The Army Lawyer | 2019 Issue 3View PDF

null An Intelligence Law Primer for the Second Machine Age


The Army Lawyer


An Intelligence Law Primer for the Second Machine Age



 PDF Version

An army without spies is like a man without ears or eyes.1

Armies have always collected and analyzed as much information as possible about their enemies’ capabilities, intentions, and activities. Espionage is an ancient, primitive art. As detailed in the biblical Book of Numbers, God urged the prophet Moses to dispatch twelve spies to explore Canaan.2 They returned with a detailed report on the number and vitality of the people there, the fertility of the land, the vegetation, and the city walls and fortifications.3 In the Roman Empire, military leaders successfully employed exploratores and speculatores to monitor enemy movements, collect human intelligence (HUMINT), and provide assessments to the emperor.4 During the Middle Ages, English noblemen recruited traveling Dominican friars, sworn to poverty, and paid them quite well to provide reports of potential rebellions and enemy activity.5 The Mongols constructed far-reaching roads specifically to facilitate their spies traveling under cover as merchants.6

During the American Revolution, British and American forces relied heavily on espionage. George Washington famously managed human sources throughout his time as the Commander of the Continental Army, but his patriots also suffered from Loyalist counterintelligence operations.7 During the American Civil War, Union generals relied on Allan Pinkerton and his National Detective Agency for routine intelligence reports and counterespionage.8 During World War II, the U.S. Office of Strategic Services managed nearly 13,000 spies to collect, analyze, and disseminate crucial intelligence in every theatre of war.9 Today, the United States Intelligence Community10 employs nearly one million people and boasts an annual budget of over $80 billion.11

As Canadian spymaster Sir William Stephenson noted in 1976, “Among the increasingly intricate arsenals across the world, intelligence is an essential weapon, perhaps the most important.”12 Timely, accurate, and insightful information about the activities, capabilities, plans, and intentions of foreign powers, organizations, persons, and their agents, is essential to U.S. national security.13 The integration of intelligence into military operations is considered an inherent responsibility of command.14 It is, therefore, a staff’s inherent responsibility to understand the legal, policy, and operational implications of what the commander’s “eyes and ears” are doing.

Exponential advances in technology will continue to open new doors for intelligence professionals. Prolific reliance on smart phones and social networking websites has elevated the importance of the Open Source Intelligence (OSINT) discipline, which has required the U.S. Intelligence Community and the Department of Defense’s Intelligence Components to quickly develop tactics, techniques, procedures, and policies to govern a rapidly changing information landscape.15 Internet-based intelligence operations have also driven the development of novel, CONUS-based activities that will require judge advocates in garrison to understand complicated legal principles and unique command relationships. As new technology gives rise to new collection and analytical methods, staff, brigade, group, battalion, and command judge advocates will be called upon more frequently to provide advice on the lawfulness of intelligence activities.

This article is a basic primer for how to analyze any military intelligence law issue with an emphasis on how new technology is impacting the legal landscape. It will cover the judge advocate’s role in providing counsel to intelligence units and personnel, as well as provide a framework for analyzing legal issues related to the collection, evaluation, and retention of information by intelligence personnel.


Although most judge advocates will not serve at the National Security Agency (NSA), the Defense Intelligence Agency (DIA), or at a Service-level intelligence headquarters, almost every judge advocate will serve among intelligence professionals. The U.S. Army’s infantry brigade combat team (IBCT), for example, is authorized a robust menu of intelligence assets.16 Within the IBCT S2, there are twenty trained personnel, to include two HUMINT collectors. Every IBCT is also authorized a Military Intelligence Company (MICO), which boasts additional HUMINT collectors, Unmanned Aerial System operators, signals intelligence (SIGINT) collectors, OSINT collectors, and geospatial intelligence (GEOINT) analysts.17 There are additional intelligence Soldiers at the battalion level, and “every Soldier is a sensor,” which requires every Soldier, and therefore every Army lawyer, to have a basic understanding of the commander’s priority intelligence requirements (PIRs).18 Further, for judge advocates who serve in special operations units, the ability to analyze an intelligence law issue is indispensable.19 Commanders look to their attorneys to understand the line between intelligence and operational activities, the impact of different legal constructs, and how to comply with complicated DoD oversight and reporting requirements.

Notwithstanding, a mere 10/538 (.01%) pages in the Army’s 2018 Operational Law Handbook are dedicated to intelligence law, most of which are focused on detention and interrogation operations.20 As the author of The Army Lawyer’s only comprehensive Intelligence Law primer observed, “precious little has been written about intelligence oversight for those who do not practice in intelligence law or national security fields, by those who do.”21 Further, there have traditionally been few opportunities to practice intelligence law. Judge advocates in garrison are not often asked to research or write about intelligence legal issues, and many of the most relevant sources, ideas, authorities, and restrictions are tucked away in classified basements. Even in foreign areas of hostilities, conventional military intelligence personnel are not regular consumers of legal advice, as they employ clearly authorized methods to collect and analyze information in response to well-defined requirements (e.g., the weather, main supply routes, enemy personnel in the commander’s area of operations, and potential threats to Forward Operating Bases and Combat Outposts).22

