What I Found in 19 FISA Applications
A set of 19 complete FISA applications offered a chance to form impressions about what these applications contain, and how the information is presented, across different FBI agents and government attorneys and over a span of five years.
Published by The Lawfare Institute
in Cooperation With
The Foreign Intelligence Surveillance Act (FISA), the law that governs national security surveillance of international terrorists and foreign spies in the United States, has had a tough few years. Last year, a statutory sunset stripped several post-9/11 powers from the law. Another relatively new part of FISA, known as Section 702, has elicited critical opinions from the Foreign Intelligence Surveillance Court. Even the act’s bedrock power to conduct court-approved electronic surveillance and physical searches—the well-understood core of the original 1978 law—has sparked heated debates over the interaction between counterintelligence and political campaigns.
Yet FISA remains indispensable. It enables the government to monitor foreign agents inside the United States while subjecting those surveillance powers to congressionally approved standards and judicial oversight.
That balance is enduring, but it is not static. Over the years, FISA has evolved with the threats that it addresses and the public’s expectations of accountability, privacy and transparency. That process of scrutiny and rebalancing continues today.
In 2020, my agency, the Privacy and Civil Liberties Oversight Board, voted to obtain from the Department of Justice and the FBI surveillance applications filed under FISA, along with other materials related to the act’s use in counterterrorism. We made these requests after the Justice Department’s inspector general announced that his team had found factual errors in more than two dozen FISA applications, including counterterrorism filings.
In response to our requests, the board received 19 complete FISA applications, with minimal redactions to protect certain identities. We also received hundreds of other documents related to the use of FISA by the Justice Department and the FBI. The board, whose statutory mandate focuses on “efforts to protect the nation against terrorism,” did not seek applications filed in counterintelligence cases (such as the case involving Carter Page).
All members have had the opportunity to review these materials in the board’s secure facility. I am grateful to the officials at the FBI and the Justice Department who assembled materials in response to the board’s requests.
This week, I released a white paper based on a lengthy review of these documents, consultations with the Justice Department and the FBI, and other expert input. (The white paper is issued in my individual official capacity as chairman and does not necessarily reflect the views of the board as a whole or other board members.) It includes observations about FISA applications and the process more broadly, along with many recommendations to improve privacy protection while also strengthening national security.
This post highlights a few key issues discussed in the white paper: how applications are written and whether their structure could better facilitate critical analysis; the organization and content of renewal filings; how the Justice Department allocates its limited time for oversight and reporting activities related to FISA; and the FISA business records provision, which lapsed in March 2020.
FISA Applications: A Reader’s View
Only a small circle of government officials in the intelligence community, Justice Department, and the FISA Court typically sees FISA applications, and only one application has been declassified for public release. The white paper thus seeks to give readers a high-level sense of how these filings present information to the FISA Court. The board’s dataset has limitations, of course—for one, it contains only counterterrorism applications. Nonetheless, a set of 19 complete filings offered a chance to form impressions about what these applications contain, and how the information is presented, across different FBI agents and government attorneys and over a span of five years.
The first thing that strikes an uninitiated reader of FISA applications is the sheer volume of information. It makes sense to err on the side of inclusion: The Justice Department is required to present all information that cuts against its case for probable cause, and erring in favor of completeness makes sense when the government is the only party with access to the underlying facts. All the same, the amount of information can be overwhelming, and it is not always clear how each fact relates to the others, or what weight the government assigns to each.
Summaries are one way to deal with this. Fortunately, the government already prepares summary memoranda to accompany each FISA application up the bureaucratic chain of approvals. These summaries are well organized and highlight the key facts underpinning probable cause. At present, however, they are not part of the sworn application, which is the government’s official request to the FISA Court.
In my view, summaries like these should form an integral part of the application presented to the court. They should also concisely highlight any distinctive legal, privacy-related or technological implications of the case. This change—along with a broader focus on road-mapping, organization, and clarity in how applications are written—would help judges (and officials inside the FBI and the Justice Department) critically assess the need for surveillance, while preserving the completeness that the court appropriately demands.
Renewals
Renewals differ from initial applications in an obvious way: The government has already been conducting court-approved surveillance of the target. That posture means that certain questions would naturally be front of mind for the FISA Court: What did the initial surveillance discover? Did it confirm or confound the government’s expectations? Why is more surveillance needed?
Yet renewal applications typically do not feature these questions. Instead, they take the same form as initial filings, with newly discovered information dropped into the first application in bold text.
Why? There are bureaucratic reasons for this format: This structure may be simplest for the agent preparing the application and assembling the required file of supporting documentation (known as the “Woods File”). But it does not necessarily stimulate critical analysis of the need for further surveillance.
To address this, the white paper proposes that the Justice Department and the FISA Court structure renewal applications to highlight new information and spur a fresh assessment of the need for surveillance. Within the FBI, agents should also critically assess the need for further surveillance, answering questions like those suggested above, before seeking a renewal.
Which Applications Should Receive the Most Scrutiny?
