"I'm from the NSA, and We Don't Get Out Much"

It isn't every day that a representative of the National Security Agency gives a public speech on the agency's understanding of "Protecting Civil Liberties in a Cyber Age." So I thought I would take good notes for Lawfare readers on Patrick Reynolds' speech today at the Duke Conference. Reynolds is deputy general counsel at the NSA, and he gave a brief overview on the panel of the development of surveillance law. The panel included several other distinguished speakers, but I am focusing here only on Reynolds' comments. It is a paraphrase, not an effort to transcribe. Reynolds begins by quipping that he's from the NSA, and "we don't get out much." When he first went to NSA, he says, the joke was that it stood for No Such Agency or Never Say Anything. But then a bunch of newspaper articles and lawsuits brought a lot of information to the public's attention. What's more, there was this scene in The Simpsons Movie, he notes, which depicts the NSA as a vast, endless room of people listening to other people ordering pizza, and one person hears a relevant communication and leaps up and announces that he's done it--actually found someone they're looking for. Reynolds says he loves this scene because, first, it shows the absurdity of the idea that the NSA is monitoring every communication and, second, because it stands for the fundamental freedom to ridicule and make fun of government. To consider the issue of civil liberties in a cyber age, Reynolds says, he wants to walk through the intelligence collection side of the NSA's mission. Because, he notes, the NSA does collect communications of foreign intelligence interest. The civil liberties interest in question, he says, is the Fourth Amendment. And he wants to briefly talk about the development of the relevant Fourth Amendment law, the passage of the FISA in 1978, and the passage of the FISA Amendments Act (FAA) in 2008. He starts with two points he considers axiomatic: First, that is neccessary to the national security for some agency to have a mission like the one that NSA has. In some form, in some way, it is necessary to collect foreign intelligence by intercepting electronic communications. Second, that people tend to distrust large secretive bureaucratic organizations and the NSA is such an organization. So the question is how we vindicate the civli liberties we all insist upon by proxy. It is impossible for the public to watch and oversee the NSA directly, he says, but it can watch and oversee it through other institutions. Reynolds says he hopes to dispel the notion that the FAA is unconstitutional on its face. There is litigation proceeding now that is alleging as much and that was filed on day the act passed. Reynolds, however, means to argue that the FAA actually offers greater protections than was the case under pre-FAA law. Reynolds starts in 1967 with the Katz decision--which created the "reasonable expectation of privacy" standard. Katz, he says, jettisoned 40 years of prior case law, which had said that if a wiretap involved no physical intrusion, it wasn't a search. In Katz, the Supreme Court said that electronic surveillance was a search, and that it couldn't imagine a case where law enforcement would engage in it without a warrant. But, he says, the court carefully carved out foreign intelligence surveillance and it said nothing about what went on overseas. He wasn't at NSA at time, he says, but his impression is that the case had little impact on the agency. Ditto Title III, which passed Congress the following year. It largely left NSA activity undisturbed. The landscape changes grew a bit closer to home he says, with the 1972 Keith case, which involved domestic security and ruled that the 4th Amendment covered such matters. It suggested that law enforcement had different rules from intelligence agencies, but even it didn't implicate overseas activity, which is the NSA's mission. In the 1970s, moreover, several circuit court cases suggested that the president had the authority to conduct electronic surveillance for foreign intelligence purposes without a warrant. The D.C. Circuit in dicta suggested otherwise. So while it was clear that such surveillance was a search and that it had to be reasonable, whether it required a warrant was far less clear. This fact tends to get lost, he says, because we have operated for so long under the rubric of FISA. But it has never been clear that a warrant is constitutionally necessary for foreign intelligence wiretapping conducted domestically. The watershed, Reynolds says, was the abuses found in the Church Committee report. With respect to the NSA, the Church Committee found two things of particular importance to the long-term development of the law. First, it found that in addition to engaging in foreign communications collection totally outside of the U.S., the NSA was also doing things domestically. Specifically, it was putting U.S. citizens on watchlists for surveillance. Second, it was also doing reverse targeting--that is, targeting people overseas whom it believed would be in contact with U.S. persons domestically about whom the agency wanted to collect information. Congress, he says, did not appreciate this as it circumvented the warrant requirement of the 1968 law. So while in a series of cases, the courts had gotten close to saying, but didn't say, that the government needed a warrant, Congress eventually did so. In FISA in 1978, Congress created a secret court made up of district judges to hear applications for electronic surveillance for foreign intelligence purposes. The statute defined electronic surveillance narrowly to respond to abuses of the 1970s. It covered only four things: (1) the targeting of a person in the U.S., (2) the acquisition of a wire communication where one end of the communication is in the U.S. and acquisition takes place in the U.S., (3) the acquisition of radio communications where both ends of the communications are in the U.S., and (4) interceptions in circumstances in which the target has a reasonable expectation of privacy and that would require a warrant if conducted by law enforcement. Notably, it did not include international radio communication, which was the principal means of international telephone communications at the time. NSA could still vacuum that material up without going to the court for a warrant. The result was that the statute gave the court an important role--creating attorney general involvement, court supervision, criminal penalties, reporting, and minimization procedures. But it also allowed the NSA to continue activities overseas unimpeded. And it worked pretty well--until technology began to change. These technological changes were actually predicted by a physicist named Negroponte, who anticipated that wire communications (which were then dominant in short-haul communications) would come to dominate long-haul communications (which were then dominated by radio transmission), and that radio would come to dominate short-haul communications. This flip was the result not of statutory change, but of technological change. And that change, combined with the fact that the U.S. became a communications hub for worldwide telecommunications, created huge bandwidth of submarine cable into the United States. This bandwidth carried a great deal of communications from people with no connection with the United States. And that meant that under FISA, NSA suddenly had to prioritize collection, to decide which foreign-to-foreign communications were most important to collect. NSA could still carry on its mission outside of the U.S., but the procedural burden became such that it couldn't collect it all when it came here. In February 2006, Reynolds says, he was one of two lawyers who went to Capitol Hill and said the statute was no longer functioning as intended. This started a dialogue that led to temporary legislation and finally culminated in the passage of the FAA in 2008. Reynolds says that his thesis is that there is actually more civil liberties protection under the FAA than under the law before its passage. The FAA, he says, did two major things. It allowed for surveillance in the U.S. that would otherwise have been considered electronic surveillance under FISA--without getting individualized warrants. This allowed a huge backlog to get cleared. And it's the reason people think of the statute as a civil liberties erosion. But it also required court orders based on probable cause for surveillance of U.S. persons outside of the United States. This had never been the case before. Previously, the NSA had to go to the attorney general in such circumstances, but it never had to go to the FISA court before for such surveillance. Congress, in essence, said let's forget about the technology. Let's look at the question of the target of the surveillance and ask instead what we owe that person. If it is a U.S. person anywhere in world, we owe one thing. If it's not, we owe something else. So under the FAA, what kind protections do we owe in those circumstances? No individual probable cause showing is required, and that's what makes people say it's unconstitutional. But the court has never said that a warrante is required in those circumstances. And under the FAA, we still have a requirement of DNI and attorney general certification of compliance with relevant procedures. The court now approves the targeting procedures--the procedures that the NSA uses to figure out whether the target is outside of the U.S. The court approves the minimization procedures. There are still statutory restrictions on the use of surveillance data. There are still criminal penalties. And there is lots of new oversight: reports to Congress, audits, inspector general reviews, and reports to the court. There are a lot more people reviewing what the NSA is doing under the FAA than before. These are two features that offer more protections, not less, Reynolds concludes.