Executive Orders on Privacy and Civil Liberties and the Information Sharing Environment
“Executive Orders (EOs) are official documents … through which the President of the United States manages the operations of the Federal Government.” The directives cite the President’s authority under the Constitution and statute (sometimes specified). EOs are published in the Federal Register, and they may be revoked by the President at any time. Although executive orders have historically related to routine administrative matters and the internal operations of federal agencies, recent Presidents have used Executive Orders more broadly to carry out policies and programs.
The National Archives maintains a list of all Executive Orders indexed by Presidents, by Order number, and by subject. This site, which also has a "search" capacity, can be used to determine if a particular Order has been amended, repealed, superseded, or otherwise changed.
EO 12333 (As initially issued) - Goals, Direction, Duties, and Responsibilities with Respect to the National Intelligence Effort (22pp | 281kb | PDF) (December 4, 1981). Under section 2.3, intelligence agencies can only collect, retain, and disseminate information about a "U.S. person" (U.S. citizens and lawful permanent residents) if permitted by applicable law, if the information fits within one of the enumerated categories under EO 12333, and if it is permitted under that agency’s implementing guidelines approved by the Attorney General. The EO has been amended several times to reflect the changing security and intelligence environment and structure within the U.S. Government.
EO 12333 has been amended by three subsequent Executive Orders: EO 13284 (4pp. | 155kb | PDF) (January 23, 2003), EO 13355 (5pp | 166kb | PDF) (August 27, 2004), and EO 13470 (18pp | 205kb | PDF) (July 30, 2008). The current text of EO 12333 as amended is available online (16pp | 131kb | PDF).
- Many of the provisions of EO 13470 change how the intelligence agencies are governed and how they report to the President. In particular, the changes reflect that the U.S. intelligence agencies are to report to the President through the newly created Office of the Director of National Intelligence (ODNI). (At the time that EO 12333 was initially signed in 1981, the Director of National Intelligence was the nominal head of U.S. intelligence agencies).
- Briefing on the July 2008 changes to 12333. Briefing for the Congressional Oversight Committee (8pp | 2.65mb | PPT) by ODNI indicates that EO 12333’s original privacy and civil liberties protections are maintained after the July 2008 revisions.
- In section 1.1(b), the amended EO 12333 includes the following language: the Government "has a solemn obligation, and shall continue in the conduct of intelligence activities under this order, to protect fully the legal rights of all United States persons, including freedoms, civil liberties, and privacy rights guaranteed by Federal law."
- At section 1.5(c), EO 12333 requires the heads of all departments and agencies to "Coordinate development and implementation of intelligence systems and architectures and, as appropriate, operational systems and architectures of their departments, agencies, and other elements with the Director to respond to national intelligence requirements and all applicable information sharing and security guidelines, information privacy, and other legal requirements…."
- Section 1.6(h) of EO 12333 also requires the heads of elements of the Intelligence Community to ensure "that the inspectors general, general counsels, and agency officials responsible for privacy or civil liberties protection for their respective organizations have access to any information or intelligence necessary to perform their official duties."
- The amended 12333 includes the following language: the Government "has a solemn obligation, and shall continue in the conduct of intelligence activities under this order, to protect fully the legal rights of all United States persons, including freedoms, civil liberties, and privacy rights guaranteed by Federal law."
EO 13311 - Homeland Security Information Sharing (2pp | 149kb | PDF) (July 29, 2003). President Bush assigned his functions under section 892 of the Homeland Security Act to the Secretary of Homeland Security. Amended by EO 13388, all references to "Director of Central Intelligence" are now the "Director of National Intelligence."
EO 13353 – Establishing the President’s Board on Safeguarding Americans’ Civil Liberties (3pp | 160kb | PDF) (August 27, 2004). EO13353 creates the President’s Board on Safeguarding Americans’ Civil Liberties, which is ‘part of the Department of Justice for administrative purposes,’ to ‘undertake other efforts to protect the legal rights of all Americans, including civil liberties, and information privacy guaranteed by Federal law, as the President may direct.’ Although EO 13353 was never officially rescinded, its directive to create the President’s Board on Safeguarding Americans’ Civil Liberties faced strong opposition and was eventually jettisoned in favor of an independent body, the Privacy and Civil Liberties Oversight Board.
