SIGNALS

INTELLIGENCE
REFORM

OVERVIEW
SEEKING INDEPENDENT ADVICE
STRENGTHENING PRIVACY & CIVIL LIBERTIES
LIMITING SIGINT COLLECTION & USE
ENHANCING TRANSPARENCY

2015
ANNIVERSARY
REPORT

PROTECTING WHISTLEBLOWERS
MOVING FORWARD
FACTSHEET

OVERVIEW
Over the course of the past eighteen months, the United States has undertaken a comprehensive effort to
examine and enhance the privacy and civil liberty protections we embed in our signals intelligence
(SIGINT) collection activities.

As part of this process, we have sought - and benefited from - a broad cross section of views, ideas,
and recommendations from oversight bodies, advocacy organizations, private companies, and the general
public. This effort has resulted in strengthened privacy and civil liberty protections; new limits on signals
intelligence collection and use; and increased transparency.

On January 17, 2014, President Obama signed Presidential Policy Directive-28, Signals Intelligence
Activities (PPD-28) and delivered an address at the Department of Justice on the steps we are taking to
reform certain intelligence activities. As we mark the one-year anniversary of these events, it is a good
time to report on the status of a range of ongoing reform efforts.

SEEKING INDEPENDENT ADVICE

STRENGTHENING PRIVACY & CIVIL LIBERTIES PROTECTIONS
LIMITING SIGINT COLLECTION AND USE
ENHANCING TRANSPARENCY
PROTECTING WHISTLEBLOWERS
MOVING FORWARD

As this report shows, the Intelligence Community has made significant progress implementing many
reforms. However, our work is not done. To that end, the Office of the Director of National Intelligence will
issue another public report in 2016 about the Intelligence Community's on-going progress to implement
these reforms.

SIGNALS
INTELLIGENCE
REFORM

OVERVIEW
SEEKING INDEPENDENT ADVICE
STRENGTHENING PRIVACY & CIVIL LIBERTIES
LIMITING SIGINT COLLECTION & USE
ENHANCING TRANSPARENCY

2015
ANNIVERSARY
REPORT

PROTECTING WHISTLEBLOWERS
MOVING FORWARD
FACTSHEET

SEEKING INDEPENDENT ADVICE

There has been robust discussion, both here and abroad, about how the Intelligence Community protects
privacy and civil liberties and how it can continue to ensure strong privacy protections while continuing to
protect the nation and its partners as technology continues to advance.

This discussion has included outreach to, among others, Congress, the Privacy and Civil Liberties
Oversight Board, civil liberties and privacy advocates, the private sector, foreign partners, and the general
public. It has benefited from several in-depth studies and reviews, resulting in publicly available reports
and recommendations.

The Intelligence Community provided the review groups with unprecedented access to people, classified
documents, and other sensitive Intelligence Community information to support their efforts. In addition,
many of these reviews held open hearings and solicited input from the public. These in-depth reviews
included:

The President's Review Group on Intelligence and Communications Technology conducted a

comprehensive review of Intelligence Community activities. Its December 2013 report, Liberty and
Security in a Changing World, is publicly available and includes 46 recommendations for "the creation
of sturdy foundations for the future, safeguarding ... liberty and security in a rapidly changing world."
Most of these recommendations have been or are in the process of being implemented.
The Privacy and Civil Liberties Oversight Board studied and reported on the use of Section 215 of
the PATRIOT Act to obtain bulk telephony metadata. Its January 2014 report, Report on the Telephone
Records Program Conducted Under Section 215 of the USA PATRIOT ACT and on the Operations of
the Foreign Intelligence Surveillance Court, is publicly available and includes 12 recommendations.
The Intelligence Community is working to address the majority of these recommendations.
The Privacy and Civil Liberties Oversight Board also completed a review of the use of Section 702
of the Foreign Intelligence Surveillance Act. The Board's July 2014 report, Report on the Surveillance
Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, is publicly
available and includes ten recommendations to "strike a better balance between privacy, civil rights,
and national security." The Intelligence Community has agreed to address all these recommendations.
The Director of National Intelligence requested the National Academies of Sciences to assess, as
directed by the President, the technical feasibility of creating software-based alternatives that would
allow the Intelligence Community to avoid the need for bulk collection. The January 2015 report, Bulk
Collection of Signals Intelligence: Technical Options, is publicly available and concludes that there is no
software-based alternatives that will provide a complete substitute for bulk collection in the detection of
some national security threats, but the report suggested other steps to reduce privacy and civil liberties
risk and improve oversight of bulk collection activities. We are currently reviewing how to address
these important findings.
Congress held multiple public hearings both on the scope of our collection activities under the Foreign
Intelligence Surveillance Act and on proposed legislation to provide further privacy and civil liberty
enhancements.

The Intelligence Community values the insights provided by these reviews. As discussed throughout this
report, the Intelligence Community has implemented many of these recommendations and continues to
identify additional opportunities to go beyond the recommendations in these reports.

In short, the Intelligence Community has, and will continue to, carefully examine our activities to protect the
privacy interest of all persons, regardless of nationality, while defending the nation and our partners and
allies.

