Pentagon Issues First Update To Domestic Surveillance Guidelines In 35 Years, Not All Of It Good

from the fixes-need-fixing dept

Cody Poplin at Lawfare points out that the Defense Department has just issued an update on rules governing its intelligence collection activities -- the first major update in over 30 years. These would directly affect the NSA, which operates under the Defense Department.

The most significant alteration appears to be to retention periods for US persons data. While everything is still assumed to be lawful under Executive Order 12333 and DoD Directive 5240.1, the point at which a record is deemed to be "collected" -- starting the clock on the retention period -- has changed.

Under the new rules, “collection” occurs “upon receipt,” whereas the previous manual defined “collection” as occurring when the information was “officially accept[ed] … for use.” The change ensures that all protections governing even the incidental collection of U.S. personal information (USPI) applies upon receipt of that information. The clock starts to run as soon as information is collected, meaning that collected information must be promptly evaluated to determine the proper retention period.

This should result in better minimization of incidentally-collected US persons info as the determination must be made shortly after harvesting, rather than waiting until the collected data is queried. This likely means the NSA may be making more efforts to head off incidental collection, as leaving things the way they are will now result in additional logistics headaches.

This doesn't necessarily mean incidentally-collected info will be swiftly disposed of. The DoD can still hold onto this data for five years. And, if the target of the incidental collection leaves the country during that retention period, the DoD can hold onto the data for a quarter-century.

Info on US persons/entities (still located in the US) is also being granted additional protections, including enhanced minimization procedures for dissemination of collected data to other agencies and other countries.

The NSA will also be expected to make additional trips to the FISA court.

[T]he new manual incorporates new physical search rules that reflect changes to the Foreign Intelligence Surveillance Act since 1982. These include requirements to obtain a FISA warrant for nonconsensual physical searches conducted inside the United States and for targeted collection of U.S. person information outside the United States.

Most of this appears to be changes for the better -- something that likely wouldn't have occurred without Snowden's leaked documents. The last change to these rules was made back in 1982 when no one had any idea the wealth of communications content and data that would be travelling around the globe in digital form.

But a closer look at the details -- especially the part pertaining to "special circumstances" that alter the rules of collection and retention -- suggests there still may be a few exploitable loopholes that would allow the NSA to target US persons and entities.

If DoD agencies wish to target a US person (whether at home or abroad), they're instructed to use the "least intrusive" method of surveillance: public sources. If the information sought can't be found there, the next step is to seek cooperation from other sources that may have the same info. This is basically a consensual search, but involving third parties. The last step is to seek top-level approval from the DoD's general counsel. This will provide some additional oversight, but still makes it a mostly "in-house" process -- something that's not exactly comforting.

The additional restrictions on the collection of US persons in the US seem to limit potential abuse/misuse of surveillance tools.

Other specific limitations apply to collection of USPI inside the United States, including that the information may be collected only if 1) the information is publicly available or 2) the source of the information is advised or otherwise aware that he or she is providing the information.

But the list of exceptions to these limitations appears to directly remove these two stipulations.

In the event that neither or the two previous requirements are met, the Defense Intelligence Component may employ collection methods that are directed at the United States if a) the foreign intelligence is significant and the collection is not undertaken for the purpose of acquiring information about a U.S. person’s domestic activities; b) the intelligence cannot be obtained publicly or from sources who are advised they are providing information to the DoD; or c) the Defense Intelligence Component head concerned or a single delegee has approved as being consistent with the manual and its outlined procedures the use of techniques other than the collection of publicly available information or from an informed source.

Reading these both together suggests that if the DoD can't obtain the info it's seeking from public/advised sources, it can use that limitation as a reason to deploy supposedly foreign-facing surveillance methods against US persons. If that's the correct reading (and the "or" -- rather than an "and" -- in the list of requirements suggests it is), the limitations on domestic surveillance are mostly meaningless.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 17 Aug 2016 @ 12:14pm

    Guidelines....

    When it comes to government... these guidelines are only for telling the Citizens what they WANT them to know.

    Anyone believing they will follow them is another story itself.

