Pursuant to section 1.7(i) of Executive Order 12333, as amended, the FBI is authorized to:



Similar documents
UNCLASSIFIED JOINT UNCLASSIFIED STATEMENT OF ROBERT S. LITT GENERAL COUNSEL OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE

National Security Agency

Department of Justice Policy Guidance 1 Domestic Use of Unmanned Aircraft Systems (UAS)

Committee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on

UNITED STATES FOREIGN INTELLIGENCE SURVEILLANCE COURT WASHINGTON, D.C.

Thank you for the opportunity to join you here today.

October 10, Protecting Whistleblowers with Access to Classified Information

Legislative Language

S. ll IN THE SENATE OF THE UNITED STATES A BILL

SUMMARY: The Office of the Secretary of Defense proposes to. alter a system of records notice DPFPA 02, entitled Pentagon

SUMMARY: The National Guard Bureau proposes to add a new system. of records, INGB 005, entitled Special Investigation Reports

VOLUNTEER & EMPLOYEE CRIMINAL HISTORY SERVICE (VECHS) USER AGREEMENT FOR CRIMINAL HISTORY RECORD INFORMATION

Part B of PPD-19 provides that "Any officer or employee of an executive branch agency

THE ATTORNEY GENERAL'S GUIDELINES FOR DOMESTIC FBI OPERATIONS

Preservation of longstanding, roles and missions of civilian and intelligence agencies

Houston Regional Intelligence Service Center (Fusion Center) Privacy Policy. Privacy, Civil Rights, and Civil Liberties Policy

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

Privacy Impact Assessment for the Volunteer/Contractor Information System

SUMMARY: The Defense Health Agency proposes to alter an. existing system of records, EDTMA 02, entitled "Medical/Dental

D E PAR TME NT OF THE NAVY OFFICE OF THE SECR ET A R Y 1000 N A VY PENT A G ON W A SHI N G T ON D C

ADDRESSES SYSTEM LOCATION

Federal Bureau of Investigation s Integrity and Compliance Program

PHILADELPHIA POLICE DEPARTMENT DIRECTIVE 7.17

TOP SECRET//COMINT//NOFORN JOINT STATEMENT FOR THE RECORD BY MICHAEL LEITER DIRECTOR NATIONAL COUNTERTERRORISM CENTER AND

H. R SEC DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

Department of Defense DIRECTIVE

Public Law th Congress An Act

Best Practices for. Protecting Privacy, Civil Rights & Civil Liberties. Unmanned Aircraft Systems Programs

DALLAS ALLERGY & ASTHMA CENTER

DIVISION N CYBERSECURITY ACT OF 2015

Department of Defense DIRECTIVE

MINA'BENTE SITE NA LIHESLATURAN GUAHAN 2005 (FIRST) REGULAR SESSION

BUSINESS ASSOCIATE ADDENDUM

JOINT STATEMENT OF ELISEBETH COLLINS COOK ASSISTANT ATTORNEY GENERAL AND VALERIE CAPRONI GENERAL COUNSEL FEDERAL BUREAU OF INVESTIGATION BEFORE THE

DIVISION N CYBERSECURITY ACT OF 2015

FEB 0 S The Honorable John Boehner Speaker United States House ofrepresentatives Washington, D.C

Note: This compilation of the National Security Act of 1947 reflects amendments enacted into law through Public Law (August 3, 2007).

28 CFR Ch. I ( Edition)

KESWICK MULTI-CARE CENTER, INC. NOTICE OF PRIVACY PRACTICES

Legislative Language

V Seven areas are covered by this Notice:

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

Chicago Homeless Management Information System (HMIS) Privacy Packet

To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

Passenger Protect Program Transport Canada

SASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F Saskatchewan Workers Compensation Board

28042 Federal Register / Vol. 75, No. 96 / Wednesday, May 19, 2010 / Notices

SOUTHLAKE DERMATOLOGY 1170 N. Carroll Ave. Southlake, TX Main Fax

Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT

CRS Report for Congress

HOUSE BILL 2485 AN ACT AMENDING TITLE 12, CHAPTER 13, ARIZONA REVISED STATUTES, BY ADDING ARTICLE 10; RELATING TO HEALTH AND SAFETY AUDIT PRIVILEGE.

