How “Unmasking” Fits into the Broader Framework of Intelligence Community Reporting

Published On April 24, 2017 | By Carrie Cordero | Privacy

Since the Chairman of the House Permanent Select Committee on Intelligence went public last month with allegations that the intelligence community had improperly incidentally collected and “unmasked” Trump campaign associates in foreign intelligence surveillance reports, the concept of unmasking has generated significant interest. This post, which follows up on my Twitter thread on the issue, provides some additional context on the who, what, where and why of unmasking.

The unmasking process is a privacy-protective feature applied by U.S. Intelligence Community elements or agencies when handling foreign intelligence information collected via surveillance or similar acquisitions. (For ease of reference, this post will refer to surveillance.) Allegations regarding improper unmasking are serious, because they concern whether or not internal intelligence community element behavior, compliance, and oversight are working effectively. Intelligence community surveillance activities are conducted in a classified setting, with congressional oversight also conducted behind closed doors. Although the Intelligence Community has taken additional steps in recent years to improve transparency (sometimes independently but often prompted by unauthorized disclosures), congressional and public confidence relies heavily on the notion that internal procedures and processes are both meaningful and effective.

Unmasking is a term of art that, generally, refers to removing a placeholder identifier (e.g., “U.S. Person #1”) and replacing it with an actual name of a person. Unmasking procedures are not law; they are internal procedures that vary by intelligence community element. These procedures are a component of general minimization procedures. Minimization procedures are applied in a variety of surveillance contexts, including: wiretaps conducted under federal or state criminal legal authorities; surveillance conducted pursuant to the Foreign Intelligence Surveillance Act (FISA); and surveillance conducted pursuant to Executive Order 12333. Generally, in the foreign intelligence context, minimization procedures must be reasonably designed to minimize the acquisition, retention, and dissemination of non-publicly available information concerning U.S. persons. Depending on the legal authority under which the surveillance takes place, minimization procedures may or may not be included in a court order. Historically, minimization procedures as defined in law in the national security context have been designed to protect U.S. person information. However, Presidential Policy Directive (PPD)-28, issued by President Obama in January 2014, extended certain privacy protections to all persons affected by signals intelligence activities, regardless of nationality. That policy directive remains in effect.

Applying minimization procedures – and the specific aspect of “masking” a particular name or identity – is but one part of a broader process in the intelligence reporting cycle designed to ensure that only information appropriately deemed foreign intelligence information is disseminated within the Intelligence Community, to policymakers, or, more broadly (with international intelligence service partners, for example). Whether or not a U.S. person is referenced in an intelligence report in a masked, or unmasked format, there has already been a determination by an intelligence professional that the information contained in the report is foreign intelligence information. Foreign intelligence information is defined slightly differently depending on whether the surveillance takes place under FISA or Executive Order 12333. Under either definition, however, foreign intelligence information is, very broadly, information that pertains to national security or foreign affairs. Given the recent attention to the unmasking process, it seems likely that further congressional and public scrutiny will be given to the training, implementation, compliance, and oversight process involved in the intelligence reporting cycle, including determinations of what constitutes foreign intelligence information, and the application of minimization procedures.

 

About The Author

Carrie Cordero’s practice focuses on national security law, homeland security law, and related surveillance, privacy, cybersecurity, insider threat and data protection issues. Her practice also includes advising companies on insider threat program development. A recognized voice on national security legal and policy issues, Carrie was previously Director of National Security Studies at Georgetown Law, and served as Counsel to the Assistant Attorney General for National Security; Senior Associate General Counsel at the Office of the Director of National Intelligence; Attorney Advisor in the Department of Justice, where she practiced before the Foreign Intelligence Surveillance Court; and Special Assistant United States Attorney.

Comments