Tomorrow, all five members of the Privacy and Civil Liberties Oversight Board (PCLOB) will testify before the Senate Judiciary Committee about their recent report concluding that the National Security Agency’s (NSA) bulk collection of phone records under section 215 is illegal and ill-advised. Meanwhile, the PCLOB is gearing up to report in a few months its conclusions regarding mass surveillance of the content of Internet transactions under section 702 of the FISA Amendments Act

Wednesday’s hearing is an opportunity for Congress to ask the PCLOB what it wants to know about section 702. Congress’ questions can guide the PCLOB’s investigation towards those matters most important to legislators, and to the public, in considering whether and how to reform—or end—section 702.

Here are eight basic but important questions Congress should ask the PCLOB to investigate:

1. How many of the 702 collected communications are of or concerning U.S. persons?

We don’t know exactly how many American communications NSA collects under the 702 dragnet because the agency has refused to provide that information, even in a classified setting. Senator Wyden has repeatedly asked both Director of National Intelligence James Clapper and NSA Director General Keith Alexander whether any entities made any estimates — even imprecise estimates — about how many U.S. communications have been collected under section 702 authorities but has received no answer.

Congress needs a better sense of this before it renews section 702, however.

FISA court imposed minimization procedures could give some metrics on how section 702 affects Americans.  For example, analysts are required under the minimization procedures to identify multi-communication transactions (MCTs) for which the active user is a U.S. person. How many MCTs fit this description? This count, combined with other numbers on section 702 collection in Judge Bates’ October 3, 2011 opinion, would give Congress a much clearer idea of the overall percentage of U.S. persons’ one-end foreign communications sucked up in the 702 dragnet.

2. Do U.S. intelligence agencies have direct access to any communications providers’ systems or networks? If not, how does NSA collect real time data via section 702?

PRISM slides say that NSA has “direct access” to service provider networks, and that NSA can collect real time information via PRISM.  Most providers have vigorously refuted the claim that NSA has direct access to their servers.  Indeed, users rely on providers as an additional check against government reaching, looking at legal process, filtering through the data, and only turning over responsive information. But why, then, do the PRISM slides say direct access, and how could NSA collect real time information without such access?  Congress needs a clear idea of how PRISM collection works, whether providers play any gatekeeping role, and what kind of information NSA collects under that program.

3. Can PRISM operate with higher levels of assurance that the person on the other end of the line is a foreigner?

PRISM is designed to produce at least 51 percent confidence in a target’s “foreignness” — as John Oliver of “The Daily Show” put it, “a coin flip plus 1 percent.” Inevitably, a lot of purely U.S. information is going to get caught up in that net. Can NSA ensure a higher level of confidence that its targets are, indeed, foreign?

4. What is the national security value of authorizing warrantless surveillance of people who are not agents of foreign powers?

Section 702 brought regular people under U.S. intelligence agencies’ gaze by doing away with the requirement that the target of U.S. based surveillance be an agent of a foreign power. In fact, the law authorizes surveillance of average citizens of other countries for reasons that are not necessarily related to the security of the United States. How could we measure the national security impact of reverting to the traditional FISA rule that surveillance be directed at agents of foreign powers? It would be very important to consider this, in light of the business impact of having global customers of U.S. companies know they are more vulnerable to surveillance as a result of section 702.

5. What kinds of selectors do intelligence agencies use when conducting “about” collection?

Section 702 authorizes the NSA to collect communications that are to, from, or even about a foreign intelligence target, so long as these communications are not wholly between U.S. persons.  So section 702 allows surveillance when we talk with our friends overseas about matters of foreign intelligence interest. The definition of foreign intelligence information is quite broad, and includes information related to (A) the national defense or the security of the United States; as well as (B) the conduct of the foreign affairs of the United States. So, section 702 allows collection of what we might say about NSA targets like al Qaeda—or even Iran, France, Wikileaks, Petrobras, the Institute of Physics at the Hebrew University of Jerusalem, UNICEF, Medicines du Monde, or any other entity that helps the U.S. government “understand economic systems and policies, and monitor anomalous economic activities”.

A very important issue, then, is how NSA identifies whether a communication is about something of foreign intelligence interest.  In undertaking their searches, NSA analysts use either “strong” or “soft” selectors. “Soft” selectors are a broad kind of search that pulls up messages based on content or even the language in which a message is written. “Strong” selectors pull up information associated with a particular known individual. Strong selectors that only look for not-widely known information associated with a particular known individual, especially one involved in terrorism, are less likely to pull in innocent conversations. Perhaps ordinary people do not know Osama bin Laden’s email address or mobile number. But, the potentially very broad scope of searches using soft selectors is quite frightening. Innocent communications are quite likely to show up in search results that look for “Yemen” or “Petrobras”. And the government has absolutely no legitimate business listening in on anyone’s conversations—never mind Americans’—about more general topics of foreign intelligence interest.

Congress and the PCLOB need to understand very clearly what kinds of selectors the NSA uses when it conducts “about” collection.

6. Do intelligence agencies treat address books, buddy lists, stored documents, system backups and/or other electronic transmissions between an individual user’s personal computer and the servers of his ISP as “communications” even where there is no human being on the received end of the transmission at the ISP and minimize accordingly?

As I wrote recently, the thirteen-page 702 minimization procedures only apply to communications. Intelligence agencies may exclude unshared stored data and other user information from the definition of communications, which would mean no minimization rules at all apply to protect American privacy in those categories of 702 collected information.

7. How many times and about how many different people has NSA disclosed section 702 data to FBI, DEA, IRS or other law enforcement agencies?

As Christopher Sprigman and I have written, Americans have learned that the NSA shares information with a division of the Drug Enforcement Administration called the Special Operations Division (SOD). The DEA uses the information in drug investigations. But it also gives NSA data out to other agencies – in particular, the Internal Revenue Service. While its long been true taht the NSA may share with domestic law enforcement information obtained both through authorized surveillance, and information unlawfully but unintentionally collected, if it contains evidence of a crime. This rule is terrifying now that the NSA scans virtually all American cross-border communications. Usually, law enforcement agencies would need at least warrants based on probable cause that an individual was committing a crime before they could obtain the contents of our communications. But now, if they want NSA data, that bothersome privacy protection simply vanishes.

8. What is the legal basis for searching section 702 data for U.S. person identifiers, and what are the applicable guidelines for doing so, if any?

Leaked NSA documents show that in 2011, the NSA changed its “minimization” rules to allow its operatives to search for individual Americans’ communications using their name or other identifying information. Such a change turns warrantless spying with foreign targets—which scoops up information about Americans—into the means for warrantlessly spying on Americans as well. Senator Ron Wyden has said that the NSA is exploiting a loophole potentially allowing “warrantless searches for the phone calls or emails of law-abiding Americans”. Congress should know what the legal basis is for this practice, as well as why the Administration thinks this practice is constitutional.  Congress also needs to know how the government uses this capability.  Does the NSA limit itself to searches only where a “significant purpose” of the acquisition is to obtain foreign intelligence information? Or may any federal agency request a search of information collected under 702, even when the only purpose is law enforcement?

It’s obvious how important these questions are to setting proper surveillance policy, and yet, we do not know the answers. Yet.  Answers to these matters are essential to meaningful oversight and should be a precondition for allowing section 702 collection to continue or for reauthorization of that provision in 2018. As Professor Matt Blaze once said, getting meaningful answers from the NSA is a lot like getting a genie to grant your wishes. Perhaps with careful attention to what we already know, Congress and the PCLOB can accomplish this feat.