SIGNALS
INTELLIGENCE
REFORM

OVERVIEW
SEEKING INDEPENDENT ADVICE
STRENGTHENING PRIVACY & CIVIL LIBERTIES
LIMITING SIGINT COLLECTION & USE
ENHANCING TRANSPARENCY

2015
ANNIVERSARY
REPORT

PROTECTING WHISTLEBLOWERS
MOVING FORWARD
FACTSHEET

STRENGTHENING PRIVACY & CIVIL LIBERTIES PROTECTIONS

As the President said in his speech on January 17, 2014, Uthe challenges posed by threats like terrorism
and proliferation and cyber-attacks are not going away any time soon .. . and for our intelligence
community to be effective over the long haul, we must maintain the trust of the American people, and
people around the world." As a part of that effort, the President made clear that "our signals intelligence
activities must take into account that all persons should be treated with dignity and respect, regardless of
their nationality or wherever they might reside ...."

This commitment is reflected in the direction the President issued that same day in Section 4 of
Presidential Policy Directive-28, Signals Intelligence Activities (PPD-28), requiring all elements of the
Intelligence Community to establish policy and procedures for safeguarding personal information collected
from signals intelligence (SIGINT) activities. In addition, we are also seeking to provide new legislative
remedies for potential privacy violations.

INTELLIGENCE COMMUNITY'S IMPLEMENTATION OF SECTION 4 OF PPD-28

JUDICIAL REDRESS OF CITIZENS OF CERTAIN COUNTRIES

In addition, in response to the President's direction and to the recommendations from both the President's
Review Group on Intelligence and Communications Technology and the Privacy and Civil Liberties
Oversight Board, the Intelligence Community is strengthening privacy protections in our collection activities
under Section 702 of Foreign Jntelligence Surveillance Act and the Section 215 bulk telephony metadata
program. Moreover, as directed by the President, the FBI will amend its non-disclosure policy for National
Security Letters.

NEW PRIVACY PROTECTIONS FOR INFORMATION COLLECTED UNDER SECTION 215

NEW PRIVACY PROTECTIONS FOR INFORMATION COLLECTED UNDER SECTION 702
NATIONAL SECURITY LETTERS

INTELLIGENCE COMMUNITY'S IMPLEMENTATION OF SECTION 4 OF

PRESIDENTIAL POLICY DIRECTIVE I PPD-28, SIGNALS INTELLIGENCE
ACTIVITIES
On January 17, 2014, the President issued Presidential Policy Directive-28, Signals Intelligence Activities
(PPD-28), which "articulates principles to guide why, whether, when, and how the United States conducts
signals intelligence activities for authorized foreign intelligence and counterintelligence purposes."

In a speech that same day, the President made clear that the United States is committed to protecting the
personal information of all people regardless of nationality and directed the Intelligence Community to take
a number of steps to strengthen the privacy and civil liberty protections afforded to all people.

PPD-28 reinforces current practices, establishes new principles, and strengthens oversight, to ensure that
in conducting signals intelligence (SIGINT) activities, the United States takes into account not only the
security needs of our nation and our allies, but also the privacy of people around the world.

Section 4 of PPD-28 calls on each Intelligence Community element to update existing or issue new
policies and procedures to implement principles for safeguarding all personal information collected through
SIGINT, consistent with technical capabilities and operational needs.

Over the past year, the Intelligence Community has been working to implement this requirement within the
framework of existing processes, resources, and capabilities, while ensuring that mission needs continue
to be met.

In July 2014, the Director of National Intelligence provided the President an interim report on the status of
our efforts that also evaluated, in coordination with the Department of Justice and the rest of the
Intelligence Community, certain additional retention and dissemination safeguards that all Intelligence
Community elements should follow as they adopt policies and procedures under PPD-28.

The Director of National Intelligence is pleased to report that, as required by PPD-28, all Intelligence
Community elements have reviewed and updated their existing policies and procedures, or have issued
new policies or procedures, to provide safeguards for personal information collected through SIGINT,
regardless of nationality and consistent with national security, our technical capabilities, and operational
needs.

Although similar in many respects, agency procedures are not identical. The differences reflect that not all
agencies conduct SIGINT collection and that agencies have different mission requirements. Links to
agency policies and procedures can be found below.

U.S. Intelligence Community Policies & Procedures to Safeguard Personal

Information Collected Through SIGINT
Office of the Director of National Intelligence
Central Intelligence Agency
National Security Agency
National Reconnaissance Office
Federal Bureau of Investigation
Department of Homeland Security
Drug Enforcement Administration
State Department
Treasury Department
Department of Energy
U.S. Coast Guard
Other IC Elements in the Department of Defense

What has PPD-28 changed?

The agency policies and procedures implementing Section 4 of PPD-28 include significant changes that
strengthen privacy and civil liberty protections for all people. It is worthwhile to highlight a few of the most
significant changes:

Limits on retention: We have imposed new limitations on the retention of personal information about
non-U.S. persons. Before PPD-28, Intelligence Community elements had disparate restrictions on how
long information about non-U.S. persons could be retained. PPD-28 changes these retention practices
in significant ways to afford strengthen privacy protections. Now Intelligence Community elements
must delete non-U.S. person information collected through SIGINT five years after collection unless the
information has been determined to be relevant to, among other things, an authorized foreign
intelligence requirement, or if the Director of National Intelligence determines, after considering the
views of the Office of the Director of National Intelligence Civil Liberties Protection Officer and agency
privacy and civil liberties officials, that continued retention is in the interest of national security. This
new retention requirement is similar to the requirements applicable to information about U.S. persons.
Thus these new retention rules will more uniformly limit the retention of any personal information by the
Intelligence Community.

