The changes allow the National Counterterrorism Center (NCTC), the intelligence community’s clearinghouse for terrorism data, to keep information for up to five years. Previously, the center was required to promptly destroy — generally within 180 days — any information about U.S. citizens or residents unless a connection to terrorism was evident.
The new guidelines, which were approved Thursday by Attorney General Eric H. Holder Jr., have been in the works for more than a year, officials said.
The guidelines have prompted concern from civil liberties advocates.
Those advocates have repeatedly clashed with the administration over a host of national security issues, including its military detention without trial of individuals in Afghanistan and at Guantanamo Bay, its authorization of the killing of U.S.-born cleric Anwar al-Awlaki in a drone strike in Yemen, and its prosecution of an unprecedented number of suspects in the leaking of classified information.
Officials said the guidelines are aimed at making sure relevant terrorism information is readily accessible to analysts, while guarding against privacy intrusions. Among other provisions, agencies that share data with the NCTC may negotiate to have the data held for shorter periods. That information can pertain to noncitizens as well as to “U.S. persons” — American citizens and legal permanent residents.
The director of national intelligence, James R. Clapper Jr., has signed off on the changes.
“A number of different agencies looked at these to try to make sure that everyone was comfortable that we had the correct balance here between the information-sharing that was needed to protect the country and protections for people’s privacy and civil liberties,” said Robert S. Litt, the general counsel in the Office of the Director of National Intelligence, which oversees the NCTC.
Although the guidelines cover a variety of issues, the retention of data was the primary focus of negotiations with federal agencies. Those agencies provide the center with information such as visa and travel records and data from the FBI.
The old guidelines were“very limiting,” Litt said. “On Day One, you may look at something and think that it has nothing to do with terrorism. Then six months later, all of a sudden, it becomes relevant.”
Since the Sept. 11, 2001, terrorist attacks, the government has taken steps to break down barriers in information-sharing between law enforcement and the intelligence community, but policy hurdles remain.
The NCTC, created by the 2004 Intelligence Reform and Terrorism Prevention Act, collects information from numerous agencies and maintains access to about 30 data sets across the government. But privacy safeguards differ from agency to agency, in some cases hindering timely and effective analysis, senior intelligence officials said.
“We have been pushing for this because NCTC’s success depends on having full access to all of the data that the U.S. has lawfully collected,” said Rep. Mike Rogers (R-Mich.), chairman of the House intelligence committee. “I don’t want to leave any possibility of another catastrophic attack that was not prevented because an important piece of information was hidden in some filing cabinet.”
The shootings at Fort Hood, Tex., and the attempted downing of a Detroit-bound airliner on Christmas Day 2009 gave new impetus to efforts to aggregate and analyze terrorism-related data more effectively.
In the case of Fort Hood, Maj. Nidal M. Hasan had had contact with Awlaki but that information had not been shared across the government. The name of Umar Farouk Abdulmutallab, the suspect in the 2009 airliner plot, had been placed in a master list housed at the NCTC but not on a terrorist watch list that would have prevented him from boarding the plane.
Officials said the privacy safeguards in the new guidelines include limits on the NCTC’s ability to redistribute information to other agencies.
“Within the intelligence community, there’s one set of controls for terrorism purposes, a stricter set of controls for non-terrorism purposes, and an even stricter set of controls for dissemination outside the intelligence community,” an official said, speaking on the condition of anonymity. An entire database cannot be shared; only specific information within that data set can be shared, and it must be with the approval of the agency that provided the data, the official said.
Privacy advocates said they were concerned by the new guidelines, despite the safeguards.
The purpose of the safeguards is to ensure that the “robust tools that we give the military and intelligence community to protect Americans from foreign threats aren’t directed back against Americans,” said the American Civil Liberties Union’s national security policy counsel, Michael German. “Watering down those rules raises significant concerns that U.S. persons are being targeted or swept up in these collection programs and can be harmed by continuing investigations for as long as these agencies hold the data.”
Other homeland security experts said the guidelines give officials more flexibility without compromising individual privacy.
“Five years is a reasonable time frame,” said Paul Rosenzweig, a former senior Department of Homeland Security policy official. “I certainly think 180 days was way too short. That’s just not a realistic understanding” of how long it takes analysts to search large data sets for relevant information, he said.