Yet, an intense focus on the cyber domain requires all military lawyers to understand the basic intelligence law framework now. Publicly available information (PAI) on the Internet has created new collection opportunities for intelligence professionals in combat zones and at home station. Military attorneys must be prepared to answer questions about the lawfulness of new collection efforts and tools, particularly where U.S. person information is involved, U.S. based social networking websites are leveraged, or large amounts of data are sought. A recent report found that members and sympathizers of the terror group Daesh, the so-called Islamic State, were recently uploading over one hundred thousand posts each day to websites and mobile applications like Facebook, YouTube, Twitter, Instagram, Telegram, Skype, Zello, Tumblr, Snapchat, Silent Circle, WhatsApp, Kik,, Google Drive, dating websites, Quora, Threema, WordPress, and many others.23 Vast repositories of data left in the wake of such ubiquitous smart phone and Internet use have produced what some observers call the “second machine age.”24

Predictive data analytics, software robots, machine learning, facial recognition programs, and the development of the “Internet of Things,” are all driving new collection and analysis tactics, training programs, and doctrine. The current operating environment will challenge judge advocates to thoroughly understand their commanders’ PIRs, their units’ technical capabilities, and the rules governing their units’ intelligence activities. Judge advocates must gain access to, and master, the documents governing their units’ intelligence activities, including research, development, and training, to ensure compliance with applicable laws and regulations. Legal advisors must stay abreast of advances in technology and be prepared to identify and resolve intelligence law issues. An inability to spot and address intelligence law issues may lead to the execution of questionable intelligence activities, complicated investigations, and potential discipline for members of the command.25

The Intelligence Law Framework

Mission and Authority

The primary question a judge advocate must consider in analyzing an intelligence law issue is whether his or her unit “has the mission” to perform an intelligence or intelligence-related act.26 Under Executive Order 12333, United States Intelligence Activities, the Department of Defense is authorized to conduct defense and defense-related foreign intelligence and counterintelligence activities.27 Foreign intelligence is defined as “information relating to the capabilities, intentions, or activities of foreign governments or elements thereof, foreign organizations, foreign persons, or international terrorists.”28 Counterintelligence means “information gathered and activities conducted to identify, deceive, exploit, disrupt, or protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations, or persons, or their agents, or international terrorist organizations or activities.”29 These broad mandates do not permit every military intelligence component to collect, analyze, produce, and disseminate intelligence about any foreign person or to attempt to disrupt all foreign espionage efforts. They simply reflect the menu of intelligence activities available to senior leaders when tasking subordinate units to accomplish specific missions. It is, therefore, vital for a judge advocate to understand the scope of their specific unit’s intelligence mission; an intelligence component may only collect information deemed reasonably necessary to accomplish its assigned mission.

As Richard M. Whitaker wrote in U.S. Military Operations: Law, Policy, and Practice, “intelligence law is a quasi-restrictive area of law, which means that every intelligence activity or operation must be tied to an authority that can be traced to either Congress or the Commander in Chief.”30 Judge advocates must be able to locate and articulate the source(s) of law that undergird their units’ intelligence activities and operations. Put simply, military units should not conduct intelligence operations in the absence of some positive authority, such as an Execute Order (EXORD) or Deployment Order (DEPORD). Every intelligence collection must have a purpose consistent with the relevant orders and intelligence taskings.

In addition to EXORDs and DEPORDs, judge advocates should consult Geographic Combatant Command Operations Orders and delegations, Operations Plans, Concept Plans, Fragmentary Orders, Operational Directives, approved unit charters, and commander PIRs. A judge advocate must know, and be able to articulate, whether the unit has both the mission and the properly delegated authority to conduct a proposed intelligence activity. Further, each intelligence discipline requires unique training, skill sets, and authorities. Even if “intelligence operations” are generally authorized in an EXORD, a particular type of intelligence activity (e.g., a military source operation or a signals intelligence collection) likely requires its own approved concept plan and may only be executed by individuals trained and certified to do so.

To illustrate, an intelligence component with the explicit authority to passively monitor PAI about al-Qaida and its affiliates would exceed the scope of its assigned intelligence mission by hacking into al-Qaida social media accounts. Likewise, the same unit would lack the authority to collect YouTube videos posted by Real Irish Republican Army members, even though it too is considered a Foreign Terrorist Organization by the U.S. Department of State.31 Finally, depending on the intelligence discipline concerned, explicit authority may be required to employ certain tactics (e.g., “direct approach” interrogations may be approved following an operation, but additional approvals are required to employ interrogation approaches like “Mutt and Jeff” or techniques like “separation”).32

Department of Defense Manual 5240.01

Once a legal advisor has a firm grasp of the unit’s assigned intelligence mission, the commander’s intelligence requirements, and the properly delegated authorities and permissions, one must turn to the Department of Defense’s Manual 5240.01, Procedures Governing the Conduct of DoD Intelligence Activities, dated 8 August 2016 (DoD Manual 5240.01).33 A legal advisor must not only understand the positive authority for a unit’s intelligence activities; they must also know the body of restrictive oversight rules that regulate and limit how those activities are conducted. As Sir William Stephenson also noted, “safeguards to prevent [intelligence abuses] must be devised, revised and rigidly applied.”34 Lawyers are in a unique position to enable intelligence personnel by ensuring they carry out their legitimate functions effectively while also protecting the privacy and constitutional rights of U.S. persons.

