Collapse to view only § 3234. Prohibited personnel practices in the intelligence community

§ 3231. Applicability to United States intelligence activities of Federal laws implementing international treaties and agreements
(a) In general
(b) Authorized intelligence activities
(July 26, 1947, ch. 343, title XI, § 1101, formerly title X, § 1001, as added Pub. L. 106–567, title III, § 308(a), Dec. 27, 2000, 114 Stat. 2839; renumbered title XI, § 1101, Pub. L. 107–306, title III, § 331(a)(1), (2), Nov. 27, 2002, 116 Stat. 2394.)
§ 3232. Counterintelligence initiatives
(a) Inspection process
(b) Annual review of dissemination lists
(c) Completion of financial disclosure statements required for access to certain classified information
(d) Arrangements to handle sensitive information
(July 26, 1947, ch. 343, title XI, § 1102, as added Pub. L. 108–177, title III, § 341(a)(1), Dec. 13, 2003, 117 Stat. 2615; amended Pub. L. 108–458, title I, § 1071(a)(1)(NN)–(QQ), Dec. 17, 2004, 118 Stat. 3689, 3690; Pub. L. 111–259, title III, § 347(e), title IV, § 409, Oct. 7, 2010, 124 Stat. 2699, 2724.)
§ 3232a. Measures to mitigate counterintelligence threats from proliferation and use of foreign commercial spyware
(a) Definitions
In this section:
(1) Appropriate congressional committees
The term “appropriate congressional committees” means—
(A) the Select Committee on Intelligence, the Committee on Foreign Relations, the Committee on Armed Services, the Committee on Banking, Housing, and Urban Affairs, the Committee on the Judiciary, the Committee on Appropriations, and the Committee on Homeland Security and Governmental Affairs of the Senate; and
(B) the Permanent Select Committee on Intelligence, the Committee on Foreign Affairs, the Committee on Armed Services, the Committee on Financial Services, the Committee on the Judiciary, the Committee on Appropriations, the Committee on Homeland Security, and the Committee on Oversight and Reform of the House of Representatives.
(2) Covered entity
(3) Foreign commercial spyware
(4) Foreign company
(5) Spyware
The term “spyware” means a tool or set of tools that operate as an end-to-end system of software to provide an unauthorized user remote access to information stored on or transiting through an electronic device connected to the Internet and not owned or operated by the unauthorized user, including end-to-end systems that—
(A) allow an unauthorized user to remotely infect electronic devices with malicious software, including without any action required by the user of the device;
(B) can record telecommunications or other audio captured on a device not owned by the unauthorized user;
(C) undertake geolocation, collect cell site location information, or otherwise track the location of a device or person using the internal sensors of an electronic device not owned by the unauthorized user;
(D) allow an unauthorized user access to and the ability to retrieve information on the electronic device, including text messages, files, e-mails, transcripts of chats, contacts, photos, and browsing history; or
(E) any additional criteria described in publicly available documents published by the Director of National Intelligence, such as whether the end-to-end system is used outside the context of a codified lawful intercept system.
(b) Annual assessments of counterintelligence threats
(1) Requirement
(2) Elements
Each report under paragraph (1) shall include the following, if known:
(A) A list of the most significant covered entities.
(B) A description of the foreign commercial spyware marketed by the covered entities identified under subparagraph (A) and an assessment by the intelligence community of the foreign commercial spyware.
(C) An assessment of the counterintelligence risk to the intelligence community or personnel of the intelligence community posed by foreign commercial spyware.
(D) For each covered entity identified in subparagraph (A), details of any subsidiaries, resellers, or other agents acting on behalf of the covered entity.
(E) Details of where each covered entity identified under subparagraphs (A) and (D) is domiciled.
(F) A description of how each covered entity identified under subparagraphs (A) and (D) is financed, where the covered entity acquired its capital, and the organizations and individuals having substantial investments or other equities in the covered entity.
(G) An assessment by the intelligence community of any relationship between each covered entity identified in subparagraphs (A) and (D) and any foreign government, including any export controls and processes to which the covered entity is subject.
(H) A list of the foreign customers of each covered entity identified in subparagraphs (A) and (D), including the understanding by the intelligence community of the organizations and end-users within any foreign government.
(I) With respect to each foreign customer identified under subparagraph (H), an assessment by the intelligence community regarding how the foreign customer is using the spyware, including whether the foreign customer has targeted personnel of the intelligence community.
(J) With respect to the first report required under paragraph (1), a mitigation plan to reduce the exposure of personnel of the intelligence community to foreign commercial spyware.
