Executive Order 12333 Documents Redefine 'Collection,' Authorize Majority Of Dragnet Surveillance Programs | Techdirt

Issued in 1981, updated in 1991 (to consolidate power, basically) and continuously expanded (mostly unofficially) since 2001, Executive Order 12333 (EO 12333) is what grants surveillance powers to our nation's intelligence agencies.

Foreshadowing the severe twisting of the English language that follows (see also: NSA-to-English dictionary), the opening paragraphs note that what certain wording sounds like isn't actually what it means. [pdf link]

In spite of the constraining appearance of all the requirements, under E.O. 12333, DoD Directive 5240 .IR, and DIAR 60-4, intelligence activities conducted by the DHS currently have much more latitude and potential for effectiveness than they have had for quite some time.

Looks like "constraints" but in practice is hardly anything at all.

Covert and clandestine operations ("Special Activities") -- normally limited to the CIA -- are now something any agency can participate in, if given permission to.

The meaning of the proscription is not that intelligence components are prohibited from conducting all Special Activities; rather, that such activities must be directed by the President and approved by the Secretary of Defense and the respective Service Secretary.

Going on from there, we see the first public instance of the government's redefinition of the word "collection."

Procedure 2 introduces the reader of DoD 5240.1-R to his or her first entry into the "maze" of the regulation. To begin the journey, it is necessary to stop first and adjust your vocabulary. The terms and words used in DoD 5240.1-R have very specific meanings, and it is often the case that one can be led astray by relying on the generic or commonly understood definition of a particular word.

For example, "collection of information" is defined in the Dictionary of the United States Army Terms (AR 31011 25) as: The process of gathering information for all available sources and agencies. But, for the purposes of DoD 5240.1-R, information is "collected" -... only when it has been received for use by an employee of a DoD intelligence component in the course of his official duties ... (and) an employee takes some affirmative action that demonstrates an intent to use or retain the information.

"Collection" is now defined as "collection plus action," rather than the way it's been defined for hundreds of years. "Information held" is not a "collection," according to this document. It still isn't collected, even if its been gathered, packaged and sent to a "supervisory authority." No collection happens until examination. It's Schroedinger's data, neither collected nor uncollected until the "box" has been opened. This leads to the question of aging off collected data/communications: if certain (non) collections haven't been examined at the end of the 5-year storage limit, are they allowed to be retained simply because they haven't officially been collected yet? Does the timer start when the "box" is opened or when the "box" is filled?

Also of note: "incidental" collections are not collections if utilizing the same mental gymnastics.

If the information is not essential to the mission of the component and it does not fit into one of those categories, then that information may not be collected. However, you will recall from our discussion in paragraph 3 -7 that "collection" means receiving plus an affirmative act to use or retain the information. Therefore, mere receipt of non-essential information does not constitute a violation of DoD 5240.1-R.

More redefining is done here:

Once again, we must cautiously examine the vocabulary used in DoD 5240.1-R. The term "retention" means more than merely retaining information in files - it is retention plus retrievability. As stated in DoD 5240.1-R -... the term retention as used in this procedure, refers only to the maintenance of information about United States persons which can be retrieved by reference to the person's name or other identifying data.

Somewhat more positively, this section instructs analysts to a very limited view of "retrievability" and err on the side of "purging" information on US persons that cannot legally be retrieved, even if it was legally "collected" (using the DoD's expanded definition). It does, however, hedge by noting information "necessary to ongoing missions" should be retained.

The document goes on to applaud the FISA court for being instrumental in protecting citizens' rights… apparently by eliminating legal barriers to domestic surveillance.

The [Senate Select] Committee has reviewed the five years of experience with FISA and finds that the Act has achieved its principal objectives. Legal uncertainties that had previously inhibited legitimate electronic surveillance were resolved, and the result was enhancement of U.S. intelligence capabilities. At the same time, the Act has contributed directly to the protection of the constitutional rights and privacy interests of U.S. persons.