Dissemination Restrictions: Intelligence Community elements have always disseminated intelligence

information because it is relevant to foreign intelligence requirements. All agency policies implementing
PPD-28 now explicitly require that information about a person may not be disseminated solely because
he or she is a non-U.S. person and the Office of the Director of National Intelligence has issued a
revised directive to all Intelligence Community elements to reflect this requirement. Intelligence
Community personnel are now specifically required to consider the privacy interests of non-U.S.
persons when drafting and disseminating intelligence reports.

Oversight, Training & Compliance Requirements: Intelligence Community elements have always
had strong training, oversight, and compliance programs to ensure we were protecting the privacy and
civil liberties of U.S. persons. In response to PPD-28, Intelligence Community elements have added
new training, oversight, and compliance requirements. They are developing mandatory training
programs to ensure that intelligence officers know and understand their responsibility to protect the
personal information of all people, regardless of nationality. We are also adding new oversight and
compliance programs to ensure that these new rules are being followed properly. The oversight
program includes a new requirement to report any significant compliance incident involving personal
information, regardless of the person's nationality, to the Director of National Intelligence.

JUDICIAL REDRESS FOR CITIZENS OF CERTAIN COUNTRIES

In furtherance of its commitment to protecting privacy in the law enforcement context, the Administration is
working with Members of Congress on legislation to give citizens of designated countries the right to seek
judicial redress for intentional or willful disclosures of protected information, and for refusal to grant access
or to rectify any errors in that information.

NEW PRIVACY PROTECTIONS FOR BULK TELEPHONY METADATA

COLLECTED UNDER SECTION 215
Section 215 of the USA PATRIOT Act authorizes the Government to make requests to the Foreign
Intelligence Surveillance Court (FISC) for orders requiring production of documents or other tangible things
(books, records, papers, documents, and other items) when they are relevant to an authorized national
security investigation such as an investigation to protect against international terrorism or clandestine
intelligence activities. The vast majority of orders issued under Section 215 do not seek information
collected in bulk; rather, these orders require the production of a discrete and limited amount of
information.

This authority is also used to require certain telephone communications providers to produce in bulk
telephony metadata, such as telephone numbers dialed and length of calls. This program was developed
to fill an important intelligence gap identified by the report on the 9/11 attacks by allowing the Government
to detect communications between terrorists who are operating outside the U.S. and potential operatives
inside the U.S. This program does not permit the government to obtain or listen to the content of anyone's
telephone calls. Nor is the Government allowed to sift indiscriminately through the telephony metadata
obtained under this program. Rather, since its inception, this program has been subject to strict controls
and oversight, including:

Requiring the metadata to be stored in secure databases accessible to only a limited number of trained
analysts.
Limiting the access to, and use of, the metadata only for counterterrorism purposes.
Prohibiting querying the databases unless there is a reasonable, articulable suspicion that a particular
target identifier (the "seed" number) is associated with particular foreign terrorist organizations.
Limiting the access to and use of this metadata only for identifying the telephone identifiers that are in
contact, directly or indirectly, with the seed number.
Destroying the information after five years.

New Protections for the Current Program

In response to the President's direction in January 2014, this program was modified by incorporating into
the FISC orders authorizing the bulk collection two forms of enhanced privacy protection:
Previously, the basis for the reasonable, articulable suspicion finding had to be documented in writing
and approved by specifically authorized NSA officials. The Department of Justice conducted routine
oversight of these decisions to ensure the standard was met. Today, except in emergency
circumstances, reasonable, articulable suspicion findings must also be approved in advance by the
FISC. Thus, except in emergency circumstances, only court-approved identifiers may be used to query
the database.
Previously, NSA was permitted to query the information out to three "hops," or links. Today, queries are
limited to two hops. This means NSA is permitted to develop contact chains by starting with a target
identifier (seed number) and, using telephony metadata records, see what identifiers communicated
with that target (first hop) and which identifiers, in tum, communicated with the first-hop identifiers
(second hop). The limitation to two hops reduces the number of potential results from each query.

In June 2014, the Office of the Director of National Intelligence released its first annual statistical
transparency report on the use of national security authorities covering the year 2013. Later this year, the
Director of National Intelligence will issue its second report covering the use of national security authorities
in 2014. In advance of that report, it is appropriate to note that in 2014 there were 161 target identifiers
approved by the FISC to be queried under NSA's bulk telephony metadata program.

New Protections to be Established by Legislation

In his January 17, 2014 speech, the President directed the Department of Justice and the Intelligence
Community to develop options for a new approach that would match the capabilities and fill the gaps that
Section 215 was designed to address without the government holding the metadata itself. The Department
of Justice and the Intelligence Community explored a number of options, including having the metadata
held by a third party or leaving the metadata at the provider.

Based on recommendations from the Department of Justice and the Intelligence Community, the President
proposed that the government end bulk collection of telephony metadata under Section 215 of the USA
PATRIOT Act, while ensuring that the government has access to the information it needs to meet its
national security requirements. The Intelligence Community and the Department of Justice have since
been working closely with Congress to develop legislation that would implement the President's proposal
by leaving the metadata at the provider.

To that end, the Administration supported the USA FREEDOM Act, which, if enacted, would have
prohibited bulk collection using (i) Section 215, (ii) the Pen Registers and Trap and Trace provisions of the
Foreign Intelligence Surveillance Act, and (iii) National Security Letters while maintaining critical authorities
to conduct more targeted collection.

