How Congress Should Evaluate Section 702’s Security Value When Debating Its Reauthorization

We are rapidly approaching the point where Congress must decide the future of Section 702 of FISA, the authority for the PRISM and Upstream warrantless surveillance programs that expires at the end of this year. Unfortunately, as was made apparent during last week’s Senate Intelligence Committee hearing, so far much of the defense of Section 702 has centered on the surface-level rationale that Section 702 is too valuable to allow to sunset.

Section 702 should not be viewed in such a binary manner. Even Congress’ most vociferous privacy watchdogs, such as Senator Ron Wyden (D-OR) and Representative John Conyers (D-MI), acknowledge the value of Section 702 and are not demanding its expiration. Rather, they and many privacy advocates, such as my organization, the Constitution Project, seek reforms that would maintain the foreign intelligence value of Section 702 while curtailing mission creep and risk of abuse. The Trump administration and a small group of Republican Senators, on the other hand, are seeking a permanent reauthorization without any changes—-an inertial response that improperly assumes that the security value of Section 702 and reforms to protect Americans’ civil liberties are mutually exclusive.

The key obligation for those who object to reform is establishing not whether Section 702 provides value in general but whether its most controversial aspects do. Only if the value of these controversial features is shown should we debate balancing surveillance objectives against the critical privacy rights at risk.

For the four most critical issues regarding Section 702—U.S. person queries, domestic law enforcement use, an overly broad set of targets, and “about” collection—it appears reform is possible without infringing on the essential foreign intelligence needs of the intelligence community.

Prohibiting “About” Collection

Recent events have dramatically shifted the political landscape in terms of potentially banning “about” collection, the process by which the government collects communications that are neither to nor from a target but mention the unique identifier of a target or potentially an associated IP address or code. Last month the National Security Agency (NSA) announced it would end "about" collection due to serious compliance problems regarding improper querying of Upstream data. As Bobby Chesney discussed, the announcement of this change described the role of “about” collection and its integration into Upstream very differently than the Privacy and Civil Liberties Oversight Board did in its 2014 report. But setting aside that disparity, current NSA statements create serious doubt as to the necessity of “about” collection. According to the NSA statement, its prohibition of "about" collection is:

designed to retain the upstream collection that provides the greatest value to national security while reducing the likelihood that NSA will acquire communications of U.S. persons or others who are not in direct contact with one of the Agency's foreign intelligence targets.

Further, NSA made no claims that the end of “about” collection will undermine essential security needs. In light of these factors, Congress should feel comfortable placing a clear statutory ban on “about” collection that will continue current practice and prevent future impropriety.

Creating Domestic Law Enforcement Use Limits

Evidence suggests that domestic law enforcement could be limited in its use of Section 702 data without unduly harming national security. As I’ve previously written, the government’s ability to freely use Section 702 data to investigate any federal crime is a serious problem. It reverses the domestic criminal process whereby law enforcement seeks out and monitors communications before establishing basic suspicion and also opens the door to selective prosecution. According to a recent transparency report issued by the Office of the Director of National Intelligence (ODNI), law enforcement-based searches only returned Section 702 data on one occasion last year, but that does not mitigate the issue’s importance for two reasons. First, broad foreign intelligence-based searches (such as assessments of every member of a mosque in New York City) could return criminal evidence and would not be included in that statistic. Second, law enforcement queries could be conducted on a far broader basis in the future.

A clearer demonstration of the lack of national security value for law enforcement use of Section 702 comes from the government’s own statements to the FISC. During an October 2015 proceeding, the Department of Justice admitted it did not have a single example of law enforcement use of Section 702 aiding national security. When asked by the court to cite an occasion when queries unrelated to foreign intelligence resulted in acquisition of foreign intelligence, the DOJ representative acknowledged, “I don't have a smoking gun example for you.”

That shouldn’t be surprising—domestic law enforcement is fundamentally different than foreign intelligence. So long as reasonable exceptions exist—such as for acts of terrorism and espionage —prohibiting law enforcement use of Section 702 should not be problematic for NSA and ODNI.

Limiting the Scope of Targets

Presently the government can monitor anyone if it relates to the conduct of foreign affairs, including foreign protesters and journalists. Limiting the purposes for which the government can designate Section 702 targets would provide significant civil liberties benefits. Whether such limits might have any impact on security to weigh against those significant benefits is less clear. On the one hand, unlike the previously discussed reforms, there are no government admissions that reform would leave the foreign intelligence value of Section 702 intact. On the other hand, there is no public evidence that the current expansive target structure is necessary.