(K) With respect to each report following the first report required under paragraph (1), details of steps taken by the intelligence community since the previous report to implement measures to reduce the exposure of personnel of the intelligence community to foreign commercial spyware.
(3) Classified annex
(4) Form
(5) Dissemination
(c) Authority to prohibit purchase or use by intelligence community
(1) Foreign commercial spyware
(A) In general
(B) Considerations
In determining whether and how to exercise the authority under subparagraph (A), the Director of National Intelligence shall consider—
(i) the assessment of the intelligence community of the counterintelligence threats or other risks to the United States posed by foreign commercial spyware;
(ii) the assessment of the intelligence community of whether the foreign commercial spyware has been used to target United States Government personnel.1
1 So in original. The period probably should be a semicolon.
(iii) whether the original owner or developer retains any of the physical property or intellectual property associated with the foreign commercial spyware;
(iv) whether the original owner or developer has verifiably destroyed all copies of the data collected by or associated with the foreign commercial spyware;
(v) whether the personnel of the original owner or developer retain any access to data collected by or associated with the foreign commercial spyware;
(vi) whether the use of the foreign commercial spyware requires the user to connect to an information system of the original owner or developer or information system of a foreign government; and
(vii) whether the foreign commercial spyware poses a counterintelligence risk to the United States or any other threat to the national security of the United States.
(2) Company that has acquired foreign commercial spyware
(A) Authority
(B) Considerations
In considering whether and how to exercise the authority under subparagraph (A), the Director of National Intelligence shall consider—
(i) whether the original owner or developer of the foreign commercial spyware retains any of the physical property or intellectual property associated with the spyware;
(ii) whether the original owner or developer of the foreign commercial spyware has verifiably destroyed all data, and any copies thereof, collected by or associated with the spyware;
(iii) whether the personnel of the original owner or developer of the foreign commercial spyware retain any access to data collected by or associated with the foreign commercial spyware;
(iv) whether the use of the foreign commercial spyware requires the user to connect to an information system of the original owner or developer or information system of a foreign government; and
(v) whether the foreign commercial spyware poses a counterintelligence risk to the United States or any other threat to the national security of the United States.
(3) Notifications of prohibition
Not later than 30 days after the date on which the Director of National Intelligence exercises the authority to issue a prohibition under subsection (c), the Director of National Intelligence shall notify the congressional intelligence committees of such exercise of authority. Such notice shall include—
(A) a description of the circumstances under which the prohibition was issued;
(B) an identification of the company or product covered by the prohibition;
(C) any information that contributed to the decision of the Director of National Intelligence to exercise the authority, including any information relating to counterintelligence or other risks to the national security of the United States posed by the company or product, as assessed by the intelligence community; and
(D) an identification of each element of the intelligence community to which the prohibition has been applied.
(4) Waiver authority
(A) In general
(B) Director of National Intelligence determination
(C) Notice
Not later than 30 days after approving a waiver request pursuant to subparagraph (B), the Director of National Intelligence shall submit to the congressional intelligence committees, the Subcommittee on Defense of the Committee on Appropriations of the Senate, and the Subcommittee on Defense of the Committee on Appropriations of the House of Representatives a written notification. The notification shall include—
(i) an identification of the head of the element of the intelligence community that requested the waiver;
(ii) the details of the waiver request, including the national security interests of the United States;
(iii) the rationale and basis for the determination that the waiver is in the national security interests of the United States;
(iv) the considerations that informed the ultimate determination of the Director of National Intelligence to issue the waiver; and
(v) and any other considerations contributing to the determination, made by the Director of National Intelligence.
(D) Waiver termination
(5) Termination of prohibition
(July 26, 1947, ch. 343, title XI, § 1102A, as added Pub. L. 117–263, div. F, title LXIII, § 6318(c), Dec. 23, 2022, 136 Stat. 3515; amended Pub. L. 118–31, div. G, title IX, § 7901(a)(4), Dec. 22, 2023, 137 Stat. 1106.)
