Pumping the Brakes a Bit on FISA “Reform”

Earlier this month, the Reiss Center on Law and Security sponsored a program titled “Reforming the FISA Process: Proposals for the Future.” It was a panel discussion and, as is often the case when it comes to discussing the Foreign Intelligence Surveillance Act (FISA), the group was overpopulated with lawyers and underpopulated with intelligence professionals. The discussion of proposed FISA “reforms” was complemented by a handout detailing “a series of concrete proposals for FISA reform” prepared and distributed by Just Security, which cosponsored the event with the Reiss Center.

The triggering event and focus for the panel discussion was the report Review of Four FISA Applications and Other Aspects of the Crossfire Hurricane Investigation (the “Horowitz Report” or “Report”) completed by the Department of Justice (DoJ) inspector general and publicly released, in redacted form, on December 9, 2019. The Report has triggered an avalanche of commentary (including my own), appearances by Inspector General Michael Horowitz before two Senate committees, a sharp reaction from the Foreign Intelligence Surveillance Court (FISC), and extensive discussion on television and the internet by a multitude of talking heads, some of whom are qualified to speak on FISA issues – and many others who are less well informed.

Before the release of the Horowitz Report, Congress acted in late November to extend (until March 15, 2020) the December 15, 2019 sunset date for three FISA authorities. Now, reacting to the disclosures made by the DoJ inspector general, critics of FISA on both the left and the right are looking to the looming debate on these three expiring FISA provisions as an opportunity to significantly alter FISA far beyond the issue of whether the three sunsetting provisions should be reauthorized.

The “concrete proposalsdistributed by Just Security suggest that, for long-time critics of FISA, the Horowitz Report is affording a convenient cudgel for hammering FISA into a more acceptable form. Since Just Security has invited others to “join the conversation” on FISA reform, and finding the approaches reflected in these “concrete proposals” to be both premature and, in some cases, overreaching, I offer this rebuttal to the undue haste with which I believe critics are rushing to “reform” FISA.

As best I can tell, none of the proponents of the various reform proposals has yet identified a subsisting defect in the FISA statute itself signaling a new need for legislative change prompted by the findings of the DoJ inspector general. What the Horowitz Report identified is a multitude of significant errors in the manner in which the FBI handled the four FISA applications for Carter Page, a former foreign policy adviser on the Trump Campaign. The FISC has followed up on the Report’s findings by issuing orders demanding both explanations and specific redress regarding those errors, and then appointed David Kris, generally acknowledged as an expert on FISA by all but those devotees of Fox News for whom any association with the Obama administration is immediately disqualifying, to review and advise the FISC on the adequacy of the FBI’s responses.

For his part, the DoJ inspector general, whose Report triggered these various reactions, has initiated an audit of the FBI’s “Woods” files to ascertain whether the problems with the Page FISA applications are unique to those applications, or represent a broader, more systemic problem with the FBI’s FISA process. This is a welcome undertaking, and all who are genuinely interested in correcting the problems identified in the Horowitz Report should be vitally interested in what the inspector general finds.

This all strikes me as representing a reasonable start to evaluating the need for, and scope of, FISA reform. However, to date, none of this activity has attributed any part of what occurred with respect to the Page FISA applications to a fundamental flaw in the FISA statute itself. Admittedly, it is early in the process and important activities, like the inspector general’s audit of the FBI’s “Woods” files, might yet produce a finding indicative of the need for some sort of legislative change to the FISA statute – but nothing that has occurred to date supports such precipitous, and in my view premature, calls for statutory change.

Nothing in the Horowitz Report Warrants an Expansive Congressional Review of FISA or the Creation of a Misguided “Notice” Mandate

Elizabeth Goitein of the Brennan Center for Justice was one of the panelists at the Reiss Center’s recent program on FISA reform, and seems to be representative of those who find in the Horowitz Report a fortuitous opportunity for advancing broad changes to FISA that the Brennan Center and other critics of FISA have failed to achieve in earlier congressional reviews of the statute. In her Just Security article titled, “After the IG Report, ‘Next Steps’ for Congress, DoJ, and the FISA Court,” (which was included as a handout at the program), Goitein offers three specific responses to the Horowitz Report that she insists cannot await the outcome of the inspector general’s ongoing audit of the FBI’s “Woods” files. She styles those responses as (1) creating adversarial testing through notice; (2) changing the organizational culture at the FBI; and (3) looking beyond Title I (of FISA).

