National Guard BureauJoint Intelligence Directorate
Intelligence Oversight Policy Analyst
CTR GiGi Singleton (703) 607-5502
Kansas National Guard:CPT Daniel Jones(785) 646-3072
MSgt Scott Mick(785) 646-3084
UNCLASSIFIED//FOR OFFICIAL USE ONLY
Kansas National GuardIntelligence Oversight Training
Purpose‒ To ensure the legality and propriety of all intelligence and
intelligence-related activity• Special emphasis on protecting the Constitutional and privacy rights
of US Persons History
‒ Executive Order 12333• Provides clear guidelines on how to perform intelligence activities
consistent with the legal rights guaranteed to all US Persons by the Constitution
• Gives DoD Intelligence Component the Foreign Intelligence and Counterintelligence Mission
Intelligence Oversight:Purpose and History
References
Department of Defense (DoD)− DoD Manual 5240.01, Procedures Governing the Conduct of DoD Intelligence Activities, 8
Aug 16− DoD 5240.1-R, Change 1, Procedures Governing the Activities of DoD Intelligence
Components that Affect United States Persons, 8 Aug 16− DoDD 5148.13, Intelligence Oversight, 26 Apr 17
Army − Department of the Army Memo, Implementing Guidance for Intelligence Oversight, 15 Aug
16− Army Regulation (AR) 381-10, US Army Intelligence Activities, 3 May 07
Air Force− Air Force Guidance Memorandum to AFI 14-104, Oversight of Intelligence Activities, 29 Sep
16− Air Force Instruction (AFI) 14-104, Oversight of Intelligence Activities, 5 Nov 14
Chief, National Guard Bureau− CNGB Instruction (CNGBI) 2000.01, National Guard Intelligence Activities, 04 Apr 17− CNGB Manual (CNGBM) 2000.01, National Guard Intelligence Activities, 26 Nov 12− CNGBI 7500.00
State‒ Kansas National Guard SOP 381-10, Intelligence Oversight, 8 Dec 16
NGB IGO reports many ARNG and ANG units are unaware of CNGB Title 32
Intelligence Oversight Policy
IO Training Requirements
Title 32 National Guard subject to CNGBI 2000.01‒ Initial Training within 90 days of assignment/employment‒ Refresher Training as part of the routine command training program‒ Tailored to unit mission
Title 10 Army Guardsmen subject to AR 381-10‒ Initial Training within 30 days of assignment/ employment ‒ Refresher Training as part of the routine command training program‒ Tailored to unit mission
Title 10 Air Guardsmen subject to AFI 14-104‒ Initial Training within 60 days of assignment/arrival to unit‒ Annual Refresher Training‒ Pre-deployment if training will expire during
deployment‒ HAF/A2-directed IO Training until standardized training on ADLS
website has been updated or local IO training meeting HA/A2 substitution requirements**
- PEX is NOT mandatory for IO Training and Reporting
ADLS training may be substituted with CNGB-required mission tailored training (pre-approved by HAF/A2 through ANG/A2)so long as (1) all slides in ADLS trainingare covered and (2) a written test is given.
DoD Procedures
DoDM 5240.01, 8 Aug 16 PROCEDURE 1 General Provisions PROCEDURE 2 Collection of U.S Persons Information (USPI) PROCEDURE 3 Retention of USPI PROCEDURE 4 Dissemination of USPI PROCEDURE 5 Electronic Surveillance PROCEDURE 6 Concealed Monitoring PROCEDURE 7 Physical Searches PROCEDURE 8 Searches of Mail and the Use of Mail Covers PROCEDURE 9 Physical Surveillance PROCEDURE 10 Undisclosed Participation in Organizations
DoD 5240.1-R Change 1, 8 Aug 16 PROCEDURE 11 Contracting for Goods and Services PROCEDURE 12 Provision of Assistance to Law Enforcement Authorities PROCEDURE 13 Experimentation on Human Subjects for Intelligence Purposes
DoDD 5148.13, 26 Apr 17 Identifying, Investigating, and Reporting Questionable Activities and S/HSM
Procedure 1: General Provisions
Applicability of the regulation‒ All personnel assigned to intelligence staffs, units and organizations‒ All personnel conducting intelligence and intelligence-related activities
General principles governing intelligence and intelligence-related activity‒ Conduct all intelligence activity IAW U.S. Constitution, laws, Executive
orders, Presidential directives and applicable policy‒ Do not infringe on US Persons’ Constitutional or privacy rights ‒ Collect, retain, and disseminate information based on a lawfully assigned
mission and function‒ Employ the least intrusive lawful techniques‒ Report all possible violations of federal criminal law by employees
Intelligence Oversight (IO) rules apply to:‒ All personnel assigned to a DoD/National Guard Intelligence
Staff, Unit or Organization (Title 10 and Title 32)• Military personnel, civilians and contractors• MOS/AFSC does not matter
‒ All personnel conducting an intelligence or intelligence-related activity (Title 10 and Title 32)• Military personnel, civilian and contractors• Unit of assignment and MOS/AFSC do not matter
Applicability
Non-Intelligence Component
Not Subject to Intelligence Oversight‒ Subject to Protection of Non-DoD Affiliated (NDA) Persons
Information rules• Governed by: DoD Directive 5200.27, Acquisition of Information Concerning
Persons and Organizations Not Affiliated with the Department of Defense
Chief National Guard Bureau Instruction 2400.00, Acquisition of Information Concerning Persons and Organizations Not Affiliated with the Department of Defense
State Active Duty‒ All personnel subject to state law, to include privacy laws‒ Prohibited from using federal Intelligence equipment (e.g.,
UAS, JWICS, and DCGS) without Secretary of Defense approval
Forbidden Activities
Do not investigate U.S. persons or collect or maintain information about them solely for the purpose of monitoring activities protected by the First Amendment or the lawful exercise of other rights secured by the Constitution or laws of the United States
Do not participate in or request any person or entity to undertake any activities that are forbidden by E.O. 12333 or DoDM 5240.01
Do not engage in any intelligence activity, including dissemination to the White House, for the purpose of affecting the U.S. political process
Requesting any other parties perform an act which is forbidden to the intelligence component
Forbidden Activities
Requires hosts to enable audits of access of USPI “to the extent practicable”
Requires participants to inform hosts that their participation complies with all laws and procedures (IO, Privacy and Civil Liberties Protection) applicable to the protection of USPI
Requires components participating in a shared repository to comply with all provisions of the procedures
IAA Application: DAART ‒ NGB requires each participant
acknowledge in writing receipt of Intelligence Oversight training and agreement to comply with all law, policies, and procedures applicable to the protection of USPI before granting access
What is a US Person?
