Image: Acting FBI Director Andrew McCabe, Deputy AG Rod Rosenstein, DNI Daniel Coats, and NSA Director Adm. Michael Rogers testify before the Senate Intelligence Committee on the re-authorization of FISA Section 702 on June 7, 2017. (Chip Somodevilla/Getty Images)
House leadership is about to make another attempt at what it failed to do in December: push through an updated version of the House Intelligence Committee’s FISA Amendments Reauthorization Act of 2017 by claiming the bill is a surveillance reform measure. The bill would reauthorize and expand – rather than reform – Section 702 of the Foreign Intelligence Surveillance Act (FISA), the provision that allows the government to warrantlessly collect the communications of non-Americans located abroad, including their communications with Americans.
As the December 31 sunset date for this law approached, House leadership chose not to hold a vote on the Judiciary Committee’s compromise bill to reform and reauthorize Section 702, known as the USA Liberty Act, which includes some meaningful reforms and appears to have overwhelming bipartisan support. Instead, they tried to force a vote on a modified version of the House Intelligence Committee’s Section 702 reauthorization bill, which privacy groups strongly opposed.
Once it became clear that the vote would fail, leadership abandoned its attempt to pass the Intelligence Committee’s bill, and Congress instead passed a short-term extension of Section 702 to Jan. 19, 2018. Appallingly, House leadership has chosen to advance a re-modified version (S. 139) of the Intelligence Committee’s bill, which still only pretends to be a reform bill, to a vote this week.
In the five years since Congress last reauthorized Section 702, we have learned a great deal about the operation of the Section 702 program and the risks it poses to privacy and civil liberties. In response, privacy advocates have called for many reforms to Section 702, focusing in particular on two key measures that are needed to safeguard individual rights: prohibiting the currently suspended practice of “about” collection and ending the government’s practice of conducting warrantless searches through data collected under Section 702 to seek information about Americans. Proponents of the Intelligence Committee’s bill contend that it presents a compromise approach to addressing both of these privacy risks, and that recent modifications to the bill address the concerns of privacy advocates. In reality, the bill includes no meaningful reform on either issue – or any other real reforms to Section 702. Instead, the Intelligence Committee’s bill would codify these two practices and risk expanding the government’s surveillance authority.
“About” collection is part of upstream surveillance, where the government collects not only communications that are “to” and “from” a target, but also those that are “about” a target, such emails between two non-targets that happen to mention a target’s email address, phone number or other such “selector” in their communication. Not only does this tactic permit collection of communications where no participating communicant is a target, but it vastly increases the risks of collecting purely domestic communications. Last spring, to address substantial non-compliance with privacy safeguards required by the FISA Court, the government was forced to eliminate “about” collection.
“Backdoor searches,” or what the government refers to as “U.S. person queries,” occur when, without any judicial process or oversight, the government searches through its collected Section 702 data for information about a specific American – someone who could not be targeted for surveillance in the first place without an individualized warrant – and accesses the contents and metadata associated with any responsive communications. The NSA and CIA have reported that they conduct these searches tens of thousands of times a year, and the Federal Bureau of Investigation (FBI), which conducts these searches as a matter of routine, including for criminal investigations, does not even count how often they are performed.
So how does the House Intelligence bill address these two practices? It merely provides a 30-day notice requirement on “about” collection and an illusory warrant requirement for backdoor searches. On “about” collection, the bill’s eight pages of text boil down to a requirement that the government give Congress 30-days advance notice before restarting such collection, and a congressional ratification of this controversial technique. The 30-day “congressional review period” provides no functional protection or oversight because unless Congress passes a bill during that short timeframe prohibiting “about” collection, it could resume. Further, the Intelligence Committee’s bill would define and condone this practice in statute for the first time, since no language in the current Section 702 statute recognizes collection that is merely “about” a target as a valid technique. In fact, there is a risk that the government could interpret the bill’s language as permission to expand such collection in two ways.
First, it could be interpreted by the government to permit unintentional “about” collection, such as where the Intelligence Community knows a certain technique results in “about” collection, but since that technique is not specifically intended to collect “about” communications, it engages in that collection nonetheless. Second, because the bill defines an “abouts communication” as “a communication that contains a reference to, but is not to or from, a target,” there is a risk that the bill could be interpreted to allow the government to collect communications that merely reference a target, such as mentioning a target’s name. Currently, the government may only collect communications that include a target’s “selector,” such as a target’s email or phone number.
Regarding the backdoor search loophole, the modified bill feigns addressing the privacy threats posed by warrantless searches through 702 data for Americans’ communications by providing an illusory warrant requirement. Although an absurd optional warrant requirement from the bill’s previous iteration has been eliminated, the new provision fails to provide for any meaningful protection. It only requires the FBI to obtain a FISA Court order to access Section 702 information when it searches for a U.S. person’s communications “in connection with a predicated criminal investigation” that does not relate to national security. Not only does this provision apply only to non-national security criminal investigations, but a “predicated investigation” is the final, full-blown stage of the FBI’s investigative process. However, we know that, as reflected in the FBI’s Section 702 minimization procedures, “it is a routine and encouraged practice” for the FBI to run searches through collected 702 data even during preliminary investigative stages. Thus, this bill it would permit the FBI to continue to conduct unlimited warrantless searches through 702 data during early investigative stages, so it would never need to seek a warrant at the later predicated investigation phase. In addition, even at the final predicated investigation stage, the requirement does not apply if the FBI reasonably believes the search could help mitigate a threat to life or serious bodily harm — without any requirement that these threats be imminent.
Nor do the bill’s restrictions on how collected data may be used create an incentive for the FBI to seek court orders. While the bill purports to require the government to obtain a warrant if it intends to use Section 702 data as evidence in a criminal proceeding against a U.S. person, there are numerous exceptions to the requirement which render it essentially worthless. No order is needed to introduce 702 data as evidence whenever the criminal proceeding involves national security or if it involves a broad list of enumerated crimes including crimes against children, cybersecurity crimes, and threats to critical infrastructure. Even for lower-level criminal prosecutions, there is likely no incentive to seek an order: as others have reported, the government may already be relying on “parallel construction” – developing similar evidence through an independent path – to avoid the need to introduce Section 702-derived evidence in court.
Members of Congress should recognize that this bill is a wolf in sheep’s clothing: a surveillance expansion bill masquerading as a reform bill. Unless amendments are adopted that would transform this bill, Congress should reject it and demand a bill that incorporates the robust privacy safeguards for Section 702 that privacy advocates have been calling for since before the Snowden disclosures.