While speaking at the 2016 DoD Intelligence Information Systems (DoDIIS) conference in Atlanta, Defense Department Senior Intelligence Oversight Official Michael Mahar outlined major changes to the policy governing how the department manages, retains and disseminates information on U.S. citizens. Those changes will require some significant technological advancement and DoD is looking to the private sector to help.

Mahar went through a comprehensive list of the IT challenges facing the department and asked those in attendance to come forward with potential solutions:

  • Limit access to employees with appropriate security clearances, accesses and a mission requirement.
  • Only use queries or other techniques that are relevant to the intelligence mission or other authorized purposes.
  • Tailor queries to minimize the amount of U.S. persons information (USPI) returned that is not pertinent to the intelligence mission and purpose for the query.
  • Document the basis for conducting a query of unevaluated information that is intended to reveal USPI.
  • Take reasonable steps to audit access to information systems containing USPI and periodically audit queries or other search terms to assure compliance with procedures.
  • In developing and deploying information systems that are used for intelligence involving USPI, take reasonable steps to ensure effective auditing and reporting.
  • Establish documented procedures for retaining data containing USPI and recording the reason for retaining the data and the authority approving the retention.
  • Train employees who access or use USPI on the civil liberties and privacy protections that apply to such information.
  • Use reasonable measures to identify and mark or tag files reasonably believed or known to contain USPI.

While Mahar's office will be focused on these issues as they relate to the new information management policy, he noted the tools and solutions will likely have much more reach.

"The immediate challenge will be for you [private sector companies] to help us operationalize those procedures," he said. "And not just within the Department of Defense. These procedures will have applications throughout the entire intelligence community and, I think it's safe to say, throughout the entire U.S. government."