Guidelines on Data Protection. Draft. Version 3.1. Published by

ACTION: Direct final rule with request for comments. SUMMARY: Defense Logistics Agency (DLA) is exempting records

SUMMARY: The Office of the Secretary of Defense proposes to. alter a system of records notice DA&M 01, entitled Civil

CYBERCRIME LAWS OF THE UNITED STATES

PORTLAND POLICE BUREAU CRIMINAL INTELLIGENCE UNIT STANDARD OPERATING PROCEDURE

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

Department of Justice Policy Guidance: Use of Cell-Site Simulator Technology

NOC Patriot Report Database

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014

CHAPTER 9 RECORDS MANAGEMENT (Revised April 18, 2006)

S. ll. To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

Department of Homeland Security DHS Directives System Directive Number: Revision Number: 00 Issue Date: 07/25/2008 SAFETY AND HEALTH PROGRAMS

Privacy Act of 1974; Department of Homeland Security <Component Name> - <SORN. AGENCY: Department of Homeland Security, Privacy Office.

NORTHSTAR DERMATOLOGY, PA NOTICE OF PRIVACY PRACTICES

Virginia Commonwealth University Police Department

HIPAA BUSINESS ASSOCIATE AGREEMENT

Montana All Threat Intelligence Center Policies and Procedures

Auditor or Program Analyst

U.S. Department of Justice. Becoming A. Special Agent. U.S. Department of Justice Office of the Inspector General INVESTIGATIONS DIVISION

Privacy and Civil Liber0es Oversight Board

Privacy Impact Assessment Of the. Office of Inspector General Information Technology Infrastructure Systems

MATTHEWS INTERNATIONAL CORPORATION

This Instruction implements Department of Homeland Security (DHS) Directive , Privacy Policy for Operational Use of Social Media.

Privacy Impact Assessment for TRUFONE Inmate Telephone System

28 USC 532. NB: This unofficial compilation of the U.S. Code is current as of Jan. 4, 2012 (see

H. R. ll. To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

UMDNJ COMPLIANCE PLAN

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No A-94B, AFL-CIO. Notice of Privacy Practices

3 FAM 1500 EQUAL EMPLOYMENT OPPORTUNITY

Federal Home Loan Bank Membership Version 1.0 March 2013

Texas Fusion Center Privacy, Civil Rights, and Civil Liberties Policy

FOR SHARING LAW ENFORCEMENT INFORMATION

FedRAMP Package Access Request Form For Review of FedRAMP Security Package

ADMINISTRATIVE INSTRUCTION

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

.scot Registration Policy

HIPAA HITECH PA Physician Practices

Business Associate Agreement

Computer Linked Application Information Management System

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM

S AN ACT. To codify an existing operations center for cybersecurity.

SENATE... No The Commonwealth of Massachusetts. In the Year Two Thousand Fourteen

FACILITIES USE AGREEMENT

(C) A statement of current policies concerning campus law enforcement, including--

AITKIN COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT. Aitkin County

Introduction to The Privacy Act

University Healthcare Physicians Compliance and Privacy Policy

Public Information Program

Physical Access Control System

Transcription:

PRESIDENTIAL POLICY DIRECTIVE 28 POLICIES AND PROCEDURES I. Introduction Presidential Policy Directive 28 regarding signals intelligence activities (hereinafter PPD-28 ), issued January 17, 2014, articulates principles to guide why, whether, when, and how the United States conducts signals intelligence activities for authorized foreign intelligence and counterintelligence purposes. Specifically, section 4 of PPD-28 sets forth principles for safeguarding personal information collected from signals intelligence activities and requires Intelligence Community ( IC ) elements to establish policies and procedures to apply such principles, consistent with technical capabilities and operational needs. As stated in PPD-28, all persons should be treated with dignity and respect, regardless of their nationality or wherever they might reside, and all persons have legitimate privacy interests in the handling of their personal information. Although the FBI does not conduct signals intelligence activities, the FBI is applying the relevant provisions of PPD-28 to information it collects pursuant to FISA section 702 to further these principles. Although the FBI does not conduct signals intelligence activities and does not have access to unevaluated, raw, or unminimized signals intelligence, it does receive from other IC elements engaged in such activities signals intelligence information that has been evaluated, minimized, or otherwise included in finished intelligence products. These policies and procedures also address the manner in which the FBI will handle signals intelligence information in these finished intelligence products. II. General Provisions and Authorities Pursuant to section 1.7(i) of Executive Order 12333, as amended, the FBI is authorized to: (1) Collect (including through clandestine means), analyze, produce, and disseminate foreign intelligence and counterintelligence to support national and departmental missions, in accordance with procedural guidelines approved by the Attorney General, after consultation with the Director; (2) Conduct counterintelligence activities; and (3) Conduct foreign intelligence and counterintelligence liaison relationships with intelligence, security, and law enforcement services of foreign governments or international organizations in accordance with section 1.3(b)(4) and 1.7(a)(6) of E.O. 12333. 1

III. Safeguarding Personal Information Pursuant to PPD-28 (A) Collection Pursuant to Section 702 of FISA The following policies and procedures apply to the FBI s safeguarding of personal information of non-u.s. persons collected pursuant to section 702 of FISA. 1 The policies and procedures do not alter, but rather supplement, the protections that non- U.S. persons receive pursuant to FISA, the Attorney General s Guidelines for Domestic FBI Operations, or any other applicable law. 2 (1) Minimization Consistent with its need to retain intelligence for a sufficient period of time to understand its relevance and to disseminate intelligence as necessary to protect national security, the FBI shall apply the following protections to personal information concerning non-u.s. persons collected pursuant to section 702. (a) Dissemination The FBI will disseminate personal information of non-u.s. persons collected pursuant to Section 702 of FISA only if dissemination of comparable information concerning U.S. persons would be permitted under Section 2.3 of Executive Order 12333. The FBI will also disseminate personal information concerning a non- U.S. person collected pursuant to section 702 of FISA only if the information relates specifically to an activity authorized by the Attorney General or an intelligence requirement authorized by the Director of National Intelligence, and not solely because of the person s foreign status. The FBI will disseminate personal information concerning a non-u.s. person only if the information is relevant to the underlying purpose of the dissemination. When disseminating unevaluated personal information collected pursuant to section 702 of FISA, the FBI will inform the recipient that the disseminated information may contain personal information so that the recipient can take appropriate steps to protect that information. The FBI shall not disseminate personal information concerning a non-u.s. person collected pursuant to section 702 of FISA that is foreign intelligence solely because of the person s foreign status or location. Thus, information about the routine activities of a foreign person would not meet this standard without some indication that the information is relevant to an intelligence requirement or an authorized law enforcement activity. 1 These procedures do not alter the rules applicable to U.S. persons found in the Foreign Intelligence Surveillance Act, Executive Order 12333, the Attorney General s Guidelines for Domestic FBI Operations, or other applicable law. 2 The protections afforded to non-u.s. persons by FISA and the Attorney General s Guidelines for Domestic FBI Operations include, but are not limited to, the requirement that the FBI have a significant purpose to obtain foreign intelligence information in order to target a non-u.s. person and the limitation that the FBI may only acquire foreign intelligence information pursuant to Section 702 of FISA in a full FBI investigation. 2

