Key US Intelligence Tool Set To Expire – Analysis

(FPRI) — At the end of this year, America’s most important intelligence tool is set to expire. Section 702 of the Foreign Intelligence Surveillance Act (FISA) allows the government to collect signals intelligence on foreign targets, even when that collection includes communications with Americans. However, Section 702 needs congressional approval to continue, and vocal critics both inside and outside Congress consider Section 702 unconstitutional.

On July 21, 2023, the government released a redacted version of the Foreign Intelligence Surveillance Courty’s (FISC) most recent opinion (dated April 11, 2023) addressing the government’s request for continued Section 702 surveillance authority. The opinion likely represents the FISC’s last word before Congress decides whether, or on what terms, to reauthorize Section 702 before the authority expires on December 31, 2023.

Congress should reauthorize Section 702 because this critical intelligence collection program is conducted only in accordance with a carefully structured compliance regimen designed to minimize intrusions into US persons’ privacy interests. Every court to have considered the question has concluded that operating the Section 702 program using this compliance structure is reasonable under the Fourth Amendment of the Constitution.

A Snapshot of How Section 702 Works
Evaluating the significance of the FISC’s conclusions requires some understanding of how Section 702 permits the government to acquire foreign intelligence information by targeting the communications of non-US persons reasonably believed to be located outside the United States. Conversely, the targeting of any US person, anywhere, at any time is specifically prohibited by Section 702. However, as Congress recognized, Section 702 acquisitions of foreign communications would also “incidentally” acquire the communications of those US persons communicating with foreign targets, and these communications, like those of the foreigners actually targeted, also are stored in the Section 702 database retained by the National Security Agency (NSA) which is the “lead” agency for Section 702 collection.

Since the foreign targets of Section 702 surveillance have no Fourth Amendment rights, neither probable cause nor a warrant are required to justify any particular targeting decision. Instead, to protect the rights of those Americans whose communications are incidentally acquired during authorized Section 702 acquisitions, Congress required that the attorney general adopt procedures that minimize the acquisition, retention, and dissemination of information concerning unconsenting US persons. These minimization procedures, along with targeting and querying procedures (the latter added by Congress as part of its 2017 reauthorization of Section 702), comprise the statutory architecture Congress created to protect the Fourth Amendment rights of those “non-targeted US persons” whose communications are incidentally collected during the course of lawful Section 702 acquisitions. The targeting, minimization, and querying procedures used with any Section 702 acquisition must be reviewed and approved by the FISC as consistent with the requirements of the Fourth Amendment—both as written and as applied by each agency with access to Section 702-acquired communications.

The scope of “incidental” collection is not insignificant because Section 702 is a large, programmatic surveillance program collecting hundreds of millions of communications from its 246,073 foreign targets, so the number of incidentally acquired US person communications is also sizable. It is this incidental collection of US person communications acquired during the course of lawful Section 702 acquisitions directed at foreign targets, and, more specifically, the subsequent handling of those communications by US intelligence agencies, that lie at the heart of the debate over whether Congress should reauthorize Section 702 and, if so, in what form.

The Section 702 database maintained by NSA represents a sort of primordial vat where communications collected pursuant to FISC-approved certifications reside anonymously until retrieved by “querying.” The Director of National Intelligence’s most recent Annual Statistical Transparency Report describes a “query as a basic analytic step foundational to efficiently and effectively reviewing data lawfully collected and already in the government’s possession.” In other words, the content of any particular communication in the Section 702 database and the identities of the participants in that communication, including the incidentally collected communications of US persons, are unknown until a query is initiated that extracts that communication from the database. Four agencies, NSA, CIA, the National Counterterrorism Center (NCTC), and the FBI, have access to all or some part of the communications stored in the Section 702 database.

Notably, the FBI, whose querying practices have been scrutinized, and criticized, repeatedly in FISC opinions receives access only to those communications actually generated by the particular targets that the FBI has nominated for collection based on their association with fully predicated national security investigations. In calendar year 2022, for example, this afforded the FBI access to only 3.2 percent of those Section 702 targets.

The FBI’s Querying Issues
Of those agencies having access to Section 702-acquired information, only the FBI has a dual mission covering both foreign counterintelligence and law enforcement, and its use of Section 702 information has been the subject of vigorous criticism from Section 702 opponents both in and out of Congress. These opponents argue that the FBI wrongfully uses its access to Section 702-acquired communications to conduct “back door” searches directed at American citizens in violation of the Fourth Amendment. The FBI has an admittedly checkered record of past compliance with the querying requirements designed to protect the privacy interests of US persons but, over the past twenty-four months it has implemented a series of remediation measures intended to address its previous compliance issues. While identifying and disclosing compliance violations means little in the absence of discernible progress in remedying those violations, the returns on these FBI reform measures have been positive. As the FISC noted in its April 2022 Section 702 opinion released in redacted form by the Office of the Director of National Intelligence in May 2023, “the Court is encouraged by the amendments to the FBI’s querying procedures and the substantial efforts to improve FBI querying practices, including heightened documentation requirements, several system changes, and enhanced guidance, training, and oversight measures. There are preliminary indications that some of these measures are having the desired effect.”

