Lawfare News

E.O. 12333 Raw SIGINT Availability Procedures: A Quick and Dirty Summary

Jane Chong
Thursday, January 12, 2017, 4:18 PM

Earlier this afternoon we flagged the Obama administration's new Executive Order 12333 rules governing Intelligence Community (IC) access to and use of raw signals intelligence (SIGINT).

Published by The Lawfare Institute
in Cooperation With

Earlier this afternoon we flagged the Obama administration's new Executive Order 12333 rules governing Intelligence Community (IC) access to and use of raw signals intelligence (SIGINT). The document released today [Procedures for the Availability or Dissemination of Raw Signals Intelligence Information by the National Security Agency under Section 2.3 of Executive Order 12333 (Raw SIGINT Availability Procedures)] comprises 10 sections outlining the procedures IC elements must follow when it comes to requesting, protecting, processing, retaining, disseminating, oversight, and legal use of raw SIGINT. Raw SIGINT is defined as "any SIGINT and associated data that has not been evaluated for foreign intelligence purposes and/or minimized" (p. 20; see end of this post for elaboration).

Section I: Purpose and Scope

Importantly, the procedures start off with a description of what remains unaffected. The procedures don't apply to, among other things, (1) SIGINT activities NSA or any other IC element conducts under NSA authority or a delegation of NSA authority under 1.7(c)(2) of E.O. 12333 (which forbids agencies other than the NSA from engaging in signals intelligence activities except pursuant to a delegation by the Secretary of Defense, after coordination with the Director); (2) SIGINT collected by NSA under FISA, or (3) collection activities of any kind.

Section II: Requests for Raw SIGINT

This is a critical section. The head of an IC element (or high-level designee) must submit a written request in order to obtain raw SIGINT from the NSA, and the request must contain the following information:

  1. how the IC element will use the raw SIGINT,
  2. the expected value of the SIGINT
  3. why other "reasonably available" sources cannot provide the information the element needs,
  4. access requirements, like how many analysts are expected to have access to the raw SIGINT and how long,
  5. how the raw SIGINT will be processed and disseminated,
  6. how the raw SIGINT will be safeguarded,
  7. that the IC element's personnel will comply with the relevant procedures, including any "alternative procedures" later established by the DNI and approved by the Attorney General,
  8. confirmation that the IC element will timely and completely provide any reporting required by the procedures, including any reporting required to obtain an extension of its raw SIGINT access,
  9. a description of the IC element's compliance and oversight program,
  10. confirmation of compliance with PPD-28 and related policies
  11. confirmation the IC element has consulted with legal counsel.

The section outlines a few other important points.

  • If NSA identifies raw SIGINT “of potential interest to an IC element,” NSA may, “on its own initiative, notify the IC element of the existence of such information.” The IC element then has to submit the written request as specified above. [This is interesting, and seems to raise some questions about mechanics. If NSA is the one flagging information for intelligence agency B, then B presumably has to be provided sufficient detail to then be able to frame its request for access to the information in accordance with the written-request requirements.]
  • Requests for raw SIGINT will be reviewed by a DIRNSA-designated “high-level NSA official” who will document approval decisions in writing. In addition to ensuring the request complies with the requirements in paragraph A, the reviewing official "will" (read: must) also consider: (1) reasonableness (the procedures lay out eight example vectors for assessing reasonableness, like the likelihood that sensitive U.S. person informatin will be found in the information); whether there are other ways to fill the stated needs of the IC element seeking the information, (3) whether the IC element is able to comply with the procedures and properly handle the raw SIGINT.
  • NSA cannot make raw SIGINT available to an IC element without executing a Memorandum of Agreement (MOA)—not to exceed a term of three years—as to the information's availability, retention and use. And every specific NSA-approved request for access to raw SIGINT will be documented in an MOA appendix. NSA will explain denied requests, and "[r]easonable efforts will be made" to timely resolve disagreements. Denials can be appealed to "the DIRNSA's designee," then to to DIRNSA, the Secretary of Defense, and finally the DNI.

