The High Stakes of Misunderstanding Section 702 Reforms

In less than a month, Section 702 of the Foreign Intelligence Surveillance Act (FISA) is set to expire. As the clock runs out on one of the U.S. government’s most important counterterrorism and counterintelligence tools, public discussion of the program and possible legislative changes remain mired in misunderstandings, misrepresentations, and political sound bites.

As many Lawfare readers are aware, Congress enacted Section 702 in July 2008 as part of the FISA Amendments Act. The law essentially authorizes the Attorney General and the Director of National Intelligence to electronically surveil non-U.S. persons (i.e. non-citizens and non-permanent legal residents) to acquire foreign intelligence information if the person is “reasonably believed to be located outside the United States.” Under Section 702, the government is prohibited from intentionally targeting U.S. persons or “any person known at the time of acquisition to be located in the United States.” The government is also prohibited from targeting a non-U.S. person or an individual located outside of the United States with the true intent of surveilling a U.S. person or someone inside the United States. Because targets of Section 702 (non-U.S. persons located outside of the United States) are typically not protected by the Fourth Amendment of the Constitution, the government need not obtain an individualized warrant from a court under Section 702 like it must under traditional FISA. Instead, the entirety of the Section 702 program is subject to review and approval by Article III judges on the independent Foreign Intelligence Surveillance Court (FISC). This includes judicial review of government “certifications,” which identify categories of foreign intelligence to be targeted; “targeting procedures” by which the government restricts its targeting to non-U.S. persons; and “minimization procedures” by which the government restricts the broad dissemination of any U.S. person information incidentally gathered under Section 702.

Section 702 is a Critical National Security Tool

The importance of Section 702 as an essential counter-terrorism tool is well-documented. Significantly, information gathered under Section 702 allows the government to uncover and disrupt impending terrorist attacks on U.S. soil. For example, in September 2009, the National Security Agency (NSA), through Section 702 surveillance of an email address belonging to an Al-Qaeda courier based in Pakistan, discovered that he was corresponding about making explosives with an unknown individual located in the United States. The NSA passed along the intelligence to the FBI, which used a national security letter to identify the unknown individual as Najibullah Zazi, who was living near Denver, Colorado. Through subsequent intense monitoring, the FBI discovered that Zazi and a group of al-Qaeda-trained terrorists were planning to bomb the New York City subway system. The FBI arrested Zazi and his co-conspirators before they were able to carry out their attack. Zazi and his co-conspirators were all convicted in federal district court. Zazi himself pleaded guilty and cooperated with the government, providing incredibly important intelligence information about al-Qaeda and its current operations.

In addition, Section 702 provides extraordinary value to the U.S. government on a daily basis by allowing agencies to monitor terrorist organizations. This monitoring allows the government to identify individuals previously unknown to be involved in terrorism, and allows the government to more fully understand the structure and hierarchy of international terrorist networks. Indeed, according to the independent report prepared by the Privacy and Civil Liberties Oversight Board (PCLOB) in 2014, over one-quarter of all NSA reports on international terrorism include information derived from Section 702 collection.

Section 702 is Constitutional and Well-Regulated

Unfortunately, advocacy groups and even key lawmakers in Congress continue to erroneously suggest that Section 702 is unconstitutional. In June 2017, for example, the House Freedom Caucus Board released a statement claiming that “surveillance activities under the FISA Amendments Act have violated Americans’ constitutionally protected rights.” In reality, however, every single federal court (including, notably, the Ninth Circuit Court of Appeals) sitting in review of Section 702 in connection with its use in national security prosecutions has found it statutorily authorized by Congress and constitutional as applied.