§ 3233. Misuse of the Office of the Director of National Intelligence name, initials, or seal
(a) Prohibited acts
(b) Injunction
(July 26, 1947, ch. 343, title XI, § 1103, as added Pub. L. 111–259, title IV, § 413(a), Oct. 7, 2010,
§ 3234. Prohibited personnel practices in the intelligence community
(a) DefinitionsIn this section:
(1) Agency
(2) Covered intelligence community elementThe term “covered intelligence community element”—
(A) means—
(i) the Central Intelligence Agency, the Defense Intelligence Agency, the National Geospatial-Intelligence Agency, the National Security Agency, the Office of the Director of National Intelligence, and the National Reconnaissance Office; and
(ii) any executive agency or unit thereof determined by the President under section 2302(a)(2)(C)(ii) of title 5 to have as its principal function the conduct of foreign intelligence or counterintelligence activities; and
(B) does not include the Federal Bureau of Investigation.
(3) Personnel actionThe term “personnel action” means, with respect to an employee in a position in a covered intelligence community element (other than a position excepted from the competitive service due to its confidential, policy-determining, policymaking, or policy-advocating character) or a contractor employee—
(A) an appointment;
(B) a promotion;
(C) a disciplinary or corrective action;
(D) a detail, transfer, or reassignment;
(E) a demotion, suspension, or termination;
(F) a reinstatement or restoration;
(G) a performance evaluation;
(H) a decision concerning pay, benefits, or awards;
(I) a decision concerning education or training if such education or training may reasonably be expected to lead to an appointment, promotion, or performance evaluation; or
(J) any other significant change in duties, responsibilities, or working conditions.
(4) Contractor employee
(b) Agency employeesAny employee of a covered intelligence community element or an agency who has authority to take, direct others to take, recommend, or approve any personnel action, shall not, with respect to such authority, take or fail to take, or threaten to take or fail to take, a personnel action with respect to any employee of a covered intelligence community element as a reprisal for—
(1) any lawful disclosure of information by the employee to the Director of National Intelligence (or an employee designated by the Director of National Intelligence for such purpose), the Inspector General of the Intelligence Community, a supervisor in the employee’s direct chain of command, or a supervisor of the employing agency with responsibility for the subject matter of the disclosure, up to and including the head of the employing agency (or an employee designated by the head of that agency for such purpose), the appropriate inspector general of the employing agency, a congressional intelligence committee, or a member of a congressional intelligence committee, which the employee reasonably believes evidences—
(A) a violation of any Federal law, rule, or regulation; or
(B) mismanagement, a gross waste of funds, an abuse of authority, or a substantial and specific danger to public health or safety;
(2) any lawful disclosure that complies with—
(A) subsections (a)(1), (d), and (g) of section 8H of the Inspector General Act of 1978 (5 U.S.C. App.); 1
1 See References in Text note below.
(B) subparagraphs (A), (D), and (H) of section 3517(d)(5) of this title; or
(C) subparagraphs (A), (D), and (I) of section 3033(k)(5) of this title; or
(3) if the actions do not result in the employee unlawfully disclosing information specifically required by Executive order to be kept classified in the interest of national defense or the conduct of foreign affairs, any lawful disclosure in conjunction with—
(A) the exercise of any appeal, complaint, or grievance right granted by any law, rule, or regulation;
(B) testimony for or otherwise lawfully assisting any individual in the exercise of any right referred to in subparagraph (A); or
(C) cooperation with or disclosing information to the Inspector General of an agency, in accordance with applicable provisions of law in connection with an audit, inspection, or investigation conducted by the Inspector General.
(c) Contractor employees
(1) Any employee of an agency or of a contractor, subcontractor, grantee, subgrantee, or personal services contractor, of a covered intelligence community element who has authority to take, direct others to take, recommend, or approve any personnel action, shall not, with respect to such authority, take or fail to take, or threaten to take or fail to take, a personnel action with respect to any contractor employee as a reprisal for—
(A) any lawful disclosure of information by the contractor employee to the Director of National Intelligence (or an employee designated by the Director of National Intelligence for such purpose), the Inspector General of the Intelligence Community, a supervisor in the contractor employee’s direct chain of command, or a supervisor of the employing or contracting agency or employing contractor with responsibility for the subject matter of the disclosure, up to and including the head of the employing or contracting agency (or an employee designated by the head of that agency for that purpose) or employing contractor, the appropriate inspector general of the employing or contracting agency, a congressional intelligence committee, or a member of a congressional intelligence committee, which the contractor employee reasonably believes evidences—
(i) a violation of any Federal law, rule, or regulation (including with respect to evidence of another employee or contractor employee accessing or sharing classified information without authorization); or
(ii) mismanagement, a gross waste of funds, an abuse of authority, or a substantial and specific danger to public health or safety.2
