Anti-Terror Law’s Safeguards Against Incidental Collection of Domestic Data Are Sufficient
Paul Rosenzweig /
This is the second article in a series of five. You can read the first article, “How the Section 702 Program Helps America Thwart Terrorist Plots,” here, the third article, “Ample Safeguards of Civil Liberties Warrant FISA Section 702’s Reauthorization By Congress,” here, and the fourth article, “Forgetting Lessons of 9/11, Rebuilding FISA ‘Wall’ Would Be a Mistake,” here.
Section 702 of the Foreign Intelligence Surveillance Act is up for reauthorization by year’s end.
Originally passed in 1978, the Foreign Intelligence Surveillance Act was amended in 2008 by the FISA Amendments Act, which added a new Title VII, “Additional Procedures Regarding Certain Persons Outside the United States.”
The Section 702 program (as authorized by the FISA Amendments Act) is a powerful counterterrorism program subject to rigorous oversight. Unless Congress acts, the U.S. intelligence community will lose these tools on Dec. 31, when the authority for Section 702 sunsets.
>>> How the Section 702 Program Helps America Thwart Terrorist Plots
Section 702 is an electronic surveillance program that targets non-U.S. persons reasonably believed to be located outside the United States, for the express purpose of acquiring foreign intelligence information.
Since 2008, this surveillance of the online activities of targeted foreigners has provided invaluable information to American intelligence officials in the fight against terrorism. It is estimated that more than 25 percent of all current U.S. intelligence is based on the information collected under Section 702.
Additionally, the program has been subject to careful oversight by Congress, the Foreign Intelligence Surveillance Court, and the Privacy and Civil Liberties Oversight Board to ensure that it achieves the proper balance between national security and civil liberties.
Still, critics think that the program still infringes on Americans’ rights. One of their concerns centers on the reality that, in collecting information about foreign actors, the Section 702 program will also incidentally collect information about American citizens.
As explained in our 2016 paper, “Maintaining America’s Ability to Collect Foreign Intelligence: The Section 702 Program,” Section 702 is a constitutional, lawful, and effective program. This blog series will address the main concerns about the Section 702 program in greater depth and show how they are misguided, highlight its effectiveness as a targeted foreign-intelligence program, and look at some of its most successful cases.
Ultimately, the series concludes that the program is so vital to America’s national security that Congress should reauthorize Section 702 in its current form.
Incidental Collection
The Issue: Section 702 can only be used to target non-U. S. persons abroad. It may not be used as authority to target any U.S. person or any person located in the U.S., regardless of whether that person is an American or a foreigner.
The government also cannot “reverse-target,” which involves the targeting of a non-U.S. person under Section 702 in order to collect the communications of a person located in the U.S. or a U.S. citizen located anywhere in the world.
However, because the National Security Agency uses selectors that search for messages “To,” “From,” and “About” foreign intelligence targets through upstream and downstream collection, there will inevitably be incidental collection of the communications of Americans.
This type of collection of Americans’ communications during foreign-intelligence surveillance is known as “incidental” collection, because it is incidental to the lawful collection of foreign-intelligence information.
Importantly, incidental collection is not limited to the FISA program. It happens all the time during any lawful communications-interception program. It also happens, for example, when a Title III traditional criminal wiretap is in operation. [Incidental collection is different from inadvertent collection. Inadvertent collection is accidental collection; for example, when a phone number is mistranscribed by an analyst (e.g.-“202-555-1213” instead of “212-555-1213”), which may result in the inadvertent collection of information about an American.]
If a terrorist target and an American are communicating, that communication will be collected under Section 702 because the government has the authority to incidentally collect the communications of those in contact with a legitimate foreign target.
If two Americans are communicating domestically, and they name a foreign intelligence target, such an as al Qaeda operative, that email might be incidentally collected under 702’s upstream collection. Finally, communications between two terrorist targets might be collected that incidentally includes information about U.S. persons or persons located in the U.S.
