Although falling well short of a civics paradigm of legislative deliberation, with Senate passage of S. 139, the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA) cleared the Congress and was sent to President Trump. On January 19, 2018, he signed into law the legislation extending, through the end of 2023, statutory authority for this uniquely critical foreign intelligence collection program. With its reauthorization now a reality, and in a form that largely preserves its utility as America’s foremost foreign intelligence collection tool, it is instructive to examine Section 702 as finally approved by Congress following multiple hearings and its consideration of five separate FISA bills.

Background of FISA

First enacted by Congress in 2008 as part of the FISA Amendments Act, Section 702 permits the Attorney General and the Director of National Intelligence (DNI) to jointly authorize the targeting of foreigners reasonably believed to be located abroad for the purpose of acquiring foreign intelligence. By 2011, the National Security Agency (NSA), the intelligence agency responsible for conducting the nation’s signals intelligence activities, was acquiring more than 250 million internet communications each year pursuant to Section 702,^[1] and, by 2014, it was estimated that more than a quarter (25%) of all foreign intelligence reports issued by NSA concerning counterterrorism included information based in whole or in part on Section 702 collection.^[2] Although similar calibrations of Section 702’s value remain classified and are rarely publicly disclosed, neither the volume of Section 702 collection nor its ubiquity in intelligence reporting is likely to have diminished since 2014. What is known is that, by 2016, NSA was conducting Section 702-authorized collection on over 106,000 foreign targets,^[3] and, during the reauthorization debate held in the House of Representatives on January 11, 2018, Section 702 was variously described as “the most important electronic intelligence-gathering mechanism that the United States has to keep us safe”^[4] and “as one of the most, if not the most, critical national security tool used by our intelligence community to obtain intelligence on foreign terrorists located overseas.”^[5]

Yet, despite its virtually unmatched pedigree as a foreign intelligence tool and the unqualified support of those who best know that pedigree, the renewal of Section 702 was hardly assured. From its legislative inception in 2008, Section 702 has been the focus of ceaseless criticism from a politically diverse group of opponents who insist that it transcends constitutional bounds and represents the harbinger of an Orwellian surveillance state: charges that reached a crescendo in the aftermath of the disclosures by Edward Snowden in 2013. Given that Section 702 was last renewed by Congress in 2012, the 2017 expiration date represented the first time the collection program (“Section 702 Program”) was debated against the background of Snowden’s revelations.

The array of legislative proposals addressing Section 702 reflected both the diversity of positions in the renewal debate and the odd consortium of groups and individuals that coalesced to oppose renewal of the Section 702 Program. Two of those legislative offerings in particular, the House and Senate editions of the presumptuously labeled USA Rights Act, would have drastically overhauled Section 702 in ways that seriously impaired its value as an intelligence collection tool in the name of “remedying” the ostensible deficiencies that opponents insisted rendered Section 702 constitutionally defective. The USA Rights Bill was specifically introduced in the House as a proposed alternative to the FISA Amendments Reauthorization Act of 2017, the bill initially offered in the House Intelligence Committee (HPSCI) that was supported by the House leadership and came closest to embodying the “clean” reauthorization sought by the Intelligence Community.^[6]

Ultimately, after collaboration between the House Intelligence and Judiciary Committees, a slightly modified variant of the HPSCI bill was also presented as the FISA Amendments Reauthorization Act of 2017 (FISA Reauthorization Act) providing the version of Section 702 that is now law; although, not without some final legislative legerdemain that served to limit overall debate and beat the January 19, 2018 deadline created when Congress added a short extension of Section 702 to the December 2017 stopgap funding bill passed to avoid a government shutdown.^[7] Indeed, signaling the tortured journey of Section 702 through the legislative mill, the final version of the bill proceeded through both chambers labeled as “S. 139,” a bill originally introduced in the Senate as “An Act to implement the use of Rapid DNA instruments to inform decisions about pretrial release or detention and their conditions, to solve and prevent violent crimes and other crimes, to exonerate the innocent, to prevent DNA analysis backlogs, and for other purposes.” The Congressional Record is silent on how this particular piece of legislation came to serve as the host for the renewal of the country’s most important intelligence collection program; but, then again, no connoisseur of haute cuisine is ever encouraged to study the process by which sausage is made.