A US Person is defined as:‒ A US citizen‒ A permanent resident alien in the US‒ A US corporation (except those directed or controlled by
foreign governments)‒ An unincorporated association composed substantially of
US citizens or permanent resident aliens
Assumptions
A person known to be in the US is presumed to be a US Person
A person known to be outside the US is presumed not to be a US Person
A foreign national known to be in the US is presumed not to be a US Person
Is this a US Person?
Leaders of the Islamic State in Iraq and Syria (ISIS)
Is this a US Person?
Homes damaged by tornadoWichita, KS
Is this a US Person?
Chemical Company in Kingsdown, KS
Is this a US Person?
Foreign students at the University of Arizona
Intelligence Activities
Intelligence Activities‒ The collection, processing, analysis and dissemination of foreign
intelligence (FI) and/or counterintelligence (CI) Non-intelligence Activities
‒ Any activities conducted by or with a DoD intelligence component asset or capability that do not involve FI/CI
Intelligence-related Activities‒ Any activities outside the DoD intelligence component that:
respond to operational commanders' tasking for time-sensitive information on foreign entities; respond to nationalintelligence community tasking of systems whose primary mission is support to operating forces; trainpersonnel for intelligence duties; provide an intelligence reserve; or are devoted to research and development of intelligence capabilities.
National Guard Domestic Operations and Intelligence Oversight
If the National Guard’s domestic mission is a non-intelligence activity, why do IO rules to National Guard domestic operations?− T32 Training Status – leveraging intelligence training for an incidental
operational benefit− Intelligence Training (intelligence-related activity) is subject to IO
rules‒ When SecDef authorizes the use of military intelligence personnel,
equipment and/or activities for non-intelligence purposes, he always includes IO guidance
‒ Therefore, CNGB has applied Intelligence Oversight rules to all National Guard domestic intelligence sets
What type of activity?
Intelligence personnel from the Kansas National Guard research threats to brief to Guardsmen traveling to Armenia as part of a State Partnership Program Exchange.
INTELLIGENCE ACTIVITY
What type of activity?
Air National Guard Eagle Vision technicians from the South Carolina National Guard capture imagery and post it to an Eagle Vision portal for the 184th Intelligence Group personnel to use for Incident Awareness and Assessment (IAA) training during a drill weekend.
INTELLIGENCE-RELATED ACTIVITY
What type of activity?
Kansas Guardsmen assist in search and rescue efforts, power generation, establishment of shelters, distribution of food and water, and debris removal in the wake of an F-5 tornado that almost destroyed the town of Greensburg.
NON-INTELLIGENCE ACTIVITY
Procedure 2: Collection
− Collection occurs one time “upon receipt”− Information must be evaluated “promptly”, but not to exceed 5- or 25-
year retention periods− Four categories of collection: intentional, incidental, voluntarily
provided, special circumstance− May be collected if:
• Mission and Authority• Reasonably Believed to be Necessary• Approved Category of Information• Least Intrusive Means
Sources of Mission and Authority
The Constitution United States Code (e.g., Title 10, Title 32, Title 50) Executive Orders EXORDS and OPORDS Secretary of Defense Memorandums State Plans (e.g., EAP and EMAC) FEMA and Other Primary Agency Mission Assignments
Kansas National Guard Mission
Federal Mission:To provide trained and equipped units to augment the
active Army and Air Force during times of war, national emergency, or Presidential Selected Reserve Call-up.State Mission:
To provide trained and disciplined forces for domestic emergencies or as otherwise provided by state law.
Is it Necessary?
Is the information mission critical? Will failure to disclose the information negatively impact the
intelligence assessment? Will failure to disclose this information create FP
vulnerabilities? Does the information directly support the Commander’s
Critical Information Requirements (CCIRs) and Priority Intelligence Requirements (PIRs)?
