3 February 2015
White House New Data Spying Policy
Statement by Assistant to the President for Homeland Security and
Counterterrorism Lisa Monaco: Update on Implementation of Signals Intelligence
Reform and Issuance of PPD-28
February 3, 2015
On January 17, 2014, President Obama directed a series of signals intelligence
reforms designed to reassure every American that our nations intelligence
activities are carried out with appropriate oversight and respect for civil
liberties and privacy. That same day, he also signed Presidential Policy
Directive 28, Signals Intelligence Activities (PPD-28), which reaffirms
long-standing collection principles, sets certain limitations on the use
of signals intelligence collected in bulk, refines the process for collecting
signals intelligence including an annual Cabinet-level review of
prioritization and an evaluation of risks and benefits and establishes
safeguards for personal information collected through signals intelligence.
At the Presidents direction, future implementation of these reforms
will be the subject of an annual report.
For the past year, the Administration has been working to implement the
Presidents guidance. Today, the Director of National Intelligence is
releasing a report that highlights substantial progress and reflects an ongoing
commitment to greater transparency. This report details, among other things,
the Intelligence Communitys progress in implementing PPD-28, reforms
regarding the collection of bulk telephony metadata records under Section
215 of the USA PATRIOT Act, the collection of intelligence under Section
702 of the Foreign Intelligence Surveillance Act, and the use of national
In the coming days, a report will be released highlighting the progress the
Administration has made in implementing the initiatives discussed in the
May 2014 Big Data Report prepared by a working group led by Counselor to
the President John Podesta. Beyond the initiatives discussed in these reports,
the Administration has also been implementing recommendations made by the
Presidents Review Group on Intelligence and Communications Technologies.
These reports and the progress made to date will be discussed in upcoming
meetings with the Privacy and Civil Liberties Oversight Board, the Review
Group on Intelligence and Communications Technologies, and others.
As the President indicated in PPD-28, our signals intelligence activities
must take into account that all persons have legitimate privacy interests
in the handling of their personal information. At the same time, we must
ensure that our Intelligence Community has the resources and authorities
necessary for the United States to advance its national security and foreign
policy interests and to protect its citizens and the citizens of its allies
and partners from harm. As we continue to face threats from terrorism,
proliferation, and cyber-attacks, we must use our intelligence capabilities
in a way that optimally protects our national security and supports our foreign
policy while keeping the public trust and respecting privacy and civil liberties.
SIGNALS INTELLIGENCE REFORM
SEEKING INDEPENDENT ADVICE
PRIVACY & CIVIL LIBERTIES
LIMITING SIGINT COLLECTION
Over the course of the past eighteen months, the United States has undertaken
a comprehensive effort to examine and enhance the privacy and civil liberty
protections we embed in our signals intelligence (SIGINT) collection activities.
As part of this process, we have sought and benefited from
a broad cross section of views, ideas, and recommendations from oversight
bodies, advocacy organizations, private companies, and the general public.
This effort has resulted in strengthened privacy and civil liberty protections;
new limits on signals intelligence collection and use; and increased
On January 17, 2014, President Obama signed Presidential Policy Directive-28,
Signals Intelligence Activities (PPD-28) and delivered an address at the
Department of Justice on the steps we are taking to reform certain intelligence
activities. As we mark the one-year anniversary of these events, it is a
good time to report on the status of a range of ongoing reform efforts.
As this report shows, the Intelligence Community has made significant progress
implementing many reforms. However, our work is not done. To that end, the
Office of the Director of National Intelligence will issue another public
report in 2016 about the Intelligence Communitys on-going progress
to implement these reforms.
SEEKING INDEPENDENT ADVICE
There has been robust discussion, both here and abroad, about how the
Intelligence Community protects privacy and civil liberties and how it can
continue to ensure strong privacy protections while continuing to protect
the nation and its partners as technology continues to advance.
This discussion has included outreach to, among others, Congress, the Privacy
and Civil Liberties Oversight Board, civil liberties and privacy advocates,
the private sector, foreign partners, and the general public. It has benefited
from several in-depth studies and reviews, resulting in publicly available
reports and recommendations.
