Previously been published in Lawfare (Jan. 15, 2021), in this paper David Kris reviews new National Security Agency guidance designed to regulate signals intelligence (SIGINT) activity that implicates US persons’ privacy and the Fourth Amendment. Officially an annex to the manual of rules governing all DOD elements—DOD Manual 5240.01—the new “SIGINT Annex” replaces the prior NSA annex, last significantly updated in 1988.
This paper reviews and analyzes the new SIGINT Annex, reading it in context with the Raw SIGINT Guidelines, the PPD-28 Procedures, and the current version of USSID-18, occasionally comparing it to the DOD Manual, the Prior Annex, and a corresponding set of internal procedures issued in 2017 by the Central Intelligence Agency.
Since its implementation in 1981, Executive Order 12,333 has served as a general charter governing the structure and operations of the Intelligence Community. While legislation has imposed a degree of added judicial and congressional oversight, the executive branch continues to retain sole discretion over large swathes of foreign intelligence activity today.
Over the past several decades, and in accordance with E.O. 12,333’s mandate, members of the Intelligence Community have each created internal agency manuals to guide their foreign intelligence operations. These manuals identify and define a range of technical terms critical to determining the scope of agencies’ intelligence-gathering authority, including what information is gathered, how long that information is retained, and the uses to which it may be put. But over time, the dispersion of authority to make decisions within and across intelligence agencies has enabled drift in the meaning of these terms. Together, the manuals have created a thicket of often conflicting and unclear definitions that are difficult for Congress, the courts, and even committees within the executive branch to understand.
In this article, Diana Lee, Paulina Perlin, and Joe Schottenfeld provide the first sustained analysis of these definitional inconsistencies, their consequences, and efforts to address the problem from within and outside the executive branch. In particular, it focuses on three terms that determine when the intelligence cycle “officially” begins: “collection,” “acquisition,” and “targeting.” By analyzing these three terms, this Article demonstrates the lack of clarity that executive discretion and dispersal create. This lack of clarity, in turn, makes it difficult for meaningful oversight, such as congressional hearings, to occur. The Article concludes by offering recommendations to clarify the parameters of the government’s intelligence-gathering authority. As technological advancements continue to expand the Intelligence Community’s capacity to gather information, it is imperative that the government adopt measures to facilitate effective oversight over the executive’s foreign intelligence operations.
In light of recent foreign cyber-assaults that have jeopardized personal privacy in the United States, it is time for individuals to explore opportunities for private suits against foreign governments. In the first attempt to do this, Doe v. Federal Democratic Republic of Ethiopia, the courts found that the Foreign Sovereign Immunities Act barred suit under the Wiretap Act’s private cause of action and the common law tort of intrusion upon seclusion. Kurland posits that either a new exception should be added to the FSIA to ameliorate this legal lacuna.