The Odd Coalition of FISA’s Opponents

Reflecting the odd coalition of Section 702 opponents, some of the most conservative Republicans in the House joined with some of the chamber’s most liberal Democrats in a failed bid to dramatically overhaul the collection authority. Representatives Zoe Lofgren and Justin Amash, strange political bedfellows for sure, sought to substitute the House version of the USA Rights Act as the template for Section 702 renewal, but the full House rejected the effort. Ultimately, 58 conservative Republicans joined 125 Democrats in voting for the Lofgren/Amash amendment that would have significantly hollowed Section 702’s effectiveness as an intelligence tool; but, 55 Democrats joined 178 Republicans in rejecting it, thereby affording a relatively comfortable 50-vote margin of safety for Section 702’s renewal.

The proponents of the USA Rights Act provided yet another example of how many of Section 702’s critics, inside Congress and out, understand constitutional issues only in a colloquial, rather than a jurisprudential, sense by persisting in the argument that the FISA Reauthorization Act fails to rectify the alleged Fourth Amendment violation that, critics insist, occurs whenever the Section 702 database of foreign communications is queried using U.S. person identifiers seeking evidence of a crime. This despite the fact that every court to have considered this issue has concluded that an analytic query of Section 702 communications lawfully acquired pursuant to a Foreign Intelligence Surveillance Court (FISC)-approved certification is not a separate search under the Fourth Amendment and does not require a warrant.^[8]

In the end, the failed vote on the proffered substitution of the flawed USA Rights Act for the FISA Reauthorization Act represented the high water mark for Section 702’s opponents in the House.  Although the vote was complicated by a series of seemingly contradictory tweets from President Trump on the morning of the House vote, once the White House offered clarification and the Lofgren/Amash amendment was rejected, the full House voted 256-164 to adopt the FISA Reauthorization Act, leaving a frustrated Edward Snowden to tweet that the [USA Rights Act] amendment would have passed had fewer Democrats broken ranks.

In the Senate, Rand Paul, Ron Wyden, and others, comprising another curious confederation of liberal Democrats and conservative Republicans, threatened to filibuster the bill, but the Senate’s Republican leadership managed to secure the 60 votes needed to invoke cloture in a vote on January 16, 2018. With this hurdle cleared, the bill proceeded to a full vote and was approved by the Senate, on January 18, 2018, by a comfortable margin of 65-34.

As passed by both chambers, the FISA Reauthorization Act extends Section 702 authority through December 31, 2023. President Trump signed the legislation into law on January 19, 2018.

So, having survived months of legislative maneuvering and a chorus of criticism from privacy and civil liberties activists, how will Section 702 now operate for the next six years?

FISA Moving Forward

From its inception in 2008, Section 702 has required that the Attorney General, in consultation with the DNI, adopt targeting and minimization procedures to govern the conduct of any authorized acquisition of foreign communications. These targeting and minimization procedures are subject to review by the FISC for consistency with the Fourth Amendment. The FISA Reauthorization Act requires that the Attorney General and the DNI now also produce “Querying Procedures” that, logically, will apply to analytic “querying” of the Section 702 database; i.e., the practice by which intelligence analysts access the database of “raw” communications acquired pursuant to Section 702 certifications approved by the FISC. Like Section 702’s targeting and minimization procedures, the new “querying” procedures are also subject to review by the FISC for consistency with the Fourth Amendment. Additionally, the new “Querying Procedures” mandate that the measures adopted by the Attorney General and the DNI include a “technical procedure whereby a record is kept of each United States person query term used for a query.”