The Intelligence Community provided the review groups with unprecedented
access to people, classified documents, and other sensitive Intelligence
Community information to support their efforts. In addition, many of these
reviews held open hearings and solicited input from the public. These in-depth
The Presidents Review Group on Intelligence and Communications Technology
conducted a comprehensive review of Intelligence Community activities. Its
December 2013 report, Liberty and Security in a Changing World, is publicly
available and includes 46 recommendations for the creation of sturdy
foundations for the future, safeguarding
liberty and security in a
rapidly changing world. Most of these recommendations have been or
are in the process of being implemented.
The Privacy and Civil Liberties Oversight Board studied and reported on the
use of Section 215 of the PATRIOT Act to obtain bulk telephony metadata.
Its January 2014 report, Report on the Telephone Records Program Conducted
Under Section 215 of the USA PATRIOT ACT and on the Operations of the Foreign
Intelligence Surveillance Court, is publicly available and includes 12
recommendations. The Intelligence Community is working to address the majority
of these recommendations.
The Privacy and Civil Liberties Oversight Board also completed a review of
the use of Section 702 of the Foreign Intelligence Surveillance Act. The
Boards July 2014 report, Report on the Surveillance Program Operated
Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, is
publicly available and includes ten recommendations to strike a better
balance between privacy, civil rights, and national security. The
Intelligence Community has agreed to address all these recommendations.
The Director of National Intelligence requested the National Academies of
Sciences to assess, as directed by the President, the technical feasibility
of creating software-based alternatives that would allow the Intelligence
Community to avoid the need for bulk collection. The January 2015 report,
Bulk Collection of Signals Intelligence: Technical Options, is publicly available
and concludes that there is no software-based alternatives that will provide
a complete substitute for bulk collection in the detection of some national
security threats, but the report suggested other steps to reduce privacy
and civil liberties risk and improve oversight of bulk collection activities.
We are currently reviewing how to address these important findings.
Congress held multiple public hearings both on the scope of our collection
activities under the Foreign Intelligence Surveillance Act and on proposed
legislation to provide further privacy and civil liberty enhancements.
The Intelligence Community values the insights provided by these reviews.
As discussed throughout this report, the Intelligence Community has implemented
many of these recommendations and continues to identify additional opportunities
to go beyond the recommendations in these reports.
In short, the Intelligence Community has, and will continue to, carefully
examine our activities to protect the privacy interest of all persons, regardless
of nationality, while defending the nation and our partners and allies.
PRIVACY & CIVIL LIBERTIES PROTECTIONS
As the President said in his speech on January 17, 2014, the challenges
posed by threats like terrorism and proliferation and cyber-attacks are not
going away any time soon
and for our intelligence community to be
effective over the long haul, we must maintain the trust of the American
people, and people around the world. As a part of that effort, the
President made clear that our signals intelligence activities must
take into account that all persons should be treated with dignity and respect,
regardless of their nationality or wherever they might reside
This commitment is reflected in the direction the President issued that same
day in Section 4 of Presidential Policy Directive-28, Signals Intelligence
Activities (PPD-28), requiring all elements of the Intelligence Community
to establish policy and procedures for safeguarding personal information
collected from signals intelligence (SIGINT) activities. In addition, we
are also seeking to provide new legislative remedies for potential privacy
In addition, in response to the Presidents direction and to the
recommendations from both the Presidents Review Group on Intelligence
and Communications Technology and the Privacy and Civil Liberties Oversight
Board, the Intelligence Community is strengthening privacy protections in
our collection activities under Section 702 of Foreign Intelligence Surveillance
Act and the Section 215 bulk telephony metadata program. Moreover, as directed
by the President, the FBI will amend its non-disclosure policy for National
INTELLIGENCE COMMUNITYS IMPLEMENTATION OF SECTION
4 OF PRESIDENTIAL POLICY DIRECTIVE / PPD-28, SIGNALS INTELLIGENCE
On January 17, 2014, the President issued Presidential Policy Directive-28,
Signals Intelligence Activities (PPD-28), which articulates principles
to guide why, whether, when, and how the United States conducts signals
intelligence activities for authorized foreign intelligence and
In a speech that same day, the President made clear that the United States
is committed to protecting the personal information of all people regardless
of nationality and directed the Intelligence Community to take a number of
steps to strengthen the privacy and civil liberty protections afforded to
PPD-28 reinforces current practices, establishes new principles, and strengthens
oversight, to ensure that in conducting signals intelligence (SIGINT) activities,
the United States takes into account not only the security needs of our nation
and our allies, but also the privacy of people around the world.
