A nation must think before it acts.
The Clock is Ticking: Why Congress Needs to Renew America’s Most Important Intelligence Collection Program, Parts I – IV
Amidst the myriad political issues dominating the congressional calendar, Congress faces a decision on renewing the FISA Amendments Act[1] originally enacted in 2008, extended in 2012, and now set to expire on December 31, 2017.
Among the provisions up for renewal is Section 702 (50 U.S.C. § 1881a) of the FAA titled “Procedures for Targeting Certain Persons Outside the United States Other Than United States Persons.” Since it was passed by Congress in 2008, the collection program conducted under Section 702 (the “Section 702 Program”) has steadily grown to become arguably the most significant collection tool available to the U.S. Intelligence Community. By 2011, the National Security Agency (NSA), the agency responsible for conducting the nation’s signals intelligence activities, was acquiring more than 250 million internet communications each year pursuant to Section 702.[2] By 2014, it was estimated that more than 25 percent of all foreign intelligence reports issued by NSA concerning counterterrorism included information based in whole or in part on Section 702 collection.[3] Although similar calibrations of Section 702’s value remain classified, neither the volume of Section 702 collection nor its ubiquity in intelligence reporting is likely to have diminished since 2014.
Yet, despite its apodictic value as an intelligence tool, Section 702 has its critics who insist that it transcends constitutional bounds and that Congress should allow the program either to lapse or renew it only with significant changes.[4] This paper examines the historical antecedents of Section 702, the concepts underlying the statutory language used in Section 702, and the actual operation of the Section 702 Program in the context of the constitutional debate that surrounds it to conclude that there is no compelling reason for Congress to materially disturb the statute as written, or the Section 702 Program as conducted by the Intelligence Community.
A Brief Review of the Evolution of Authority to Conduct Electronic Surveillance for Foreign Intelligence Purposes
Under Article II of the U.S. Constitution, the president is designated as the commander in chief of the armed forces and the principal actor for the Nation in the protection of its national security and the conduct of its foreign affairs. Until the 1960s, presidents relied upon this constitutional authority as the basis for authorizing, without a warrant or the involvement of the courts, electronic surveillance for foreign intelligence and counterintelligence purposes.
In 1968, responding in part to a number of U.S. Supreme Court decisions impacting the use of electronic surveillance as a law enforcement tool, Congress passed the Omnibus Crime Control and Safe Streets Act.[5] This law established a specific statutory framework governing the use of electronic surveillance for law enforcement purposes and making such surveillance subject to prior court order predicated upon a detailed application and carefully circumscribed conditions of use. Reflecting the unsettled division of authority between governmental branches in the area of foreign intelligence matters, a proviso to Title III disclaimed that any provision in the act was intended to “limit the constitutional power of the President to take such measures as he deems necessary to protect the Nation against actual or potential attack . . . to obtain foreign intelligence information deemed essential to the security of the United States, or to protect national security information against foreign intelligence activities.” 18 U.S.C. § 2511(3).
In U.S. v. U.S. District Court (the “Keith” case),[6] the Supreme Court considered the legality of an Attorney General-authorized warrantless surveillance of a U.S. citizen accused of bombing a CIA office building. The Court ruled that the above-cited proviso in § 2511 was merely a disclaimer of congressional intent to define presidential powers in matters affecting national security and did not represent a blanket grant of authority to conduct warrantless national security surveillance. With this as a predicate, the Keith Court concluded that electronic surveillance in domestic security matters must comply with Title III standards requiring a warrant, but the Court specifically declined to address the scope of the president’s authority to authorize electronic surveillance in matters relating to foreign powers or their agents.[7] Thus, Keith represented the first departure from unfettered executive discretion in the conduct of electronic surveillance arguably related to national security. After Keith, at least in cases of domestic security investigations, a warrant was required.
Subsequent congressional investigations in the 1970s, principally through the inquiries of the “Pike Committee” in the House of Representatives and the “Church Committee” in the Senate,[8] led to further calls for controls over executive discretion in the conduct of intelligence activities. Two particular NSA programs, Project Shamrock and Project Minaret,[9] were revealed to involve the acquisition of the communications of U.S. persons without warrant or any judicial oversight. In response to these and other revelations, Congress passed the Foreign Intelligence Surveillance Act of 1978 (“FISA”)[10] which sought to provide judicial oversight for the conduct of electronic surveillance in the United States for foreign intelligence and counterintelligence purposes.
An Overview of FISA’s Requirements
Subject to certain prescribed statutory exceptions,[11] FISA is “the exclusive means by which electronic surveillance and the interception of domestic wire, oral or electronic communications may be conducted.”[12] In FISA, “electronic surveillance” is a defined term requiring the acquisition of the contents of a wire or radio communication by the use of an electronic, mechanical, or other surveillance device.[13] As originally enacted in 1978, FISA’s scope embraced the conduct of electronic surveillance (as defined in the statute) for foreign intelligence purposes in the United States. FISA mandated that (with certain exceptions) such surveillance be conducted only pursuant to an order issued by the Foreign Intelligence Surveillance Court (FISC)[14] based upon an application by an appropriate federal official with such order issuing only after a finding by the FISC (1) that there was probable cause to believe that the target of the surveillance was a foreign power or an agent of a foreign power; (2) that each of the facilities at which the surveillance was directed was being used or about to be used by a foreign power or an agent of a foreign power, and (3) that the minimization procedures proposed for use with the surveillance satisfied FISA’s standards.[15] In terms of the substantive standards governing the conduct of electronic surveillance, FISA remained largely unchanged until 2008.
Consequently, as originally structured in 1978, Congress excluded three types of foreign intelligence collection from FISA: (1) electronic communications outside U.S. borders; (2) intelligence collection inside the U.S. and abroad that fell outside the statutory definition of “electronic surveillance;” and (3) incidental collection of U.S. person communications.
Electronic Surveillance in the Aftermath of 9/11 Leads to Passage of the FISA Amendments Act
While FISA remained substantively static over the next three decades, world events and evolving telecommunications did not.
Telecommunications technology and accompanying changes in infrastructure altered the communications environment in ways unanticipated when FISA was enacted in 1978. For example, FISA contemplated an environment in which most local (i.e., domestic) communications would be carried by wire while the majority of international communications would be transmitted via radio.[16] By the early 2000s, however, the shift to undersea cables (generally fiber optic) for international communications and the vastly expanded domestic cellular network had essentially reversed FISA’s technological assumptions deleteriously impacting the NSA’s ability to conduct its signals intelligence mission, especially given the dramatically different threat environment captured in its most horrid manifestation in the September 11, 2001 terror attacks.[17]
In an effort to address the intelligence needs directed towards the terrorist threat environment following those September 11 attacks, President George W. Bush secretly implemented the highly classified President’s Surveillance Program which included a component known as the “Terrorist Surveillance Program” (TSP), codenamed Stellar Wind, in which the NSA collected both the contents of certain international communications and in bulk non-content (i.e., “metadata”) about telephone and internet communications.
In 2005, public disclosures of the existence of the TSP led the government to pursue authorization for the program from the FISC but certain restrictions in the FISC’s approval of the collection created, in the government’s view, an “intelligence gap” prompting the government to pursue legislative authorization for the program. Moreover, the government also had found that the fluidity of suspected terrorists’ movements and the rapidity with which they changed communications facilities were proving difficult to address under the existing FISA structure that required, for a FISA order, a probable cause showing that the suspected terrorist was an agent of a foreign power and was using or about to use a particular communications facility.
Given the inefficiencies perceived by the government in obtaining FISC approval for continued TSP collection, in the spring of 2007, the Bush administration proposed modifications to FISA. The Director of National Intelligence informed Congress that FISC modifications to the program had resulted in “degraded” acquisition of communications.[18] This, combined with reports of a “heightened terrorist threat environment,” accelerated Congress’ consideration of these proposals.[19] In August 2007, Congress passed and the president signed the Protect America Act of 2007, a legislative forerunner to what is now Section 702 of FISA. The Protect America Act was a temporary measure that was set to expire 180 days after its enactment.[20]
Shortly after passage of the Protect America Act, the government renewed its efforts to replace it with a more permanent statute. Initially, efforts became deadlocked over the issue of immunity for telecommunications providers, many of which were in litigation focused on their cooperation with the TSP. Congress finally agreed to provide telecommunications providers with blanket, retroactive immunity and, in July 2008, the legislature enacted the FISA Amendments Act.[21]
With the passage of the FAA, the government transitioned the collection activities that had been conducted under the Protect America Act to the authority of Section 702 and, where appropriate, other sections of the FAA. The provisions of the FAA were renewed in December 2012[22] with a sunset provision mandating that, absent further legislative action, the FAA will expire on December 31, 2017.
The Statutory Process of Section 702 Collection
The statutory scope of Section 702 can be synopsized as follows: Section 702 of FISA permits the Attorney General and the Director of National Intelligence to jointly authorize the (1) targeting of persons who are not United States persons, (2) who are reasonably believed to be located outside the United States, (3) with the compelled assistance of an electronic communication service provider, (4) in order to acquire foreign intelligence information.
Section 702 opens by providing the Attorney General and the Director of National Intelligence (“DNI”) with the authority to jointly authorize, for a period of up to one year, “the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence.”[23] This authorization is immediately followed by a series of “Limitations”: i.e., (1) that no person known at the time of the acquisition to be located within the United States may be intentionally targeted; (2) that no person reasonably believed to be located outside the United States may be targeted if the purpose is to acquire the communications of a particular, known person reasonably believed to be in the United States; (3) that no United States person reasonably believed to be located outside the United States may be intentionally targeted; (4) that no communication may be intentionally acquired where, at the time of the acquisition, the sender and all intended recipients are known to be located in the United States; and (5) that all acquisitions under Section 702 must be conducted in a manner consistent with the Fourth Amendment to the Constitution of the United States.[24]
To ensure compliance with these statutory restrictions, Section 702 requires that the Attorney General, in consultation with the DNI, adopt “targeting procedures” (50 U.S.C. § 1881a(d)),[25] “minimization procedures” (50 U.S.C. §1881a(e)), and “guidelines” (50 U.S.C. § 1881a(f)). The “targeting procedures” and “guidelines” are designed to ensure compliance with the above-described “Limitations” found in 50 U.S.C. § 1881a(b). The minimization procedures, like those required in connection with traditional FISA surveillance, are intended to minimize the acquisition, retention, use, and dissemination of nonpublicly available information concerning unconsenting U.S. persons consistent with the needs of the United States to obtain, produce, and disseminate foreign intelligence information.