2 So in original. The period probably should be a semicolon.
(B) any lawful disclosure that complies with—
(i) subsections (a)(1), (d), and (g) of section 8H of the Inspector General Act of 1978 (5 U.S.C. App.); 1
(ii) subparagraphs (A), (D), and (H) of section 3517(d)(5) of this title; or
(iii) subparagraphs (A), (D), and (I) of section 3033(k)(5) of this title; or
(C) if the actions do not result in the contractor employee unlawfully disclosing information specifically required by Executive order to be kept classified in the interest of national defense or the conduct of foreign affairs, any lawful disclosure in conjunction with—
(i) the exercise of any appeal, complaint, or grievance right granted by any law, rule, or regulation;
(ii) testimony for or otherwise lawfully assisting any individual in the exercise of any right referred to in clause (i); or
(iii) cooperation with or disclosing information to the Inspector General of an agency, in accordance with applicable provisions of law in connection with an audit, inspection, or investigation conducted by the Inspector General.
(2) A personnel action under paragraph (1) is prohibited even if the action is undertaken at the request of an agency official, unless the request takes the form of a nondiscretionary directive and is within the authority of the agency official making the request.
(d) Rule of constructionConsistent with the protection of intelligence sources and methods, nothing in subsection (b) or (c) shall be construed to authorize—
(1) the withholding of information from Congress; or
(2) the taking of any personnel action against an employee who lawfully discloses information to Congress.
(e) DisclosuresA disclosure shall not be excluded from this section because—
(1) the disclosure was made to an individual, including a supervisor, who participated in an activity that the employee reasonably believed to be covered under subsection (b)(1)(B) or the contractor employee reasonably believed to be covered under subsection (c)(1)(A)(ii);
(2) the disclosure revealed information that had been previously disclosed;
(3) the disclosure was not made in writing;
(4) the disclosure was made while the employee was off duty;
(5) of the amount of time which has passed since the occurrence of the events described in the disclosure; or
(6) the disclosure was made during the normal course of duties of an employee or contractor employee.
(f) Enforcement
(g) Existing rights preservedNothing in this section shall be construed to—
(1) preempt or preclude any employee, contractor employee, or applicant for employment, at the Federal Bureau of Investigation from exercising rights provided under any other law, rule, or regulation, including section 2303 of title 5; or
(2) repeal section 2303 of title 5.
(July 26, 1947, ch. 343, title XI, § 1104, as added Pub. L. 113–126, title VI, § 601(a), July 7, 2014, 128 Stat. 1414; amended Pub. L. 115–118, title I, § 110(a), Jan. 19, 2018, 132 Stat. 15; Pub. L. 117–103, div. X, title V, § 501(a), (d)(2), (e)(1), (f), (g), Mar. 15, 2022, 136 Stat. 981–984; Pub. L. 117–263, div. F, title LXVI, § 6608, title LXVIII, § 6824(a)(8), Dec. 23, 2022, 136 Stat. 3559, 3615.)
§ 3235. Semiannual reports on investigations of unauthorized disclosures of classified information
(a) Definitions
In this section:
(1) Covered official
The term “covered official” means—
(A) the heads of each element of the intelligence community; and
(B) the inspectors general with oversight responsibility for an element of the intelligence community.
(2) Investigation
(3) Unauthorized disclosure of classified information
(4) Unauthorized public disclosure of classified information
(b) Intelligence community reporting
(1) In general
(2) Elements
Each report submitted under paragraph (1) shall include, with respect to the preceding 6-month period, the following:
(A) The number of investigations opened by the covered official regarding an unauthorized public disclosure of classified information.
(B) The number of investigations completed by the covered official regarding an unauthorized public disclosure of classified information.
(C) Of the number of such completed investigations identified under subparagraph (B), the number referred to the Attorney General for criminal investigation.
(c) Department of Justice reporting
(1) In general
(2) Contents
Each report submitted under paragraph (1) shall include, for each referral covered by the report, at a minimum, the following:
(A) The date the referral was received.
(B) A statement indicating whether the alleged unauthorized disclosure described in the referral was substantiated by the Department of Justice.
(C) A statement indicating the highest level of classification of the information that was revealed in the unauthorized disclosure.
(D) A statement indicating whether an open criminal investigation related to the referral is active.
(E) A statement indicating whether any criminal charges have been filed related to the referral.
(F) A statement indicating whether the Department of Justice has been able to attribute the unauthorized disclosure to a particular entity or individual.
(d) Form of reports
(July 26, 1947, ch. 343, title XI, § 1105, as added Pub. L. 116–92, div. E, title LXVII, § 6718(a), Dec. 20, 2019, 133 Stat. 2228.)
