Page:Signals Intelligence Activities.pdf/3

 Use of SIGINT Collected in Bulk

The Agency shall use SIGINT collected in bulk only for the purposes of detecting or countering:


 * espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests;
 * threats to the United States and its interests from terrorism;
 * threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction;
 * cybersecurity threats;
 * threats to U.S. or allied Armed Forces or other U.S. or allied personnel;
 * transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes identified in the section on “Use of SIGINT Collection in Bulk”; and
 * any threat to the national security determined to be a permissible use of SIGINT collected in bulk in the review process established by Section 2 of PPD-28, or for any other lawful purpose, when approved by the President.

The Agency shall not use SIGINT collected in bulk for the purpose of:


 * suppressing or burdening criticism or dissent;
 * disadvantaging persons based upon their ethnicity, race, gender, sexual orientation, or religion;
 * affording a competitive advantage to U.S. companies and U.S. business sectors commercially; or
 * achieving any other purpose than those identified above.

As provided in footnote 5 of PPD-28, the prohibitions noted immediately above on the use of SIGINT collected in bulk do not apply to SIGINT collected in bulk that is temporarily acquired to facilitate the acquisition of targeted collection.

The Agency shall participate in the policy processes for reviewing the permissible uses of SIGINT collected in bulk.

The Agency shall, on an annual basis, review the Agency’s use of SIGINT collected in bulk and advise the DNI and APNSA on recommended additions to or removals from the list of permissible uses of SIGINT collected in bulk.

Systems containing SIGINT collected in bulk shall record sufficient details of queries to enable oversight and compliance with permissible uses of SIGINT collected in bulk, and to enable retention determinations.