DecryptedTech

Saturday13 August 2022

CIA Found to have Run Bulk Data Collection Program that May Have Mishandled US Citizen Data.


Reading time is around minutes.

On December 4th, 1981, then President Ronald Regan signed Executive Order 12333. This Order, further amended by EO13284 in 2003, 13355(2004) and 13470(2008), is what grants and governs the collection of intelligence by Federal agencies. These agencies include the NSA, the CIA and to a lesser extent the FBI and Department of Homeland Security. The collection of information includes what is often referred to as signal intelligence. This type of intelligence if the collection of any information that is transmitted via electronic means. This wonderful blanket definition has been the basis of many borderline illegal data collection programs and a few outright illegal ones.

Since its original signing, it has been amended a few times. Each new amendment expands the powers of intelligence agencies to operate, and in most cases gives them permission to operate outside of the FISA court jurisdiction (FISA has their own problems). If you take the time to read the original EO and then all the amended material, you get an idea that the original intent was to allow Intelligence agencies the ability to operate without a ton of red tape so that they did not miss out on information that might be vital to the protection of the United States. Taken on its own a laudable goal. However, that is not how things tend to work in most federal agencies as we see what appears to be the unavoidable politization of federal intelligence agencies.

The revelations from Edward Snowden showed us that the NSA and other intelligence agencies were manipulating and abusing this EO and even the FISA court process to gather as much information as they could. Intelligence gathered included data and communications from American Citizens. The NSA and others claimed it was only the meta data and not the actual communications themselves although it was later found that this claim was not entirely true. There was a lot of actual data that was collected in their bulk signal intelligence gathering programs. There were also indications that some of this gathering was by design and not incidental collection.

Now we are hearing that the CIA is and has been engaging in the same type of bulk data collection the NSA was (and still is). The biggest difference here is that the collection programs never once went to FISA, they were all operating under the authority of EO12333 (and its amendments). Despite wording in the EO that states, "Inform the Attorney General, either directly or through the Federal Bureau of Investigation, and the Director of clandestine collection of foreign intelligence and counterintelligence activities inside the United States not coordinated with the Federal Bureau of Investigation". The EO also references the IRTPA (Intelligence Reform and Terrorism Prevention Act) of 2004 several times including SEC 1018 which basically says that data collection cannot be outside of statutory regulations and details the laws that cover it.

One key aspect of the IRTPA was to create a new body designed to protect individual privacy and civil liberties. The new body would ensure that the newly granted powers to prevent terrorism did not violate or compromise either. The new body would be called the Privacy and Civil Liberties Oversight Board. As outlined in Section 1061 of the IRTPA.

“(2) This potential shift of power and authority to the Federal Government calls for an enhanced system of checks and balances to protect the precious liberties that are vital to our way of life.”

It was this board that actually first reported on the abusive data collection by the CIA. The state rather clearly that the CIA through its collection of data about foreign entities also collected data about Americans and mishandled this information. They further state that the collection was “entirely outside the statutory framework that Congress and the public believe govern this collection, and without any of the judicial, congressional or even executive branch oversight that comes from [Foreign Intelligence Surveillance Act] collection.”

This would seem to not only violate the amended EO, but the IRTPA as well since both say that ANY intelligence collection that directly or incidentally involves US citizens is subject to statutory frame works as outlined in Section 1018. It seems like someone did not get the memo here. I also wonder if the CIA in this instance forgot to alert the Attorney General about the collection or potential collection of US citizen data as part of their gathering program.

It is clear that a lot more work needs to be done to protect the privacy and civil liberties of US citizens. Unfettered and unchecked bulk data collection without any oversight continues to be abused by federal agencies all under the guise of national security. There are calls for greater transparency in any data collection, but they just seem like lip service at this stage to be perfectly honest. Instead of transparency there needs to be a review and revision of the current EOs and laws that govern this type of collection.
There should never be a chance of bulk collection of US Citizen data. If there is a legitimate need to target an individual or group, then there must be a process to prove the need and not the currently abused system under FISA. There also should be sever consequences when these laws are violated.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.