The United States Director of National Intelligence released new guidelines yesterday that will allow 16 US intelligence agencies – including the Federal Bureau of Investigation (FBI) and Drug Enforcement Administration (DEA) – to search some of the most significant of the National Security Agency’s (NSA) vast warrantless surveillance databases. That the guidelines were publicly released at all is a step forward for transparency. Nevertheless, this sharing arrangement only magnifies the privacy harms inflicted by the NSA’s global dragnet and renews concerns that evidence gathered from warrantless surveillance is secretly seeping into criminal prosecutions, in violation of constitutional and human rights.

Director of National Intelligence James Clapper testifies before a Senate Armed Services Committee hearing on foreign cyber threats, on Capitol Hill in Washington, U.S., January 5, 2017.

© 2017 Reuters

Authorities wanted these changes to enhance information sharing and collaboration among the US’s various intelligence agencies. Finalized in December 2016, the new rules allow other US intelligence agencies (which include some federal law enforcement bodies) to directly search the NSA’s databases of “raw” data collected under Executive Order 12333 if they make the case that the request is “reasonable” and the data is potentially relevant to their missions. Troublingly, if the NSA finds something that might be of interest to another agency, it can notify that agency “on its own initiative.”

Executive Order 12333 grants the NSA broad surveillance powers that sweep up personal data and electronic communications of unknown millions of people worldwide, with no judicial authorization and insufficient Congressional oversight. As detailed by a former US State Department official, these programs compromise the privacy of millions of people inside the US as well, whose data is undeniably caught in the dragnet.

When accessing the NSA’s raw data, agencies are subject to rules that limit how they can retain, use, or share the data. But in many cases, these rules are designed primarily to protect US persons – not foreigners abroad –  while also containing potentially broad exceptions.

There are also some additional safeguards where intelligence agencies seek to search raw data using information associated with US persons. However, if agencies discover evidence of a crime, that information can still be shared with the Justice Department.

Police are supposed to have probable cause – and seek judicial authorization – to conduct searches for good reason. As we have previously explained, sharing data obtained under warrantless surveillance programs with law enforcement agencies makes it extremely difficult for anyone to legally challenge how the data was obtained, and thus the evidence itself. Defense lawyers and privacy groups have already expressed concerns that federal prosecutors are not notifying defendants when evidence used against them comes from warrantless intelligence gathering programs, or may be obfuscating the source of such evidence.

Such practices undermine basic fair trial rights: all criminal defendants should be able to properly understand and contest evidence used against them. But more broadly, the practices also remove crucial checks against secret, creeping intelligence gathering powers and the risk of a police state. We can’t challenge potentially abusive searches if they never come to light. The new EO 12333 data-sharing rules only exacerbate these concerns.