Defense lntelligence Agency (DIA), Department of Defense (DoD), Domestic Surveillance, Executive Order 12333, Foreign Intelligence Surveillance Court (FISC), Mass Surveillance, National Security Agency - NSA
There are several key documents about Executive Order 12333 that were obtained from the government in response to a Freedom of Information Act lawsuit that the ACLU filed (along with the Media Freedom and Information Access Clinic at Yale Law School) just before the first revelations of Edward Snowden. The documents are from the National Security Agency, the Defense Intelligence Agency, and others agencies. They confirm that the order, although not the focus of the public debate, actually governs most of the NSA’s spying.
In some ways, this is not surprising. After all, it has been reported that some of the NSA’s biggest spying programs rely on the executive order, such as the NSA’s interception of internet traffic between Google’s and Yahoo!’s data centers abroad, the collection of millions of email and instant-message address books, the recording of the contents of every phone call made in other countries, and the mass cellphone location-tracking program. In other ways, however, it is surprising. Congress’s reform efforts have not addressed the executive order, and the bulk of the government’s disclosures in response to the Snowden revelations have conspicuously ignored the NSA’s extensive mandate under EO 12333.
The order, issued by President Ronald Reagan in 1981, strengthens the role of the Director of National Intelligence and imposes the “sole constraints on U.S. surveillance on foreign soil that targets foreigners.” (However, we now know that this EO allows domestic surveillance.)
An Executive Order intended to extend powers and responsibilities of U.S. intelligence agencies and direct the leaders of U.S. federal agencies to co-operate fully with CIA requests for information. This executive order was entitled United States Intelligence Activities . Director of National Intelligence.
It was amended by Executive Order 13355: Strengthened Management of the Intelligence Community, on August 27, 2004. On July 30, 2008, President George W. Bush issued Executive Order 13470 amending Executive Order 12333 to strengthen the role of the DNI.
Information is essential to national security. However, the need for such information has now proven to override an individual’s right to privacy and safety. Part II of Executive Order 12333 states: Collection of such information is a priority objective and will be pursued in a vigorous, innovative and “responsible manner.”
There’s been some speculation, in addition to domestic spying program, that the government relies directly on the order — as opposed to its statutory authority — to conduct surveillance inside the United States.
There’s a key difference between EO 12333 and the two main legal authorities that have been the focus of the public debate — Section 215 of the Patriot Act and the FISA Amendments Act, which the government relies on to justify the bulk collection of Americans’ phone records and the PRISM program. Because the executive branch issued and now implements the executive order all on its own, the programs operating under the order are subject to essentially no oversight from Congress or the courts. That’s why uncovering the government’s secret interpretations of the order is so important. We’ve already seen that the NSA has taken a “collect it all” mentality even with the authorities that are overseen by Congress and the courts. If that history is any lesson, we should expect — and, indeed, we have seen glimpses of — even more out-of-control spying under EO 12333.
Here are some of the most significant things these records show:
The documents confirm our suspicions that the NSA relies heavily on EO 12333 and that the order, therefore, deserves far more scrutiny than it has received. This vindicates those who’ve been warning us about the scope of the NSA’s surveillance activities under the executive order — including a former State Department official who has tried to draw attention to its wide-ranging uses.
Here’s how the NSA itself describes EO 12333 in an internal surveillance manual from 2007 (all highlighting is added):
And here’s a similar description from a “Legal Fact Sheet” on the executive order, which the NSA produced exactly two weeks after the first Snowden disclosure:
In other words, EO 12333 is the main game in town for NSA surveillance. Of course, the debate about reforms to Section 215 and the FISA Amendments Act is tremendously important to Americans’ privacy. But those authorities, while dramatically overbroad, pale in comparison to the executive order.
The documents make it clearer than ever that the government’s vast surveillance apparatus is collecting information — including from Americans — about much more than just terrorist threats. The government generally defends its sweeping surveillance authorities by pointing to the threat of terrorism. But the truth is that its surveillance powers bear little relationship to that narrow goal. They reach far more broadly, allowing the government to monitor any international communication that contains “foreign intelligence information.” That phrase is defined so nebulously that it could be read to encompass virtually every communication with one end outside the United States.
Some commentators have worried that the government could use this broad surveillance power to conduct economic espionage or to spy on Americans it hoped to convert into confidential informants.
According to at least this internal Defense Department presentation, the concerns are real (N.B.: “USPs” refers to “U.S. persons,” which the government defines as American citizens or organizations, as well as legal residents):
The documents openly acknowledge the word games that the government plays when describing its surveillance. Two of my colleagues have previously highlighted the NSA’s “vocabulary of misdirection — a language that allows [it] to say one thing while meaning quite another.” One of the slippery words that the NSA uses is the seemingly straightforward “collect,” which the NSA has redefined to let it simultaneously acquire huge amounts of data while denying that it is “collect it all” ‘anything at all.”
If there is a national security predicate to collect against a U.S. person, stringent collection approvals and oversight apply. The order calls for the “least intrusive collection techniques feasible within the United States or directed against United States persons abroad.”
According to Directive 28, “American intelligence is not authorized to apply “electronic surveillance, unconsented physical searches, mail surveillance, physical surveillance, or monitoring devices” unless approved by the head of an agency requesting the coverage as well as the attorney general.”
Obama did note that it’s unclear just how, and where, to transfer the data without creating different sets of potential abuses. So he tasked the attorney general and the director of national intelligence to figure out a way before March 28, the date when the law authorizing metadata collection comes up for renewal. The proposal to change who’s storing the metadata would have to be approved by Congress. So we’ll see how it works out.
Another eye-catching reform, which the commission did not propose but Obama or someone at the White House devised on his own (and does not require an act of Congress), is to cut the number of “hops” that the NSA can make, in fanning out its surveillance, from three to two. This is a bigger deal than it might seem. Metadata analysis tracks traffic patterns in phone calls.
An “intelligence law handbook” disclosed by the Defense Intelligence Agency acknowledges this misdirection, admonishing intelligence analysts to “adjust” their surveillance vocabulary. It is a case study in Orwellian doublespeak:
Finally, the candid tone of the DIA handbook is striking. Its frank discussion of government surveillance authority would serve the public far better than the dissembling and obfuscation we too often see from the government in describing its powerful spying tools.
Here’s a characteristic passage from the handbook:
This can be hard to grapple with given several of the weighty questions surrounding the scope of the government’s surveillance authority. It’s worth asking whether those policy debates had to take place in secret. Based on these documents, it’s clear that they should have taken place in public. However, that would probably foil their plot to spy on us without our knowing.
- Executive Order 13470
- Executive Order: Further Amendments to Executive Order 12333, United States Intelligence Activities, White House, July 31, 2008
- “Bush Orders Intelligence Overhaul”, by Associated Press, July 31, 2008
- Measured how phone metadata is closely interconnected, easily identifiable, and highly sensitive.
- Showed how the NSA’s foreign Internet rules cover ordinary Americans.
(President Obama’s intelligence review group referenced this research.)
- Corrected the Obama and Romney campaigns on web privacy.
- Collaborated with Cal DOJ to bring privacy policies to mobile apps.
- Spotted companies circumventing a Safari privacy feature.
(This research contributed to a record-breaking FTC penalty.)
- Built FourthParty, a platform for measuring dynamic web content.
- Proposed a Do Not Track technology and policy standard.
(Many others have worked on Do Not Track, of course.)