s Program to Collect Metadata
Government’s First Letter to Judge Bates to Confirm Understanding of Issues Relating to the FISC’s Authorization to Collect Metadata
Government’s Second Letter to Judge Bates to Confirm Understanding of Issues Relating to the FISC’s Authorization to Collect Metadata
Tab 1 Declaration of NSA Chief, Special Oversight and Processing, Oversight and Compliance, Signals Intelligence
Verified Memorandum of Law in Response to FISC Supplemental Order
Memorandum of Law in Response to FISC Order
Additional Declassification — Added August 22, 2014:
Declaration of George J. Tenet, Director of Central Intelligence, in Support of Pen Register/Trap and Trace Application
Report Regarding FBI Databases
Government’s Motion to Unseal FISC Documents in Order to Brief Congressional Intelligence and Judiciary Committees
Order Granting the Government’s Motion to Unseal FISC Documents in Order to Brief Congressional Intelligence and Judiciary Committees
April 27, 2005 Testimony of the Attorney General and Director, FBI Before the Senate Select Committee on Intelligence
NSA IG Memo Announcing its Audit of NSA’s Controls to Comply with the FISA Court’s Order Regarding Pen Register/Trap and Trace Devices
NSA IG Memo Suspending its Audit of NSA after the NSA’s PRTT Metadata Program Expired
ODNI General Counsel Robert Litt and NSA General Counsel Rajesh De Participate in an Aspen Security Forum Panel Discussion on Liberty and Security
Streamed live on Jul 24, 2014
Panel description, via the Aspen Security Forum:
We are still in the post-9/11 era, but we are also in the post-Edward Snowden era. Citizens’ expectation that the government will protect them from security threats is unchanged, but they are much less willing now than they were in the immediate aftermath of the terror attacks to grant the government virtual carte blanche to do what it thinks is necessary to respond to these threats. What is the “right” balance between security and liberty?
Panelists included:
MODERATOR: Greg Miller, National Security Correspondent, The Washington Post
Newly Released Foreign Intelligence Surveillance Court Primary Orders Related to Collection and Use of Telephony Metadata
July 9, 2014
Following a declassification review by the Executive Branch, the Department of Justice released on July 8, 2014, in redacted form, three primary orders issued by the Foreign Intelligence Surveillance Court in 2009. These orders authorized the National Security Agency’s collection and use of telephony metadata under Section 501 of the Foreign Intelligence Surveillance Act.
FISC Docket Number BR 09-09 (July 7, 2009)
FISC Docket Number BR 09-15 (Nov. 30, 2009)
FISC Docket Number BR 09-19 (Dec. 16, 2009)
Joint Statement by the Office of the Director of National Intelligence and the Department of Justice on Court-ordered Legal Surveillance of U.S. Persons
July 9, 2014
It is entirely false that U.S. intelligence agencies conduct electronic surveillance of political, religious or activist figures solely because they disagree with public policies or criticize the government, or for exercising constitutional rights.
Unlike some other nations, the United States does not monitor anyone’s communications in order to suppress criticism or to put people at a disadvantage based on their ethnicity, race, gender, sexual orientation or religion.
Our intelligence agencies help protect America by collecting communications when they have a legitimate foreign intelligence or counterintelligence purpose.
With limited exceptions (for example, in an emergency), our intelligence agencies must have a court order from the Foreign Intelligence Surveillance Court to target any U.S. citizen or lawful permanent resident for electronic surveillance.
These court orders are issued by an independent federal judge only if probable cause, based on specific facts, are established that the person is an agent of a foreign power, a terrorist, a spy, or someone who takes orders from a foreign power.
No U.S. person can be the subject of surveillance based solely on First Amendment activities, such as staging public rallies, organizing campaigns, writing critical essays, or expressing personal beliefs.
On the other hand, a person who the court finds is an agent of a foreign power under this rigorous standard is not exempted just because of his or her occupation.
The United States is as committed to protecting privacy rights and individual freedom as we are to defending our national security.
Direct access to factual information related to the lawful foreign surveillance activities of the U.S. Intelligence Community.
Created at the direction of the President of the United States and maintained by the Office of the Director of National Intelligence.
Follow @IContheRecord This website is maintained by the Office of the Director of National Intelligence.