CIA illegally harvested US citizens' data, senators assert
We're shocked, shocked to find unjustified collection and access is going on in here
Two US senators have gone public with evidence of what they assert is a previously secret bulk data collection effort by the Central Intelligence Agency (CIA), conducted outside the law and without oversight.
Democratic Senators Ron Wyden and Martin Heinrich, of Oregon and New Mexico respectively, on Thursday announced that in April 2021 they sent a co-signed letter [PDF] to director of national intelligence Avril Haines and CIA director William Burns, seeking expedited declassification of the Privacy and Civil Liberties Oversight Board's (PCLOB) review of two CIA counterterrorism programs – named "Deep Dive I" and "Deep Dive II".
The Deep Dives were made possible by Executive Order 12333 – a Reagan-era order that allows widespread data collection, and data-sharing with the CIA, in the name of national security.
These documents reveal serious problems associated with warrantless backdoor searches of Americans
The senators wanted a review of the documents' status because they felt the CIA had conducted a bulk information collection effort that harvested data on US citizens – probably illegally. Declassifying the documents, they argued, was necessary as the public has a right to know what the CIA gets up to, and to ensure Congress could exercise oversight of the agency.
On February 10, some of the documents they wanted declassified were published, among them a heavily-redacted PCLOB report [PDF] that focuses on CIA collection of financial information during counterterrorism activities aimed at Islamic State.
That effort, the document states, saw "incidental collection" of data describing US citizens (USPs).
That's an admission that USPs' data was collected, even though that's not the explicit purpose of Executive Order 12333, and despite the USA being rather keen on personal liberty and government keeping its nose out of citizens' business.
A set of recommendations from PCLOB to the CIA notes that when officers see data describing a US citizen, they're presented with a pop-up reminding them that they are bound not to look at it unless it can be justified on grounds it represents foreign intelligence.
But the document notes that CIA staff don't have to record their justification for accessing such data. The document implies that on many occasions CIA staff may not have a valid justification.
"As a result, auditing or reviewing US Person (USP) queries is likely to be challenging and time-consuming," the document states. "Given the volume and type of information that is included [REDACTED] it is appropriate to require analysts to provide a written justification for USP queries."
- GCHQ was rebuked for ignoring spy law safeguards as pandemic hit Britain
- Remember the FBI's promise it wasn’t abusing the NSA’s data on US peeps? Well, guess what…
- How do you solve a problem like Privacy Shield? US and EU policymakers kick off discussions
- Snowden was right: US court deems NSA bulk phone-call snooping illegal, possibly unconstitutional, and probably pointless anyway
The senators suggest that the CIA's failure to justify officers' access to data describing USPs in every instance is serious – in part because the Agency's data collection practices attract little scrutiny given there is no oversight mechanism for use of EO12333.
"The Foreign Intelligence Surveillance Act (FISA) gets all the attention because of the periodic congressional reauthorizations and the release of Department of Justice, Office of the Director of National Intelligence and FISA Court (FISC) documents," the senators' statement reads.
That attention is warranted because, as The Register has reported, the FBI stands accused of failing to observe the requirements of FISA for years at a time, while the FISC has managed to avoid revealing its justifications for allowing access to US citizens' data.
Concerns about FISC's reasoning hit the headlines in 2013 when Edward Snowden leaked one of its decisions ordering Verizon to hand over customer data.
The senators therefore opine that the newly released documents "demonstrate that many of the same concerns that Americans have about their privacy and civil liberties also apply to how the CIA collects and handles information under executive order and outside the FISA law.
"In particular, these documents reveal serious problems associated with warrantless backdoor searches of Americans, the same issue that has generated bipartisan concern in the FISA context."
And because that collection takes place under an Executive Order, oversight of the collection is hard.
Civil liberties campaigners are not happy with the CIA.
These reports raise serious questions about what information of ours the CIA is vacuuming up in bulk and how the agency exploits that information to spy on Americans.— ACLU (@ACLU) February 11, 2022
This invasion of our privacy must stop.
The CIA's surveillance implicates the same fundamental constitutional rights as the NSA's mass surveillance programs, and we join Sens. Wyden and Heinrich in calling on the CIA to release more details about the program. https://t.co/smqznD4UoC— EFF (@EFF) February 11, 2022
The senators released their info late on Thursday, so other reaction is hard to find at the time of writing. Republican leadership, for example, appears not to have commented. A CIA statement reported elsewhere offers the anodyne observation that the Agency is very keen on protecting civil liberties.
Senators Wyden and Heinrich called for "more transparency from the CIA, including what kind of records were collected and the legal framework for the collection" and for improvement in the way the Agency handles information. ®