The Attorney General and the Director of National Intelligence stated that, based on communications
providers' existing data retention practices, the bill would retain the essential operational capabilities of the
existing bulk telephone metadata program while eliminating bulk collection by the government under these
legal authorities. The bill would also expressly authorize an independent voice in significant cases before
the FISC.

The Administration was disappointed that the 113th Congress ended without enacting this legislation. This
legislation not only satisfies the President's requirements, but also responds to the recommendations from
the Privacy and Civil Liberties Oversight Board and the President's Review Group on Intelligence and
Communications Technology to end the bulk collection of telephony metadata records under Section 215
of USA PATRIOT Act as it currently exists.

The Intelligence Community encourages Congress to quickly take up and pass legislation that would allow
the government to end bulk collection of telephony metadata records under Section 215, while ensuring
that the government has access to the information it needs to meet its national security requirements.

NEW PRIVACY PROTECTIONS FOR INFORMATION COLLECTED

UNDER SECTION 702
Section 702 of the Foreign Intelligence Surveillance Act (FISA), which was added by the FISA
Amendments Act of 2008, authorizes the acquisition of foreign intelligence information concerning
non-U.S. persons reasonably believed to be located outside the United States.

Under Section 702, the government cannot target anyone for collection unless it has a significant purpose
to acquire foreign intelligence information, the foreign target is reasonably believed to be outside the
United States, and the Government abides by FISC-approved targeting and minimization procedures.

Section 702 cannot be used to intentionally target any U.S. citizen or any other U.S. person, to
intentionally target any person known to be in the United States, or to target a person outside the United
States if the purpose is to target a person inside the United States.

Collection under Section 702 does not require individual judicial orders authorizing collection against each
target. Instead, Section 702 requires that the FISC approve procedures to (i) ensure that only non-U.S.
persons reasonably believed to be outside the U.S. are targeted, and (ii) minimize the acquisition,
retention, and dissemination of incidentally acquired information about U.S. persons.

Activities authorized by Section 702 are subject to oversight by the Judicial Branch through the Foreign
Intelligence Surveillance Court, by the Executive Branch through the Department of Justice and the Office
of the Director of National Intelligence, and by the Legislative Branch through the Intelligence and Judiciary
Committees of Congress. Directives requiring the production of information to the Government can be
challenged in the FISC by the recipients.

In his January 17, 2014 address, the President asked the Department of Justice and the Intelligence
Community to institute reforms with respect to the government's ability to retain, search, and use in
criminal cases communications between Americans and foreign citizens incidentally collected under
Section 702.

Subsequently, in July 2014, the Privacy and Civil Liberties Oversight Board issued a report on Section 702,
concluding that the Section 702 program is lawful and valuable, and that "at its core, the program is sound"
and making ten recommendations to help the program "strike a better balance between privacy, civil rights,
and national security."

As noted above, in response to the President's direction and recommendations from the Privacy and Civil
Liberties Oversight Board, the Attorney General and Director of National Intelligence are placing additional
restrictions on the government's ability to retain, query, and use in evidence in criminal proceedings
communications between Americans and foreign citizens incidentally collected under Section 702.

First, FBI, CIA, and NSA each are instituting new requirements for using a U.S. person identifier to
query information acquired under Section 702. As recommended by the Privacy and Civil Liberties
Oversight Board, NSA's minimization procedures will require a written statement of facts showing that a
query is reasonably likely to return foreign intelligence information. CIA's minimization procedures will
be similarly amended to require a statement of facts for queries of content. In addition, FBl's
minimization procedures will be updated to more clearly reflect the FBl's standard for conducting U.S.
person queries and to require additional supervisory approval to access query results in certain
circumstances.

Second, the new policy re-affirms requirements that the government must delete communications to,
from, or about U.S. persons acquired under Section 702 that have been determined to lack foreign
intelligence value. In addition, the policy requires the Department of Justice and the Office of the
Director of National Intelligence to conduct oversight over these retention decisions. This change will
help ensure that the Intelligence Community preserves only that information that might help advance
its national security mission.

Third, consistent with the recommendation of the Privacy and Civil Liberties Oversight Board,
information acquired under Section 702 about a U.S. person will not be introduced as evidence against
that person in any criminal proceeding except (1) with the approval of the Attorney General, and (2) in
criminal cases with national security implications or certain other serious crimes. This change will
ensure that, if the Department of Justice decides to use information acquired under Section 702 about
a U.S. person in a criminal case, it will do so only for national security purposes or in prosecuting the
most serious crimes.

The Intelligence Community has also agreed to address the Privacy and Civil Liberties Oversight Board's
other recommendations, including:

Revising targeting procedures to require additional documentation of the foreign intelligence value of
each target;
Making available to the FISC additional information to help the Court evaluate the annual certifications
in support of collection under Section 702;
Initiating studies to ensure that the Intelligence Community is using the best filtering technology and
techniques to prevent inadvertent collection;
Publicly releasing the minimization procedures of the CIA, NSA, and the FBI ;
Evaluating whether NSA can track and publicly release additional statistics on its collection and use of
information obtained pursuant to Section 702;
Supporting the Privacy and Civil Liberties Oversight Board's ongoing effort examine efforts across the
Intelligence Community to assess the efficacy and relative value of counterterrorism programs.