Section III: Protections for Raw SIGINT

NSA may make raw SIGINT available through its own systems, through a shared IC or other government capability (like a cloud environment), or by transferring the information to the IC element's information systems.

With a few exceptions, the rest of the section largely reiterates protections that are actually already threaded into the rest of the document. The recipient IC element must ensure it protects the raw SIGINT in accordance with the Fourth Amendment and other laws, must not use the intelligence it acquires "for the purpose of affecting the political process in the United States," must notify NSA of mission changes, must limit access to appropriate personnel, must protect auditing records, must use "reasonable measures" to mark those SIGINT files “reasonably believed” to contain U.S. person information, must monitor disseminations to ensure compliance with Section VI (re: dissemination), and must conform to removal requirements in Section V (re: retention).

Section IV: Processing Raw SIGINT

This section lays out restrictions on the processing of raw SIGINT obtained by an IC element under these procedures. Most basically, raw SIGINT may be evaluated only for authorized foreign intelligence or counterintelligence purposes and may not be queried using a term intended to select domestic communications.

When using a selection term on the basis of the identity of a communicant or person mentioned in a communication, where the foreign communications are of or concerning a U.S. person or a person in the United States, the IC's legal counsel must confirm (1) the person is subject of an order or emergency authorization under FISA, or (2) the AG, DIRNSA or IC element head has approved the selection (for maximum term of 90 days) and specific requirements are met [some redactions].

When a selection term is intended to select communications based on content, not identity, a separate sets of rules apply but in essence reflect the concerns outlined elsewhere in the document, such as avoiding retrieval of communications to or from a U.S. person.

Some other important processing points: attorney-client communications must comply with any guidance promulgated by the Assistant Attorney General for National Security, and an IC element receiving raw SIGINT may conduct communications metadata analysis, including contact chaining, without regard to the communicants' location or nationality (though again, only for valid foreign intelligence or counterintelligence purposes).

Section V: Retention

An IC element may retain raw SIGINT for up to five years “after the information is first collected by NSA,” unless continued retention (for up to another five years) is approved in writing by the IC head. In no event may a recipient IC element retain raw SIGINT longer than NSA.

Some important details on retention limitations regarding specific types of communications:

  • Foreign communications to, from, or about U.S. persons (and related data) that have been minimized (i.e., not raw SIGINT) may be permanently retained only if processed to eliminate U.S. person information or if dissemination without such elimination would be permitted under Section VI.
  • Domestic communications “inadvertently retrieved during the selection of foreign communications will be promptly destroyed upon recognition” unless the AG determines the contents indicate threat of death or serious bodily harm.
  • Communications solely between U.S. persons “inadvertently retrieved during the selection of foreign communications” will be destroyed except if they contain significant foreign intelligence or counterintelligence as determined by the IC element (DIRNSA and NSA’s OGC must be notified) or if the communications contains evidence of “a crime or a threat of death or serious bodily harm to any person, or anomalies that reveal a potential vulnerability to U.S. communications security,” in which case the recipient IC element must notify NSA’s OGC for review “according to the applicable NSA procedures and policies.”
  • Communications to or from federal, state, local or tribal government employees, who are U.S. persons or located in the United States, will not be intentionally selected and if inadvertently retrieved treated in accordance with the above rules regarding domestic communications/U.S. persons communications.

Section VI: Dissemination

The dissemination parameters set forth in this section are obviously key to the purpose of the procedures.

  • Dissemination of raw SIGINT must be consistent with the Privacy Act and the terms of the MOA struck between the NSA and recipient IC.
  • An IC element may disseminate U.S. person information "derived solely from raw SIGINT" under these procedures only if one of the following conditions is met: the U.S. person has consented, the information is publicly available, the information is “necessary to understand the foreign intelligence or counterintelligence information,” the information is evidence of a “possible commission of a crime,” or the dissemination is required by some other law, executive order or executive branch directive.
  • DIRNSA or a designee must approve any disseminations of information obtained under the procedures to a foreign government or government-sponsored international entity.
  • Dissemination of raw SIGINT itself is prohibited, unless DIRNSA authorizes it and the dissemination is permissible under the procedures governing NSA activity.
  • Any dissemination that does not conform to the requirements of the procedures must be approved by NSA's OGC, in consultation with the NSD and DoD's OGC.

