In a recent analysis for Just Security, I explored some concerns about how warrantless surveillance under Section 702 of the Foreign Intelligence Surveillance Act (“FISA”) may be undermining the U.S. criminal justice system. While many of those concerns would apply to the government’s potential reliance on warrantless Section 702 data as part of any criminal probe, I expressed a worry that such data might conceivably be making its way into investigations of relatively low-level suspected offenses (for example, suspected drug-related violations).
Partly in reply to Dean Asha Rangappa’s letter to the editor, I would like to expand on a few of the problematic practices I had mentioned—all of which should be at the forefront of legislators’ minds during the upcoming debate about whether Section 702 should be renewed before its scheduled sunset at the end of this year. These include “incidental” collection, warrantless querying of Section 702 data by the FBI, and parallel construction.
“Incidental” collection: A “subset” can still be a large pool of private information—including on U.S. persons
Under the law, the executive branch must “target” non-U.S. persons outside the United States when it carries out warrantless monitoring of Internet or telephone communications under Section 702. These targets need not be suspected of any wrongdoing: as long as “a significant purpose” of the surveillance is to obtain “foreign intelligence information,” a term FISA defines broadly, any non-U.S. person outside the country’s borders is fair game. In 2016, the government had an estimated 106,469 such targets—a number that had steadily increased for several years. Foreign Intelligence Surveillance Court (“FISC”) amicus, Amy Jeffress, who served as an impartial adviser, has confirmed that “not all Section 702 targets are international terrorists,” and the executive branch has yet to explain who else might be singled out. Then-chair of the Privacy and Civil Liberties Oversight Board (“PCLOB”) David Medine told Congress in 2016 that a Section 702 target could be “anyone with foreign intelligence value,” including, for example, “a completely innocent businessman.”
While this monitoring has considerable human rights implications for the foreigners who are targeted, it is likely that the dragnet is also capturing large numbers of U.S. persons’ communications. The government likes to describe this seizure of Americans’ private correspondence under Section 702 as “incidental.” However, as PCLOB has pointed out, “[s]uch ‘incidental’ collection … is not accidental, nor is it inadvertent.” FISA requires that Section 702 surveillance be “reasonably designed” to minimize such collection, but it happens anyway. The President’s Review Group on Intelligence and Communications Technologies even suggested in 2013 that the executive branch may have an incentive “to use section 702 in an effort to gather evidence against United States persons in a way that would circumvent the underlying values of both FISA and the Fourth Amendment.”
This pool of warrantless Section 702 information on U.S. persons is probably sizeable. Medine testified explicitly that “the government is collecting large quantities of Americans’ communications” under the law. In her FISC amicus brief, Jeffress referred to “a potentially very large … scope of incidental collection of communications between lawful targets and U.S. persons that are not the type of communications Section 702 was designed to collect”—including communications with “no foreign intelligence value.” These statements indicate that while it is probably literally true that U.S.-person information is a “subset” of the data gathered under Section 702, this subset may be substantial and may include such troublingly private content as—in Medine’s words—“family photographs, love letters, personal financial matters, discussions of physical and mental health, and political and religious exchanges.”
Therefore, I do not share Dean Rangappa’s confidence that warrantless Section 702 data is unlikely to include information on “[w]holly domestic” U.S. crimes—let alone crimes (such as drug-related offenses) that the government may regard as having some kind of foreign nexus, however remote. The fact is that when a government grabs untold reams of private communications belonging to thousands or millions of people, there is simply no knowing what kind of information might be in there, available to be searched.
Once the National Security Agency (“NSA”) has obtained data through Section 702, including on U.S. persons, it may distribute or report on that data in several ways that may ultimately have implications for criminal cases—including by sharing data it “reasonably believe[s] to contain evidence of a crime” with the FBI or other law enforcement bodies. While it has not been publicly confirmed that such knowing NSA sharing of Section 702 data believed to contain evidence of a crime is feeding into non-terrorism prosecutions, in my view the risk is real.
FBI querying: “Fishing” in the pool is probably not so unusual
The current Section 702 regime allows the FBI to obtain unknown amounts of raw Section 702 data without a warrant. PCLOB has said it does not obtain all such data, but the actual amount remains unclear; the Office of the Director of National Intelligence’s statement three years ago that the data constitutes “a small percentage of NSA’s total Section 702 collection” did little to illuminate this.
