This article first appeared at Just Security.
On May 8, the Office of the Director of National Intelligence (ODNI) released a framework that establishes uniform baseline standards for how the Intelligence Community (IC) should categorize, acquire, and handle commercially available information (CAI). CAI refers to the vast quantities of data—collected from a wide range of sources, including cell phones and other personal devices, cars, household appliances, and social media accounts—that are available for purchase from data brokers and other commercial entities. The ODNI policy framework sets forth principles for acquiring and safeguarding CAI, with special rules for information that IC agencies deem “sensitive.” It also includes requirements for cataloging IC agencies’ purchases and use of CAI.
The policy framework reflects a growing recognition within the IC that agencies’ acquisition and use of CAI puts Americans’ privacy and civil liberties at risk. If implemented effectively and robustly, the framework could bring consistency to agencies’ practices, incrementally improve privacy protections, and significantly expand transparency. However, the framework gives the IC too much discretion in determining how certain principles are applied, potentially undermining its utility in practice. The framework also does not prohibit IC elements from purchasing data that otherwise would require a warrant, court order, or subpoena to obtain and is therefore no substitute for congressional action.
The Problem
In June 2023, a declassified government report confirmed that intelligence agencies have been acquiring vast amounts of Americans’ personal information from commercial entities. This practice of purchasing CAI has expanded significantly in recent years due to the advancement of interconnected digital devices and the advertising-driven surveillance that underlies much of the internet industry’s business model. The report warned that CAI can reveal highly sensitive information that increases the government’s ability to peer into our private lives and endangers Americans’ privacy and civil liberties. Notwithstanding those risks, intelligence agencies frequently acquire CAI without policies to identify and protect sensitive information, failing even to keep track of their own acquisition and use of CAI.
Much of this information is, in theory, subject to statutory and constitutional privacy protections. For instance, in 2018, the Supreme Court held in Carpenter v. United States that the government needs a warrant to obtain cell phone location records because they can reveal the most intimate details about our private lives. Nevertheless, government agencies have made an end run around this warrant requirement by purchasing geolocation data from commercial data brokers. While this practice violates the spirit of the Court’s ruling, if not its letter, agencies have interpreted Carpenter to apply only to the specific type of location data at issue in that case (i.e., historical cell-site location information), and only when the government compels companies to disclose information—not when private companies sell or voluntarily disclose information.
The Framework’s General Principles for All CAI
The ODNI framework establishes baseline standards for how IC agencies acquire and use commercially available information while allowing them “flexibility to experiment” in a manner that meets their operational needs. It begins by setting out nine general principles governing the IC’s acquisition and use of all CAI. Agencies are required to put in place policies and procedures that, at a minimum, implement these standards.
The framework defines CAI broadly to cover information acquired by government agencies through commercial entities such as data brokers, while excluding information acquired via lawful process (e.g., a search warrant or subpoena) or voluntarily provided pursuant to a statute. It also includes information offered at no cost, such as through a free trial of the commercial entity’s services.
The general principles emphasize that privacy and civil liberties “shall be integral considerations, timely considered” in the acquisition and use of commercially available information. They state that such information shall not be used to disadvantage individuals based on traits such as race, gender, or religion, nor shall information be used to take adverse action against a person “based solely on that individual’s exercise of Constitutionally-protected rights.” The framework also provides that agencies must assess the original source and quality of the data, manage and periodically review their implementation of safeguards, and provide appropriate transparency to the public and relevant oversight entities on their policies and procedures.
These are worthy principles, to be sure. Some of them, however, simply restate basic constitutional requirements and constraints, calling into question the added value of including them in the policy. Moreover, as discussed further below, the subjectivity and discretion built into many of these principles could allow IC agencies to prioritize “flexibility to experiment” with CAI over protecting Americans’ privacy and civil liberties.
Additional Requirements for Sensitive CAI
The bulk of the framework addresses how intelligence agencies should handle sensitive CAI. It first defines what information is considered sensitive. It then provides baseline standards for governing the acquisition of sensitive CAI and the safeguarding of such information. Lastly, it explains how the IC must document its acquisition and use of sensitive information.
What Is Sensitive CAI?
