Two Democratic members of the Senate Intelligence Committee have raised concerns about how the CIA has handled Americans’ information collected incidentally as part of the agency’s foreign surveillance programs, in what the lawmakers say amounts to “serious problems associated with warrantless backdoor searches of Americans.”
The CIA has said that the nature of the surveillance in question – including what kind of data has been collected and how many Americans’ records are maintained as part of the agency’s activities – must remain classified.
In a letter to CIA Director Bill Burns and Director of National Intelligence Avril Haines dated April 13, 2021, and declassified on Thursday, Sens. Ron Wyden of Oregon and Martin Heinrich of New Mexico allege that a watchdog report given to the committee shows that the CIA has “secretly conducted its own bulk program … entirely outside the statutory framework that Congress and the public believe govern this collection.”
The letter contains redactions that obscure the details of the watchdog report. An intelligence official said the report is related to the internal CIA data search systems that analysts use to query existing data repositories – not the actual collection of the data – and how those systems work when used for queries that involve Americans’ information. This person also noted that the collection came from multiple agencies, not only the CIA.
The letter was declassified and made public on Thursday as part of a broader release from the CIA’s Office of Privacy and Civil Liberties.
In 2021, the watchdog Privacy and Civil Liberties Oversight Board delivered to Congress two reports assessing the impact that two sets of CIA intelligence activities had on American privacy and civil liberties, and whether the programs followed existing laws and policies. Heinrich and Wyden, in their now-declassified letter, claim that the reports showed that “the nature and full extent of the CIA’s collection was withheld” from the Intelligence Committee and urged that the materials be made public.
A CIA spokesperson disputed that characterization, saying that the committee was fully informed of both the collection itself and the tools that analysts used to sift through the database. The official also noted that the collection came from multiple agencies, not only the CIA.
The agency also made public the oversight board’s recommendations related to the second, still-classified report, including several related to how analysts query existing databases for information involving known or presumed US persons.
For example, according to the watchdog’s recommendations, CIA analysts using the classified program see a pop-up box warning them that any information about US persons requires a valid foreign intelligence purpose. But, according to the document, analysts are not required to memorialize the justification for their queries. As a result, the board found, “auditing or reviewing U.S. Person (USP) queries is likely to be challenging and time-consuming.” It recommended requiring the justifications be recorded.
Wyden and Heinrich’s letter is the latest salvo in the ongoing national debate over how to strike the appropriate balance between limiting intelligence agencies’ ability to examine Americans’ data without a warrant or other legal predicate – and ensuring that they are able to connect the dots in time to prevent terrorist threats and other national security concerns.
In general, the CIA’s mission is focused on gathering foreign intelligence and it is precluded from investigating Americans. But the US intelligence community’s massive collection efforts often incidentally gather Americans’ data in the process. Different spy agencies are required through a series of policies to minimize the exposure of Americans’ data unless it is relevant to a national security investigation.
But those protective procedures have long garnered concerns from privacy and civil liberties advocates about how the US intelligence community handles Americans’ information when it is obtained as part of foreign intelligence-gathering efforts. Wyden in particular has long warned that the rules provide a “backdoor” loophole that allows foreign-focused spy agencies too much leeway with Americans’ data.
“In the course of any lawful collection, CIA may incidentally acquire information about Americans who are in contact with foreign nationals,” the CIA spokepersonn said in a statement. “When the CIA acquires information about Americans, it safeguards that information in accordance with procedures approved by the Attorney General, which restrict the CIA’s ability to collect, retain, use, and disseminate the information.”
The FBI’s domestic intelligence surveillance is largely governed by a US law, the Foreign Intelligence Surveillance Act, or FISA. But the CIA is ruled by an executive order, EO 12333, which is classified, and a series of guidelines put in place by the attorney general.
That distinction is “the core issue,” according to one source familiar with the debate, who has reviewed the PCLOB report and said that Wyden and Heinrich’s letter “generalizes” the issue “in a way that implies it’s worse than it is.”
Wyden and Heinrich, the source said, allege that because the CIA’s collection and analysis programs are operated beyond the bounds of FISA, it’s problematic.
“FISA gets all the attention because of the periodic congressional reauthorizations and the release of [Department of Justice], [Office of the Director of National Intelligence] and FISA Court documents,” Wyden and Heinrich said in a statement Thursday. “But what these documents demonstrate is that many of the same concerns that Americans have about their privacy and civil liberties also apply to how the CIA collects and handles information under executive order and outside the FISA law.”
But, the source familiar with the report said, “Just because some CIA collection isn’t governed by FISA, it doesn’t mean CIA is illegally conducting bulk collection of Americans.”
A CIA FAQ released with the materials said the agency is “precluded from collecting datasets pertaining to U.S. persons that lack intelligence value or are otherwise unrelated to one of CIA’s other authorized intelligence activities.”
“CIA recognizes and takes very seriously our obligation to respect the privacy and civil liberties of US persons in the conduct of our vital national security mission, and conducts our activities, including collection activities, in compliance with U.S. law, Executive Order 12333, and our Attorney General guidelines,” Kristi Scott, CIA’s privacy and civil liberties officer, said in a statement, referring to an executive order that broadly governs intelligence community activities not covered by US law.
“CIA is committed to transparency consistent with our obligation to protect intelligence sources and methods,” Scott said.
CNN’s Natasha Bertrand contributed to this report.