14 DAY TRIAL // Following a Freedom of Information Act request sent in by the American Civil Liberties Union (ACLU) to the Trump administration, a report by the Privacy and Civil Liberties Oversight Board regarding the practices of U.S. surveillance agencies was released.
More precisely, according to ACLU Staff Attorney Ashley Gorski, the report released on Tuesday by a federal privacy watchdog details how the U.S. government manages personal information acquired during surveillance operations.
"The report addresses government agencies’ implementation of “PPD-28,” President Obama’s 2014 policy directive on government spying and the treatment of “personal information,” which includes communications like emails, chats, and text messages," says Gorski.
Moreover, the privacy policy report (.PDF) was finalized by the Privacy and Civil Liberties Oversight Board bipartisan agency in 2016, and it analyzed the implementation of Obama's Presidential Policy Directive - 28 (PPD-28).
"In an effort to protect the national security of the United States while respecting privacy and civil liberties, the directive codifies current practices and establishes new principles related to the collection, use, retention, dissemination, and oversight of signals intelligence," says the report.
As highlighted by the privacy board's report Obama's PPD-28 directive is not consistently applied by U.S. surveillance
As detailed in the report, the PPD-28 does not provide the privacy protections one would expect from such a critical directive, allowing surveillance agencies for example to use the information they collect in bulk for a number of purposes which can cover a wide range of uses.
Furthermore, government agencies with access to communication surveillance such as the FBI and the NSA are not always sure about what are the exact activities the PPD-28 directive covers explicitly.
Additionally, the privacy board expressed its concern regarding NSA possibly sharing raw intercepted communications where private information is not redacted with other state agencies such as DHS and DEA.
Although they have their own privacy protection policies, they might not have the technology needed to comply with the PPD-28's requirements and their personnel might also need extra training to be able to handle "unevaluated signals intelligence for the first time" properly.
The Privacy and Civil Liberties Oversight Board report raises some questions regarding the realism of implementing the U.S.–EU Privacy Shield data-sharing agreement given that the USA's personal information protection policies are so anemic and not always properly enforced.