Donate for the Cryptome archive of files from June 1996 to the present

25 December 2015

Senate Intelligence Committee on Snowden

[Senate Report 114-8]
[From the U.S. Government Publishing Office]

114th Congress 
 1st Session                     SENATE                          Report


                              R E P O R T

                                 of the


                          UNITED STATES SENATE

                          COVERING THE PERIOD

                            JANUARY 3, 2013


                            JANUARY 5, 2015

                 March 31, 2015.--Ordered to be printed
     Filed under authority of the order of the Senate of March 27 
                    (legislative day, March 26) 2015

[Excerpts on Snowden]

    During the 113th Congress, the Committee routinely inquired 
into the IC's efforts to implement new information security 
measures aimed at mitigating the damaging revelations by former 
NSA contractor Edward Snowden. 


    Following the unprecedented leaks of classified 
information, primarily of information relating to the NSA, by 
former NSA contractor Edward Snowden, key aspects of many of 
these collection activities have been declassified by the DNI. 
This prompted a series of Committee hearings and discussions 
over ways to add additional privacy protections and 
transparency measures to FISA operations, while preserving the 
operational effectiveness and flexibility of the programs.
    On October 31, 2013, the Committee reported the FISA 
Improvements Act of 2013 (S. 1631) and accompanying report (S. 
Rpt. 113-119). The bill included a series of measures that 
would have made improvements to FISA as well as other laws 
relating to intelligence activities carried out by the 
Executive Branch. The bill contained a number of legislative 
provisions, including:
 Measures to codify established privacy 
        protections for the bulk telephone metadata program 
        that have been provided under Foreign Intelligence 
        Surveillance Court-approved minimization procedures or 
        Executive Branch policy and measures to enhance those 
        privacy protections, where appropriate, by placing 
        additional statutory limits on the telephone metadata 
        program that do not reduce its operational 
 Measures to increase transparency--to the 
        public and to the Congress--concerning the bulk 
        telephone metadata program, as well as other aspects of 
        FISA, where it is possible to do so without 
        compromising the efficacy of intelligence activities 
        undertaken pursuant to FISA;
 Provisions that require Senate confirmation 
        for the director and inspector general of the NSA;
 Authority for the Foreign Intelligence 
        Surveillance Court and the Foreign Intelligence 
        Surveillance Court of Review to appoint amicus curiae 
        to assist the Court in the consideration of 
        applications that, in the opinion of the Court, present 
        a novel or significant interpretation of the law;
 Authority for the government to continue 
        collection for a 72-hour transitional period, when the 
        collection is directed against a non-U.S. person target 
        who travels into the United States while the target is 
        the subject of collection that was lawfully initiated 
        while the target was abroad; and
 Restrictions on the government's authority 
        to perform queries of communications acquired pursuant 
        to Section 702 of FISA that use a U.S. person's 
        selector only if the purpose of the query is to obtain 
        foreign intelligence information or information 
        necessary to understand foreign intelligence 
        information or to assess its importance.
    This legislation was not considered by the Senate in the 
114th Congress. A related measure, the USA FREEDOM Act, offered 
by Senator Leahy, was considered by the Senate but did not 
receive sufficient votes to invoke cloture.


                    C. Intelligence Community Issues

1. ODNI Response to Insider Threats

    The Committee continued its oversight of the ODNI's 
response to unauthorized disclosures of classified information. 
The unauthorized disclosures to the media, and potentially to 
foreign adversaries, by Edward Snowden, a contractor working at 
the NSA, highlight the threat posed by insiders entrusted with 
access to IC facilities and networks. Mr. Snowden's decision to 
disclose classified and sensitive information to the media will 
have ramifications for our national security for years to come.
    Initiatives have been underway for years to deal with such 
contingencies, most recently the President's National Insider 
Threat Policy, signed in November 2012. However, the Committee 
is concerned that this policy has not been fully implemented 
across the IC. Prior to Mr. Snowden's unauthorized disclosures, 
the Committee met with the newly created National Insider 
Threat Task Force to review its role in establishing 
government-wide minimum standards for deterring, detecting, and 
mitigating insider threats. Some examples of minimum standards 
issued by the Task Force include workforce threat awareness 
training and procedures for responding to insider threat 
concerns. The Committee remains concerned that many government 
agencies are in need of substantial improvements to ensure the 
security of sensitive information.
    Following the initial disclosures by Mr. Snowden in June 
2013, the Committee met with DNI Clapper to underscore the need 
for the Executive Branch to fully investigate the intelligence 
leaks, to review initiatives to reform the background 
investigation process, and to explore new approaches for 
deterring and detecting potentially damaging insider threats. 
As part of its review of the unauthorized disclosures, the 
Committee also met with the National Counterintelligence 
Executive (NCIX), Frank Montoya Jr., and his successor Bill 
Evanina, to assess the extent of the damage to national 
security. As part of the ODNI, the Office of the NCIX is also 
responsible for government-wide standards on security clearance 
practices, and the Committee staff met with the NCIX on 
numerous occasions to discuss the DNI's strategy for security 
clearance reform.
    Additionally, in an effort to modernize the security 
clearance background investigation process, the Committee 
undertook a review of continuous evaluation and automated 
record check programs, both within the U.S. Government and the 
private sector. As part of this effort, the Committee met with 
numerous private sector entities from various sectors to 
collect best practices related to hiring, background 
investigations, insider threat monitoring, ethics, and employee 
    The Committee supports substantially enhancing and 
expediting efforts to deter the insider threat and believes 
doing so will require an integrated counterintelligence and 
security apparatus that spans the IC and the U.S. Government. 
Additionally, the Committee believes the IC's information 
technology modernization effort--the IC Information Technology 
Enterprise--must provide the infrastructure to detect insider 
threats earlier, more effectively, and more reliably. (See page 
24 for more information on the IC Information Technology 
Enterprise, otherwise known as ``IC ITE.'') Robust 
counterintelligence data and analytic tools to monitor, 
analyze, and audit personnel behavior will be critical to this 
endeavor. In the Intelligence Authorization Act for Fiscal Year 
2014 and associated classified annex, the Committee recommended 
additional resources to help assure the IC meets this and other 
counterintelligence and security goals as soon as possible.