The FBI shall not disseminate personal information concerning any person, including non-u.s. persons, for the purpose of suppressing or burdening criticism or dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion. The FBI shall not disseminate foreign private commercial information or trade secrets to afford a competitive advantage to U.S. companies or U.S. business sectors commercially. Unless it possesses specific information to the contrary, the FBI will presume that any evaluated or minimized section 702 information it receives from other IC elements meets these standards. The FBI will further disseminate such information only in accordance with applicable FBI and IC policies and procedures. (b) Retention The FBI shall not retain unevaluated personal information concerning non-u.s. persons collected pursuant to section 702 of FISA for longer than five (5) years, unless retention of comparable information concerning U.S. persons would be permitted under section 2.3 of Executive Order 12333. The FBI will retain personal information concerning a non-u.s. person collected pursuant to section 702 of FISA that is foreign intelligence only if the information relates specifically to an activity authorized by the Attorney General or an intelligence requirement authorized by the Director of National Intelligence, and not solely because of the person's foreign status. Thus, information about the routine activities of a foreign person would not meet this standard without some indication that the information is relevant to an intelligence requirement or an authorized law enforcement activity. Unless it possesses specific information to the contrary, the FBI will presume that any evaluated or minimized section 702 information it receives from other IC elements meets these standards.the FBI will retain such information in accordance with applicable record retention policies. (c) Queries When querying information collected pursuant to Section 702 of FISA, the FBI will structure queries or other search terms and techniques in order to identify information relevant to a valid intelligence requirement or an authorized law enforcement activity. The FBI will focus queries about persons, regardless of nationality, on the categories of intelligence information responsive to an intelligence requirement or an authorized law enforcement activity. The FBI will minimize the review of personal information not pertinent to an intelligence requirement or an authorized law enforcement activity. 3

(2) Data Security and Access Access to all personal information collected pursuant to section 702 of FISA irrespective of the nationality of the person whose information is collected is restricted to those personnel who require access in order to perform their authorized duties in support of the FBI s mission or to assist in a lawful and authorized governmental function. Such information will be maintained in either electronic or physical form in secure facilities protected by physical and technological safeguards, and with access limited by appropriate security measures. Such information will be safeguarded in accordance with applicable laws, rules, and policies, including those of the FBI, the Department of Justice, and the Office of the Director of National Intelligence. Classified information will be stored appropriately in a secured, certified, and accredited facility, in secured databases or containers, and in accordance with other applicable requirements. The FBI s electronic system in which such information may be stored will comply with applicable law, Executive Orders, and Office of the Director of National Intelligence and Department of Justice policies and procedures regarding information security, including with regard to access controls and monitoring. (3) Data Quality Personal information concerning any person, regardless of nationality, collected pursuant to section 702 of FISA shall be included in FBI intelligence products only as consistent with applicable IC standards of analytic tradecraft as set forth in relevant IC directives. (4) Oversight The FBI will include appropriate measures to facilitate oversight over the implementation of these safeguards protecting personal information collected pursuant to section 702 of FISA, to include periodic auditing. The results of periodic auditing will be reported to the Director, Deputy Director, Executive Assistant Director for the National Security Branch, the Executive Assistant Director for the Criminal, Cyber, Response, and Services Branch, the Executive Assistant Director of the Intelligence Branch, the Assistant Director of the Office of Integrity and Compliance, and the General Counsel. Instances of non-compliance with these policies and procedures shall be reported to the Assistant Director of the Inspection Division, the Assistant Director of the Office of Integrity and Compliance, the FBI s Privacy and Civil Liberties Officer, and the General Counsel, all of whom, shall determine what corrective actions are necessary, if any. 4