The Bureau then has the power to carry out warrantless searches—or “queries”—of these communications, a practice that has prompted strong expressions of concern from independent evaluators. Medine testified that the FBI “routinely looks into 702 databases, and not just in investigations, but even in assessments where the FBI has absolutely no suspicion of wrongdoing … they’re just sort of entitled to poke around and see if something is going on.” Jeffress, too, flagged that the FISC has described these FBI queries as “routine and encouraged,” that the Bureau may conduct them even at the pre-investigation “assessment” stage, and that “there is no requirement that the matter be a serious one, nor that it have any relation to national security.”
It is difficult to reconcile the claim that it is “extremely unlikely” that FBI agents would “fish” in Section 702 data for evidence of crimes with Medine’s and Jeffress’ statements, which suggest the Bureau has the power to do just that. As Dean Rangappa emphasizes, FBI procedures require that “[t]o the extent reasonably feasible,” queries of raw Section 702 data must be designed to “find and extract foreign intelligence information or evidence of a crime.” That latter phrase, however, essentially captures the problem: Agents may carry out warrantless searches of warrantlessly seized communications in order to find something the government could use to put someone in jail.
A recent FISC opinion indicates that the executive branch has reported only one instance to the Court in which the FBI, using a query that was not designed to find “foreign intelligence information,” found Section 702 information on an American. As highly unsympathetic as that case is (it involved an e-mail containing a description of child abuse), the fact that the government did use Section 702 to find such information without a warrant should give us all pause. Footnote 53 in the opinion also gives rise to concern that the FBI’s self-reporting processes for such cases may not be fully reliable—and one wonders how expansive queries that are seeking “foreign intelligence information,” which would not even result in such reporting, may be.
The FBI’s adoption of internal procedures that, in some ways, regulate access to this pool of warrantlessly collected data (for example, by requiring agents to have authorization before they can view Section 702 data they have found) does not take these concerns off the table. First, as Chief Justice Roberts observed in Riley v. California, law enforcement’s development of internal rules to assuage concerns about warrantless searches is “[p]robably a good idea, but the Founders did not fight a revolution to gain the right to government agency protocols.” In other words, even the best and strictest FBI procedures cannot undo any constitutional or other violations inherent in these programs.
Second, the FISC expressed a stark concern in its recent opinion about the FBI’s “apparent disregard” of rules the FISC had approved, and recorded at least three serious episodes in which the Bureau improperly provided access to raw Section 702 data to its own employees or to groups of private contractors. The Court also raised fears that “the FBI may be engaging in similar disclosures of raw Section 702 information that have not been reported.”
Parallel construction means the use of this data in criminal investigations may never come to light
If the NSA, FBI, or other entities are employing warrantless Section 702 data in non-terrorism criminal investigations, this practice might never come to light. Historical documents suggest that the government may have devoted a significant amount of time over the years to pondering the question of how to use intelligence information in investigations without disclosing this fact at trial. Among other things, a declassified document from 1983 shows the executive branch seeming to embrace the idea of deliberately “build[ing] a firebreak” in evidentiary trails by encouraging law enforcement to develop independent evidence in a way that would prevent defendants from discovering that information originally came from intelligence activities. Thirty years later, Reuters reported that the DEA was engaging in just such an activity, known as “parallel construction,” to avoid disclosing its use of tips from intelligence.
The government’s decidedly belated notice of Section 702 surveillance in at least a few known criminal cases provide reason to be concerned about the use of parallel construction to conceal such monitoring; it is also worrying that even defense attorneys who fight determinedly to find out if Section 702 or other intelligence monitoring was employed in their clients’ cases may face stiff resistance. (For civil rights defenders, it is worth reading the hearing transcript and related motion in an unusual 2013 Texas drug case to see some of the challenges confronting such attorneys.) It also seems possible, as at least one declassified record as well as the Reuters article suggest, that the prosecution could simply drop cases if defendants appeared likely to succeed in forcing the disclosure of Section 702 surveillance.
* * *
Particularly since the discussion above draws on some materials that had not yet been released at the time of our original exchange, I hope Dean Rangappa will take this as an invitation to a continuing dialogue.
This analysis of how Section 702 data may be quietly making its way into criminal investigations is one aspect of a larger story: I am just as concerned about information the U.S. has warrantlessly obtained under Executive Order 12333 or intelligence-sharing agreements with foreign governments and hope to write further on those topics in the future. However, Section 702 presents an immediate opportunity to restore civil liberties in this area—something Congress should not pass up.