Some history is necessary to fully appreciate the importance of DoD Manual 5240.01. In 1975, following a series of high profile abuses by American intelligence organizations, a U.S. congressional committee led by Idaho senator Frank Church concluded that government-wide reform was needed.35 “Abuses included routine opening and reading of vast amounts of first-class mail and telegrams and drug experiments conducted on unwitting American subjects, as well as illegal wiretapping, break-ins, infiltration of and covert action attempting to influence domestic political groups. Targets included the ‘Women’s Liberation Movement’ and every Black Student Union, as well as judges, Members of Congress, and political candidates.”36 During the Vietnam War, military intelligence actors compiled personal information on more than 100,000 politically active Americans in an effort to quell civil rights and anti-war demonstrations.37 The U.S. Army used 1,500 plainclothes agents to watch demonstrations, infiltrate organizations, and spread disinformation.38 The Church Committee, looking into a variety of intelligence community abuses, called the Army program “the worst intrusion that military intelligence has ever made into the civilian community.”39

In 1980, the Church Committee moved Congress to pass the Intelligence Oversight Act. The following year, President Ronald Reagan signed Executive Order 12333, United States Intelligence Activities, which further defined the roles of the various intelligence agencies and codified a host of oversight procedures. In the fall and winter of 1982, Secretary of Defense Caspar “Willard” Weinberger40 and U.S. Attorney General William French Smith41 approved Department of Defense (DoD) 5240.1-R, Procedures Governing the Activities of DoD Intelligence Components That Affect United States Persons, a sixty-four page implementation of President Reagan’s Executive Order 12333.42 The DoD 5240.1-R established oversight guidance that Defense Intelligence Components relied on for thirty-four years.

In August 2016, after an extensive interagency review process,43 Secretary of Defense Ashton Carter and U.S. Attorney General Loretta Lynch approved a new manual for the Department of Defense. The 2016 DoD Manual 5240.01 re-affirms many of the well-established procedures for handling U.S. person information, but it also outlines several new procedures for the handling of new technology, bulk commercial data, and PAI on the Internet.

The 2016 manual includes major substantive updates to several procedures, but its basic organization mirrors the 1982 document.44 Procedures 1 through 4 still provide rules for the collection, retention, and dissemination of information. Procedures 5 through 10 still govern specialized collection techniques (i.e., Electronic Surveillance, Concealed Monitoring, Physical Searches, Searches of Mail, Physical Surveillance, and Undisclosed Participation). While Procedures 11 (Contracting for Goods and Services), 12 (Provision of Assistance to Law Enforcement), and 13 (Experimentation of Human Subjects for Intelligence Purposes) from the 1982 manual remain in effect. DoD Directive 5148.13, Intelligence Oversight, dated April 26, 2017, replaced Procedures 14 and 15 of the 1982 manual.

Collection and U.S. Person Information

The most significant update deals with the Procedure 2 concept of “collection.”45 A Defense Intelligence Component may only collect information believed to be necessary for the performance of an authorized intelligence mission. Most importantly, intelligence components may only collect certain types of U.S. person information, defined and discussed in detail below, and collection triggers a requirement to evaluate information for its necessity. Legal advisors must therefore understand precisely when collection occurs and be able to advise on the requirements that follow.

Under the 1982 regulation, information was considered to be collected only when it had been “received for use by an employee of a DoD intelligence component in the course of his official duties.”46 Data acquired by electronic means was collected only when it had been “processed into intelligible form.”47 As a result, raw metadata on a Defense Intelligence Components’ servers could be lawfully stored in perpetuity until and unless an analyst queried the server and reviewed intelligible information. Under the 1982 regulation, a component had ninety days from the point of collection to evaluate whether retention of the information was reasonably necessary to accomplish an authorized intelligence mission.48

Under the new DoD Manual 5240.01, information is considered collected as soon as it is “received by a Defense Intelligence Component, whether or not it is retained.”49 Regardless of the form of the data, as soon as a component ingests information into a database or repository, the information has been collected. While the manual urges “prompt” evaluation of collected U.S. person information, Defense Intelligence Components now have up to five years to evaluate intentionally collected U.S. person information and up to twenty-five years to evaluate incidentally collected U.S. person information from outside of the United States.50 Legal advisors must analyze Procedures 2 (“Collection of USPI”) and 3 (“Retention of USPI”) of the manual in order to properly advise intelligence units that collect U.S. person information, even inadvertently.

To illustrate, consider how one should advise a military intelligence unit commander whose mission it is to reconnoiter foreign vessels via overhead imagery. Suppose that the commander, in his search for foreign ships, incidentally collects high definition video of an identifiable, U.S. flagged commercial vessel operating in international waters. For how long can his intelligence unit retain the video files before DoD Manual 5240.01 requires an evaluation of whether the information is reasonably necessary for mission accomplishment? The answer is for twenty-five years because the information was “incidentally collected from outside of the United States.”51 Depending on a careful evaluation of the ship’s relevance to the unit’s assigned intelligence mission, the video files of the U.S. vessel should either be purged or retained. The legal advisor plays a critical role in navigating these legal and policy requirements.