Authority for a Section 702 acquisition is obtained in a manner materially different from a traditional FISA surveillance. FISA requires an application to the FISC for an order which can be issued only after an individualized determination that there is probable cause that the target is a foreign power or an agent of a foreign power, and that the target is using or about to use specified facilities. Conversely, a Section 702 acquisition is initiated by a written “certification” of the Attorney General and the DNI attesting that there are procedures (i.e., targeting procedures) that have been submitted to the FISC (or will be submitted with the certification) and guidelines (which are not submitted to the FISC) that are reasonably designed to: (1) ensure that the proposed acquisition is limited to targeting persons reasonably believed to be outside the United States; and (2) prevent the intentional acquisition of any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States. The certification must also include an attestation that the acquisition will be conducted in accordance with minimization procedures that meet the standards of FISA, and that “a significant purpose” of the acquisition is to obtain foreign intelligence information.[26] However, in a clear departure from the requirements of a traditional FISA surveillance, a certification is not required to identify any particularized target or to disclose the specific facilities, places, premises, or property at which an acquisition will be directed or conducted. 50 U.S.C. § 1881a(g)(4).
Upon receipt of a certification (and, where appropriate, its accompanying targeting and minimization procedures), the FISC has 30 days to conduct a review. The 30-day period may be, and often has been, extended for good cause. The review contemplated by Section 702 is materially different than that performed in connection with a traditional FISA application. Under Section 702, the FISC conducts no probable cause inquiry and does not review the targeting of particular individuals; instead, Section 702 requires that the court determine whether a certification contains all the statutorily required elements and that the targeting and minimization procedures to be used with the acquisition are consistent with Section 702’s statutory requirements and with the Fourth Amendment to the Constitution. 50 U.S.C. § 1881a(i)(3). If these standards are met to the FISC’s satisfaction, the court issues an order approving the certification.[27]
Once the FISC has entered an order approving the certification, the government conducts the acquisition by directing the assistance of an “electronic communication service provider.”[28] Congress clearly contemplated that, notwithstanding the foreign focus of the targets of Section 702 surveillance, the acquisition of communications under Section 702 would occur in the United States, and the statute specifically provides that the Attorney General and the DNI, in conjunction with authorizing an acquisition pursuant to Section 702, may direct an electronic communication service provider to immediately provide the government with all information, facilities, or assistance necessary to accomplish the acquisition in a manner that will protect the secrecy of the acquisition while producing minimum interference with the provider’s service to the target. 50 U.S.C. § 1881a(h)(1)(A).[29]
The Operation of Section 702 in Practice
Acquisition
Once a certification is approved, the government proceeds to target those non-U.S. persons reasonably believed to be located outside the United States who are within the scope of the certification to acquire foreign intelligence information. Section 702 certifications permit non-U.S. persons to be targeted only through the “tasking” of “selectors.” Selectors are neither key words (e.g., “weapon” or “nuclear”) nor individual names of targeted individuals because these terms would not identify specific communications facilities; instead, a selector is a specific communication facility used by a target, such as the target’s email address or telephone number. In the patois of Section 702 collection, people are “targets,” and “selectors” are “tasked.”[30]
The NSA develops a proposed “target” based on “lead” information used by its analysts to determine whether the proposed target is likely to communicate foreign intelligence information as designated in an approved certification. The analyst then proceeds further to conduct a “due diligence” examination of the circumstances relevant to the determination of whether, in fact, the potential target is a non-U.S. person reasonably believed to be located abroad.[31] This “foreignness” test “is not a ‘51% – 49% determination,’” but makes use of multiple information sources and comes to a conclusion regarding the location of the target based on the totality of the circumstances.[32] Analysts are required under the NSA Targeting Procedures to prepare “tasking sheets” citing the specific documents and communications that lead them to the conclusion that the target is outside the United States.[33] As the Privacy and Civil Liberties Oversight Board (PCLOB) reported, the practical effect of these procedures is a requirement that analysts “show their work” with respect to assessing the location of the target.[34]
In its 2014 report on the Section 702 Program, the PCLOB cited to a 2013 review conducted by the Department of Justice (DoJ) designed to assess how often NSA’s “foreignness” conclusions made under its targeting procedures turned out to be incorrect.[35] The review assessed a year of data and showed that only 0.4% of those targeting decisions resulted in the tasking of a selector where, as of the date of that tasking, the user was a U.S. person or was located in the United States.[36] Stated differently, the DoJ review concluded that 99.6% of the selectors that NSA had tasked did not have users who were U.S. persons or were located in the United States. On those very rare occasions where the NSA subsequently determines, as part of its internal post-targeting analysis, that a target has entered the United States or that a target initially believed to be a non-U.S. person is, based upon further review and information, actually a U.S. person, NSA targeting procedures mandate that the selector(s) associated with that target be “detasked” and that the acquisition from that target terminate without delay.[37]
Section 702 surveillance is predicated upon acquiring foreign intelligence information. Thus, in addition to assessing the “foreignness” of the target, the NSA’s targeting procedures also require confirmation, again based on the totality of the circumstances considering all information available to the analyst, that every selector used with a target will likely acquire a type of foreign intelligence information identified in an approved Section 702 certification (the “foreign intelligence purpose” test).[38]
For each selector associated with a target, then, the NSA uses a multi-step process that documents: the foreign intelligence that is expected to be acquired from the selector; the information upon which a reasonable person would conclude that the selector is used by a non-U.S. person; and, the information upon which a reasonable person also would conclude that this non-U.S. person is located outside the United States.[39] Once approved, the selector is provided to an electronic communication service provider, which is directed to provide the communications associated with that selector.
The NSA receives information concerning a tasked selector through two distinct forms of collection. One, the PRISM program,[40] has selectors furnished for tasking to electronic communication service providers (such as internet service providers (“ISPs”) like Google, Microsoft, and Yahoo) by the FBI, with the resultant communications sent to or received from the selector(s) then being provided to the NSA.[41] The NSA receives all data collected through PRISM collection.[42] In terms of volume, as of mid-2011, for example, 91 percent of the internet communications that the NSA acquired in any year were estimated to be obtained through PRISM collection.[43] The PCLOB Report offers the following example of PRISM collection in practice:
NSA learns that John Target, a non-U.S. person located outside the United States, uses the email address “johntarget@usa-ISP.com” to communicate with associates about his efforts to engage in international terrorism. The NSA applies its targeting procedures (described below) and “tasks” johntarget@usa-ISP.com to Section 702 acquisition for the purpose of acquiring information about John Target’s involvement in international terrorism. The FBI would then contact USA-ISP Company (a company that has previously been sent a Section 702 directive) and instruct USA-ISP Company to provide the government all communications to or from email address johntarget@usa-ISP.com. The acquisition continues until the government “detasks” johntarget@usa-ISP.com.[44]
PRISM collection is limited to internet communications, does not include telephone collection, and, in the opinion of the PCLOB as reflected in its 2014 Report, “is clearly authorized by the [FAA] statute.”[45]
The second form of collection conducted in the Section 702 Program is termed “Upstream” collection. Only the NSA conducts Upstream collection,[46] and Upstream and PRISM acquisitions differ in several respects. In Upstream collection, the NSA collects both telephone and internet communications and the acquisition is conducted by directives ordering the assistance of those electronic communication service providers that control the telecommunications “backbone” over which both telephone and internet communications transit. The Upstream yield is substantial: for example, in the first six months of 2011, the NSA acquired more than 13.25 million internet transactions (or roughly 9% of its total Section 702 internet communication collection) through its Upstream collection.[47]
The volume is a reflection of the locus of acquisition. The internet is comprised of interconnected networks that allow computers to communicate. A “gateway” functions as the entrance point from one network to another and possesses the digital dexterity to convert internet protocols with different formats. Thus, gateways, which determine the flow of information, are essential features in most routers that otherwise would be limited to networks using similar protocols. “Cable heads” include the computer systems and databases needed for internet access while including cable modem termination systems that allow for the sending and receiving of signals on a cable network. When tasked selectors are used to acquire communications from these elements of the internet infrastructure, the level of content available for collection increases exponentially over what would be available from a single telephone line or a discrete computer address.[48]
Until recently, Upstream internet acquisition included two other features not present in PRISM collection: the acquisition of both “about” communications[49] and multiple communication transactions (MCTs). However, in April 2017, the NSA announced that it would no longer collect “about” communications.[50] This curtailment has removed a feature of the Section 702 program that was both once a source of concern to the FISC and the focus of considerable fire from critics of the Section 702 Program.[51]
Communications transit the internet as packets of data that together may be assembled and understood by a device on the internet and, where applicable, rendered in an intelligible form to the user of that device.[52] The packets forming a particular internet “transaction” may be reassembled as a single discrete communication or as an MCT containing more than one discrete communication within it.[53] Technologically, the NSA’s Upstream Internet collection devices are generally incapable of distinguishing between the individual communications comprising these MCTs, a task rendered more problematic as evolving technology sees internet service providers constantly changing their protocols and services to afford consumers the ability to customize how they use a particular service.[54] In its Upstream internet collection, the NSA specifically uses an Internet Protocol filter designed to at least “limit such acquisitions to internet transactions that originate and/or terminate outside the United States;”[55] but, if one of the communications within an MCT is to or from a tasked selector, and one end of the transaction is foreign, the NSA will acquire the entire MCT. Based on a statistical sample conducted by NSA in connection with proceedings before the FISC in 2011, NSA acquired between 300,000 and 400,000 MCTS where the “active user” (i.e., the actual human being interacting with a server to engage in an Internet transaction) was the target of the surveillance.[56]