Significant instances of non-compliance with these policies and procedures involving the personal information of any person collected pursuant to section 702 of FISA shall be reported promptly to the Deputy Director, who in turn will report them to the DNI pursuant to section 4 of PPD-28. (5) Training Training on these policies and procedures shall be required in order to gain access to unevaluated information concerning non-u.s. persons collected pursuant to section 702 of FISA. (B) Signals Intelligence Collected by Other IC Elements The following policies and procedures apply to the FBI s safeguarding of personal information of non-u.s. persons collected pursuant to signals intelligence activities conducted by other IC elements. 3 (1) Minimization (a) Dissemination The FBI will disseminate personal information of non-u.s. persons collected through signals intelligence activities only if dissemination of comparable information concerning U.S. persons would be permitted under section 2.3 of Executive Order 12333. The FBI will disseminate personal information concerning a non-u.s. person that is foreign intelligence only if the information relates specifically to an activity authorized by the Attorney General or an intelligence requirement authorized by the Director of National Intelligence, and not solely because of the person's foreign status. Unless it possesses specific information to the contrary, the FBI will presume that any evaluated or minimized signals intelligence information it receives from other IC elements meets these standards. The FBI will disseminate such information in accordance with applicable FBI and IC policies and procedures. (b) Retention The FBI will retain personal information of non-u.s. persons collected through signals intelligence activities only if retention of comparable information concerning U.S. persons would be permitted under section 2.3 of Executive Order 12333. The FBI will retain personal information concerning a non-u.s. person that is foreign intelligence only if the information relates specifically to an activity authorized by the Attorney General or an intelligence requirement authorized by the Director of National Intelligence, and not solely because of the person's 3 These procedures do not alter the rules applicable to U.S. persons found in the Foreign Intelligence Surveillance Act, Executive Order 12333, the Attorney General s Guidelines for Domestic FBI Operations, or other applicable law. 5

foreign status. Unless it possesses specific information to the contrary, the FBI will presume that any evaluated or minimized signals intelligence information it receives from other IC elements meets these standards. The FBI will retain such information in accordance with applicable record retention policies. (2) Data Security and Access Access to all personal information collected through signals intelligence activities irrespective of the nationality of the person whose information is collected is restricted to those personnel who require access in order to perform their authorized duties in support of the FBI s mission or to assist in a lawful and authorized governmental function. Such information will be maintained in either electronic or physical form in secure facilities protected by physical and technological safeguards, and with access limited by appropriate security measures. Such information will be safeguarded in accordance with applicable laws, rules, and policies, including those of the FBI, the Department of Justice, and the Office of the Director of National Intelligence. Classified information will be stored appropriately in a secured, certified, and accredited facility, in secured databases or containers, and in accordance with other applicable requirements. The FBI s electronic system in which such information may be stored will comply with applicable law, Executive Orders, and the Office of the Director of National Intelligence and Department of Justice policies and procedures regarding information security, including with regard to access controls and monitoring. (3) Data Quality Personal information of both U.S. and non-u.s. persons collected through signals intelligence activities shall be included in FBI intelligence products only as consistent with applicable IC standards of analytic tradecraft as set forth in relevant IC directives. (4) Oversight The FBI will include appropriate measures to facilitate oversight over the implementation of these safeguards protecting personal information, to include periodic auditing. The results of periodic auditing will be reported to the Director, Deputy Director, the Executive Assistant Director for the National Security Branch, the Executive Assistant Director for the Criminal, Cyber, Response, and Services Branch, the Executive Assistant Director of the Intelligence Branch, the Assistant Director of the Office of Integrity and Compliance, and the General Counsel. Instances of non-compliance with these policies and procedures shall be reported to the Assistant Director of the Inspection Division, the Assistant Director of the Office of Integrity and Compliance, the FBI s Privacy and Civil Liberties Officer, and the 6

General Counsel, all of whom shall determine what corrective actions are necessary, if any. Significant instances of non-compliance with these policies and procedures involving the personal information of any person collected through signals intelligence activities shall be reported promptly to the Deputy Director, who in turn will report them to the DNI pursuant to section 4 of PPD-28. IV. Departures from these Procedures The Director, Deputy Director, or an Executive Assistant Director must approve in advance any departures from these procedures and provide notice to the Director of National Intelligence and the Attorney General. If there is not time for such advance approval and a departure from these procedures is necessary because of the immediacy or gravity of a threat to the safety of persons or property or to the national security, the departure must be reported to the Director, the Director of National Intelligence, and the Attorney General as soon as possible thereafter. Notwithstanding this paragraph, all activities in all circumstances must be carried out in a manner consistent with the Constitution and laws of the United States. V. Conclusion These procedures are set forth solely for internal guidance within the FBI. Questions on the applicability or interpretation of these procedures should be directed to the Office of the General Counsel, which shall determine such applicability or interpretation. 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information