After a politically deft speech, Obama issues PPD-28 outlining changes in signals intelligence policies

Obama at DoJAfter delivering on January 17 a thoughtful speech at the Department of Justice about the nation’s controversial signals intelligence policies — striking a deft balance between the need to safeguard national security and the need to safeguard personal privacy — President Obama released Presidential Policy Directive 28 (PPD-28), which was long on future deliberations and forthcoming reports, and relatively short on concrete, immediate actions.

The speech itself made all the proper genuflections to the vital role that intelligence-gathering has long played in the nation’s history, and to the country’s fundamental belief in the value of personal privacy.

The president laid out in broad brushstrokes the steps he plans to take on his own executive authority, and those he hopes to develop with the active participation of Congress.

In his PPD-28 document, which was released on January 17, Obama announced some steps that will further restrict the U.S. Government in its collection, storage or dissemination of signals intelligence data, and other steps that seem to be aimed at maintaining the status quo. Here’s a quick rundown on some of those steps:

( 1 )   Safeguarding privacy and civil liberties — PPD-28 clearly states that the federal government will not use signals intelligence to inhibit free speech or to disadvantage anyone — whether a U.S. citizen or a foreign nation — based on their personal characteristics. “The United States shall not collect signals intelligence for the purpose of suppressing or burdening criticism or dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion,” says PPD-28.

( 2 )   Won’t assist U.S. companies — PPD-28 authorizes the collection of information about foreign private commercial information or trade secrets only to protect U.S. national security. “It is not an authorized foreign intelligence or counterintelligence purpose to collect such information to afford a competitive advantage to U.S. companies and U.S. business sectors commercial,” notes PPD-28.

( 3 )   Bulk data — When it gathers signals intelligence in bulk — such as the “metadata” that identifies the phone calls made by all U.S. citizens — the federal government can only use that bulk information for six clearly identified reasons: (a) to thwart espionage or other foreign threats, (b) to combat terrorism, ( c ) to cope with weapons of mass destruction, (d) to confront cyber threats, ( e ) to protect against threats to U.S. or allied military personnel, and (f) to respond to transnational criminal threats. The president’s national security advisor (currently Susan Rice) and the Director of National Intelligence (currently James Clapper) will submit an annual review of the permissible uses of signals intelligence collected in bulk, and recommend any additions or deletions to the list. This list will be “made publicly available to the maximum extent feasible,” promises PPD-28.

( 4 )   Minimizing long-term storage of personal data — While recognizing that it is sometimes important for the government to store personal information, PPD-28 comes down on the side of storing personal data for the shortest time that is appropriate. “Long-term storage of personal information unnecessary to protect our national security is inefficient, unnecessary, and raises legitimate privacy concerns,” declares PPD-28. In general, such information should not be retained for more than five years, it added. In addition, within 180 days, the Director of National Intelligence, the Attorney General (currently Eric Holder) and senior Intelligence Community officials should evaluate and possibly recommend “additional dissemination and retention safeguards…,” says the president’s policy directive.

( 5 )   Data security and access — Personal information shall be processed and stored under conditions that provide adequate protection and prevent access by unauthorized persons, says PPD-28. This suggests a possibly heightened interest in stronger encryption of data and more secure facilities in which that data will be stored.

( 6 )   Stronger oversight — In order for personal information to be used, it must been certain analytic standards, says PPD-28. To ensure that those standards are, in fact, being met, the presidential directive calls for oversight by the federal government’s inspectors general. When compliance issues occur, the inspector generals should notify the Director of National Intelligence.

( 7 )   International diplomacy — The Secretary of State (currently John Kerry) shall identify a “Coordinator for International Diplomacy” to serve as a point of contact for foreign governments who want to raise concerns about U.S. signals intelligence activities.

( 8 )   Additional reports to the president — PPD-28 calls for the DNI to provide within 180 days a report on the status of the effort to safeguard personal information. A separate report from DNI, due within one year, should assess “the feasibility of creating software that would allow the IC more easily to conduct targeted information acquisition rather than bulk collection.”