Is this information necessary for the Commander’s decision making process?
Will/could this information impact a Course of Action (COA) at a decision point?
Can the information be substituted with the term “USPER” and still achieve the same end result?
Publicly available information Information obtained with consent Information reasonably believed to constitute Foreign intelligence Counterintelligence Threats to safety Protection of intelligence sources, methods and activities Current, former or potential sources of assistance to intelligence activities Persons in contact with sources of potential sources Personnel security Physical security Communications security (COMSEC) investigation Overhead and airborne reconnaissance (not for the
purpose of targeting specific US Persons)**A second category required to collect
Administrative purposes
DoD 5240.1-R Approved Categories of Information
DoDD 5200.27 Authorized Missions
Protection of DoD functions and property Personnel security Operations related to Civil Disturbance
Weapons of Mass Destruction-Civil Support Teams (WMD-CST) – Congressional authorization
DoDD 5200.27 Authorized Missions
INTELLIGENCE COMPONENT Publicly available information Information obtained with consent Information reasonably believed to constitute Foreign
intelligence Counterintelligence Threats to safety Protection of intelligence sources and methods Current, former or potential sources of assistance to
intelligence activities Persons in contact with sources of potential sources Physical security Personnel security Communications security(COMSEC) investigation Overhead and airborne reconnaissance (not for the
purpose of targeting specific US Persons)**A second category required to collect
Administrative purposes
NON-INTELLIGENCE COMPONENT‒ Protection of DoD functions and
property‒ Personnel security‒ Operations related to Civil
Disturbance
‒ Weapons of Mass Destruction-Civil Support Teams (WMD-CST) – Congressional authorization
Methods of Collection
Methods of collection should be from the least intrusive means− Collect first from publicly available sources or with US person’s
consent− Collect from cooperating sources− Lawful intelligence collection techniques that do not require a
judicial warrant or approval from U.S. Attorney General− Lawful intelligence collection techniques that require a judicial
warrant or approval from U.S. Attorney General
Limit collection of non-publicly available USPI to “no more information than is reasonably necessary”
Least intrusive Most intrusiveMeans Means
Collect?
In his civilian capacity, a military intelligence NCO works as an intelligence analyst for a large corporation. His duties include reporting on threats to corporate offices in international locations. On a drill weekend, the NCO uses DoD databases to research threats and write a few reports for his civilian job.
No, no mission and authority
Collect?
An NCO in the Military Intelligence Company (MICO) believes his wife is having an affair. He “borrows” her phone and conducts cell phone analysis with unit equipment during a drill weekend to gather evidence.
No, no mission and authority
Collect?
In the wake of severe flooding throughout the State, the Joint Force Headquarters tasks the Civil Air Patrol to stream full motion video to the DCGS-KS. Airmen process and analyze the imagery on unclassified systems, and forward briefings and reports to the Joint Force Headquarters Joint Operation Center, where they are used for situational awareness and to evaluate the effectiveness of Kansas National Guard response efforts.
Yes. NG intelligence component personnel and non-intelligence equipment may be used for IAA to fulfill TAG requirements for situational awareness or planning purposes, or upon receipt of an NG JFHQ-S or NGB-validated primary agency/lead federal agency Request for Assistance (RFA).
TAG would like more information about members of a local youth gang, who are reportedly painting graffiti on National Guard facilities throughout the State. May J2 personnel research this group and prepare briefings and reports?
No, no mission and authority
Collect?
Procedure 3: Retention
Retention Standard: Promptly evaluate all information that may contain USPI to determine whether it may be permanently retained
Permanent Retention:• Reasonable belief that retention of the USPI is necessary to perform
authorized intelligence mission or function,• Information was lawfully collected or disseminated, AND• One of the following: Information falls within an approved category of information, or Information is necessary to understand or assess FI or CI
Evaluation Period (Temporary Retention):− 5 or 25 years based on the location of the intended target of collection
and type of collection Delete all USPI when:
− Permanent retention standard has not been met OR− A determination concerning retention standard cannot be met within
specified evaluation period
What information may be retained?
Information collected IAW Procedure 2 or collected incidentally but could have been collected IAW Procedure 2
Information necessary to accomplish assigned mission and function
Access and Retention
Controlled access: limited to need-to-know
Document decisions to permanently retain USPI
All files and documents containing US Persons info must be marked:− ATTENTION: This document contains U.S. persons information, which has been
included consistent with all applicable laws, directives, and policies− The first time a U.S. person appears in a document, the marking “USPER” will precede
the name and/or alias.
Retained files must be reviewed annually; all unnecessary information will be destroyed − Letter of certification
Does NOT apply when information is retained for administrative purposes or is required by law to be maintained
Annual training for employees who access USPI Database queries:
− Establish written procedures for queries− Queries must be relevant and tailored
Periodically audit information systems
Access and Retention
Retain?
Mary Evans234-56-7890
Joe Smith123-45-6789
John Cole345-67-8901
Evelyn Johns456-78-9012
Vay Ri Wong356-78-9012
Doug Small978-90-1234
Retain?
