Thoughts on a Blue-Sky Overhaul of Surveillance Laws: Introduction

[Editor's Note: This is the first in a series of four posts, in which David S. Kris discusses the possibility of wide-ranging reform to U.S. surveillance law.] 

A paper I wrote for Ben Wittes a few years ago discussed the “modernization” of our foreign intelligence surveillance laws after September 11, 2001, culminating in the FISA Amendments Act (FAA) of 2008.[1]  The FAA, which was recently renewed by Congress,[2] resolved two difficult issues, at least for the short run. 

First, the new law addressed the growing indeterminacy of location in the world of communications by regulating some types of electronic surveillance based on a “reasonable belief,” rather than actual knowledge, of the location of the surveillance target, regardless of the location of his interlocutors.[3]  For this class of surveillance, involving foreign targets reasonably believed to be located abroad, the FAA expanded the government’s authority, requiring less advance judicial review than prior law.[4] 

Second, the FAA was politically viable in part because it also contracted the government’s authority in one respect, requiring more advance judicial review than prior law demanded in the surveillance of Americans (rather than foreigners) reasonably believed to be located abroad.[5] FISA modernization unquestionably solved some problems, but also increased the law’s complexity.  By defining certain new classes of surveillance, and establishing new rules to govern them, the FAA established a more intricate legal regime for the nation’s eavesdroppers.  The FBI and the National Security Agency, for example, now face at least nine legally distinct categories of foreign intelligence collection (ignoring, for the moment, the FBI’s law enforcement collection authorities), each with separate but sometimes related requirements:  (1) electronic surveillance under the 1978 elements of FISA;[6] (2) FISA physical searches;[7] (3) FISA surveillance for certain foreign embassies and other establishments;[8] (4) FISA searches of such establishments;[9] (5) FAA surveillance of non-U.S. persons reasonably believed to be located abroad;[10] (6) FAA surveillance of U.S. persons reasonably believed to be located abroad;[11] (7) collection of certain metadata under FISA’s pen-register provisions;[12] (8) collection of business records and other tangible things under another FISA provision;[13] and (9) other collection not regulated by FISA or the FAA.[14] 

Complexity at the legal level, moreover, compounds significantly at the operational level, where surveillance targets may fall under different categories as they travel or switch communications methods, and particularly where laws have to be applied in an environment of rapid technological change, like the Internet (although I cannot say much here about operational challenges).  There has long been a demand for technology-neutral approaches to regulation of surveillance (a generally sound approach), but sometimes new technology creates new opportunities and challenges that outstrip even the most agnostic regulatory scheme, or the government’s ability to implement it. Combined legal and operational complexity threatens both national security and civil liberties.  It threatens security where risk-averse officials abstain from surveillance in the face of uncertainty to avoid possible transgressions and associated liability.  Where that occurs, in a specific case or a class of cases, officials may be collecting less intelligence than they should (according to the law as it actually is).  The opposite problem exists where complexity masks a legal prohibition and officials proceed without realizing that they should not.  In short, where the line is hard to discern, government officials will more likely stop short and overstep, committing what statisticians call Type I and Type II errors.  Meaningful public debate about surveillance rules, already difficult in a classified environment, also suffers with increased complexity.

For these reasons, I wrote in 2008, although the FAA represented a reasonable approach, we might some day want – or need – to consider a more radical overhaul of our surveillance laws.[15]  As Judge Royce Lamberth, the former Presiding Judge of the FISA Court, explained in 2007, “The years since September 11, 2001, have witnessed a remarkable transformation in the law and practice of national security . . . . The transformation, however, has not been systematic.  Rather . . . it has been incremental, and at times even chaotic.”[16]  One possible response to this would be a blue-sky review and possible overhaul of our surveillance (and information-collection) laws as a whole, with everything but the Constitution in play.  That is the subject of this series of Lawfare posts.

[1] David S. Kris, Modernizing the Foreign Intelligence Surveillance Act, in Ben Wittes ed., Legislating the War on Terror (2009).  An earlier version of the paper is available at http://www.brookings.edu/papers/2007/1115/nationalsecurity/kris.aspx.  For a discussion of FISA (the Foreign Intelligence Surveillance Act) and the FAA, see 1 David Kris and Doug Wilson, National Security Investigations and Prosecutions, especially Chapters 16-17 (2d. ed 2012) [hereinafter 1 NSIP]. [2] See 126 Stat. 1631; Clapper v. Amnesty Int’l USA, 2013 WL 673253 at *4 n.2 (U.S. Feb. 26, 2013).  For the Obama Administration’s position on renewal of the Act, see Statement of Administration Policy: H.R. 5949 - FISA Amendments Act Reauthorization Act of 2012, Sept. 10, 2012 (available at http://www.whitehouse.gov/omb/112/legislative_sap_date_2012). [3] See 50 U.S.C. § 1881a(a).  As explained in NSIP, “With the advent of web-based communication and other developments, the government cannot always determine—consistently, reliably, and in real time—the location of parties to an e-mail message.”  1 NSIP § 16:3 at 532. [4] See 1 NSIP Chapter 17. [5] See 1 NSIP Chapter 17. [6] See 50 U.S.C. § 1801; 1 NSIP Chapter 6. [7] See 50 U.S.C. § 1821; 1 NSIP Chapter 6. [8] See 50 U.S.C. § 1802; 1 NSIP §§ 12:2-12:5. [9] See 50 U.S.C. § 1822; 1 NSIP §§ 12:2-12:5. [10] See 50 U.S.C. § 1881a; 1 NSIP Chapter 17. [11] See 50 U.S.C. § 1881b-c; 1 NSIP Chapter 17. [12] See 50 U.S.C. § 1841; 1 NSIP Chapter 18. [13] See 50 U.S.C. § 1861; 1 NSIP Chapter 19. [14] See Executive Order 12333; USSID-18; 1 NSIP Chapter 16.  The nine categories listed here are only the major ones, and many of them would admit of sub-categories. [15] See, e.g., David S. Kris, Modernizing the Foreign Intelligence Surveillance Act, in Ben Wittes ed., Legislating the War on Terror at 218 (2009). [16] 1 NSIP Preface at v.