Section 4 of PPD-28 calls on each Intelligence Community element to update
existing or issue new policies and procedures to implement principles for
safeguarding all personal information collected through SIGINT, consistent
with technical capabilities and operational needs.
Over the past year, the Intelligence Community has been working to implement
this requirement within the framework of existing processes, resources, and
capabilities, while ensuring that mission needs continue to be met.
In July 2014, the Director of National Intelligence provided the President
an interim report on the status of our efforts that also evaluated, in
coordination with the Department of Justice and the rest of the Intelligence
Community, certain additional retention and dissemination safeguards that
all Intelligence Community elements should follow as they adopt policies
and procedures under PPD-28.
The Director of National Intelligence is pleased to report that, as required
by PPD-28, all Intelligence Community elements have reviewed and updated
their existing policies and procedures, or have issued new policies or
procedures, to provide safeguards for personal information collected through
SIGINT, regardless of nationality and consistent with national security,
our technical capabilities, and operational needs.
Although similar in many respects, agency procedures are not identical. The
differences reflect that not all agencies conduct SIGINT collection and that
agencies have different mission requirements. Links to agency policies and
procedures can be found below.
U.S. Intelligence Community Policies & Procedures to Safeguard Personal
Information Collected Through SIGINT [All following links in Zipped file:
Office of the
Director of National Intelligence
Other IC Elements
in the Department of Defense
What has PPD-28 changed?
The agency policies and procedures implementing Section 4 of PPD-28 include
significant changes that strengthen privacy and civil liberty protections
for all people. It is worthwhile to highlight a few of the most significant
Limits on retention: We have imposed new limitations on the retention of
personal information about non-U.S. persons. Before PPD-28, Intelligence
Community elements had disparate restrictions on how long information about
non-U.S. persons could be retained. PPD-28 changes these retention practices
in significant ways to afford strengthen privacy protections. Now Intelligence
Community elements must delete non-U.S. person information collected through
SIGINT five years after collection unless the information has been determined
to be relevant to, among other things, an authorized foreign intelligence
requirement, or if the Director of National Intelligence determines, after
considering the views of the Office of the Director of National Intelligence
Civil Liberties Protection Officer and agency privacy and civil liberties
officials, that continued retention is in the interest of national security.
This new retention requirement is similar to the requirements applicable
to information about U.S. persons. Thus these new retention rules will more
uniformly limit the retention of any personal information by the Intelligence
Dissemination Restrictions: Intelligence Community elements have always
disseminated intelligence information because it is relevant to foreign
intelligence requirements. All agency policies implementing PPD-28 now explicitly
require that information about a person may not be disseminated solely because
he or she is a non-U.S. person and the Office of the Director of National
Intelligence has issued a revised directive to all Intelligence Community
elements to reflect this requirement. Intelligence Community personnel are
now specifically required to consider the privacy interests of non-U.S. persons
when drafting and disseminating intelligence reports.
Oversight, Training & Compliance Requirements: Intelligence Community
elements have always had strong training, oversight, and compliance programs
to ensure we were protecting the privacy and civil liberties of U.S. persons.
In response to PPD-28, Intelligence Community elements have added new training,
oversight, and compliance requirements. They are developing mandatory training
programs to ensure that intelligence officers know and understand their
responsibility to protect the personal information of all people, regardless
of nationality. We are also adding new oversight and compliance programs
to ensure that these new rules are being followed properly. The oversight
program includes a new requirement to report any significant compliance incident
involving personal information, regardless of the persons nationality,
to the Director of National Intelligence.
JUDICIAL REDRESS FOR CITIZENS OF CERTAIN
In furtherance of its commitment to protecting privacy in the law enforcement
context, the Administration is working with Members of Congress on legislation
to give citizens of designated countries the right to seek judicial redress
for intentional or willful disclosures of protected information, and for
refusal to grant access or to rectify any errors in that information.