The FISA Reauthorization Act’s new “querying” restrictions also mandate that the FBI, but only the FBI, now obtain a FISC order before initiating any query of the Section 702 database “in connection with a predicated criminal investigation opened by the Federal Bureau of Investigation that does not relate to the national security of the United States.”^[9] It would have been helpful to have defined “predicated criminal investigation,” but the statute is silent, so one is left to assume that it is an investigation that has moved beyond a preliminary assessment of suspected criminal activity that is unrelated in any way to national security; i.e., your garden variety criminal investigation conducted through the FBI’s criminal investigative division.^[10]

In these criminal investigations, before querying the Section 702 database for communications of or concerning a U.S. person, the FBI must now file an application seeking an order from the FISC that probable cause exists to believe that the communications sought in the Section 702 database will provide evidence of criminal activity, contraband or fruits of a crime, or property designed for use in committing a crime. Only upon receipt of an order from the FISC (except in limited circumstances^[11]), can the FBI then access the Section 702 database and use the communications retrieved through such a query against a U.S. person in any criminal proceeding.

Of course, no modification of FISA would be complete without a concomitant reporting requirement and the annual report required by the DNI,^[12] which includes disclosures related to FISA activities must now include a separate listing of “the number of instances in which the Federal Bureau of Investigation opened, under the Criminal Investigative Division or any successor division, an investigation of a United States person (who is not considered a threat to national security) based wholly or in part on [a Section 702 acquisition].”

At first blush, this new requirement for a FISC order appears as an effort to mollify Section 702’s opponents who have been complaining about the “backdoor search” issue for years. Closer examination, however, reveals it principally as a political gesture offered to appease critics rather than seriously constrict access to the Section 702 database for foreign intelligence purposes.^[13] For example, after creating this new “querying” limitation in purely criminal cases, the FISA Reauthorization Act hastens to point out that the FBI is relieved of any obligation to seek a FISC order: (1) where the FBI is conducting lawful queries of the Section 702 database (i.e., queries directed to producing foreign intelligence information); or (2) where the results of an FBI query are “reasonably designed to find and extract foreign intelligence information, regardless of whether such foreign intelligence information would also be considered evidence of a crime;” or (3) where the FBI query is initiated to evaluate “whether to open an assessment or predicated investigation relating to the national security of the United States;” or (4) where the query is initiated upon reasonable belief that the content of Section 702 communications “could assist in mitigating or eliminating a threat to life or serious bodily harm.” As critics already have noted, these are expansive exceptions affording the FBI broad latitude to eschew pursuing a FISC order except in very limited circumstances, so it remains to be seen whether this new requirement will result in any material change in how the FBI handles access to the database of Section 702-acquired communications. Moreover, as already noted, NSA’s Section 702 collection and reporting activities are entirely unaffected by this new FISC order requirement. All things considered, given the volume of criticism voiced by the “backdoor search” lobby, the new FISC order requirement is unlikely to have a significant impact on the future operation of the Section 702 Program.

Reforms to “About” Collection and Others Parts of FISA

Unsurprisingly, a different series of provisions found in the FISA Reauthorization Act addresses “about” collection; yet another feature of the Section 702 Program that drew heavy fire from opponents.^[14]

The new law requires that, prior to any resumption of “about” collection, the DNI and the Attorney General must notify Congress of their intent to resume such collection and, absent emergency circumstances, that notice triggers a 30-day period in which, the Judiciary Committees and the Intelligence Committees in each chamber “shall, as appropriate, hold hearings and briefings and otherwise obtain information in order to fully review [the written notice provided by the DNI and the Attorney General].” In essence, the objective is to insure that “about” collection, a practice that continues to draw substantial fire from critics despite its abatement by NSA early last year and that would have been statutorily prohibited by the USA Rights Act, will not resume without Congress at least having the opportunity to act on the practice. Again, given the level of criticism generated by “about” collection, the provisions found in the FISA Reauthorization Act represent the minimal level of “reform” that a reasonable advocate of Section 702 should have anticipated in any renewal. Absent a significant change in intelligence requirements or technological developments that allow NSA to successfully filter “about” collection in a way that addresses FISC concerns over the acquisition of U.S. person communications, it seems unlikely that the Intelligence Community will risk the inevitable firestorm in Congress that renewing “about” collection would precipitate.

