18 January 2017

In furtherance of the Intelligence Community’s transparency initiatives, today the Central Intelligence Agency (CIA) is releasing to the public updated procedures governing the collection, retention, and dissemination of information concerning United States persons. These updated procedures, like the superseded procedures, are designed to balance the CIA’s intelligence responsibilities with appropriate protections for the privacy and civil liberties of United States persons.

Timely, accurate, and insightful information about the activities, capabilities, plans, and intentions of foreign powers, organizations, and persons, and their agents, is essential to informed decision-making in the areas of national security, national defense, and foreign relations. Collection of such information is a priority objective that the CIA pursues in a vigorous, innovative, and responsible manner. This mission is accomplished while remaining respectful of the principles upon which the United States was founded, and consistent with the Constitution and applicable statutes and Presidential directives authorizing the CIA’s activities, including the National Security Act of 1947, the Central Intelligence Agency Act of 1949, and Executive Order 12333, United States Intelligence Activities.

Under Executive Order 12333, the CIA’s collection, retention, and dissemination of information concerning United States persons in furtherance of its statutory mission are governed by procedures approved by the Director of the CIA and the Attorney General, after consultation with the Director of National Intelligence. These procedures are often referred to as the CIA’s “Attorney General Guidelines.”

Earlier this month, the Director and the Attorney General approved new Attorney General Guidelines consolidating and updating the CIA’s procedures, some of which had not been significantly updated since 1982. In the intervening decades, the CIA implemented a number of additional changes in internal regulations and policies to address changes in law and technology not contemplated in the 1980s. The new, consolidated Attorney General Guidelines now incorporate many of these intervening changes, thereby providing a more unified and comprehensive set of procedures that permit the CIA to use and share intelligence information to support national security objectives in a manner that protects the privacy rights and civil liberties of all Americans.

Important aspects of the revised Attorney General Guidelines include:

Protections for Unevaluated Information : When the Attorney General Guidelines were first promulgated in the 1980s, a clandestine operation may have resulted in the CIA collecting a limited number of hard copy documents. Today, in addition to traditional intelligence scenarios, a single storage device may contain the equivalent of millions of pages of information, hours of video, thousands of photos, or more. This volume of information requires longer periods of time, and more personnel, to evaluate. The new Attorney General Guidelines include specific approval requirements for handling any data set that cannot be promptly evaluated for its intelligence value, including a requirement to take reasonable steps to limit the collection of information to the smallest subset of data necessary to achieve CIA’s authorized intelligence objectives, and develop appropriate plans for ensuring that the data is properly handled and queried.

: When the Attorney General Guidelines were first promulgated in the 1980s, a clandestine operation may have resulted in the CIA collecting a limited number of hard copy documents. Today, in addition to traditional intelligence scenarios, a single storage device may contain the equivalent of millions of pages of information, hours of video, thousands of photos, or more. This volume of information requires longer periods of time, and more personnel, to evaluate. The new Attorney General Guidelines include specific approval requirements for handling any data set that cannot be promptly evaluated for its intelligence value, including a requirement to take reasonable steps to limit the collection of information to the smallest subset of data necessary to achieve CIA’s authorized intelligence objectives, and develop appropriate plans for ensuring that the data is properly handled and queried. Restrictions on Queries : Relatedly, the revised Attorney General Guidelines specifically address the querying of CIA’s data holdings, requiring both that such queries be conducted only in relation to CIA’s authorized intelligence activities and that, where practicable, queries of particularly sensitive data sets, such as the contents of communications, be accompanied by a statement explaining the purpose for the query when retrieving information concerning a United States person.

Relatedly, the revised Attorney General Guidelines specifically address the querying of CIA’s data holdings, requiring both that such queries be conducted only in relation to CIA’s authorized intelligence activities and that, where practicable, queries of particularly sensitive data sets, such as the contents of communications, be accompanied by a statement explaining the purpose for the query when retrieving information concerning a United States person. Exceptional Handling Requirements for Electronic Communications and Other Similarly Sensitive Information : The CIA complies with Executive Order 12333’s prohibition against conducting electronic surveillance in the United States, but may in the course of its authorized intelligence activities acquire electronic communications through other means. In recognition of the heightened privacy concerns surrounding electronic communications, the revised Attorney General Guidelines impose exceptional handling requirements on unevaluated electronic communications. The Attorney General Guidelines limit access to such communications, require training in the handling of such communications, and with limited exceptions, require the destruction of communications subject to these more stringent handling requirements no later than five years after it has been made available to CIA intelligence professionals. Certain other sensitive information is subject to these same exceptional handling requirements.