While I certainly understand the notion that the Page FISA applications indicate a need for altering the organizational dynamics at the FBI in a way that improves accountability, I believe that the inspector general’s ongoing audit should provide valuable insight into the scope and precise contours of such change. For example, if the audit reveals the Page applications to be true outliers in terms of the FBI FISA process, and if all those involved with preparing and reviewing those applications have either left the FBI or been removed from any further involvement with the Bureau’s FISA process, that would suggest that organizational change can be more finely tailored with a view principally towards insuring more stringent accuracy and accountability going forward – more suitable to a scalpel than a truncheon, so to speak. Embarking on a reform process, while the audit most likely to inform the contours of that process remains underway, is a befuddling approach to anyone other than FISA critics intent on seizing the opportunity afforded by the Horowitz Report to obtain broader changes to FISA that they have unsuccessfully pursued in the past. Such “reform” is better recognized as opportunism than a legitimate call for prudent FISA reform.

But changing the organizational culture that produced the Page FISA applications at the FBI is at least a worthy goal, albeit one better pursued, in my view, after the DoJ inspector general has completed his audit.

Goiten’s other two “responses” to the Horowitz Report are transparent efforts to use the opportunity presented by the inspector general’s findings to achieve substantive changes to FISA that I believe are quite ill-advised. That these go far beyond what was identified in the Horowitz report is most obvious in Goiten’s invitation to Congress to “move beyond [addressing only] Title I [of FISA]” when the Horowitz Report, in fact, addresses only the four Title I Page surveillances predicated on applications prepared solely by the FBI.

There is plenty that can be said in a more extended substantive debate regarding the various FISA authorities that Goitein invites Congress to reevaluate, but the relevant point now is that nothing in the Horowitz Report warrants revisiting, for example, FISA Section 702, which Congress reauthorized only after an extensive debate in 2017 that fully embraced the querying and minimization issues about which Goitein still complains. Surely she remembers this debate because the Brennan Center actively campaigned against the renewal of Section 702 throughout 2017, and seizes upon almost any opportunity to do so today. Doubling down on the effort to use the Horowitz Report to gratuitously expand congressional scrutiny of FISA, Goitein suggests that Congress use the upcoming debate on the reauthorization of the three other specific FISA authorities currently set to expire on March 15, 2020, and “take this opportunity to address other FISA authorities that are not expiring, including Title I.”

As substantively disjointed as these proposed “reforms” are from the issues actually discussed in the Horowitz Report, the last, and easily most disturbing, of the proposed “reforms” Goitein proposes is that FISA be altered to require “adversarial testing” that would include “broader and better notice to surveillance targets.” As she explains, her proposal is not one of notice to, and review of, a FISA application by the panel of pre-cleared amicus counsel established by the USA Freedom Act before presentation to the FISC; no, her call is for notice of the clandestine surveillance to “the target of surveillance.”

I doubt I am alone in sensing something inherently counterintuitive about the concept of including notice to the target of a clandestine electronic surveillance conducted for foreign intelligence purposes in furtherance of the national security, but I will try to unpack the idea so as to demonstrate its illogic.

As best I can understand this approach, the notice requirement would be limited to U.S. persons for whom FISA surveillance authority had been obtained by establishing that there was probable cause to believe that the U.S. person was acting as an agent of a foreign power. Once the foreign intelligence investigation is “closed” (Goitein’s descriptive), notice of that surveillance would be provided to U.S. person targets. Apparently, this would occur regardless of whether the foreign intelligence investigation contributed to a criminal charge, and regardless of whether the government used the fruits of the surveillance in any subsequent law enforcement proceeding since FISA already requires that “aggrieved persons” (i.e., criminal defendants) receive notice when evidence obtained or derived from a FISA surveillance is used in their prosecution(s).

Goitein also has concerns regarding the disclosure standards found in FISA § 106 (50 USC § 1806), and the manner in which those standards are applied by the Justice Department but, for now, I will leave that debate to more experienced criminal practitioners and intelligence professionals. My concern is with the idea of requiring notice where the foreign intelligence surveillance does not result in any criminal charge against the target but is, in Goitein’s description, “closed.” Here one sees the misguided effort to shoehorn FISA surveillances into a matrix representative of Title III law enforcement surveillances — and the shoe simply does not fit.

A law enforcement investigation is essentially an undertaking by the government that deprives a person of his right to liberty based upon that person engaging in conduct that society has designated as criminal. In this country, society permits such a deprivation only in conformity with due process — a trial where the defendant has a jury of his peers, the rights to legal counsel and to confront his accusers, and is afforded the opportunity to present his defense to the crime. Since the raison d’être of the process is to assure society that its government has satisfied its burden of proof before a defendant’s liberty is taken, the proceedings are necessarily public.

This conspectus of the law enforcement process is very different from a foreign intelligence investigation where the objective is not to target a particular person for public prosecution; but, instead, to protect American security and interests through the secret acquisition of information about the activities and intentions of foreign powers and their agents.

The critical distinctions between these two government undertakings should be readily apparent. Almost every aspect of a foreign intelligence investigation — its existence, its operational details, the information acquired, the substantive analysis of that information, and, perhaps most importantly, the sources and methods involved — is classified and protected against public disclosure. Only those intelligence personnel and other government officials with the requisite clearances and need to know have access to the information and the collection specifics of the investigation. Secrecy is a sine qua non of effective clandestine foreign intelligence activities.