In another effort to improve transparency surrounding the Section 702 Program, the FISA Reauthorization Act now requires that the Attorney General and the DNI conduct a declassification review of the minimization procedures used with Section 702 and, “to the greatest extent practicable,” make those minimization procedures publicly available. This new mandate is somewhat redundant since, for example, NSA is the agency principally responsible for the conduct of the Section 702 Program and NSA’s current Section 702 minimization procedures, in redacted form, can already be found on the DNI’s website.^[15] Nonetheless, there is probably value in creating a statutory requirement for such disclosure since minimization procedures establish the standards that govern the retention, use, and dissemination of all U.S. person information acquired through Section 702 collection.^[16]

One feature of the new FISA Reauthorization Act that almost certainly can be traced to the activities of Edward Snowden is the inclusion of specific whistleblower protections for contractors of the Intelligence Community. As anyone familiar with Snowden’s background knows, he was not employed directly by NSA, but worked as an employee of one of NSA’s many contractors. Congress has now sought to statutorily guarantee that Intelligence Community contractors are afforded the same whistleblower protections as are available to employees of Intelligence Community components.^[17]

Finally the FISA Reauthorization Act includes the provision that had been found in two of the earlier FISA bills introduced in the House of Representatives directing the Comptroller General to conduct a study of the classification system of the United States and the problem of unauthorized disclosures.^[18] As I previously wrote in analyzing this earlier FISA legislation, at the risk of appearing cynical, if the Comptroller General actually produces meaningful reform of the classification system used by the U.S. government, it will represent an accomplishment that has evaded nearly every Congress and presidential administration of the past 50 years.

What’s Missing?

In some ways, what is missing from the FISA Reauthorization Act is almost as interesting as what is found in the renewal bill. The same two earlier FISA bills introduced in the House, the initial HPSCI bill (H.R. 4478 titled the FISA Amendments Reauthorization Bill of 2017) and the USA Liberty Act (H.R. 3989 originally introduced in the House Judiciary Committee) also both sought to address the issue of protecting U.S. person identities in intelligence reporting. The USA Liberty Act would have mandated specific procedures regulating the “unmasking” of U.S. person identities as part of a broadening of existing statutory minimization requirements, while the HPSCI bill proposed amending the National Security Act by adding a new section establishing procedures to regulate “covered requests” seeking the disclosure of U.S. person information.

The underlying focus of these provisions was the “masking” or, more accurately, the “unmasking” of U.S. person identities in intelligence reporting, and the requirements that ought to govern “unmasking” requests. Currently, for example, “unmasking” U.S. person identities in NSA intelligence reporting is governed by NSA’s minimization procedures,^[19] but the HPSCI bill and the USA Liberty Act sought to create some statutory guidance on the topic. However, the entire issue became politically controversial after media reports of alleged requests by members of the Obama administration to unmask U.S. person identities of Trump transition team members referenced in intelligence reporting that was based, in part, on incidentally collected communications acquired during FISA surveillance. Given the silence of the FISA Reauthorization Act on the “unmasking” subject, it appears that the controversy left too much political discord to allow for a compromise resolution on “unmasking” standards.

Yet, another subject that had been addressed in the HPSCI bill (H.R. 4478) but is absent from the final legislation was an effort to amend the long-standing FISA definitions for “foreign power” and “agent of a foreign power” to address the issue of “malicious cyber activity” such that FISA surveillance would have been authorized against foreign governments or organizations (or those acting on their behalf) engaged in “international malicious cyber activity.”^[20] In this regard, the HPSCI bill was the only one of the five separate pieces of FISA legislation that sought to address the cyber activity that has become such a focal point of the investigations surrounding the 2016 presidential election. Despite the current, and widely publicized, threat posed to national security by international malicious cyber activity, the FISA Reauthorization Act ignores the subject and the debate on the final bill offers no insight into why this particular issue was left unaddressed.

While cyber activities are not specifically mentioned in the FISA Reauthorization Act, that topic, and others, are likely to be covered in the report that Congress has now required^[21] from the Attorney General, in coordination with the DNI, on “current and future challenges to the effectiveness of the foreign intelligence surveillance activities of the United States authorized under [FISA].” This report, due in 270 days, is to address: (1) a discussion of any trends that currently challenge, or could foreseeably challenge, the effectiveness of the foreign intelligence activities of the U.S. over the next decade including (a) the extraordinary and surging volume of worldwide data, (b) the use of encryption, (c) changes to worldwide communications patterns or infrastructure, (d) technical obstacles in determining the location of data or persons, (e) the increasing complexity of the legal regime, including regarding requests for data in the custody of foreign governments, (f) the current and future ability of the U.S. to obtain, on a compulsory or voluntary basis, assistance from telecommunications providers or other entities, and (g) such other matters as the Attorney General and the DNI consider appropriate. It is regrettable that this report will undoubtedly carry the highest level of classification because it should make for extraordinarily interesting reading.