Under NSA’s current minimization procedures, if a communication contained within an MCT is determined to be a domestic communication, the entire MCT will be destroyed unless the NSA’s Director (or Acting Director) specifically determines, on a communication-by-communication basis, that the sender or intended recipient was properly targeted under Section 702 and that certain specific retention criteria are satisfied.[57]
Use, Retention, and Dissemination
Once a communication is properly acquired pursuant to Section 702, it is processed and retained in multiple NSA systems and data repositories subject to multiple requirements designed to sustain protections for U.S. persons throughout the collection to dissemination process.[58] NSA analysts access Section 702 communications via “queries,” which may be date-bound, and may include alphanumeric strings such as telephone numbers, email addresses, or terms that can be used individually or in combination with one another.[59] NSA analysts with access to Section 702-derived data are trained in proper query construction so that the query “is reasonably likely to return valid foreign intelligence information and minimizes the likelihood of returning non-pertinent U.S. person information.”[60] Analysts conduct, at times, complex queries across large data sets, but in every instance, the queries must be constructed in a manner “reasonably likely to return foreign intelligence information.”[61]
Any use of U.S. person identifiers as terms to identify and select communications must first be approved in accordance with NSA minimization procedures that require a stated justification providing facts demonstrating that the use of the identifier is reasonably likely to return foreign intelligence information.[62] The request is then subject to multiple levels of review before approval to use a U.S. person identifier in a query.[63] The NSA retains records of all U.S. person identifiers approved for use as selection terms, and these records are subject to both internal review and external bimonthly audit by the DoJ’s National Security Division (“DoJ/NSD”) and the Office of the DNI (“ODNI”).[64] Compliance issues regarding the use of U.S. person identifiers must be reported to the FISC and to Congress.[65]
The NSA’s Minimization Procedures require that any communication determined to be clearly not relevant to the purpose of the acquisition or clearly not evidence of a crime be destroyed at the earliest practical time, and that under no circumstances will any communication of or concerning a U.S. person be retained for a period of more than five years.[66] As noted above, except in very limited circumstances, domestic communications (i.e., any communication lacking at least one communicant who is outside the United States) are destroyed upon recognition.[67] Even foreign communications of or concerning a U.S. person may be retained, used, and disseminated only for limited purposes specifically detailed in the NSA’s minimization procedures that must be approved by the FISC.[68]
Special retention rules govern MCTs acquired through the Upstream internet collection. No MCT acquired after March 18, 2017 may be retained unless at least one discrete communication within the MCT meets the NSA’s retention standards, and any MCT failing to meet the retention standards and containing communications of or concerning a U.S. person must be destroyed on recognition.[69]
Other than as noted above, unminimized Section 702-acquired data must be aged off NSA systems no later than five years after the expiration of the Section 702 certification under which it was acquired; however, internet transactions acquired through NSA’s Upstream collection techniques may not be retained longer than two years after the expiration of the Section 702 certification under which it was acquired unless at least one discrete communication meets the retention standards (i.e., is a foreign communication containing foreign intelligence information).[70]
The NSA only generates signals intelligence reports when the reported information meets a specific intelligence requirement, regardless of whether the proposed report contains U.S. person information. Dissemination of information about U.S. persons in any NSA foreign intelligence report is expressly prohibited unless that information is necessary to understand foreign intelligence information, assess the importance of that information, contains evidence of a crime, or indicates an imminent threat of serious harm to life or property.[71] Where dissemination is permitted, the identity of the U.S. person is “masked” and a generic term, such as “U.S. person,” is substituted along with suppression of details that could lead to such person being successfully identified by the context.[72] “Unmasking” of the U.S. person is permitted only where specific criteria are satisfied, where additional controls are in place to preclude further dissemination, and additional approval has been provided by one of seven designated positions at NSA.[73]
Oversight
Every feature of the Section 702 Program is subject to a plethora of oversight regimens and reporting requirements. The oversight begins internally at the NSA where the Director of Compliance, the Director of Civil Liberties and Privacy, the Inspector General, the General Counsel, and embedded compliance elements within the NSA’s operational directorates join in an enterprise-wide compliance structure.[74] Any compliance incidents, whether in the form of inappropriate queries, database errors, or typographical mistakes are reported to DoJ/NSD and the ODNI.[75]
Additionally, as required by statute,[76] the NSA completes and delivers to the congressional intelligence and judiciary committees an annual review of the Section 702 Program detailing: (i) an accounting of the number of intelligence reports containing reference to a U.S. person identity; (ii) an accounting of the number of U.S. person identities subsequently disseminated in response to identity requests relating to intelligence reports where the identity was initially masked; (iii) the number of targets that were later determined to be in the United States; and, (iv) a description of any procedure developed by NSA and approved by the DNI to assess, consistent with privacy rights and with national security and operational needs, the extent to which acquisitions authorized under the Section 702 Program acquire the communications of U.S. persons.[77]
As noted earlier, the NSA is required to document on “tasking sheets” every targeting decision made under its targeting procedures, and DoJ/NSD conducts post-tasking review of every tasking sheet furnished by the NSA.[78] Additionally, DoJ/NSD and ODNI conduct bi-monthly reviews of the NSA’s application of its minimization procedures focusing particularly on dissemination and queries using U.S. person identifiers.[79] The results of these targeting and minimization reviews are reported to Congress both in the NSA’s annual review[80] and in the Joint Assessments that also are furnished to the FISC.[81]
All of the foregoing represents an ongoing compliance scheme documented in a recurring series of detailed reporting requirements. Aside from this oversight regimen, after an independent, exhaustive and comprehensive review conducted pursuant to both presidential and bipartisan congressional requests, the PCLOB concluded that “the Board has seen no trace of any such illegitimate activity associated with the [Section 702] program, or any attempt to intentionally circumvent its limits.”[82] Correspondingly, fifteen separate Joint Assessments have concluded there have been no incidents of intentional circumvention of or violation of the procedures or guidelines governing the Section 702 Program.[83]
A Statistical Snapshot of Section 702 Activity
Having examined how Section 702 collection authority is practiced (largely by the NSA), some statistical data helps illustrate the quantitative scope of that application which, in turn, may offer an order of magnitude from which to evaluate the criticism of the Program leveled by its detractors.[84]
Much of the numerical data associated with the Section 702 Program remains classified, but some range of its scope can be gauged from a FISC opinion authored by Judge John Bates in October 2011 and subsequently released in redacted form.[85] In his October 2011 opinion, Judge Bates estimated that NSA acquires more than 250 million communications each year pursuant to Section 702.[86] Roughly 91% of this collection was PRISM collection, while the remaining 9% constituted acquisitions from the NSA’s Upstream collection.[87] In 2011, roughly 60% of this Upstream collection represented MCTs with the remaining 40% constituting discrete (i.e., single) communication transactions (“SCTs”).[88]
Although constituting a statistically smaller part of the overall collection, the Upstream program in 2011 was still acquiring more than 26 million internet transactions per year.[89] These included both SCTs and MCTs. As discussed earlier, MCTs include multiple discrete communications in a single transaction and, in 2011, the NSA was collecting 300,000-400,000 MCTs per year where the active user was the user of the tasked facility. Moreover, according to Judge Bates, the NSA’s Upstream collection resulted in the acquisition of “tens of thousands of wholly domestic communications.”[90]
More recently, in accordance with certain requirements imposed by the USA Freedom Act,[91] the ODNI released its Annual Statistical Transparency Report. While the report does not provide the sort of collection numbers cited by Judge Bates in his October 2011 FISC opinion, it furnished the following data regarding the number of Section 702 targets authorized pursuant to orders issued by the FISC following review of Section 702 certifications:[92]
Moreover, reflecting the continuing expansion in telecommunication connectivity, as of November 2016, Section 702 taskings were reported to have steadily increased in all but two of the fifteen reporting periods covered by the semiannual joint assessments provided to Congress by the Attorney General and the Director of National Intelligence, including a 14% increase in new taskings during the reporting period covered by the November 2016 Joint Assessment.[93] Corresponding with the rise in targeting and tasking, the use of U.S. person identifiers increased with the ODNI Transparency Report showing that, in CY 2016, an estimated 5,288 search terms concerning a known U.S. person were used to retrieve unminimized contents of communications acquired under Section 702, as compared to 4,672 such uses in CY 2015.[94]
While these figures are insufficient to fully portray the scope of the Section 702 Program or assess its impact with any great degree of specificity, they do furnish some quantitative order of magnitude regarding its operation.
The Legality of Section 702
From its statutory construct to its practical application, the Section 702 Program represents a carefully configured national intelligence undertaking that is demonstrably critical to national security. In 2012, when the provisions of the FAA were last extended, the Attorney General and the Director of National Intelligence informed Congress that Section 702 collection produced “significant intelligence that is vital to protect the nation against international terrorism and other threats” while urging its reauthorization as “the top legislative priority of the Intelligence Community.”[95] Recently, the Attorney General and the Director of National Intelligence again informed the Congress that the importance of the intelligence derived from the Section 702 Program made the renewal of Section 702 their “top legislative priority” for 2017.[96] But, is the Program constitutional? Despite a chorus of opposition, principally from civil liberties organizations, the answer is “yes.”
Although Section 702 has been the focus of extensive examination by Congress both at the time of its initial enactment in 2008 and when first reauthorized in 2012, many opponents seeking to abolish or materially eviscerate its present form insist that minor tweaking is futile because Section 702 as currently configured violates the Fourth Amendment, and perhaps the First Amendment,[97] and, as such, is constitutionally infirm.
