S E C R E T A R Y O F T H E A R M Y W A S H I N G T O N MEMORANDUM FOR SEE DISTRIBUTION 1. (U) References. A complete list of references is in the enclosure. 2. (U) Purpose. Effective immediately, this memorandum provides policy and procedures for U.S. Army open-source intelligence (OSINT) activities in accordance with Department of Defense (DoD) Instruction 3115.12 (Open Source Intelligence) (reference a). The Deputy Chief of Staff (DCS), G-2 serves as the Army functional proponent for OSINT policy, strategic planning, and programming. 3. (U) Applicability a. (U) This directive applies to the performance of OSINT research, collection, analysis, production, and training by Army intelligence personnel (military, civilians, and contractors) assigned, attached, detailed to, or supporting Army intelligence organizations, units, or elements with an OSINT mission authorized in accordance with paragraph 4. This directive also applies to Army National Guard intelligence personnel when operating under Title 10 authorities (reference b) and those referenced in paragraph 15h. OSINT activities in support of human intelligence or counterintelligence missions may also be governed by supplemental policy in Army Regulation (AR) 381-20 (The Army Counterintelligence Program), AR 381-47 (Offensive Counterintelligence Operations (U)), or AR 381-100 (The Army Human Intelligence (HUMINT) Collection Program) (U) (references c through e). b. (U) This directive does not apply to other intelligence activities conducted in the cyberspace environment or to non-intelligence U.S. Army personnel who research, collect, or acquire publicly available information in the cyberspace environment under information operations, special operations, cyber operations, information security, personnel security, disaster and humanitarian support operations, force protection, or criminal investigative authorities. 4. (U) Authority to Conduct OSINT Activities. The DCS, G-2; the Commander, U.S. Army Intelligence and Security Command (INSCOM); the Commanders of Army Commands and Army Service Component Commands; and the Commander, 650th Military Intelligence Group or their designees may grant, in writing, to assigned, attached, aligned, or detailed Army intelligence organizations, units, or elements the authority to conduct OSINT activities to support their intelligence missions.
5. (U) Supplementation. Army intelligence professionals conducting OSINT activities will follow the policy in this memorandum and the applicable provisions of the referenced laws and regulations. Commanders may supplement the provisions of this memorandum with locally applicable guidance as long as such guidance is consistent with the provisions of this memorandum and the referenced laws and regulations. 6. (U) Definitions. Army intelligence professionals conduct OSINT activities in a coordinated, collaborative manner and pursue the full integration and exploitation of open-source information, including publicly available information, for intelligence purposes. a. (U) Public Law 108-458 (reference f) cites OSINT as a valuable source that must be integrated into the intelligence cycle to ensure that U.S. policymakers are fully and completely informed. Each element of the Intelligence Community (IC) should use OSINT consistent with the mission of the element. b. (U) Public Law 109-163 (reference g) defines OSINT as Intelligence that is produced from publicly available information and is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement. c. (U) OSINT research is defined as activities conducted in the preparation of open-source collection: viewing or accessing publicly available information without copying, saving, or storing the information in an intelligence component database. If information is copied, saved, stored, or otherwise preserved in any manner, it is collected and must be evaluated in accordance with references g through i. d. (U) Publicly available information is defined as information that has been published or broadcast for public consumption, is available on request to the public, is accessible online or otherwise to the public, is available to the public by subscription or purchase, could be seen or heard by any casual observer, is made available at a meeting open to the public, or is obtained by visiting any place or attending any event that is open to the public. 7. (U) Risk Assessments. Army OSINT activities must be conducted in a manner that protects operations security (OPSEC). Army intelligence professionals who research or collect open-source information must pay careful attention and remain compliant with OPSEC requirements defined in AR 530-1 (reference j) to prevent disclosure of critical and sensitive DoD information in any public domain. Commanders of Army intelligence components will ensure that a risk assessment is conducted and approved before performing any OSINT research or collection activity on the Internet to weigh the risks and expected benefits of conducting the proposed OSINT activity. The results of the 2