EO 13354 – Establishing the National Counterterrorism Center (4pp | 161kb | PDF) (August 27, 2004). The Center was established in order to "protect the security of the United States through strengthened analysis and strategic planning and intelligence support to operations to counter transnational terrorist threats…" This includes the "interchange of terrorism information between agencies and appropriate authorities of States and local governments…." The EO designated the National Counterterrorism Center (NCTC) as "the primary organization in the United Sates Government for analyzing and integrating all intelligence possessed or acquired by the [Government]… pertaining to terrorism and counterterrorism, excepting purely domestic counterterrorism information." While the Center continues in existence, EO 13354 was revoked by EO 13470 (18pp | 205kb | PDF) (July 30, 2008), which revised EO 12333. (See Section 3.6 of current version of EO 12333).
- Also see EO 12333 above, EO 12958 (19pp | 248kb | PDF) (April 17, 1995) (revoked by EO 13526), and EO 13470, which amended EO 12333 in 2008.
- "Agencies shall protect the freedom, information privacy, and other legal rights of Americans in the conduct of activities implementing …[the detection, prevention, disruption, preemption and mitigation of the effects of transnational terrorist activities and] the interchange of terrorism information between agencies and appropriate authorities of States and local governments."
EO 13388 – Further Strengthening the Sharing of Terrorism Information to Protect Americans (3pp | 161kb | PDF) (October 25, 2005). This Executive Order :
- revokes EO 13356 (4pp | 163kb | PDF) (August 27, 2004) and amends EO 13311 (above);
- creates the Information Sharing Council (ISC) to provide advice and information concerning the "establishment of an interoperable terrorism information sharing environment to facilitate automated sharing of terrorism information among appropriate agencies to implement the policy set forth in section 1 of this order; and (ii) perform the duties set forth in section 1016(g) of the Intelligence Reform and Terrorism Prevention Act of 2004."
- assists the Program Manager for the ISE (PM–ISE) in expediting the establishment of the ISE and appointed the PM as chair of the Council,
- requires that "[t]o the maximum extent consistent with applicable law, agencies shall, in the design and use of information systems and in the dissemination of information among agencies… give the highest priority to… the interchange of terrorism information among agencies… [and shall] protect the freedom, information privacy, and other legal rights of Americans in the conduct of [such] activities…."
EO 13526 – Classified National Security Information (27pp | 246kb | PDF) (December 29, 2009). This Executive Order:
- prescribes a uniform system for classifying, safeguarding, and declassifying national security information, including information relating to the defense against transnational terrorism;
- states that although our democratic principles "require that the American people be informed of the activities of their Government," "throughout our history, the national defense has required that certain information be maintained in confidence….";
- promotes open Government through "accurate and accountable application of classification standards and routine, secure, and effective declassification…."; and
- revokes EO 12958 (19pp | 248kb | PDF) (April 17, 1995) and EO 13292 (20pp | 199kb | PDF) (March 25, 2003).
The Information Security Oversight Office, National Archives and Records Administration issued a Directive (28pp | 269kb | PDF) implementing the Executive Order on June 28, 2010. The Directive addresses classification standards, identification and markings, declassification, safeguarding, and other factors related to classified national security information.
EO 13549 – Classified National Security Information Program for State, Local, Tribal, and Private Sector Entities (6pp | 159kb | PDF) (August 18, 2010). This Executive Order:
- ensures the proper safeguarding of information shared with State, local, tribal and private sector (SLTPS) entities;
- establishes a "Classified National Security Information Program" designed to manage access to and handling of such information;
- ensures the security standards established in accordance with EO 13526 (above) and other relevant Executive Orders are articulated by the Secretary of Homeland Security, to address among other things: eligibility for access to classified information by SLTPS personnel, how duly elected Governors are to receive appropriate clearances; and requiring that physical custody of classified information by SLTPS entities be limited to Secret information unless the location housing the information is under "full-time management, control, and operation of the Department of Homeland Security or another agency….";
- establishes an SLTPS Policy Advisory Committee to discuss Program–related policy issues in dispute to facilitate conflict resolution; and
- promotes inspections and monitoring of SLTPS programs and facilities to verify that there is an ongoing need for access to classified information.
The order is to be implemented in a manner "consistent with procedures approved by the Attorney General pursuant to Executive Order 12333, as amended."
EO 13556 – Controlled Unclassified Information (3pp | 138kb | PDF) (November 4, 2010). This Executive Order:
- establishes an open and uniform program for managing information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government–wide policies, excluding information classified under EO 13526 or the Atomic Energy Act, as amended;
- addresses the "ad hoc, agency–specific policies, procedures, and markings to safeguard and control this information, such as information that involves privacy, security, proprietary business interests, and law enforcement investigations. This inefficient, confusing patchwork has resulted in inconsistent marking and safeguarding of documents, led to unclear or unnecessarily restrictive dissemination policies, and created impediments to authorized information sharing. The fact that these agency-specific policies are often hidden from public view has only aggravated these issues." (Sec. 1).