NEW PRIVACY PROTECTIONS FOR BULK TELEPHONY METADATA COLLECTED
UNDER SECTION 215
Section 215 of the USA PATRIOT Act authorizes the Government to make requests
to the Foreign Intelligence Surveillance Court (FISC) for orders requiring
production of documents or other tangible things (books, records, papers,
documents, and other items) when they are relevant to an authorized national
security investigation such as an investigation to protect against international
terrorism or clandestine intelligence activities. The vast majority of orders
issued under Section 215 do not seek information collected in bulk; rather,
these orders require the production of a discrete and limited amount of
This authority is also used to require certain telephone communications providers
to produce in bulk telephony metadata, such as telephone numbers dialed and
length of calls. This program was developed to fill an important intelligence
gap identified by the report on the 9/11 attacks by allowing the Government
to detect communications between terrorists who are operating outside the
U.S. and potential operatives inside the U.S. This program does not permit
the government to obtain or listen to the content of anyones telephone
calls. Nor is the Government allowed to sift indiscriminately through the
telephony metadata obtained under this program. Rather, since its inception,
this program has been subject to strict controls and oversight, including:
Requiring the metadata to be stored in secure databases accessible to only
a limited number of trained analysts.
Limiting the access to, and use of, the metadata only for counterterrorism
Prohibiting querying the databases unless there is a reasonable, articulable
suspicion that a particular target identifier (the seed number)
is associated with particular foreign terrorist organizations.
Limiting the access to and use of this metadata only for identifying the
telephone identifiers that are in contact, directly or indirectly, with the
Destroying the information after five years.
New Protections for the Current Program
In response to the Presidents direction in January 2014, this program
was modified by incorporating into the FISC orders authorizing the bulk
collection two forms of enhanced privacy protection:
Previously, the basis for the reasonable, articulable suspicion finding had
to be documented in writing and approved by specifically authorized NSA
officials. The Department of Justice conducted routine oversight of these
decisions to ensure the standard was met. Today, except in emergency
circumstances, reasonable, articulable suspicion findings must also be approved
in advance by the FISC. Thus, except in emergency circumstances, only
court-approved identifiers may be used to query the database.
Previously, NSA was permitted to query the information out to three
hops, or links. Today, queries are limited to two hops. This
means NSA is permitted to develop contact chains by starting with a target
identifier (seed number) and, using telephony metadata records, see what
identifiers communicated with that target (first hop) and which identifiers,
in turn, communicated with the first-hop identifiers (second hop). The limitation
to two hops reduces the number of potential results from each query.
In June 2014, the Office of the Director of National Intelligence released
its first annual statistical transparency report on the use of national security
authorities covering the year 2013. Later this year, the Director of National
Intelligence will issue its second report covering the use of national security
authorities in 2014. In advance of that report, it is appropriate to note
that in 2014 there were 161 target identifiers approved by the FISC to be
queried under NSAs bulk telephony metadata program.
New Protections to be Established by Legislation
In his January 17, 2014 speech, the President directed the Department of
Justice and the Intelligence Community to develop options for a new approach
that would match the capabilities and fill the gaps that Section 215 was
designed to address without the government holding the metadata itself. The
Department of Justice and the Intelligence Community explored a number of
options, including having the metadata held by a third party or leaving the
metadata at the provider.
Based on recommendations from the Department of Justice and the Intelligence
Community, the President proposed that the government end bulk collection
of telephony metadata under Section 215 of the USA PATRIOT Act, while ensuring
that the government has access to the information it needs to meet its national
security requirements. The Intelligence Community and the Department of Justice
have since been working closely with Congress to develop legislation that
would implement the Presidents proposal by leaving the metadata at
To that end, the Administration supported the USA FREEDOM Act, which, if
enacted, would have prohibited bulk collection using (i) Section 215, (ii)
the Pen Registers and Trap and Trace provisions of the Foreign Intelligence
Surveillance Act, and (iii) National Security Letters while maintaining critical
authorities to conduct more targeted collection.
The Attorney General and the Director of National Intelligence stated that,
based on communications providers existing data retention practices,
the bill would retain the essential operational capabilities of the existing
bulk telephone metadata program while eliminating bulk collection by the
government under these legal authorities. The bill would also expressly authorize
an independent voice in significant cases before the FISC.
The Administration was disappointed that the 113th Congress ended without
enacting this legislation. This legislation not only satisfies the
Presidents requirements, but also responds to the recommendations from
the Privacy and Civil Liberties Oversight Board and the Presidents
Review Group on Intelligence and Communications Technology to end the bulk
collection of telephony metadata records under Section 215 of USA PATRIOT
Act as it currently exists.
The Intelligence Community encourages Congress to quickly take up and pass
legislation that would allow the government to end bulk collection of telephony
metadata records under Section 215, while ensuring that the government has
access to the information it needs to meet its national security requirements.