    American citizens are tools!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Aug 2016 @ 12:21pm

    Loopholes don't matter

    NSA conduct has repeatedly demonstrated that, while they enjoy having a loophole to cite if they get caught, they're perfectly comfortable violating the law, rules, regulations, or any other constraints, if they think they will get away with it. Experience to date says that they almost always get away with it, both at the individual and institutional levels. So while it is nice to see that now a few more things might be explicitly against the rules, I doubt it will change their behavior. At best, it will force their PR disclosures to be a little less truthful, so that the PR says they are following the new rules, even when they are flouting them.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Aug 2016 @ 1:55pm

    Should define what "public" means in this case. If it is public as in "third party doctrine says you have no expectation of privacy" public, then it's still extraordinarily intrusive. Your utility companies, your cell phone provider, places you shop at, online services you use, the place you buy a car at, your ISP - they all sell your personal information. It's often aggregated into services like LexisNexis.

    That's an issue with the (lack of) legal norms in regards to handling private information on the commercial end more than anything else. If more people educate themselves on that and lobby for laws to drastically limit the amount and fidelity of data that companies are permitted to sell/exchange/give away on their customers, it would dry up this data source for private actors, commercial actors, law enforcement, the intelligence community, stalkers, voyeurs, employers, and anyone else who has an insatiable obsession with the most intimate details of the lives of others. And the intelligence community would likely be back to where it was before with scouring through data collected overseas for "incidentally collected" information on U.S. persons.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Aug 2016 @ 3:32pm

    Meet the new ('change') President,

    same as the old President.

    Obama may be a better lawyer than previous Presidents, but that doesn't make him any more ethical -- just more "legal".

    reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 17 Aug 2016 @ 4:21pm

    I will believe it when i see it. or more likely I will not be shocked when it is leaked that they ignored the new rules and continued doing what they wanted instead.

    reply to this | link to this | view in chronology ]

  • icon
    Tom Mink (profile), 17 Aug 2016 @ 6:19pm

    It's scary that the justification for escalating to more intrusive methods is 'we didn't find out what we wanted to know'. In a sane world, there would be an element of proportionality that weighed the importance of the expected findings against the invasion of privacy.

    I'm not sure how that would work. Maybe a neutral third party would _judge_ what sort of action the situation would_warrant_

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Aug 2016 @ 2:00am

    AKA

    The, do whatever the fck you like, policy

    reply to this | link to this | view in chronology ]

  • icon
    partofme (profile), 18 Aug 2016 @ 7:40am

    This Article is Erroneous

    The Lawfare article had an error that you reproduced. In the original, it's an 'and', not an 'or':

    Limitations on the Collection of Foreign Intelligence in the United States. A Defense Intelligence Component may only collect foreign intelligence concerning U.S. persons in the United States if:

    (1) The information is publicly available;

    (2) The source of the information is advised or is otherwise aware that he or she is providing information to DoD or a Defense Intelligence Component; or

    (3) The Defense Intelligence Component employs other sources or methods of collection in or directed at the United States and all of the following conditions are met:

    (a) The foreign intelligence sought is significant and collection is not undertaken for the purpose of acquiring information about any U.S. person’s domestic activities.

    (b) The foreign intelligence cannot be reasonably obtained from publicly available information or from sources who are advised, or are otherwise aware, that they are providing information to DoD or a Defense Intelligence Component.

    (c) The Defense Intelligence Component head concerned or a single delegee has approved, as being consistent with this issuance, the use of techniques other than the collection of information from publicly available information or from sources who are advised or are otherwise aware that they are providing information to DoD or a Defense Intelligence Component. The Defense Intelligence Component will provide a copy of any such approval to the USD(I) and the DoD SIOO.

    reply to this | link to this | view in chronology ]