NATIONAL SECURITY LETTERS

A National Security Letter is an investigative tool, similar to a subpoena, which is used by the FBI in a
national security-related investigation to obtain limited types of information from companies, such as
telephone records and subscriber information.

When the FBI issues a National Security Letter, by law a senior official, such as the Special Agent in
Charge of a field office, may require that the recipient company not disclose the existence of the letter, if
one or more statutory standards are met - that is, when disclosure may (i) endanger the national security
of the United States, (ii) interfere with a criminal, counterterrorism or counterintelligence investigation, (iii)
interfere with diplomatic relations, or (iv) endanger the life or physical safety of any person.

In his January 17, 2014 remarks, the President directed the Attorney General "to amend how we use
National Security Letters so that (their] secrecy will not be indefinite, and will terminate within a fixed time
unless the government demonstrates a real need for further secrecy."

In response to the President's new direction, the FBI will now presumptively terminate National Security
Letter nondisclosure orders at the earlier of three years after the opening of a fully predicated investigation
or the investigation's close.

Continued nondisclosures orders beyond this period are permitted only if a Special Agent in Charge or a
Deputy Assistant Director determines that the statutory standards for nondisclosure continue to be
satisfied and that the case agent has justified, in writing, why continued nondisclosure is appropriate.

SIGNALS
INTELLIGENCE
REFORM

OVERVIEW
SEEKING INDEPENDENT ADVICE
STRENGTHENING PRIVACY & CIVIL LIBERTIES
LIMITING SIGINT COLLECTION & USE
ENHANCING TRANSPARENCY

2015
ANNIVERSARY
REPORT

PROTECTING WHISTLEBLOWERS
MOVING FORWARD
FACTSHEET

LIMITING SIGINT COLLECTION AND USE

Principles of Collection
Section 1 of PPD-28 reinforces four long-standing principles for the collection of signals intelligence:

1. The collection of SIGINT shall be authorized by statute or Executive Order, proclamation, or other
Presidential directive, and undertaken in accordance with the Constitution and applicable statutes,
Executive Orders, proclamations, and Presidential directives.
2. Privacy and civil liberties shall be integral considerations in the planning of U.S. SIGINT activities. The
United States shall not collect SIGINT for the purposes of suppressing or burdening criticism or
dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or
religion. SIGINT shall be collected exclusively where there is a foreign intelligence or
counterintelligence purpose to support national and departmental missions and not for any other
purpose.
3. The collection of foreign private commercial information or trade secrets is authorized only to protect
the national security of the United States or its partners and allies. It is not an authorized foreign
intelligence or counterintelligence purpose to collect such information to afford a competitive
advantage to U.S. companies and U.S. business sectors commercially.
4. SIGINT activities shall be as tailored as feasible. In determining whether to collect SIGINT, the United
States shall consider the availability of other information, including from diplomatic and public sources.
Such appropriate and feasible alternatives to SIGINT should be prioritized.

These principles are based on the understanding that, while the collection of SIGINT is necessary to
protect national security, to advance foreign policy interests, and to protect U.S. citizens and interests, as
well as the citizens of its allies and partners, from harm, it carries multiple risks to our relationships with
other nations; our commercial, economic, and financial interests; the credibility of our commitment to an
open, interoperable, and secure global internet; and the protection of intelligence sources and methods.
Accordingly, these principles, which reflect our commitment to privacy and civil liberties, are incorporated
in the PPD-28 procedures of each Intelligence Community element that collects SIGINT.

In addition to including these four principles in their procedures, Intelligence Community elements are
taking steps to ensure that privacy and civil liberties are integral considerations in the planning of U.S.
SIGINT activities. For example, NSA has established a dedicated Civil Liberty and Privacy Officer and CIA
has expanded its Privacy and Civil Liberties office. And in response to PPD-28, these offices are working
to ensure that privacy and civil liberties are integral considerations in the planning of SIGINT activities. For
example, NSA is developing a privacy and civil liberties assessment process to analyze what data it
collects and how it uses the data to better understand the privacy and civil liberties risks associated with a
new and novel collection activity.

Refined Process on SIGINT Targeting

As the President indicated on January 17, 2014, SIGINT collection raises special concerns given rapidly
evolving changes in technology and the unique nature of the collection itself. Consequently, PPD-28
directed changes to the process for selecting the targets of SIGINT collection to ensure that these
concerns are considered alongside other risks and benefits.

To do this, the Intelligence Community, in partnership with the National Security Council, has elevated the
process by which SIGINT requirements and priorities are identified, so that the heads of the relevant
departments and agencies can better evaluate SIGINT collection in light of its potential risks to national
interests and our law enforcement, intelligence, and diplomatic relationships abroad. The review process
of SIGINT collection covered almost seven dozen countries and organizations and resulted in restrictions
on the current SIGINT collection posture.

These restrictions are now part of the Director of National Intelligence's collection priorities guidance to the
Intelligence Community through the National Intelligence Priorities Framework. In addition, the Director of
National Intelligence has revised Intelligence Community Directive 204 to reflect the requirement for
greater policymaker oversight of the intelligence priorities process. Finally, the NSA has enhanced its
processes to ensure that targets are regularly reviewed, and those targets that are no longer providing
valuable intelligence information in support of these senior policy-maker approved priorities are removed.

