Surveillance legislation has been a centerpiece of public debate since whistleblower Edward Snowden leaked classified spying programs almost three years ago, and while much of the debate has focused on domestic programs, a new report raises concerns about the broad international reach of a little-discussed Reagan-era presidential authority.
While Congress has already taken steps to limit National Security Agency access to millions of Americans’ telephone records previously collected under the Patriot Act, and is debating the 2017 renewal of the FISA (Foreign Intelligence Surveillance Act) Amendments Act authorizing the collection of online communications content, there’s little other branches can do to oversee the use of Executive Order (EO) 12333 — an order signed by President Reagan in 1981 aimed at overseas surveillance.
The order is the subject of a report out this week by NYU’s Brennan Center, compiled with information leaked by Snowden and documents disclosed by intelligence agencies examining what is and isn’t known about the order, which under certain circumstances can allow for the warrantless collection of more Americans’ data than both pieces of aforementioned legislation.
“There are several reasons why EO 12333 and the programs that operate under its aegis have gone largely unnoticed,” the report reads. “One is the misconception that overseas surveillance presents little privacy risk to Americans. Another is the scant information in the public domain about how EO 12333 actually operates. Finally, the few regulations that are public create a confusing and sometimes internally inconsistent thicket of guidelines.”
The order allows NSA to collect in bulk data transmitted overseas, which in today’s online ecosystem can frequently include Americans’ data. It also permits the agency to surveil foreigners and Americans communicating or traveling overseas — a designation that includes some tens of millions of Americans.
NSA can use up to seven programs to collect and surveil telephone metadata (dialed numbers and durations), the audio content of calls, the location of a phone and other phones in its vicinity, webcam videos and images, email address book, text messages and online activity (Web browsing history, emails, instant messages, user names and passwords) of a single individual.
In one fictional example cited in the report, NSA was able to gather all of said information from a single person engaged in activities like taking calls or using a credit card while traveling abroad on vacation, chatting online (on Skype for example) with even another American while one is overseas and taking part in an online group on a platform like Facebook that includes foreign members.
While President Obama has enacted some reforms in the wake of the Snowden leaks to limit how the government can use bulk data, the limits don’t apply to data held over for an unspecified “temporary” amount of time for “targeted” surveillance.
“Targeted” doesn’t necessarily imply specific communications between certain individuals, and can include selection terms as general as “Yemen” or “nuclear proliferation,” or any email that mentions “ISIS,” for example.
“Despite recent reforms, the NSA continues to exercise significant discretion over how long it may retain personal data gathered under EO 12333 and the circumstances under which it may share such information,” the report reads.
While there’s a default five-year retention period, the government can retain data longer and share it with other agencies in and outside of the country seemingly at its own discretion with an “extensive list of exceptions” that “undermine traditional procedural safeguards in criminal proceedings.”
All of the components of the authority feature a “systemic lack of meaningful oversight,” the report argues, including no judicial oversight and limited legislative oversight, according to members of congressional intelligence committees. Instead NSA relies heavily on its own internal review process, which the authors suggest leave external review and public debate lacking.
“While many operational aspects of surveillance programs are necessarily secret, the NSA can and should share the laws and regulations that govern EO 12333 programs, significant interpretations of those legal authorities, and information about how EO 12333 operations are overseen both within the Executive Branch and by Congress,” the report concludes, suggesting NSA define specific selection terms for targeted surveillance.”
“[I]t should provide more information on how its overseas operations impact Americans’ privacy, by releasing statistics on data collection and by specifying in greater detail the instances in which it shares information with other U.S. and foreign agencies and the relevant safeguards.”