Cybersecurity , Legislation , Legislation & Litigation

Administration Modifies Data Collection Rules

New Policy Retains Bulk Collection Program Snowden Revealed
Administration Modifies Data Collection Rules
President Obama talks with his adviser Lisa Monaco. (White House photo)

The Obama administration has taken new, but modest steps to limit the ability of intelligence agencies to collect data on individuals, but the new policy doesn't put an end to the bulk collection program revealed by former National Security Agency contractor Edward Snowden (see New Snowden Leak Details NSA Collection Program).

See Also: How Tri-Counties Regional Center Secures Sensitive Files and Maintains HIPAA Compliance

"It's a step forward, but they're baby steps compared to the step that needs to be taken," says Gregory Nojein, senior counsel for the advocacy group Center for Democracy and Technology. "And that step is the ending of bulk collection of communications and communications metadata about people who have nothing to do with terrorism or other crimes."

The new policy, announced Feb. 3 by the Office of the Director of National Intelligence, identifies six situations in which intelligence agencies can collect bulk data: To counter foreign spying, thwart terrorism, prevent nuclear proliferation, safeguard cyberspace, detect threats to U.S. and allied armed forces and combat transnational criminal threats.

The new policy requires intelligence agencies to delete the bulk data they collect after five years unless the DNI, with advice from government privacy and civil liberties officials, determines that the information is needed for intelligence investigations.

Existing practices did not put a time limit on how long bulk data collected on foreigners could be used. Under current law, intelligence agencies cannot keep non-relevant information collected on Americans for more than five years.

National Security Letters Disclosures

The new rules also modify how the government uses national security letters - documents the FBI sends to communications companies to obtain information about subscribers and phone calls. Until now, companies have been forbidden to disclose these letters' existence. As a result of the changes, companies can disclose the existence of the letters after three years, though the FBI could prevent disclosure if it justifies in writing the continued secrecy.

"As we continue to face threats from terrorism, proliferation and cyber-attacks, we must use our intelligence capabilities in a way that optimally protects our national security and supports our foreign policy while keeping the public trust and respecting privacy and civil liberties," says Lisa Monaco, assistant to the president for homeland security and counterterrorism.

The Obama administration supports ending the bulk collection program, but wants to do so through a new law. Bulk collection was authorized through the USA Patriot Act, which Congress enacted shortly after the Sept. 11 terrorist attacks. Legislation introduced in the last Congress, the USA Freedom Act, would ban bulk collection. Congress failed to enact the USA Freedom Act, but the bill is expected to be reintroduced in the current Congress.


Center for Democracy and Technology's Gregory Nojein on Congress' options on reforming the bulk collection law .

Sen. Patrick Leahy, D-Vt., who sponsored the Senate version of the USA Freedom Act in the last Congress, says he welcomes the administration's continued support for the legislation. "With Section 215 of the Patriot Act expiring on June 1, Congress will have to engage in a meaningful discussion about Americans' right to privacy," Leahy says, referring to the part of the Patriot Act that authorized bulk collection.

Why Wait?

But Sharon Bradford Franklin, executive director of the Privacy and Civil Liberties Oversight Board, says the USA Freedom Act isn't needed to end the bulk collection program, citing a board assessment issued last week maintaining that the president can act on his own to halt it.

The Privacy and Civil Liberties Oversight Board is an independent executive branch agency, with its members nominated by the president and confirmed by the Senate, which provides oversight on national security initiatives to assure the protection of Americans' privacy rights and civil liberties.

The board as well as some civil libertarians argue the Section 215 of the Patriot Act is unconstitutional because it seriously threatens the privacy and civil liberties of Americans.

The administration, in its new policy, adopted another oversight board recommendation to create and release, with minimal redactions, declassified versions of the current procedures that govern the way the CIA, FBI and NSA use information collected from bulk collection. Known as minimization procedures, they cover the acquisition, use, dissemination and retention of information, including the masking of the identity of Americans mentioned in communications.

Increased Transparency

Franklin says these changes improve transparency in the way the intelligence agencies handle data. "This shows some of the safeguards that are in place to protect incidentally collected information about U.S. persons under the 702 programs," she says.

Section 702 of the Foreign Intelligence Surveillance Act details how American intelligence agencies can collect information about non-Americans overseas. But in the process of culling that intelligence, information about Americans might be collected, which is illegal.

The director of national intelligence issued the new policy more than 12 months after Obama directed a series of signals intelligence reforms designed to ensure that the nation's intelligence activities are carried out with appropriate oversight and respect for civil liberties and privacy (see Obama Hints of Changes in Surveillance Program).


About the Author

Eric Chabrow

Eric Chabrow

Host & Producer, ISMG Security Report; Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow hosts and produces the semi-weekly podcast ISMG Security Report and oversees ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.