  • identicon
    JB smith, 20 Aug 2016 @ 8:30am

    rfid implants take away our basic human/constitutional rights

    The American Reinvestment and Recovery Act and the brain initiative are the worst scams ever perpetrated on the American people. Former U. S. Surgeon General Regina Benjamin Warns: Biochips Hazardous to Your Health: Warning, biochips may cause behavioral changes and high suicide rates. State Attorney Generals are to revoke the licenses of doctors and dentists that implant chips in patients. Chip used illegally for GPS, tracking, organized crime, communication and torture. Virginia state police have been implanting citizens without their knowledge and consent for years and they are dying! Check out William and Mary’s site to see the torture enabled by the biochip and the Active Denial System. See Terrorism and Mental Health by Amin Gadit or A Note on Uberveillance by MG & Katina Michael or Safeguards in a World of Ambient Intelligence by Springer or Mind Control, Microchip Implants and Cybernetics. Check out the audio spotlight by Holosonics. The truth is the biochip works like a sim card. It received pulsed modulated laser beams and millimeter wave which it converts into electromagnetic waves that your brain interprets into digital images and sound. It then takes what your brain sees and hears and converts electromagnetic waves into digital and acoustic waves that a computer translates into audio and video. In other words, it allows law enforcement to see what you see, hear what you hear and communicate directly with your brain.

    “Former Defense Advanced Research Projects Agency (DARPA) director and now Google Executive, Regina E. Dugan, has unveiled a super small, ingestible microchip that we can all be expected to swallow by 2017. “A means of authentication,” she calls it, also called an electronic tattoo, which
    takes NSA spying to whole new levels. She talks of the ‘mechanical mismatch problem between machines and humans,’ and specifically targets 10 – 20 year olds in her rant about the wonderful qualities of this new technology that can stretch in the human body and still be functional. Hailed as a ‘critical shift for research and medicine,’ these biochips would not only allow full access to insurance companies and government agencies to our pharmaceutical med-taking compliancy (or lack thereof), but also a host of other aspects of our lives which are truly none of their business, and certainly an extension of the removal of our freedoms and rights.” Google News

    The ARRA authorizes payments to the states in an effort to encourage Medicaid Providers to adopt and use “certified EHR technology” aka biochips. ARRA will match Medicaid $5 for every $1 a state provides. Hospitals are paid $2 million to create “crisis stabilization wards” (Gitmo’s) where state police torture people – even unto death. They stopped my heart 90 times in 6 hours. Virginia Beach EMT’s were called to the scene. Mary E. Schloendorff, v. The Society of New York Hospital 105 N. E. 92, 93 (N. Y. 1914) Justice Cardozo states, “every human being of adult years and sound mind has a right to determine what shall be done with his own body; and a surgeon who performs an operation without his patient’s consent, commits an assault, for which he is liable in damages. (Pratt v Davis, 224 Ill. 300; Mohr v Williams, 95 Minn. 261.) This case precedent requires police to falsely arrest you or kidnap you and call you a mental health patient in order to force the implant on you. You can also be forced to have a biochip if you have an infectious disease – like Eboli or Aids.

    Coalition of Justice vs the City of Hampton, VA settled a case out of court for $500,000 and removal of the biochip. Torture is punishable by $1,000 per day up to $2 million; Medical battery is worth $2.05 million. They told my family it was the brain initiative. I checked with the oversight board, and it is not! Mark Warner told me it was research with the Active Denial System by the College of William and Mary, the USAF, and state and local law enforcement. It is called IBEX and it is excruciating. I have had 3 surgeries at the site of the implant and need another. It causes cancer! I've been tortured for 8 years by Virginia law enforcement. Thousands of innocent Virginians are being tortured and murdered by criminal cops. Please help us get the word out to end these heinous atrocities. The pain is 24/7. The VA DCJS sent me a letter stating cops can get keys to anyone's home and steal anything they please. The governor knows and takes his cut. Senator Kaine said the FBI is not involved so he can't help. Check out Virginia's Casual Disregard for the Constitution at forbes dot com. Check out Richard Cain's case. They are torturing infants and children. The active denial system comes in rifle form and can murder without leaving a mark. I have had two heart attacks and am blessed to be alive. We need to make the nation aware to stop these thugs. Now a Dr. Whaley of the Medical Examiner’s office reports covering up murders by cops and selling brains for $6250 each to the NIH. Beware of Riverside and Dr. Nicole Nelson and Sentara Hospital. Beware of Dr. Lawrence Chang, Pariser Dermatology, and Dr. Denis Cruff and Hampton Sentara Surgeons and Tidewater Multi-specialty Group and Dr. Elizabeth Cooper. Most of all, beware of state and local police in Virginia. Please help us. If you don't think it can happen to you, you're wrong. Heidi Heightkamp states cops are using it for personal vendetta's.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.