Those persons mentioned might be connected to terrorism or a foreign intelligence matter or have no connection at all. For example, if the U.S. government is legitimately collecting the communications of, say, a foreign terrorist target who is emailing to his cousin in the United States, they might incidentally collect the communications of or about Americans in one of two ways.
First, and most obviously, the foreign terrorist target might have direct communications with an American—say, perhaps, about his proposed visit to the U.S. (or, of course, about more nefarious plans). Second, and less obviously, the foreign terrorist target might be talking to some third-party (say, his cousin) and in that communication he might discuss a named American. (For example, he might say, “I was talking with Mr. Smith yesterday and he said … .”)
To reduce the possibility that this incidentally collected information could be misused, the FISA Amendments Act requires the government to use Foreign Intelligence Surveillance Court-approved minimization procedures to determine whether and how incidentally collected information may be used.
Minimization is the set of handling requirements for the collection, use, retention, and dissemination of information that is incidentally collected. It might, for example, prohibit certain types of information from being shared within the U.S. government or require that U.S. person information be deleted after a fixed period of time.
One aspect of that minimization process is the requirement that when U.S. person information is incidentally collected as part of a foreign-intelligence inquiry, the identity of that person is “masked” (i.e., he or she is identified only as, say, “U.S. Person #3”) and his or her identity is only disclosed if it is determined to be relevant to the foreign-intelligence inquiry.
The Criticism: Critics of the incidental-collection aspects of the Section 702 program make, broadly speaking, two arguments: 1.) We don’t know how frequent the collection is; and 2.) However much of it there is, it impinges on American civil liberties by permitting collection of the communications of Americans (even if incidentally) without Fourth Amendment protections.
In a hearing before the Senate Judiciary Committee in May 2016, Sen. Patrick Leahy, D-Vt., stated that while Section 702 is an important tool for national security and counterterrorism, the scope of communications it collects is too broad.
Although the program targets foreigners, it sweeps up vast amounts of information about Americans communicating with foreigners. To this point, he said, the government has not provided a good estimate of the amount of U.S. person communications collected under Section 702.
At the same hearing, Elizabeth Goitein, a co-director of the Brennan Center for Justice at New York University, expressed concern that, under Section 702, the amount of information intercepted about Americans had exploded.
Likewise, the Privacy and Civil Liberties Oversight Board wrote: “Lawmakers and the public do not have even a rough estimate of how many communications of U.S. persons are acquired under Section 702.”
In his testimony before the House Judiciary Committee, Adam Klein, a senior fellow at the Center for a New American Security, argued, “The public debate over Section 702’s implications for domestic civil liberties would be better informed if the public had a more accurate sense of how much U.S.-person data is collected.”
He concluded that Congress should ensure maximum public reporting on the incidental collection of the communications of Americans under Section 702 and that the intelligence community should continue to develop an approach to accurately estimate that number.
In her testimony, Goitein also identified a second concern about incidental collection. “The warrantless acquisition of millions of Americans’ communications presents deep Fourth Amendment concerns.” Incidentally collected communications under Section 702, she argued, include private communications, confidential business information, and other privileged exchanges. She contended that the authority to incidentally collect information about Americans had vastly expanded the scope of government surveillance in violation of the Fourth Amendment.
To be sure, Goitien acknowledged that in the Section 702 context, the Foreign Intelligence Surveillance Court and two federal courts have upheld the government’s authority to incidentally collect the communications of those in contact with a legitimate foreign target, including those of Americans. But she and other critics have challenged those courts’ reliance on the “incidental overhear” cases of the 1970s on the grounds that those cases do not justify the warrantless collection of the communications of Americans.
In the age of electronic communications, they contend that the rule that no warrant is needed to surveil an American who communicates with a foreign target is outdated.
As Goitein writes:
“That rule does not sufficiently protect Americans’ reasonable expectation of privacy in an era where millions of Americans communicate with foreigners overseas on a routine basis, those communications can easily be intercepted in massive amounts without any warrant, and there is no mechanism for ‘turning off’ the collection of ‘innocent communications.’”