§ 3235a. Notice and damage assessment with respect to significant unauthorized disclosure or compromise of classified national intelligence
(a) Notification and damage assessment requirements
(1) Requirements
If the Director of National Intelligence becomes aware of an actual or potential significant unauthorized disclosure or compromise of classified national intelligence—
(A) as soon as practicable, but not later than 7 days after the date on which the Director becomes so aware, the Director shall notify the congressional intelligence committees of such actual or potential disclosure or compromise; and
(B) in the case of an actual disclosure or compromise, not later than 7 days after the date on which the Director becomes so aware, the Director or the head of any element of the intelligence community from which the significant unauthorized disclosure or compromise originated shall initiate a damage assessment consistent with the procedures set forth in Intelligence Community Directive 732 (relating to the conduct of damage assessments), or successor directive, with respect to such disclosure or compromise.
(2) Contents of notification
A notification submitted to the congressional intelligence committees under paragraph (1)(A) with respect to an actual or potential significant unauthorized disclosure or compromise of classified national intelligence shall include—
(A) a summary of the facts and circumstances of such disclosure or compromise;
(B) a summary of the contents of the national intelligence revealed or potentially revealed, as the case may be, by such disclosure or compromise;
(C) an initial appraisal of the level of actual or potential damage, as the case may be, to the national security of the United States as a result of such disclosure or compromise; and
(D) in the case of an actual disclosure or compromise, which elements of the intelligence community will be involved in the damage assessment conducted with respect to such disclosure or compromise pursuant to paragraph (1)(B).
(b) Damage assessment reporting requirements
(1) Recurring reporting requirement
Not later than 30 days after the date of the initiation of a damage assessment pursuant to subsection (a)(1)(B), and every 90 days thereafter until the completion of the damage assessment or upon the request of the congressional intelligence committees, the Director of National Intelligence shall—
(A) submit to the congressional intelligence committees copies of any documents or materials disclosed as a result of the significant unauthorized disclosure or compromise of the classified national intelligence that is the subject of the damage assessment; and
(B) provide to the congressional intelligence committees a briefing on such documents and materials and a status of the damage assessment.
(2) Final damage assessment
(c) Notification of referral to Department of Justice
(July 26, 1947, ch. 343, title XI, § 1105A, as added Pub. L. 118–31, div. G, title III, § 7315, Dec. 22, 2023, 137 Stat. 1031.)
§ 3236. Inspector General external review panel
(a) Request for review
(b) Claims and individuals describedA claim described in this subsection is any—
(1) claim by an individual—
(A) that the individual has been subjected to a personnel action that is prohibited under section 3234 of this title; and
(B) who has exhausted the applicable review process for the claim pursuant to enforcement of such section; or
(2) claim by an individual—
(A) that he or she has been subjected to a reprisal prohibited by paragraph (1) of section 3341(j) of this title; and
(B) who received a decision on an appeal regarding that claim under paragraph (4) of such section.
(c) External review panel convened
(1) Discretion to convene
(2) Membership
(A) CompositionAn external review panel convened under this subsection shall be composed of three members as follows:
(i) The Inspector General of the Intelligence Community.
(ii) Except as provided in subparagraph (B), two members selected by the Inspector General as the Inspector General considers appropriate on a case-by-case basis from among inspectors general of the following:(I) The Department of Defense.(II) The Department of Energy.(III) The Department of Homeland Security.(IV) The Department of Justice.(V) The Department of State.(VI) The Department of the Treasury.(VII) The Central Intelligence Agency.(VIII) The Defense Intelligence Agency.(IX) The National Geospatial-Intelligence Agency.(X) The National Reconnaissance Office.(XI) The National Security Agency.
(B) Limitation
(C) Chairperson
(i) In general
(ii) Conflicts of interestIf the Inspector General of the Intelligence Community finds cause to recuse himself or herself from a panel convened under this subsection, the Inspector General of the Intelligence Community shall—(I) select a chairperson from inspectors general of the elements listed under subparagraph (A)(ii) whom the Inspector General of the Intelligence Community considers appropriate; and(II) notify the congressional intelligence committees of such selection.