New Limits on Use of SIGINT Collected in Bulk

As affirmed in PPD-28, the United States must collect some information in bulk in certain circumstances in
order to locate new and emerging threats vital to the national security. Section 2 of the PPD articulated
limits on the use of SIGINT collected in bulk. Before PPD-28, an Intelligence Community element could
use SIGINT collected in bulk for any authorized reason connected to that element's mission.

Today, Intelligence Community elements are only permitted to use SIGINT collected in bulk for six specific
purposes: (i) to counter espionage and other threats and activities of foreign powers or intelligence
services against the U.S. and its interests; (ii) counterterrorism; (iii) counter-proliferation; (iv)
cybersecurity; (v) to detect and counter threats to U.S. or allied armed forces or other U.S. or allied
personnel; and (vi) to combat transnational criminal threats, including illicit finance and sanctions evasion.

These specific limits require the Intelligence Community to carefully consider and confirm that all use of
SIGINT collected in bulk is for a permissible purpose.

SIGNALS
INTELLIGENCE
REFORM

OVERVIEW
SEEKING INDEPENDENT ADVICE
STRENGTHENING PRIVACY & CIVIL LIBERTIES
LIMITING SIGINT COLLECTION & USE
ENHANCING TRANSPARENCY

2015
ANNIVERSARY
REPORT

PROTECTING WHISTLEBLOWERS
MOVING FORWARD
FACTSHEET

ENHANCING TRANSPARENCY
Transparency has been a significant focus for the Intelligence Community. We have declassified and made
publicly available a substantial amount of information over the past 18 months, particularly regarding the
government's use of Foreign Intelligence Surveillance Act (FJSA) authorities. This effort has included:

Developing IC on the Record;

Releasing documents about the government's intelligence activities, including compliance and
oversight assessments;
Releasing opinions and orders from the Foreign Intelligence Surveillance Court;
Publishing the first annual Intelligence Community transparency report disclosing statistics on the
government's use of National Security Letters and Foreign Intelligence Surveillance Act authorities;
Declassifying aggregate FISA data so that communications providers can make public additional
information about FISA orders they receive;
Releasing unclassified reports on NSA's implementation of Section 702 of the Foreign Intelligence
Surveillance Act and its Civil Liberties and Privacy Protections for Targeted SIGINT Activities under
Executive Order 12333;
Establishing Principles of Intelligence Transparency for the Intelligence Community to solidify these
practices; and
Making numerous speeches and appearances by Intelligence Community leadership to explain our
activities to the public

Since the launch of IC on the Record on August 20, 2013, the Intelligence Community has posted more
than 250 declassified documents (comprising more than 4,500 pages) about Intelligence Community
activities. The majority of the declassified documents relate to NSA's bulk telephony metadata program
under Section 215 of the USA PATRIOT Act (Section 501 of FISA); Section 702 of FISA); and NSA's
now-discontinued bulk internet metadata collection program under Section 401 of FISA (i.e., the Pen
Register/Trap and Trace program).

Many of the documents posted about these programs relate to proceedings before the Foreign Intelligence
Surveillance Court, including applications by the government to authorize or reauthorize programs and
significant court opinions. Other documents that have been posted include NSA training slides for
personnel with access to bulk telephone metadata and U.S. District Court documents relating to legal
challenges to the bulk telephony metadata collection program.

The Intelligence Community has also released documents associated with the Foreign Intelligence
Surveillance Court of Review's opinion upholding the constitutionality of the now-discontinued surveillance
program under the Protect America Act and a number of documents about the activities conducted under
the previous Administration's Terrorist Surveillance Program.

In addition to releasing documents, the Intelligence Community has posted to IC on the Record other
information to give context to those documents. These include videos, audio recordings, and text
transcripts of public engagements and Congressional testimony by senior Intelligence Community officials;
fact sheets; and, recently, a live, online question-and-answer session between a senior Intelligence
Community official and members of the public.

The release of this information has facilitated public debate about Intelligence Community policies and
practices, and has established a precedent for transparency going forward. In particular, the Director of
National Intelligence has issued principles to guide our transparency efforts and has established a senior
working group to continue these transparency efforts and proactively identify new ones.

The Intelligence Community recognizes that continued public support for our activities to protect our nation
and our partners requires the public trust that can only be achieved with greater transparency.

SIGNALS
INTELLIGENCE
REFORM

OVERVIEW
SEEKING INDEPENDENT ADVICE
STRENGTHENING PRIVACY & CIVIL LIBERTIES
LIMITING SIGINT COLLECTION & USE
ENHANCING TRANSPARENCY

2015
ANNIVERSARY
REPORT

PROTECTING WHISTLEBLOWERS
MOVING FORWARD
FACTSHEET

PROTECTING WHISTLEBLOWERS
In parallel to our efforts to implement PPD-28, we have continued to work to ensure that Intelligence
Community employees have appropriate avenues to report, without fear of reprisal, allegations of
violations of law; waste, fraud or abuse; or a substantial and specific danger to public health or safety.

All U.S. Government employees, including employees in the Intelligence Community, have the right to safe
and effective methods of reporting concerns about wrongdoing without fear of retaliation. The Intelligence
Community handles classified information, the unauthorized disclosure of which is prohibited by law and
can cause grave harm to national security. Accordingly, there are special rules and processes, codified
decades ago in the laws of the United States, to afford Intelligence Community employees, including
contractors, safe channels to report concerns about wrongdoing while protecting national security.

