A recent bill that was somewhat passed under the noses of a good deal of people with very little critical oversight has caused quite a stir… sort of. It was originally reported by The Hill, and how congressman, Justin Amash (Rep. Mich), threw up a word of warning on a Facebook post about a potential threat of unsanctioned spying by the U.S., National Intelligence Department.

The bill is called H.R. 4681 and Amash is trying hard to keep it from going any further than it already has.

Now there’s a lot of hot air and plenty of noise surrounding the bill, and if you go by one side or another it’s easy to get swept up in all the hoopla. However, it is and is not quite as bad as some make it sound.

For one thing, the bill covers a lot of necessary scrutiny within Governmental operations, especially regarding intelligence agencies. More watchers watching the watchmen is always a good thing.

Also, to me, the most interesting aspect of the bill was section 325 and how the bill calls for more oversight and investigations into the political prison camps in North Korea. Could we be looking at another fallout similar to the CIA report from Guantanamo Bay?

Of course, treatment of detainees in a North Korean political prison camp is of little interest to most people. The thing that has most individuals up in arms is over the potential spying that could be had.

First of all, the bill proposes a budget of $507 million for Intelligence Community Management. This will be the fiscal 2015 budget that runs to September, 2016. A lot of the operations proposed by the bill includes thorough oversight on Government spending and spending on Government surveillance operations.

There’s also a separate funding request provided for those who are no longer within the intelligence field who may also have disabilities.

There’s mention of better management of software licensing and education within the Government’s intelligence community as well as reporting of certain employment activities by former intelligence officers and employees, which can be found in section 305. It’s within section 305 and just beyond, where things get really interesting.

For instance, section 306 aims to include more minorities from “Black Institutions” (from the HEA of 1965) into the “Intelligence Officer Training Program”.

Section 307, called “Management and Oversight of Financial Intelligence”, proposes to better organize tools and allocation of data and finances across intelligence agencies.

Section 308 is where all the fuss has been kicked up. This section is called “Analysis of Private Sector Policies and Procedures for Countering Insider Threats”. It starts off talking about surveying the private sector, stating…

”An analysis of private sector policies for holding supervisors and subordinates accountable for violations of established security protocols and whether the intelligence community should adopt similar policies for positions of trusted access to sensitive information;”



I don’t know about you, but being held accountable for violations of security protocols seems kind of important for maintaining a functioning societal infrastructure.

However, tucked within section 308 is section 309. It’s called “Procedures for the Retention of Incidentally Acquired Communications”. It’s a procedural rundown of what happens when communications information is “incidentally acquired”. This also includes information from foreign sources or individuals.

A list of tasks are listed as to what protocols should be taken to rectify the situation; this mostly involves reporting the incident to the appropriate individual(s).

It notes that if “incidentally acquired” data from “covered communications” is encountered by an employee within the intelligence office, they are to coordinate the data with the Director of National Intelligence, which further requires approval from the Attorney General.

It’s further noted that…



The procedures required by paragraph (1) shall apply to any intelligence collection activity not otherwise authorized by court order (including an order or certification issued by a court established under subsection (a) or (b) of section 103 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1803)), subpoena, or similar legal process that is reasonably anticipated to result in the acquisition of a covered communication to or from a United States person and shall permit the acquisition, retention, and dissemination of covered communications subject to the limitation in subparagraph (B).



Now here’s where it gets sketchy. The previous paragraph notes that the “dissemination” of the data is subject to the limitation of sub-paragraph (B). So what does sub-paragraph (B) say? Well, it says the following…



“Limitation on retention.--A covered communication shall not be retained in excess of 5 years”



Unfortunately, it doesn’t say that the data should be discarded or avoided at all. Instead, there’s a list of caveats why the data can be retained in excess of five years, including if the data is necessary for understanding counter-intelligence, or if the data is encrypted and suspected of containing sensitive information.

The communications can also be retained if there is a court order issued for it or if the data is being used in a congressional hearing.

However, there’s a very scary clause included as to why the data can also be retained. Covered communications “incidentally” acquired can be retained in excess of five years if…



“[...] all parties to the communication are reasonably believed to be non-United States persons;”



If you think it means what you think it means, then you’re correct. It basically means that if data communications that includes non-U.S., residents happens to be “incidentally” acquired, then that data can be retained in excess of five years. It means that if your name showed up in a conversation that was recorded and you aren’t from the United States of America, you’re on record and file in the U.S., National Intelligence’s database.

The bill doesn’t mention any specifics about ways of acquiring data or the means in which data can be monitored beyond what methods they already employ, so I’m not entirely sure where all the talk came from about Xbox Live and PSN monitoring. Nevertheless, the bill is up and available for anyone to read through online.

You can find a full layout of the H.R. 4681 text on the official Congress.gov website.

(Main image courtesy of CW39)