There's a lot of information in there, very little of it redacted, but until the ACLU liberated it, completely withheld from the public. The question is, why? Despite the many paragraphs given over to rewriting the English language to better suit intelligence agencies' aims, there's also a lot of very blunt statements made about the balance between the government's counterterrorism efforts and the rights of US citizens.

The ACLU highlights this particular section in its write up of the released documents.

This area of DoD intelligence activities, that is, the use of special collection techniques, is the area in which there tends to be the greatest amount of confusion regarding the limitations on permissible activities. Because of this confusion, this area also tends to be the most fertile ground for both abuse and unnecessarily restrictive interpretation of the rules. To be sure, it is fundamental that abuse of the legitimate DoD intelligence and counterintelligence resources and authority must be avoided. The rights of US persons must also be protected, and no intrusion into these protected areas is permissible without first meeting constitutional standards, and then only through a system of careful scrutiny of the intruding apparatus.

This is spelled out more explicitly later, reminding those entering the intelligence world that the job is necessarily difficult -- a fact many of those in the intelligence and law enforcement fields forget all too quickly.

The system is complex, but it is not impossible. Its underlying structure is designed to balance the legitimate needs of the government with the rights of the individual. Given those constraints, one could not expect a system to exist which did not inherently contain adequate checks, balances, and oversight procedures.

This is miles away from the DOJ's statements that cell phone search warrant requirements make it too difficult to capture criminals, a refrain now being echoed by law enforcement agencies in response to automatic encryption on iPhones and Android devices.

These are the limits these entities must adhere to. These are built-in as a check against government power. But these rights are not a one-way street solely favoring the American public. The DIA guidebook discusses what the intelligence community and the administration have refused to: and it does it in plain, straightforward language.

Nevertheless, we must be mindful of too much caution. We must remember that we are engaged in a real-world mission that involves unprincipled adversaries, and a plethora of sophisticated technical collection and counter-collection enterprises and devices. Terrorism and have destruction as their common denominator, and we are fueling their malignancy when we unnecessarily restrain or restrict our foreign intelligence or counterintelligence efforts, just the same as we would damage the fiber of our democracy through abusive use of our own capabilities and powers.

Our business is one that involves constant vigilance and omnipresent balancing of competing interests. To survive, we must take risks. To succeed, we must minimize those risks. To preserve our precious ideals, we must carefully pursue our crafts in such a manner as to not offer up the rights and dignity of our citizens in exchange for that success.

As the ACLU points out, this frank discussion of the tension between the two is a far cry from the usual "dissembling and obfuscation" the government has provided so far in its tepid responses to leaked documents. This willingness to discuss the balance in real terms may be part of the reasons a lawsuit was needed to free the document.

The other, larger issue, is that this order may be the main justification for most of the NSA's surveillance and data dragnets -- an order not subject to any form of oversight.

Because the executive branch issued and now implements the executive order all on its own, the programs operating under the order are subject to essentially no oversight from Congress or the courts. That's why uncovering the government's secret interpretations of the order is so important. We've already seen that the NSA has taken a "collect it all" mentality even with the authorities that are overseen by Congress and the courts. If that history is any lesson, we should expect — and, indeed, we have seen glimpses of — even more out-of-control spying under EO 12333.

For all of the tough talk about respecting the public's rights, a vast amount of surveillance occurs under this order. In the document, any questions about overriding civil liberties concerns are directed towards members of the Executive branch, rather than to anywhere that might act as a check against its powers -- like courts or the legislative branch. In fact, the legislative branch has done nothing but expand its powers of the last 30+ years. So, new analysts might hear plenty about the importance of respecting civil liberties, but they'll find that in practice, those words -- like "retention" and "collection" mean next to nothing.
https://www.techdirt.com/articles/20140929/13451828665/executive-order-12333-documents-redefine-collection-authorize-majority-dragnet-surveillance-programs.shtml