To Oversee or to Overrule: What is the Role of the Foreign Intelligence Surveillance Court Under FISA Section 702? – Lawfare

Last month, the Office of the Director of National Intelligence (ODNI) released a redacted version of a Foreign Intelligence Surveillance Court (FISC) opinion and order following a declassification review. The opinion, which was originally entered in November 2020, reflects the findings and conclusions reached by the FISC after reviewing the 2020 certifications presented by the attorney general and the director of national intelligence (DNI) seeking authority to conduct electronic surveillance under Section 702 of the Foreign Intelligence Surveillance Act (FISA). The courts decision was widely chided in the media for, once again, approving a Section 702 certification in the face of widespread violations."

The Nov. 18, 2020, decision entered by FISC Presiding Judge James Boasberg followed earlier orders from Boasberg, entered in December 2019 and in October 2018, that also addressed government certifications seeking approval to conduct surveillance under the authority of FISA Section 702 (50 U.S.C. 1881a). In each instance, redacted versions of Boasbergs opinions were released publicly after classification reviews by the ODNI. Boasbergs redacted October 2018 opinion was released nearly a year later, in October 2019; his redacted December 2019 opinion was released by the ODNI in September 2020; and his redacted November 2020 opinion was released in April 2021.

Coincidentally, the ODNI released this most recent redacted FISC decision addressing Section 702 during the same week that the American Civil Liberties Union and others filed a petition asking that the Supreme Court find a qualified First Amendment right of access requiring that all FISC decisions be released and redacted only as necessary to prevent genuine harm to national security. In pursuing relief from the Supreme Court, those petitioners seek to overturn a carefully calibrated process regarding the workings of the FISC designed to provide reasonable transparency into that courts decisions while protecting classified information relating to intelligence sources and methods. In the case of FISA Section 702, those processes are meant to protect the unique sources and methods associated with what has been described as the most potent power Congress has granted U.S. spy agencies to gather intelligence on everything from terrorism to nuclear proliferation to foreign adversaries plans and intentions.

Each of the redacted Boasberg opinions from 2018 through 2020 addresses the corresponding years government certification seeking reauthorization of the collection authority provided by FISA Section 702. The certifications are presented annually to the FISC along with the statutorily required targeting, minimization and querying procedures used by the U.S. intelligence community in connection with its employment of the surveillance authorized by the courts approval of each certification. Substantively, in terms of the categories of foreign intelligence information sought by the government, the certifications have not changed materially since Section 702 was first enacted as part of the FISA Amendments Act of 2008.

The redacted Boasberg opinions are lengthy, and the discussions in each opinion recount multiple incidents of noncompliance in connection with the execution of the Section 702 program. These incidents are notable with respect to the application of the minimization and querying procedures employed in executing the program (explained below and here), and most particularly with the actions of the FBI in querying the Section 702 database of unminimized communications. Ultimately, however, the FISC approved each of the Section 702 certifications submitted by the government in 2018, 2019 and 2020, although the 2018 certification and procedures were approved only after Boasberg concluded that the FBIs minimization and querying procedures, as first submitted and employed by the FBI, did not comply with the Fourth Amendment. The government appealed Boasbergs initial ruling but, after the FISA Court of Review upheld the FISCs decision, the FBI modified its procedures as needed to secure the FISCs approval.

Media discussion of these FISC opinions has focused on those compliance issues with headlines declaring, FBI and NSA violated surveillance law or privacy rules, a federal judge found and Federal court approved FBIs continued use of warrantless surveillance power despite repeated violations of privacy rules.

Critics were incensed at the FISCs approval of the 2018 certification, pointing to the record of noncompliance reflected in the FISCs opinions to argue that at no point in Section 702s existence has the government operated the program in full compliance with constitutional requirements. When a December 2019 opinion by Boasberg was released in redacted form in September 2020 reflecting the FISCs approval of the governments requested 2019 reauthorization of Section 702 surveillance even as it revealed further incidents of noncompliance, exasperated opponents wondered aloud, [W]hat would it take for the FISA court to say no? Others described the FISCs actions as compliance whack-a-mole while insisting that the frequency of the transgressions depicts systemic noncompliance that makes the entire program untenable.

Is the FISC failing its responsibilities with respect to the function it performs in the Section 702 program? Given the role the FISC is intended to play with respect to its oversight of the Section 702 program, the answer is no.