Section VII: Training, Auditing and Oversight

IC element personnel given access to raw SIGINT must receive training on the new procedures, and any IC element with access must have auditing capabilities and requirements “comparable to NSA's.” Every IC element must establish an oversight and compliance program for handling raw SIGINT, with the assistance of and training material from NSA. Any "questionable intelligence activity" regarding raw SIGINT obtained under the procedures must be reported in writing and will be included in the IC element's normal intelligence oversight reporting.

This section outlines mandatory, periodic reviews of the adequacy of the oversight and compliance activities conducted by the IC elements receiving raw SIGINT. It also makes clear that NSA retains its place as the raw SIGINT master agency. That is, the procedures explicitly provide NSA may review a recipient IC element's handling of raw SIGINT, and IC elements are required to comply with NSA's requests for information for purposes of such review. NSA has the power to terminate the IC element's access to raw SIGINT without notice if it determines the IC element has failed to comply with E.O. 12333 or the raw SIGINT procedures.

Section VIII: Use in Legal Proceedings

This section will be of special interest to those concerned about what raw SIGINT dissemination beyond the NSA portends for law enforcement capabilities.

Recipient IC elements must have prior approval of NSA's OGC before it may use or permit use of raw SIGINT in any legal or administrative proceeding.

Section IX: General Provisions

This section specifies which key players are responsible for various kinds of delegation, interpretation decisions, departures from the procedures, and so forth.

All questions relating to the interpretation of the procedures are referred to NSA's OGC, and the ODNI General Counsel and Assistant Attorney General for National Security must approve any departures from the procedures. The procedures are strictly internal U.S. government guidance and are not legally binding—they do not create any rights or “place any limitation on otherwise lawful investigative and litigative prerogatives of the United States” (see E.O. 12333, Section 3.7(c)).

Section X: Definitions

Essential definitions include the following.

  • IC elements are defined under 3.5(h) of E.O. 12333 as: (1) The Office of the Director of National Intelligence; (2) The Central Intelligence Agency; (3) The National Security Agency; (4) The Defense Intelligence Agency; (5) The National Geospatial-Intelligence Agency; (6) The National Reconnaissance Office; (7) The other offices within the Department of Defense for the collection of specialized national foreign intelligence through reconnaissance programs; (8) The intelligence and counterintelligence elements of the Army, the Navy, the Air Force, and the Marine Corps; (9) The intelligence elements of the Federal Bureau of Investigation; (10) The Office of National Security Intelligence of the Drug Enforcement Administration; (11) The Office of Intelligence and Counterintelligence of the Department of Energy; (12) The Bureau of Intelligence and Research of the Department of State; (13) The Office of Intelligence and Analysis of the Department of the Treasury; (14) The Office of Intelligence and Analysis of the Department of Homeland Security; (15) The intelligence and counterintelligence elements of the Coast Guard; and (16) Such other elements of any department or agency as may be designated by the President, or designated jointly by the Director and the head of the department or agency concerned, as an element of the Intelligence Community.
  • Questionable intelligence activity: "an intelligence activity that may violate the law, E.O. 12333, any other executive order or Presidential directive, or applicable policy of the IC element, including these Procedures."
  • Raw SIGINT: "any SIGINT and associated data that has not been evaluated for foreign intelligence purposes and/or minimized."
    • Unevaluated SIGINT: "SIGINT that has not been evaluated to determine whether it contains foreign intelligence or counterintelligence information."
    • Unminimized SIGINT: "SIGINT that has not been reviewed to delete or mask [U.S. person information] not meeting the standards for permanent retention and dissemination under the Classified Annex to Department of Defense Procedures Under E.O. 12333, these Procedures, or other procedures approved by the Attorney General."

Jane Chong is former deputy managing editor of Lawfare. She served as a law clerk on the U.S. Court of Appeals for the Third Circuit and is a graduate of Yale Law School and Duke University.

Subscribe to Lawfare