The Fourth Amendment challenge is the one most frequently expressed and has been addressed by the FISC, the FISCR, several U.S. district courts, and was a particular focus of the PCLOB. Only infrequently has the constitutionality of Section 702 been contested by a person demonstrably affected by the Section 702 Program;[98] instead, opposition is generally expressed as a facial challenge to Section 702, an approach that carries a heavy burden of persuasion since it requires a showing that there is no application of the statute that can pass constitutional muster.[99] Thus, a facial challenge to Section 702 is demonstrably futile since, in its pristine statutory form authorizing the acquisition of communications of non-U.S. persons located outside the United States to acquire foreign intelligence, Section 702 is unquestionably a constitutionally valid exercise of congressional power. Every court to have considered the question has so ruled.
Nonetheless, considering the constitutionality of the Section 702 Program poses some uniquely challenging questions precisely because, as the PCLOB recognized, it is a complex surveillance program – “one that entails many separate decisions to monitor large numbers of individuals, resulting in the annual collection of hundreds of millions of communications.”[100] Moreover, the analysis is further snarled because the only constitutional interests at stake are not those actually targeted for surveillance—as foreigners located outside the United States they lack any Fourth Amendment rights[101]—the constitutional issue arises for those U.S. persons who, although not targeted, have their communications incidentally acquired. Properly expressed, then, the question is whether the Section 702 Program, as it is conducted, runs afoul of the Fourth Amendment.
Because it is large scale programmatic surveillance, the operation of the Section 702 Program captures telephone and internet communications of U.S. persons in three ways,[102] and any Fourth Amendment analysis must take into account the cumulative impact of these privacy intrusions and, ultimately, balance those intrusions against the limitations and protections built into the Program that mitigate them.
Since Section 702 acquisitions are collected without a warrant, they are warrantless seizures. But not every seizure requires a warrant to be valid under the Fourth Amendment. In In re Directives [Redacted] Pursuant to Section 105B of the Foreign Intelligence Surveillance Act[103], the FISCR examined the question of whether a warrant was required for Section 702-type surveillance[104] in a setting where, as the court observed, “[t]he recurrent theme permeating the [electronic communication service provider’s] arguments is the notion that there is no foreign intelligence exception to the Fourth Amendment’s Warrant Clause.”[105] Conceding that the Supreme Court has not explicitly recognized such an exception[106], the court proceeded to address the issue directly and determined that “this type of foreign intelligence surveillance possesses characteristics that qualify it for such an exception” given the “particularly intense” governmental interest in protecting national security.[107]
This makes perfect sense and, in the context of Section 702 surveillance, the warrant requirement is particularly inapposite. As an initial matter, since the targets of the surveillance are foreigners located abroad who have no Fourth Amendment rights, there is no one as to whom a warrant is required with respect to the acquisition of the communications. But, critics contend, U.S. person communications are inevitably collected, given the broad acquisition parameters of the Program, and, once those communications are identified, particularly through the querying of the data base, the warrant requirement should apply.
However, the Supreme Court has long excused compliance with the Warrant Clause in so-called “special needs” cases where the purpose behind the government action goes beyond traditional law enforcement and insisting upon a warrant would materially interfere with the accomplishment of that purpose.[108] The Section 702 Program is a paradigm for such treatment given that “there is a high degree of probability that requiring a warrant would hinder the government’s ability to collect time-sensitive information and, thus, would impede the vital national security interests at stake.”[109]
It bears repeating that Section 702 is programmatic surveillance, and any analysis must treat the program holistically without isolation of discrete events in a complex collection undertaking where detailed rules govern the acquisition, retention, use, and dissemination of communications.[110] Where, as here, the initial acquisition is lawfully collected from a target who is a non-U.S. person located abroad with no Fourth Amendment rights, the additional acquisition of U.S. person communications, no matter how predictable or on what scale, is “incidental” collection that does not require a separate warrant.[111]
But, as the PCLOB noted, the absence of a warrant requirement does not end the inquiry since the ultimate measure of the constitutionality of any search is “reasonableness.”[112] “Reasonableness” balances the nature and extent of the intrusion upon an individual’s privacy against the intrusion needed to promote legitimate governmental interests.[113] It is a fluid, untethered, standard and, ultimately, is resolved by examining the totality of the circumstances regarding these competing interests.[114]
The Section 702 Program advances some of the government’s most compelling interests: the protection of national security and the combating of terrorism.[115] Terrorism directed at the homeland, if not ranking as the nation’s foremost national security concern, is certainly among its most critical security threats. And the danger of terrorism has not abated since September 11; post-9/11, there have been 19 successful terrorist plots in the United States that killed or wounded individuals included among a total of 333 terrorist plots involving 649 individuals, as of January 31, 2017.[116] Since September 12, 2001, there have been 200 plots in the U.S. linked to Sunni radical Islamic doctrine, and another 133 plots such plots located outside the U.S.[117] Reporting based upon Section 702 Program collection serves as the predominant intelligence source used to detect, monitor, and disrupt this continuing terrorist threat. All of this data serves to empirically confirm the observation of the President’s Review Group on Intelligence and Communications Technologies which, with respect to Section 702, observed: “we are persuaded that section 702 does in fact play an important role in the nation’s effort to prevent terrorist attacks across the globe.”[118] As numerous courts have observed, the Section 702 Program fulfills this role by furnishing critical information used by the government in performing its most important national function.[119]
It bears noting that the executive branch conducts the Section 702 Program under statutory guidance enacted by Congress, after extended review and debate, that incorporates a role for the judiciary in ensuring compliance with statutory and constitutional limits. Assembled as it is, Section 702 embodies the full federal authority.[120] It does so by targeting non-U.S. persons abroad (who have no Fourth Amendment rights) to acquire foreign intelligence information. U.S. person communications are only acquired incident to the underlying surveillance of the foreign target.
Admittedly, the intrusion represented by this “incidental” acquisition of these U.S. person communications is neither minimal nor unanticipated. Literally millions of telephone and internet communications are acquired by NSA’s PRISM and Upstream collection, and this intrusion represents the countervailing consideration weighed against the national security interest in assessing the reasonableness of the Program. However, while every person has a privacy interest in his or her telephone and email communications, the “third party” doctrine recognizes that this privacy interest decreases when such person reveals information to a third party, even in confidence.[121] The “third party” doctrine applies here: each U.S. person communicant’s expectation of privacy diminished upon the sending of the email or upon speaking to the non-U.S. person target telephonically. This is not to suggest that the expectation of privacy evaporates, but it diminishes, and that diminution is material when balanced against the compelling governmental interest in acquiring foreign intelligence through Section 702 acquisitions.[122]
To be precise, then, the Fourth Amendment intrusion here takes the form of incidental acquisition of those communications of U.S. persons to or from foreigners located abroad who use communication selectors that, because of the reasonable likelihood that those communication selectors are used to transmit foreign intelligence information satisfying one or more criteria contained within a Section 702 certification approved by the FISC, have been properly targeted for collection pursuant to targeting procedures that also have been reviewed and approved by the FISC. Subsequent retention, use, and dissemination of any information derived from these incidentally collected communications is governed by minimization procedures also reviewed and approved by the FISC. Thus, the universe of communications triggering the balancing of interests required by the Fourth Amendment’s reasonableness analysis consists of those to or from that subset of U.S. persons communicating with foreigners located abroad whose activities have satisfied the targeting requirements of the Section 702 Program. Section 702 collection is NOT blanket surveillance devoid of any discriminants; the collection is the product of authorized acquisitions pursuant to specifically tailored collection criteria.
Apart from these considerations that properly define the scope of collection implicating Fourth Amendment considerations, any reasonableness inquiry must also consider the multitude of safeguards and procedures employed by the government in conducting the Section 702 Program. As noted earlier, the targeting procedures mandated by the FAA ensure that Section 702 collection is properly undertaken to acquire foreign intelligence and is directed at non-U.S. persons located abroad. Correspondingly, the required minimization procedures protect against the disclosure of non-public information contained in any incidentally acquired U.S. person communications consistent with the government’s need to obtain, produce, and disseminate foreign intelligence. These procedures are rigorously enforced and extensive oversight, both internal and external, is undertaken at every level of the Program by multiple elements of the executive branch which, in turn, report to Congress at mandated intervals.[123] Multiple courts, and the PCLOB, have concluded that these procedures factor into the totality of the circumstances and contribute to the conclusion that the Section 702 Program, as applied, is reasonable under the Fourth Amendment.[124]
The PCLOB concluded that “the core of this [P]rogram—acquiring the communications of specifically targeted foreign persons who are located outside the United States, upon a belief that those persons are likely to communicate foreign intelligence, using specific communications identifiers, subject to FISA court-approved targeting rules that have proven to be accurate in targeting persons outside the United States, and subject to multiple layers of rigorous oversight — fits within the totality of the circumstances test for reasonableness as it has been defined by the courts to date.”[125]
Echoing the PCLOB, the FISC observed in its most recent review of Section 702 certifications that “the controlling norms are ones of reasonableness, not perfection” and those norms are applied “to the program as a whole, not of individual actions in isolation.”[126] It follows that, viewed prudently and objectively in the context of balancing the Program in its entirety against the specific Fourth Amendment intrusion its activities precipitate, the incidental acquisition of U.S. person communications collected as part of lawful surveillance conducted pursuant to the requirements and standards of Section 702 is reasonable under the Fourth Amendment.
Policy Considerations
Accepting that the Program, as a whole, meets the reasonableness standard required by the Fourth Amendment, the critical importance of the Section 702 Program to the nation’s security should warrant its reauthorization without any neutering by Congress. Critics, however, importune for changes that, aside from the overriding constitutional issue, largely focus on the following items. There is no compelling case to be made that Section 702 should be weakened to accommodate any of these proposals.