Consider another example: Can an intelligence unit conducting counterterrorist-focused OSINT activities lawfully retain screenshots of tweets posted by an American freelance journalist living in Iraq? Probably, but the answer depends on the content and its relationship to the unit’s mission. If the journalist’s tweets illuminate the adversary’s activities, the answer is likely yes. If the tweets are criticisms of the President of the United States, the answer is almost certainly no. A legal advisor must assist in conducting a careful assessment of what information is reasonably necessary for the accomplishment of the unit’s intelligence mission. For example, the unit and its lawyer must ask whether the journalist’s name and the Twitter logo, both examples of U.S. person information, are required. Only a careful analysis of DoD Manual 5240.01’s application to a particular set of facts will produce sound legal counsel.52

It is important to note that, in addition to granting Defense Intelligence Components more time to evaluate U.S. person information, the new definition of “collection” explicitly excludes certain categories of data. Information has not been collected if it only “momentarily passes through a computer system” of the Component.53 Therefore, an analyst with the authority to monitor Twitter activity does not “collect” every tweet that momentarily emerges on his or her screen. Likewise, information on the Internet or in an electronic forum or repository outside the Component that is simply viewed or accessed by a Component employee but is not “copied, saved, supplemented, or used in some manner” is not collected.54 Therefore, if a military intelligence officer travels to the local Federal Bureau of Investigation (FBI) field office for a meeting and views a file containing U.S. person information, he does not trigger a requirement to evaluate the information absent an additional action (e.g., copying the file or using the information upon return to his office).

Finally, under the new manual, information can only be collected one time. Therefore, if the NSA disseminates properly collected and evaluated information to the DIA, the DIA has no obligation to conduct a second evaluation of any U.S. person information included in the data, so long as it can verify that the information received is reasonably necessary for the accomplishment of its mission.55 Despite the new, broad definition of “collection,” these concise exceptions carry significant weight in considering whether a unit’s Intelligence Oversight obligations have been triggered.

U.S. Person Information

“United States person” is defined in the same way it was in 1982, but the new manual provides modern examples.56 A U.S. person is either: 1) a U.S. citizen; 2) a permanent resident alien of the United States, also known as a “green card holder;” 3) a corporation incorporated in the United States; or 4) an unincorporated association substantially composed of U.S. citizens or permanent resident aliens.57 United States person information includes “any information that is reasonably likely to identify one or more specific U.S. persons.”58 Therefore, it could be a name (John Smith) or unique title (the Governor of California); government-associated personal or corporate identification numbers (a Social Security, passport, or driver’s license number); unique biometric records (fingerprints or a passport photograph); financial information (bank or tax records); street addresses, telephone numbers, and even Internet Protocol address information. However, references to American products or the use of American company names in a descriptive sense (e.g., Boeing 737 or Ford Mustang) do not require an evaluation under Procedure 3 of the manual. A photo of a foreign terrorist wearing a New York Yankees ball cap does not require an evaluation or redaction of the Bronx Bombers’ logo.59

It is also important for intelligence personnel and legal advisors to know that a person or organization in the United States is presumed to be a U.S. person, unless specific information to the contrary is obtained.60 Conversely, a person or organization outside the United States, or whose location is not known to be in the United States, is presumed to be a non-U.S. person, unless specific information to the contrary is obtained.61 Therefore, even though John Smith is a common American name, John Smith is presumed to be a foreigner if he lives in Turkey. If Mr. Smith posts a photo of himself walking around Istanbul in a Washington Nationals jersey, the appropriate intelligence personnel should consider investigating whether Mr. Smith is a U.S. person. Similarly, if a Defense Intelligence Component collects an image of a military-aged male in traditional Afghan attire displaying an ISIS flag, but he appears to be standing in downtown Manhattan, one must presume he is a U.S. person until contrary information is discovered (e.g., evidence that he is an Afghan citizen).

Permissible Categories

Under the new manual, Defense Intelligence Components may not intentionally collect U.S. person information unless it is reasonably believed to be necessary for the performance of an authorized intelligence mission; and falls within one of the thirteen categories identified in Procedure 2 of the manual.62 The thirteen categories, which are carefully defined in the manual, are:

  • Publicly available information;
  • Consent;
  • Foreign intelligence;
  • Counterintelligence;
  • Threats to safety;
  • Protection of intelligence sources, methods, and activities;
  • Current, former, or potential sources of assistance to intelligence activities;
  • Persons in contact with sources or potential sources;
  • Personnel security;
  • Physical security;
  • Communications security investigations;
  • Overhead and airborne reconnaissance; and administrative purposes.

In considering the effect of the various categories, it is essential to consider the foundational principle that an intelligence unit must have both the authority and the mission to conduct proposed intelligence activities. For example, just because DoD Manual 5240.01 permits the intentional collection of publicly available U.S. person information does not mean that an intelligence analyst may monitor all publicly available message boards or public chat rooms hosted by U.S. websites and populated by American Internet users. Obvious examples of impermissible activities include “LOVEINT” (spying on actual or potential romantic partners), and intelligence collection for domestic political purposes. Notwithstanding, intelligence personnel may, in their personal capacities and not related to their employment, maintain social media pages, take photographs, and read U.S. news reports (so long as they exercise operational security).