- establishes a program for managing this information, called "Controlled Unclassified Information," (CUI) that emphasizes the openness and uniformity of Government–wide practices;
- requires that the CUI categories and subcategories shall serve as the exclusive designations for identifying unclassified information throughout the executive branch that requires safeguarding or dissemination controls, pursuant to and consistent with applicable law, regulations, and Government–wide policies;
- charges the National Archives and Records Administration to implement the Order and oversee agency compliance with it; and
- rescinds Presidential Memorandum of May 7, 2008 ("Designation and Sharing of Controlled Unclassified Information (CUI)").
EO 13587 – Structural Reforms To Improve The Security Of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information ( 5pp | 155kb | PDF) (October 7, 2011). This Executive Order:
- directs structural reforms to ensure responsible sharing and safeguarding of classified information on computer networks that shall be consistent with appropriate protections for privacy and civil liberties;
- ensures coordinated interagency development and reliable implementation of policies and minimum standards regarding information security, personnel security, and systems security;
- requires policies and minimum standards for sharing classified information both within and outside the Federal Government;
- requires that these policies and minimum standards will address all agencies that operate or access classified computer networks, all users of classified computer networks (including contractors and others who operate or access classified computer networks controlled by the Federal Government), and all classified information on those networks;
- directs agency heads to: (a) designate a senior official to be charged with overseeing classified information sharing and safeguarding efforts for the agency; (b) implement an insider threat detection and prevention program consistent with guidance and standards developed by the Insider Threat Task Force established in the order; and (c) perform self-assessments of compliance with policies and standards issued pursuant to sections 3.3, 5.2, and 6.3 of the order, as well as other applicable policies and standards, the results of which shall be reported annually to the Senior Information Sharing and Safeguarding Steering Committee established in section 3 of the order;
- establishes a Classified Information Sharing and Safeguarding Office (CISSO) within and subordinate to the office of the PM–ISE to provide expert, full-time, sustained focus on responsible sharing and safeguarding of classified information on computer networks; and
- requires establishment of an interagency Insider Threat Task Force to develop a Government-wide program (insider threat program) for deterring, detecting, and mitigating insider threats, including the safeguarding of classified information from exploitation, compromise, or other unauthorized disclosure, taking into account risk levels, as well as the distinct needs, missions, and systems of individual agencies.
EO 13629 – Establishing the White House Homeland Security Partnership Council (5pp | 315kb | PDF) (October 26, 2012). This Executive Order:
- establishes “a White House Homeland Security Partnership Council (Council) to foster local partnerships—between the Federal Government and the private sector, nongovernmental organizations, foundations, community-based organizations, and State, local, tribal, and territorial government and law enforcement—to address homeland security challenges;”
- directs the Council to “promote homeland security priorities and opportunities for collaboration between Federal Government field offices and State, local, tribal, and territorial stakeholders;”
- directs the Council to “advise and confer with State, local, tribal, and territorial stakeholders and agencies interested in expanding or building local homeland security partnerships;”
- directs the Council to “raise awareness of local partnership best practices that can support homeland security priorities;”
- directs the Council to “as appropriate, conduct outreach to representatives of the private sector, nongovernmental organizations, foundations, community-based organizations, and State, local, tribal, and territorial government and law enforcement entities with relevant expertise for local homeland security partnerships, and collaborate with other Federal Government bodies; and”
- directs the Council to “convene an annual meeting to exchange key findings, progress, and best practices.”
EO 13636 – Improving Critical Infrastructure Cybersecurity (8pp | 325kb | PDF) (February 12, 2013). This Executive Order:
- sets the “policy of the United States Government to increase the volume, timeliness, and quality of cyber threat information shared with U.S. private sector entities so that these entities may better protect and defend themselves against cyber threats;”
- orders the establishment of a process to rapidly disseminate unclassified reports of cyber threats to the U.S. homeland that identify a specific targeted entity;
- expands the Enhanced Cybersecurity Services program, a voluntary information sharing program, to all critical infrastructure sectors to provide classified cyber threat and technical information;
- coordinates agency activities under this order with senior agency officials for privacy and civil liberties to “ensure that privacy and civil liberties protections are incorporated into such activities;”
- bases privacy and civil liberties protections on “the Fair Information Practice Principles and other privacy and civil liberties policies, principles, and frameworks as they apply to each agency’s activities;”
- orders an annual assessment of privacy and civil liberties risks by the DHS Chief Privacy Officer and the Officer for Civil Rights and Civil Liberties;
- directs the development of a Cybersecurity Framework to reduce cyber risks to critical infrastructure, which shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches and shall incorporate voluntary consensus standards and industry best practices to the fullest extent possible.