Privacy, Surveillance, and AI in the FY’23 National Defense Authorization Act (NDAA)

January 26, 2023 | Chris Baumohl, John Davisson, Jake Wiener, and Ben Winters

Each year, Congress passes the National Defense Authorization Act (NDAA), which designates specific budgets and policies for the U.S. military and a host of other government entities. The NDAA, while at its core a national defense bill, is sweeping in scale, with this year’s version providing $816,700,000,000.00 in funding to the Department of Defense. Given the sheer size of this allocation, the NDAA has impacts well beyond the military. This year, as in the recent past, there are many provisions that relate to privacy, surveillance, and AI. EPIC highlights those provisions here to help you understand where this money will be spent in the upcoming years. The full text of the NDAA (4408 pages) can be found here.

Surveillance-Related Provisions

First, §6318 of the NDAA includes “measures to mitigate counterintelligence threats from proliferation and use of foreign commercial spyware.” These measures include reporting requirements on the counterintelligence threats and other risks to U.S. national security posed by the proliferation and use of foreign commercial spyware. The NDAA also gives the Director of National Intelligence (DNI) discretionary authority to bar intelligence community procurement and use of foreign commercial spyware, whether directly from a covered foreign company or through a vendor with access to spyware.

The NDAA’s language—coupled with a rumored forthcoming Executive Order prohibiting the U.S. government from using spyware that poses counterintelligence or other security risks—appear to signal the United States’ intent to rein in the unchecked expansion of spyware. However, stronger measures were left out of the final NDAA; prior iterations had authorized the President to impose sanctions on foreign firms and individuals that sell, purchase, or use spyware. Further, the NDAA’s emphasis on counterintelligence risks does not address the fundamental risks to privacy and safety posed by the pervasive use of spyware, domestic or foreign in nature. Given reports that U.S. government agencies are already deploying spyware, action is still required.

Second, §6310 the NDAA directs the DNI to “conduct a review to ascertain the feasibility and advisability of compiling and making public information relating to activities of the intelligence community under Executive Order 12333” and brief Congress on that review. In particular, the NDAA calls for review of the feasibility of publicly disclosing the following information:

  • The amount of United States person information collected pursuant to such activities;
  • Queries of United States persons pursuant to such activities;
  • Dissemination of United States person information pursuant to such activities, including masking and unmasking;
  • The use of United States person information in criminal proceedings; and
  • Quantitative data and qualitative descriptions of incidents in which the intelligence community violated Executive Order 12333 and associated guidelines and procedures.

Executive Order 12333 sets forth a large and complex framework for the United States’ foreign intelligence activities. Although Congress and the Privacy and Civil Liberties Oversight Board (PCLOB) have both played important roles in overseeing activities conducted under Executive Order 12333, the precise scope of these activities remains murky. The NDAA’s language will improve public transparency around these activities and align Executive Order 12333 reporting requirements with those under the Foreign Intelligence Surveillance Act (FISA), which is a significant step forward.

Third, §6801 of the NDAA provides that PCLOB members may choose to serve for up to one year after the expiration of their term if the member’s successor has not yet been appointed or qualified, or while their reappointment is pending. The PCLOB cannot operate without a quorum and has often been unable to work over the last five years due to vacancies. This NDAA provision should help the PCLOB avoid long sub-quorum periods by providing coverage during transitory periods. EPIC has written in the past on the need for timely confirmations of PCLOB members due to the Board’s vital role in ensuring transparency and accountability for government surveillance programs.

Finally, §6301 of the NDAA amends the restrictions on post-intelligence community employment added to the 2022 Consolidated Appropriations Act. These restrictions came in response to the Project Raven scandal, in which former intelligence agency employees worked for companies linked to the United Arab Emirates (UAE), eventually conducting cyber espionage against human rights activists, journalists, and the UAE’s political foes. The NDAA makes several minor amendments, including by creating a permanent prohibition against working in covered post-service positions for a designated foreign country—China, Russia, North Korea, Iran, Cuba, and Syria. As with the existing temporary employment restrictions, these permanent bans are subject to waiver by the DNI. Given complaints that these restrictions are too onerous and underinclusive—because no such restrictions apply to former members of the military or other government employees—it is notable that there are no significant changes to the overall scope of this framework.

Social Media Related Provisions

Section 6815 of the NDAA covers a new Social Media Data and Threat Analysis Center. The NDAA directs the DNI to submit a plan to operationalize this new center, which has been part of the Intelligence Authorization Act for the last several years. The Social Media Data and Threat Analysis Center would operate as a coordinating body between the government and “social media companies, independent organizations and researchers, and other public-facing internet-based platforms” in order to counter foreign malign influence activities. The NDAA directs the DNI to report on what types of data and metadata are useful indicators of foreign malign influence, and “how such data and metadata may be shared effectively with the Center and with independent organizations and researchers while protecting the privacy and civil liberties of United States users of social media platforms and other public-facing internet-based platforms.” This DNI report on data sharing is worth watching for; given the substantial risks posed by government social media surveillance, it is unclear whether there are any privacy and civil liberties guardrails strong enough to strike an appropriate balance.