(3) Period of review
(d) Remedies
(1) Panel recommendationsIf an external review panel convened under subsection (c) determines, pursuant to a review of a claim submitted by an individual under subsection (a), that the individual was the subject of a personnel action prohibited under section 3234 of this title or was subjected to a reprisal prohibited by section 3341(j)(1) of this title, the panel may recommend that the agency head take corrective action—
(A) in the case of an employee or former employee—
(i) to return the employee or former employee, as nearly as practicable and reasonable, to the position such employee or former employee would have held had the reprisal not occurred; or
(ii) reconsider the employee’s or former employee’s eligibility for access to classified information consistent with national security; or
(B) in any other case, such other action as the external review panel considers appropriate.
(2) Agency action
(A) In generalNot later than 90 days after the date on which the head of an agency receives a recommendation from an external review panel under paragraph (1), the head shall—
(i) give full consideration to such recommendation; and
(ii) inform the panel and the Director of National Intelligence of what action the head has taken with respect to the recommendation.
(B) Failure to inform
(e) Annual reports
(1) In general
(2) ContentsSubject to such limitations as the Inspector General of the Intelligence Community considers necessary to protect the privacy of an individual who has made a claim described in subsection (b), each report submitted under paragraph (1) shall include, for the period covered by the report, the following:
(A) The determinations and recommendations made by the external review panels convened under this section.
(B) The responses of the heads of agencies that received recommendations from the external review panels.
(July 26, 1947, ch. 343, title XI, § 1106, as added Pub. L. 116–92, div. E, title LIII, § 5332(a)(1), Dec. 20, 2019, 133 Stat. 2137.)
§ 3237. Annual reports on influence operations and campaigns in the United States by the Chinese Communist Party
(a) Requirement
(b) Contents
Each report under subsection (a) shall include the following:
(1) A description of the organization of the United Front Work Department of the People’s Republic of China, or the successors of the United Front Work Department, and the links between the United Front Work Department and the Central Committee of the Chinese Communist Party.
(2) An assessment of the degree to which organizations that are associated with or receive funding from the United Front Work Department, particularly such entities operating in the United States, are formally tasked by the Chinese Communist Party or the Government of China.
(3) A description of the efforts by the United Front Work Department and subsidiary organizations of the United Front Work Department to target, coerce, and influence foreign populations, particularly those of ethnic Chinese descent.
(4) An assessment of attempts by the Chinese Embassy, consulates, and organizations affiliated with the Chinese Communist Party (including, at a minimum, the United Front Work Department) to influence the United States-based Chinese Student Scholar Associations.
(5) A description of the evolution of the role of the United Front Work Department under the leadership of the President of China.
(6) An assessment of the activities of the United Front Work Department designed to influence the opinions of elected leaders of the United States, or candidates for elections in the United States, with respect to issues of importance to the Chinese Communist Party.
(7) A listing of all known organizations affiliated with the United Front Work Department that are operating in the United States as of the date of the report.
(8) An identification of influence activities and operations employed by the Chinese Communist Party against the United States science and technology sectors, specifically employees of the United States Government, researchers, scientists, and students in the science and technology sector in the United States.
(9) A listing of all known Chinese talent recruitment programs operating in the United States as of the date of the report.
(10) With respect to reports submitted after the first report, an assessment of the change in goals, tactics, techniques, and procedures of the influence operations and campaigns conducted by the Chinese Communist Party.
(c) Coordination
(d) Form
(July 26, 1947, ch. 343, title XI, § 1107, as added Pub. L. 116–92, div. E, title LV, § 5511(a), Dec. 20, 2019, 133 Stat. 2146; amended Pub. L. 116–260, div. W, title VI, § 605(a), (d)(1), Dec. 27, 2020, 134 Stat. 2386, 2387; Pub. L. 117–103, div. X, title VII, § 701, Mar. 15, 2022, 136 Stat. 999.)
§ 3237a. Repealed. Pub. L. 117–263, div. F, title LXVIII, § 6811(a), Dec. 23, 2022, 136 Stat. 3600
§ 3238. Annual reports on influence operations and campaigns in the United States by the Russian Federation
(a) Requirement
(b) Contents
Each report under subsection (a) shall include the following:
(1) A description and listing of the Russian organizations and persons involved in influence operations and campaigns operating in the United States as of the date of the report.
(2) An assessment of organizations that are associated with or receive funding from organizations and persons identified in paragraph (1), particularly such entities operating in the United States.
(3) A description of the efforts by the organizations and persons identified in paragraph (1) to target, coerce, and influence populations within the United States.
(4) An assessment of the activities of the organizations and persons identified in paragraph (1) designed to influence the opinions of elected leaders of the United States or candidates for election in the United States.
(5) With respect to reports submitted after the first report, an assessment of the change in goals, tactics, techniques, and procedures of the influence operations and campaigns conducted by the organizations and persons identified in paragraph (1).
