Late in 2017, Congress was trying to conclude a process that has, in recent years, become a fixture of national politics and a symbol of Washington gridlock: annual budget negotiations. More accurately, this process, which results in government funding for two-to-three-month increments, should be described as a dangerous brinkmanship which has the potential to seriously damage critical functions of the US government by cutting off funding to important entities. Nevertheless, as we have come to expect, Congress passed a stopgap funding bill on December 21st which extended government funding to January 19th of 2018. However, coverage of the broad congressional episode largely overshadowed another debate.
Section 702 of the FISA Amendments Act (FAA) a critical surveillance authority, was set to expire on December 31st. Although there was a provision in the funding bill which extended the FAA deadline to January 19th, time for debate over Section 702 was limited. Over the course of the three-week news cycle following the New Year, the FAA got a relatively large amount of attention. Then the funding bill was passed, reauthorizing the FAA for another six years. The debate, which national security watchers were expecting for the previous six months never really happened.
The political questions surrounding the FAA, and FISA more broadly, deserve our national consideration because the underlying questions are about the scope of civil liberties during a seemingly endless war, a subset of the broader, ongoing debate between national security and civil liberties. To frame these questions, this post seeks to provide a brief background on FISA and Section 702 and with it, a roadmap to reflect on the past debate and prepare for the next.
Any discussion of electronic surveillance oversight begins with the Foreign Intelligence Surveillance Act (FISA). Enacted in 1978, the authority provides congressional and judicial oversight to the intelligence community’s gathering of “foreign intelligence information” by establishing “procedures for physical and electronic surveillance and collection” of that information. Since then, it has been amended several times to better suit the rapidly-changing nature of communications technologies and to address domestic privacy and oversight concerns, though it is certainly not perfect, thus the current debate.
One such amendment was the FISA Amendments Act (FAA). In 2008 Congress passed the FAA to further strengthen the oversight of FISA activities following revelations about the Bush administration’s authorization of the warrantless surveillance of American citizens and permanent residents. In addition to addressing privacy concerns, the FAA adapted FISA procedures to accommodate the changes to communications technologies, such as the use of US internet service providers (ISP’s) such as Google and Facebook.
Before diving into how Section 702 fits into this, it is useful to break down the four categories of communications which define the methods and scope of surveillance in a given situation. There are “foreign communications,” “domestic communications,” “domestic communications with foreign links,” and “foreign communications that use U.S. networks.” The first refers to communications entirely outside the US, where the participants are, and information exists and travels, outside the US. The surveillance of foreign communications is governed by Executive Order 12333, which gives the NSA the power collect intelligence for a variety of “intelligence priorities.” It is traditional intelligence gathering. The second refers to communications entirely within the US. To surveil this communication without violating the 4th amendment, an agent must acquire a search warrant from a judge.
The third category, known as “traditional FISA” deals specifically with persons “in the U.S., or a U.S. person outside the U.S., suspected of espionage or terrorism.” To legally surveil a person in this category, authorities would have to obtain a warrant from a Foreign Intelligence Surveillance Court (FISC). This requirement was designed to ensure intelligence community compliance with the Fourth Amendment right to protection from unwarranted searches.
The fourth category of communications is that of non-US persons abroad whose communications use US-based ISPs. The use of US-based ISP’s by foreign suspects of espionage or terrorism means that some of the foreign communications that were collected outside the US could now be collected domestically. It was this change in technology that motivated the Bush administration to expand the NSA’s scope and authorize it to target domestic communications. This led Congress to pass the FAA.
Section 702: Structure and Controversy
While there are other sections in the FAA which detail other procedures for conducting surveillance, I will focus specifically on Section 702. This authority, designed to target foreign communications that are routed through the US, has a unique oversight mechanism. Before any collection or targeting takes place, the US Attorney General (AG) and the Director of National Intelligence (DNI) submit a “certification” for the targeting procedure to a FISC judge. These certifications have five components:
1) identify categories of foreign intelligence information to be gathered,
2) contain Targeting Procedures and the Minimization Procedures approved by the AG that are meant to ensure 702 acquisition is limited to non-U.S. persons abroad,
3) attest that the targeting and minimization procedures and additional guidelines adopted to ensure compliance are consistent with the Fourth Amendment,
4) attest that a “significant purpose” of the program is to obtain foreign intelligence information,
5) attest that the program uses a U.S. electronic communications service provider, and
6) attest that the program complies with the limitations spelled out by the statute.