The Framework requires IC elements to measure the sensitivity of CAI by considering its volume, proportionality, and sensitivity. It considers CAI “sensitive,” and thus subject to enhanced safeguards, if it is known or reasonably expected to contain:
- a “substantial volume” of personally identifiable information (PII) regarding U.S. persons; or
- a “greater than de minimis volume” of:
- Sensitive data, defined as PII of U.S. persons that concerns information such as the individual’s race, political opinions, religious beliefs, health information, sexual orientation, gender identity, health information, financial data, or any other data the disclosure of which could similarly cause “substantial harm, embarrassment, inconvenience, or unfairness”; or
- Data capturing sensitive activities of U.S. persons, defined as “activities that over an extended period of time establish a pattern of life; reveal personal affiliations, preferences, or identifiers; facilitate prediction of future acts; enable targeting activities; reveal the exercise of individual rights and freedoms” (including First Amendment-protected rights of free speech, press, religion, and assembly); or reveal any other activity the disclosure of which could cause “substantial harm, embarrassment, inconvenience, or unfairness.”
In theory, this definition of sensitive CAI would cover much of the information that intelligence agencies purchase from data brokers. But the definition lacks clarity on some of the most sensitive information acquired from commercial entities. For example, it does not explicitly include certain known categories of sensitive information such as biometric information, location information, communications metadata, and internet search and browsing history.
That information theoretically should be covered by the definition’s catch-all provisions or covered as data capturing sensitive activities “that over an extended period of time establish a pattern of life” or reveal personal preferences or identifiers. For example, following Edward Snowden’s disclosure of the NSA’s bulk collection program, experts explained how accumulated communications metadata is sensitive information that can reveal intimate associations, habits, and beliefs. Likewise, in 2020, the Senate overwhelmingly voted in favor of a bipartisan amendment that would have imposed a warrant requirement for internet search and browsing records, noting that they, too, reveal a user’s most private thoughts and preferences. And the Supreme Court made clear in Carpenter that the government needs a warrant to access a weeks’ worth of location information because that information can reveal the most intimate details of a person’s associations and activities.
But the framework is notably silent here, choosing not to specify whether this information is sensitive CAI. It instead leaves intelligence agencies with discretion to determine whether such information is sensitive and merits enhanced safeguards. It also provides no clarity or transparency on what constitutes a “substantial volume” of U.S. persons’ PII or a “greater than de minimis volume” of sensitive data or activities. While the framework requires agencies to inform ODNI when its sensitivity determination differs from that of other IC agencies, the ODNI and agency heads must do more to ensure that the IC does not exclude sensitive information from applicable safeguards.
Minimum Standards for Acquiring and Safeguarding Sensitive CAI
The framework lays out baseline procedures intended to ensure that intelligence agencies access and collect sensitive CAI in a manner that protects privacy and civil liberties. Depending on how IC agencies interpret and apply them, the procedures could provide Americans with some protection. But the operative word here is “could.” The framework does not establish clear rules or objective criteria concerning what sensitive CAI agencies can or cannot acquire. Instead, it leaves significant discretion for each intelligence agency to determine whether they can acquire sensitive CAI, including by allowing agencies to waive critical procedures and leaving privacy and civil liberties officials out of the decision-making process.
Before acquiring sensitive CAI, intelligence agencies are required to assess several factors to determine whether the value of acquiring the sensitive CAI likely outweighs risks to individuals’ privacy and civil liberties, data quality, and security that cannot reasonably be mitigated. These factors include, among others, assessing whether a dataset contains sensitive CAI; the privacy and civil liberties risks associated with acquiring and processing such data; and how the agency may mitigate such risks—including by implementing privacy-enhancing technologies or traditional minimization procedures. Agencies also must undertake a reasonable effort, “to the extent feasible given operational security considerations,” to determine the original source of the data and to assess the quality and integrity of the sensitive information to ensure it is consistent with IC standards for accuracy and objectivity. Notably, however, the policy identifies no categories of sensitive information that should not be purchased and must be obtained using compulsory process. Moreover, any of the procedures may be waived due to “exigent circumstances.”
In addition, the framework requires IC agencies to implement “one or more measures” to safeguard sensitive CAI once collected. It provides a list of examples of such measures, including restricting access to the sensitive information, limiting the number of personnel who may run queries, requiring written justification and approval prior to performing queries or searches, and deleting U.S. person information from datasets. However, these protections are presented as illustrative only; none of them are actually required by the policy.