Finally, the DoD has no authority to conduct domestic intelligence activities in the absence of a DoD nexus, a reality that has been complicated by the worldwide web.63 Legal advisors should always consider whether to coordinate with the FBI when intentionally collecting information about a U.S. person reasonably believed to be engaged in international terrorism or working on behalf of a foreign government. Further, a Defense Intelligence Component may never collect U.S. person information solely for the purpose of monitoring activities protected by the First Amendment or the lawful exercise of other rights secured by the Constitution or laws of the United States.64 Judge advocates play a crucial role in considering when the exercise of free speech (e.g., harsh criticism of the U.S. military involvement in fighting in Afghanistan) becomes material support to terrorism (e.g., re-tweeting of ISIS “kill lists”).65 Strong working relationships with interagency partners and their attorneys is key to striking the appropriate balance.

Least Intrusive Means Feasible

If intelligence units have both the authority and a specific mission that requires the intentional collection of U.S. person information, the component must always use the “least intrusive collection techniques feasible.”66 Legal advisors should ensure that their clients attempt to collect U.S. person information from publicly available sources or with the consent of the person concerned. If collection from publicly available sources or obtaining consent from the person concerned is not feasible or sufficient, such information may be collected from “cooperating sources.” If collection through publicly available sources, consent, or cooperating sources is not feasible or sufficient, approval may be sought through the Department of Defense Office of General Counsel for the use of intelligence collection techniques that require a judicial warrant or approval from the Attorney General (e.g., electronic surveillance conducted under the Foreign Intelligence Surveillance Act).67 No matter what technique is employed, intelligence components must never collect any more U.S. person information than is reasonably necessary to accomplish the assigned mission.68

Further, judge advocates assigned to units that intentionally collect U.S. person information should assist in the implementation of safeguards. For example, the unit should adopt written procedures for approval of such collection efforts. A commander should regularly review subordinates’ decisions to retain U.S person information. The senior intelligence officer should restrict access or dissemination of information, and they should mask U.S. person information from those without a need to know. Additionally, physical and logical access controls, training programs, and written legal reviews are always sensible.69

The consequences of violating these policies are contained in the Department’s aforementioned issuance, DoD Directive 5148.13, Intelligence Oversight.70 A “questionable intelligence activity” (QIA) is broadly defined as any intelligence or intelligence-related activity when there is reason to believe such activity may be unlawful or contrary to an E.O., Presidential Directive, Intelligence Community Directive, or applicable DoD policy governing that activity.71 All DoD personnel are obligated to identify any QIA to their chain of command or supervision immediately.72 Failure to report a QIA is a QIA.73 If it is not practical to report a QIA or significant/highly sensitive matter to the chain of command or supervision, reports may be made to the applicable Inspector General or legal counsel.74 Questionable intelligence activities must be investigated to the extent necessary to determine the facts and “to assess whether the activity is legal and consistent with applicable policies.”75

Questionable intelligence activities are reported each quarter to the DoD Senior Intelligence Oversight Officer who informs the Attorney General and appropriate congressional committees as required.76 All QIA reports require a description of what specific law, Executive Order, Presidential or Intelligence Community Directive, or DoD policy was violated.77 The reports also require an analysis of how or why the incident occurred, the remedial action taken or planned to prevent recurrence, and a description of internal investigative findings and intelligence oversight program developments.78 Unless the unit’s servicing judge advocate understands the law and policy governing intelligence activities, they will be unable to competently advise investigating officers tasked with assessing the lawfulness of a particular activity.

Publicly Available Information and Open Source Intelligence

Judge advocates serving today must familiarize themselves with the dynamic field of OSINT law and policy. It is often stated that ninety percent of intelligence comes from open sources.79 In 2004, the National Commission on Terrorist Attacks Upon the United States (also known as the 9/11 Commission) “identified shortfalls in the ability of the United States to use all-source intelligence, a large component of which is open source intelligence.”80 In the Intelligence Reform and Terrorism Prevention Act of 2004, the U.S. Congress called for increased coordination in the collection, analysis, and production of OSINT.81 In the 2006 National Defense Authorization Act, Congress found that “open-source intelligence is a valuable intelligence discipline that must be integrated into intelligence tasking, collection, processing, exploitation, and dissemination to ensure that United States policymakers are fully and completely informed.”82 There can be no dispute that publicly available sources are fertile grounds for information; however, vast repositories of data can be difficult to manage, and they present a multitude of legal and oversight issues.


Open Source Intelligence is the process of using PAI for intelligence purposes; the discipline is not new, but the type and amount of data is. The OSINT discipline is formally defined as the “systematic collection, processing, and analysis of publicly available information in response to known or anticipated intelligence requirements.”83 The DoD Manual 5240.01 defines PAI as “information that has been published or broadcast for public consumption, is available on request to the public, is accessible on-line or otherwise to the public, is available to the public by subscription or purchase, could be seen or heard by any casual observer, is made available at a meeting open to the public, or is obtained by visiting any place or attending any event that is open to the public.”84 Since the Second World War, U.S. intelligence analysts have regularly collected, analyzed, and disseminated pertinent information from newspapers, magazines, AM/FM radio, television broadcasts, and other open communications platforms. However, the modern OSINT discipline is informally defined by cutting edge sources of, and methods for exploiting, PAI on the Internet.