(c) Coordination
(d) Form
(July 26, 1947, ch. 343, title XI, § 1108, as added Pub. L. 116–92, div. E, title LV, § 5501(a), Dec. 20, 2019, 133 Stat. 2143.)
§ 3239. Requirement to buy certain satellite component from American sources
(a) Definitions
In this section:
(1) Covered element of the intelligence community
(2) National security satellite
(3) United States
(b) Requirement
(c) Exception
The head of a covered element of the intelligence community may waive the requirement under subsection (b) if, on a case-by-case basis, the head certifies in writing to the congressional intelligence committees that—
(1) there is no available star tracker produced in the United States that meets the mission and design requirements of the national security satellite for which the star tracker will be used;
(2) the cost of a star tracker produced in the United States is unreasonable, based on a market survey; or
(3) such waiver is necessary for the national security interests of the United States based on an urgent and compelling need.
(July 26, 1947, ch. 343, title XI, § 1109, as added Pub. L. 116–260, div. W, title III, § 308(a), Dec. 27, 2020, 134 Stat. 2368.)
§ 3240. Report on best practices to protect privacy, civil liberties, and civil rights of Chinese Americans
(a) Sense of Congress
It is the sense of Congress that—
(1) the People’s Republic of China appears to be specifically targeting the Chinese-American community for intelligence purposes;
(2) such targeting carries a substantial risk that the loyalty of such Americans may be generally questioned and lead to unacceptable stereotyping, targeting, and racial profiling;
(3) the United States Government has a duty to warn and protect all Americans including those of Chinese descent from these intelligence efforts by the People’s Republic of China;
(4) the broad stereotyping, targeting, and racial profiling of Americans of Chinese descent is contrary to the values of the United States and reinforces the flawed narrative perpetuated by the People’s Republic of China that ethnically Chinese individuals worldwide have a duty to support the People’s Republic of China; and
(5) the United States efforts to combat the People’s Republic of China’s intelligence activities should actively safeguard and promote the constitutional rights of all Chinese Americans.
(b) Report
On an annual basis, the Director of National Intelligence, acting through the Office of Civil Liberties, Privacy, and Transparency, in coordination with the civil liberties and privacy officers of the elements of the intelligence community, shall submit a report to the congressional intelligence committees containing—
(1) a review of how the policies, procedures, and practices of the intelligence community that govern the intelligence activities and operations targeting the People’s Republic of China affect policies, procedures, and practices relating to the privacy, civil liberties, and civil rights of Americans of Chinese descent who may be targets of espionage and influence operations by China; and
(2) recommendations to ensure that the privacy, civil liberties, and civil rights of Americans of Chinese descent are sufficiently protected.
(c) Form
(July 26, 1947, ch. 343, title XI, § 1110, formerly Pub. L. 116–92, div. E, title LVII, § 5712, Dec. 20, 2019, 133 Stat. 2171; renumbered § 1110 of act July 26, 1947, and amended Pub. L. 116–260, div. W, title VI, § 620(a), Dec. 27, 2020, 134 Stat. 2401.)
§ 3241. Biennial reports on foreign biological threats
(a) Reports
(b) Matters includedEach report under subsection (a) shall include, with respect to foreign biological threats emanating from the territory of, or sponsored by, a covered country, the following:
(1) A detailed description of all activities relating to such threats undertaken by each element of the intelligence community, and an assessment of any gaps in such activities.
(2) A detailed description of all duties and responsibilities relating to such threats explicitly authorized or otherwise assigned, exclusively or jointly, to each element of the intelligence community, and an assessment of any identified gaps in such duties or responsibilities.
(3) A description of the coordination among the relevant elements of the intelligence community with respect to the activities specified in paragraph (1) and the duties and responsibilities specified in paragraph (2).
(4) An inventory of the strategies, plans, policies, and interagency agreements of the intelligence community relating to the collection, monitoring, analysis, mitigation, and attribution of such threats, and an assessment of any identified gaps therein.
(5) A description of the coordination and interactions among the relevant elements of the intelligence community and non-intelligence community partners.
(6) An assessment of foreign malign influence efforts relating to such threats, including any foreign academics engaged in such efforts, and a description of how the intelligence community contributes to efforts by non-intelligence community partners to counter such foreign malign influence.