In November 2015, then-Chief Judge Thomas F. Hogan of the FISC approved reauthorization of the government’s Section 702 “certifications” and “procedures.” Hogan used his authority under 50 U.S.C. § 1803(i)(2), to appoint an amicus curiae to help the court decide the “novel or significant” legal issues involved in analyzing Section 702. The amicus curiae argued that the government’s targeting and minimization procedures under Section 702 as implemented by the FBI were unconstitutional. Notably, the amicus curiae did not in any way suggest that the FBI was required to obtain a warrant to obtain intercepts captured pursuant to Section 702. However, Hogan disagreed with the concerns about targeting and minimization procedures, finding the government’s procedures were consistent with the Fourth Amendment because they struck “a reasonable balance between the privacy interests of United States persons and persons in the United States, on the one hand, and the government’s national security interests, on the other.” Later that month, in United States v. Muhotorov, Judge John L. Kane of the United States District Court for the District of Colorado relied on similar reasoning to reject a constitutional challenge to Section 702. Like Hogan, Kane focused on the balancing of interests required under a Fourth Amendment reasonableness analysis. After careful consideration of that balance, Kane concluded that Section 702 “passes the Fourth Amendment test.” In March 2016, Judge John Gleeson of the United States District Court for the Eastern District of New York considered a constitutional challenge to Section 702 in United States v. Hasbajrami. Gleeson thoroughly analyzed Section 702, and like Hogan, ultimately applied a balancing test to conclude that the government’s program was “reasonable under the Fourth Amendment.” And most recently, in December 2016, the United States Court of Appeals for the Ninth Circuit in United States v. Mohamud denied a constitutional challenge to the program. Writing for the court, Judge John B. Owens followed suit with the aforementioned judges and applied a balancing test to conclude that the program was “reasonable” as applied.

To the extent that anyone might suggest that the law on incidental interception is “unsettled” (which it is not) it is also worth considering, as Judge Gleeson did in United States v. Hasbajrami, the Supreme Court’s ruling in this area. In United States v. Kahn, the Supreme Court found that the incidental interception of an individual’s conversations on her home telephone was not a violation of the Fourth Amendment, because her criminal activities were not foreseen when a Title III wiretap order was issued. Other courts to address the incidental interception issue in other contexts have found similarly and no meaningful distinction between the constitutionality of incidental interception under the Section 702 program and incidental interception through other lawful surveillance has been identified. For example, in United States v. Figueroa, the Second Circuit found that Title III allowed for the interception of conversations of “others as yet unknown,” (i.e., unknown third parties) and that allowance “d[id] not render a statute [] unconstitutional on its face as authorizing a general warrant.” In United States v. Butenko, the Third Circuit upheld the constitutionality of warrantless surveillance for foreign intelligence purposes even though “conversations ... of American citizens [might] be overheard.” Similarly, in United States v. Bin Laden, the Southern District of New York found that “incidental interception of a person's conversations during an otherwise lawful surveillance is not violative of the Fourth Amendment.”

In addition to judicial review, Section 702 procedures are subject to extensive oversight within the executive branch, including routine reviews by the Department of Justice and the Office of the Director of National Intelligence, not to mention broader review by the internal legal counsel at the government’s key national security agencies, including the FBI, the CIA, and the NSA’s general counsel offices. To the extent that the FBI seeks to use Section 702 information in a national security prosecution, a second review of the legality of the interception occurs within the Department of Justice and by lawyers in the United States intelligence community (IC). Congressional committees also receive regular reporting on the program. And while it is true that these extensive review processes have revealed incidents of non-compliance with the statute, issues have arisen in an extremely small number of cases. According to the independently commissioned PCLOB, the rate of compliance issues for Section 702 searches has been “substantially below one percent” since the program’s initiation. Most importantly, to date, there has been absolutely no indication that the government has ever attempted to circumvent or violate the safeguarding procedures required by Section 702.

Several Section 702 Legislative Reform Efforts are Misguided

Despite the previously discussed legality and oversight framework, public discussion about the program remains mired in rhetoric, untethered to any legal framework and instead is lumped in with generalized fears of mass surveillance. Opponents of Section 702—without evidence—accuse the government of using it to intentionally and indirectly target Americans and of using statutory “loopholes” to conduct “unlimited searches” of Americans’ communications. But as it stands, Section 702 explicitly prohibits the government from “intentionally target[ing] a person reasonably believed to be located outside the United States if the purpose of such acquisition is to target a particular, known person reasonably believed to be in the United States.” And the claim that the government uses Section 702 to conduct “unlimited” searches of Americans is belied by the extensive oversight required by the statute.