Section 6816 of the NDAA also directs the DNI to report to Congress on the use of publicly available social media information in personnel vetting and security clearance determinations. As part of this report, the NDAA directs the DNI to provide a description of any privacy or civil liberties concerns associated with the use of this information, as well as “a discussion of the risks, benefits, and drawbacks of allowing for the voluntary provision of, or voluntary access to, non-publicly available social media information in the regular course of personnel vetting and security clearance processes.” The NDAA also calls for the report to include a description of the extent to which officers with privacy and civil liberties responsibilities—whether within the agencies or at ODNI—are involved in the development and implementation of these processes. It is vital that there are strong privacy and civil liberties safeguards in place given the substantial risks posed by pervasive government social media surveillance, even in the personnel vetting and security clearance context. It is also worth watching to see whether, and to what extent, individual agencies have integrated privacy and civil liberties officers in developing and implementing their existing social media vetting processes.

Artificial Intelligence Related Provisions

The NDAA requires the development of “Principles and Policies for Use of AI in Government,” which are not limited to defense contexts and has mostly been carved out of other government endorsed principles in recent past, as well as “Policies and Processes for procurement and use of AI-enabled systems.”

Funding: Throughout the NDAA requires “rapid pilot[ing] & deployment” of AI capabilities for “linking multiple siloed internal and external data sources, consistent with applicable laws and policies, including those relating the protection of privacy and of sensitive law enforcement, national security, and other protected information.” While it is concerning when there are general mandates for adoption of AI, it is encouraging that the NDAA requires the prioritization of projects that “would benefit from commercially available privacy-preserving techniques, such as use of differential privacy, federated learning, and secure multiparty computing.”

The NDAA also increasingly links AI and warfighting. The NDAA explicitly calls for a roadmap for “rapid[]” adoption of AI for Cyberspace Operations Forces and for the use of AI to “increase warning time of potential aggression by adversary nation states” and “discern[] deviations from normal patterns of behavior and activity that may indicate preparations for military actions.” The NDAA also requires the DOD to establish “priority enterprise projects for data management, artificial intelligence, and digital solutions for both business efficiency and warfighting capabilities intended to accelerate decision advantage.” Similarly, the DNI must conduct a review of AI policies and procedures with the goal of “accelerat[ing] and increas[ing] the adoption of artificial intelligence capabilities within the intelligence community.”

In specific procurement allocations, it can be difficult to parse precisely what each line item funds, but the bill provides at the minimum:

  • $10,456,000 for “AI and Machine Learning Basic Research”
  • $16,454,000 for “AI and Machine Learning Technologies”
  • $131,093,000 for “Emerging Technology Initiatives”
  • $11,091,000 for “Biometrics Enabling Capability”
  • $512,000 for “Unmanned Aircraft System Universal Products”
  • $968,455,000 for “Advanced Technology Development,” divided into 9 different subcategories
  • $2,750,000 for “High Performance Data Analytics”
  • $5,000,000 for “AI for Networks”
  • $3,000,000 for “AI for Supply Chain”
  • $30,000,000 for “AI/Autonomy to Cybersecurity and Cyberspace Operations Challenges”
  • $75,000,000 for “National Security Commission on AI Recommendations”
  • $15,000,000 for “AI for Small Unit Maneuver”
  • $35,414,000 for “Maintaining Technology Advantage”
  • $13,132,000 for “Chief Digital and AI Officer Activities”
    • $273,340,000 CDAO for Demonstration and Validation Activities
  • $4,607,000 for “Assessments and Evaluations”

Oversight: The NDAA includes a few key oversight provisions, including §7225, which calls for the creation of agency AI inventories and use cases. This is a codification of Executive Order 13960, signed in 2020 and not yet fully implemented. This will provide an accounting of the different automated systems used by the federal government—which to this point has not ever been made public from one authoritative source.

In §7224, the White House Office of Management and Budget is directed to “develop an initial means by which to” ensure federal AI acquisition meets baseline privacy and civil rights requirements, as well as refinement of existing guidance on AI use. This is an important step forward—and needed in concert with review of past acquisitions and grants to state and local agencies to make acquisitions.

Finally, the NDAA also requires the Department of Homeland Security to issue policies & procedures on AI acquisition and use. EPIC urges these agencies to make this guidance public and developed in a collaborative and open process.

Judicial Security & Privacy Act Provisions [§5931 et seq.]

The Judicial Security and Privacy Act purports to prohibit data brokers from knowingly selling, licensing, trading, transferring, or purchasing the personal information of those covered by the NDAA (judges and their close relatives). The ostensible goal is to limit access to addresses and other personal information that could pose a risk to these individuals. However, as EPIC has already noted, the Act in practice does very little to protect the privacy of personal information about federal judges and their families. The NDAA makes almost all data brokers exempt from the rules that are ostensibly meant to limit data broker sales of protected personal information. Therefore, to adequately protect judges, their relatives, and all Americans, Congress should pass meaningful, comprehensive privacy protections for all Americans.


Overall, the NDAA offers some important, albeit narrow, improvements to privacy and AI oversight. However, these measures on their own are far from sufficient. it is important that Congress continue to strengthen oversight of surveillance and AI tools and promote accountability for their use. While the NDAA emphasizes the need to account for privacy and data security implications across government programs, Congress must also ensure that agencies meaningfully comply with the oversight requirements.

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.