An effective starting point may be to examine the instances where the government has said Section 702 has been valuable. A recent ODNI Q&A on Section 702 cites five compelling examples:

1. Section 702 provided intelligence on high-level decision making by a Middle Eastern government related to a regional conflict which informed US responses;
2. Section 702 provided a “body of knowledge” of military communications equipment and sanctions evasion activity by a sanctions-restricted country, and aided seizure of shipments;
3. Section 702 intelligence was used to discover the presence of an “al-Qaeda sympathizer” within the borders of a foreign ally and allowed the US to notify that ally;
4. Section 702 intelligence allowed an African partner to arrest two ISIS-affiliated militants connected to planning an immediate threat against U.S. personnel; and
5. Section 702 intelligence was used to identify an individual in the United States—Najibullah Zazi—as “seeking advice regarding how to make explosives” from an Al Qaeda courier abroad, which led to his arrest and conviction.

Reform advocates do not dispute the value of this intelligence or the importance of our government’s ability to obtain it. But again, the question is not whether the current law has value, but rather, whether limiting target designations cuts into that value.

Based on the examples the government has provided, the answer seems to be no. This shouldn’t be surprising, considering that earlier this year former FBI Director Comey testified that targeting is currently “confined to counterterrorism to espionage, to counter proliferation.” Consider a hypothetical policy for limiting target designations slightly broader than this, based on Presidential Policy Directive 28, which restricts acquisitions to four general categories of information: (1) espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests; (2) threats to the United States and its interests from terrorism; (3) threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction; and (4) threats to U.S. or allied Armed Forces or other U.S or allied personnel.

All five of the examples provided by ODNI would likely fall within these buckets. There may be other undisclosed examples that the intelligence community would argue are both essential to national security and require broader parameters. If so, the government should make these examples available to the public—as the ODNI Q&A demonstrates this can be effectively done in a manner that aids public discourse without compromising sources and methods—and let Congress evaluate the appropriate boundaries. Regardless of what the settled limits ultimately are, it seems clear that on this score a balance can be struck that prevents overbroad surveillance while preserving essential needs.

Judicial Approval for US Person Queries

The most important Section 702 reform issue—requiring judicial approval for US person queries, commonly called “closing the backdoor search loophole”—may also be the most difficult to tackle.

There are no public examples demonstrating the need for warrantless searches for Americans communications collected from Section 702, the intelligence community consistently argues that an individual warrant requirement could inhibit its ability to “connect the dots.” But without more evidence from the government, this argument fails on its face. Requiring a warrant to deliberately seek out an American’s communications from a database does no more to inhibit the government from “connecting the dots” than requiring a warrant to deliberately seek out an American’s communications from an email provider, but no one would contend that requiring court approval for the latter is unreasonable.

Perhaps government officials would maintain that search capabilities are necessary first to establish that an individual is in contact with a security threat, and on the basis of that connection to then examine their communications. But versions of the “backdoor search loophole fix,” such as the Massie-Lofgren amendment, account for that problem by not requiring a probable cause warrant for queries of all types of data, but rather requiring judicial approval equivalent to what is currently required for standards under current law front-end collection and use of those data. So if an analyst wanted to see if an American was in contact with a Section 702 target, they could do so under a reformed system with the much lower relevance standard required for a FISA Pen/Trap order. If the intelligence community finds this unreasonable, it needs to provide evidence that searches for Americans’ communications absent any suspicion are essential—a tall order. A counterargument to this may be that this kind of judicial approval is not unreasonable but simply too time-consuming. However, every legislative proposal to require judicial approval for US person queries included emergency exceptions to permit searches when there is not time to go to the FISC.

Given all these factors, the burden is on the government to show that deliberately seeking out Americans’ communications without judicial approval is essential to security, and to do so in more detail than simply alluding to “connecting the dots.” Congress should be treat vague assertions, especially those that do not account for easier access to metadata, with a high degree of skepticism.

*

The debate over Section 702 will be contentious, complex, and challenging. This is as it should be; at issue is an authority with serious foreign intelligence importance and a major impact on Americans’ privacy and due process rights. We cannot let such a critical discussion be reduced to soundbites like “Is Section 702 useful, yes or no?” and “Should Section 702 sunset or be reauthorized in its current form?” Congress should instead look at each objection and proposed reform in detail and accept reasonable changes that preserve essential foreign intelligence capabilities while enhancing civil liberties and provides checks on potential abuse.