A Brief Primer on How Section 702 Works

Prior to the enactment of Section 702 as part of the FISA Amendments Act of 2008, the type of surveillance now authorized by Section 702 required that the government show on an individualized basis, with respect to all non-U.S. person targets located overseas, the existence of probable cause to believe that the target was a foreign power or an agent of a foreign power. In effect, the intelligence community treated non-U.S. persons located overseas like U.S. persons, even though foreigners outside the United States are not entitled to the protections of the Fourth Amendment. Coupled with the seismic change in the technological environment occurring since FISAs 1978 passage, the application of the traditional FISA framework to targeting non-U.S. persons located outside the United States posed significant challenges to the timely collection of intelligence critical to the nations security.

The attorney general and the DNI authorize targeting under Section 702 in a manner substantially different from traditional electronic surveillance under FISA. Under Section 702, instead of issuing individual court orders, the FISC approves an annual certification submitted by the attorney general and the DNI that identifies categories of foreign intelligence targets. Targeting, however, is constrained by specific limitations included by Congress that prohibit targeting anyone known to be in the United States; prohibit targeting any U.S. person located outside the United States; prohibit targeting someone outside the United States for the purpose of targeting a particular, known person in this country; prohibit the intentional acquisition of any communication where all participants are located in the United States at the time of the acquisition; prohibit the acquisition of communications that refer to, but are neither to nor from an authorized target; and require that all Section 702 acquisitions be consistent with the Fourth Amendment.

To implement these statutory restrictions and protections, Section 702 requires the use of targeting procedures, minimization procedures, querying procedures and acquisition guidelines. The targeting procedures are designed to ensure that an acquisition targets only foreigners outside the United States and that it complies with the prohibition on acquiring wholly domestic communications. The minimization procedures protect the identities of U.S. persons and limit the dissemination of any nonpublic information concerning them that may be incidentally acquired. The acquisition guidelines seek to ensure compliance with all the statutory limitations described above. Finally, the querying procedures, added by Congress in reauthorizing Section 702 in 2018, regulate the manner by which the unminimized data collected under Section 702 may be searched to retrieve information.

Surveillance conducted under the authority of Section 702 is programmatic collection on a vast scale. A redacted FISC opinion from 2011 revealed that the National Security Agency (NSA) was collecting more than 250 million internet communications each year pursuant to Section 702. Two years later, the ODNI began reporting the number of Section 702 targetsand registered 89,138 for calendar year 2013. While no publicly available information has charted the expansion of collection under Section 702, the growth in the number of targetsto 204,968 in 2019might reasonably be expected to correspond to a proportional growth in collection. The intelligence community transparency report for 2020, released just last month, showed a small decline in the number of Section 702 targetsdisclosing 202,723 targets in 2020. It is the first decline in the number of Section 702 targets since the ODNI began disclosing Section 702 target numbers in 2013.

All of the required procedures used with Section 702 acquisitions have been mandated by Congress to address an inescapable feature of this type of collection: While Section 702 targets foreigners located outside the United States to acquire foreign intelligence information, it is understood that the communications of U.S. persons communicating with any targeted foreigner may be incidentally collected as part of the surveillance directed against that foreign target.

The existence of this incidental collection has been acknowledged from Section 702s inception and is the bte noire of its critics. Following the Edward Snowden disclosures in 2013, the Privacy and Civil Liberties Oversight Board (PCLOB) conducted an extensive review of the Section 702 program, and its description of Section 702 acknowledged that communications of U.S. persons may be acquired in a variety of ways. The PCLOB report described Section 702 as a technologically complex collection program where incidents of noncompliance have been identified but no intentional attempts to circumvent or violate the procedures or statutory requirements. Commenting further, the PCLOB observed that many of these incidents have involved technical issues resulting from the complexity of the program, and the Board has not seen any evidence of bad faith or misconduct. Since the issuance of that PCLOB report in July 2014, none of the FISCs annual reviews of the governments 702 certifications has identified any intentional effort to circumvent or violate the statutorily mandated procedures regulating its operation.

While there is no documented evidence of any intentional evasion of the procedures or statutory requirements governing the collection or use of information obtained by Section 702 surveillance, every available FISC opinion addressing the courts review of the Section 702 program has documented incidents of noncompliance. In some instances, the noncompliance incidents have been numerically significant and, at times, represented recurring violations. However, it is also true, as the PCLOB noted, that calculating the compliance incident rate for the Section 702 program, as the government did, by dividing the number of identified compliance incidents by the average number of selectors on task produced an incident rate substantially below 1 percent at the time the PCLOB report was issued in 2014. Whether the compliance rate using those metrics remains in that range today is not publicly available information.

