To start, the CIA program has apparently been conducted outside the statutory reforms and oversight of the intelligence community instituted after revelations by Edward Snowden in 2013. The newly declassified CIA data collection program is carried out in conjunction with Executive Order 12333 and is therefore subject to even less oversight than the woefully under-supervised NSA surveillance programs subject to the Foreign Intelligence Surveillance Act.
From that letter and a PCLOB “Staff Recommendations” document, we know that the CIA collects a vast amount of data, often on U.S. persons, without any clear guidelines about data retention and without substantial oversight of analysts querying information about U.S. citizens. The program seems to exist outside the jurisdiction of either courts or Congress–given that even the Senate Intelligence Committee was left in the dark about this program.
According to PCLOB’s staff recommendations, when an analyst attempts to look at information relating to an American citizen, a “pop-up box will appear to remind the analysts that an F[oreign] I[ntelligence] purpose is required for such a query. However, analysts are not required to memorialize the justification for their queries. As a result, auditing or reviewing U.S. Person (USP) queries is likely to be challenging and time-consuming.” So, not only is there no way of preventing curious and prying eyes of CIA agents from pulling up data about their friends and family–there’s no good way to audit agents’ activity after the fact.
And we shouldn’t be surprised that this might be happening. In the past, NSA officers often used their invasive surveillance powers to spy on significant others. In response, the PCLOB staff recommended for the CIA to employ “automated tools” to assist in the auditing and compliance monitoring involving all of that U.S. data. “The declassification is urgent,” the Senators’ letter states—we agree.
In their letter, Wyden and Heinrich inquire as to the nature of the CIA’s relationship to its “sources,” perhaps a reference to whether the CIA might be getting some of its data from the same place as the NSA—through secretive agreements with private companies. In 2013, it was reported that the CIA paid $10 million a year in order to gain access to AT&T’s call data.
https://twitter.com/AASchapiro/status/1492033730399006722
In addition to new declassifications and clarity on the scope of this program, the government needs to act fast to prevent the CIA from continuing to circumvent constitutional rights. If we learn, in fact, that the CIA is purchasing this data, then Congress should work fast to pass the Fourth Amendment is Not for Sale Act. Intended to prevent government agencies and law enforcement from buying data harvested from apps—data they otherwise could not get without a warrant—the bill may also work to prevent the CIA from purchasing the phone records of U.S. persons in bulk.
Regardless of the CIA’s legal justification or technical means of collection and storage, Congress must act fast to ensure the Fourth Amendment’s vitality in the modern age.