NEW PRIVACY PROTECTIONS FOR INFORMATION COLLECTED UNDER
Section 702 of the Foreign Intelligence Surveillance Act (FISA), which was
added by the FISA Amendments Act of 2008, authorizes the acquisition of foreign
intelligence information concerning non-U.S. persons reasonably believed
to be located outside the United States.
Under Section 702, the government cannot target anyone for collection unless
it has a significant purpose to acquire foreign intelligence information,
the foreign target is reasonably believed to be outside the United States,
and the Government abides by FISC-approved targeting and minimization procedures.
Section 702 cannot be used to intentionally target any U.S. citizen or any
other U.S. person, to intentionally target any person known to be in the
United States, or to target a person outside the United States if the purpose
is to target a person inside the United States.
Collection under Section 702 does not require individual judicial orders
authorizing collection against each target. Instead, Section 702 requires
that the FISC approve procedures to (i) ensure that only non-U.S. persons
reasonably believed to be outside the U.S. are targeted, and (ii) minimize
the acquisition, retention, and dissemination of incidentally acquired
information about U.S. persons.
Activities authorized by Section 702 are subject to oversight by the Judicial
Branch through the Foreign Intelligence Surveillance Court, by the Executive
Branch through the Department of Justice and the Office of the Director of
National Intelligence, and by the Legislative Branch through the Intelligence
and Judiciary Committees of Congress. Directives requiring the production
of information to the Government can be challenged in the FISC by the recipients.
In his January 17, 2014 address, the President asked the Department of Justice
and the Intelligence Community to institute reforms with respect to the
governments ability to retain, search, and use in criminal cases
communications between Americans and foreign citizens incidentally collected
under Section 702.
Subsequently, in July 2014, the Privacy and Civil Liberties Oversight Board
issued a report on Section 702, concluding that the Section 702 program is
lawful and valuable, and that at its core, the program is sound
and making ten recommendations to help the program strike a better
balance between privacy, civil rights, and national security.
As noted above, in response to the Presidents direction and recommendations
from the Privacy and Civil Liberties Oversight Board, the Attorney General
and Director of National Intelligence are placing additional restrictions
on the governments ability to retain, query, and use in evidence in
criminal proceedings communications between Americans and foreign citizens
incidentally collected under Section 702.
First, FBI, CIA, and NSA each are instituting new requirements for using
a U.S. person identifier to query information acquired under Section 702.
As recommended by the Privacy and Civil Liberties Oversight Board, NSAs
minimization procedures will require a written statement of facts showing
that a query is reasonably likely to return foreign intelligence information.
CIAs minimization procedures will be similarly amended to require a
statement of facts for queries of content. In addition, FBIs minimization
procedures will be updated to more clearly reflect the FBIs standard
for conducting U.S. person queries and to require additional supervisory
approval to access query results in certain circumstances.
Second, the new policy re-affirms requirements that the government must delete
communications to, from, or about U.S. persons acquired under Section 702
that have been determined to lack foreign intelligence value. In addition,
the policy requires the Department of Justice and the Office of the Director
of National Intelligence to conduct oversight over these retention decisions.
This change will help ensure that the Intelligence Community preserves only
that information that might help advance its national security mission.
Third, consistent with the recommendation of the Privacy and Civil Liberties
Oversight Board, information acquired under Section 702 about a U.S. person
will not be introduced as evidence against that person in any criminal proceeding
except (1) with the approval of the Attorney General, and (2) in criminal
cases with national security implications or certain other serious crimes.
This change will ensure that, if the Department of Justice decides to use
information acquired under Section 702 about a U.S. person in a criminal
case, it will do so only for national security purposes or in prosecuting
the most serious crimes.
The Intelligence Community has also agreed to address the Privacy and Civil
Liberties Oversight Boards other recommendations, including:
Revising targeting procedures to require additional documentation of the
foreign intelligence value of each target;
Making available to the FISC additional information to help the Court evaluate
the annual certifications in support of collection under Section 702;
Initiating studies to ensure that the Intelligence Community is using the
best filtering technology and techniques to prevent inadvertent collection;
Publicly releasing the minimization procedures of the CIA, NSA, and the FBI;
Evaluating whether NSA can track and publicly release additional statistics
on its collection and use of information obtained pursuant to Section 702;
Supporting the Privacy and Civil Liberties Oversight Boards ongoing
effort examine efforts across the Intelligence Community to assess the efficacy
and relative value of counterterrorism programs.