Notably, the FISC obtains its information regarding incidents of noncompliance from the agencies that operate the Section 702 program. Self-disclosure of noncompliance is mandatory: Section 702(m) requires the attorney general and the DNI to assess compliance with the targeting, minimization and querying procedures approved by the FISC every six months, and to provide the FISC with this assessment. Self-reporting is also required, for example, by the NSAs minimization procedures, and the FISCs own rules of procedure mandate disclosure whenever any authority or approval by the court is implemented in a manner that does not comply with the courts authorization or with applicable law. According to the ODNI, every identified incident of non-compliance, regardless of the U.S. person status of individuals affected by the incident, is reported to the FISC (through notices or in reports) and to Congress in semiannual reports.

The Role of the FISC With Section 702

Given this standard of mandatory self-reporting, what is the role of the FISC as it considers the governments annual certification and accompanying procedures seeking reauthorization of Section 702 authority even as the FISC is aware of existing noncompliance in the program? The disclosure and oversight regimen described above reflects the coordinated approach the FISC takes in addressing FISA submissions received from the government. Generally, the FISCs rules require that the government begin with a proposed submission, which the court will review and, where necessary, raise any potential issues directly with the government. Only after this dialogue has occurred will the government submit, and the court consider, a final submission.

While this coordinated approach is established via the FISCs own rules of procedure for FISA Title I surveillance, Congress has directly mandated a similar process with respect to the governments requests for surveillance authority under Section 702. Congress established a specific Schedule in Section 702 requiring: (1) that the government submit any requested reauthorization of Section 702 surveillance authority at least 30 days prior to the expiration date of the existing authorization, and (2) that the FISC review a certification and its accompanying targeting, minimization, and querying procedures within 30 days of submission, and then issue an order under paragraph (3)[,] that is, Section 702(j)(3)).

The FISC review contemplated by Section 702 includes consideration of both the certification, for compliance with FISAs statutory requirements, and the accompanying targeting, minimization and querying procedures for consistency with the Fourth Amendment. This latter mandate is not found in FISAs Title I because of the materially different nature of the surveillance authority presented for the FISCs review. Title I applications seek orders based on individualized determinations of probable cause. Even with Title I applications, however, FISAs language suggests an approach that is arguably designed to provide the government with the requested surveillance authority whenever the court can satisfy itself that statutory and constitutional standards have been met. Thus, Section 105 in FISA Title I reads that, upon receipt of a FISA application, the FISC shall enter an ex parte order as requested or as modified approving the electronic surveillance. Certainly, no order would, or should, be entered, for example, if the government cannot establish probable cause, but the language chosen by Congress clearly expresses that, with respect to the nations critical foreign intelligence electronic surveillance capabilities, the FISC should give broad consideration to granting the governments applications for surveillance authority when it can do so consistently with its statutory and constitutional responsibilities.

The accommodation of the governments surveillance requests suggested by FISAs Title I statutory text is more pronounced with respect to the role Congress delineated for the FISCs consideration of certifications submitted under Section 702. Congress deliberately eschewed a thumbs up or thumbs down review process, directing instead that the FISCs review culminate in the issuance of an order. Significantly, the only statutory alternatives available to the FISC with respect to entering orders related to its review of Section 702 certifications are Approval or Correction of Deficiencies. FISA does not contemplate an outright denial of a government certification seeking Section 702 surveillance authority; instead, the statute requires that the FISC offer the government the election to correct any deficiency identified by the FISC, or cease or not begin, the implementation of the authorization for which such certification was submitted.

The Boasberg Opinions Approving Section 702 Certifications (2018-2020)

When viewed in the context of the statutory construct of FISA, the redacted and recently released version of Boasbergs November 2020 opinion addressing the governments 2020 Section 702 certification and procedures takes precisely the form FISA contemplates. Even as it offers pointed criticism in addressing the seemingly perpetual compliance failures of the FBI with respect to its querying practices, the FISC concludes that the reporting requirements and other corrective measures it has required as part of its approval of previous Section 702 submissions are adequate to conclude that the proposed procedures, as reasonably expected to be implemented, comply with the applicable statutory and Fourth Amendment requirements.

Opponents of Section 702 are aghast at the FISCs repeated willingness to accept corrective measures proposed by the government that seem to continually fall short of fully remedying the repeated compliance violations discussed in Boasbergs opinions of October 2018, December 2019 and November 2020. They openly speculate as to the level of noncompliance the FISC would need to see to deny a certification package and bring Section 702 collection to a halt. In fact, the statutory regimen created by Congress in Section 702 does not provide the FISC with the authority to unilaterally terminate critical government surveillance efforts.

This makes perfect sense judged in the context of the Fourth Amendment analysis used to assess the governments Section 702 surveillance requests. The test the FISC properly applies is one of reasonablenessthe touchstone of the Fourth Amendmentwhich is evaluated using a totality of the circumstances standard in which the court balances the competing interests at stake.