The Back Door Search
This topic raises the Fourth Amendment issue in a slightly different context from the initial collection. Many critics have suggested that the constitutional infirmity in the Section 702 Program, if not found in the initial collection, arises in the subsequent uses of the acquired data.[127] Particularly, critics argue that querying unminimized Section 702 data that includes incidentally acquired U.S. person communications should be construed as a separate search requiring probable cause and the issuance of a warrant, especially if that querying employs the use of U.S. person identifiers as selection terms.
One response to this criticism is found in the conclusions reached by the courts in both U.S. v. Muhtorov and U.S. v. Mohamud; i.e., that accessing the data legally acquired pursuant to Section 702 using the FISC-approved minimization procedures is not a separate search for Fourth Amendment purposes.[128] Indeed, no court that has considered the question has concluded that a search of Section 702 data acquired in connection with a lawful Section 702 acquisition requires a warrant or showing of probable cause in connection with any subsequent querying of that data so long as the collection of foreign intelligence was a significant purpose of the initial acquisition.[129] This finding reflects, at least in part, a judicial recognition that, since FISA was originally enacted in 1978, Congress has specifically contemplated that information acquired pursuant to lawful FISA surveillances may be used both for foreign intelligence and for law enforcement purposes.[130] From the initial passage of FISA in 1978, for example, Congress defined “agent of a foreign power” by reference to conduct that violates U.S. criminal law[131] reflecting an understanding that counterintelligence operations in particular often embrace both law enforcement and foreign intelligence features and interests.
On the other hand, the reasonableness of Section 702 collection is principally predicated upon the foreign intelligence aspect of the surveillance. The question is whether foreign intelligence need only be a significant purpose in the acquisition of the communication, or need continue as a significant purpose as the communication or any information derived therefrom is retained, used, and disseminated? Muhtorov and Mohamud suggest that such a continuum is not required, so long as foreign intelligence information was a significant purpose of the initial acquisition, as required by the statute,[132] although the court in Mohamud described it as “a very close question.”[133]
Conversely, the PCLOB felt that a holistic view of the Program required that the foreign intelligence focus be carried beyond whether communications were “lawfully acquired” (i.e., beyond acquisition) to consideration of whether that focus is maintained in the retention, use, and dissemination of the communication or any information derived therefrom.[134] Not surprisingly given its mission, the PCLOB’s viewpoint inclines towards privacy concerns but simply because a suggested practice might better protect privacy does not mean the Fourth Amendment requires it. At the NSA, where the focus is entirely on the collection of foreign intelligence information, the queries of the Section 702 database must be limited to selection terms “reasonably likely to return foreign intelligence information.”[135] There is no “back door” searching performed for law enforcement purposes.
While the FBI’s minimization procedures permit such querying, the FISC has consistently ruled that those minimization procedures meet Fourth Amendment standards of reasonableness.[136] More to the point, in the context of the debate on congressional reauthorization, Congress was fully aware of the “back door” search issue when the extension of the FAA was debated in 2012. Efforts to amend the legislation to address this issue failed, and the FAA was extended by sizable majorities in both houses of Congress.[137] Nothing that has transpired since that 2012 extension in terms of either law or policy warrants any significant change to the statute in response to this “back door” search issue.
The “Significant Purpose” Test
Another modification sought by opponents to Section 702 is a call for Congress to require that the collection of foreign intelligence information be the “primary purpose” of a Section 702 surveillance. Actually, the call is usually for Congress to “return” to a “primary purpose” standard when, in fact, Congress has never required that the collection of foreign intelligence information be the “primary” purpose of a surveillance under FISA or the FAA.
The “primary” modifier was judicially supplied in a case that was initiated before the original FISA bill ever became law.[138] Subsequently, the FISCR observed that, in the Patriot Act, a statutory predecessor of Section 702, Congress had statutorily required that the acquisition of foreign intelligence constitute “a significant purpose” of the surveillance.[139] As the court explained, the “significant purpose” standard properly delineated the congruence that often exists, particularly in counterintelligence investigations, between the government’s foreign intelligence and law enforcement interests.[140] In the FISCR’s words, insisting that foreign intelligence represent a “primary purpose” of a surveillance rests on a false premise producing a demarcation that is “inherently unstable, unrealistic, and confusing.”[141] This is a view that Congress would be well to remember as critics call for grafting the old “primary purpose” approach into a renewal of Section 702. The recollection should not be difficult given the extended congressional debate surrounding the decision to incorporate “significant” as the appropriate modifier for “purpose” in the Patriot Act.[142] Altering this statutory language would presumably inject the FISC into the inherently unstable business of speculatively assessing the origins and progress of an investigation to pinpoint when it has morphed in focus from being “primarily” directed towards the acquisition of foreign intelligence information and, instead, has wandered into the arena of law enforcement. This analysis is unnecessarily treacherous for any court venturing into the esoteric world of foreign intelligence, counterintelligence and counterterrorism.
Pretending that such a bright line can, or should, be judicially discerned is particularly unrealistic in counterintelligence investigations where foreign intelligence and potential prosecution interests often proceed in tandem.[143] To have the purpose (and, correspondingly, the legality) of a Section 702 surveillance determined by judicial guesswork instead of relying upon the articulation of national security professionals as expressed in the Section 702 certification statutorily required by Congress would substitute judicial uncertainty and unfamiliarity for experience and professionally-informed judgment while hampering exactly the sort of cooperation and shared objectives essential to effective counterintelligence work.[144]
Congress should reject any effort to alter the “significant purpose” standard currently incorporated into Section 702.
Unconstitutionality Presented as a First Amendment Challenge
While one constitutional debate might seem enough, the claim that First Amendment rights also are infringed by Section 702, as alleged in Wikimedia Foundation v. National Security Agency,[145] is deserving of comment. Wikimedia asserts that at least some of its communications have been intercepted, copied, and reviewed by NSA as part of the Section 702 Program and that, in violation of its First Amendment rights, Wikimedia now self-censors its international communications or forgoes electronic communications altogether.[146]
Generally speaking, the analysis of First Amendment rights alleged to be chilled by governmental surveillance follows Fourth Amendment precepts but, when the First Amendment is invoked, courts are told to apply these standards “with scrupulous exactitude.”[147] Adding the requisite exactitude produces no different result; thus, the extended Fourth Amendment discussion presented above also serves to resolve this issue.[148]
This is not only legally sound reasoning; it is logically sound practice. In the Wikimedia case, for example, the challenge is that Section 702 collection “chills” the exercise of the plaintiffs’ First Amendment rights because their “sources” will hesitate to communicate if they believe that NSA is collecting their communications. Setting aside the subjective concerns of these “sources,” objectively, such collection is possible only if the “sources” fill another role, i.e., “targets” properly identified through the application of NSA’s targeting procedures pursuant to an appropriate FISC-approved certification. To be targets, such “sources” are necessarily foreigners reasonably believed to be located abroad who, the government attests, will use the tasked selectors to transmit or receive foreign intelligence information necessary to the national security of the U.S. or the conduct of the nation’s foreign affairs.
The First Amendment cannot be read to immunize legitimate foreign intelligence targets from Section 702 surveillance simply because Wikimedia views them as “sources.” No court has sustained such a perverse outcome which would essentially subordinate the conduct of U.S. foreign intelligence operations to the news gathering decisions made by Wikimedia and other media entities. As noted above, Wikimedia’s First Amendment claims are properly resolved by reference to Fourth Amendment standards—and the Section 702 Program has been repeatedly approved as consistent with those standards.
No Restrictive Definition for “Facility”
Some critics have argued that Section 702 collection should be corralled by Congress creating a precise and limited definition of the term “facility,” and thereby precluding NSA’s interpreting that term to cover the gateways and cable heads forming part of the internet “backbone.”[149] According to these critics, “facility” had traditionally been understood to represent a single telephone number or email address, and NSA’s reading impermissibly expands the scope of collection beyond anything intended by Congress.
The problem with this approach is that it runs counter to the underlying purposes Congress sought to advance in creating the FAA. When Congress enacted FISA in 1978, the opening section of the statute defined fifteen terms, but “facility” was left undefined.[150] When the FAA was passed in 2008, Congress defined five additional terms, but left “facility” undefined.[151] This seems less inadvertent and more deliberate considering that the FAA was enacted by Congress to adapt FISA to changes in technology and the structure of international communications that had occurred since FISA’s initial passage in 1978.[152] Knowing this, the more plausible interpretation of the absence of any definition for “facility” in the FISA statutes is that Congress has sought to ensure that the term retains the flexibility needed to assure that U.S. intelligence-gathering stays abreast of evolving technology. To now incorporate a restrictive definition for “facility” into any FISA renewal only serves to curtail this desired flexibility and stifle future adaptation in the face of technological evolution.
Should Compliance Issues Sink Section 702?
In a single word: No. This quintessentially tosses the baby out with the bath water. Concededly, there have been occasions where the arcane procedures in this complex programmatic undertaking have been violated. We know this because those instances have been self-reported as required by the rigorous oversight processes that regulate the Section 702 Program.[153] It would be absurd to assume that a program as intricate and highly regulated as this one would function without such mistakes since, despite its technological sophistication, many of its essential functions are conducted by humans subject to human error. Significantly, however, multiple oversight and reviewing authorities are unanimous in reaching the conclusion that, as the PCLOB determined, there has been “no evidence of intentional abuse” nor “any attempt to intentionally circumvent legal limits.”[154] As recently disclosed by the ODNI in connection with its release of the 13th, 14th, and 15th “Joint Assessments of Compliance with Procedures and Guidelines Issued Pursuant to Section 702 of the Foreign Intelligence Surveillance Act,” no instance of intentional circumvention or violation of the procedures or guidelines has ever been found.[155]
Continued training, careful oversight, and proper remediation are the keys to improving the execution of the Section 702 Program, but past mistakes furnish no basis to materially alter the current statutory and regulatory structure. If Congress has compliance concerns regarding the Program’s implementation, a more prudent remedy would require that Section 702 training activities be included in the executive branch’s reporting requirements and mandate independent review of those training activities where any deficiencies are revealed.
