- Research Programs
- Regions & Topics
- All Publications
A nation must think before it acts.
Earlier this month, Rep. Bob Goodlatte, chairman of the House Judiciary Committee, introduced a bill titled the USA Liberty Act (“Liberty Act”) that would simultaneously extend (through September 30, 2023), and amend parts of the Foreign Intelligence Surveillance Act (FISA), including Section 702 of FISA, which otherwise is set to expire on December 31. Section 702, first enacted in 2008 and renewed in 2012, is the FISA provision authorizing the warrantless electronic surveillance of non-U.S. persons located abroad for foreign intelligence purposes. It has been described as the “crown jewel” of intelligence collection authorities, but also is easily the most controversial element of FISA. The collection activities authorized by Section 702 are conducted principally under the auspices of the National Security Agency (NSA).
The bill purports to be a bipartisan effort that includes Democrats John Conyers, Sheila Jackson, and Jerrold Nadler as co-sponsors, all of whom voted against the renewal of the FISA Amendments in 2012. The press release accompanying the bill claims it retains the core foreign intelligence value of Section 702 while creating “a new framework of protections and transparency requirements to ensure that the government’s use of Section 702 accords with principles of privacy and due process.” A review of the bill’s content, however, reveals a very different reality. It seems apparent that the drafters of this proposed legislation, who presumably included some of Section 702’s fiercest critics during the debate on its renewal in 2012, worked from a laundry list of grievances aired over the years by critics of Section 702 and the surveillance program it authorizes. Several of the substantive changes proposed in the legislation are transparently obvious responses to complaints that have persisted since the FISA Amendments, including Section 702, were first passed in 2008. In 2008, and then again, in 2012, Congress prudently rejected some of the very changes now advanced by this proffered legislation. As explained below, the Liberty Act unnecessarily muddles the mechanics of the Section 702 Program while saddling the agencies performing Section 702 collection activities with an entirely new series of reporting requirements that, realistically, are unlikely to better educate either the people or the Congress on the operation of the 702 Program. Here is why.
The most fundamental change proposed for Section 702 addresses the topic that has long carried the biggest bullseye for its critics; i.e., the “back door” search, which is the term opponents use to describe the querying of unminimized Section 702 data for evidence of a crime. (“Unminimized Section 702 data” refers to the raw communications collected in the Section 702 Program before those communications have been subjected to review or analysis. “Querying” the unminimized Section 702 data base refers to searching that data base for information by the computerized use of selection terms (i.e., “queries”) designed to elicit from those communications in the data base either foreign intelligence information or, in the case of the supposed “back door search,” evidence of a crime.) According to critics, using a query to find evidence of a crime represents a separate “back door search” that must be supported by a warrant.
As an initial matter, it deserves noting that this “back door” search issue is not one that significantly impacts the operation of the Section 702 Program as conducted by NSA. NSA’s principal mission is to conduct signals intelligence activities to produce foreign intelligence for consumption by other members of the Intelligence Community. NSA’s Foreign Intelligence Surveillance Court (FISC)-approved minimization procedures relating to Section 702 collection require that queries of unminimized Section 702 communications using U.S. person identifiers be “reasonably likely to return foreign intelligence information, as defined in FISA.” Those minimization procedures do not authorize queries using U.S. person identifiers for the purpose of producing “evidence of a crime.” So, while the base of unminimized Section 702 data is collected by NSA, that data base is shared with, for example, the FBI which, pursuant to its own FISC-approved minimization procedures, does permit its analysts to search that data base for evidence of crime. Consequently, the USA Liberty Act’s proposal to regulate “back door” searches will primarily impact the FBI and, potentially, the National Counterterrorism Center (NCTC), another recipient of Section 702 data collected by NSA.
This “back door” search issue was raised both in the original debate on the enactment of Section 702 and in connection with its reauthorization in 2012. Those courts that have considered the issue have uniformly held that accessing the data legally acquired and retained pursuant to Section 702 using FISC-approved minimization procedures is not a separate search for Fourth Amendment purposes. Indeed, no court that has considered the question has concluded that a search of Section 702 data acquired in connection with a lawful Section 702 acquisition requires a warrant or showing of probable cause in connection with any subsequent querying of that data so long as the collection of foreign intelligence was a significant purpose of the initial acquisition. This conclusion reflects, at least in part, a judicial recognition that Congress always had intended that information acquired pursuant to lawful FISA surveillances might be used both for foreign intelligence and for law enforcement purposes. From the initial passage of FISA in 1978, for example, Congress defined “agent of a foreign power” by reference to conduct that violates U.S. criminal law reflecting an understanding that counterintelligence operations in particular often embrace both law enforcement and foreign intelligence features and interests.