The public misunderstanding and general mistrust of U.S. surveillance authorities has led to some restrictive and problematic proposed revisions to the Section 702 program. In October, the House Judiciary Committee introduced H.B. 3989 (the “USA Liberty Act”). Most significantly, the USA Liberty Act would require the FBI to receive a court-issued warrant, upon a showing of probable cause, before it could access the content of Americans’ communications incidentally gathered under Section 702. As currently drafted, the bill would initially allow the FBI to run a check of Section 702 databases to see whether they contain identifying or “noncontents” information about a subject in the United States who has come under suspicion by the FBI. Assuming a hit, the FBI would be informed that the subject has had communications with the foreign target of Section 702 collection, but without a warrant, the FBI would be prevented from accessing the substance of any relevant communications unless they could certify that their search of the database for information on the U.S.-based target was “reasonably designed for the primary purpose of returning foreign intelligence information.” This requirement, unfortunately, reflects a lack of appreciation for the FBI’s dual role as a law enforcement and intelligence agency alongside its primacy in identifying terrorist or intelligence threats to the homeland. That is, the FBI, in its post-9/11 existence, seeks foreign information when it is directly related to a domestic threat, and it seeks intelligence information when it is related to its law enforcement mission: forcing the FBI to articulate whether its “primary purpose” is the collection of “foreign intelligence” in those circumstances would upend the unique duality of the FBI’s mission and force the FBI back into the law enforcement box that it was in prior to Sept. 11. Essentially, this limitation and the warrant requirement in the bill would effectively “wall off” the FBI from the content of these communications, and would “wall off” the FBI from the intelligence agencies, like the NSA and CIA, who would retain access to the content of the intercepted substantive communications.

Any effort to restrict the FBI’s access to Section 702’s valuable information about threats to the United States homeland through the creation of an artificial barrier between law enforcement and intelligence agencies should be understood for what it is: a Congressional effort to rebuild “the wall” that led to the devastating attacks on the United States on 9/11. The danger of obscuring FBI access to Section 702 information is plain: As the lead domestic law enforcement agency charged with handling threats to national security of the United States, only the FBI is positioned to use incidentally intercepted information to prevent an attack on the homeland. Anyone prepared to “wall off” the FBI from this program should understand that this effort will inevitably compromise the national security of the United States and significantly jeopardize the public safety of this country’s citizens.

It will not be lost on members of the national security community that the triggering “primary purpose” language used in the USA Liberty Act is identical to the flawed language used by the Department of Justice in the years before the summer of 2001 to erect the artificial legal wall between the law enforcement and intelligence communities. A renewed effort to distinguish law enforcement and intelligence collection using the term “primary purpose” reflects a return to the flawed law and policymaking that led to the unchecked rise of al-Qaeda, the hijacking of United Flight 93, the destruction of the World Trade Center, and the attacks on the Pentagon. It is notable that the FISA appellate court then found the Justice Department’s decision before Sept. 11 to rely on a “primary purpose” test to be “quite puzzling,” given that “effective counterintelligence…requires the wholehearted cooperation of all the government’s personnel who can be brought to the task.” The court further recognized that the “primary purpose,” policy, in creating the “wall” between the FBI and intelligence agencies, “may well have contributed… to the FBI missing opportunities to anticipate the September 11, 2001 attacks.” Those “missing opportunities,” which were detailed in the 9/11 Commission Report, include the government’s failure to locate two hijackers known to be in the United States prior to Sept. 11 and the failure to obtain a search warrant on an al-Qaeda computer that could have led to the discovery of the Sept. 11 plot before it was carried out.

