Editor’s Note: This is part of a multi-part series on the FISA Section 702 reauthorization and reform debate.
Q. There are loud voices on either end of the spectrum with regard to Section 702 of the Foreign Intelligence Surveillance Act (FISA), the intelligence authority set to expire at the end of the year unless reauthorized by Congress. The Biden administration and other supporters of the Section 702 program argue that it should be reauthorized as is; others believe that it should be overhauled (if not allowed to sunset). Where do you fall on this debate? From your experience investigating and litigating prominent national security cases and as an intelligence operations attorney, do you think Section 702 is as imperative as the Executive branch has stated? And likewise, do you think any reforms to the program are necessary or appropriate?
Yes I think it is imperative to reauthorize Section 702. It is a fast and efficient way to obtain important national security information in a manner that complies with the Constitution. But I do want to distinguish Section 702, which is a foreign intelligence tool, from a classic criminal investigative tool. I worked in the Department of Justice’s National Security Division in three capacities: as a FISA operations and oversight attorney, as a national security policy counsel, and as a cyber and counterespionage prosecutor. My views on Section 702 – which are my own and not those of any employer, past or present – come more from my experience as an operations and oversight attorney and policy counsel than my time as a national security prosecutor.
And I also think it should be updated, consistent with the history of updates to FISA as the technology, scale, use, and public perception of foreign intelligence surveillance have evolved. In particular, because of the global nature of communications and travel, the built-in safeguards to prevent targeting of U.S. persons and people within the United States have to be periodically updated. And because law enforcement officers and intelligence officers are always thinking of new ways to use the information and systems available to them – for good-faith reasons related to keeping the nation safe – it is important to keep tabs on, and think critically about, those new uses.
Queries of previously collected information are a great example. At first, for many it was hard to see how searching information that had already been collected pursuant to court-approved procedures would cause a problem. As the practice became more widespread, however, public concerns grew about “reverse targeting” or routine checks for U.S. person information. This all happened as storage capacity and search capability continued their exponential expansion. New technology and new practices led to new concerns, which led to new rules. That is entirely appropriate.
To me, the important lesson here is that the system worked. The oversight mechanisms built into Section 702, which involve all three branches of government, provided the insight and transparency necessary to surface the issue and address it. That oversight distinguishes Section 702 from many historical and non-U.S. intelligence collection programs.
Q. That’s an important insight on intelligence programs – and their oversight structures – changing over time as communications and technology evolve. Can you provide some further context on changes to FISA over time and how Section 702 fits into this picture?
I started working on FISA operations in 2005, before Section 702 existed. People may not remember how intense the pace of global counterterrorism efforts was at that time. If you look at publicly available statistics, you can see the drop in full-blown individually targeted FISA orders that occurred after Section 702 became law. If we can infer that this drop is at least partly due to the government’s new authority to target, without a particularized warrant or order, the communications of people who are neither U.S. persons nor present within the United States, this makes a lot of sense. There is no Constitutionally based reason to apply Fourth Amendment protections such as particularized findings of probable cause to that group (that is, non-U.S. persons located abroad), and there is a limit to how many individual FISA applications DOJ, the FBI, and the FISA court can process and oversee. So, it is reasonable to come up with a new system that applies Constitutional protections to those who are entitled to them, imposes court supervision over Executive branch activities, and allows for policy-based limitations such as those contained in Executive Order 14086.
Much of the opportunity and need for Section 702 is based on technological change. When FISA was enacted in the 1970s, most international communications were transmitted by radio transmissions. Those communications were exempt from FISA as long as they did not target a U.S. person in the United States and included a party outside the United States. The U.S. government could therefore use technical means to collect those communications with no court oversight at all. Signals intelligence collection can sometimes be unreliable and risky, and if you go visit the NSA museum you will see a memorial wall that shows just how dangerous it could be. But as technology developed, the same foreign communications that the government used to try to pull from the air are increasingly transmitted over the wire and through the United States, where the U.S. government can often acquire them more reliably and safely.
That change in some ways enhances intelligence agencies’ technical ability to safely acquire those foreign communications. Because people around the world, including in the United States, often use the same infrastructure and services to communicate, it also increases the risk of acquiring communications of U.S. persons or people within the United States. That’s one big reason that close court supervision is required – but that oversight can be accomplished without requiring lengthy factual declarations and individualized findings of probable cause.
Q. On that note, let’s discuss in more detail one of the proposed reforms: a warrant requirement to query the database of information already collected under Section 702 for U.S. person information. Is there precedent for imposing such a requirement? Do you think it would be a valuable modification to the program?
Requiring a warrant to search previously collected data for U.S. person information is a good idea. I don’t think it’s clear that the Constitution requires it. But that’s not the end of the inquiry.
For example, when the Electronic Communications Privacy Act was enacted, there was not general agreement that the Constitution required a warrant to search the contents of email messages a user stores with their service provider, but Congress nonetheless imposed a statutory requirement to provide the same level of protection based on a policy goal of extending a Fourth Amendment level of protection to electronic communications.
It’s also helpful to remember that the U.S. government was conducting national security surveillance before FISA – without orders, warrants, or any other involvement of judges. When Congress first enacted FISA, there was no consensus that the Executive branch required a warrant to conduct foreign intelligence surveillance. People don’t appreciate this now, but FISA brought national security surveillance under judicial supervision. So while the Constitution sets a minimum standard when it comes to civil rights and limits on the government, Congress can go further, and has done so for policy reasons in the past.