Iran: Internet Attacks on U.S. Banks
China: Cyber Attacks against DoD Contractors
China: Cyber Attacks against U.S. Military Computers
Middle East Cyber Attacks on U.S.
Al Qaeda Cyber Capabilities
North Korea: Cyber Warfare Capabilities
Retain?
Cimarron Bridge,13 Mi E of Liberal, KS
Wesley Medical Center,Wichita, KS
Stormont Vail,Topeka, KSRainbow Bridge,
Baxter Springs, KS
Procedure 4: Dissemination
Information must have been properly collected or retained under Procedures 2 or 3
May only be disseminated by intelligence component employees who have received training on this procedure
Information must fall into one or more approved dissemination categories, and meet dissemination criteria and rules
Dissemination Categories
Dissemination Categories
Dissemination Categories
Procedure 12: Provision of Assistance to Law Enforcement Authorities
Describes types of permissible assistance to law enforcement authorities and sets forth procedures for providing this assistance
Intelligence components may cooperate with law enforcement officials− For investigating or preventing
• Clandestine intelligence activities by foreign powers• International narcotics activities• International terrorist activities
− Protecting DoD employees, information, property, and facilities− Preventing, detecting, or investigating other violations of law
Permissible Types of Assistance
Incidentally acquired information believed to indicate a violation of federal, state, tribal, or local law
Personnel or specialized equipment and facilities may be provided to federal law enforcement authorities when approved by SecDef through NGB
**No leveraging intelligence training to incidentally benefit law enforcement without SecDef approval**
Provides details validating the legality of providing NG intelligence component’s personnel, specialized equipment, or facilities to LE authorities when they are used to support intelligence functions of those agencies
Electronic Templates of P12 memo are available for download on the NG-J2 Sharepoint webpage:
Procedure 12 Memorandum
https://gkoportal.ng.mil/joint/J2/NG-J2_IO/default.aspx
DHS requests DoD provide approximately 1,200 National Guard personnel in support of civil law enforcement activities along the Southwest Border...
Example: Southwest Border Mission
Example: Southwest Border Mission
I approve the use of up to 1,200 National Guard personnel in title 32, U.S.C., section 502(f) status...to perform command and control, criminal investigative analysis, and Entry Identification Team activities in response to the request for support from the Department of Homeland Security.
Example: Southwest Border Mission
Chairman, Joint Chiefs of Staff publishes EXORD authorizing National Guard to support DHS by performing the following intelligence activities:1. ISR/IAA2. Geospatial Support3. Intelligence Analysis4. Linguist translation and interpretation, including document exploitation5. Other intelligence support missions as required within applicable statutes and as requested and approved by SecDef
Example: Southwest Border Mission
EXORD clearly spells out IO rules. Intelligence Oversight and Law
Enforcement Derived Information (LEDI). The primary agency exercises overall responsibility for the collection, analysis, retention and dissemination of information concerning the operational environment. Military intelligence assets will not engage in intelligence collection activities again US persons, unless the mission of the intelligence organization directs collection on US persons and the law authorizes the collection IAW EO 12333 and DoD 5240.1-R. All collection of information on US persons will be coordinated with the FBI.
DoDD 5148.13 Employee Conduct
National Guard intelligence components must:‒ Conduct intelligence activities IAW all relevant executive
orders, law, regulations, and policies‒ Be familiar with Procedures 1-4, DoDD 5148.13 and any
other procedures employed by the intelligence component‒ Initial and annual training‒ Report questionable intelligence activity (QIA),
significant/highly sensitive (S/HS) matters and federal crimes
Report all immediately through your chain of command or unit IO Monitor to State IG
State IG must report a QIA to NGB IG within five working days
State IG must report S/HS matters upon receipt to NGB IGO
Those who report are protected from retribution or adverse action
Reporting QIA,S/HS Matters and Federal Crimes
QIA
“Questionable Intelligence Activity” refers to any intelligence or intelligence related activity when there is reason to believe such activity may be unlawful or contrary to an Executive Order, Presidential directive, Intelligence Community Directive, or applicable DoD policy governing that activity
Samples of QIA
Improper collection, retention, or dissemination of US Persons information‒ Incorporating US Persons information into an intelligence product without
determining if identifying the person is appropriate‒ Collecting US persons information for force protection purposes without
determining if the intelligence function related to it is authorized Misrepresentation
‒ Using the status as an intelligence member to gain access for non-mission-related purposes
‒ Claiming to be conducting a highly classified activity or an investigation, for personal gain, unauthorized access, or to impress or intimidate others
Questionable Intelligence Activity constituting a crime‒ Stealing a source’s payments‒ Using intelligence funds for personal gain
Misconduct in the performance of intelligence duties‒ Falsifying investigative reports or personnel security
investigation interviews
S/HS Matters
“Sensitive/Highly Sensitive Matters” refers to any intelligence or intelligence related activity (regardless of whether the intelligence or intelligence related activity is unlawful or contrary to an E.O., Presidential directive, Intelligence Community directive, or DoDpolicy), or serious criminal activity by intelligence personnel, that could impugn the reputation or integrity of the Intelligence Community, or otherwise call into question the propriety of intelligence matters‒ Includes matters(a) Involving congressional inquiries or investigations,
(b) That may result in adverse media coverage, (c) That may impact on foreign relations or foreign partners, or (d) Related to the unauthorized disclosure of classified or protected information, such as information identifying a sensitive source and method
Federal Crimes
Military Intelligence professionals are required to report:‒ Significant CI activities‒ Criminal cases‒ Instances of espionage ‒ Other possible federal crimes
Ensures senior DoD and DoJ leadership are aware of:‒ Serious federal crimes involving military intelligence
personnel‒ Possible violations of federal law by others that may come
to the attention of intelligence professionals
Identify person(s) committing the alleged QIA, S/HS Matter or federal crime by name, rank or civilian grade; security clearance and access; unit of assignment, employment, attachment or detail; and assigned duties at the time of the activity
State when and where the activity occurred
Describe the activity and how it constitutes a QIA, S/HS Matter, or federal crime (the applicable portion(s) of DoDD 5148.13 and other applicable law or policy should be cited)
Cite any investigative or corrective action taken
Can Use KSNG SOP Appendix H format
Template
An Kansas National Guard intelligence professional coaches another on how to pass a polygraph.
