A coalition of more than 30 civil liberty groups says that a potential change in how the National Security Agency shares data with other US agencies could jeopardize millions of Americans' privacy.
The group that includes the American Civil Liberties Union and the Electronic Frontier Foundation is urging the NSA not to pursue efforts to more widely distribute intelligence information it gathered for fear it would give law enforcement agencies access to warrantless domestic surveillance.
"Sharing such information with US law enforcement agencies would allow them to circumvent the strict, constitutionally mandated rules of evidence gathering that govern ordinary criminal investigations,” according to a letter sent Thursday to NSA Director Adm. Michael Rogers and Director of National Intelligence James Clapper.
The open letter addresses pending rule changes that came to light in February. According a New York Times story, those changes could potentially allow the FBI to search the raw NSA data in criminal cases.
Intelligence officials, however, say making changes to how US intelligence agencies share day is key to removing barriers between federal agencies that were widely criticized after the 9/11 attacks.
The heart of the debate is whether and how federal intelligence agencies should be allowed to share raw data — including data belonging to or concerning US citizens — that the NSA collects abroad.
The Office of the Director of National Intelligence has been working on the rule change, in consultation with the Department of Defense, the Department of Justice, and the Privacy and Civil Liberties Oversight Board since 2008, according to the Times. However, the February report was the first time any details of the proposed changes had been made public.
Thursday’s letter was harshly critical of the Director of National Intelligence for not making the rule changes public or involving civil liberties groups in its deliberations.
"The fact that this change is going forward without Congressional authorization or advance public disclosure is not consistent with the commitments the intelligence community has made to greater transparency," said Neema Guliani, a legislative counsel for the American Civil Liberties Union, in an e-mail to Passcode. "To fulfill that commitment, the proposed change should be halted until Congress and the public have information about the rule change and its impact on civil liberties."
After the Times story came out, two members of the House Oversight and Government Reform Committee, Rep. Ted Lieu (D) of California and Rep. Blake Farenthold (R) or Texas expressed concerns about how the changes could affect Americans' privacy.
"Some, or perhaps much, of the information the NSA collects would not have passed the probable cause test for a warrant," they wrote in their own letter to Adm. Rogers. "Domestic law enforcement agencies — which need a warrant supported by probable cause to search or seize — cannot do an end run around the Fourth Amendment by searching warrantless information collected by the NSA."
At issue is Executive Order 12333, which governs how the NSA handles communications it gathers abroad. This relatively obscure order came to widespread public attention when former State Department official John Napier Tye penned a Washington Post Op-Ed that accused the NSA of using a loophole in the order to scoop up millions of Americans' data and search it without a warrant. The NSA collects overwhelming amounts of US phone and Internet data under EO 12333, according to Mr. Tye.
"The government should normally have to apply to a court for a warrant to get access to Americans' communications," Tye told Passcode in an e-mail. "But in this case they say they don't need a warrant because this is ‘incidental’ collection, meaning Americans supposedly weren't the targets for collection."
EO 12333 gives the NSA legal authority to collect foreign communications abroad, while amendments to the Foreign Intelligence Surveillance Act (FISA) lets it collect foreign communications that traverse US soil. However, both ingest large amounts of US data. The NSA can keep that data as long as that collection is "incidental" to the collection of foreign intelligence, meaning Americans weren’t specifically targeted.
Before 9/11, the NSA had to clean Americans' data out of intelligence it gathered under both EO 12333 and the FISA Amendments Act before sharing that intelligence with other agencies.
President George W. Bush changed that in August 2008, in response to widespread criticism that US intelligence agencies had not shared critical intelligence in the lead up to 9/11. The new rules are meant to implement Bush's changes to EO 12333.
A similar change went into effect in 2002. Under secret rulings by the FISA court, the NSA can now share raw data collected under Section 702 of the FISA Amendments Act with the CIA and the FBI. Those rulings also allow the FBI to search that data for information relating to both domestic law enforcement and foreign intelligence.
Federal law specifically exempts the FBI from reporting how often it searches 702 data, but the agency did say it "believes the number of queries is substantial," according to a June 2014 report by the Office of the Director of National Intelligence.
Privacy advocates argue that the new changes to EO 12333 rules could open the same door to using foreign intelligence for domestic law enforcement.
"The effect is that for the first time the FBI is getting direct access, with no warrant, to millions of innocent Americans' personal communications, so they can look for things they don't like," Tye said. "If it wasn't clear before, it is now — the FBI can see everything you do online."
US officials dispute that claim.
The revised procedures will allow only the NSA to share raw data with other elements of the Intelligence Community, according to Timothy Barrett, a spokesperson for the Office of the Director of National Intelligence.
While that includes the FBI, the agency will only be able to use the data for "authorized foreign intelligence and counterintelligence purposes," Mr. Barrett said. He said it won't use the data for law enforcement purposes. Moreover, he said, the FBI and other agencies that access the data will have to apply the same privacy safeguards as the NSA does.
"The procedures respond to the widely recognized lesson learned from the 9/11 attacks that intelligence should not be 'stove-piped,' " he said. "Instead, it should be shared responsibly within the Intelligence Community.”