Posted By: Rob Pollock
For privacy advocates and civil liberties watchdogs, the year 2016 was a bad year. Executive Order #12333, signed into law over 35 years ago and largely forgotten, has been resurrected in late 2016 with a series of hair-raising executive agency procedures passed by the Obama administration citing the obscure executive order as authorization. This relatively-benign executive order was signed into law by President Ronald Reagan on December 4, 1981, and regarded the relationship between intelligence agencies in how they share information with each other. However now, the executive order is not so benign, and its use as justification for intelligence information collection could represent one of the most egregious violations of the Fourth Amendment and privacy protections we’ve seen in the intelligence community for a long time.
A synopsis of the executive order is summed up by the International Association of Privacy Professionals in its Certification Textbook:
“The order that provides information about the goals, direction, duties and responsibilities with respect to the national intelligence effort and provides basic information on how intelligence activities should be conducted. The executive order states that agencies within the intelligence community are authorized to collect, retain or disseminate information concerning United States persons only in accordance with procedures established by the head of the agency concerned, and must be approved by the attorney general.” Reference(s) in IAPP Certification Textbooks: G81-82.
Although this order has been on the books for a while, the real concern is that Executive Order #12333 has never been used to justify such expansive and potentially legally troublesome procedures of executive agencies. In late 2016, these new rules allow the NSA to share their vast databases of domestic intelligence data with an expanded cadre of federal agencies like they’ve never been able to do before. These agencies, 16 in total, include the FBI, the Drug Enforcement Agency, and the Department of Homeland Security. The most potentially legally egregious part of these new rules allows for all of this to be done without “warrant, court orders or congressional authorization,” which has many privacy advocates very concerned with the reach of this authorization.
Under this executive order, the NSA has the same power to conduct the full array of its legally questionable activities of the past, uncovered by the Snowden leaks and other whistleblowers. But this time, there is a twist. This time, instead of these capabilities only being in the hands of pale-skinned unnamed NSA analysts in some unknown underground location, Executive Order #1233 allows the NSA to streamline and serve up the raw data of everyday Americans on a silver-platter for easy access by several executive agencies at once. To do this, the NSA has created a “google-like” search engine for the agencies to use which is built to provide 850 billion phone, email, cell phone locations, and Internet chats at their fingertips ripe for the unmasking. This search engine program is called ICREACH, and the NSA developed this program primarily for the DEA, FBI, CIA, and Defense Intelligence Agency.
Many privacy advocates were troubled by NSA actions in the past which they feel have overstepped Fourth Amendment bounds and put the privacy of Americans on the back burner in exchange for national security and terrorism interests. Many of these past program were authorized by Section 215 of the Patriot Act, which was used to justify bulk data collection of American citizens but has some limits. One of those limits includes only collection of U.S. citizen metadata, which doesn’t include the actual audio or content of the calls in the collection, but is limited to the incoming and outgoing calls and times only. This information, while able to be used to determine vast amounts of information on a person, isn’t as intrusive as other programs.
Some believe, however, that Executive Order #12333 presents an even greater privacy violation because there are no such limitations on collections under Executive Order #12333 as there are under Section 215. Under Executive Order #12333, the content of calls or communications can be collected as long as it is collected outside of the United States. A court order is needed in order for a United States citizen to be targeted under #12333, but not if the collection is “incidental,” meaning the target of the surveillance was a foreign national but information on Americans was collected in the process. If the information is incidental, EO #12333’s section 2.3(c) authorizes retention.
One of the main concerns with this retention is that it will be used in domestic criminal investigations to search for suspects by the FBI or other agencies involved in domestic law enforcement that have newfound access to this information. With the ICREACH program being open to the DEA and FBI, it would not be beyond consideration that they might have easy access to such information. And with the newfound legal justification coming from Executive Order #12333, these agencies can capitalize on the program for a wealth of mined NSA information. Use of such intelligence information for law enforcement purposes would be a patent violation of the Fourth Amendment, however, by bypassing the requirement of domestic law enforcement to support their collection with a warrant and probable cause. Robert Litt, the general counsel for the Office of the Director of National Intelligence, denies that the information will be shared for law enforcement purposes, however. Litt says the 16 federal agencies will not be able to access the information collected under Executive Order #12333 without “establishing a justification” first.
This “incidental” information can be a very elusive term, encompassing much more domestic communication information than it purports to do. For example, Yahoo and Google have servers overseas that handle domestic emails that are sent from the US to other locations in the US. When an email is sent, and travel overseas by way of one server to another, that could be considered an “incidental” communication, then collected and retained in an NSA database. NSA programs like PRISM and Upstream have been heavily criticized in the past for the astounding number of American citizens “incidentally” targeted. In comparison, the scope of American incidental targets collected under #12333 hasn’t been reported by the Obama administration at all, so we have no idea of the number of Americans that are implicated. Like previous administrations such as the Bush administration, officials have been tight-lipped about the bounds of the current NSA program for national security reasons.
The information collected under Executive Order #12333 seems to be similar to an earlier NSA program called XKeyscore, except Executive Order #12333 doesn’t limited collection to Internet data. XKeyscore was created in order to combat terrorism by collecting enormous databases full of data from virtually everything you do on the Internet, including emails, online chats, and browsing history. This is all accomplished without a warrant or prior authorization.
The way XKeyscore works is an analyst fills in a “simple online screen form giving only a broad justification for the search.” The analyst enters the email address of the intended target and a simple “justification” for why the search is being performed, or the analyst can use the program for monitoring Facebook chats or search for Internet browsing activities using search terms entered by the user. Without being reviewed by a court, the NSA has the capability under this program to perform extensive electronic surveillance on Americans without a warrant with only some identifying information such as an email or IP address. The program also gives analysts the opportunity to intercept “real-time” information of Internet users’ activity. Edward Snowden said of the program, “I, sitting at my desk, could wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email.”
This approach is different than earlier NSA programs in that earlier programs like PRISM targeted mainly the metadata or phone call times of Americans’ communications. Rarely did it target the content of Americans’ communications on a mass scale. Here, unlike the mass surveillance under PRISM, it does contain this detailed content information that Americans hold as being extremely private. Also, this program collects information specifically from users’ Internet activity, which Americans might consider much more private than the call times and durations of their calls.
Another possible legal problem with Executive Order #12333 is that it has a distinct lack of oversight, something that other NSA programs have had in the past. This stems partially from the fact that other NSA programs’ legal justifications have relied on statutory backing, such as Section 215 of the Patriot Act or Section 702 of the FISA Amendments Act. Here, new NSA programs are relying only on an executive order. This means Congress and the courts have limited or no oversight on the content of communications as long as the information is collected outside of the United States and in the “course of a lawful foreign intelligence investigation.” This is troubling for many on both sides of the aisle, and has brought about concerns about the future of our current privacy protections on American citizens.
Privacy in today’s complex and interconnected world has become something that is not the default anymore, as it used to be. Expansive powers granted to agencies like the NSA, which have little oversight, threaten that privacy even more than before. Time will tell what the solution to privacy violations will be, whether it is a new statutory privacy framework or a continuance of common law privacy tort actions. Either way, it seems to be a constant uphill battle for everyday Americans just wanting to be left alone.