Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
The Foreign Intelligence Surveillance Act reauthorization attempts to preserve privacy protections while simultaneously preserving a collection authority that the intelligence community believes is critical to stopping national security threats, the author writes.
By Andrew Serwin
Andrew Serwin is a partner in Morrison & Foerster LLP’s global privacy and data security practice group in San Diego.
By Andrew Serwin
The Foreign Intelligence Surveillance Act (FISA) has drawn significant recent attention due to the debate over the reauthorization of one of the more controversial provisions, as well as some Congressional concerns about the nature and scope of surveillance generally under FISA. Some of those Congressional concerns, including use of the information that has been gathered under FISA by law enforcement, were addressed in current Senate bill that will be the the 2018 reauthorization. Moreover, certain practices that had been discontinued—about collection under Section 702—appear to have new life, if certain actions are taken by the Executive Branch. Overall, while one can debate the nature of the protections, and whether the right compromises were made, the reauthorization attempted to preserve privacy protections while simultaneously preserving a collection authority that the Intelligence Community believes is critical to stopping national security threats to the U.S. This article addresses what is likely the final Senate bill, which will also likely be the final version of this re-authorization.
FISA is the result of concern over unchecked surveillance within the U.S., and was designed to address the concerns raised before of the Church Committee, which in the early 1970s reviewed alleged abuses of surveillance in the U.S. What is perhaps the most important point is that even though FISA is focused on “foreign intelligence” collections, its true focus is on regulating a subset of those collections—foreign intelligence collections that potentially impact U.S. persons, or “domestic” collections—certain intelligence gathering that occurs in the U.S. FISA does not regulate all foreign intelligence gathering and in fact is not always the exclusive authority for foreign intelligence gathering by U.S. agencies authorized to carry out such activities.
FISA originally just covered electronic surveillance, but it has been repeatedly amended and expanded over the years, including an amendment signed by President Bill Clinton that authorized physical searches. Many amendments were also made in the wake of 9/11, and some of that authority remains. One of those remaining authorities is Section 702.
In response to the terrorist attacks of Sept. 11, 2001, President George W. Bush issued a Top Secret authorization to the Secretary of Defense directing that the signals intelligence (SIGNINT) capabilities of the National Security Agency (NSA) be used to detect and prevent further attacks in the U.S. The Presidential Authorization stated that an extraordinary emergency existed permitting the use of electronic surveillance within the U.S. for counterterrorism purposes, without a court order, under circumstances. This program has been known as the President’s Surveillance Program, as well as its code name, STELLARWIND.
This program was renewed on 30- to 60-day intervals for a number of years, and under this program the NSA intercepted the content, as well as metadata of both U.S. and non-U.S. persons. Ultimately the content collection program that existed under STELLARWIND became what we now know as Section 702, and that pattern of reauthorization has continued since its codification into FISA, albeit at longer intervals. This recent reauthorization is the result of that process.
Two programs that have been discussed in the media—PRISM (also known as Downstream) and Upstream—that exist under Section 702 illustrate its importance, and what Section 702 is used for. There are three key components to a 702 request—the certification that is discussed below, the authorization that is then permitted to conduct surveillance, and the directive, which is the method that is used to compel a third-party to provide information.
Section 702 permits the Attorney General and the Director of National Intelligence to jointly and annually certify the criteria for Section 702 requests, and the criteria are then approved by the FISA Court, though the follow-on targeted requests, or authorizations, are not. From there, the government must meet the criteria of the certification, as well as other criteria, but it is then authorized to seek metadata and content regarding the targets of the surveillance. These targets generally are not supposed to be in the U.S. or U.S. persons reasonably believed to be abroad. The government can also compel U.S. companies to assist them with these requests via a directive. There are a number of requirements that the government must meet under Section 702 including targeting procedures, minimization procedures, and guidelines for compliance with limitations that are beyond the scope of this article, but are important to note.
Section 702 focuses on the collection of the content of communications, and not metadata which was the former focus of a different portion of FISA commonly known as Section 215. Once surveillance is authorized it is accomplished by the U.S. government providing selectors (such as an email address) to a U.S.-based company, consistent with the requirements of the certification and 702. PRISM (or Downstream) and Upstream are important to understand when looking at Section 702. The programs accomplish similar goals, but target different forms of electronic communications service providers. PRISM is a program in which U.S. service providers that are not telecommunications “backbone” companies, such as the more traditional internet companies. Upstream differs in that the request is sent to U.S. companies that are part of the telecommunications backbone.
Under PRISM, the NSA traditionally provides a “to or from” selector, such as an email address. In essence this means that the NSA is getting communications to or from the person tied to the selector. Under Upstream the NSA has provided “to, from, or about” selectors, meaning that in addition, the NSA has collected communications “about” a target that were sent by others who were not the individual tied to the selector of a 702 request. In April of 2017 the NSA announced that it would no longer be seeking internet communications based upon “about” requests. However, this point is important to note because the final bill contained changes to FISA that potentially impact these requests.
The current version of Section 702 expired on Dec. 31, 2017, and it was extended to permit time for new legislation to pass. This Law reauthorized it, with certain key amendments, which are noted below.
The current Senate bill extends Section 702 for 6 years, which was a shorter period of time than the Senate Bill.
In addition, the bill addresses certain substantive issues under FISA, including the retrieval by the FBI of unminimized contents or non-contents regarding U.S. persons that were obtained under Section 702. The final bill requires the FBI, with certain exceptions, to obtain a court order to make a query noted above, if the query is made in connection with a “predicated criminal investigation” unrelated to the national security of the U.S. An application for and order to obtain such communications must include an affidavit that justifies the belief that the communications that are sought would provide evidence of:
The bill also instructs the DNI, in conjunction with the Attorney General, to conduct a declassification review of certain minimization procedures and to “the greatest extent practicable” make those procedures available, including in redacted form, not later than 180 days after the review is completed.
Section 705 of FISA, 18 U.S.C. § 1881d would also be amended to include an emergency authorization provision if certain conditions are met. The bill also addresses appointments of the Privacy and Civil Liberties Oversight Board, and to provide some protections to whistleblowers for contractors in the Intelligence Community. The bill also adds a requirement that the Inspector General of the Department of Justice submit certain reports regarding the querying authority that was added, and that report must include an assessment of:
The current Senate bill addresses some of the key issues raised about FISA, but does not address all of them, and the potential for about collection to resume, albeit under more limited circumstances, has caused concern among some Senators and certain privacy advocates. There is no indication that about collection will start immediately, and the bill does contain privacy enhancements for U.S. persons, so time will tell if ultimately these amendments are sufficient to quell some of the concerns that have been raised by some about FISA.
To contact the editor responsible for this story: Donald Aplin at email@example.com
Copyright © 2018 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)