WASHINGTON — The Central Intelligence Agency has been collecting massively, without warrant, for years some sort of data that could invade Americans’ privacy, according to a recently released letter from two senators.
The CIA continued to censor the nature of the data when they released the letter. At the same time, it stated that a report on the same subject that gave rise to the letter should remain completely secret, save for some heavily redacted recommendations.
That report, dubbed “Deep Dive II,” was part of a series of investigations by a watchdog committee that scrutinized the intelligence community’s operations under Executive Order 12333, rules governing intelligence activities that Congress has left unregulated by law. The watchdog, the Privacy and Civil Liberties Oversight Board and its employees have access to classified information.
In March 2021, the Senate Intelligence Committee received a copy of the report. In a letter the following month, two Democrats on the panel, Senators Ron Wyden of Oregon and Martin Heinrich of New Mexico, urged Avril D. Haines, the director of national intelligence, and William J. Burns, the CIA director, to review the activity and any internal rules about requesting the data for information about Americans.
The senators complained that the CIA had not previously informed the Intelligence Committee of the activity, suggesting that its hidden existence contrasted with Americans’ understanding that several laws enacted in recent years “restrict the unauthorized gathering of Americans and, in some cases, “forbid” reports.”
However, an intelligence official, speaking on condition of anonymity to discuss the sensitive matter, said the intelligence commission was already aware of the agency’s secret collection of the data. The Deep Dive II report, the official said, focused instead on repository and analytics tools for storing and retrieving that data after it’s been collected — systems the committee may not have been informed about before.
Following the 2013 revelations by former intelligence contractor Edward J. Snowden that the National Security Agency collected bulk logs of all American phone calls using a controversial interpretation of the USA Patriot Act — and had done the same for email logs until recently — there was a period of commotion about the scope of government oversight.
During that time, DailyExpertNews reported that the CIA had paid AT&T to analyze the vast amount of phone calls for employees of the agency’s foreign terrorism suspects. It also found that the agency had obtained bulk data from international money transfers handled by companies like Western Union — including transactions to and from the United States — using the same provision of the Patriot Act.
(Thursday, the CIA also released an edited version of a report detailing international financial tracking under Executive Order 12333 as part of the agency’s efforts to fight Islamic State.)
In 2015, Congress banned the bulk collection of telecommunications metadata under the Patriot Act and restricted other types of bulk collection by the FBI under laws governing domestic activity, such as the Foreign Intelligence Surveillance Act, or FISA.
Yet “the CIA has been secretly running its own bulk program” under Executive Order 12333, the senators wrote.
“It has done this completely outside the legal framework that Congress and the public believe it administers this collection, and without any oversight from the judge, Congress, or even the executive branch associated with the FISA collection,” the letter continued. . “This fundamental fact has been hidden from the public and from Congress.”
In a statement, Kristi Scott, the CIA’s privacy and civil liberties officer, defended the agency’s conduct.
“CIA recognizes and takes our obligation to respect the privacy and civil liberties of U.S. individuals when conducting our vital national security mission, and conducts our activities, including collection activities, in accordance with U.S. law, Executive Order 12333 and our attorney general guidelines,” she says. “CIA is committed to transparency consistent with our obligation to protect intelligence sources and methods.”
But in their letter, Mr. Wyden and Mr. Heinrich urged the CIA to disclose the nature of its relationship with the sources—presumably companies providing the data—along with the type of data it collected and “the rules governing the use, storage, distribution and searches (including searches of US persons) of the records.”
In 2017, the government issued Attorney General guidelines for CIA activities under executive order that set out rules for some of those issues. But it’s not clear whether the CIA has fully developed procedures to carry them out; a set of recommendations from the Deep Dive II report said it had not developed any policies or procedures at the time regarding how the guidelines apply to the unspecified data.
The recommendations also said that when CIA officials use an American’s identification as a search term when searching the unspecified data, a box will pop up reminding them that the search must have a foreign intelligence target. But the officials are not required to record what that target was, and the recommendations urged the agency to do so.