Thus, according to critics, while there is no warrant requirement for surveillance of foreign targets, the incidental collection of vast amounts of American communications under Section 702 presents serious privacy concerns and the collection and use of that information should be subject to a warrant requirement. [For more coverage of concerns about incidental collection, see this post from the ACLU.]
The Response: In our view, neither of these concerns is persuasive. To the contrary, the high value of the Section 702 program, as well as its constitutionality (which has been confirmed by every court that has examined the question), counsel in favor of maintaining the program as is.
More specifically, regarding the twin complaints about incidental collection lodged by critics, neither withstands close examination.
First, as to the lack of data about incidental collection, the argument is in some ways a misdirection. There is more than enough data available right now to know the frequency with which incidentally collected U.S. person data is queried by the U.S government; that is, the frequency with which the collected data is actually put to some use.
According to the Privacy and Civil Liberties Oversight Board, fewer than 200 queries per year are submitted that seek to review incidentally collected data. And that makes sense: Analysts have access to millions of pieces of data, but it would be impossible for them to look at every piece of data.
It is borderline absurd to suggest that analysts looking for foreign intelligence data are somehow switching their focus and priorities to find U.S. person data. Regardless of the total volume, that relative infrequency of use reflects the care with which incidental data is treated. Size, in the end, doesn’t matter; use does.
Perhaps more importantly, collecting more data about the frequency of incidental collection will create more privacy problems than it solves. That’s because collected data does not come with a tag that says “I am data about an American.”
When the foreign terrorist target is speaking with his cousin about “Mr. Smith,” there is nothing that necessarily identifies Mr. Smith as an American. To be sure, the context might sometimes offer a clue, but in general, the analyst reading the transcript would have no idea whether Mr. Smith was an American or a citizen of Australia.
Right now, U.S. person data is only identified as such if the data is deemed to be potentially relevant to a foreign intelligence investigation. In other words, the intelligence analyst only seeks to determine Mr. Smith’s nationality if the context of the conversation suggests that the discussion is related to some foreign terrorist activity.
If, for example, the context is a future music and cultural trip, the intelligence community would not seek to determine whether or not Mr. Smith was an American.
As a consequence, if we decide we want to quantify the collateral collection of communications by U.S. persons, we would have to direct the intelligence community to do something that it does not currently do; namely, characterize and identify all U.S. person data it collects.
This, in turn, would have the adverse effect of requiring the intelligence community to create a database of U.S. person interactions—a database that does not now exist.
We also understand that the intelligence community had recently told the Congress that, in many ways, such a project is not feasible technologically. Finally, one also has to wonder about the security of such a database against theft and disclosure, as well as about the potential for abuse of such a database.
It would be odd indeed if, in the name of protecting privacy, we fostered such a significant invasion of privacy.
Second, as to the alleged invasion of privacy, the evidence and the law again strongly contradicts the critics.
To begin with, the criticism ignores the rigorous oversight and judicial process that goes into the operation of FISA, with its many certifications and directives. It is fair to say that no other nation in the world has as strong an oversight system for these types of programs as does the U.S. We are the “gold standard.”
To this, critics respond by saying that FISA does not operate with a warrant requirement, as if that were the end of the story. Rather, however, it is just the beginning.
The Supreme Court has long recognized that warrants are not required in “special needs” circumstances. One example of this is its decision that warrants are unnecessary for searches conducted at public schools. Surely, foreign intelligence is as much a special need (where countervailing governmental interests eliminate the requirement for a warrant) as the public school system.
Indeed, that’s exactly the conclusion reached by the Foreign Intelligence Surveillance Court appeals court when it first addressed the question generally. (See In Re Directives, 551 F.3d 1004, 1011 [Foreign Intelligence Surveillance Court of Review 2008]), and also what Judge John Bates said about Section 702 in particular. (See [Redacted Case Name], Memorandum Opinion, United States Foreign Intelligence Surveillance Court [Bates, J.] [Oct. 3, 2011] at 68).