Similarly, the FBI querying statistics contained in the 2023 Annual Statistical Transparency Report reflected a 96 percent reduction in the FBI’s use of US person query terms in 2022, the first full year in which all of the aforementioned FBI compliance measures were in effect, are equally indicative of improved compliance performance. These improvements are also corroborated in a recent release by the FBI’s Office of Internal Auditing which, in its first report documenting the FBI’s compliance performance following the remediation efforts implemented in 2021-2022, announced that “the FBI had a 96 percent compliance rate for FISA queries, a 14 percent improvement from [Office of Internal Auditing]’s first baseline audit, which was conducted before the reforms.”

The FISC’s Salient Conclusions in its April 2023 Opinion
The FISC’s assessment of whether the compliance efforts of the executive branch, and most particularly the FBI, have continued to improve in executing the statutory and regulatory regimen designed to protect the Fourth Amendment rights of US persons should represent an influential consideration in the ongoing debate over the reauthorization of Section 702. Since Section 702 certification approvals by the FISC generally extend for one year, the FISC’s most relevant assessment of the government’s compliance performance is reflected in its review of the most recent request for new and reauthorized surveillance authority under Section 702 and is recorded in its recently released April 2023 opinion. After a thorough analysis, the court approved the certifications making these specific findings.

“The government’s request for approval of the amended certifications and related procedures is granted for the reasons stated herein, subject to reporting and other requirements set out at the end of this Opinion.”
“The Court concludes that the targeting, minimization and querying procedures, as written, meet statutory requirements.”
“In Part V [of the opinion], the Court finds those procedures, as written, to be consistent with Fourth Amendment requirements.”
“The Court finds that the agencies’ likely implementation of their procedures is consistent with applicable statutory and Fourth Amendment requirements.
And, perhaps most significantly,

“The Court finds that the FBI’s querying and minimization procedures, taken as a whole and as likely to be implemented, are consistent with the requirements of the statute and the Fourth Amendment.”
In sum, the FISC approved the government’s requests for Section 702 surveillance authority as consistent with both FISA’s statutory mandate and with the requirements of the Fourth Amendment.

The Headlines Announcing the FISC’s Opinion
Notwithstanding the FISC’s conclusion that the procedures governing the acquisition and handling of Section 702-acquired communications satisfy the Fourth Amendment, most of the headlines covering the release of the court’s opinion read like these appearing in, respectively, The New York Times, the Washington Post, and the Wall Street Journal.

“FBI Botched Query on Senator Even As Its Adherence to Wiretap Program Rules Rose,” New York Times, July 21, 2023
“FBI wrongly searched for US senator and state senator in Section 702 spy data, court says,” Washington Post, July 21, 2023
“FBI Improperly Searched US Senator’s Name in Foreign Spying Database,” Wall Street Journal, July 21, 2023
All these headlines were generated by a half-page discussion in the FISC’s opinion about three compliance incidents involving FBI querying practices. In one instance, in June 2022, an FBI analyst conducted four overly broad searches of a US senator’s last name against that part of the Section 702 database to which the FBI has access. The analyst also searched the database using the last name of a state senator. In each instance, the analyst had specific information that these legislators were being targeted by a foreign intelligence service, but Justice Department compliance inspectors concluded that the FBI querying standard was not satisfied. The third incident involved a Staff Operations Specialist running a single query using the Social Security Number of a state judge who had complained to the FBI about alleged civil rights violations committed by a municipal chief of police. The FISC concluded its half-page discussion of these incidents saying, “despite the reported errors, there is reason to believe that the FBI has been doing a better job in applying the querying standard” while observing that “the government has not reported compliance violations of a comparable magnitude” to those identified in the FISC’s 2018 and April 2022 opinions.

The Persistent and Misleading Demand for a “Warrant” Before Querying the Section 702 Database Using a US Person Identifier
Despite the FISC’s conclusions, critics and media outlets persistently describe the Section 702 collection program as “warrantless” surveillance—an appellation suggesting some sort of evasion of the Fourth Amendment’s warrant requirement. But this is accurate only in the same literal sense as saying I have an “unlicensed” microwave oven—technically true, but legally irrelevant because there is no legal requirement that my microwave has a license, just as there is no legal requirement that authorized Section 702 acquisitions be accompanied by a warrant. As the FISC has observed,

“The touchstone of the Fourth Amendment is reasonableness [and] although [t]he warrant requirement is generally a tolerable proxy for reasonableness when the government is seeking to unearth evidence of criminal wrongdoing … it fails to properly balance the interests at stake when the government is instead seeking to preserve and protect the national security.”

The Fourth Amendment offers no guarantee that a warrant will be an essential prerequisite to a government search or seizure that might impact individual privacy interests. The FISC has repeatedly concluded that Section 702 acquisitions do not require a warrant, and all three federal appeals courts to have considered the issue have held that the incidental collection of US person’s communications under Section 702 is reasonable and does not require a warrant.