That balancing necessarily begins with recognizing that government noncompliance with the myriad rules and procedures governing the operation of the Section 702 program does not, in and of itself, render the program unreasonable and, it logically follows, does not render it constitutionally suspect. Simply put, noncompliance does not equate to unconstitutional. The government interest at stake in this balancing is the nations security. Numerous courts have confirmed repeatedly that national security is at the apex of governmental interests, and the higher the government interest, the greater the intrusion that may be constitutionally tolerated. The countervailing interest is the desire of a U.S. person to communicate freely with foreigners located outside the United States without any prospect of those communications being collected by government surveillance despite that foreigner being a target of foreign intelligence interest to the government. Where the Fourth Amendment reasonableness balance should be struck in this setting produces the entirely supportable conclusion that the incidental collection of U.S. person communications acquired while targeting foreigners located outside the U.S. pursuant to an approved Section 702 certification does not violate the Fourth Amendment.

Perhaps it is the futility of this Fourth Amendment argument, which essentially challenges the constitutionality of Section 702 on its face and has been repeatedly rejected by the courts, that more recently has led opponents, and amici counsel arguing in the FISC, to pursue a different approach. This alternative argument contends that even if the initial incidental acquisition of U.S. person communications using Section 702 authority is constitutional, the subsequent querying of the database containing those unminimized Section 702 communications using a U.S. person query term constitutes a new backdoor search that must be separately supported by probable cause. This contention receives its broadest analysis in the 2018 Boasberg opinion where, admittedly, the record before the FISC tempted such an argument because the FBI seems incapable of executing, in practice, querying procedures that Boasberg concluded were constitutionally sufficient as written.

The amici curiae appointed by the court focused on Congresss requirement in the 2018 FISA Reauthorization Act that the government adopt querying procedures governing access to the Section 702 database and that the FBI, in certain circumstances, acquire a FISC order before querying that database. These changes, they argued, reflected a congressional recognition that FBI queries of the Section 702 database represented new searches requiring separate Fourth Amendment analysis. They also insisted that the Supreme Courts 2018 decision in Carpenter v. U.S. represented a recognition that modern technologies, like the cell site location information at issue in Carpenter, warranted a redefining of Fourth Amendment protections and that querying a database collected using the governments Section 702 surveillance authority should receive such protection.

Boasberg declined to find that querying the unminimized Section 702 database represents an additional search. In his view, Congress created statutory, not constitutionally mandated, protections with its addition of the querying requirements included in the 2018 FISA Reauthorization Act. He also resisted the invitation to extend the Carpenter ruling to the querying of unminimized Section 702 data, perhaps recalling the Supreme Courts own insistence that its Carpenter decision was intended as a narrow one that specifically did not consider other collection techniques involving foreign affairs or national security. Indeed, examined logically, the later querying of data that has been lawfully collected by targeting a foreigner located outside the U.S. pursuant to a FISC-approved Section 702 certification seems to more closely resemble the querying of the Combined DNA Index System (CODIS) database using a lawfully obtained DNA sample, a practice approved by the Supreme Court in Maryland v. King. As in King, a subsequent query of the unminimized Section 702 database searches a repository of information already lawfully in the governments possession by virtue of having been collected pursuant to a FISC-approved Section 702 certification that complies with the Fourth Amendment.

Conclusion

The public debate over the Section 702 collection program and, specifically, the question of the governments right to access the communications of U.S. persons incidentally acquired while communicating with foreign Section 702 targets will unquestionably continue if for no reason other than the FBI will almost certainly generate new issues of compliance related to its querying practices. That debate will sharpen each time a new FISC opinion related to its oversight of Section 702 is released in redacted form, and there will be many who will excoriate the FISC for refusing to say no to a history of government noncompliance.

No, however, is not among the statutory options that FISA provides to the FISC. Congress recognizes the critical role that authorities like the Section 702 surveillance program play in protecting the nations security: producing intelligence product that the House Intelligence Committee has described as unique, unavailable from any other source, and regularly provid[ing] critically important insights and operationally actionable intelligence on terrorists and foreign intelligence targets around the world. FISA includes the congressional mandate that the Section 702 program be conducted consistently with the Fourth Amendment. In carefully balancing the nations security with its cherished constitutional principles, Congress has fashioned a role for the FISC that calls for oversight, review and correctionrather than terminationwhen surveillance practices encroach on those constitutional precepts. Viewed from this perspective, the Boasberg opinions of 2018, 2019 and 2020 addressed, and resolved, the compliance issues presented with each of the governments annual Section 702 submissions precisely as FISA requires.

See the original post here:
To Oversee or to Overrule: What is the Role of the Foreign Intelligence Surveillance Court Under FISA Section 702? - Lawfare