YES. QIA.
Report?
An Kansas National Guard military intelligence NCO is arrested for DUI.
No. Not QIA, S/HS matter or federal crime.
Report?
An Kansas National Guard military intelligence NCO is arrested for DUI after running a barricade at the White House and killing a U.S. Senator.
YES. S/HS Matter
Report?
A military intelligence NCO accidentally sends Secret-level classified information via NIPRNet.
No. Not QIA, S/HS Matter or federal crime. Report through security and supervisory channels.
Report?
TAG would like more information on members of a local youth gang, who are reportedly painting graffiti on National Guard facilities throughout the State, so J2 personnel research this group and prepare briefings and reports.
Yes. QIA.
Report?
Your neighbor, a traditional military intelligence Guardsman in your unit, is arrested under 18 U.S.C. §2251- Sexual Exploitation of Children for producing child pornography.
Yes. Federal crime.
Report?
IO Monitors MUST submit quarterly IO Reports to State J2 State J2 compiles data and submits state quarterly IO
Report to State IG State IG forwards quarterly IO report to NGB-IGO NGB-IGO provides data to the DoD Office of the Senior
Intelligence Oversight Official‒ Annual report to Congress regarding DoD IO activities‒ Quarterly reports to SecDef, DepSecDef, President’s IO
Board, and Director of National Intelligence (DNI)
Quarterly Reporting
SampleQuarterly Report Template
Intelligence Oversight Process
Information obtained with consent Publicly available information Foreign Intelligence Counterintelligence Potential sources of assistance to intelligence activities Protection of intelligence sources and methods Physical Security Personnel Security Communications Security Narcotics Threats to Safety Overhead Reconnaissance Administrative Information
Approved Categories
Special Collection Techniques Require Additional Approval
Electronic surveillance (Procedure 5) Concealed monitoring (Procedure 6) Physical searches (Procedure 7) Searches of Mail and the Use of Mail Covers (Procedure 8) Physical surveillance (Procedure 9) Undisclosed participation in an organization (Procedure 10) Undisclosed contracting for goods and services for intelligence
purposes (Procedure 11) Domestic Imagery (NGA and DIA guidance) Any other activities that could be perceived by the general
public as a covert surveillance and covert reconnaissance activity (NGB policy)
ElectronicSurveillance (Procedure 5)
A flash mob is out of control.
‒ May the Governor request, and TAG order, the use of tactical signals intelligence (SIGINT) systems to assist in relaying relevant information about the mob to better prepare the NG and law enforcement by predicting where problems will occur?
May the governor request, and TAG order, National Guard intelligence personnel to attend services and meetings at the mosques and Islamic centers throughout the State, without disclosing their intelligence affiliation, to ascertain if anti-U.S. sentiment exists or terrorist planning is taking place?