So, Section 702 collection authority now has been renewed for six years, and the terms of the reauthorization require no change that will materially affect the utility of the Section 702 Program as currently conducted. A crucial tool of the nation’s Intelligence Community has been preserved and all who take a serious and informed interest in U.S. intelligence and counterintelligence activities should be gratified. As a number of commentators already have observed, some in frustration, this particular legislative renewal debate, the first occurring since the Snowden disclosures, undoubtedly presented the best opportunity for Section 702’s critics to drain the Program of its capabilities in the name of “privacy” and “civil liberties.” That danger has now been avoided.

Correspondingly, this renewal exercise should also represent the last time that any FISA debate is tainted by the specter of Edward Snowden. The clock has now expired on Snowden’s solipsistic illusion that he has any continuing role to play in influencing U.S. intelligence policy. The “serial exaggerator and fabricator”^[22] “who failed basic annual training for NSA employees on Section 702”^[23] has used up his 15 minutes. While the country will unfortunately continue to bear significant expense in repairing the damage caused by his disclosures, it need no longer entertain the fiction that he has any meaningful role to play in shaping the foreign intelligence activities of the United States.

---

^[1] Memorandum Opinion [Caption Redacted], [Docket No. Redacted], 2011 WL 10945618, at *10 (FISC October 3, 2011).

^[2] Privacy and Civil Liberties Oversight Board, Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (hereafter, the “PCLOB Report”), July 2, 2014, at 10. Additionally, a 2012 analysis found that Section 702 collection was the source for 1,477 separate items or “four items per day for the President’s daily intelligence briefing.” Loren Thompson, Why NSA’s PRISM Program Makes Sense, Forbes, June 7, 2013.

^[3] This figure is derived from estimates furnished by the Director of National Intelligence. See, Statistical Transparency Report Regarding the Use of National Security Authorities for 2016 at https://icontherecord.tumblr.com/transparency/odni-transparencyreport-cy2016.

^[4] 164 Cong. Rec. H147 (daily ed. Jan. 11, 2018) (remarks of Rep. Goodlatte, chairman of the House Judiciary Committee).

^[5] 164 Cong. Rec. H142 (daily ed. Jan. 11, 2018) (remarks of Rep. Stewart).

^[6] The various bills addressing FISA’s reauthorization consisted of (1) the USA Liberty Act (H.R. 3989) (introduced by House Judiciary Chairman Bob Goodlatte on 10/6/2017); (2) the FISA Amendments Reauthorization Act of 2017 (S. 2010) (introduced by Senate Intelligence Committee Chairman Richard Burr on 10/25/2017); (3) the USA Rights Act (introduced by Senator Ron Wyden on 10/24/2017); (4) the House version of the USA Rights Act (introduced by Rep. Zoe Lofgren on 10/25/2017); and (5) the FISA Amendments Reauthorization Act of 2017 (H.R. 4478) (introduced by House Intelligence Committee Chairman Devin Nunes on 11/29/2017).

 

Previous reviews of this Section 702-related FISA legislation have appeared in FPRI E Notes: “What’s To Be Found in the USA Liberty Act,” FPRI E-Notes, October 20, 2017; “Congress Skirmishes Over FISA Section 702: Will it Preserve the Intelligence Community’s ‘Crown Jewel’ or Neuter It?,” FPRI E-Notes, November 1, 2017; “The Gun Lap: FISA Renewal in the Homestretch,” FPRI E-Notes, December 6, 2017; and “The FISA Section 702 Saga: With Section 702 on the Brink of Expiring, Where Do Things Go From Here?,” FPRI E-Notes, January 4, 2018.

^[7] The short extension was itself necessitated by Congress’s failure to renew Section 702 by its original December 31, 2017 expiration date.