(c) Form
(d) DefinitionsIn this section:
(1) Covered countryThe term “covered country” means—
(A) China;
(B) Iran;
(C) North Korea;
(D) Russia; and
(E) any other foreign country—
(i) from which the Director of National Intelligence determines a biological threat emanates; or
(ii) that the Director determines has a known history of, or has been assessed as having conditions present for, infectious disease outbreaks or epidemics.
(2) Foreign biological threat
(3) Foreign malign influence
(4) Non-intelligence community partner
(July 26, 1947, ch. 343, title XI, § 1111, as added Pub. L. 117–103, div. X, title VIII, § 821(a), Mar. 15, 2022, 136 Stat. 1019.)
§ 3242. Annual reports on certain cyber vulnerabilities procured by intelligence community and foreign commercial providers of cyber vulnerabilities
(a) Annual reports
(b) ElementsEach report under subsection (a) shall include, with respect to the period covered by the report, the following:
(1) A description of each cyber vulnerability procured through a foreign commercial provider, including—
(A) a description of the vulnerability;
(B) the date of the procurement;
(C) whether the procurement consisted of only that vulnerability or included other vulnerabilities;
(D) the cost of the procurement;
(E) the identity of the commercial provider and, if the commercial provider was not the original supplier of the vulnerability, a description of the original supplier;
(F) the country of origin of the vulnerability; and
(G) an assessment of the ability of the intelligence community to use the vulnerability, including whether such use will be operational or for research and development, and the approximate timeline for such use.
(2) An assessment of foreign commercial providers that—
(A) pose a significant threat to the national security of the United States; or
(B) have provided cyber vulnerabilities to any foreign government that—
(i) has used the cyber vulnerabilities to target United States persons, the United States Government, journalists, or dissidents; or
(ii) has an established pattern or practice of violating human rights or suppressing dissent.
(3) An assessment of whether the intelligence community has conducted business with the foreign commercial providers identified under paragraph (2) during the 5-year period preceding the date of the report.
(c) Form
(d) DefinitionsIn this section:
(1) Commercial provider
(2) Cyber vulnerability
(July 26, 1947, ch. 343, title XI, § 1112, as added Pub. L. 117–103, div. X, title VIII, § 822(a), Mar. 15, 2022, 136 Stat. 1020.)
§ 3243. Periodic reports on technology strategy of intelligence community
(a) Reports
(b) Elements
Each report submitted under subsection (a) shall include the following:
(1) An assessment of technologies critical to the national security of the United States, particularly those technologies with respect to which foreign countries that are adversarial to the United States have or are poised to match or surpass the technology leadership of the United States.
(2) A review of current technology policies of the intelligence community, including long-term goals.
(3) An identification of sectors and supply chains the Director determines to be of the greatest strategic importance to national security.
(4) An identification of opportunities to protect the leadership of the United States, and the allies and partners of the United States, in critical technologies, including through targeted export controls, investment screening, and counterintelligence activities.
(5) An identification of research and development areas the Director determines critical to the national security of the United States, including areas in which the private sector does not focus.
(6) Recommendations for growing talent in key critical and emerging technologies and enhancing the ability of the intelligence community to recruit and retain individuals with critical skills relating to such technologies.
(7) An identification of opportunities to improve the leadership of the United States in critical technologies, including opportunities to develop international partnerships to reinforce domestic policy actions, develop new markets, engage in collaborative research, and maintain an international environment that reflects the values of the United States and protects the interests of the United States.
(8) A technology annex to establish an approach for the identification, prioritization, development, and fielding of emerging technologies critical to the mission of the intelligence community.
(9) Such other information as the Director determines may be necessary to inform Congress on matters relating to the technology strategy of the intelligence community and related implications for the national security of the United States.
(c) Form of annex
(July 26, 1947, ch. 343, title XI, § 1113, as added Pub. L. 117–103, div. X, title VIII, § 823(a), Mar. 15, 2022, 136 Stat. 1021.)
§ 3244. Annual report on reporting requirements
(a) Annual report required
(b) Contents
Each report submitted pursuant to subsection (a) shall include, for the fiscal year covered by the report and for each congressionally mandated reporting requirement detailed in the report:
(1) A description of the reporting requirement.
(2) A citation to the provision of law (or other source of congressional directive) imposing the reporting requirement.
(3) Whether the reporting requirement is recurring, conditional, or subject to a termination provision.
(4) Whether the Director recommends repealing or modifying the requirement.
(c) Form
(July 26, 1947, ch. 343, title XI, § 1114, as added Pub. L. 118–31, div. G, title III, § 7314(a), Dec. 22, 2023, 137 Stat. 1031.)