Earlier this month, the House Judiciary Committee held the first of a series of hearings on the Foreign Intelligence Surveillance Amendments Act (FISA Amendments Act). Controversial provisions of the FISA Amendments Act, which have provided the basis for mass surveillance arguably in violation of the Fourth Amendment, are scheduled to sunset in 2017. While the Judiciary Committee hearings may foreshadow stronger restrictions on warrantless wiretapping and surveillance activities, the hearing was closed to the public, angering civil rights groups. Lack of transparency at the hearing stage sets a disappointing precedent for citizens hoping that Congress will provide more transparency about the FISA Amendments Act’s application overall.
The FISA Amendments Act, which amended the Foreign Intelligence Surveillance Act of 1978 was passed in 2008 and reauthorized in 2012. The original FISA aimed to provide oversight of surveillance operations without compromising national security, and established the Foreign Intelligence Surveillance Court (FISC), which holds closed, ex parte hearings on whether to issue search warrants pursuant to FISA. The 2008 Act’s most controversial provision is Section 702, which provides for the collection of electronic communications from individuals “reasonably believed to be located outside the United States.”
Section 702, along with Section 215 of the Patriot Act, which provided for mass collection of phone call metadata, has been cited as the legal underpinning for much of the warrantless wiretapping and surveillance of the post-9/11 era. In 2013, when The Guardian and The Washington Post published disclosures by former NSA contractor Edward Snowden that revealed mass dragnet surveillance of electronic and phone communications by intelligence agencies. The Snowden revelations exposed two controversial data collection programs under Section 702: PRISM, which allows the NSA to compel internet service providers and technology companies to turn over communications that match FISC-approved search terms; and upstream collection, under which the NSA collects communications directly from cables and switches.
The Snowden leaks ignited widespread public debate about the extent of government surveillance; the NSA’s data collection activities have since been challenged in multiple lawsuits. In 2015, following a federal court ruling that bulk collection of phone call metadata violated the Constitution, Congress passed the USA Freedom Act, which reinstated Section 215 but amended it to end the NSA’s bulk collection program. Section 702, however, remains in force.
An unclassified 2014 report by the Privacy and Civil Liberties Oversight Board (PCLOB), which provides an overview of the application of Section 702, notes that despite the Act’s prohibition on targeting U.S. persons, “communications of or concerning U.S. persons may be acquired in a variety of ways.” This can happen, for instance, when a U.S. person communicates with a targeted non-U.S. person, when targeted non-U.S. individuals communicate about a U.S. person, or simply by mistake.
Section 702 requires agencies to conduct “minimization” procedures to reduce collection of U.S. persons’ data and to avoid retaining what they do collect for too long, but intelligence agencies have provided little information about how much data from U.S. persons has been collected and how effective those minimization procedures have been to date. A recent report by the NSA’s Office of the Inspector General does suggest that the agency may in fact be collecting substantially less data than privacy advocates have feared, but this does not negate the Fourth Amendment concerns raised by civil rights organizations for at least two reasons.
First, the report essentially states that technology companies, rather than intelligence agencies, are performing the work of sorting communications to find those from targeted persons or matching approved search terms. It is unclear that this provides any better privacy protections than if the NSA were conducting the searches, since the process still requires internet service providers to comb through the communications they collect; domestic data may be vulnerable to abuse by companies, and this framework relies on companies discretion regarding what they provide to the NSA.
Second, because FISC opinions are still secret, recent jurisprudential developments regarding the interpretation of Section 702 remain opaque, and arguably amount to secret law. In the debate leading up to the 2012 reauthorization of the FISA Amendments Act, Senator Jeff Merkley, D-OR, proposed an amendment that would require declassifying FISC opinions, providing unclassified summaries, or at the very least reporting on the progress of declassification attempts. The amendment, however, was voted down.
Ultimately, however responsibly the NSA claims it is using data gathered under Section 702, we need greater transparency both around intelligence agencies’ interpretation of Section 702 and around congressional consideration of the law as we approach the sunset deadline. It is unlikely that Congress will simply allow the FISA Amendments Act to expire, but it might be time, for instance, to revisit the Merkley Amendment. Additionally, the PCLOB report offered possible reforms for agencies’ application of Section 702. These recommendations include: requiring the NSA to supply specific criteria to assess the expected intelligence value of a particular target; requiring written explanations justifying why the NSA believes a given target is likely to yield useful information; periodic assessments by the NSA and DOJ of the technological tools used in upstream collection to prevent mistaken collection of U.S. persons’ data; and declassification of the FBI, CIA, and NSA’s minimization procedures.
The Senate should debate each of these proposed reforms – and the debates should be public. Although privacy concerns may have receded somewhat from the national consciousness, many issues with the FISA Amendments Act remain unaddressed; the 2017 deadline offers an an opportunity, if Congress decides to take advantage of it, for a much-needed conversation about the future of surveillance and privacy. We have a right to know, to the fullest extent possible without severely compromising national security, about the laws governing the potential collection of our communications. We have a right to know the extent to which domestic data has already been collected, the procedures in place for mitigating the resulting privacy violations, and the possibilities on the table for future reform. And we should have the opportunity to weigh in on the debate about how best to balance privacy and security going forward.