By: Carly Nuttall
The Foreign Intelligence Surveillance Act (FISA) first became law in 1978. Broadly speaking, FISA is a federal law that outlines the necessary procedures for physical and electronic surveillance concerning foreign intelligence information between foreign powers and/or agents of foreign powers that are suspected of either espionage or terrorism. FISA also created the Foreign Intelligence Surveillance Court (FISC), which oversees the surveillance warrant process.
Although FISA and the FISC have existed for decades, it wasn’t until late 2005 that most of the general public became aware of or concerned about them. In December 2005, The New York Times published an article exposing that the George W. Bush administration had ordered a warrantless domestic wiretapping program that was carried out by the National Security Agency (NSA) since at least 2002. Unsurprisingly, this caused a great deal of controversy among U.S. citizens. Under the program, which the Bush administration called the terrorist surveillance program, the NSA was authorized via executive order to monitor phone calls, internet activity (including browsing activity and email), text messages, and any other communication involving a party the NSA believed was outside of the United States, even if the other participant in the conversation was within the United States, without first obtaining a warrant. The Bush administration allegedly ceased this warrantless wiretapping in January 2007. The program has since been renewed numerous times.
Among these amendments was the implementation of the Section 702 program. This program authorized the warrantless surveillance of non-U.S. persons who were reasonably believed to be outside of the United States. However, after former NSA contractor Edward Snowden leaked classified NSA documents about the program in 2013, it became apparent that the U.S. government was relying heavily on this program for its domestic surveillance needs and was collecting not just metadata (like Section 215), but also content of communications. Since this disclosure, various amendments and policy changes have been made to the 702 program in an effort to mitigate and prevent inappropriate collection of information connected to U.S. persons.
After some initial setbacks and confusion, the most recent renewal and update to Section 702 occurred in January 2018. This newest iteration of 702 has now been reauthorized for six years, sunsetting on December 31, 2023. Debate about the program has long existed between those who believe the program is an integral aspect of the U.S. national security apparatus and privacy advocates who are concerned that loopholes provided by the program will allow for otherwise prohibited data collection about U.S. persons, especially since a warrant is not required for surveillance.
Although various privacy-protection measures were offered by members of Congress as amendments, including a subsequently rejected provision that would have required that intelligence officials obtain warrants in most cases prior to searching for and reading emails and other messages from Americans that were incidentally swept up under the program, the bill passed without substantial change. The FISA Amendments Reauthorization Act that ultimately passed does include a narrow warrant requirement. But this requirement only obligates the FBI to obtain a warrant for cases where it seeks emails or other messages related to an existing criminal investigation that has no relevance to national security. What has concerned privacy advocates, however, is the “backdoor search” of collected 702 data for information that concerns a specific American, someone who could not normally be targeted for surveillance without an individualized warrant. The NSA and CIA have both admitted that they conduct these types of searches tens of thousands of times every year. The FBI, which regularly conducts these types of searches, including for use in criminal investigations, does not keep count of how often these searches are performed. Although the warrant requirement provided in the FISA Amendments Reauthorization Act seemingly limits the FBI’s warrantless access to and use of 702 information about Americans, the language offers little in the way of protection. For example, the Act states that the FBI need only seek a FISC warrant to access 702 information when it searches for a U.S. person’s communications “in connection with a predicated investigation” that is not connected to national security. However, a “predicated investigation” is only the final stage of the FBI’s investigative process. Under current FBI 702 minimization procedures, “it is a routine and encouraged practice” for the FBI to search collected 702 data during the early stages of investigations. The language of the Act allows the FBI to continue running these searches in the early stages of investigations, negating the need to do so at the “predicated investigation” stage, when a warrant would be required.
Perhaps more worryingly, there has been increasing evidence that 702 collection has been used in low-level criminal prosecutions. There have been reports that the government may be relying on what is referred to as “parallel construction,” meaning that investigators develop similar evidence collected through 702 via an independent path in an effort to avoid introducing 702-obtained evidence in court. These allegations first arose in 2013, when Reuters uncovered documents showing that Drug Enforcement Agency (DEA) agents had been directed to conceal where information leading to a criminal investigation had originated from. This practice raises Constitutional questions governing a defendant’s right to a fair trial, as defendants cannot know to ask to review possible sources of exculpatory evidence if they do not know how an investigation truly began. Because law enforcement agencies utilize this method of parallel construction, 702 data often does not make its way into court under that guise, constraining judicial power to regulate the program.
Although the 702 program is an important aspect of the U.S. national security apparatus, it is flawed. Privacy advocates are rightly concerned that data collected under 702 will be used against U.S. persons who would otherwise require an individualized warrant to be surveilled. With this latest reauthorization of 702 set to sunset in late 2023, Congress should aim to implement meaningful reform, such as requiring the government to seek a warrant based on probable cause before searching 702 data for information about Americans in criminal cases, the next time around.