More to the point, critics complain specifically that the FBI should not be able to use Section 702 information to look for evidence of non-foreign intelligence crime. They point to the FBI’s 2015 minimization procedures, which permit authorized FBI users to “query FBI electronic and data storage systems that contain raw FISA-acquired information to find, extract, review, translate, and assess whether such information reasonably appears to be foreign intelligence information, to be necessary to understand foreign intelligence information or assess its importance, or to be evidence of a crime.”
They contend that each specific query for “evidence of a crime” ought to be independently justified to a court under the Fourth Amendment.
But, again, the critics are wrong, as two federal courts have already noted. In November 2015, Judge Thomas F. Hogan of the Foreign Intelligence Surveillance Court ruled that the FBI’s minimization process was constitutional. (See [Redacted Case Title], Memorandum Opinion and Order, Foreign Intelligence Surveillance Court [Nov. 6, 2015].) He said that the focus on a query-by-query justification for each FBI inquiry was the wrong focus.
Rather, Judge Hogan determined that “the program as a whole” must be evaluated for Fourth Amendment reasonableness, and that in doing so, the court was required to “weigh the degree to which the government’s implementation of the applicable targeting and minimization procedures, viewed as a whole, serves its important national security interests against the degree of intrusion on Fourth Amendment-protected interests that results from that implementation.”
Under that standard, Judge Hogan was satisfied with the narrowness of the FBI’s program and the importance of the national security interests it advanced. Indeed, he suggested that the entire critical concern with abuse was theoretical.
Consistent with the data-availability point we made earlier, Judge Hogan noted that “FBI queries designed to elicit evidence of crimes unrelated to foreign intelligence rarely, if ever, produce responsive results from the Section 702-acquired data.” In other words, the infrequency of a positive result reduces the degree of Fourth Amendment concern.
As a result, the judge decided that “the risk that the results of such a query will be viewed or otherwise used in connection with an investigation that is unrelated to national security appears to be remote, if not entirely theoretical.”
Nor are the critics correct in arguing that the FBI should not have access to otherwise legally collected information. The question then is not whether or not a warrant should be required for collection, but whether or not the subsequent use of the lawfully collected information comports with the Fourth Amendment. Here, the general rule is that evidence once lawfully collected may be used for any legitimate government purpose.
Otherwise, for example, police officers lawfully present in a house to address a domestic dispute would be required to ignore the illegal weapons and drugs in plain view on the coffee table. That makes sense neither as a matter of policy, nor as a matter of law.
The gatekeeping function that protects against governmental abuse lies in the antecedent authorization—to enter the house, in this hypothetical, or to collect foreign-intelligence information under Section 702.
And, again, the courts agree. As one judge from Colorado put it: “Accessing stored records in a database legitimately acquired is not a search in the context of the Fourth Amendment, because there is no reasonable expectation of privacy in that information. Evidence obtained legally by one police agency may be shared with similar agencies without the need for obtaining a warrant, even if sought to be used for an entirely different purpose.” See United States v. Muhtorov, Criminal Case No. 12-cr-00033-JLK (D. Colo. Nov. 19, 2015).
Even the normally liberal 9th U.S. Circuit Court of Appeals concluded that Section 702 passed constitutional muster. See United States v. Mahamud, No. 14-30217 (9th Cir. 2016).
Finally, it is worth recognizing (and rejecting) the implicit message that critics are advancing; namely, that evidence collected for national security purposes should not be used in any domestic criminal investigation absent an independent authorization.
We’ve gone down that road before. The 9/11 Commission was of the view that artificial barriers that prevented the sharing of intelligence information with law enforcement were a contributing factor to the failure to prevent the terrorist attacks that day. The commission concluded that the “wall” between types of evidence ought to be reduced.
Critics of Section 702 are, in effect, suggesting we reverse that policy and return to the pre-9/11 rules that prevented law enforcement from accessing intelligence data. That would be a mistake, and the incidental collection of data about U.S persons is no argument to the contrary.