Conclusion
In an age of asymmetric conflict precipitated by unconventional threats perpetrated through anonymous actors, it has never been more vital to equip the Intelligence Community with the best tools available consistent with the constitutional protections assured all citizens. Section 702 is such a tool; a Program of such expanding importance that more than 25% of NSA’s counterterrorism reporting draws on Section 702 collection.[156] Described as the “crown jewel” of the Intelligence Community’s surveillance authorities,[157] with an established history of protecting against terrorism,[158] the Attorney General and the DNI jointly have written to Congress identifying the reauthorization of Section 702 as their “top legislative priority” and requesting that Congress “promptly reauthorize, in clean and permanent form,” Section 702 of FISA.[159] The Congress absolutely should renew Section 702 without any material change in the statutory scheme that might neuter this extraordinarily vital contributor to the nation’s security.
Read Lawrence Husick’s critique here
Read George Croner’s critique response here
[1] Officially titled the “Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008” and referred to in this paper as the “FISA Amendments Act” or the “FAA.”
[2] Memorandum Opinion [Caption Redacted], [Docket No. Redacted], 2011 WL 10945618, at *10 (FISC October 3, 2011) (“Bates October 2011 Op., 2011 WL 10945618, at __”).
[3] Privacy and Civil Liberties Oversight Board, Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (hereafter, the “PCLOB Report”), July 2, 2014, at 10.
[4] See, e.g., Laura K. Donohue, “The Case for Reforming Section 702 of U.S. Foreign Intelligence Surveillance Law,” Council on Foreign Relations, June 26, 2017 (“Section 702 violates citizens’ rights, creates a situation ripe for abuse, and undermines the balance of power between the branches of government.”).
[5] Title III of the Omnibus Crime Control and Safe Streets Act governing the use of electronic surveillance is contained at 18 U.S.C. §§ 2510-2520.
[6] 407 U.S. 297 (1972)
[7] Id. at 321-322.
[8] Officially, the “Pike Committee” was the colloquial name for the House Permanent Select Committee on Intelligence and the “Church Committee” was the Senate Select Committee to Study Governmental Operations with Respect to Intelligence Activities.
[9] Project Shamrock had NSA receiving daily access to copies of all incoming, outgoing, and transiting international telegrams via Western Union, RCA and ITT. Project Minaret involved the creation of ‘watch lists’ with NSA collecting the electronic communications of those persons contained on the ‘watch lists.’ Neither Shamrock nor Minaret was conducted with any sort of warrant or judicial oversight.
[10] 50 U.S.C. §§ 1801, et. seq.
[11] All of the exceptions relate to the conduct of electronic surveillance in connection with law enforcement which is the subject of chapters 119, 121, and 206 of Title 18, U.S. Code.
[12] 50 U.S.C. § 1812.
[13] 50 U.S.C. § 1801(f).
[14] FISA created the Foreign Intelligence Surveillance Court (“FISC”) and Foreign Intelligence Surveillance Court of Review (“FISCR”) as part of its statutory scheme. The FISC consisted of 7 (later expanded to 11) judges drawn from the federal district courts and appointed by the Chief Justice of the U.S. Supreme Court. 50 U.S.C. § 1803(a). The FISCR is staffed by three judges drawn from the federal district courts or courts of appeals, and also appointed by the Chief Justice. 50 U.S.C. § 1803(b).
[15] FISA’s minimization requirements are codified at 50 U.S.C. § 1801(h).
[16] Hearing on the Protect America Act of 2007 before the House Permanent Select Committee on Intelligence, September 20, 2007 (Statement of J. Michael McConnell, Director of National Intelligence, at 5-6).
[17] Id.
[18] See Senate Report No. 110-209, at 5 (2007) (stating that “the DNI informed Congress that the decision … had led to degraded capabilities.”).
[19] Id.
[20] The foregoing description of the events leading to the passage of the Protect America Act of 2007 is largely drawn from the recounting provided by the PCLOB in its 2014 report on the Section 702 Program. See PCLOB Report at 18-19.
[21] FISA Amendments Act of 2008, Pub.L. No. 110-261 (2008), codified at 50 U.S.C. §§ 1881-1885.
[22] FISA Amendments Reauthorization Act of 2012, Pub. L. No. 112-238 (2012).
[23] 50 U.S.C. § 1881a(a).
[24] 50 U.S.C. § 1881a(b)(5).
[25] Because NSA and the FBI are the only agencies authorized to engage in targeting to acquire communications pursuant to Section 702, these are the only agencies with targeting procedures. However, given that NSA is the only agency authorized to initiate Section 702 collection and that FBI targeting procedures are applied only to certain selectors that NSA already has determined as appropriate for targeting under NSA’s targeting procedures, this paper focuses on NSA’s targeting and minimization procedures in its discussion of the Section 702 Program. See PCLOB Report at 42 (“only the NSA may initiate Section 702 collection”).
[26] 50 U.S.C.§ 1881a(g)(2)(A).
[27] See, e.g., Memorandum Opinion and Order, [Caption Redacted], [Docket No. Redacted], (FISC April 26, 2017) (Collyer, J.) at https://icontherecord.tumblr.com (approving certification, targeting procedures and minimization procedures).
[28] “Electronic communication service provider” is defined in the FAA, and includes, by reference to other definitions found in the U.S. Code, a telecommunications carrier, a provider of electronic communication service, a provider of remote computing service, and “any other communication service provider who has access to wire or electronic communications either as such communications are transmitted or as such communications are stored.” 50 U.S.C. § 1881(b)(4).
As noted earlier, one of the hurdles to passage of the FAA had been the issue of immunity for electronic communication service providers that had provided services to the government in connection with the TSP and subsequently had been sued for such participation. Congress granted retroactive immunity to these providers and, prospectively, provided: (1) that electronic communication service providers furnishing information, facilities, or assistance in accordance with [a Section 702 directive] would be compensated at prevailing rates; and (2) that “no cause of action shall lie in any court against any electronic communication service provider for providing any information, facilities, or assistance in accordance with a [Section 702 directive].” 50 U.S.C. § 1881a(h)(1-3).
[29] The FAA permits an electronic communication service provider to petition the FISC to modify or set aside the directive ordering its assistance. 50 U.S.C. § 1881a(h)(4). If the FISC does not provide the requested relief, the electronic communication service provider may appeal to the FISCR and, ultimately, seek certiorari review by the U.S. Supreme Court. See, e.g., In re Directives Pursuant to Section 105B of the Foreign Intelligence Surveillance Act, 551 F.3d 1004 (FISCR 2008) (FISCR rejects provider’s challenge that the directed assistance violated customers’ Fourth Amendment rights).
[30] NSA Director of Civil Liberties and Privacy Office, “NSA’s Implementation of Foreign Intelligence Surveillance Act Section 702” (“DCLPO Report”) (April 16, 2014) at 2-3, 5; PCLOB Report at 21, 32.
[31] See PCLOB Report at 43 (“The government has stated that in making this foreignness determination the NSA targeting procedures inherently impose a requirement that analysts conduct ‘due diligence’ in identifying these relevant circumstances.”).
[32] DCLPO Report at 4. See PCLOB Report at 44 (“The government has stated, and the Board’s review has confirmed, that this is not a’51% to 49%’ test.”). See also Procedures Used by the National Security Agency for Targeting Non-United States Persons Reasonably Believed to be Located Outside the United States to Acquire Foreign Intelligence Information Pursuant to Section 702 of the Foreign Intelligence Surveillance Act of 1978, as Amended (“2016 NSA Targeting Procedures”) at 1-2 (“NSA may use information from any one or a combination of these categories of information in evaluating the totality of the circumstances to determine that the potential target is located outside the United States.”).
[33] PCLOB Report at 45; DCLPO Report at 4-5.
[34] PCLOB Report at 45.
[35] PCLOB Report at 44.
[36] Id.
[37] 2016 NSA Targeting Procedures at 7-9; DCLPO Report at 4.
[38] 2016 NSA Targeting Procedures at 4; DCLPO Report at 4.
[39] DCLPO Report at 4-5.
[40] NSA now refers to PRISM collection as “Downstream” collection. NSA/CSS Press Statement, NSA Stops Certain Section 702 “Upstream” Activities, April 28, 2017. For ease of reference, this paper uses the PRISM descriptor historically applied to this form of Section 702 collection.
[41] DCLPO Report at 5; PCLOB Report at 33-34.
[42] PCLOB Report at 7, 33-34.
[43] Id. citing Bates October 2011 Op., 2011 WL 10945618, at *25 and n. 24.
[44] PCLOB Report at 34.
[45] PCLOB Report at 9.
[46] PCLOB Report at 7.
[47] Bates October 2011 Op., 2011 WL 10945618, at *10, n. 26.
[48] This description of Internet structure draws on that provided in Laura K. Donohue, Section 702 and the Collection of International Telephone and Internet Content, 38 Harv.J.L. & Pub. Pol’y 117, 132 (2015).
[49] In Section 702 parlance, an “about” communication is one that includes the tasked email address in the text or body of an email even though the email is between two persons who are not themselves targets. In the case of “about” communications, acquisition may include communications that are neither to nor from a target but, instead, where a particular selector tasked for collection happens to be included in the communication.
[50] NSA/CSS Press Statement, NSA Stops Certain Section 702 “Upstream” Activities, April 28, 2017.
[51] NSA’s 2016 Minimization Procedures reflect this change in the handling of “about” communications by requiring all such communications acquired prior to March 18, 2017 to be segregated until destroyed and all such communications acquired on or after March 18, 2017 to be “destroyed upon recognition.” Minimization Procedures Used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence Information Pursuant to Section 702 of Foreign Intelligence Surveillance Act of 1978, as Amended (“2016 NSA Minimization Procedures”) at 4.
[52] See Bates October 2011 Op., 2011 WL 10945618, at *9, n. 23 (quoting the government’s characterization of what constitutes an Internet transaction).