In October 2012, the President issued Presidential Policy Directive -19, Protecting Whistleblowers with
Access to Classified Information. To implement PPD-19, in May 2014, the Director of National Intelligence
issued Intelligence Community Directive 120. In addition, Congress recently enacted whistleblower
provisions applicable to the Intelligence Community in Title VI of the Intelligence Authorization Act for
Fiscal Year 2014.

Together with existing laws and regulations, these policies afford substantial protections to Intelligence
Community employees. In general, Intelligence Community employees are permitted to report allegations
of violations of law; waste, fraud or abuse; or a substantial and specific danger to public health or safety, to
their supervisors (or others within their management chain), the head of their agency, Inspectors General,
and Members of Congress consistent with the Intelligence Community Whistleblower Protection Act.

Disclosures made through these specific channels are commonly known as "protected disclosures." Once
a protected disclosure is made, an Intelligence Community employee is protected from reprisal by law and
regulation. Moreover, the employee's supervisors are prohibited from taking an adverse employment
action (e.g., termination, failure to promote, demotion) or an adverse security clearance determination
based on the protected disclosure.

Intelligence Community contractors are also afforded protections against reprisals for making protected
disclosures; however, the protections necessarily apply differently to contractors because they are not
employees of the United States government.

If Intelligence Community employees believe that they were retaliated against based on a protected
disclosure, they can seek a review of the personnel action under agency internal review procedures, which
must include an independent review by their agency's Inspector General.

After exhausting remedies under the agency process, they may seek review of the personnel action by an
independent External Review Panel - a panel of three Inspectors General chaired by the Inspector
General of the Intelligence Community. If reprisal is found, the External Review Board may recommend
corrective actions.

SIGNALS
INTELLIGENCE
REFORM

OVERVIEW
SEEKING INDEPENDENT ADVICE
STRENGTHENING PRIVACY & CIVIL LIBERTIES
LIMITING SIGINT COLLECTION & USE
ENHANCING TRANSPARENCY

2015
ANNIVERSARY
REPORT

PROTECTING WHISTLEBLOWERS
MOVING FORWARD
FACTSHEET

MOVING FORWARD
As this report shows, the Intelligence Community has made significant progress implementing many
reforms in response to, among other things, the requirements in PPD-28 and the recommendations from
many independent review groups. As we continue to implement these and other reforms, we will also
carefully review progress to identify any additional protections that might be needed. Over the next year,
we expect to focus on:

Privacy Protections: Over the next year, the Intelligence Community elements will continue to
implement their PPD-28 policies and procedures. In addition, the Intelligence Community will continue to
work to update agency guidelines under Executive Order 12333 to protect the privacy and civil liberties of
U.S. persons.

Section 215 of the USA PATRIOT Act Capability: We will continue to work
with Congress to enact legislation preserving essential capabilities of the bulk telephony metadata
collection program without the need for the government to hold the data in bulk before Section 215 of the
USA PATRIOT Act sunsets in June 2015.

Transparency: We have established a senior working group to continue to identify ways the
Intelligence Community can increase transparency without harming national security. Expect to hear more
from us on this effort.

Annual Report: In January of 2016 we will provide our next annual report on our progress
implementing SIGINT reforms.

SIGNALS
INTELLIGENCE
REFORM

OVERVIEW
SEEKING INDEPENDENT ADVICE
STRENGTHENING PRIVACY & CIVIL LIBERTIES
LIMITING SIGINT COLLECTION & USE
ENHANCING TRANSPARENCY

2015
ANNIVERSARY
REPORT

PROTECTING WHISTLEBLOWERS
MOVING FORWARD
FACTSHEET

FACTSHEET
Over the past eighteen months, the United States has undertaken a comprehensive effort to examine and
enhance the privacy and civil liberty protections embedded in our signals intelligence (SIGINT) collection
activities.

As part of this process, we have sought - and benefited from - a broad cross section of views, ideas,
and recommendations from oversight bodies, advocacy organizations, private companies, and the general
public. This effort has resulted in strengthened privacy and civil liberty protections, new limits on the
collection and use of signals intelligence, and increased transparency.

On January 17, 2014, President Obama signed Presidential Policy Directive-28, Signals Intelligence
Activities (PPD-28) and delivered an address at the Department of Justice on the steps we are taking to
reform certain signals intelligence activities.

To mark the one-year anniversary of these events, we have prepared an online report to update the public
on our reform efforts, including the implementation of PPD-28 and other actions taken based upon
recommendations from several independent review groups. This report is posted on IC on the Record.

PPD-28 states, "our signals intelligence activities must take into account that all persons should be
treated with dignity and respect, regardless of their nationality or wherever they might reside." This
commitment reiterates long-standing SIGINT collection principles; limits Intelligence Community
elements' ability to use signals intelligence collected in bulk to six specific purposes; requires an
annual Cabinet-level review of SIGINT priorities and requirements in light of potential risks to national
security interests and relationships abroad; and requires each Intelligence Community element to
update or issue new policies and procedures that implement safeguards for all personal information
collected through SIGINT, regardless of nationality, consistent with technical capabilities and
operational needs.

All Intelligence Community elements have completed new policies or revisions to existing policies to
implement the requirements of PPD-28. You can read each agency's policies on IC on the Record. The
protections in these policies and procedures include new limits on the retention and dissemination of
personal information for persons of all nationalities, as well as additional oversight, training, and
compliance requirements.