By its nature, the FISA process receives little outside scrutiny. The result is that Justice Department lawyers play an outsized role in ensuring rectitude. The white paper discusses how the department’s National Security Division (NSD) allocates the time and attention of its specialized oversight staff. Its attorneys’ time is one of the government’s most important assets for protecting privacy and civil liberties—but a scarce one.
The white paper reports a significant change since the inspector general’s December 2019 report: The NSD now conducts after-the-fact “completeness reviews,” which check FISA applications for omissions as well as misstatements of fact. Until now, reviews cross-checked statements in the application against supporting documentation, but they did not search for omissions. The new completeness reviews augment rather than replace those existing checks.
The NSD’s lawyers carried out completeness reviews of 95 FISA applications between March 2020 and May 2021. Those new checks likely consumed thousands of hours of oversight attorneys’ time—a hefty but worthwhile investment that will bolster confidence in FISA applications.
Yet the NSD’s capacity is not limitless. If its lawyers devote substantially more time to shoring up oversight of probable-cause-based FISA applications, where should that time come from? Note that the NSD’s oversight priorities are not always set by the division itself; rather, they are often dictated by statute or FISA Court rules.
The white paper proposes several answers. One is automation: Congress should support and fund the NSD’s efforts to automate repetitive elements of its oversight checks, freeing up attorneys’ time for higher-yield work. Given the rising expectations placed on the NSD to provide transparency and oversight, Congress should also fund more attorney positions if requested.
Another potential solution would be to streamline processes applicable to some foreign agents in order to redirect oversight attorneys’ energy toward cases with the greatest implications for Americans’ privacy and civil liberties. For example, the white paper proposes that Congress and the FISA Court consider streamlining in some respects the FISA process for certain categories of targets whose status as agents of a foreign power is likely to be clear. These could include, for example, a non-U.S. person who “acts in the United States as an officer or employee of a foreign power,” or “an entity that is openly acknowledged by a foreign government … to be directed and controlled by such foreign government or governments.”
Congress and the FISA Court might also consider whether certain time-intensive oversight tasks imposed on the NSD can be made less burdensome or dispensed with altogether. Time spent preparing duplicative reports required by statute could be better spent elsewhere, while preserving the existing level of transparency. Congress, the executive branch and the FISA Court should also consider whether the existing approach to reviewing Section 702 targeting decisions is the best use of NSD attorneys’ valuable time.
The time saved by measures like these could be redirected to U.S.-person FISA applications and other priorities. Particular scrutiny should be given to applications targeting Americans filed in cases the FBI has deemed “sensitive investigative matters,” an existing designation that encompasses investigations of religious leaders, people active in political life, media figures and other categories of particular sensitivity.
FISA Business Records
In addition to conducting electronic surveillance and physical searches, FISA also allows the government to obtain third-party records in certain national security investigations. Last March, however, a statutory sunset caused that business records provision to revert to its pre-9/11 text, which covers only a narrow, enumerated list of business types, such as common carriers, storage facilities and public accommodations. The sunset also ended several other authorities, including a disused provision allowing the National Security Agency to collect call detail records up to two degrees of separation from a target.
The post-9/11 business records authority is not entirely dead yet, however: A “savings clause” in the statute left a temporary bridge back to the old law. Under that clause, the government can continue to use the old authority in investigations that began or relate to conduct that occurred before the sunset.
It turns out that the government’s remaining use of this authority is heavily dependent on the savings clause. The white paper reports that, but for the savings clause, nearly all of the 28 business records orders issued in calendar year 2020 would have been unobtainable under the post-sunset text. The classified version of the white paper provides additional details about why this is so and the specific capability gaps that the sunset creates.
The bottom line is that the reversion of the business records law to its pre-9/11 form weakens the government’s ability to investigate the activities of foreign agents in the United States. This capability gap will expand as time passes and the savings clause becomes unavailable.
___
The white paper focuses on some of the short-term challenges facing FISA: restoring trust, setting priorities for oversight and addressing the lapsed business records authority.
But beyond these immediate tasks, other questions loom. Are FISA’s late-1970s geographic distinctions, which apply different rules based on the site of collection, still sensible when the internet has made geographic boundaries less relevant? Does FISA provide sufficiently robust capability to handle the growing counterintelligence challenges facing the United States? Can FISA’s inherent secrecy be reconciled with demands for transparency?
In the long run, the law will be stretched by two trends pulling in opposite directions. The first is declining trust in government assurances—an especially thorny problem where ground truth is veiled by classification. The second is the rise of China, a formidable peer competitor that conducts aggressive intelligence operations against the United States. That challenge calls for effective counterintelligence tools. Can they endure?
Adam Klein is chairman of the U.S. Privacy and Civil Liberties Oversight Board, an independent executive branch agency tasked with ensuring that efforts to protect the nation from terrorism appropriately safeguard privacy and civil liberties. The views expressed here do not necessarily reflect the views of the U.S. government, the board as a whole, or other board members.