[53] 2016 NSA Minimization Procedures at 2.
[54] Bates October 2011 Op., 2011 WL 10945618, at *10; PCLOB Report at 40.
[55] 2016 NSA Targeting Procedures at 2.
[56] PCLOB Report at 40 citing to Bates October 2011 Op., 2011 WL 10945618, at *12.
[57] 2016 NSA Minimization Procedures at 9.
[58] See, e.g., U.S. Signals Intelligence Directive (“USSID”) 18 (titled Legal Compliance and U.S. Persons Minimization Procedures, USSID 18 “prescribes policies and procedures and assigns responsibilities to ensure that the missions and functions of the U.S. SIGINT System are conducted in a manner that safeguards the constitutional rights of U.S. persons.”).
[59] DCLPO Report at 6.
[60] DCLPO Report at 6-7.
[61] 2016 NSA Minimization Procedures at 4.
[62] 2016 NSA Minimization Procedures at 5; DCLPO Report at 7.
[63] Id.
[64] 2016 NSA Minimization Procedures at 5; PCLOB Report at 57.
[65] See FISC Rule of Procedure 13(b) requiring notification of non-compliance (which would include noncompliance with minimization procedures approved by the FISC). See also 50 U.S.C. § 1881a(l)(1) (Attorney General and DNI required to submit semiannual compliance reports to Congress and the FISC).
[66] 2016 NSA Minimization Procedures at 4.
[67] Id. at 9.
[68] 2016 NSA Minimization Procedures at 11-13..
[69] Id. at 5.
[70] 2016 NSA Minimization Procedures at 5.
[71] DCLPO Report at 7; 2016 NSA Minimization Procedures at 10-11.
[72] DCLPO Report at 7; 2016 NSA Minimization Procedures at 12.
[73] DCLPO Report at 7-8; 2016 NSA Minimization Procedures at 12-13.
[74] DCLPO Report at 9.
[75] Id.
[76] 50 U.S.C. § 1881a(l)(3).
[77] 50 U.S.C. § 1881a(l)(3)(A).
[78] PCLOB Report at 70; Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, Submitted by the Attorney General and the Director of National Intelligence, November 2016 (covering the period June 1, 2015 – November 30, 2015) (“November 2016 Joint Assessment”) at 7.
[79] PCLOB Report at 72; November 2016 Joint Assessment at 8.
[80] 50 U.S.C. § 1881a(l)(3)(A).
[81] 50 U.S.C. § 1881a(l)(1).
[82] PCLOB Report at 11.
[83] Office of the Director of National Intelligence “Fact Sheet” relating to the “Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (FISA) – 13th, 14th and 15th Joint Assessments” at 1 available at www.dni.gov//Overview_Fact_Sheet.
[84] This statistical picture is, admittedly, incomplete since quantification of significant features of the Section 702 Program remains classified.
[85] Certain provisions in The USA Freedom Act, P.L. 114-23 (2015), now provide for release, in certain circumstances, of redacted decisions of the FISC. A mix of other statutory requirements in the USA Freedom Act also requires the DNI to provide certain statistical data on the use of national security authorities like Section 702.
[86] Bates October 2011 Op., 2011 WL 10945618, at *9.
[87] Id.
[88] Id. at *25.
[89] Id. at *10.
[90] Id. at *16.
[91] See, Note 86, above.
[92] Statistical Transparency Report Regarding Use of National Security Authorities for Calendar Year 2016 (“Transparency Report”), Office of the Director of National Intelligence, April 2017 available at www.dni.gov.
[93] November 2016 Joint Assessment at 16-18.
[94] The search term data is not broken down by agency so it is not possible to determine which agency is utilizing search terms concerning U.S. persons, or how frequently. The PCLOB Report indicates that, in 2013, NSA approved 198 U.S. person identifiers to be used as content query terms while CIA conducted approximately 1,900 content queries using U.S. person identifiers. PCLOB Report at 57-58.
[95] Letter from the Attorney General and the Director of National Intelligence to the Speaker of the House of Representatives, the Majority Leader of the Senate, the Democratic Leader of the House of Representatives, and the Republican Leader of the Senate, dated February 8, 2012.
[96] “Jeff Sessions urges Congress to reauthorize FISA ‘promptly’,” Washington Examiner, Sept. 12, 2017
[97] See, e.g., Wikimedia Foundation v. National Security Agency, 857 F.3d 193, 211 (4th Cir. 2017) (reversing dismissal by district court and concluding that Wikimedia has standing to sue for First and Fourth Amendment violations).
[98] See, e.g., U.S. v. Mohamud, 843 F.3d 420, 437-444 (9th Cir. 2016) (9th Circuit rejects constitutional challenge to Section 702 collection finding “search” of emails conducted under Section 702 was reasonable and did not violate the Fourth Amendment); U.S. v. Hasbajrami, 2016 WL 1029500 (E.D.N.Y. March 8, 2016) (Gleeson, J.) (district court rejects constitutional challenge to Section 702 collection of email communications finding Section 702 is supported by a compelling government interest in combating terrorism and that the procedures and safeguards in the Section 702 Program sufficiently protect non-targeted U.S. persons’ privacy interests).
[99] See Wash. State Grange v. Wash. State Repub. Party, 552 U.S. 442, 449 (2008) (a facial challenge to the constitutionality of a statute can only succeed by “‘establish[ing] that no set of circumstances exists under which the Act would be valid,’ i.e., that the law is unconstitutional in all of its applications”).
[100] PCLOB Report at 86.
[101] See U.S. v. Verdugo-Urquidez, 494 U.S. 259, 267 (1990) (Fourth Amendment protections do not “apply to activities of the United States directed against aliens in foreign territory.”).
[102] Acquisition can occur as a result of: (1) a U.S. person communicating by telephone or Internet wth a foreigner located abroad who has been targeted (i.e., “incidental” collection); (2) a U.S. person sends or receives an Internet communication that is embedded within the same transaction as a different communication that meets the criteria for collection (i.e., an MCT); or (3) a U.S. person’s communication is acquired by mistake due to an implementation error or technological malfunction (i.e., “inadvertent” collection). PCLPB Report at 87. The PCLOB’s Report also identifies a fourth category of acquisitions; i.e., the acquisition of “about” communications as part of Upstream collection. Id. As noted earlier, NSA has ceased collection of “about” communications. See n. 50, supra.
[103] 551 F.3d 1004 (FISCR 2008) (“In re Directives”).
[104] The case involved a directive to an electronic communication service provider to assist in surveillance under the provisions of the Protect America Act, predecessor to Section 702. In re Directives, 551 F.3d at 1007-1009. Thus, the type of electronic surveillance at issue substantially mirrored that subsequently enacted by Congress in 50 U.S.C. § 1881a.
[105] Id. at 1010.
[106] This is repetitive dogma for those challenging the constitutionality of Section 702. It is true that the Supreme Court has not explicitly recognized a foreign intelligence exception to the warrant requirement but, as the PCLOB observed, “every court to decide the question recognized such an exception.” PCLOB Report at 90. Accord, e.g., In re Directives, 551 F.3d at 1011; U.S. v. Truong Dinh Hung, 629 F.2d 908, 913 (4th Cir. 1980); U.S. v. Buck, 548 F.2d 871, 875 (9th Cir. 1977); U.S. v. Butenko, 494 F.2d 593, 605 (3rd Cir. 1974); U.S. v. Brown, 484 F.2d 418, 426 (5th Cir. 1973); U.S. v. Mohamud, 2014 WL 2866746, *15-*18 (D. Or. June 24, 2014); Bates October 2011 Op., 2011 WL 10945618, at *24.
Moreover, a careful reading of Clapper v. Amnesty Int’l, USA, 568 U.S. 398 (2013) offers some insightful reading in the tea leaves. As the Court’s majority opinion noted, FISA was legislated “against the backdrop of our [Keith] decision” which “implicitly suggested that a special framework for foreign intelligence might be constitutionally permissible.” Id. at 402-403. Then, even though the case is ultimately decided on standing grounds, Justice Alito, writing for the Court majority, goes through a meticulous discussion of the structure provided by FISA for the conduct of the Section 702 Program, noting that “[s]urveillance under § 1881a is subject to statutory conditions, judicial authorization, congressional supervision, and compliance with the Fourth Amendment.” Id. at 404. Unless one intuits that Justice Gorsuch will view the issues differently than Justice Scalia, who was a member of the Clapper majority, the language and tenor of the Clapper decision is fairly indicative of which way the wind is blowing in terms of how the Supreme Court would rule on the constitutionality of FISA and the Section 702 Program.
[107] In re Directives, 551 F.3d at 1011.
[108] See In re Directives, 551 F.3d at 1010-1011 (citing several “special needs” cases where no warrant was required). Accord U.S. v. Mohamud, 2014 WL 2866749, at *16-*18.
[109] In re Directives, 551. F.3d at 1011.
[110] See Memorandum Op. and Order, Caption [Redacted], Docket No. [Redacted], at 66 (FISC April 26, 2017) (Collyer, J.) available at icontherecord.tumblr.com (FISC writes: “the controlling norms are ones of reasonableness, not perfection” [and those norms are applied] “to the program as a whole, not of individual actions in isolation.”).
It bears distinguishing between Section 702’s programmatic collection and the controversial bulk collection used in acquiring telephone metadata under Section 215 of the Patriot Act. P.L. 107-56, 115 Stat. 272 (2001). Section 702 requires the use of discrete individualized selectors distinguishing its operation from the indiscriminate acquisition that is the hallmark of “bulk” collection.
[111] In re Directives, 551 F.3d at 1015. Accord U.S. v. Mohamud, 843 F.3d at 440-441; U.S. v. Hasbajrami, 2016 WL 1029500, at *9. See, also, U.S. v. Muhtorov, 187 F.Supp.3d 1240, 1256 (D. Colo. 2015) (“Muhtorov”)(rejecting “backdoor search” argument while finding “[a]ccessing stored records in a database legitimately acquired [pursuant to Section 702 surveillance of a foreigner located abroad] is not a search in the context of the Fourth Amendment”).
