Congress Should Reauthorize a Key Intelligence Tool – Foreign Policy Research Institute

Bottom Line

At the end of this year, Americas most important intelligence tool is set to expire. Section 702 of the Foreign Intelligence Surveillance Act (FISA) allows the government to collect signals intelligence on foreign targets, even when that collection includes communications with Americans. However, Section 702 needs congressional approval to continue, and vocal critics both inside and outside Congress consider Section 702 unconstitutional.

On July 21, 2023, the government released a redacted version of the Foreign Intelligence Surveillance Courtys (FISC) most recent opinion (dated April 11, 2023) addressing the governments request for continued Section 702 surveillance authority. The opinion likely represents the FISCs last word before Congress decides whether, or on what terms, to reauthorize Section 702 before the authority expires on December 31, 2023.

Congress should reauthorize Section 702 because this critical intelligence collection program is conducted only in accordance with a carefully structured compliance regimen designed to minimize intrusions into US persons privacy interests. Every court to have considered the question has concluded that operating the Section 702 program using this compliance structure is reasonable under the Fourth Amendment of the Constitution.

Evaluating the significance of the FISCs conclusions requires some understanding of how Section 702 permits the government to acquire foreign intelligence information by targeting the communications of non-US persons reasonably believed to be located outside the United States. Conversely, the targeting of any US person, anywhere, at any time isspecifically prohibitedby Section 702. However, asCongress recognized, Section 702 acquisitions of foreign communications would also incidentally acquire the communications of those US persons communicating with foreign targets, and these communications, like those of the foreigners actually targeted, also are stored in the Section 702 database retained by the National Security Agency (NSA) which is the lead agency for Section 702 collection.

Since the foreign targets of Section 702 surveillance have no Fourth Amendment rights, neither probable cause nor a warrant are required to justify any particular targeting decision. Instead, to protect the rights of those Americans whose communications are incidentally acquired during authorized Section 702 acquisitions, Congress required that the attorney general adopt procedures that minimize the acquisition, retention, and dissemination of information concerning unconsenting US persons. These minimization procedures, along with targeting and querying procedures (the latter added by Congress as part of its 2017 reauthorization of Section 702), comprise the statutory architecture Congress created to protect the Fourth Amendment rights of those non-targeted US persons whose communications are incidentally collected during the course of lawful Section 702 acquisitions. The targeting, minimization, and querying procedures used with any Section 702 acquisition must be reviewed and approved by the FISC as consistent with the requirements of the Fourth Amendmentboth as written and as applied by each agency with access to Section 702-acquired communications.

The scope of incidental collection is not insignificant because Section 702 is a large, programmatic surveillance program collecting hundreds of millions of communications from its 246,073 foreign targets,so the number of incidentally acquired US person communications is also sizable. It is this incidental collection of US person communications acquired during the course of lawful Section 702 acquisitions directed at foreign targets, and, more specifically, the subsequent handling of those communications by US intelligence agencies, that lie at the heart of the debate over whether Congress should reauthorize Section 702 and, if so, in what form.

The Section 702 database maintained by NSA represents a sort of primordial vat where communications collected pursuant to FISC-approved certifications reside anonymously until retrieved by querying. The Director of National Intelligences most recent Annual Statistical Transparency Report describes a query as a basic analytic step foundational to efficiently and effectively reviewing data lawfully collected and already in the governments possession. In other words, the content of any particular communication in the Section 702 database and the identities of the participants in that communication, including the incidentally collected communications of US persons, are unknown until a query is initiated that extracts that communication from the database. Four agencies, NSA, CIA, the National Counterterrorism Center (NCTC), and the FBI, have access to all or some part of the communications stored in the Section 702 database.

Notably, the FBI, whose querying practices have been scrutinized, and criticized, repeatedly in FISC opinions receives access only to those communications actually generated by the particular targets that the FBI has nominated for collection based on their association with fully predicated national security investigations. In calendar year 2022, for example, this afforded the FBI access to only 3.2 percent of those Section 702 targets.

Of those agencies having access to Section 702-acquired information, only the FBI has a dual mission covering both foreign counterintelligence and law enforcement, and its use of Section 702 information has been the subject of vigorous criticism from Section 702 opponents both in and out of Congress. These opponents argue that the FBI wrongfully uses its access to Section 702-acquired communications to conduct back door searches directed at American citizens in violation of the Fourth Amendment. The FBI has an admittedly checkered record of past compliance with the querying requirements designed to protect the privacy interests of US persons but, over the past twenty-four months it has implemented a series of remediation measures intended to address its previous compliance issues. While identifying and disclosing compliance violations means little in the absence of discernible progress in remedying those violations, the returns on these FBI reform measures have been positive. As the FISC noted in its April 2022 Section 702 opinion released in redacted form by the Office of the Director of National Intelligence in May 2023, the Court is encouraged by the amendments to the FBIs querying procedures and the substantial efforts to improve FBI querying practices, including heightened documentation requirements, several system changes, and enhanced guidance, training, and oversight measures. There are preliminary indications that some of these measures are having the desired effect.