risk assessment will affect OSINT activities consistent with the requirements in DoD Instruction S-5105.63 (Implementation of DoD Cover and Cover Support Activities (U)) (reference k) and in accordance with the following: a. (U//FOUO) Tier 0: A risk assessment that determines the threat knowledge of the OSINT activity will not pose a risk to imminent or ongoing military operations or intelligence priorities, sources, or methods is a Tier 0 research or collection activity. Tier 0 activities require annual OPSEC training. b. (U//FOUO) Tier 1: A risk assessment that determines the threat knowledge of the OSINT activity could pose a risk to imminent or ongoing military operations or intelligence priorities, sources, or methods is a Tier 1 research or collection activity. Tier 1 activities require that: intelligence professionals leverage OSINT data the IC provides on Government networks to the greatest extent possible before researching or collecting opensource information from the Internet; intelligence professionals must use managed attribution capabilities when information on Government networks is insufficient to answer intelligence requirements; Army intelligence components must obtain approval from Headquarters (HQ), INSCOM, a national intelligence agency, combat support agency, or supported combatant command before acquiring managed attribution capabilities; and intelligence personnel complete annual OPSEC training as well as training in managed attribution. 8. (U) Intelligence Missions and Information Requirements. To conduct OSINT activities, the commander or designated authority (for example, the G2/S2, Analysis and Control Element Chief, Senior Intelligence Officer, Collection Manager) must ensure that: a. (U) the command, organization, or element has obtained authority to conduct OSINT activities in accordance with paragraph 4. b. (U) forward stationed or forward deployed units establish an OSINT collection plan aligned to the supported combatant command. These plans will be retained for unit leaders and intelligence oversight officials to review annually. 3
c. (U) Continental United States (CONUS)-based global response forces, regionally aligned forces, reach-back elements, and other CONUS-based support elements planning to conduct OSINT activities must align their mission to a supported combatant command s intelligence mission and document the mission in an established collection plan that is retained for unit leaders and intelligence oversight officials to review annually. d. (U) The OSINT collection plans must also identify and document information requirements derived from the National Intelligence Priorities Framework, the Integrated Defense Intelligence Priorities, Theater Operations Plans, or the commander s Priority Intelligence Requirements. 9. (U) Collection Requirements. Army intelligence organizations, units, and elements authorized to conduct OSINT activities that have requests for information requiring Tier 1 OSINT research or collection will coordinate with their collection management team using the Community On-Line Intelligence System for End-Users and Managers (known as COLISEUM) to manage OSINT production requirements. If the request for information requires new OSINT collection, the collection manager should articulate it as a collection requirement in the Open Source Collection Acquisition Requirements- Management System (OSCAR-MS). Collection managers must deconflict existing requirements and insert new unit-level requests for information as needed. Army Commands with available intelligence analysis capacity and a mission to conduct analysis activities in support of the IC, DoD, or other Army intelligence requirements are encouraged to routinely review global intelligence information requirements inside OSCAR-MS and provide answers where possible. The Defense Intelligence Agency maintains OSCAR-MS and HQ, INSCOM manages Army accounts. 10. (U//FOUO) Use of Government Devices and Location. These safeguards are required to protect OPSEC and prevent the compromise of professional identity. a. (U//FOUO) Except as discussed in this paragraph, intelligence professionals must be in a duty status and use command-approved hardware in a Government-owned or leased location to conduct OSINT research or collection activities. Government locations include deployed tactical operations centers and associated mobile users. The conduct of OSINT research or collection activities that employs the use of private or personal computer capabilities or is done outside of a Government-owned or leased location is generally prohibited. However, commands may authorize intelligence personnel to conduct Tier 0 OSINT research or collection activities consistent with telecommuting agreements. Absent specific approval to conduct OSINT research or collection activities while telecommuting, personnel will not query the Internet with the intent to answer intelligence or information requirements on their personally owned electronic devices. 4