The courts issuing these rulings all have recognized that the correct Fourth Amendment analysis for electronic surveillance conducted for foreign intelligence purposes examines the programmatic purpose served by that surveillance, whether that purpose serves a legitimate objective beyond routine law enforcement, and whether that purpose would be “frustrated” by insisting upon a warrant. Thus, the foreign intelligence focus of Section 702 surveillance triggers an entirely different “reasonableness” assessment under the Fourth Amendment than that used either for law enforcement purposes or to determine whether a US person can be targeted as an “agent of a foreign power” under the “traditional” electronic surveillance provisions of FISA first enacted by Congress in 1978.

Similarly, in the context of queries employing US person identifiers that are used to find and extract foreign intelligence information from the database of Section 702-acquired communications, this analysis recognizes both the existence of a foreign intelligence exception that exempts the query from the law enforcement-based warrant requirement, and that the application of court-approved minimization and querying procedures serves to make the query’s intrusion into individual privacy interests “reasonable” when balanced against the government’s interest in national security—an interest repeatedly recognized by the courts as being of the “highest order.”

In 2017, Congress added the requirement that agencies having access to the Section 702 database develop and use “Querying Procedures” to govern the act of querying that database to retrieve information. While asserting that the Fourth Amendment did not require such procedures, Congress implemented the querying procedures requirement as “a compromise meant to provide additional protections for US person information that is incidentally collected under section 702.” In its April 2023 opinion, the FISC amplified its previous conclusion from 2018 that the Querying Procedures “expand statutory protections, not the scope of what constitutes an independent search under the Fourth Amendment.” As the FISC has noted, the insistence that queries employing the use of US person identifiers represent an analytically separate Fourth Amendment “event” must be examined through the totality of circumstances that governs the Fourth Amendment “reasonableness” assessment. In the context of a query using a US person identifier to extract foreign intelligence information from the Section 702 database, such an assessment demands recognizing and acknowledging that the query is employed in examining information already lawfully acquired under a statutory framework that requires a judicial determination that the totality of attendant circumstances, including the acquisition retention and dissemination of such information, is reasonable. As the FISC now has repeatedly concluded, under such circumstances no “warrant” is constitutionally required.

How Should the FISC’s April 2023 Opinion Affect the Reauthorization Debate?
As Congress considers whether Section 702 should be reauthorized and, if so, in what form, the outcome of that debate will reflect, at least in part, whether legislators are more influenced by the headlines describing the FISC opinion or by the FISC’s actual analysis and conclusions. Section 702 opponents seized on the headlines to argue that “even if the FBI had achieved perfect compliance with its rules, that wouldn’t obviate the need for a warrant.” But the FISC opinion bluntly repudiates that position and specifically concludes that the FBI’s and other agencies’ implementation of their Section 702 procedures is consistent with statutory and Fourth Amendment requirements. Simply put, the FISC’s last word before Section 702’s sunset date is that the Fourth Amendment’s standard of “reasonableness” does not require a “warrant” either prior to acquiring communications pursuant to FISC-approved Section 702 certifications or for queries of those acquired communications using US person query terms that are reasonably designed to retrieve foreign intelligence information.

The Importance of the FISC’s Opinion on the “Warrant” Issue
The evolution of technology and threats confronting the United States has only increased the importance of Section 702 in protecting national security. Initially focused principally on counterterrorism, Section 702 now provides critical reporting on Russian atrocities in Ukraine, Chinese threats to Taiwan, the fentanyl crisis, persistent interference in US elections by foreign actors, Russia’s global program of malign influence, Iranian nuclear efforts, North Korean nuclear and missile proliferation concerns, and the destabilizing impacts of climate change. Section 702 reporting now provides over 95 percent of the FBI’s technical reporting on malicious cyber actors and more than 90 percent of its reporting on emerging technologies, including artificial intelligence. At a time when China has a bigger hacking program than every other major nation combined, Section 702 provides indispensable intelligence to assist in protecting US infrastructure, corporations and financial institutions from malicious cyber activity.

All of this explains why the President’s Intelligence Advisory Board recently reported that history may judge a congressional failure to reauthorize Section 702 “as one of the worst intelligence failures of our time.” The board also noted that saddling a renewed Section 702 with a warrant requirement that is neither practical nor constitutionally necessary is “unjustified.” Congress may continue to address civil liberties concerns, for example, by requiring that the remediation measures that have produced the FISC-acknowledged improvement in the FBI’s compliance performance be formally included in the statutory fabric of Section 702.

What Congress should not do—what the FISC has clearly said is constitutionally unnecessary and the President’s Intelligence Advisory Board has said is impractical and “unjustified”—is shackle the critical querying function used to extract the communications collected by this indispensable intelligence tool with a prior requirement for a warrant or other form of court order where queries using US person identifiers are undertaken for the purpose of retrieving foreign intelligence information.