Similarly, the FBI querying statistics contained in the 2023 Annual Statistical Transparency Report reflecteda 96 percent reduction in the FBIs use of US person query terms in 2022, the first full year in which all of the aforementioned FBI compliance measures were in effect, are equally indicative of improved compliance performance. These improvements are also corroborated in a recent release by the FBIs Office of Internal Auditing which, in its first report documenting the FBIs compliance performance following the remediation efforts implemented in 2021-2022, announced that the FBI had a 96 percent compliance rate for FISA queries, a 14 percent improvement from [Office of Internal Auditing]s first baseline audit, which was conducted before the reforms.

The FISCs assessment of whether the compliance efforts of the executive branch, and most particularly the FBI, have continued to improve in executing the statutory and regulatory regimen designed to protect the Fourth Amendment rights of US persons should represent an influential consideration in the ongoing debate over the reauthorization of Section 702. Since Section 702 certification approvals by the FISC generally extend for one year, the FISCs most relevant assessment of the governments compliance performance is reflected in its review of the most recent request for new and reauthorized surveillance authority under Section 702 and is recorded in its recently released April 2023 opinion. After a thorough analysis, the court approved the certifications making these specific findings.

And, perhaps most significantly,

In sum, the FISC approved the governments requests for Section 702 surveillance authority as consistent with both FISAs statutory mandate and with the requirements of the Fourth Amendment.

Notwithstanding the FISCs conclusion that the procedures governing the acquisition and handling of Section 702-acquired communications satisfy the Fourth Amendment, most of the headlines covering the release of the courts opinion read like these appearing in, respectively, The New York Times, the Washington Post, and the Wall Street Journal.

All these headlines were generated by a half-page discussion in the FISCs opinion about three compliance incidents involving FBI querying practices. In one instance, in June 2022, an FBI analyst conducted four overly broad searches of a US senators last name against that part of the Section 702 database to which the FBI has access. The analyst also searched the database using the last name of a state senator. In each instance, the analyst had specific information that these legislators were being targeted by a foreign intelligence service, but Justice Department compliance inspectors concluded that the FBI querying standard was not satisfied. The third incident involved a Staff Operations Specialist running a single query using the Social Security Number of a state judge who had complained to the FBI about alleged civil rights violations committed by a municipal chief of police. The FISC concluded its half-page discussion of these incidents saying, despite the reported errors, there is reason to believe that the FBI has been doing a better job in applying the querying standard while observing that the government has not reported compliance violations of a comparable magnitude to those identified in the FISCs 2018 and April 2022 opinions.

Despite the FISCs conclusions, critics and media outlets persistently describe the Section 702 collection program as warrantless surveillancean appellation suggesting some sort of evasion of the Fourth Amendments warrant requirement. But this is accurate only in the same literal sense as saying I have an unlicensed microwave oventechnically true, but legally irrelevant because there is no legal requirement that my microwave has a license, just as there is no legal requirement that authorized Section 702 acquisitions be accompanied by a warrant. As the FISC has observed,

The touchstone of the Fourth Amendment is reasonableness [and] although [t]he warrant requirement is generally a tolerable proxy for reasonableness when the government is seeking to unearth evidence of criminal wrongdoing it fails to properly balance the interests at stake when the government is instead seeking to preserve and protect the national security.

The Fourth Amendment offers no guarantee that a warrant will be an essential prerequisite to a government search or seizure that might impact individual privacy interests. The FISC has repeatedly concluded that Section 702 acquisitions do not require a warrant, and all three federal appeals courts to have considered the issue have held that the incidental collection of US persons communications under Section 702 is reasonable and does not require a warrant.

The courts issuing these rulings all have recognized that the correct Fourth Amendment analysis for electronic surveillance conducted for foreign intelligence purposes examines the programmatic purpose served by that surveillance, whether that purpose serves a legitimate objective beyond routine law enforcement, and whether that purpose would be frustrated by insisting upon a warrant. Thus, the foreign intelligence focus of Section 702 surveillance triggers an entirely different reasonableness assessment under the Fourth Amendment than that used either for law enforcement purposes or to determine whether a US person can be targeted as an agent of a foreign power under the traditional electronic surveillance provisions of FISA first enacted by Congress in 1978.