Of course, Congress is free to impose restrictions that purport to protect privacy even in the absence of a constitutional requirement. For example, the U.S. Supreme Court’s decision that there was no protected Fourth Amendment interest in personal information shared with banks and financial institutions led Congress to pass the “Right to Financial Privacy Act” affording privacy to financial records shared with third parties, and the Court’s conclusion that the Fourth Amendment protects only the contents of a communication but not its peripherals (i.e., dialing information and call data) led Congress to pass the Electronic Communications Privacy Act which provided a level of privacy protection to communications data. Lawmakers also have created more targeted laws intended to protect the privacy of cable subscribers and video store customers even where not necessarily compelled by the Fourth Amendment.
None of those instances, however, necessitated Congress balancing the extent of the privacy intrusion against a paramount countervailing interest of the government in protecting the national security. Section 101 of the Liberty Act now proposes to require that, where a query of lawfully acquired Section 702 data is undertaken “to query for evidence of a crime,” those contents may now only be accessed or disseminated upon the issuance of a FISC order based upon an application from the Attorney General that there is probable cause to believe that the contents of the communications “may provide evidence of a crime.” After twice (in 2008 and 2012) rejecting the idea of requiring a separate warrant to query communications that have been lawfully acquired under a Section 702 certification already approved by the FISC, the Liberty Act seeks to now mandate such a warrant.
The press release accompanying the bill offers no substantive rationale for this change of legislative heart except the general assurance that it “better safeguard[s] Americans’ civil liberties.” This absence of a compelling rationale is disappointing given the dilemma that such a requirement creates in the particular area of counterintelligence investigations that are frequently hybrids embodying both law enforcement and foreign intelligence objectives. Often, in the area of counterterrorism, a significant investigative goal may be to “turn” a target or infiltrate the targeted group while simultaneously retaining the option to pursue criminal charges against the surveillance target and/or others. Connecting the counterterrorism dots will be much more difficult if the Liberty Act becomes law.
The Liberty Act would inject unnecessary uncertainty into this counterterrorism puzzle because it excepts from its newly imposed warrant requirement those situations where “such query [of Section 702 data] is reasonably designed for the primary purpose of returning foreign intelligence information.” This is a particularly poor choice of language because it conflicts with Section 702’s subsection (g)(2)(A)(v), which requires that, for a lawful Section 702 acquisition, “a significant purpose of the acquisition [be] to obtain foreign intelligence.” So, the proposed legislation apparently creates a higher standard for querying the collected communications than is required for the initial seizure of those communications in the first place. This makes no sense from either a linguistic or a statutory perspective. It is easy to imagine the confusion, delay, and uncertainty this new warrant requirement will create in a nascent counterintelligence investigation where the focus is on developing information that might, alternately, lead to broadening the focus of that inquiry or, possibly, prosecution of the target. What is the “primary” purpose of the investigation at this point? Is a warrant required or not?
This is not simply a rhetorical conflict because the “primary” modifier introduced by the proposed legislation carries rather tortuous baggage. The term first appeared in a case that predated FISA, but Congress eschewed its use in crafting the Patriot Act, a statutory predecessor of Section 702, requiring only that the acquisition of foreign intelligence constitute a “significant purpose” of the surveillance. Recognizing this, the Foreign Intelligence Surveillance Court of Review (FISCR), in a case that specifically examined the distinction between the “primary” and “significant” purpose standards, explained that the “significant purpose” standard properly delineated the duality that often exists, particularly in counterintelligence investigations, between the government’s foreign intelligence and law enforcement interests.
“Significant” according to the FISCR requires that the government has “a measurable foreign intelligence purpose” in its actions, and this remains the standard governing the acquisition of communications under Section 702. Presumably, the authors of the Liberty Act have some greater quantum of “purpose” in mind by using “primary” as the standard for the Act’s exception to its new warrant requirement, but that quantum is not articulated and it will be left to courts—not the FISC, but courts likely to have no expertise in FISA or foreign intelligence—to decide, generally in the context of a defendant’s effort to suppress evidence derived from Section 702 communications, whether the “primary” purpose test required for the Liberty Act’s exception to its new warrant requirement has been satisfied.