As referenced earlier, several violent extremist organizations have demonstrated a “mastery of modern digital tools.”85 Enemy propagandists leverage these tools to dictate their story, word for word, to an international audience. The Islamic State, for example, was “as much a media conglomerate as a fighting force.”86 The impact of their digital propaganda is measurable. Between 2014 and 2016, over 30,000 individuals, including hundreds of Americans, were radicalized online and motivated to leave their homes to enter the conflict zone.87 Our adversaries’ reliance on social media and open source networks presents significant challenges, but also many opportunities.88

While the body of modern OSINT law and policy is still maturing, there are several well-established principles. First, military intelligence units require written and explicit authority—either direct or delegated—to collect and analyze PAI for intelligence purposes.89 Next, only trained and authorized intelligence personnel may conduct OSINT activities.90 Finally, even with proper authority, OSINT analysts must not exceed the scope of their mission while performing research and analysis of PAI. In the cyber domain, OSINT collectors risk overlapping with HUMINT collectors (i.e., those who are eliciting information from other humans online) and even SIGINT collectors (i.e., those tasked with intercepting private communications online).91 Judge advocates and their intelligence clients must understand and respect these borders.

Additionally, judge advocates must be aware of the technical requirements to conduct OSINT activities online. “New methods and systems necessitate a high level of technical knowledge for collectors obtaining and analysts processing PAI.”92 Modern OSINT activities may include the research or use of social media on computer systems that protect U.S. Government intentions, missions, or tradecraft. The use of commercial-off-the-shelf technology to collect and manage vast amounts of PAI will demand regular intelligence, ethics, and fiscal law reviews. System acquisitions, software purchases, and engagements with both traditional and atypical defense contractors all necessitate a legal advisor’s early involvement.

Advanced collection methods must only be conducted by appropriately trained and qualified personnel under clearly delegated authority. Intelligence units conducting OSINT activities must conduct regular risk assessments (defined by “tier” in Army Directive 2016-37 and other documents). Risk assessments will determine approval authorities; all lawyers can help their clients appropriately manage risk. Collectors must always protect OPSEC and comply with the requirements of DoD S-5105.63, Implementation of DoD Cover and Cover Support Activities.93 A thorough understanding of these concepts will likely require a trip to the aforementioned classified basement.

Finally, legal advisors should have an appreciation for the subtle difference between “subscription” and “membership” as it relates to social media platforms. Recall that PAI includes information “available to the public by subscription or purchase.” A legal advisor must evaluate whether OSINT personnel may lawfully seek “membership” in social media platforms under a theory of subscription. To answer the question, lawyers must read (and re-read) Procedure 10 of DoD Manual 5240.01, Undisclosed Participation in Organizations (UDP).

The 2016 Procedure 10 applies to the collection of PAI on the Internet from social media platforms incorporated in the United States if intelligence personnel must “provide identifying information.”94 Put simply, Procedure 10 applies when DoD intelligence personnel seek to establish accounts with American social media companies, with or without identifying themselves as Defense intelligence personnel, for the purpose of obtaining information posted by the organization’s members (e.g., logging onto Facebook and collecting information of foreign intelligence value).95 Depending on the OSINT concept plan, risk assessment, and collection methodology, written approval by the Defense Intelligence Component head or a delegee may be required under Procedure 10. Legal advisors whose clients engage in UDP must be intimately familiar with the procedure, including what activity that procedure generally prohibits (e.g., the collection of information about “domestic activities” of U.S. persons; actions taken to influence the organization or its members; and interactive elicitation of information from other human beings in cyberspace).96 Certain collection methodologies require elevated levels of review and approval. Every Procedure 10 request requires a thorough legal review.

Indeed, the Army’s 2016 OSINT Directive provides that “when a social media service requires registration for access or to ‘join’ a group or become a member, intelligence professionals must consult with their servicing staff or command judge advocate’s office to determine whether these requirements are an interactive activity and ensure compliance with DoD Manual 5240.01 . . . .” By policy, lawyers must be at the table, prepared to shape the future of OSINT activities online.

All judge advocates must understand three foundational Intelligence Law principles: 1) military intelligence units require positive grants of authority to conduct intelligence acts; 2) oversight rules found primarily in DoD Manual 5240.01 regulate and limit intelligence operations, their scope, and the techniques available to carry them out; and 3) the collection of U.S. person information, whether intentional or incidental, triggers a requirement to carefully evaluate the information.

Operational and intelligence commanders, both at home and deployed overseas, will increasingly rely upon judge advocates to define the gray spaces within these principles. Further, as intelligence components take advantage of opportunities presented by smart phone reliance, vast amounts of PAI, and the advanced tools available to analyze it all, lawyers must be prepared to ensure compliance with the applicable policies and directives. As lawmakers concluded following the September 11, 2001, attacks, “with the Information Revolution, the amount, significance, and accessibility of open-source information has exploded,”97 and as the defense intelligence community continues to take advantage, the military legal community must be prepared and open for business. TAL


MAJ Tramazzo was assigned as the Brigade Judge Advocate for a special operations intelligence unit at Fort Bragg, North Carolina.


