The National Security Agency says a special directive from Barack Obama on the organization’s reach into private Internet communications will not be made public.
“Because the document is under the control of the National Security Staff (NSS), this agency consulted with the NSS,” the letter explained. “The document was reviewed by the NSS as required by the FOIA and was determined by the NSS to be exempt from release pursuant to the fifth exemption of the FOIA. This exemption applies to inter-agency or intra-agency memoranda or letters which would not be available by law to a party in litigation with the agency, protecting confidential communications between the president and his advisers.”
Phillips also said the document is classified “because its disclosure could reasonable be expected to cause exceptionally grave damage to the national security.”
EPIC sought the information because it pertained to the National Security Agency’s “authority to invade civilian networks.”
The organization explained: “On Nov. 14, 2012, the Washington Post reported President Obama had signed Presidential Policy Directive 20 … in October. According to the Washington Post, the directive ‘enables the military to act more aggressively to thwart cyberattacks on the nation’s web of government and private computer networks.’ The text of the directive has not been made public.”
But the letter said the Post reported previous attempts by the president to expand the military’s cybersecurity authority had been rejected as posing “unacceptable risks” and potentially “harmful consequences.”
Further, EPIC wrote, the directive “may violate federal law that prohibits military deployment within the United States without congressional approval.”
The organization noted that it took similar action and continues to litigate the issue when President George W. Bush issued a directive in 2008, which defined the cybersecurity authority of the NSA.
EPIC said the older directive is equivalent to “secret law,” the very thing the FOIA seeks to prevent.
“Transparency in cybersecurity is crucial to the public’s ability to monitor the government’s national security efforts and ensure that federal agencies respect privacy rights and comply with their obligations under the Privacy Act,” EPIC wrote. “This FOIA request involves information on the National Security Agency’s authority to invade civilian Internet networks. Responsive documents will hold a great informative value regarding activities of the government that will have a significant public impact.
“There is a particular urgency for the public to obtain information about the NSA’s cybersecurity activities within the United States. As previously discussed, numerous bills are currently being considered by Congress to address U.S. cybersecurity policy. In order for meaningful public comment on these bills, as well as subsequent cybersecurity measures, the public must be aware of the authority that the president’s directive establishes,” it argued.
The potential is huge, the organization said.
“The NSA has an almost boundless capacity to intercept private communications. The need to establish effective oversight for government surveillance, including matters involving national security, is well-understood and a long-standing concern.”
The organization noted it also has sought public release of the technical arrangement between the NSA and Google that was adopted in 2010, because federal law prevents the agency, a part of the Department of Defense, from conducting operations within the U.S.
EPIC said today it would appeal the NSA’s determination.