The certification must be approved by a Foreign Intelligence Surveillance Court (FISC) judge. After each target is authorized by the AG and DNI, the intelligence is gathered through one of two programs: PRISM or upstream. PRISM is the government program where the NSA requires an ISP to provide all communication to or from a certain identifier, such as an email address or phone number. Upstream collection is when the government requests all communication to or from an identifier from companies such as Verizon or AT&T, which maintain communications infrastructure often referred to as the “backbone of the internet.” The communication is all ultimately stored in a database for up to five years unless extended.
There is little disagreement about the benefits of Section 702 to national security. It allows the NSA to acquire certain communications much more quickly than if it were to submit individual requests to the FISC court. The NSA says that it is “the most significant tool in [the] NSA collection arsenal for the detection, identification, and disruption of terrorist threats to the U.S. and around the world,” and has often stated that information acquired under section 702 is a large contributor to the President’s Daily Brief, which updates the president on the most pressing national security information of the day.
The controversial aspects of Section 702 are with respect to civil liberties. The source of the controversy is quite clear: the process of collecting signals intelligence based on an identifier could yield communications between the target and a US person or citizen. This is called incidental collection.
There are several problems which follow from incidental collection, but here I focus on the issue that garners the most attention: so-called “backdoor search loophole.” The backdoor search is referred to in popular press by its proxy — a “query” — which refers to a law enforcement official, specifically an FBI agent, searching the 702 database for intelligence incidentally collected about a domestic person during the course of an investigation. This intelligence, while only admissible with the approval of the Attorney General (according to new minimization procedures), can serve to point investigators in a certain direction and, therefore, help them build a case.
So, how is this legal?
Robyn Greene summarizes the government’s position, saying,
“DOJ’s interpretation of the FBI’s authority to use Americans’ communications collected under Section 702 for criminal investigations and prosecutions is that if the information was lawfully collected, then it may be lawfully searched and used.”
However, such an interpretation ignores the central Fourth Amendment issue. As Orin Kerr argues,
“I don’t find [the DOJ and intelligence community’s interpretation] persuasive. As I understand this, Section 702 raw data has been collected but not yet observed. In Fourth Amendment law, it has been “seized” but not “searched.” See Soldal v. Cook County (1992). As a result, the data maintains the Fourth Amendment protection it had before it was copied… Maybe there’s some other way to get around a Fourth Amendment warrant requirement here, but it’s not clear to me what it is.”
To resolve this tension and close the backdoor search loophole, many scholars and policymakers, including prominent members of an Obama-era surveillance review panel, have suggested simply requiring the FBI to acquire a warrant to search the 702 database for US persons’ information. However, the response from the intelligence community and “steadfast national security types” is that any such legislation would greatly hinder the FBI from efficiently acquiring information relevant to national security cases, where time is of the essence.
What Just Happened?
The funding bill signed into law on January 20th reauthorized FISA for six more years. The bill formally acknowledges backdoor searches, however, it did not enact strong privacy provisions. Congress limited its action to the lowest fruits, requiring a warrant to search the database only when the FBI wants to query it for a “’predicated criminal investigation’ not connected to national security.” However, this does not greatly limit backdoor searches because “under FBI practice, a predicated investigation is a formal, advanced case. By all accounts, though, backdoor searches are normally used far earlier.”
The consequence of all this seems to be a symbolic bone tossed to the American public and a missed opportunity to reform 702 in a nuanced manner that acknowledges its importance as a national security authority while enacting substantive provisions to protect Americans’ Fourth Amendment rights. These challenges did not disappear with the reauthorization of Section 702. In six years, they will resurface. We will need to contend with them seriously when they do.
 This section about the four types of communication draws heavily on the article cited below. a more in-depth explanation of the four types of communication or the broad strokes of 702 reform, see the article: Gary Ashcroft, Roger Huddle. “Guide to Section 702 Reform” Third Way. 2017. http://www.thirdway.org/report/guide-to-section-702-reform
 In talking about “to-from” collection one cannot ignore “about” collection. This is where the ISP’s agree to give the government all communication which mentions the identifier. For example, if the identifier is firstname.lastname@example.org, all communication mentioning this address will be provided to the government, even if email@example.com is neither the sender or recipient. However, the NSA announced that it had halted its program to collect “about” communication.
 The reauthorization also acknowledges “about collection” but does not rule one way or the other, keeping with the NSA’s decision to halt the program.