Intelligence Oversight Cheat Sheet ################################## Government information security usually requires some awareness of intelligence oversight. This is the Army's view as expressed in AR381-10_. .. _AR381-10: https://armypubs.army.mil/epubs/DR_pubs/DR_a/pdf/web/r381_10.pdf Procedure 1 General Provisions ============================== * Asserts rights of US persons. * Requires least intrusive means. Procedure 2 Collecting US Persons Information ============================================= * Intentionally collected for use. * Defines 13 categories of `collectible information`_ in scope of IO. .. _collectible information: #collectible-information-covered-by-io Procedure 3 Retaining US Persons Information ============================================= * Access controls (NTK). * Duration: 30-60-90. * Annual review. Procedure 4 Disseminating US Person Information =============================================== * Non-signals info for lawful use can go to: DOD employees/contractors, LEAs with jurisdiction, other IC agency with M&A, non-IC Federal agency with M&A, foreign government per agreements. * Disclosure accounting in AR25-22_. .. _AR25-22: https://armypubs.army.mil/epubs/DR_pubs/DR_a/pdf/web/AR25-22_Web_FINAL.pdf Procedure 5 Electronic Surveillance =================================== * Implements `FISA, 50 USC 1805`_. Max duration: 90 days. Probable cause required. * Approval required with targeting or reasonable expectation of privacy. * Delegation of approval for non-US persons abroad no lower than MI brigade or group CDR. * Related: SIGINT IAW USSID18_; INFOSEC IAW AR380-53_; TSCM IAW AR381-14_ .. _USSID18: https://www.dni.gov/files/documents/1118/CLEANEDFinal%20USSID%20SP0018.pdf .. _AR380-53: https://armypubs.army.mil/epubs/DR_pubs/DR_a/pdf/web/r380_53.pdf .. _AR381-14: https://armypubs.army.mil/epubs/DR_pubs/DR_e/pdf/web/AR381_14_ph_final.pdf +----------------+-----------------------------------------------------------------------------------------+ | Activity | Approval Chain | +================+=========================================================================================+ | **CONUS** | **CI** -> ODCS G2 (DAMI-CDC) -> SecArmy -> DOD Gen. Counsel -> USAG -> **[** FISC **]** | +----------------+-----------------------------------------------------------------------------------------+ | *Emergency* or | **CI** -> ODCS G2 (DAMI-CDC) -> **[** USAG **]** | | *Consensual* | | +----------------+-----------------------------------------------------------------------------------------+ | **OCONUS** | **CI** -> ODCS G2 (DAMI-CDC) -> SecArmy -> DOD Gen. Counsel -> **[** USAG **]** | +----------------+-----------------------------------------------------------------------------------------+ | *Emergency* or | **CI** -> **[** SecArmy, U.SecArmy, or equivalent_ **]** | | *Conesnsual* | | +----------------+-----------------------------------------------------------------------------------------+ .. _FISA, 50 USC 1805: https://www.gpo.gov/fdsys/pkg/USCODE-2011-title50/html/USCODE-2011-title50-chap36-subchapI-sec1805.htm Procedure 6 Concealed Monitoring ================================ * If LEA would need a warrant in the same circumstances, CI must staff a Procedure 6. * Applies with expectation of privacy when either device or the monitored entity is in the US. * DCS G2 and CG INSCOM may approve monitoring on DOD-owned facilities overseas. Elswhere with CIA or SOFA coordination. Procedure 7 Physical Searches ============================= * Nonconsensual in CONUS on DOD property of DOD personnel requires military judge, magistrate, or commander with UCMJ authority to grant search. * All other CONUS searches require FBI assistance. * OCONUS searches *on or off* DOD property of DOD personnel with probable cause. * FBI may request CI assistance with surreptitious entry and physical search. * Defined in `50 USC 1821`_. * Approval: **CI** -> ODCS G2 (DAMI-CDC) -> SecArmy -> DOD Gen. Counsel -> USAG .. _50 USC 1821: https://www.law.cornell.edu/uscode/text/50/1821 Procedure 8 Mail Searches and Examination ========================================= * Note: The unit mail room is almost always *inside* USPS channels. +--------------------------+--------------+------------------------------------------+ | Activity | Active Agent | Approval | +==========================+==============+==========================================+ | Mail cover | USPS | MI request | | In USPS channels | | | +--------------------------+--------------+------------------------------------------+ | Mail cover | CI or LEA | Host nation procedures, SOFA or base | | Outside USPS channels | | policy. | +--------------------------+--------------+------------------------------------------+ | First class | USPS+LEA | See `DOD4525.6-M`_ | | In USPS channels | | Same as LEA-assisted physical search. | +--------------------------+--------------+------------------------------------------+ | Below first class | USPS | Search by USPS or confiscate | | In USPS channels | | search by MY on MI request. | +--------------------------+--------------+------------------------------------------+ | Open any mail among no | CI | CI investigative authority. | | US persons outside USPS | | Refer to umbrella concept. | +--------------------------+--------------+------------------------------------------+ | Open first class with US | CI or FBI | AG or equivalent_ | | person outside USPS | | | +--------------------------+--------------+------------------------------------------+ .. _equivalent: #equivalent-to-ag-for-approval .. _DOD4525.6-M: https://www.1stmlg.marines.mil/Portals/123/Docs/Postal/DOD_4525.6M.pdf Procedure 9 Physical Surveillance ================================= * Applies to military personnel on active status, present *or former* IC