|
||||
|
25 December 2015 Senate Intelligence Committee on Snowden
[Senate Report 114-8]
[From the U.S. Government Publishing Office]
114th Congress
1st Session SENATE Report
114-8
_______________________________________________________________________
R E P O R T
of the
SELECT COMMITTEE ON INTELLIGENCE
UNITED STATES SENATE
COVERING THE PERIOD
JANUARY 3, 2013
to
JANUARY 5, 2015
March 31, 2015.--Ordered to be printed
Filed under authority of the order of the Senate of March 27
(legislative day, March 26) 2015
SELECT COMMITTEE ON INTELLIGENCE
[Excerpts on Snowden]
During the 113th Congress, the Committee routinely inquired
into the IC's efforts to implement new information security
measures aimed at mitigating the damaging revelations by former
NSA contractor Edward Snowden.
...
Following the unprecedented leaks of classified
information, primarily of information relating to the NSA, by
former NSA contractor Edward Snowden, key aspects of many of
these collection activities have been declassified by the DNI.
This prompted a series of Committee hearings and discussions
over ways to add additional privacy protections and
transparency measures to FISA operations, while preserving the
operational effectiveness and flexibility of the programs.
On October 31, 2013, the Committee reported the FISA
Improvements Act of 2013 (S. 1631) and accompanying report (S.
Rpt. 113-119). The bill included a series of measures that
would have made improvements to FISA as well as other laws
relating to intelligence activities carried out by the
Executive Branch. The bill contained a number of legislative
provisions, including:
Measures to codify established privacy
protections for the bulk telephone metadata program
that have been provided under Foreign Intelligence
Surveillance Court-approved minimization procedures or
Executive Branch policy and measures to enhance those
privacy protections, where appropriate, by placing
additional statutory limits on the telephone metadata
program that do not reduce its operational
effectiveness;
Measures to increase transparency--to the
public and to the Congress--concerning the bulk
telephone metadata program, as well as other aspects of
FISA, where it is possible to do so without
compromising the efficacy of intelligence activities
undertaken pursuant to FISA;
Provisions that require Senate confirmation
for the director and inspector general of the NSA;
Authority for the Foreign Intelligence
Surveillance Court and the Foreign Intelligence
Surveillance Court of Review to appoint amicus curiae
to assist the Court in the consideration of
applications that, in the opinion of the Court, present
a novel or significant interpretation of the law;
Authority for the government to continue
collection for a 72-hour transitional period, when the
collection is directed against a non-U.S. person target
who travels into the United States while the target is
the subject of collection that was lawfully initiated
while the target was abroad; and
Restrictions on the government's authority
to perform queries of communications acquired pursuant
to Section 702 of FISA that use a U.S. person's
selector only if the purpose of the query is to obtain
foreign intelligence information or information
necessary to understand foreign intelligence
information or to assess its importance.
This legislation was not considered by the Senate in the
114th Congress. A related measure, the USA FREEDOM Act, offered
by Senator Leahy, was considered by the Senate but did not
receive sufficient votes to invoke cloture.
...
C. Intelligence Community Issues
1. ODNI Response to Insider Threats
The Committee continued its oversight of the ODNI's
response to unauthorized disclosures of classified information.
The unauthorized disclosures to the media, and potentially to
foreign adversaries, by Edward Snowden, a contractor working at
the NSA, highlight the threat posed by insiders entrusted with
access to IC facilities and networks. Mr. Snowden's decision to
disclose classified and sensitive information to the media will
have ramifications for our national security for years to come.
Initiatives have been underway for years to deal with such
contingencies, most recently the President's National Insider
Threat Policy, signed in November 2012. However, the Committee
is concerned that this policy has not been fully implemented
across the IC. Prior to Mr. Snowden's unauthorized disclosures,
the Committee met with the newly created National Insider
Threat Task Force to review its role in establishing
government-wide minimum standards for deterring, detecting, and
mitigating insider threats. Some examples of minimum standards
issued by the Task Force include workforce threat awareness
training and procedures for responding to insider threat
concerns. The Committee remains concerned that many government
agencies are in need of substantial improvements to ensure the
security of sensitive information.
Following the initial disclosures by Mr. Snowden in June
2013, the Committee met with DNI Clapper to underscore the need
for the Executive Branch to fully investigate the intelligence
leaks, to review initiatives to reform the background
investigation process, and to explore new approaches for
deterring and detecting potentially damaging insider threats.
As part of its review of the unauthorized disclosures, the
Committee also met with the National Counterintelligence
Executive (NCIX), Frank Montoya Jr., and his successor Bill
Evanina, to assess the extent of the damage to national
security. As part of the ODNI, the Office of the NCIX is also
responsible for government-wide standards on security clearance
practices, and the Committee staff met with the NCIX on
numerous occasions to discuss the DNI's strategy for security
clearance reform.
Additionally, in an effort to modernize the security
clearance background investigation process, the Committee
undertook a review of continuous evaluation and automated
record check programs, both within the U.S. Government and the
private sector. As part of this effort, the Committee met with
numerous private sector entities from various sectors to
collect best practices related to hiring, background
investigations, insider threat monitoring, ethics, and employee
privacy.
The Committee supports substantially enhancing and
expediting efforts to deter the insider threat and believes
doing so will require an integrated counterintelligence and
security apparatus that spans the IC and the U.S. Government.
Additionally, the Committee believes the IC's information
technology modernization effort--the IC Information Technology
Enterprise--must provide the infrastructure to detect insider
threats earlier, more effectively, and more reliably. (See page
24 for more information on the IC Information Technology
Enterprise, otherwise known as ``IC ITE.'') Robust
counterintelligence data and analytic tools to monitor,
analyze, and audit personnel behavior will be critical to this
endeavor. In the Intelligence Authorization Act for Fiscal Year
2014 and associated classified annex, the Committee recommended
additional resources to help assure the IC meets this and other
counterintelligence and security goals as soon as possible.
|