Moreover, the implementation of a warrant requirement will create a perverse incentive for law enforcement to conduct invasive investigations of Americans whose information has been incidentally intercepted. As set forth above, under the USA Liberty Act’s proposed restrictions, after a search of the Section 702 database, the FBI would initially learn about the fact of the incidentally-collected Section 702 communication and not the substance of the communication unless the FBI could certify that the query is being done for the “primary purpose” of returning foreign intelligence information. Although the FBI could learn that a U.S. person, such as a suspected homegrown extremist or potential lone wolf, has been in contact with a significant foreign terrorist or intelligence threat, the FBI probably would not have sufficient information about the U.S. person to establish probable cause to obtain the substance of the communications. In turn, in carrying out its mission to protect the public, the FBI undoubtedly would be forced to conduct an extensive investigation into the U.S. person to eliminate or confirm the seriousness of the potential threat and the nefarious contact with an overseas target—a significant step the FBI otherwise might not have undertaken had it been able to see the substance of the communication in the first place. These FBI investigations, which would have to be conducted through traditional law enforcement techniques that do not require a warrant (e.g. surveillance by law enforcement of a subject’s contacts and location, issuing national security letters or subpoenas for additional email and telephone records, conducting searches of the target’s trash, obtaining a mail cover, inserting a confidential informant or undercover officer) would likely require more significant invasions of the U.S. person’s privacy. Given the potential danger to the national security of the United States and the likelihood that a warrant requirement would increase the FBI’s involvement in potentially unnecessary intrusive investigative conduct, it is nonsensical to require the FBI to establish probable cause in order to allow it to see information necessary to prevent an attack on the homeland, when that same information is already in the hands of the rest of the intelligence community.

In addition to the House bill, the Senate Select Committee on Intelligence (SSCI) has also proposed a bill (the FISA Amendments Reauthorization Act) to reauthorize and change different parts of Section 702. Some of the changes proposed by the SSCI’s bill appear reasonable. Primarily, this bill, as originally drafted, sought to balance national security with valid civil liberties concerns by implementing “end-use” restrictions on incidentally intercepted Section 702 collection, and by increasing the program’s transparency, adding more Congressional reporting requirements.

First, the bill would permit the FBI to only use Section 702-derived information in prosecutions of certain serious crimes. Though this change is potentially unnecessary—as the government already maintains this policy, and faces a natural institutional disincentive from using Section 702 information in insignificant prosecutions (if simply for the fact that doing so could jeopardize its use in future counter-intelligence and counter-terrorism prosecutions)—its statutory implementation raises no serious objections. Second, the bill helpfully provides for increased transparency by imposing additional reporting requirements on the FBI. Third, the bill restricts the intelligence community’s ability to conduct “abouts” collection. “Abouts” collection, which the NSA has currently abandoned, refers to the collection of communications under Section 702 that are “neither to nor from a tasked [email address or] selector but nevertheless are collected because they contain the selector [or email address] within them.” The statutory restrictions on “abouts” collection appears reasonable, given the NSA’s own concerns about its technological capability to minimize information gathered through this program. The bill, however, also provides an opportunity for “abouts” collection to resume upon recommendations from the Director of National Intelligence and the Attorney General and subsequent FISC approval. Given the fact that, as the NSA has declared, “abouts” collection allows the government to “discover information about new potential targets that it may never … otherwise acquire[],” and given the likelihood that NSA’s minimization procedures will likely continue to improve in sophistication, it would be wise to maintain the flexibility of re-initiating this significant counterterrorism and counterintelligence tool.

Not all of the SSCI bill’s changes, however, are without issue. Though the bill—over the objection of some SSCI members—does not contain any pre-query warrant requirement, post-conference it now requires the FBI to submit to the FISC within “one business day” any query it conducts of the Section 702 databases that returns information on a U.S. person, along with the responsive information and the government’s justification for executing the query. As an initial matter, this post-query judicial review creates some awkwardness in the operation of Section 702: The FISA Court already pre-authorizes queries under the minimization procedures it approves during its annual review; having the FISC then post-hoc judge whether these queries were constitutional and consistent with statutory authority would appear redundant. Oddly, the FISC would be sitting in review of its own prior legal determination of statutory and constitutional compliance. Further judicial review of the program is more appropriately left to the many independent Article III district and appellate judges that oversee national security prosecutions relying on the Section 702 program. As evidenced by the decisions discussed above—United States v. Muhotorov, United States v. Hasbajrami, United States v. Mohamud—there is a robust system of judicial review already in place.