This is precisely an area into which the FISCR, a court that does have expertise in foreign intelligence and counterintelligence surveillance, believes that courts should not venture because they simply lack the expertise to competently ascertain the distinctions that must be made in assessing, at any particular point in time, the “primary” purpose of an investigation—is it foreign intelligence or law enforcement or some amalgam of both? In the FISCR’s words, insisting that foreign intelligence represent a “primary purpose” of a surveillance rests on a false premise forcing a demarcation that is “inherently unstable, unrealistic, and confusing.” Ignoring this history, the Liberty Act now reintroduces this “inherently unstable, unrealistic and confusing” standard as the measuring stick for determining whether a query is excepted from its newly imposed warrant requirement while inexplicably retaining a different standard to govern the actual acquisition of the communications to which the query is directed.
There is no need for such confusing and convoluted legislation. On two earlier occasions, Congress prudently rejected this unnecessary legislative overreach. To have the purpose (and, correspondingly, the legality) of a Section 702 surveillance determined by judicial guesswork instead of relying upon the articulation of national security professionals as expressed in the Section 702 certification statutorily required by Congress substitutes judicial uncertainty and unfamiliarity for experience and professionally-informed judgment while hampering exactly the sort of cooperation and shared objectives essential to effective counterintelligence work.
Section 702, as currently written, requires that the Attorney General, in consultation with the Director of National Intelligence (DNI), adopt targeting procedures reasonably designed to ensure compliance with the statutory restrictions that govern 702 acquisitions. The statute itself contains only general guidelines regarding the content of those targeting procedures, but NSA’s “2016 Targeting Procedures,” for example, require that analysts document in its tasking database “a citation or citations to the information that led them to reasonably believe that a targeted person is located outside the U.S.”
The Liberty Act seeks to introduce a statutory “due diligence” requirement into the targeting process that will be fulfilled only by documenting, “to the extent practicable” (1) that every targeting decision is based upon a totality of the circumstances that resolves any conflicting information about the location of the target in advance of targeting, and (2) the rationale “for why targeting such person will result in the acquisition of foreign intelligence information.”
There is no intrinsic problem with what the Liberty Act proposes, but it is unnecessary overkill in this area. In its 2014 report on the Section 702 Program, the Privacy and Civil Liberties Oversight Board (PCLOB) found that a study of NSA targetings confirmed that 99.6% of those targetings complied with statutory requirements. Statistics released by the Office of the DNI show that, in 2016, there were over 106,000 Section 702 targets. In a surveillance program of this scope with targetings of this magnitude, these new “documentation” requirements represent a substantial burden directed to “fixing” a problem that simply does not exist.
The Liberty Act would codify that Section 702 targeting is limited to communications to or from a target; statutorily banning the acquisition of “about” communications from NSA’s Upstream collection that NSA, as a matter of policy, already had ceased collecting in March 2017.
The proposed legislation also addresses the minimization procedures used with Section 702 collection. Apparently responding to reported controversies concerning the “unmasking” of U.S. person identities in intelligence reporting, the Liberty Act now supplies a definition for the term “Unmask” and mandates that Section 702 minimization procedures include specific provisions governing the process by which agencies request, approve, and document decisions relating to the “unmasking” of U.S. person identities.
Further, the Liberty Act would require that each agency’s Section 702 minimization procedures affirmatively ensure that “any communications that do not contain foreign intelligence information are purged by not later than 90 days after the date on which the communications are determined to not contain foreign intelligence information.” This requirement falsely suggests a readily discernible clarity to assessing the foreign intelligence value of any particular collected communication—a clarity that simply does not comport with the realities of foreign intelligence analysis. Moreover, although not specified in the Act, presumably this requirement applies only where communications actually have been reviewed in response to an intelligence query, as opposed to representing an order that the foreign intelligence value of each of the millions of communications acquired in the Section 702 Program be assessed at the time of acquisition—a staggering, if not impossible, task. However, in an unfortunate example of legislative opacity, the Liberty Act is silent as to exactly when the foreign intelligence value of acquired communications is to be determined for purposes of this new “purging” requirement.
To supply greater transparency, the Liberty Act mandates that the DNI, in consultation with the Attorney General, conduct a declassification review of all Section 702 minimization procedures and, consistent with such review, make those procedures “publicly available to the greatest extent practicable, which may be in redacted form.”
Expanding the role of amicus curiae counsel first introduced into the FISA process by the USA Freedom Act in 2015, the Liberty Act would require that the FISC appoint such counsel (from a list of counsel already selected by the FISC) to participate in the review of Section 702 certifications. In the absence of such an appointment, the Liberty Act would require the FISC make a specific finding that an appointment “is not appropriate.”