employees/contractors/staff, applicants to IC or contracting. * Also applies to anyone contacting the above during surveillance for the purposes of identifying them. * Off DOD installation requires FBI or other LEA coordination. * FBI or other Federal agency may employ Army CI for surveillance. * Approval for surveillance of individuals under CI jurisdiction comes from AG or equivalent_. * Non-US persons surveillance approval delegated no lower than MI Bn CDR or equivalent in writing. * TCICA coordination within 24 hours of surveillance for identification and ACICA coordination within 48 hours. Procedure 10 Undisclosed Participation in Organizations ======================================================= * Only applies to participation for collection for no longer than 12 months without re-approval. * Approval from AG or equivalent_. Disclosure to group executive officials may still occur at a later date. Procedure 11 Contracting for Goods and Services =============================================== * Follow acquisitions policy IAW `DODI5000.2`_, DFARS_, and AR25-2_. * No personal services, no contracts with government employees. .. _AR25-2: https://armypubs.army.mil/epubs/DR_pubs/DR_a/pdf/web/r25_2.pdf .. _DFARS: https://www.acq.osd.mil/dpap/dars/dfarspgi/current/index.html .. _DODI5000.2: http://www.acq.osd.mil/fo/docs/500002p.pdf Procedure 12 Assistance to Civilian Law Enforcement Authorities =============================================================== * Approval from SecDef. * Prevent clandestine activities from foreign powers, ICO, and ITOs. * Protect DOD employees, information, property, facilities, and information systems. * Prevent, detect, or investigate other violations of law. * May request LEA assistance for MI investigations when CI is lead. Procedure 13 Experimentation on Human Subjects for Intelligence Purposes ======================================================================== * Applies hen experiment is on a human, regardless of US person status, for MI purposes. * Includes work by contractors. * Follow HHS guidelines as per AR70-25_. * Requires approval from SecArmy, SecDef, or Deputies, as appropriate. .. _AR70-25: https://armypubs.army.mil/epubs/DR_pubs/DR_a/pdf/web/r70_25.pdf Procedure 14 Employee Conduct ============================= * All must know Procedures 1 through 4 and 14 through 17. Collection-related personnel must know 1 through 17. * SIGINT and crypto capabilities also require training in USSID18_. * All must train with EO12333_ (as ammended) and its implementation `DOD5240.1-R`_. * CDRs will protect personnel from reprisal for reporting under Procedures 15 or 16. * All will cooperate with PIOB and AG Counsel. .. _DOD5240.1-R: https://dodsioo.defense.gov/Portals/46/DoDM%20%205240.01.pdf .. _EO12333: https://dodsioo.defense.gov/Library/EO-12333/ Procedure 15 Questionable Intelligence Activities ================================================= * Requires reporting of questionable intelligence activities and explains procedure. * Report illegal or improper activities to CI or LEA. * IG or command channels are valid. Inquiries not referred will conclude in 60 days. * Includes misuse of credentials. Procedure 16 Federal Crimes =========================== * Report Federal crimes involving MI personnel through DCS G2 or command within 5 working days of discovery. * Non-reporting is covered under Procedure 15. * Unsub will not receive false names. * Only ACICA will be aware of bigot cases. * Does not apply to crimes against property less than $500 for MI personnel or less than $1000 for non-MI. Procedure 17 Support to FP, MNI, Joint Intel Activities, and Other DOD Investigative Orgs ========================================================================================= * Specifically authorizes intelligence activities for force protection. * CI is Army's primary LEA liaison for foreign threat information. * Time-sensitive threat information handed to PMG/LEA is no longer subject to AR381-10_. * Still subject to `DODD5200.27`_. * MI-trained CJA may authorize multinational intelligence activities if they meet US legal sufficiency. * Unless overriden by joint commander Army personnel will comply with Army policies. * Barring conflict other Federal agencies may request investigative support. Primacy determined by AR381-20. .. _DODD5200.27: http://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodd/520027p.pdf Additional notes ================ Links above point here. Equivalent to AG for approval ----------------------------- * DCS G2 * CG ARCENT * CG 8th Army * CG AREUR * CG INSCOM * CG ARPAC * CG ARSOUTH * CG ARSOC * CDR 650th MIG Collectible information covered by IO ------------------------------------- ======================= ========== Category Definition ======================= ========== Consensual The US person consents to MI collecting info about him or her. Public The US person info is publicly available. Foreign intelligence Foreign entities or entities acting as agents for same. Counterintelligence Entities in CI jurisdiction. Sources of assistance US persons who reasonably may become intelligence sources Sources and methods US person info about those with sources and methods info or ability to compromise it. Physical security US person info involving threats to safety or installations. Personnel security Personnel reliability program or background investigation (e.g. for OPM). Communications security US person info connected to COMSEC investigations. Narcotics US person info about those with TNO connection. Threats to safety US person info related to imminent harm. Overhead reconnaissance US person info collected overhead without targeting. Administrative US person information necessary for administrative purposes. ======================= ==========