[112] Vernonia School District v. Acton, 515 U.S. 646, 652 (1995).
[113] Samson v. California, 547 U.S. 843, 848 (2006).
[114] U.S. v. Mohamud, 843 F.3d at 441; In re Directives, 551 F.3d at 1012.
[115] U.S. v. Mohamud, 843 F.3d at 441; In re Directives, 551 F.3d at 1011.
[116] David G. Major, “The Truth About Terrorist Plots in the U.S. Since 9/11,” The Intelligencer, Journal of U.S. Intelligence Studies, Vol. 23, No. 1, at 39-40 (Summer 2017).
[117] Id. See also, President’s Review Group on Intelligence and Communications Technologies, “Liberty and Security in a Changing World,” Report, pp. 144-145, December 12, 2013 (available at: https://obamawhitehouse.archives.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf) (Review Group is briefed on 53 counterterrorism investigations since 2007 that utilized Section 702 information in the prevention of terrorist attacks in diverse nations and the United States.)
[118] President’s Review Group on Intelligence and Communications Technologies, “Liberty and Security in a Changing World,” Report at 145.
[119] See, e.g., In re Directives, 551 F.3d at 1012 (‘the relevant governmental interest – the interest in national security – is of the highest order of magnitude” citing the U.S. Supreme Court’s decision in Haig v. Agee, 453 U.S. 280, 307 (1981)).
[120] With this structure, the operation of the Section 702 Program falls within the first level of authority in the construct of executive and legislative authorities posited by Justice Jackson in Youngstown Sheet & Tube Co. v. Sawyer, 343 U.S. 579, 635-636 (1952).
[121] U.S. v. Mohamud, 843 F.3d at 442; U.S. v. Hasbajrami, 2016 WL 1029500, at *10-*11.
[122] Critics, including the FISC at an earlier time, have considered the privacy intrusion significantly more problematic in the context of acquiring MCTs that might include wholly domestic communications and, more particularly, MCTs that were “about,” but neither “to” nor “from,” a target in NSA’s Upstream collection program. See, e.g., Bates October 2011 Op., 2011 WL 10945618, at *25-*27 (finding collection of MCTs, including those “about” a target, sufficiently likely to result in the acquisition of purely domestic U.S. person communications to conclude that Upstream collection in this manner was unreasonable under the Fourth Amendment); PCLOB Report at 96-97 (expressing concern that collection of MCTs and “about” communications “push the entire program close to the line of constitutional reasonableness”).
Significantly, with respect to this particular issue, NSA, the only intelligence agency conducting Upstream Internet collection in which “about” MCTs are involved, announced in April 2017 that it would no longer acquire “about” communications in connection with its Upstream Internet collection but is now only acquiring Internet communications that are sent directly to or from a foreign target. NSA/CSS Press Statement, NSA Stops Certain Section 702 “Upstream” Activities, April 28, 2017.
[123] See President’s Review Group on Intelligence and Communications Technologies, “Liberty and Security in a Changing World,” Report at136-141 (recounting multiple levels of oversight, review, and reporting applicable to the Section 702 Program).
[124] See, e.g., Memorandum Op. and Order, Caption [Redacted], Docket No. {Redacted], at 6, 26 n. 23 (FISC November 6, 2015 (Hogan J.)) (FISC court approves NSA minimization procedures after amicus curiae counsel, appointed by the FISC specifically to “address whether the minimization procedures … are consistent with the Fourth Amendment,” concludes that “the NSA and CIA minimization procedures are sufficient to ensure that the use of U.S. person identifiers for th[e] purpose of [querying Section 702 acquired information] complies with the statutory requirements of Section 702 and with the Fourth Amendment .”). See also U.S. v. Mohamud, 843 F.3d at 443; In re Directives, 551 F.3d at 1012-1013; U.S. v. Hasbajrami, 2016 WL 1029500, at *11-*13 (all courts considering targeting and minimization procedures used in conjunction with Section 702 surveillance as adequate to protect the privacy interests of U.S. persons with respect to incidentally acquired communications); PCLOB Report at 94 (same).
[125] PCLOB Report at 88.
[126] Memorandum Op. and Order, Caption [Redacted], Docket No. [Redacted], at 66 (FISC April 26, 2017) (Collyer, J.) available at icontherecord.tumblr.com.
[127] William C. Banks, “Responses to 10 Questions,” Journal of the National Security Forum, Vol. 35, No. 5 at 5016 (2009) available at https://open.mitchellhamline.edu
[128] U.S. v. Muhtorov, 187 F.Supp.3d at 1256; U.S. v. Mohamud, 2014 WL 2866749, at *26.
[129] See, e.g., U.S. v. Muhtorov, 187 F.Supp. 3d at 1256; U.S. v. Mohamed 2014 WL 2866749, at *26 (concluding that accessing the data legally acquired pursuant to Section 702 using the FISC-approved minimization procedures is not a separate search for Fourth Amendment purpose).
[130] See, e.g., 50 U.S.C. § 1801(h)(3) (minimization procedures are to “allow for the retention and dissemination of information that is evidence of crime … that is to be retained or disseminated for law enforcement purposes”); 50 U.S.C. § 1808(a)(2)(B) (requiring that Attorney General’s semiannual report to Congress on FISA activities include a description of each criminal case in which FISA-derived information has been authorized for use at trial).
[131] See, e.g., 50 U.S.C. § 1801(b)(2) (“Agent of a foreign power” means – … (2) any person who – ((A) knowingly engages in clandestine intelligence gathering activities for or on behalf of a foreign power, which activities involve or may involve a violation of the criminal statues of the United States ….”).
[132] 50 U.S.C. § 1881a(g)(2)(A)(v).
[133] U.S. v. Mohamud, 2014 WL 2866749, at *26.
[134] PCLOB Report at 95.
[135] 2016 NSA Minimization Procedures at 4.
[136] See, e.g., Memorandum Op. and Order, Caption [Redacted], Docket No. [Redacted], at 26-36 (FISC November 6, 2015 (Hogan J.)) (approving FBI minimization procedures that permit querying Section 702-acquired data to “find and extract” either “foreign intelligence information” or “evidence of a crime” despite objections from amicus curiae appointed by the court).
[137] See Laura K. Donohue, Section 702 and the Collection of International Telephone and Internet Content, 38 Harv.J.L. & Pub. Pol’y 117, 156-157 (2015) (acknowledging that concerns about the “back door” were raised in Congress in the spring of 2012 during debate on the extension of the FAA but that “efforts to amend the legislation failed” and the extension was passed by substantial majorities in both houses of Congress).
[138] U.S. v. Truong Dinh Hung, 629 F.2d 908, 915 (4th Cir. 1980).
[139] See In re Sealed Case, 310 F.3d 717, 732-733 (FISCR 2002) (FISCR notes that Congress was precisely aware of the change made in adding “significant” as a modifier of “purpose” in the statutory language). See also 50 U.S.C. § 1881a(g)(2)(v) (Section 702 certification must attest that “(v) a significant purpose of this acquisition is to obtain foreign intelligence information.).
[140] In re Sealed Case, 310 F.3d at 742-745.
[141] Id. at 743.
[142] Id. at 733.
[143] Id. at 743.
[144] Recognizing the danger in such an approach, the FISCR had specifically articulated that the purpose of a Section 702-type certification should be judged “by the national security official’s articulation and not by a FISA court inquiry.” In re Sealed Case, 310 F.3d at 736.
[145] 857 F.3d 193 (4th Cir. 2017).
[146] Id. at 204.
[147] U.S. v. Mohamud, 2014 WL 2866749, at *11-12 citing Zurcher v. Stanford Daily, 436 U.S. 547, 564 (1978).
[148] See U.S. v. Mohamud, 2014 WL 2866749, *12-*27 (applying Fourth Amendment standards with “scrupulous exactitude” and concluding that Section 702 collection is reasonable under the Fourth Amendment).
[149] See Laura K. Donohue, Section 702 and the Collection of International Telephone and Internet Content, 38 Harv.J.L. & Pub. Pol’y at 133 (discussing NSA’s broadened definition of ‘facility’).
[150] 50 U.S.C. § 1801(a)-(o).
[151] 50 U.S.C. § 1881(b)(1)-(5).
[152] See, e.g., 154 Cong. Rec. S6379 (daily ed. July 8, 2008) (statement of Sen. Cardin) (“Congress must indeed make changes to FISA to account for changes in technology and rulings from the FISA Court involving purely international communications that pass though telecommunications routes in the United States.”); 154 Cong. Rec. H5767 (daily ed. June 20, 2008) (statement of Rep. Pelosi) (“[W]e all recognize the changes in technology necessitate a change in the legislation, and this legislation today modernizes our intelligence-gathering system by recognizing and responding to technological developments that have occurred since the original FISA Act in 1978.”).
[153] See, e.g., November 2016 Joint Assessment at 27-51 (detailed review and analysis of compliance issues and incidents during the reporting period).
[154] PCLOB Report at 2, 11.
[155] Office of the Director of National Intelligence “Fact Sheet” relating to the “Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (FISA) – 13th, 14th and 15th Joint Assessments” at 1 available at www.dni.gov//Overview_Fact_Sheet.
[156] PCLOB Report at 10.
[157] Robyn Greene, OTI’s Reform Priorities for Section 702 of the FISA Amendments Act, at 2, Open Technology Institute (May 2, 2017).
[158] See e.g., President’s Review Group on Intelligence and Communications Technologies, “Liberty and Security in a Changing World,” Report, pp. 144-145 (Review Group is briefed on 53 counterterrorism investigations since 2007 that utilized Section 702 information in the prevention of terrorist attacks in diverse nations and the United States.).
[159] “Jeff Sessions urges Congress to reauthorize FISA ‘promptly’,” Washington Examiner, Sept. 12, 2017