Undisclosed Participation(Procedure 10)
Domestic Imagery
Definition: Any new collection or historical imagery or overhead persistent infrared (OPIR) data collected by satellite (national, commercial or tactical) and airborne platforms for intelligence purposes that cover the land areas of the 50 United States, the District of Columbia, and the territories and possessions of the US, to a 12 nautical mile seaward limit of these land areas
NG domestic imagery users must be aware of the legal and policy concerns associated with domestic imagery, particularly of US persons and private property. Individuals may be held personally responsible for any violation of law or inappropriate use of domestic imagery
Legally Valid Requirements
Responses to natural disasters and civilian emergencies CI, FP, and security-related vulnerability assessments Environmental studies Exercise, training, testing or navigational purposes Support to law enforcement
Commercial Satellite Imagery
Higher-level approval not required Must have valid mission and necessity, such as military
training or domestic disaster relief operations Internal Memorandum for Record (MFR) required
‒ Certifies proper use Follow DoDM 5240.01 procedures for US Persons
information
ClassifiedReconnaissance Satellite Imagery
NGA Regulated by NSGM FA 1806,
Domestic Imagery Proper Use Memorandum
(PUM) required Requests for newly acquired
imagery‒ Title 32: through NGB to NGA ‒ Title 10: through active
component to NGA
Airborne Platforms
DIA Regulated by Guidance for Domestic Imagery Collection
and the Submission of Proper Use Statements Proper Use Memorandum (PUM) required CNGBI 7500.00 governs use of UAS for NG
National Guard Airborne ImageryCollection Policy
May collect imagery during formal and continuation training missions as long as the collected imagery is not for the purpose of obtaining information about specific US persons or private property without consent‒ May incidentally include US persons or private property without
consent May not conduct nonconsensual surveillance on specifically
identified US persons, unless expressly approved by the Secretary of Defense, consistent with US law and regulations‒ Civil law enforcement agency will control any such data collected
Tracking will only be conducted on approved vehicles in which the owner/operator has given consent to the unit to conduct the tracking
All domestic imagery will contain incidentally collected US Persons information‒ Retain if mission, authority and necessity to do so‒ If not, purge, redact, delete or destroy
Do not post to general access database systems
Retention ofDomestic Imagery
Dissemination ofDomestic Imagery
Only to parties identified in PUM or MFR unless specific, lawful governmental function requirement:‒ DoD employee/contractor requiring imagery for official duties‒ Federal, state or local law enforcement entity if imagery
indicates involvement in illegal activities‒ Intelligence Community agency if imagery is relevant to lawful
function‒ Federal government agency employee if imagery is relevant to
lawful governmental function‒ A foreign government and dissemination is pursuant to an
agreement between governments Includes passing incidentally collected criminal information to
appropriate law enforcement agency Do not post to general access database systems
Is a PUM required?
Immediate Response Authority
Direct, immediate emergencies ‒ To safeguard life, property and public order ‒ To prevent loss of life or wanton destruction
of property and to restore governmental functioning and public order
‒ When unexpected civil disturbances, disaster, calamities or normal governmental functions are unable to control the situation
TAG may authorize domestic imagery collection mission
PUM must be filed as soon as possible during or after mission
** DOES NOT APPLY TO FEDERAL ISR EQUIPMENT AND RPA/UAS– SecDef approval is required**
Special Focus Areas
Force Protection vs. Intelligence Intelligence Support and Information Collection during
Domestic Operations Incident Awareness and Assessment (IAA) Use of Unmanned Aircraft Systems (UAS) for Domestic
Operations Joint Intelligence Preparation of the Operational
Environment (JIPOE) The Internet Social Media
Force Protection
A law enforcement responsibility J2 focus is transnational terrorist and opposing military force
threat J2 and J34 must work closely together Intelligence and Force Protection must be handled separately
through their respective channels, but can work together It is not your MOS that is the determining factor but your duty
status.‒ Intelligence personnel can be assigned to the J34 to perform an
FP function!
Intel vs. Force Protection
Monitor foreign threats to NG, DoD, travel
Monitor natural threats
Monitor man-made disasters/accidents
Liaison with other intelligence agencies
Support AT/FP mission
Manage information fusion from all-source
Develop JIPOE/IPE (Joint Intelligence Preparation of the Environment
Assist in developing the overall situational picture/COP
All hazards focus
DoDM 5240.01
DoD 5240.1-R
DoDD 5148.13
Law Enforcement (LE) information
Criminal threat to DoD
Domestic threat to DoD
Liaison with other LE agencies
Criminal threat situational picture
**Must be a direct threat to the National Guard**
DoDD 5200.27
J2Intelligence
J34PM or AT/FP
Intel vs.Force Protection
These functions should work together, but must act independently
Intelligence components have an obligation to pass threat information to:‒ Organization/commander responsible for protecting
threatened persons, facilities or activities (Provost Marshall/ATFP/J34, etc)
‒ Appropriate LE organization
Military IntelligenceFOREIGN THREAT
Governing Regulation:DoD Directive 5240.1R
SecurityDOMESTIC THREAT
Governing Regulation:DoD Directive 5200.27
Cross Talk
Force Protection Products
When the FP analyst briefs the information, it is an FP assessment briefing, not an intelligence briefing‒ FP products are NOT intelligence products
DA IG IO Guide on J2, PM and AT/FP Personnel
Department of Army Inspector General “Intelligence Oversight Guide” states:‒ “Unauthorized collection by corps and division intelligence components often
occurs when Force Protection or antiterrorism information is incorrectly included in the intelligence products. Military Intelligence units may be trying to do the Provost Marshal's job. Unless authorized under Chapter 12 (Procedure 12) of AR 381-10, military intelligence components do not have a mission to retain information on U.S. domestic threats; those threats are a law enforcement and Provost Marshal function. The G-2/S-2 is not involved in antiterrorism on the domestic front, which is an operations function as outlined in AR 525-13. This delineation of responsibility does not mean that Military Intelligence components should not pass information of this type to the appropriate authorities; the key point is that intelligence components should not collect, retain, and disseminate this kind of information for Military Intelligence purposes.”
‒ “The Army's Judge Advocate General (TJAG) and Army G-2 have both opined that combining into one person the roles of Intelligence Oversight Officer and the Force Protection Officer is a violation of Army policy because such a combination will likely result in a Procedure 15 violation due to the possibility of co-mingling information and databases.”