b. (U//FOUO) Personnel who have accessed Web sites in a Tier 1 capacity may not access those same Web sites using personally owned electronic devices for the purposes of OPSEC. (See paragraphs 8a and 8b on page 3 for OPSEC training requirements.) This restriction does not apply to accessing commercially or publicly owned news media Web sites (such as CNN or ABC News). The use of the Internet for purely personal interests, which include academic research and news information or subscriptions, is not an OSINT activity. 11. (U//FOUO) Use of Social Media for OSINT Purposes. Intelligence professionals directly accessing social media platforms under open-source authorities to satisfy intelligence or information requirements are conducting an OSINT activity, which must be supported by an officially approved collection plan as described in paragraphs 8 and 9. Intelligence professionals are prohibited from creating or using a personal social media account when conducting OSINT activities. When conducting Tier 0 or Tier 1 OSINT research or collection activities requiring a professional social media account, intelligence professionals must obtain written approval from the head of their intelligence component and any required Procedure 10 (Undisclosed Participation in Organizations) or other approval under DoD Manual 5240.01 (Procedures Governing the Conduct of DoD Intelligence Activities) (reference h). Engagement (for example, conversing or exchanging information) with individuals or personas inside a social media platform is an interactive activity not authorized under OSINT authorities. When a social media service requires registration for access or to join a group or become a member, intelligence professionals must consult with their servicing staff or command judge advocate s office to determine whether these requirements are an interactive activity and ensure compliance with DoD Manual 5240.01 and AR 381-10 (U.S. Army Intelligence Activities) (reference i). 12. (U) U.S. Person Information. Army intelligence personnel will conduct OSINT activities in accordance with the requirements of references h and i in a manner that ensures legality and propriety, and preserves and respects the privacy and civil liberties of U.S. persons. All Army intelligence personnel who conduct OSINT activities will complete annual intelligence oversight training as required in references h through i. The U.S. person information may only be collected as part of an OSINT activity if the information sought is reasonably believed to be necessary for the performance of an authorized intelligence mission AND it is publicly available. If the U.S. person information is incidentally collected (it was not the target of the OSINT collection), retention periods must comply with DoD Manual 5240.01 and AR 381-10 from the date it was collected to make a determination about collection and permanent retention (see references h and i). 13. (U) Intellectual Property. Army intelligence personnel who conduct OSINT activities will familiarize themselves with the protections afforded to intellectual property 5
right holders as outlined in references l and m. The use of copyrighted material the author has granted permission to use will carry attribution for the source of the material. Army intelligence components may also use elements of copyrighted material without permission if the use can be considered fair use, including the reproduction or summarization of the material for the purposes of reporting, teaching, or research and not for profit. Fair use information should also include attribution citations in intelligence products referencing organization or author and originating source title or date. The substantive nature of the reproduced or summarized material is also a factor for determining fair use. Personnel should direct questions for determining whether copyright permission is required or fair use applies to their local supporting staff judge advocate or other legal counsel. In cases where it is reasonably believed the materials containing information derived from OSINT activities will be publicly released, a written legal opinion by the servicing staff or command judge advocate s office is required (see references i and m). 14. (U) Responsibilities a. (U) Commander, U.S. Army Training and Doctrine Command (TRADOC). The commander: (1) (U) ensures that an OSINT doctrine, organization, training, materiel, leadership, personnel, and facilities is completed and the appropriate Joint Capabilities Integration and Development System actions are taken to ensure that required collection and processing, exploitation, and dissemination (PED) capabilities for the OSINT discipline are available to Army personnel. (2) (U) develops and maintains a holistic OSINT training strategy between TRADOC; the Army Intelligence Center of Excellence; HQ, INSCOM; and the Office of the DCS, G-2 that includes both institutional and operational (for example, Foundry) components. (3) (U) develops a plan, consistent with reference g, to identify and incorporate an OSINT specialty into the Army s military personnel system through a certification program beginning with Career Management Field 35. Note: (U) Training elements (such as TRADOC G2 and the Intelligence Center of Excellence) are not required to seek HQ, INSCOM approval to contract for OSINT trainers, instructors, or other academic professionals. However, like all other Army intelligence components, training elements are responsible for obtaining HQ, INSCOM approval to acquire and manage TRADOC-specific OSINT technology capabilities. This requirement will ensure that stovepipe capabilities are not added to the baseline 6
