In the dark comedy, Burn After Reading, two senior CIA officials discuss an incident in which they don’t know what happened, but resolve not to do it again, whatever it was. Reverse this situation and you see where the CIA is leaving Congress and the public.
What we know: Thanks to a report declassified last week by the Privacy and Civil Liberties Oversight Board (PCLOB), we know the CIA has collected bulk data on Americans without any apparent statutory authority or clear oversight.
We also know that when a CIA analyst under this program examines information relating to a U.S. citizen, a pop-up box helpfully reminds that analyst that there must be a foreign intelligence purpose for the query. Thanks to a set of PCLOB recommendations made public, however, we know that the analysts are not required to memorialize their foreign intelligence purpose to justify snooping on an American citizen. “As a result, auditing or reviewing U.S. Person (USP) queries is likely to be challenging and time-consuming,” PCLOB reports. Without a clear record of what happened, civil liberties can be trampled at will.
The Burn After Reading jokes write themselves.
Overall, the CIA appears to have acted as if the reforms and clear intent of Congress after the 2013 Edward Snowden revelations of NSA’s wide scale mass surveillance had never occurred. The CIA roots its surveillance authority under no law, just an executive order known as 12333. The CIA program, described by a heavily redacted but declassified report, informs us that the agency’s focus was on financial information to combat possible terrorism from ISIS and ISIL.
In short, the CIA is collecting the personal information of Americans without effective oversight or even the loose legal authorities of the Foreign Intelligence Surveillance Act that govern the collection activities of the NSA and FBI.
What we don’t know: The scope of this program or the sources of its information. Was it purely a measure to fight counterterrorism, or were there other elements? In light of high tensions with Russia and China, is this program now being expanded for intelligence beyond terrorism? In addition to financial information, are there other kinds of content the CIA is accessing from Americans?
The report doesn’t fully clarify the potential for unmasking Americans whose information is collected. The CIA report does describe what seems to be a tight policy governing unmasking, but the report still notes that “limitations on the retrieval and review of USP identifying information are not absolute.”
Most critically, we don’t know if the CIA is accessing this data through the purchase of Americans’ personal information from data brokers. This practice is widespread throughout U.S. intelligence agencies and law enforcement, one in which the Constitutional requirement for a probable cause warrant is defeated by simply buying Americans’ data. If the CIA is obtaining Americans’ information in this way, which many observers deem likely, it is yet another reason why Congress should pass The Fourth Amendment Is Not for Sale Act to restore the need for warrants before accessing Americans’ information.
What we need to know: Clearly, this tantalizing limited revelation leaves too many questions unanswered. Senators Ron Wyden and Martin Heinrich are pressing for the public release of the full PCLOB report on CIA surveillance. Toward this end, it would be helpful if Sen. Dick Durbin and Rep. Jerry Nadler, the respective chairs of the Senate and House Judiciary Committees, were to schedule hearings to get to the bottom of the CIA’s activities, as well as on the scope of government purchasing of Americans’ data from data brokers.
PPSA Senior Advisor and former House Judiciary Committee Chairman Bob Goodlatte called such hearings “urgent and essential.” Americans deserve to know how some of our most personal information is being used by a program that is truly lawless.