NATIONAL SECURITY LETTERS
A National Security Letter is an investigative tool, similar to a subpoena,
which is used by the FBI in a national security-related investigation to
obtain limited types of information from companies, such as telephone records
and subscriber information.
When the FBI issues a National Security Letter, by law a senior official,
such as the Special Agent in Charge of a field office, may require that the
recipient company not disclose the existence of the letter, if one or more
statutory standards are met that is, when disclosure may (i) endanger
the national security of the United States, (ii) interfere with a criminal,
counterterrorism or counterintelligence investigation, (iii) interfere with
diplomatic relations, or (iv) endanger the life or physical safety of any
In his January 17, 2014 remarks, the President directed the Attorney General
to amend how we use National Security Letters so that [their] secrecy
will not be indefinite, and will terminate within a fixed time unless the
government demonstrates a real need for further secrecy.
In response to the Presidents new direction, the FBI will now presumptively
terminate National Security Letter nondisclosure orders at the earlier of
three years after the opening of a fully predicated investigation or the
Continued nondisclosures orders beyond this period are permitted only if
a Special Agent in Charge or a Deputy Assistant Director determines that
the statutory standards for nondisclosure continue to be satisfied and that
the case agent has justified, in writing, why continued nondisclosure is
LIMITING SIGINT COLLECTION
Principles of Collection
Section 1 of PPD-28 reinforces four long-standing principles for the collection
of signals intelligence:
The collection of SIGINT shall be authorized by statute or Executive Order,
proclamation, or other Presidential directive, and undertaken in accordance
with the Constitution and applicable statutes, Executive Orders, proclamations,
and Presidential directives.
Privacy and civil liberties shall be integral considerations in the planning
of U.S. SIGINT activities. The United States shall not collect SIGINT for
the purposes of suppressing or burdening criticism or dissent, or for
disadvantaging persons based on their ethnicity, race, gender, sexual
orientation, or religion. SIGINT shall be collected exclusively where there
is a foreign intelligence or counterintelligence purpose to support national
and departmental missions and not for any other purpose.
The collection of foreign private commercial information or trade secrets
is authorized only to protect the national security of the United States
or its partners and allies. It is not an authorized foreign intelligence
or counterintelligence purpose to collect such information to afford a
competitive advantage to U.S. companies and U.S. business sectors commercially.
SIGINT activities shall be as tailored as feasible. In determining whether
to collect SIGINT, the United States shall consider the availability of other
information, including from diplomatic and public sources. Such appropriate
and feasible alternatives to SIGINT should be prioritized.
These principles are based on the understanding that, while the collection
of SIGINT is necessary to protect national security, to advance foreign policy
interests, and to protect U.S. citizens and interests, as well as the citizens
of its allies and partners, from harm, it carries multiple risks to our
relationships with other nations; our commercial, economic, and financial
interests; the credibility of our commitment to an open, interoperable, and
secure global internet; and the protection of intelligence sources and methods.
Accordingly, these principles, which reflect our commitment to privacy and
civil liberties, are incorporated in the PPD-28 procedures of each Intelligence
Community element that collects SIGINT.
In addition to including these four principles in their procedures, Intelligence
Community elements are taking steps to ensure that privacy and civil liberties
are integral considerations in the planning of U.S. SIGINT activities. For
example, NSA has established a dedicated Civil Liberty and Privacy Officer
and CIA has expanded its Privacy and Civil Liberties office. And in response
to PPD-28, these offices are working to ensure that privacy and civil liberties
are integral considerations in the planning of SIGINT activities. For example,
NSA is developing a privacy and civil liberties assessment process to analyze
what data it collects and how it uses the data to better understand the privacy
and civil liberties risks associated with a new and novel collection activity.
Refined Process on SIGINT Targeting
As the President indicated on January 17, 2014, SIGINT collection raises
special concerns given rapidly evolving changes in technology and the unique
nature of the collection itself. Consequently, PPD-28 directed changes to
the process for selecting the targets of SIGINT collection to ensure that
these concerns are considered alongside other risks and benefits.
To do this, the Intelligence Community, in partnership with the National
Security Council, has elevated the process by which SIGINT requirements and
priorities are identified, so that the heads of the relevant departments
and agencies can better evaluate SIGINT collection in light of its potential
risks to national interests and our law enforcement, intelligence, and diplomatic
relationships abroad. The review process of SIGINT collection covered almost
seven dozen countries and organizations and resulted in restrictions on the
current SIGINT collection posture.
