The Central Intelligence Agency has been collecting American’s private data without any oversight or even the minimal legal safeguards that apply to the NSA and FBI, an unconstitutional affront to our civil liberties. According to a declassified report released last week by the Privacy and Civil Liberties Oversight Board (PCLOB), the CIA’s surveillance program is reminiscent of the mass surveillance programs conducted by the NSA, though the details released thus far paint a disturbing picture of potential wide-scale violations of people’s privacy.
To start, the CIA program has apparently been conducted outside the statutory reforms and oversight of the intelligence community instituted after revelations by Edward Snowden in 2013. The newly declassified CIA data collection program is carried out in conjunction with Executive Order 12333 and is therefore subject to even less oversight than the woefully under-supervised NSA surveillance programs subject to the Foreign Intelligence Surveillance Act.
The whos, whats, whys, and hows of this semi-disclosed CIA program are still unknown, and the public deserves the right to know exactly what damage has been done. Senators Ron Wyden and Martin Heinrich are already pressing for the release of even more information. In a partially-redacted letter sent to the Director of National Intelligence and the CIA Director on April 13, 2021, the senators have called for the public release of the full report about the CIA’s surveillance, which remains classified. The senators’ letter also demands answers about how the agency collects the data, what data is being collected, and the rules governing its storage and retention.
From that letter and a PCLOB "Staff Recommendations" document, we know that the CIA collects a vast amount of data, often on U.S. persons, without any clear guidelines about data retention and without substantial oversight of analysts querying information about U.S. citizens. The program seems to exist outside the jurisdiction of either courts or Congress–given that even the Senate Intelligence Committee was left in the dark about this program.
According to PCLOB’s staff recommendations, when an analyst attempts to look at information relating to an American citizen, a "pop-up box will appear to remind the analysts that an F[oreign] I[ntelligence] purpose is required for such a query. However, analysts are not required to memorialize the justification for their queries. As a result, auditing or reviewing U.S. Person (USP) queries is likely to be challenging and time-consuming." So, not only is there no way of preventing curious and prying eyes of CIA agents from pulling up data about their friends and family–there’s no good way to audit agents’ activity after the fact.
And we shouldn’t be surprised that this might be happening. In the past, NSA officers often used their invasive surveillance powers to spy on significant others. In response, the PCLOB staff recommended for the CIA to employ “automated tools” to assist in the auditing and compliance monitoring involving all of that U.S. data. "The declassification is urgent," the Senators’ letter states—we agree.
In their letter, Wyden and Heinrich inquire as to the nature of the CIA’s relationship to its “sources,” perhaps a reference to whether the CIA might be getting some of its data from the same place as the NSA—through secretive agreements with private companies. In 2013, it was reported that the CIA paid $10 million a year in order to gain access to AT&T’s call data.
So, CIA is basically saying "trust us—this is legal, but we aren't going to tell you what we're doing."— Avi Asher-Schapiro (@AASchapiro) February 11, 2022
And two privacy hawk US Senators are saying, "If CIA were made to reveal what they're doing...we'd all agree, it's not kosher."
Who you gonna believe? https://t.co/CfVV1fUHfe
In addition to new declassifications and clarity on the scope of this program, the government needs to act fast to prevent the CIA from continuing to circumvent constitutional rights. If we learn, in fact, that the CIA is purchasing this data, then Congress should work fast to pass the Fourth Amendment is Not for Sale Act. Intended to prevent government agencies and law enforcement from buying data harvested from apps—data they otherwise could not get without a warrant—the bill may also work to prevent the CIA from purchasing the phone records of U.S. persons in bulk.
Regardless of the CIA’s legal justification or technical means of collection and storage, Congress must act fast to ensure the Fourth Amendment’s vitality in the modern age.