1. Sun Tzu, The Art of War, Chapter XIII.

2. Numbers 13:1.

3. Id. at 13:26-33.

4. Rose Mary Sheldon, Intelligence Activities in Ancient Rome: Trust in the Gods, but Verify (2005).

5. B.A.H. Parritt, The Intelligencers: British Military Intelligence From the Middle Ages to 1929, (2011).

6. Paul Kahn, The Secret History of the Mongols (Cheng and Tsui Co., 1984).

7. Alexander Rose, Washington’s Spies: The Story of America’s First Spy Ring (2014).

8. Jay Bonansinga, Pinkerton’s War: The Civil War’s Greatest Spy and the Birth of the U.S Secret Service (2012).

9. Patrick O’Donnell, Operatives, Spies, and Saboteurs: The Unknown Story of the Men and Women of WWII’s OSS (2004).

10. A federation of sixteen separate intelligence agencies, including the Defense Intelligence Agency, National Security Agency, Twenty-Fifth Air Force, U.S. Army Intelligence and Security Command, Marine Corps Intelligence Activity, and Office of Naval Intelligence [hereinafter “Service-level intelligence headquarters”]. While neither U.S. Special Operations Command nor tactical military intelligence units are members of the Intelligence Community, the foundational legal and policy principles applicable to the IC, SOF, and conventional military intelligence activities are similar.

11. U.S. Intelligence Community Budget, Off. of Director of Nat’l Intelligence,; William Arkin & Dana Priest, Top Secret America, Wash. Post, July 19, 2010.

12. William Stevenson, A Man Called Intrepid: The Incredible True Story of the Master Spy Who Helped Win World War II (1976).

13. Exec. Order No. 12,333, 3 C.F.R. 200, Preamble (1981), as amended by Exec. Order No. 13284 Fed. Reg. 4075 (Jan. 23, 2003) [hereinafter E.O. 12333].

14. See Joint Chiefs of Staff, Joint Pub. 2-0, Joint Intelligence, Executive Summary (22 Oct. 2013).

15. See, e.g., David Kris, The CIA’s New Guidelines Governing Publicly Available Information, LAWFARE (Mar. 21, 2017, 12:31 PM),

16. The same can be said for other Services’ judge advocates. For example, Marine Corps Warfighting Pub. 2-1, Intelligence Operations, describes the organic intelligence assets at the Marine Expeditionary Force level (e.g., Radio Battalions, Intelligence Battalions). Additionally, as part of the Marine Corps’ distributed operations concept, the USMC has developed Company Level Intelligence Cells, or “CLICs.” See Marine Corps Interim Pub. 2-10.1i, Company Level Intelligence Cell.

17. U.S. Dep’t of Army, Field Manual 3-96, Brigade Combat Team (8 Oct. 2015).

18. U.S. Dep’t of Army, Training Circular 3-21.75, The Warrior Ethos and Soldier Combat Skills ch. 9 (13 Aug. 2013).

19. See, e.g., Major Ian W. Baldwin, Advising Special Forces, Army Law., May 2016, 17; see also Major Gary L. Walsh, Role of the Judge Advocate in Special Operations, Army Law., Aug. 1989, 5–6.

20. See Int’l & Operational Law Dep’t, The Judge Advocate Gen.’s Legal Ctr. & Sch., U.S. Army, Operational Law Handbook 109-118 (2018) [hereinafter Operational Law Handbook]. Interrogation is a categorized as a Military Source Operation, a sub-set of Human Intelligence (HUMINT).

21. See Kevin W. Kapitan, An Introduction to Intelligence Oversight and Sensitive Information: The Department of Defense Rules for Protecting American’s Information and Privacy, Army Law., April 2013, 3.

22. See U.S. Dep’t of Army, Field Manual Interim 34-130, Specific Tactics, Techniques, and Procedures and Applications for Intelligence Preparation of the Battlefield (31 Mar. 2009).

23. Harleen Gambhir, The Virtual Caliphate: ISIS’s Information War, Inst. for Study of War (Dec. 20, 2016),

24. The Second Machine Age: Work, Progress, and Prosperity in a Time of Brilliant Technologies by Erik Brynjolfsson and Andrew McAfee highlights digitization and the automation of cognitive tasks.

25. A questionable intelligence activity refers to any conduct that constitutes, or is related to, an intelligence activity that may violate the law, any executive order or presidential directive, including E.O. 12333 or applicable DoD policy. U.S. Dep’t of Def., Dir. 5148.13, Intelligence Oversight (26 Apr. 2017) [hereinafter DoDD 5148.13].

26. Executive Order 13,470, 73 Fed. Reg. 53593, § 1.5(f) (Aug. 27, 2004).

27. See E.O. 12333, supra note 13; Exec. Order No 13,355, 69 Fed. Reg. 53,593 (Aug. 27, 2004); and Exec. Order No. 13,470, 73 Fed. Reg. 45323 (July 30, 2008) [hereinafter E.O. 13470].

28. E.O. 12333, supra note 13, para. 3.5(e).

29. E.O. 12333, supra note 13, para. 3.5(a).

30. VanLandingham, Corn, and Reeves, U.S. Military Operations: Law, Policy, and Practice 520 (Oxford University Press, 2016).