: The CIA complies with Executive Order 12333’s prohibition against conducting electronic surveillance in the United States, but may in the course of its authorized intelligence activities acquire electronic communications through other means. In recognition of the heightened privacy concerns surrounding electronic communications, the revised Attorney General Guidelines impose exceptional handling requirements on unevaluated electronic communications. The Attorney General Guidelines limit access to such communications, require training in the handling of such communications, and with limited exceptions, require the destruction of communications subject to these more stringent handling requirements no later than five years after it has been made available to CIA intelligence professionals. Certain other sensitive information is subject to these same exceptional handling requirements. Limitations on Undisclosed Participation : Executive Order 12333 also authorizes the Intelligence Community, including CIA, to participate in organizations in the United States without disclosing their intelligence affiliation in limited circumstances. While CIA officers generally disclose their affiliation with the Agency when engaging with United States organizations, in certain situations CIA officers may be allowed to withhold such information in order to, for example, maintain their cover. The revised Attorney General Guidelines provide clear rules concerning the CIA’s undisclosed participation in organizations in the United States. For example, under the Attorney General Guidelines, CIA employees may not join or participate in an organization for the purpose of influencing the organization without disclosing their affiliation unless the organization is composed primarily of non-United States persons, is reasonably believed to be acting on behalf of a foreign power, and the CIA employee has received the approval of the Director of the CIA.

Executive Order 12333 also authorizes the Intelligence Community, including CIA, to participate in organizations in the United States without disclosing their intelligence affiliation in limited circumstances. While CIA officers generally disclose their affiliation with the Agency when engaging with United States organizations, in certain situations CIA officers may be allowed to withhold such information in order to, for example, maintain their cover. The revised Attorney General Guidelines provide clear rules concerning the CIA’s undisclosed participation in organizations in the United States. For example, under the Attorney General Guidelines, CIA employees may not join or participate in an organization for the purpose of influencing the organization without disclosing their affiliation unless the organization is composed primarily of non-United States persons, is reasonably believed to be acting on behalf of a foreign power, the CIA employee has received the approval of the Director of the CIA. Compliance and Oversight : To ensure compliance, the Attorney General Guidelines impose a number of authorization and documentation requirements on activities that may result in the acquisition of United States person information. The Guidelines also require periodic auditing. These requirements build on the extensive oversight already conducted by Congress, CIA’s Office of Inspector General, and other executive entities, which include the Privacy and Civil Liberties Oversight Board and the President’s Intelligence Oversight Board.

While the revised Attorney General Guidelines provide the framework for ensuring that the CIA continues to engage in its foreign intelligence, counterintelligence, and covert action missions in a manner that respects Americans’ privacy rights and civil liberties, the Attorney General Guidelines represent only one aspect of the authorizations for and restrictions on CIA’s intelligence activities. In addition to the Attorney General Guidelines, the CIA has numerous other internal regulations and policies to ensure its activities remain in compliance with the law and focused on our critical national security mission. The CIA conducts intelligence activities in response to requirements levied by the President and the CIA’s other intelligence customers, and governed by a number of statutes, to include the National Security Act, the Central Intelligence Agency Act, the Foreign Intelligence Surveillance Act, and the Privacy Act, and presidential directives, such as Presidential Policy Directive 28.

The CIA today releases the revised Attorney General Guidelines to increase transparency for the American people regarding how the CIA handles information concerning United States persons as the CIA pursues its lawfully authorized activities. While the CIA’s specific activities, as well as its specific sources and methods, must remain classified to protect our national security, the revised Attorney General Guidelines are being released without redaction. In addition, CIA is also releasing the attached detailed overview of the Attorney General Guidelines to further explain how these Attorney General Guidelines protect our national security and our civil liberties. These Guidelines become effective 18 March 2017, 60 days after signature by the Director of the CIA and the Attorney General.

The documents can be found on CIA.gov on the new Office of Privacy and Civil Liberties page.

# # #