In 2014, following the disclosures made by Edward Snowden, the Privacy and Civil Liberties Oversight Board (PCLOB), at the request of both Congress and the president, conducted an extensive review of the Section 702 Program. That was then; this is now. In 2014, the PCLOB was fully staffed with its statutorily designated five members—including Patricia Wald, the former chief judge of the U.S. Court of Appeals for the D.C. Circuit. Today, the PCLOB is a shell with one serving member and four vacancies, yet the Liberty Act proposes to have this body prepare and issue a report about “how communications acquired under section 702 of [FISA] are used by the United States to prevent or defend against terrorism.”
Bear in mind that the statutory qualifications for appointment to the PCLOB require no particular expertise in FISA, electronic surveillance more generally, or counterterrorism; but, they do require an “expertise in civil liberties and privacy.”
The report contemplated by this section of the Liberty Act is a quintessential example of legislative profligacy. The reporting task is assigned to a group that needs two members appointed by the president and confirmed by the Senate before it even gains its statutory quorum. Frankly, if the Congress cannot ascertain the value of the Section 702 Program in preventing and defending against terrorism from the reams of reporting that Congress already requires in the FISA statute itself, there is no reason to believe that its collective understanding will be materially advanced by receiving another report, at some distant point in the future, from a group that will quite possibly be populated, not by members expert in electronic surveillance and communications technology, but whose only shared trait is an “expertise in civil liberties and privacy.” Such a document will almost assuredly look more like an indictment than a report of the Section 702 Program.
The “protections,” “oversight,” and “transparency” promised by the Liberty Act largely take the form of multiple new reporting requirements imposed upon the DNI and/or on the heads of individual agencies in the Intelligence Community. The Section 702 Program is already among the most heavily regulated, carefully scrutinized activities undertaken by components of the U.S. government. It seems ironic that while Congress anguishes, at times, over the transactional and efficiency costs associated with additional regulation of the financial sector or the securities industry, even a cursory reading of this bill reveals no similar restraint in congressional oversight of the Section 702 Program. Notably, for any concerned taxpayer, no provision in the Act requires any study or even consideration of the compliance costs associated with these new legislative mandates. FISA is replete with current reporting requirements that, according to critics, have failed to secure the rights of U.S. persons. Yet, many of those critics also argue that legislative indifference and inefficiency essentially foreclose any possibility that Congress will ever competently oversee U.S. intelligence programs. Consequently, there is little to assure that this new bushel of reporting mandates will materially advance competent legislative oversight.
This is no attempt to relieve the Intelligence Community of the duty and obligation to thoroughly and truthfully report on its activities and how it spends taxpayer dollars. The suggestion here is that the legislative requirements necessary to furnish the information needed for competent oversight already exist, but Congress is unable or unwilling to digest the information in a way that Americans can feel reasonably confident that their Intelligence Community is performing its duties competently and in accordance with constitutional rights. Until and unless individual legislators make the effort to acquaint themselves with the plethora of information already reported by the Intelligence Community in accordance with existing statutory mandates, little comfort can be found in legislating an entirely new set of reporting requirements that will produce mountains of data that will remain unread by sizable numbers of those sitting in each chamber in the Capitol.
Without attempting to note every one of the multiple new reporting requirements the Liberty Act would require, the following examples are found within the proposed new statute:
The Liberty Act concludes by addressing the subject of whistleblower protections for contractors of the Intelligence Community before moving on to the subject of unauthorized disclosures of classified information and the U.S. classification system in general. The provisions on whistleblower protection are unremarkable, but the latter effort tasks the Comptroller General with conducting a broad study of the U.S. classification system and, within 180 days, reporting to Congress on that study. Without being cynical, if these final provisions of the Liberty Act become law and the Comptroller General’s study produces meaningful reform of the classification system used by the U.S. government, it will be an accomplishment that has escaped nearly every Congress and presidential administration of the past 50 years.
This legislative proposal is flawed. It comes from the House Judiciary Committee with no indication that it represents the views of either the House Intelligence Committee or either the Judiciary or Intelligence Committees in the Senate. Whether it reflects a legitimate effort at dictating the future of Section 702 or simply the opening bid in an intensifying congressional debate will only become clear as that debate continues in coming weeks.
 See, e.g., 158 Cong. Rec. H5891 (daily ed. Sept. 1, 2012) (floor debate in the House embraces the precise issue of whether “the Federal government [is] intentionally searching for information on a U.S. person in a data pool amassed lawfully under Section 702 of FISA.”). Following that debate, the House voted to reauthorize Section 702 without material change to its form as originally enacted in 2008.
