Show sidebar

Correcting the Record on Section 702: A Prerequisite for Meaningful Surveillance Reform

The legal authority behind the controversial PRISM and Upstream surveillance programs used by the NSA to collect large swaths of private communications from leading Internet companies –  Section 702 of the Foreign Intelligence Surveillance Act (FISA) –  is scheduled to expire on December 31, 2017. In recent months, Congress began to review these programs to assess whether to renew, reform, or retire section 702. Unfortunately, it appears the debate has already been skewed by misconceptions about the true scope of surveillance conducted under the contentious provision. These misconceptions need to be addressed before they completely derail the unique opportunity at hand to have a well-informed discussion about much-needed reforms – reforms that could stabilize the shaky constitutional ground that current US surveillance practices stand on, and reaffirm the US government’s commitment to fundamental human rights.

Specifically, the public debate has not sufficiently acknowledged the broad scope of section 702 collection, the volume of Americans’ data collected, or the liberality of the post-collection procedures governing intelligence and law enforcement usage of the data. Hiding behind the counterterrorism justifications for section 702 collection is a broad surveillance program that sucks massive amounts of private data – a sizeable chunk of which belongs to US persons – into government databases. Once the government has collected this information, it may use it for a variety of purposes that may have nothing to do with foreign intelligence or national security, including criminal investigations. As we’ll explore later, when the true scope of the section 702 program is understood, it is readily apparent that the collection of communications content under the program flies in the face of traditional notions of what constitutes a “reasonable” government search. Moreover, collection on this scale is inconsistent with international human rights norms that require surveillance to be necessary and proportionate. In short, the section 702 surveillance program is in desperate need of reform.

Section 702 Is Not a Counterterrorism Statute

Legislators weighing the value of section 702 talk almost exclusively about its use for counterterrorism. For example, the May 10 Senate Judiciary hearing on reauthorizing the FISA Amendments Act opened with references to the terrorist attacks in Paris and San Bernardino, and throughout the discussion senators and panelists emphasized the government’s responsibility to keep people safe. The implication was that if Americans’ and innocent foreign civilians’ private data is warrantlessly captured under section 702, it is only as a necessary byproduct of counterterrorism surveillance.

Despite what many lawmakers appear to believe, counterterrorism and national security are not the only permitted justifications for surveillance under section 702. Surveillance can occur for any foreign intelligence purpose, including the collection of information about a foreign power or territory that is related tothe conduct of the foreign affairs of the United States.” Such broadly worded language permits surveillance far beyond that related to counterterrorism. For example, when protesters gather as part of the Arab Spring or to protest a government policy, the reasons for their complaints “relate” to US foreign affairs. Information about other countries’ economic policies, which could affect global markets, “relates” to US foreign affairs, as well. In 2015 alone, there were an estimated 94,368 targets under section 702, and the public does not know what fraction of those targets, many of whom communicate with Americans, were actually targeted for counterterrorism-related purposes.

Moreover, foreign intelligence need not even be the main purpose of section 702 collection. Collection under section 702 is valid so long as a “significant purpose” of the collection is to obtain foreign intelligence information. The primary purpose of the collection can be for another purpose entirely, such as investigating alleged tax evasion. The “significant purpose” loophole could also enable the FBI to use section 702 to direct warrantless surveillance for criminal investigations (although only the NSA can make actual targeting decisions, the FBI is permitted to “nominate” surveillance targets of its own).

Compounding the issue is the fact that decisions about whether or not a potential target is likely to communicate or receive such broadly defined “foreign intelligence information” are made with little guidance or limitation. The NSA’s 2009 Targeting Procedures contain a non-exhaustive list of factors that the NSA may consider when assessing whether a target is likely to have foreign intelligence information. These factors include whether or not there is “reason to believe” the target is or has communicated with an individual “associated with” a foreign power or territory. It is unclear what it means to be “associated with” a foreign power or territory when it comes to section 702 surveillance, but such language could be interpreted quite broadly.

Moreover, there is hardly any judicial oversight over section 702 targeting. FISA Court (FISC) judges have very little sway over the targeting procedures themselves – they may only review them to see if they are “reasonably designed” to fit the minimum statutory requirements. (For more see here and here.) In addition, FISC judges do not participate in making individual targeting decisions – such decisions are entirely internal determinations made by the NSA. A predictable by-product of judicial disengagement from targeting decisions is that innocent people may be improperly spied on. The public recently learned that the NSA targeted a peaceful New Zealand pro-democracy activist under the PRISM surveillance program based on erroneous claims by the New Zealand government that the man was plotting violent attacks. Had the NSA been required to provide some form of justification to a judge, the surveillance (in which the agency captured communications of people associated with a Fijian “thumbs up for democracy” campaign and turned them over to the New Zealand government) might not have happened.

Thus, when people talk about section 702 as if the only collection taking place under its auspices is for counterterrorism, that is wrong. Discussing the statute as if foreign intelligence must be the only, or even the primary, driver of its warrantless collection is also wrong. The statute allows warrantless content surveillance for a myriad of other purposes, so long as foreign intelligence collection is a “significant” purpose. Further, section 702 permits a very broad understanding of what type of person or entity is likely to communicate foreign intelligence information. Surveillance of conversations of foreigners that may be of foreign intelligence interest is thus neither necessary nor proportionate, as international human rights law requires. The broad scope of targeting under the 702 program should be tremendously worrisome, even for those who do not find the rights of non-US persons particularly compelling. The more foreigners deemed to potentially have foreign intelligence information, the more Americans communicating with those foreigners who may be incidentally spied on, as well.  Moreover, in the 2015 Schrems decision, the Court of Justice for the European Union invalidated the EU-US Safe Harbor agreement, the basis for data transfers between the European Union and the United States, largely because of US surveillance programs such as section 702. This ruling threatens the ongoing flow of data between the US and Europe, potentially creating significant economic costs and legal risk for US-based companies, such as Google and Facebook, that transfer data under the scheme.

Next week, we’ll explore how broad the collection of Americans’ communications is under Section 702. In part 3, we’ll talk about the range of purposes beyond counterterrorism and national security for which section 702 data can be used.

A version of this post with footnotes is available here.

Tags: , , , , , , , , , ,

About the Authors

was the Center for Democracy and Technology’s Privacy, Surveillance & Security Fellow. Her work focused on the right to privacy in the Digital Age, the relationship between national security objectives and civil liberties, and ways the government and the private sector can respond to evolving cybersecurity threats.

is the Director of Civil Liberties at the Stanford Center for Internet and Society. Follow her on Twitter (@granick).