This is because while secrecy is necessary but temporary in certain aspects of a criminal investigation (as with respect to protecting the existence of a wiretap or the identify of a confidential informant during the course of an investigation, for example), disclosure is made once a formal charge is filed. By contrast, the effectiveness of foreign intelligence investigations is dependent on secrecy. Agents and other assets, often operating undercover in dangerous environments, could be captured, killed or otherwise neutralized if their covers are compromised by revealing communications acquired through FISA surveillances in which they were participants or are mentioned. Uniquely vulnerable cryptographic successes could also be exposed and valuable ongoing intelligence lost through such disclosures.

Moreover, foreign intelligence and counterintelligence operations are often a “long game,” played out over time with success measured incrementally and patience essential. There is no statute of limitations or accepted event, occurrence or set of conditions that marks such an undertaking as “closed” in the conventional sense of a law enforcement proceeding. For example, FISA surveillance may terminate on a particular agent of a foreign power while the network of those with whom that agent communicated remains fully engaged. Successful exploitation of the communications of that network would be lost if the investigation can be arbitrarily determined to be “closed” with respect to this particular foreign agent and the government required to then disclose the results of the prior surveillances in which that foreign agent participated. Additionally, the specter of a prospective disclosure obligation triggered by an ad hoc determination that the foreign intelligence investigation to which the particular FISA surveillance is deemed attached is considered “closed” may prompt intelligence professionals to forego using the extraordinarily valuable tool that FISA electronic surveillance provides in such investigations.

In sum, expanding existing FISA notice provisions to require that a U.S. person FISA target be given “notice” of secret surveillance activity once a foreign intelligence investigation is deemed “closed” is a dangerous proposal that gains no added logic simply because it is presented under the guise of “reform” necessitated by the Horowitz Report.

It is Premature to Require Amicus Review of ‘All FISA Packages’

A final word on another of the “concrete proposals” for FISA reform that would have a member of the FISC-approved amicus counsel panel created by the USA Freedom Act “see all FISA packages, and [to] weigh in on any it deemed appropriate.” Here again, I believe it is premature to conclude that every FISA “package” — packages that contain information relating to some of the nation’s most sensitive secrets and which are originated by Intelligence Community agencies other than the FBI — now must be universally exposed to review by a member of the panel of amicus counsel appointed by the FISC.

Nonetheless, since I find this proposal considerably less troubling than those discussed above, and since I suspect this particular measure is one that the FISC arguably is empowered to unilaterally implement without any further action by Congress, my comments are limited.

As I say, in creating the amicus counsel panel through the amendments to FISA made by the USA Freedom Act, Congress used language arguably broad enough to permit the FISC to appoint an amicus with respect to every FISA application “package” the court receives. This is not necessarily a prudent course of action, to be sure, but it is one for which the FISC seemingly requires no additional authority.

It is also true that the members of this amicus panel are “pre-cleared,” and are, by the language of FISA itself, entitled access to any application or other materials that the court determines are relevant to the duties assigned by the court.

But “pre-cleared” does not carry the meaning that many might assume with respect to receiving access to classified information. Section 4.1 of Executive Order 13526 sets forth the basic requirements controlling such access:

“(a) A person may have access to classified information provided that: (1) a favorable determination of eligibility for access has been made by an agency head or the agency head’s designee; (2) the person has signed an approved nondisclosure agreement; and (3) the person has a need-to-know the information.”

It is the last element – possessing the requisite need to know – that establishes the most critical prescriptive in protecting the security of classified information since it confines access only to those who actually must have that information for the performance of their official duties.

I recognize that a FISC demand that every FISA package receive review by an amicus counsel arguably establishes the requisite “need to know” for those counsel. Still, it seems that a critical feature designed to safeguard the security of some of the most nation’s sensitive secrets by limiting access to those secrets is being eroded when, at least to date, there has been no definitive showing warranting such a broad prophylaxis. Future developments in the follow-up to the Horowitz Report may ultimately demonstrate that amicus review of all FISA packages is prudent, but, for now, perhaps such a mandate is best limited to the FISA “packages” originating with the FBI.

Image: Justice Department Inspector General Michael Horowitz testifies about the Inspector General’s report on alleged abuses of the Foreign Intelligence Surveillance Act (FISA) during a Senate Judiciary Committee hearing on Capitol Hill in Washington, DC, December 11, 2019. Photo by SAUL LOEB/AFP via Getty Images

 

About the Author(s)

George Croner

Former principal litigation counsel at the National Security Agency. He is a Senior Fellow at the Foreign Policy Research Institute, and a member of the Advisory Council at the Center for Ethics and the Rule of Law (CERL) at the University of Pennsylvania Law School. Follow him on Twitter @GeorgeCroner.