 U.S. v. Muhtorov, 187 F.Supp.3d 1240, 1256 (D. Colo. 2015); U.S. v. Mohamud, 2014 WL 2866749, at *26 (D. Or. June 24, 2014)
 See, e.g., U.S. v. Muhtorov, 187 F.Supp. 3d at 1256; U.S. v. Mohamed 2014 WL 2866749, at *26 (concluding that accessing the data legally acquired pursuant to Section 702 using the FISC-approved minimization procedures is not a separate search for Fourth Amendment purpose).
 See, e.g., 50 U.S.C. § 1801(h)(3) (minimization procedures are to “allow for the retention and dissemination of information that is evidence of crime . . . that is to be retained or disseminated for law enforcement purposes”); 50 U.S.C. § 1808(a)(2)(B) (requiring that Attorney General’s semiannual report to Congress on FISA activities include a description of each criminal case in which FISA-derived information has been authorized for use at trial).
 See, e.g., 50 U.S.C. § 1801(b)(2) (“Agent of a foreign power” means – … (2) any person who – ((A) knowingly engages in clandestine intelligence gathering activities for or on behalf of a foreign power, which activities involve or may involve a violation of the criminal statues of the United States ….”).
 U.S. v. Miller, 425 U.S. 435 (1976).
 Smith v. Maryland, 442 U.S. 735 (1979).
 Cable Communications Privacy Act of 1984, 47 U.S.C. §551 (2013).
 Video Privacy Protection Act of 1988, 18 U.S.C. §§2710-2711 (2013).
 USA Liberty Act, Section 101(a)(1)(A).
 Where the 702 data is being queried for non-content information like dialing, routing, or addressing information (i.e., peripherals), the Liberty Act imposes a slightly different, but still novel requirement, that the Attorney General now make a determination that the queried communications are relevant to an authorized investigation. USA Liberty Act, Section 101(a)(1)(B). FISA currently contains no such requirement.
 See, e.g., “FBI director warns against restricting controversial NSA surveillance program,” Washington Post, October 13, 2017.
 USA Liberty Act, Section 101(a)(1)(C)(i).
 50 U.S.C. §1881a(g)(2)(A)(v).
 Further muddying these already murky waters is the new mandate that the minimization procedures (always required in connection with a Section 702 surveillance) must now “describe a query reasonably designed for the primary purpose of returning foreign intelligence information.” USA Liberty Act, Section 101(b). Is Congress now intending to oversee the content of every agency’s Section 702 minimization procedures? What is required for this congressionally mandated “description:” a pre-approved format for an acceptable query? No guidance appears in the legislation.
 In re Sealed Case, 310 F.3d 717, 732-733 (FISCR 2002).
 Id. at 735.
 Id. at 743.
 Recognizing the danger in such an approach, the FISCR specifically articulated that the purpose of a Section 702-type certification should be judged “by the national security official’s articulation and not by a FISA court inquiry.” In re Sealed Case, 310 F.3d at 736.
 50 U.S.C. §1881(d).
 USA Liberty Act, Section 102(a).
 Privacy and Civil Liberties Oversight Board, Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (hereafter, the “PCLOB Report”), July 2, 2014, at 44.
 USA Liberty Act, Section 102(b)-(e).
 USA Liberty Act, Section 201(a).
 USA Liberty Act, Section 103.
 USA Liberty Act, Section 104.
 Privacy and Civil Liberties Oversight Board, Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (July 2, 2014).
 See USA Liberty Act, Action 202(c) (“Not later than 1 year after the date on which the [PCLOB] achieves a quorum” the PCLOB shall submit a report to the congressional intelligence and judiciary committees on “(1) how communications acquired under Section 702 of [FISA] are used by the United States to prevent or defend against terrorism; (2) how technological challenges and changes in technology affect such prevention and defense….” Confidence is never fostered when a legislative delegation begins with a caveat about the delegatee first obtaining a quorum.)
 42 U.S.C. §2000ee(h)(2).
 USA Liberty Act, Section 102(b).
 See USA Liberty Act, Section 303 (the study is intended to address, inter alia, (1) “insider threat risks to the unauthorized disclosure of classified information, (2) the effect of modern technology (including cloud storage) on unauthorized disclosures, (3) the effect of overclassification on unauthorized disclosures, (4) possible changes to the levels of classification, (5) the value of polygraph testing in determining who should have access to classified information, and (6) whether uniform standards are applied in determining who is authorized access to classified information.