and will facilitate HQ, INSCOM responsibilities for congressional, IC, and Army G-2 OSINT technology reporting. b. (U) Army General Counsel. The General Counsel is the legal counsel to the Secretary of the Army and the chief Department of the Army legal officer. The General Counsel s responsibility extends to any subject of law and other matters as the Secretary of the Army directs. The General Counsel exercises the Secretary of the Army s oversight of OSINT activities. c. (U//FOUO) Army Chief Information Officer/G-6. The Army Chief Information Officer/G-6 provides: (1) (U//FOUO) guidance and resource planning for OSINT-unique network and technical requirements. (2) (U//FOUO) guidance to Army commands regarding commercial circuit connections to the Internet in support of Army open-source activities d. (U) The Inspector General. The Inspector General exercises compliance oversight of the policy in this directive through periodic inspections. e. (U) The DCS, G-2: (1) (U) serves as the functional proponent for Army OSINT policy, strategic planning, and programming. (2) (U) represents the Army at the National Open Source Committee and Defense Open Source Council and coordinates Army OSINT programs and activities through them. (3) (U) provides strategic planning for OSINT activities and resource planning for OSINT operations as authorized and directed by the Director of National Intelligence and the Secretary of Defense, Deputy Secretary of Defense, or Under Secretary of Defense (Intelligence) and coordinates Army OSINT functional requirements throughout the processes for the National and Military Intelligence Programs. (4) (U) coordinates with the Army Chief Information Officer/G-6 for unique network requirements to support OSINT activities. (5) (U) ensures that Army intelligence elements conduct OSINT activities in compliance with U.S. law and Director of National Intelligence, DoD, and Army policies, 7
guidelines, and restrictions, particularly those regarding the rules and procedures for intelligence oversight. f. (U) The Judge Advocate General. The Judge Advocate General exercises Army oversight of OSINT activities in coordination with the Office of the Army General Counsel. g. (U) Commander, HQ, INSCOM. The commander serves as the Army OSINT operational proponent and: (1) (U) develops and maintains an Army OSINT program through an incrementally phased implementation, consistent with available programmatic resourcing from the National and Military Intelligence Programs. (2) (U) receives and reviews requests from Army intelligence components to manage OSINT technologies or OSINT contracts for other than basic commercial search engines. Approval is not required for units to use OSINT capabilities provisioned by the National Open Source Enterprise, DoD combat support agencies, or combatant commands. The authority to use OSINT capabilities will remain in effect until the Army requirements and acquisition processes deliver long-term OSINT collection and PED capabilities that may be incorporated into an Army program of record or until the Army selects an alternative approach. (3) (U//FOUO) manages unit requests for Army account access to agencyprovisioned capabilities, including but not limited to, managed attribution, collection requirements management, and OSINT collection and processing capabilities. (4) (U) submits an OSINT status report for the previous fiscal year to the Office of the DCS, G-2 not later than 15 January of each year. The report will identify all Army OSINT activities and all INSCOM-approved OSINT collection and processing technologies, sample metrics for value-added intelligence, and issues that hinder the effectiveness of Army OSINT activities. (5) (U) serves as the Army s OSINT Operational Requirements Manager and Data Manager with the National Open Source Enterprise and serves as the alternate Army representative at the National Open Source Committee and Defense Open Source Council. (6) (U//FOUO) ensures that the Foundry training strategy includes appropriate curricula and courses from the National Open Source Academy, the Defense Intelligence Agency s OSINT training courses, and live environment training opportunities and that the training strategy includes basic OSINT techniques; managed 8
attribution; collection requirements management; HQ, INSCOM-approved tools; and intelligence oversight tailored to OSINT activities, including the use of social media. (7) (U) establishes an Army capability to evaluate and validate potential opensource technologies for operational use. Shares the results and lessons learned with TRADOC; U.S. Army Research, Development and Engineering Command; and the Office of the Assistant Secretary of the Army (Acquisition, Logistics and Technology) to assist in informing the Army requirements and acquisition processes and decisions to deliver an OSINT collection capability via an Army program of record or an alternative approach. h. (U) Commander, U.S. Army Reserve Command. The commander will develop a plan, consistent with reference j, for Army Reserve intelligence personnel to use OSINT capabilities to augment and support Army intelligence missions. i. (U) Commanders of Army Intelligence Components. All commanders of intelligence components authorized to conduct OSINT in accordance with paragraph 3 will, when conducting OSINT activities: (1) (U//FOUO) ensure that risk assessments are conducted to support OSINT research and collection by command and subordinate units; that intelligence personnel receive specific OSINT OPSEC training; and, when conducting Tier 1 activities, that intelligence personnel are trained in the use of managed attribution in accordance with paragraph 8. (2) (U) ensure annual intelligence