These restrictions are now part of the Director of National Intelligences
collection priorities guidance to the Intelligence Community through the
National Intelligence Priorities Framework. In addition, the Director of
National Intelligence has revised Intelligence Community Directive 204 to
reflect the requirement for greater policymaker oversight of the intelligence
priorities process. Finally, the NSA has enhanced its processes to ensure
that targets are regularly reviewed, and those targets that are no longer
providing valuable intelligence information in support of these senior
policy-maker approved priorities are removed.
New Limits on Use of SIGINT Collected in Bulk
As affirmed in PPD-28, the United States must collect some information in
bulk in certain circumstances in order to locate new and emerging threats
vital to the national security. Section 2 of the PPD articulated limits on
the use of SIGINT collected in bulk. Before PPD-28, an Intelligence Community
element could use SIGINT collected in bulk for any authorized reason connected
to that elements mission.
Today, Intelligence Community elements are only permitted to use SIGINT collected
in bulk for six specific purposes: (i) to counter espionage and other threats
and activities of foreign powers or intelligence services against the U.S.
and its interests; (ii) counterterrorism; (iii) counter-proliferation; (iv)
cybersecurity; (v) to detect and counter threats to U.S. or allied armed
forces or other U.S. or allied personnel; and (vi) to combat transnational
criminal threats, including illicit finance and sanctions evasion.
These specific limits require the Intelligence Community to carefully consider
and confirm that all use of SIGINT collected in bulk is for a permissible
Transparency has been a significant focus for the Intelligence Community.
We have declassified and made publicly available a substantial amount of
information over the past 18 months, particularly regarding the
governments use of Foreign Intelligence Surveillance Act (FISA)
authorities. This effort has included:
Developing IC on the Record;
Releasing documents about the governments intelligence activities,
including compliance and oversight assessments;
Releasing opinions and orders from the Foreign Intelligence Surveillance
Publishing the first annual Intelligence Community transparency report disclosing
statistics on the governments use of National Security Letters and
Foreign Intelligence Surveillance Act authorities;
Declassifying aggregate FISA data so that communications providers can make
public additional information about FISA orders they receive;
Releasing unclassified reports on NSAs implementation of Section 702
of the Foreign Intelligence Surveillance Act and its Civil Liberties and
Privacy Protections for Targeted SIGINT Activities under Executive Order
Establishing Principles of Intelligence Transparency for the Intelligence
Community to solidify these practices; and
Making numerous speeches and appearances by Intelligence Community leadership
to explain our activities to the public
Since the launch of IC on the Record on August 20, 2013, the Intelligence
Community has posted more than 250 declassified documents (comprising more
than 4,500 pages) about Intelligence Community activities. The majority of
the declassified documents relate to NSAs bulk telephony metadata program
under Section 215 of the USA PATRIOT Act (Section 501 of FISA); Section 702
of FISA); and NSAs now-discontinued bulk internet metadata collection
program under Section 401 of FISA (i.e., the Pen Register/Trap and Trace
Many of the documents posted about these programs relate to proceedings before
the Foreign Intelligence Surveillance Court, including applications by the
government to authorize or reauthorize programs and significant court opinions.
Other documents that have been posted include NSA training slides for personnel
with access to bulk telephone metadata and U.S. District Court documents
relating to legal challenges to the bulk telephony metadata collection program.
The Intelligence Community has also released documents associated with the
Foreign Intelligence Surveillance Court of Reviews opinion upholding
the constitutionality of the now-discontinued surveillance program under
the Protect America Act and a number of documents about the activities conducted
under the previous Administrations Terrorist Surveillance Program.
In addition to releasing documents, the Intelligence Community has posted
to IC on the Record other information to give context to those documents.
These include videos, audio recordings, and text transcripts of public
engagements and Congressional testimony by senior Intelligence Community
officials; fact sheets; and, recently, a live, online question-and-answer
session between a senior Intelligence Community official and members of the
The release of this information has facilitated public debate about Intelligence
Community policies and practices, and has established a precedent for
transparency going forward. In particular, the Director of National Intelligence
has issued principles to guide our transparency efforts and has established
a senior working group to continue these transparency efforts and proactively
identify new ones.
The Intelligence Community recognizes that continued public support for our
activities to protect our nation and our partners requires the public trust
that can only be achieved with greater transparency.