Moreover, while the idea of a post-query notification and review requirement is a less dangerous check on law enforcement’s use of incidentally collected Section 702 information than a pre-use warrant requirement, there is real concern in the law enforcement community about the limited timing permitted for the notification and FISC review process. Expecting every governmental actor involved in the review of the Section 702 program to collaborate and present the relevant information and justification to the FISC within “one business day” reveals a lack of appreciation for the stringent internal oversight and the multi-level review process that occurs within the U.S. government in the implementation of this program. In less than 24 hours, FBI agents and analysts essentially would be required to draft a sworn affidavit in support of the notification and, before submitting to the FISC, would have to secure concurrence or approval on the notification from the Department of Justice’s Office of Intelligence (OI). Housed within the National Security Division, OI is the key DOJ component that handles all filings before the FISC. The information would also be vetted by the FBI’s National Security Law Branch, which scrutinizes FBI representations to ensure accuracy and compliance with internal and external legal controls; the relevant operational field, headquarters and front-office components within the FBI whose intelligence or counter-terrorism equities would be affected; the legal offices at the CIA and the NSA, who likely would be required to coordinate with their own operational components to the extent that their equities were at issue; as well as the Director of National Intelligence and his or her legal representatives, the National Security Division leadership, and the Attorney General and his or her staff. All of this internal executive review is conducted in order to ensure accurate representations to the FISC, without compromising national security by protecting highly-sensitive and agency specific equities. This also all assumes that a FISC judge would be around and available on a 24-hour basis to receive the request and, potentially, to request additional information or modification of the notification. To expect this sort of thoughtful and rigorous process to occur within 24 hours is physically unworkable. For comparison, Section 702’s emergency provision, which allows the government to forego submission of a pre-search certification if both the DNI and AG conclude that exigent circumstances exist, allows the government 7 days to submit a post-search certification.

Most recently, the House Permanent Select Committee on Intelligence (HPSCI) introduced yet another bill, entitled the FISA Amendments Reauthorization Act of 2017. Like the SSCI’s original FISA Amendments Reauthorization Act, the HPSCI’s bill reasonably seeks to balance national security with valid civil liberties concerns by implementing “end-use” restrictions on incidentally intercepted Section 702 collection, and by increasing the program’s transparency, adding more Congressional reporting requirements. As an initial matter, the bill adopts generally the restrictions on “abouts” collection contained in the SSCI bill, and maintains the flexibility to reinitiate “abouts” collection upon recommendation of the Director of National Intelligence and the Attorney General. The bill also maintains an ex ante warrant requirement, for use and review of the substance of Section 702-collected information on citizens and legal permanent residents, in cases in which foreign intelligence is not involved. That is, the bill essentially eliminates the problematic “primary purpose” test and provides the FBI with the discretionary authority to obtain a warrant from the FISC for substantive Section 702-collected information where a substantive query of the databases is “not designed to find and extract foreign intelligence information.” However, use of the Section 702 information in a criminal prosecution of a citizen or a legal permanent resident, without that warrant, is otherwise restricted—absent a determination by the Attorney General that the relevant “criminal proceeding affects, involves, or is related to the national security of the United States” or that it involved “death,” “kidnapping,” or other serious criminal conduct. Overall, the warrant requirement in the HPSCI bill prevents Section 702-collected information from being used in non-serious criminal prosecutions, absent a warrant, and it appears to give the FBI the flexibility it needs to review and use critical foreign intelligence information for intelligence and law enforcement purposes, without needlessly resurrecting the wall that was in place before Sept. 11.

Ultimately, all of these issues surrounding Section 702 are profoundly important, hard and, unfortunately, driven by political sound bites that do not accurately capture the reality of the legislation or the issues. Re-authorization of the Section 702 program is critical to our nation’s security. Every court to review the program has found it to be constitutional. The resurrection of a “wall” between the FBI and the rest of the intelligence community, in addition to perhaps creating even greater invasions of privacy, could turn back the clock to the summer of 2001, when the CIA and the FBI failed to communicate in the lead up to Sept. 11: Thousands of Americans lost their lives as a result. Given what is at stake, Congress and the administration would do well to ignore the political sound bites and move cautiously to conduct a thorough and thoughtful investigation into the impact any statutory changes might have to a surveillance program as significant as this one.

Thanks to Ethan Sachs and Chinmayi Sharma, students at the University of Virginia School of Law, for their assistance.

All statements of fact, opinion, or analysis expressed are the author’s alone and do not necessarily reflect the official positions or views of the Department of Justice, the United States Attorney’s Office for the Eastern District of New York or any other U.S. government agency. This article has been reviewed by the Department of Justice to prevent the disclosure of classified or otherwise sensitive information.