Similarly, in the context of queries employing US person identifiers that are used to find and extract foreign intelligence information from the database of Section 702-acquired communications, this analysis recognizes both the existence of a foreign intelligence exception that exempts the query from the law enforcement-based warrant requirement, and that the application of court-approved minimization and querying procedures serves to make the querys intrusion into individual privacy interests reasonable when balanced against the governments interest in national securityan interest repeatedly recognized by the courts as being of the highest order.

In 2017, Congress added the requirement that agencies having access to the Section 702 database develop and use Querying Procedures to govern the act of querying that database to retrieve information. While asserting that the Fourth Amendment did not require such procedures, Congress implemented the querying procedures requirement as a compromise meant to provide additional protections for US person information that is incidentally collected under section 702. In its April 2023 opinion, the FISC amplified its previous conclusion from 2018 that the Querying Procedures expand statutory protections, not the scope of what constitutes an independent search under the Fourth Amendment. As the FISC has noted, the insistence that queries employing the use of US person identifiers represent an analytically separate Fourth Amendment event must be examined through the totality of circumstances that governs the Fourth Amendment reasonableness assessment. In the context of a query using a US person identifier to extract foreign intelligence information from the Section 702 database, such an assessment demands recognizing and acknowledging that the query is employed in examining information already lawfully acquired under a statutory framework that requires a judicial determination that the totality of attendant circumstances, including the acquisition retention and dissemination of such information, is reasonable. As the FISC now has repeatedly concluded, under such circumstances no warrant is constitutionally required.

As Congress considers whether Section 702 should be reauthorized and, if so, in what form, the outcome of that debate will reflect, at least in part, whether legislators are more influenced by the headlines describing the FISC opinion or by the FISCs actual analysis and conclusions. Section 702 opponents seized on the headlines to argue that even if the FBI had achieved perfect compliance with its rules, that wouldnt obviate the need for a warrant. But the FISC opinion bluntly repudiates that position and specifically concludes that the FBIs and other agencies implementation of their Section 702 procedures is consistent with statutory and Fourth Amendment requirements. Simply put, the FISCs last word before Section 702s sunset date is that the Fourth Amendments standard of reasonableness does not require a warrant either prior to acquiring communications pursuant to FISC-approved Section 702 certifications or for queries of those acquired communications using US person query terms that are reasonably designed to retrieve foreign intelligence information.

The evolution of technology and threats confronting the United States has only increased the importance of Section 702 in protecting national security. Initially focused principally on counterterrorism, Section 702 now provides critical reporting on Russian atrocities in Ukraine, Chinese threats to Taiwan, the fentanyl crisis, persistent interference in US elections by foreign actors, Russias global program of malign influence, Iranian nuclear efforts, North Korean nuclear and missile proliferation concerns, and the destabilizing impacts of climate change. Section 702 reporting now provides over 95 percent of the FBIs technical reporting on malicious cyber actors and more than 90 percent of its reporting on emerging technologies, including artificial intelligence. At a time when China has a bigger hacking program than every other major nation combined, Section 702 provides indispensable intelligence to assist in protecting US infrastructure, corporations and financial institutions from malicious cyber activity.

All of this explains why the Presidents Intelligence Advisory Board recently reported that history may judge a congressional failure to reauthorize Section 702 as one of the worst intelligence failures of our time. The board also noted that saddling a renewed Section 702 with a warrant requirement that is neither practical nor constitutionally necessary is unjustified. Congress may continue to address civil liberties concerns, for example, by requiring that the remediation measures that have produced the FISC-acknowledged improvement in the FBIs compliance performance be formally included in the statutory fabric of Section 702.

What Congress should not dowhat the FISC has clearly said is constitutionally unnecessary and the Presidents Intelligence Advisory Board has said is impractical and unjustifiedis shackle the critical querying function used to extract the communications collected by this indispensable intelligence tool with a prior requirement for a warrant or other form of court order where queries using US person identifiers are undertaken for the purpose of retrieving foreign intelligence information.

The views expressed in this article are those of the author alone and do not necessarily reflect the position of the Foreign Policy Research Institute, a non-partisan organization that seeks to publish well-argued, policy-oriented articles on American foreign policy and national security priorities.

Image: Photo byHarold MendozaonUnsplash

Excerpt from:
Congress Should Reauthorize a Key Intelligence Tool - Foreign Policy Research Institute