Fact Sheet: Executive Order 12333
February 27, 2014
Issue: Does Executive Order 12333 authorize the Intelligence Community (IC) to monitor Americans communication with persons abroad?
Background: E.O. 12333 governs the conduct of American intelligence activities. E.O. 12333 is the primary document governing activities not covered under FISA, and “specifies the circumstances in which the nation’s intelligence agencies can engage in foreign intelligence surveillance outside the United States.” The order lays out principles and priorities for intelligence collection. E.O. 12333 has been amended three times since 1981.
Controversy: E.O. 12333 guides the overseas collection of cell phone location data, email address books and contact lists. Some of the collection has, for largely technical reasons, included data on U.S. persons, leading to concerns about the collection programs. According to leaked documents, there have been far more data “compliance violations” in E.O. 12333 authorized programs than in the collection programs under USA PATRIOT Act Section 215 and FISA Section 702.
Assessment: Fears of domestic surveillance under E.O. 12333 are misplaced. E.O. 12333 authorizes foreign intelligence collection. E.O. 12333 requires that U.S. person information may be collected, retained, and disseminated “only in accordance with procedures approved by the Attorney General,” in consultation with the Director of National Intelligence. A U.S. person’s information can only be collected if it is permitted under an agency’s Attorney General guidelines and if the information fits within one of the categories enumerated under E.O. 12333. The categories include: information collected during the course of a lawful foreign intelligence, counterintelligence, international counternarcotics, or international counterterrorism investigation; information necessary to preserve the safety of persons or organizations; information necessary to protect intelligence sources and methods; and information incidentally collected that indicate involvement in activities that violate federal law.
Protections for U.S. persons do not solely originate with E.O. 12333. The Privacy Act provides a statutory framework for the protection of personal information that is held by a government agency and is retrievable by name or a unique identifier (like a social security number); and the Electronic Communications Privacy Act, which provides protections for email, telephone conversations, electronic data, whether stored or in transit.
Scott F. Mann is a research associate with the Strategic Technologies Program at the Center for Strategic and International Studies (CSIS) in Washington, D.C.
Commentary is produced by the Center for Strategic and International Studies (CSIS), a private, tax-exempt institution focusing on international public policy issues. Its research is nonpartisan and nonproprietary. CSIS does not take specific policy positions. Accordingly, all views, positions, and conclusions expressed in this publication should be understood to be solely those of the author(s).
© 2014 by the Center for Strategic and International Studies. All rights reserved.