The U.S. Central Intelligence Agency on Wednesday updated rules relating to the collection, retention and dissemination of information of U.S. persons, including putting a limit of five years on holding certain sensitive data and introducing restrictions for querying the data.
The announcement by the spy agency comes a couple of days before a new administration under President-elect Donald Trump takes charge, and could address to an extent concerns expressed by civil rights groups about the collection and handling of information of U.S. persons in the course of overseas surveillance. Such information is collected by the CIA under Executive Order 12333.
Earlier this month the director of the CIA John Brennan and Attorney General Loretta E. Lynch approved the new rules, called the Attorney General Guidelines, to update the CIA’s procedures, some of which had not been significantly updated since 1982, the agency said in a statement. The new rules come into force on March 18.
Under the new rules published online, unevaluated information is presumed to include incidentally acquired information concerning U.S. persons. Unevaluated information such as nonpublic telephone and electronic communications, including communications in electronic storage, acquired without the consent of a person who is party to the communications, shall be destroyed no later than five years after the information was made available to the agency.
Unevaluated information anticipated to have “U.S. Person Identifying Information” that is significant in volume or sensitivity shall also be subject to the same rules. The five year limitation can be extended in certain circumstances such as an imminent threat to human life, with certain procedures and authorizations to be followed first.
The new rules also place limits on the querying of such data. Queries of particularly sensitive data sets, such as the contents of communications, have when practicable to be accompanied by a statement explaining the purpose for the query when retrieving information concerning a U.S. person, the agency said.
The CIA is also trying to collect less data that would require lesser people and time to evaluate it. “Today, in addition to traditional intelligence scenarios, a single storage device may contain the equivalent of millions of pages of information, hours of video, thousands of photos, or more,” the agency said in its statement.
The Attorney General Guidelines require the agency to take steps to limit information collection to the smallest subset of data necessary to achieve its intelligence objectives, which would also mean lesser instances of accidental collection of information of U.S. persons in unevaluated data.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.