31. See 8 U.S.C. § 1189 (2004); see also Foreign Terrorist Organizations, U.S. Dep’t of State,

32. Operational Law Handbook, supra note 20 at 117; see also U.S. Dep’t of Army, Field Manual 2-22.3, Human Intelligence Collector Operations, at 8–65 (Sept. 2006).

33. U.S. Dep’t of Def., DoDM 5240.01, Procedures Governing the Conduct of DoD Intelligence Activities (8 Aug. 2016) [hereinafter DoDM 5240.01].

34. Democratic Oversight of Intelligence Services 212 (Daniel Baldino ed., Federation Press 2010).

35. S. Select Comm. to Study Gov’t Operations with Respect to Intel. Activities, S. Rep. No. 94-755 (1976), [hereinafter Church Committee Report].

36. See Kris, supra note 15.

37. Church Committee Report, supra note 35, at 784.

38. Id.

39. Id. at 792.

40. Secretary Weinberger (1917–2006) served as an intelligence officer on General Douglas MacArthur’s staff during World War II.

41. Smith served as a judge advocate in the United States Navy from 1942–1946.

42. U.S. Dep’t of Def., 5240.1-R, Procedures Governing the Activities of DoD Intelligence Components that Affect United States Persons (Dec. 1982) [hereinafter DoD 5240.1-R].

43. The update was overseen by the DoD Senior Intelligence Oversight Official in coordination with officials from each Defense Intelligence Component (including the Department’s Senior Official for Privacy), the Department of Justice (including the Department’s Privacy and Civil Liberties Officer), and the Office of the Director of National Intelligence.

44. For a thorough overview and practical guide to the now superseded DoD 5240.1-R, see Kevin W. Kapitan, An Introduction to Intelligence Oversight and Sensitive Information: The Department of Defense Rules for Protecting American’s Information and Privacy, Army Law., April 2013.

45. DoDM 5240.01, supra note 33, at 45.

46. DoD 5240.1-R, supra note 42, at 15.

47. Id.

48. Id. at 21.

49. DoD 5240.01, supra note 33, at 45.

50. Id. at 15–16.

51. Id. at 16.

52. The training materials available on the Department of Defense Senior Intelligence Oversight Officer’s website are vital, unclassified sources of assistance. See

53. DoDM 5240.01, supra note 33, at 16.

54. Id.

55. Procedure 4 of the manual only permits the dissemination of U.S. person information if the collecting component properly collected and retained it in accordance with Procedures 2 and 3.

56. DoD 5240.1-R, supra note 42 at 12.

57. DoDM 5240.01, supra note 33 at 54.

58. Id.

59. Id. at 55.

60. Id.

61. Id.

62. Id. at 11–13.

63. See Kapitan, supra note 21, at 9.

64. DoDM 5240.01, supra note 33, at 14.

65. See Andrew Blake, ISIS Supporter Sentenced to 20 Years for Reblogging “Kill List,Wash. Times (Aug. 3, 2017),

66. DoDM 5240.01, supra note 33, at 14.

67. 50 U.S.C. §§ 1801–1862 (2011).

68. DoDM 5240.01, supra note 33, at 14.

69. Id. at 19–20.

70. DoDD 5148.13, supra note 25.

71. Id. at 16.

72. Id. at 10.

73. Id. (“DoD personnel must identify any QIA . . . immediately” (emphasis added)).

74. Id.

75. Id.

76. Id. at 11.

77. Id. at 13.

78. Id. at 14.

79. Richard. Best & Alfred Cumming, Cong. Research Serv., RL31340, Open Source Intelligence (OSINT): Issues for Congress 7 (2007),

80. National Defense Authorization Act for Fiscal Year 2006, Pub. L. 109-163, § 931(a)(5), 119 Stat. 3136, 3411.

81. Intelligence Reform and Terrorism Prevention Act of 2004, Pub. L. 108-458, 118 Stat. 3638.

82. National Defense Authorization Act for Fiscal Year 2006, Pub. L. 109-163, § 931, 119 Stat. 3136, 3411.

83. See, e.g., U.S. Special Operations Command Directive 525-30, Open Source Intelligence 2 (8 May 2017).

84. DoDM 5240.01, supra note 33 at 53.

85. Id.

86. Charlie Winter, ISIS is Using the Media Against Itself, The Atlantic (Mar. 23, 2016),

87. Brendan Koerner, Why ISIS is Winning the Social Media War, Wired (Apr. 2016),

88. Id.

89. U.S. Dep’t of Army, Dir. 2016-37, U.S. Army Open Source Intelligence Activities para. 4 (22 Nov. 2016) [hereinafter DoDD 2016-37].

90. Id. para. 7.

91. Heath Williams & Ilana Blum, Defining Second Generation Open Source Intelligence (OSINT) for the Defense Enterprise, RAND Corporation 9 (Jan. 1, 2018),

92. Id. at 1.

93. DoDD 2016-37, supra note 89.

94. DoDM 5240.01, supra note 33, at 39.

95. Id. at 41.

96. Id.

97. National Defense Authorization Act for Fiscal Year 2006, Pub. L. 109-163, § 931(a)(2), 119 Stat. 3136, 3411.