There is a case for Congress to do that now. It is essential for Americans to have confidence in their government and particularly in their law enforcement and intelligence agencies’ commitment to protecting Americans’ rights. Particularly given the skepticism that currently pervades American society, requiring the government to establish probable cause and obtain judicial approval before searching for a U.S. person’s communications within previously collected material would bolster that confidence and is a relatively light burden on the government.
Yes, search warrants take time, and FISA search warrants can be onerous to draft (which is in part the responsibility of DOJ to fix). But when you think about how much 702-acquired data the government may be sitting on and how long it may keep it, you can see how practitioners and the public alike would be concerned that collecting all of that information without probable cause or a warrant based on targeting of non-U.S. persons, and then searching that information for U.S. person information with no further approvals, could be seen as an end-around the warrant requirement. I don’t personally see it that way, but a warrant requirement (with an emergency exception) is a small price to pay to earn and maintain the confidence of the American people in their national security institutions.
Q. Some have argued that imposing a warrant requirement for U.S. person queries of the Section 702 database is too onerous. Given your extensive experience in obtaining both FISA and non-FISA warrants, can you walk us through what this would really mean in practice?
Obtaining a criminal search warrant is usually a fairly straightforward process. When I was a local and federal prosecutor, my detective or agent and I would draft an affidavit that was accurate and established probable cause. For physical search warrants, such as a search of a residence, there might be discussions with supervisors about officer safety, means of entry, strategic considerations about alerting the target, the permissible scope of the search, or the potential for media attention. Other than my first several warrants as a junior Assistant District Attorney, I don’t remember having a supervisor flyspeck an affidavit or ask for more factual detail. For search warrants targeting electronic communications accounts like email and social media, the process and timeframe for obtaining a warrant were quick and smooth.
In contrast, it is well-known that writing a FISA application and getting it approved for submission is hard and takes a long time. Part of this is by design, and is a purposeful safeguard given the classified nature of the proceedings. Every FISA application has to be approved by the Attorney General (AG), Deputy Attorney General (DAG), or Assistant Attorney General (AAG) for National Security, and has to be certified by the FBI Director or a similar official at an intelligence agency. The legislative history from the 1970s indicates that part of the reason for the high-level approvals is to ensure quality control as well as individual accountability; no one wants to bring a substandard or under-investigated application to a high-level official.
Another reason for this difference is that criminal search warrants are much more likely than FISA orders to be unsealed and revealed to the target at some point. If the execution of a criminal warrant reveals evidence that is later used to charge and prosecute a defendant, the affidavit and warrant are disclosed to the defendant, who can challenge their sufficiency in a motion to suppress evidence. Criminal warrants to search premises or physical property are often provided to the target at or near the time of a search. Criminal warrants to search electronic communications accounts may be subject to non-disclosure orders, but those orders are usually not indefinite and most providers will notify targets when a non-disclosure order elapses and is not renewed. FISA orders, in contrast, usually do not produce evidence that is used in criminal cases and by default remain classified. In fact, even when evidence acquired through a FISA order is used in a criminal case, the order and supporting materials are neither provided to the defendant nor made available to the public. Rather, if a defendant moves to suppress FISA-acquired evidence, the judge who hears the motion reviews the FISA materials without the involvement of the defense.
As a result of these considerations, lessons learned from negative experiences, and, to an extent, bureaucratic inertia, the amount of detail that FISA applications contain has grown to far exceed what would be included in an ordinary criminal search warrant application. This comes at a cost. DOJ attorneys and FBI agents spend substantial time taking questions from supervisors, finding answers, and incorporating new facts into lengthy declarations. And every new detail is an opportunity for an inaccurate or unsupported statement, whether or not the statement is material. Successive rounds of editorial and supervisory reviews add additional time to the process. Each extra requirement, whether official or unofficial, comes from a good place – a desire to avoid mistakes, an appropriate response to prior errors, anticipating supervisors’ questions –,, but they add up can result in extremely lengthy applications that take weeks to prepare. In short, there are some good reasons to have more controls and more review for FISA applications than criminal ones, but it would be worth stepping back and revisiting whether the current system is optimal.
In any event, if Congress does add a warrant requirement, it is likely to contain an emergency exception. In fact, the PCLOB recently recommended individualized judicial review and authorization by the FISC for all U.S. person queries with exceptions limited to consenting U.S. persons or “exigent circumstances.” Moreover, FISA itself allows the AG, DAG, or AAG to authorize emergency authorities under specific conditions and seek retroactive approval from the court. Fourth Amendment jurisprudence provides an additional exception to the warrant requirement under circumstances such as imminent threats to life and safety. It would therefore be important and reasonable for a new warrant requirement to allow law enforcement to move quickly in the event of an imminent threat.
In that regard, it is important to bear in mind that Section 702 targets overseas threats to U.S. security such as international terrorism. If investigators urgently need to access a U.S. person’s communications that were collected under Section 702, that could mean that a potential terrorism threat is crossing the border into the United States (physically, electronically, or otherwise). That is the exact situation in which we need an efficient process in place to allow law enforcement to get the information they need consistent with Constitutional considerations.
A warrant requirement that contained an emergency provision with retroactive approval would provide the accountability needed to maintain public confidence. If configured and implemented properly, it would allow officers to obtain the information they need and move as quickly as necessary, just as they have historically done in the criminal law enforcement sphere.