Highly discouraged In very rare circumstances when personnel
are not available, it is permissible Consolidated databases and files are not
permitted A clear separation between intelligence, J34
and force protection channels must be maintained
Dual-hatting of J2, PM and AT/FP Personnel
Intelligence Support During Domestic Operations
NG intelligence component personnel and Federal intelligence equipment may provide support ‒ When requested by a primary agency, and ‒ Approved by SecDef, or directed by the President
NG intelligence component personnel and non-Federal intelligence equipment ‒ May be used for IAA to fulfill TAG’s requirement for situational awareness and
planning purposes, or ‒ May be used upon receipt of a JFHQ-State- or NGB-validated primary
agency/lead federal agency Request for Assistance. NG intelligence component may provide support for Search and Rescue
(SAR) missions‒ Non-intelligence equipment‒ At request of local, tribal, state or the Air Force Rescue Coordination Center ‒ Implied consent‒ All US Persons information purged at end of mission
Information Collection During Domestic Operations
INTELLIGENCE COMPONENT‒ Foreign criminal, terrorist or
military threats‒ All-hazards threats (natural and
manmade disasters and incidents)
‒ Lines of Communication (LOC) analysis
‒ Movements and geographical locations of large crowds (not specific U.S. Persons)
‒ Erection of street barriers‒ Geographical location of large-
scale destruction of property (e.g., arson and looting)
‒ Effects of weather and terrain on planning and operations
NON-INTELLIGENCE COMPONENT‒ Domestic criminal threat
(foreign and U.S. person)‒ Domestic terrorist threat
(foreign and U.S. person)
Incident Awareness and Assessment
Domestic imagery rules always apply to the collection, retention and dissemination of domestic imagery
DSCA EXORD ‒ Expedites Title 10 IAA Support‒ Pre-approved IAA mission sets: situational awareness, SAR,
damage assessment, evacuation monitoring, CBRNE, hydrographic survey and dynamic ground coordination teams• Other use of IAA assets requires approval of SecDef or his/her
designee
Incident Awareness and Assessment Analytical Analysis
Analysis of imagery, geospatial data, and information collected from cameras, video, electronic optics, IR and Forward-Looking Infrared Radar (FLIR), and the dissemination of final products based on that analysis.
Analysis of information collected from government agencies operating within their lawful functions and authorities.
Analysis of baseline imagery for operational planning (e.g., to determine probable landfall and post-landfall damage and to assess the severity of damage from hurricanes).
Any use of federal ISR equipment for other than Federal mission (or training for that Federal mission) requires SecDef authorization/approval
DoD DSCA Policy (DoDD 3025.18)‒ Any use of UAS for DSCA requires SecDef authorization/approval‒ Use of armed UAS for DSCA operations is not authorized
Deputy Secretary of Defense (Dep SecDef) Domestic Use of UAS policy:‒ Governors may consider the use of UAS for state disaster response
• Requires SecDef approval• Request cannot be delegated
‒ Also requires SecDef approval for any use beyond “go-to-war” training and exercises• 90 days staffing (NGB, Joint Staff and OSD) for training and
routine training and exercises• Quickly in emergencies
‒ No immediate response• Search and Rescue (SAR) exception
Must also follow CNGBI 7500.00, 13 Oct 16
Use of UAS forDomestic Operations
Imagery collected during domestic operations may be provided/shared with other DoD entities (to include NGB) and civil authorities (to include state authorities) as required based on validated need.
Civil authorities are authorized to disclose/show or release selected Unclassified-For Official Use Only (FOUO) imagery products to participating or affected private citizens when the disclosure/release would prevent injury or loss of life and/or facilitate disaster mitigation and recovery efforts.
Specific imagery products may be released to the US media during senior official press conferences to provide visual depiction of disaster area status and disaster response activities.
Dissemination of Imagery Collected during Incident Awareness and Assessment
Joint Intelligence Preparation of the Operational Environment
Purpose: to prepare and assist the commander in gaining situational awareness
IO Rules apply‒ Limit collection to information needed to accomplish
mission‒ Least intrusive means‒ Redact unnecessary U.S. Persons information
The Internet
IO Rules apply‒ Intelligence personnel must
have an official mission before collecting, retaining, or disseminating even publicly available US persons information posted on the Internet.
‒ Certain Internet-based activities are restricted by the rules requiring disclosure of an individual's intelligence organization affiliation.
Applies to information on NIPRNet, SIPRNet and JWICS
1 • Mission and authority?
2 • Necessary?
3 • Approved Category of Information?
Information obtained with consentPublicly available information
Foreign IntelligenceCounterintelligence
Potential sources of assistance to intelligence activities
Protection of intelligence sources and methods Physical Security
Personnel Security Communications Security
Narcotics Threats to Safety
Overhead Reconnaissance Administrative Information
Internet Considerations
IP, URL and email addresses not obviously associated with a US person may be acquired/retained/processed by intelligence components without determining US person association so long as the component does not engage in analysis focused upon specific addresses
Once such analysis is initiated, the intelligence component must make a reasonable and diligent inquiry to determine whether the data is associated with a US person
Social Networking
IO rules apply‒ Mission and Authority?‒ Necessity?‒ Approved category of information
• Publicly available information
Organizational, not personal, account must be used‒ J3 may report on the domestic and criminal threat‒ J2 may report on the all-hazards and foreign threats‒ PAO may use social media to assess and report on the
public sentiment, both to develop strategic communications and to maintain conversancy with public media trends and directions
IO Triumvirate
INTELIO program proponent.