^[8] See, e.g., U.S. v. Muhtorov, 187 F.Supp. 3d 1240, 1256 (D. Colo. 2015); U.S. v. Mohamed 2014 WL 2866749, at *26 (D. Or. June 24, 2014) (concluding that accessing the data legally acquired pursuant to Section 702 using the FISC-approved minimization procedures is not a separate search for Fourth Amendment purpose).

^[9] Notably, NSA is not covered by the new requirements relating to obtaining a FISC order. Since NSA’s mission relates exclusively to the production of foreign intelligence, NSA is unaffected by the new FISC order requirement applied to purely criminal investigations. In fact, current NSA minimization procedures require that any query of the Section 702 database use only those selection terms reasonably likely to return foreign intelligence information. See, Minimization Procedures Used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence Information Pursuant to Section 702 of Foreign Intelligence Surveillance Act of 1978, as Amended (“2016 NSA Minimization Procedures”) at 4-5.

^[10] For what insight it provides, the statement issued by the White House in connection with signing the FISA Reauthorization Act into law describes a “predicated criminal investigation” as one “with an elevated factual foundation.”

^[11] The limited circumstances in which Section 702 information can be used in evidence against a U.S. person without the FBI having first obtained a FISC order under the new FISA Reauthorization Act procedures require a determination by the Attorney General that the criminal proceeding involves national security, death, kidnapping, or one of several other serious and statutorily identified felonies.

^[12] 50 U.S.C. §1873(b).

^[13] In the House debate of the FISA Reauthorization Act, Rep. Stewart specifically noted that: “This [FISC] order requirement does not reflect the committee’s belief or intent that law enforcement access to lawfully acquired information constitutes a separate search under the Fourth Amendment. The Fourth Amendment, as interpreted by numerous Federal courts, does not require the FBI to obtain a separate order from the FISC to review lawfully acquired 702 information.” 164 Cong. Rec. H142 (daily ed. January 11, 2018) (remarks of Rep. Stewart).

^[14] “About” collection refers to the practice of acquiring communications that are to, from, or about a particular target. This form of collection has been a particular focus of critics who contend it improperly expands the universe of U.S. person communications incidentally acquired as part of Section 702 collection activity. NSA discontinued “about” collection earlier this year, but, before the FISA Reauthorization Act, the subject of “about” collection had never been statutorily addressed in any FISA legislation.

^[15] See, https://www.dni.gov/files/documents/icotr/51117/2016-NSA-702-Minimization-Procedures_Mar_30_17.pdf.

^[16] As defined in FISA, minimization procedures are “specific procedures, which shall be adopted by the Attorney General, that are reasonably designed in light of the purpose and technique of the particular surveillance, to minimize the acquisition and retention, and prohibit the dissemination of, nonpublicicly available information concerning unconsenting U.S. persons consistent with the needs of the United States to obtain, produce and disseminate foreign intelligence information.” 50 U.S.C. §1801(h).

^[17] These whistleblower provisions are worthy and desirable protections for contractors of the Intelligence Community. But, it is specious to suggest that Snowden’s premeditated accumulation of highly classified information, flight to evade the reach of U.S. legal jurisdiction, and subsequent public disgorgement of secrets about some of the nation’s most valuable intelligence programs was precipitated, in any way shape or form, by his lack of confidence in whistleblower protection.

^[18] This feature calling for a study of the classification system was included in both the HPSCI bill (H.R. 4478) and the USA Liberty Act (H.R. 3989).

^[19] See, 2016 NSA Minimization Procedures at 12.

^[20] “International malicious cyber activity” was defined in the HPSCI bill as activity on or through an information system (as defined in the Cybersecurity Information Sharing Act) originating from, or directed by, persons located outside the United States, that seeks to compromise or impair the confidentiality, integrity or availability of computers, information systems or communications systems or networks.

^[21] The report is to be directed to the judiciary and intelligence committees in both the House and the Senate.

^[22] Executive Summary of Review of the Unauthorized Disclosures of Former National Security Agency Contractor Edward Snowden (Unclassified), House Permanent Select Committee on Intelligence, September 15, 2016.

^[23] Id.