In addition, the Intelligence Community, in partnership with the National Security Council, has elevated
the process by which SIGINT requirements and priorities are identified, so that the heads of the
relevant departments and agencies can better evaluate SIGINT collection in light of its potential risks to
national interests and our law enforcement, intelligence, and diplomatic relationships abroad. The
process of reviewing signals intelligence collection covered almost seven dozen countries and
organizations and resulted in restrictions on the current signals intelligence collection posture.

In his remarks on January 17, 2014, the President ordered a transition that would end Section 215 bulk
metadata program as it currently exists.

To begin this transition, the Intelligence Community in February 2014 began operating the
telephony metadata collection program under new constraints directed by the President to
provide enhanced privacy protections, including seeking advance approval from the Foreign
Intelligence Surveillance Court for each query term (except in an emergency) and limiting the
results of queries to two "hops" (or steps removed from a phone number associated with a
terrorist organization) instead of three, limiting the number of potential results from each query.

Then, based on recommendations from the Department of Justice and the Intelligence
Community, the President proposed that the government end the bulk collection of telephony
metadata records under Section 215 of USA PATRIOT Act, while ensuring that the government
has access to the information it needs to meet its national security requirements. The
Administration supported the USA FREEDOM Act as a means of enacting this proposal, and we
continue to call on Congress to reform Section 215 in a manner consistent with the President's
proposal.

In addition to the reforms announced in the President's January 17 address, the Privacy and Civil
Liberties Oversight Board (PCLOB) conducted a comprehensive review of the Intelligence
Community's activities under Section 215 and made 12 recommendations. The Intelligence Community
is working to address the majority of these recommendations.

 As noted above, PPD-28 imposes limitations on the use of SIGINT collected in bulk.

Moreover, over the past several months, a committee of independent experts from top technology firms
and academia assessed the technical feasibility of creating software-based alternatives as substitutes
for bulk collection. The committee just released its report, which concluded that there is no
software-based alternative which will provide a complete substitute for bulk collection in the detection
of some national security threats, but the report suggested other steps to reduce risks to privacy and
civil liberties, as well as to improve oversight of bulk collection activities. We are currently reviewing
how to address these important findings.

Section 702 allows the government to acquire foreign intelligence information concerning non-U.S.
persons reasonably believed to be located outside the United States. As announced by the President
in his January 17 address, we will provide additional privacy protections for U.S. persons whose
communications are incidentally collected under Section 702. This new executive branch policy limits
the ability to retain, query, and use in criminal cases this type of information.

In addition, in 2014, the PCLOB conducted an in-depth review of the Intelligence Community's
activities under Section 702. The PCLOB found them to be lawful and important to national security,
and offered ten recommendations to enhance privacy and civil liberties protections for both U.S. and
non-U.S. persons. The Intelligence Community has agreed to make changes to address all of these
recommendations. The Intelligence Community has agreed to address all of these recommendations.

We have declassified and publicly released an unprecedented amount of information about current
programs, much of which relates to the government's use of FISA authorities. We have published the
first IC Annual Transparency Report, disclosing statistics on the government's use of National Security
Letters and FISA authorities.

We have also declassified certain aggregate FISA data so that communications providers can disclose
to the public additional information about how they respond to requests they receive from the
government. In addition, providers can now also make public additional information about the number
of National Security Letters they receive.

We recently issued the Principles of Intelligence Transparency, which we will implement this coming
year to further enhance transparency while protecting intelligence sources and methods.

National Security Letters. The FBI will amend its use of National Security Letters to ensure that the
non-disclosure requirement placed on recipients will terminate within a fixed time period, absent a
demonstrated need for further secrecy.

Judicial Redress for Citizens of Certain Countries. In furtherance of its commitment to protecting
privacy in the law enforcement context, the Administration is working with Members of Congress on
legislation to give citizens of designated countries the right to seek judicial redress for intentional or
willful disclosures of protected information, and for refusal to grant access or to rectify any errors in that
information.

Whistleblower Protections. As we have strengthened the security of our systems, we have also
reaffirmed the process by which Intelligence Community personnel can report suspected violations of
law or other ethical and legal concerns without fear of retaliation. Within each agency there are multiple
officials designated to receive ethical, legal, or other concerns from intelligence employees. In addition,
intelligence personnel may leverage the Inspector General for the Intelligence Community, the Civil
Liberties and Privacy Officer in the Office of the Director of National Intelligence, or, consistent with the
Intelligence Community Whistleblower Protection Act, speak to Members of Congress.

As we continue to implement these and other reforms, we will also carefully review progress to identify any
additional protections that might be needed. In particular, we expect to focus on:

Privacy Protections: Over the next year, Intelligence Community elements will continue to implement
the requirements their PPD-28 policies and procedures. In addition, the Intelligence Community will
continue to work to update agency guidelines under Executive Order 12333 to protect the privacy and
civil liberties of U.S. persons.

Section 215 of the USA PATRIOT Act Capability: We will continue to work with Congress to enact
legislation preserving essential capabilities of the bulk telephony metadata collection program without
the need for the government to hold the data in bulk before Section 215 of the USA PATRIOT Act
sunsets in June 2015.

Transparency: We have established a senior working group to continue to identify ways the Intelligence
Community can increase transparency without harming national security. Expect to hear more from us
on this effort.

Annual Reports: In January of 2016 we will provide our next annual report on our progress
implementing SIGINT reforms.