Establishes and executesthe program. Provides
Training.IGProvides oversight of all
Military Intelligence activities within the command they serve.
IO quarterly/annual reports.QIA, S/HS Matter and
Federal Crime Reporting
JAGProvides legal advice on
the IO Program.
Command emphasis Identified responsibilities and standards IO Monitor and Alternate appointed in writing Initial and Annual IO Training
‒ Conducted within established timelines‒ Tailored to organization’s mission‒ Training records maintained for five years
IO Continuity Binder On-time by-law reporting
‒ QIA, S/HS Matters and Federal Crimes‒ Quarterly Reports
Active part of all operational planning and execution Active J2, JA and IG involvement
Characteristics of anEffective IO Program
ARNG and ANG units are unaware of T32 Intelligence Oversight Policy‒ CNGBI/M 2000.01
Units are not satisfactorily documenting initial and annual IO training‒ Must account for all personnel who require training‒ Five-year maintenance requirement
Units are not conducting and documenting annual file review‒ Ensures no unauthorized U.S. Persons information is being
retained Units have not adequately tailored training to their specific
mission ANG units are well-versed on their T10 mission, but lack
awareness of their State mission
NGB IGO IO Inspection Trends
Quiz: 8 Questions
Question #1
Following the shooting of a robbery suspect by a Topeka police officer, peaceful protests are occurring throughout the city. Looting and violent unrest are also occurring in the vicinity of the shooting. TAG wants the Kansas National Guard to be best postured in case the Governor requests support. What information may the J2 provide? The J34?
Question #1
J3/G3/A3 may report on the domestic and criminal threat
J2/G2/A2 may report on the all-hazards and foreign threat
PAO may report on optics and public opinion
You receive a BOLO report concerning a former Kansas National Guardsman dishonorably discharged for misconduct who is threatening to kill any and all soldiers and airmen. The report contains U.S. Persons information. May you share the report with your soldiers and/or airmen? May you conduct research on the individual?
Absolutely! It is a threat to safety, so the report may be disseminated for their safety and awareness. However, Intelligence professionals may NOT conduct research on the individual nor retain the report.
Question #2
A lot of information concerning storm damage throughout the state may be obtained through the use of social media. Given US Persons information concerns, may the J2 access Facebook, Twitter or other social media sites for situational awareness purposes?
‒ IO rules apply‒ Use organizational, not private, accounts
Question #3
A JTF Commander would like to monitor traffic flow on ingress/ egress routes. May the J2 access real-time, live feed of local streets through the use of publicly available traffic camera feed on the Internet?
Domestic imagery rules apply:‒ Not for the purpose of intentionally targeting specific US Persons‒ Include in Annual Internal Memo for Record for the use of Domestic
Imagery and Other Geospatial Information Sources Template : NIPRNet link to NG-J2 PUM webpage:
https://gkoportal.ng.mil/joint/J2/NG-J2_IO/PUMs/default.aspx
Question #4
Question #5
May the J2 research homegrown violent extremists in the state, and provide reports and briefings on the persons and groups and their activities?
J2 may collect only if there is a foreign connection J34 may collect only if they pose a threat to the National
Guard or DoD
Question #6
Kansas National Guardsmen are working crowd control duties at the State Fair and notice suspicious activity taking place. May the Guardsmen use their personal or government cell phones to record, monitor or report the situation?
No. The Guardsmen do not have mission or authority to conduct this type of surveillance or reconnaissance.
Question #7
Intelligence and non-intelligence personnel are working in the Joint Operations Center to provide a Common Operating Picture/situational awareness for TAG and senior leaders during an incident. May the Guardsmen receive, read, and report on threat data received from local, State and Federal law enforcement agencies?
Question #7
All intelligence and non-intelligence personnel may receive and read any information at any time from any source, to include local, State and Federal law enforcement agency information‒ Both parties will determine if they have mission and
authority to use and report on the threat information• J3 personnel may if is a threat to DoD/National Guard • people, facilities, equipment or mission, in this case National• Guard support an incident in the State• Intelligence personnel may report if there is a
foreign/all-hazards nexus (not specific US Person information absent a foreign connection)
Question #8
Intelligence personnel working in the Joint Operations Center receive information that is marked FOR OFFICIAL USE ONLY-Law Enforcement Sensitive (U//FOUO-LES). May they post it to the Kansas National Guard’s unclassified Papal Visit SharePoint site?
No. U//FOUO-LES information is controlled by the LEA and:‒ May not be posted on a website or
unclassified network‒ May not be disseminated further without LEA
consent
National Guard BureauJoint Intelligence Directorate
Intelligence Oversight Policy Analyst
CTR GiGi Singleton (703) 607-5502
Kansas National Guard:CPT Daniel Jones(785) 646-3072
MSgt Scott Mick(785) 646-3084
UNCLASSIFIED//FOR OFFICIAL USE ONLY
QUESTIONS?