oversight training specific to OSINT, including the use of social media, is conducted and oversight of OSINT research and collection activities occurs. (3) (U//FOUO) ensure that intelligence personnel conducting Tier 1 OSINT activities are trained in managed attribution and other collection techniques in the cyberspace environment. (4) (U) submit any operational requests for OSINT contract analysts and unitlevel management of OSINT technologies for other than basic commercial search engines to HQ, INSCOM. Approval is not required for units to use capabilities provisioned by the National Open Source Enterprise, DoD combat support agencies, or combatant commands. This authority to use OSINT capabilities will remain in effect until the Army requirements and acquisition processes deliver long-term OSINT collection and PED capabilities that may be incorporated into an Army program of record or the Army selects an alternative approach. Units with approval to conduct OSINT according to paragraphs 4 and 8 are not required to garner HQ, INSCOM 9
approval to task organize an OSINT cell. However, the use of contract personnel, tools, and technologies must go through the INSCOM approval process to ensure that no stovepipe capabilities are added to the baseline and that standards for trained contract analysts are consistent. In addition, this requirement enables HQ, INSCOM to facilitate its responsibilities for congressional, IC, and Army DCS, G-2 OSINT technology reporting. (5) (U) submit requests for OSINT information through OSCAR-MS to deconflict existing requirements and products and post new unit requests as needed. Army commands with available intelligence analysis capacity and a mission to conduct analysis activities in support of the IC, DoD, or other Army intelligence requirements are encouraged to routinely review global intelligence information requirements inside OSCAR-MS and provide answers where possible. The Defense Intelligence Agency manages OSCAR-MS and HQ, INSCOM manages Army accounts. 15. (U) Proponency. The Office of the DCS, G-2 is the proponent for this directive and will incorporate its provisions into a new Army regulation within 3 years. This directive is rescinded upon publication of the new regulation. The Office of the DCS, G-2 point of contact is the Directorate of Information Management (DAMI-IM). Encl Eric K. Fanning DISTRIBUTION: Principal Officials of Headquarters, Department of the Army Commander U.S. Army Forces Command U.S. Army Training and Doctrine Command U.S. Army Materiel Command U.S. Army Pacific U.S. Army Europe U.S. Army Central U.S. Army North U.S. Army South U.S. Army Africa/Southern European Task Force U.S. Army Special Operations Command Military Surface Deployment and Distribution Command U.S. Army Space and Missile Defense Command/Army Strategic Command U.S. Army Cyber Command (CONT) 10
DISTRIBUTION: (CONT) U.S. Army Medical Command U.S. Army Intelligence and Security Command U.S. Army Criminal Investigation Command U.S. Army Corps of Engineers U.S. Army Military District of Washington U.S. Army Test and Evaluation Command U.S. Army Installation Management Command Second Army Superintendent, United States Military Academy Director, U.S. Army Acquisition Support Center Executive Director, Arlington National Cemetery Commander, U.S. Army Accessions Support Brigade Commandant, U.S. Army War College CF: Director, Army National Guard Director of Business Transformation Commander, Eighth Army 11
REFERENCES a. (U) Department of Defense (DoD) Instruction 3115.12 (Open Source Intelligence (OSINT)), 24 August 2010. b. (U) Title 10, United States Code, sections 3001 5000 (As Amended Through January 7, 2011). c. (U) Army Regulation (AR) 381-20 (The Army Counterintelligence Program), 26 May 2010. (This regulation is classified.) d. (U) AR 381-47 (Offensive Counterintelligence Operations) (U), 27 September 2013. (This regulation is classified.) e. (U) AR 381-100 (The Army Human Intelligence (HUMINT) Collection Program) (U), 22 February 2016. (This regulation is classified.) f. (U) Intelligence Reform and Terrorism Prevention Act of 2004, Public Law 108-458. g. (U) The National Defense Authorization Act for Fiscal Year 2006, Public Law 109-163. h. (U) DoD Manual 5240.01 (Procedures Governing the Conduct of DoD Intelligence Activities), August 8, 2016. i. (U) AR 381-10 (U.S. Army Intelligence Activities), 3 May 2007. j. (U) AR 530-1 (Operations Security), 26 September 2014. k. (U) DoD Instruction S-5105.63 (Implementation of DoD Cover and Cover Support Activities (U)), June 20, 2013. (This document is classified.) l. (U) Copyright Act of 1976, 17 United States Code, sections 101 810 (As Amended 4 December 2014). m. (U) AR 27-60 (Intellectual Property), 1 June 1993. n. (U) Executive Order 12333 (United Stated intelligence activities), December 4, 1981 (as amended through 30 July 2008). o. (U) DoD Directive 5105.21 (Defense Intelligence Agency (DIA)), 18 March 2008. Enclosure
p. (U) DoD Directive 5143.01 (Under Secretary for Defense Intelligence (USD(I)), October 24, 2014, With Change 1 Effective April 22, 2015. q. (U) DoD Directive 5240.01 (DoD Intelligence Activities), August 27, 2008, Incorporating Change 1 and Certified Current Through August 27, 2014. r. (U) AR 10-87 (Army Commands, Army Service Component Commands, and Direct Reporting Units), 4 September 2007. 2