There’s a reason privacy advocates are fond of Sen. Ron Wyden, and its not just because he routinely champions legislation aimed at protecting civil liberties. From his perch on the Senate Select Committee on Intelligence, Wyden is uniquely well situated to spot intelligence programs that strain the limits of the law or unduly encroach on Americans’ privacy. And while Wyden takes his obligation not to reveal classified information seriously, he has a history of doing all he can to draw public attention to those potential problem areas. Long before Edward Snowden revealed the NSA’s now-defunct mass database of domestic telephone records, Wyden was sounding the alarm about a secret and radical interpretation of the Patriot Act’s “business records” provision. Most notoriously, at a public hearing in 2013, he pressed then–Director of National Intelligence James Clapper on whether NSA collected any type of data on Americans in bulk—and received the now-infamous answer “not wittingly,” which seriously weakened Clapper’s credibility when it was revealed to be false just a few months later.
Privacy and surveillance wonks even have a tongue-in-cheek nickname for the intriguing hints the Oregon senator drops: Wyden’s “Batsignal.”
Well, it appears the Batsignal has been lit again. At a recent hearing on the reauthorization of section 702 of the FISA Amendments Act—most of which was ultimately consumed by questions about Russia and former FBI Director James Comey—Wyden asked the new Director of National Intelligence, Dan Coats, whether the government can use 702 “to collect communications that it knows are entirely domestic.” Coats said it could not—”not to my knowledge”—and that it would be against the law to do so.
Here privacy geeks perked up their ears. Section 702 allows the National Security Agency to target foreigners who use U.S. communications facilities for electronic surveillance without a warrant—even when they’re communicating with Americans, something that, before 2008, would have required a search warrant under the Foreign Intelligence Surveillance Act. Inevitably, given that some 100,000 persons are targeted under the authority each year, NSA does end up inadvertently vacuuming up some entirely domestic messages in the process. But the statute at least seems to contain a clear answer to Wyden’s question: The government “may not intentionally acquire any communication as to which the sender and all known recipients are known at the time of acquisition to be located in the United States.” Wyden, of course, knows this full well—and so surveillance wonks quickly surmised the question might allude to some form of collection that was sweeping in domestic communications more systematically.
That suspicion was strengthened when Coats’ office followed up on Wyden’s question by citing the statutory language, and Wyden shot back a terse letter insisting that this “was not my question” and asking for a public response to the query he’d posed. Somehow, Wyden’s line of inquiry implied, the government had found a way to knowingly collect domestic communications without explicitly violating the statute’s prohibition. But how?
One possibility that quickly occurred to many was that it might have something to do with the problem of what are known as “multiple communications transactions“: Internet sessions in which the contents of many messages are delivered in a single package, such as when a user loads their e-mail inbox via a web interface that shows previews of all their most recent messages. When one message in such a stream triggered the NSA’s powerful filters, all of them would end up sucked into the agency’s database—and if the inbox in question belonged to an American, that might mean collecting dozens of entirely domestic messages along with the one that had contained a targeted “selector.” The secret FISA Court had blasted this process as “unreasonable” under the Fourth Amendment, noting that it was likely to result in tens of thousands of constitutionally protected domestic e-mails being acquired without a warrant each year. The public should certainly learn more about how the NSA has adapted its procedures to deal with the MCT problem, but it seems unlikely to be what Wyden was alluding to. After all, this issue has been publicly known since 2013, and if Wyden had wanted to ask about it, he could have done so directly.
There’s another obvious possibility, however, that was suggested to my by Electronic Frontier Foundation attorney Andrew Crocker: What about domestic communications that are acquired from storage on a server after the sender or recipient has left the United States? The statute, after all, does not explicitly say the government must not acquire messages whose sender and recipients were all in the United States at the time the message was sent–the language only requires that at least one party be outside the United States when the message is acquired. So, for instance, a foreign student who spends the school year in the United States, then leaves the country for the summer, might be subject to having all his old messages—including correspondence with his American friends that was sent when all the parties involved were on U.S. soil—vacuumed up after the fact, as long as the NSA waits until the foreign target has left the country.
Something like this appears likely to have occurred in one of the few cases in which evidence derived from 702 was introduced in a public trial. Mohamed Osman Muhamud, a naturalized U.S. citizen, was convicted in 2013 of plotting to bomb a Christmas tree lighting ceremony in Portland, Oregon. Key to the case against him was e-mail correspondence with a Saudi-born suspected terrorist, Amr Solaiman Al-Alali, who had been enrolled as a student at Portland State University when he befriended Muhamud. As the American Civil Liberties Union noted in a brief it filed in that case, any 702 surveillance targeting Al-Alai would likely have encompassed messages he exchanged with Muhamud while both were still in Oregon—messages clearly entitled to the full protection of the Fourth Amendment.
While it may not always be possible for the government to know which of a legitimate foreign target’s e-mails might have been sent or received while that target was in the United States, it would certainly be disturbing if the government were deliberately exploiting this loophole to gather messages that, at the time they were sent, could only have been collected by applying to a judge for a particularized search warrant. About a million foreign nationals are enrolled in American colleges and universities—in California they make up a tenth of the student population—and American peers who befriend those students should not have to worry that months or years worth of wholly domestic correspondence will be at risk of being vacuumed up without a warrant whenever summer break rolls around.
If this is indeed the loophole to which Sen Wyden sought to draw attention, Tuesday morning’s Senate Judiciary Committee hearing on 702 should provide an opportunity for senators to demand more details on how often the NSA exploits it, and whether reforms are needed to reassure Americans that their domestic e-mails, at least, can only be read by the government after a judge has signed a search warrant.
Photo: The Batsignal shines up from the convention floor during WonderCon 2016 at the Los Angeles Convention Center on March 25, 2016t: Frazer Harrison/Getty Images