Just days before Donald Trump takes office, the director of national intelligence and attorney general have issued new procedures that undermine Americans’ right to privacy and Fourth Amendment constitutional protections. These procedures will allow the NSA to share with other intelligence agencies “raw intelligence” that it collects while conducting mass surveillance under Executive Order 12333, which has been in effect since 1981. Raw intelligence just what it sounds like—emails and phone calls and anything else that the NSA collects during its daily surveillance. These records aren’t minimized or redacted to mask identifying information.
The previous procedures allowed for the NSA to share this information with other intelligence agencies, but only after it had been minimized to protect individuals’ privacy, and only if it was pertinent to their mission.
These new, more lax procedures are extremely troubling because thanks to legal loopholes, EO 12333 is used to scoop up billions of communications around the world every day, including those of Americans, without a warrant or any judicial—or even congressional—oversight. The idea behind EO 12333 was that it govern NSA collection of purely foreign communications. That collection didn’t need judicial or congressional oversight because if all the people in those communications were abroad, they weren’t entitled to the protections of our laws.
That all made sense when President Reagan signed the order, but today, the NSA uses EO 12333 to tap the cables that connect the internet across the world. An email I send from my office to a colleague just one floor down could travel between servers in Japan and Brazil before getting to its destination, and could get picked up by the NSA along the way as a “foreign communication.” Accordingly, the NSA has a virtually unchecked authority to warrantlessly collect Americans communications.
All of this is troubling in and of itself, but it becomes even more concerning in light of the new procedures that allow the NSA to share the information it collects with other intelligence agencies, without first trying to screen out Americans’ communications or identifying information. The procedures say that a high-level official at an agency like the FBI could make an application to the NSA for the communications that state the specific “authorized foreign intelligence or counterintelligence missions that are the basis for the request.”
This may seem reasonable, until you realize that “foreign intelligence” is really a catch all that can include most anything happening abroad. EO 12333 defines it as “information relating to the capabilities, intentions and activities of foreign powers, organizations or persons.” Don’t let the “organizations or persons” part of that definition hide behind the more important-seeming term “foreign powers.”
That definition means that “foreign intelligence” includes communications about political and human rights activities, like if you send an email as part of an Amnesty International campaign to free a political prisoner. It can include anything impacting the economy—even a mom-and-pop coffee shop’s email about a business trip to Europe to procure the finest French chocolate for their cookies. It can even be stretched to include social plans you make for your vacation abroad.
Now, is the FBI likely to ask to see the chocolate emails when it requests raw foreign intelligence information under these procedures? No. But despite some process-oriented protections built into the procedures, with no external oversight or transparency, it would be hard to know if abuse did happen.
Even without abuse, these procedures can serve as yet another work-around for the warrant requirement of our Constitution. If the communications the agency accesses only involve Americans, the procedures require that they be destroyed unless they have foreign intelligence or counterintelligence value. But they can be kept and disseminated if the agency thinks they include evidence of a crime. In that case, the communications could be shared, for example, with the Department of Justice or the FBI and used in a criminal investigation that would have otherwise required a warrant from a judge to obtain the same information.
While it’s a big step forward in transparency that these procedures were made public in the first place, we still won’t know enough information about how much information will get shared, how often, and when it will be used for non-foreign intelligence investigations or prosecutions. We may simply never know the full impact these new procedures will have on our privacy.
