On Dec. 1, 2017, the House Intelligence Committee took the unusual step of holding an open markup of its bill to reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA) for four years, known as the FISA Amendments Reauthorization Act of 2017. Although the committee finally recognized its obligation to hold an open markup, members spent almost no time discussing Section 702. Instead, they allowed the markup to devolve into a partisan debate about a practice called unmasking. While unmasking can raise privacy concerns, it has no real place in what should be a serious debate about the implications of the incidental collection and use of Americans’ communications under Section 702. It only became an issue when the committee’s Chairman Rep. Devin Nunes (R-Calif.) rushed to justify President Trump’s baseless claims that he’d been wiretapped by the Obama administration.
When communications that are collected under a foreign intelligence surveillance authority, including Section 702, are reviewed and information identifying a U.S. person is included in intelligence reports, the identifying information is minimized or masked to protect that person’s privacy. Unmasking is where the identity of the person whose information had been minimized is revealed based on a determination that knowing that identity is necessary to understanding the foreign intelligence value of the communication or intelligence report. There are also special procedures called “Gates Procedures” which govern when the identities of members of Congress or congressional staff can be unmasked or disseminated.
The Director of the NSA, Adm. Mike Rogers, testified before Congress that only he and 19 other officials can approve unmasking requests. It is unclear how often unmasking happens, though a few statistics are available: Samantha Powers, former ambassador to the United Nations, made over 260 requests, and Susan Rice, President Obama’s National Security Advisor, made the now infamous unmasking requests concerning President Trump’s campaign and transition officials. Even with the limited information that is publicly available on unmasking, from a privacy perspective, it is clear that it pales in comparison to the concerns that have dominated the debate on reform and reauthorization of Section 702.
Under Section 702, surveillance is targeted at foreigners abroad in order to collect foreign intelligence information. Because of this, the surveillance is subject to a standard that is far less strict than the required showing of probable cause of a crime, which applies in criminal cases, or the required showing of probable cause that the target is an agent of a foreign power, which applies in traditional FISA cases, and there is not even any individualized court review of targets. Despite the foreign targeting, substantial quantities of Americans’ communications are swept up “incidental” to that surveillance. The government then routinely and warrantlessly searches databases containing Section 702 communications for Americans’ information, and may also warrantlessly review the contents and metadata of their communications – a practice referred to as a “backdoor search.”
The NSA and CIA may conduct U.S. person searches through collected data for foreign intelligence or national security purposes. In 2016, the NSA and CIA searched the contents of unminimized Section 702 data for known Americans’ communications using 5,288 search terms, and the NSA conducted searches for known Americans’ unminimized metadata using 30,355 search terms (the CIA is still developing a system for counting its metadata searches). The FBI conducts warrantless searches for Americans’ communications as well, but its searches through collected data are not limited to foreign intelligence and national security purposes. They may be conducted in relation to any crime. They are common practice for the FBI when agents are determining whether to open an assessment, which requires no belief or proof of wrongdoing, and because of their frequency, the Department of Justice has insisted it would be too burdensome for the Bureau to be required to provide written justifications when conducting these searches.
Warrantless U.S. person searches have been at the heart of the Section 702 reform debate since well before the Snowden revelations, yet during its markup, the Committee did not debate this issue, or any of the approaches to reform that have been proposed. In fact, aside from perfunctory opening statements by Committee leadership that uncritically exalted Section 702, Representatives Speier, Carson, Castro, and Heck were responsible for the only substantive discussion on the controversial authority. Even then, amidst the fighting over unmasking, they were only able to make fleeting remarks of opposition to the Committee’s bill, citing privacy concerns as the basis for their position.
Of the five reauthorization bills that have been introduced in Congress, the House Intelligence Committee’s bill is the one that poses the greatest threats to privacy and individual rights on several fronts (a chart comparing the provisions of the five reauthorization bills is available here). The House Intelligence Committee bill would deal with warrantless searches of Section 702 data by codifying the practice. It would establish an optional warrant requirement that would still permit virtually unlimited warrantless access to Americans’ communications, and it would include sweeping exceptions to what minimal protections it put in place. Representative Heck chided this approach as the opposite of reform, and said it would be the oil that greased the hinges for backdoor searches. Privacy groups and industry are also in agreement that the optional warrant requirement would be essentially meaningless.
At its markup, the Committee also failed to discuss other pressing issues related to Section 702, like codifying the end to “abouts” collection – a practice where the NSA collects communications that reference or are “about” its targets, in addition to those that are “to” or “from” its targets. The practice results in such large-scale collection of Americans’ communications that the Foreign Intelligence Surveillance Court (FISC) has twice deemed it unconstitutional unless sufficient post-collection protections are in place. In March, the NSA was forced to stop the practice because those protections had failed for the previous six years, and the government determined that there was no other feasible solution to address the court’s concerns regarding the privacy risks posed by “abouts” collection.
All five bills touch on “abouts” collection. The approach in the Intelligence Committees’ bills, which privacy groups and industry oppose, would codify the practice and could even expand it. The approaches in the three remaining bills, which privacy groups and industry have praised, would prohibit abouts collection. Nevertheless, the House Intelligence Committee fought about unmasking instead of taking this crucial opportunity to publicly debate both the Intelligence Community’s claims concerning the value of “abouts” collection and the impact of this practice on Americans’ privacy.
Finally, and perhaps most concerningly, the Committee failed to debate, or even explain, the most controversial part of its bill: the expansion of the definitions of “foreign power” and “agent of a foreign power.” Under the House Intelligence Committee bill, these FISA definitions would be expanded to cover individuals or entities engaged in “international malicious cyber activity,” as possible targets for surveillance under all FISA authorities, not just Section 702. Under the bill, these malicious cyber entities could be targeted even if they have members or associates who are U.S. persons, provided that they are “not substantially composed” of U.S. persons. The language in this provision is broad, and thus left open to a wide range of interpretation. Even taking the narrowest reading, the new definitions would significantly expand surveillance under all FISA authorities and could result in the increased targeting and incidental collection of Americans’ communications.
This language and the rationale for the expanded authorities has never been discussed publicly. The public, and by their telling, many members of the Committee, only first saw the language 36 hours before it was set for a vote. The government has never publicly stated whether it needs these provisions, let alone how it would interpret or use them. Congress has not held a single hearing on these new definitions and did not discuss them at all during the markup, leaving the congressional record devoid of any indication of congressional intent. If it becomes law, the bill would represent the most sweeping expansion of surveillance authority since Congress first enacted Section 702 as part of the FISA Amendments Act of 2008. Despite this, the Committee focused on the red herring issue of unmasking, and approved its bill without any meaningful consideration or debate.
It is clear that unmasking can have real privacy implications. Thus it is important that Congress ensure that the standards for when such a request can be approved are sufficiently strict and that the number of officials who can approve such a request continues to be reasonably limited. However, unmasking and Section 702 reauthorization live in two different universes. The first is a universe where a privacy procedure has been seized upon for purely political purposes, and the second is a universe where privacy procedures have been demonstrated to be insufficient to protect Americans’ rights. The House Intelligence Committee’s failure to have a full public debate on the real threats posed by Section 702 was a disservice to those whom members of Congress serve: the American people.
Image: Zach Gibson/Getty