These assessments and safeguarding procedures must be approved by the agency head or an appropriately delegated senior official. But the framework allows intelligence agencies to bypass intelligence oversight officials, legal counsel, and privacy and civil liberties officials based on “operational security considerations.” Historically, IC elements have been far too willing to sideline oversight officials, and are likely to do so again.
Ultimately, while the policy framework contains several laudable principles, its subjective, discretionary, and exception-riddled standards risk making this framework a box-checking exercise for agencies. The IC will have the flexibility to continue relying heavily on data purchases to sidestep the Fourth Amendment’s central safeguard against government abuse: the requirement that the government obtains a warrant from a judge before invading a reasonable expectation of privacy.
Documentation and Reporting
Notwithstanding the framework’s deficiencies, it contains promising requirements for IC agencies to catalog and report their collection and use of sensitive CAI. These requirements follow from recommendations in the declassified report on CAI, which warned that intelligence agencies lacked insight into precisely what information has been purchased or how it is used. If implemented faithfully, the policy framework’s documentation and reporting requirements would bring much needed transparency and accountability to the IC’s acquisition and use of CAI.
The framework requires IC elements to document information regarding their acquisition and processing (e.g., use, creation, dissemination) of sensitive CAI “to the extent practicable and consistent with the need to protect intelligence sources and methods.” This documentation must include, inter alia, the purpose, intended uses, nature, source, and volume of the sensitive information acquired; any licensing agreements or contract restrictions applicable to the sensitive information; the authority under which the information was acquired or processed; any safeguards applied to the information; and which elements and officials participated in the procurement and approval process.
IC agencies are required, “[c]onsistent with the protection of intelligence sources and methods,” to report this documentation to the ODNI on an annual basis and provide copies of their relevant policies and procedures regarding the CAI framework. The ODNI is required to “keep Congress informed” and to issue a public report every two years regarding the IC’s acquisition, use, and safeguarding of sensitive CAI.
Although much can change over the two years between each public reporting requirement, the increased transparency could be a significant improvement from the status quo, if IC agencies resist the temptation to reflexively claim that such transparency is not “practicable” or not “consistent with the need to protect intelligence sources and methods.” It will be critical that Congress remain consistently informed about these programs and ensure that intelligence agencies implement this framework and provide transparency about their policies and practices. The heads of each IC agency and senior ODNI officials responsible for the policy’s implementation must similarly ensure that agencies comply fully with the framework and avoid overreliance on its discretionary exceptions.
What’s Missing—and What’s Next
As explained above, even the modest privacy and civil liberties protections envisioned in this policy are undermined by the amount of discretion afforded to IC agencies. But the fundamental flaw of the policy is its failure to prohibit the purchase of information that would otherwise be subject to statutory or constitutional protections—most notably, requirements to obtain a warrant, court order, or subpoena. For such information, Congress and/or the courts have already weighed the information’s sensitivity against the government’s need for the information, and have determined that the government should not have access to the information without compulsory legal process. The IC should not be permitted to replace the judgment of Congress and the courts with its own balancing test.
Accordingly, the ODNI policy cannot take the place of legislation that would restore the legal protections that have been eviscerated by the government’s use of CAI. For example, the Fourth Amendment Is Not For Sale Act, a bipartisan bill that passed out of the House by a vote of 219–199 in April, would prohibit intelligence and law enforcement agencies from purchasing certain sensitive information about U.S. persons from third-party sellers, including geolocation information, communications-related information, and information obtained through illegitimate scraping practices. Similarly, provisions of the Government Surveillance Reform Act would bar intelligence and law enforcement agencies from purchasing an even wider swath of U.S. person data, with exceptions to allow “overcollection”—combined with rigorous minimization requirements—in cases where the government cannot identify and/or remove U.S. person information before acquiring data sets.
ODNI would no doubt argue that it should not be prohibited from acquiring information that private actors can purchase on the open market. But the ODNI policy already recognizes that government acquisition and use of CAI can and should be subject to rules that don’t apply to the private sector, given the significant risk to civil liberties. The mistake the ODNI policy makes is creating its own (mostly subjective) rules rather than honoring those Congress and the courts have already imposed.