Give Now

We must close the loophole that allows law enforcement to buy our personal data without a warrant.

Championing Responsible National Security Policy
|
Analysis

As Clock Ticks Down on Warrantless-Surveillance Authority, Congress Races to the Bottom

With just weeks before a controversial warrantless-surveillance authority expires, Congress took another step toward potential reauthorization—one that is a significant step backwards on protection of our rights. On December 1 the House Permanent Select Committee on Intelligence narrowly approved a bill reauthorizing Section 702 of the Foreign Intelligence Surveillance Act (FISA) reauthorization bill on a party-line vote, just one day after the bill was introduced. The vote fell along party lines. With House Intelligence jumping into the fray, there are now an astounding six separate efforts to deal with Section 702: 1) The new House Intelligence bill, 2) a broad reauthorization bill from the Senate Intelligence Committee, 3) a sweeping reform proposal from Senators Ron Wyden (D-OR) and Rand Paul (R-KY), 4) a reform bill from Senators Mike Lee (R-UT) and Patrick Leahy (D-VT) that is less ambitious than Wyden-Paul but still makes key reforms, 5) a House Judiciary proposal that makes a couple improvements, but has significant flaws, and 6) a straight reauthorization of the law with no changes.

Section 702 of FISA creates serious privacy and due process problems. The 1978 Foreign Intelligence Surveillance Act created rules governing surveillance for foreign intelligence purposes, including a requirement that the government obtain individualized warrants from the FISA Court. After the 9/11 attacks, the government sought to rapidly increase surveillance of terrorist targets, especially those from foreign sources. In 2008, Congress added Section 702 to FISA, which permits the government to—for foreign intelligence purposes—designate any foreigner outside the United States as a Section 702 “target” and subject them to warrantless surveillance. Congress intended Section 702 to be focused on and limited to gathering foreign intelligence and protecting national security.

Such warrantless surveillance would never be directly permitted for domestic law enforcement. However, the vast expansion of global communications over the last decade has led Section 702 to be co-opted for domestic law enforcement purposes. Because Section 702 permits surveillance of virtually any foreigner outside the United States, it can be used to justify monitoring communications of individuals in no way connected to suspected wrongdoing, including their communications with average Americans. The FBI can then deliberately search their databases for these Americans’ communications without any suspicion of wrongdoing, a flaw commonly called “the backdoor search loophole.” Additionally, the Intelligence Community has interpreted Section 702 to permit collection of communications that are neither to nor from designated targets so long as they mention a target, a highly troublesome practice called “about” collection; “about” collection was never debated or directly authorized by Congress, and can sweep up wholly domestic communications. Congress should be approaching Section 702 with significant deliberation to address these and other problems with the law.

The fact that the landscape is so muddled—and that there is no clear sense from House or Senate leadership on how they plan to address the wide range of views in Congress, made evident by the array of significantly different bills that have all received support—should alarm the Intelligence Community, which describes some aspects of Section 702 as critical to our nation’s security. But the recent advance of the House Intelligence bill through markup and continued focus on the Senate Intelligence bill by Congressional leadership should also raise serious alarm for all Americans. Even in the wake of mass compliance problems, backdoors around basic Fourth Amendment protections, and risks of a “foreign intelligence” authority being co-opted for warrantless domestic surveillance, these bills threaten to actually expand one of the most controversial surveillance authorities in a variety of ways.

Codifies the backdoor search loophole. Both the House Intelligence and Senate Intelligence bills codify the backdoor search loophole, the most problematic feature of Section 702 for Americans’ privacy. The backdoor search loophole reverses the investigative process, allowing agencies such as the FBI to deliberately seek out Americans’ private communications (such as emails and text messages) before they’ve developed suspicion rising to probable cause, or before they have even opened an investigation. The House Intelligence bill gives the government the option of seeking a court order prior to conducting queries deliberately seeking Americans’ content, but imposes no actual requirements of independent authorization, effectively codifying the practice. This applies not just to foreign intelligence queries, but also to queries for entirely domestic criminal matters, enhancing the risk of mission creep. Similarly, the Senate Intelligence bill codifies backdoor searches by merely requiring the Intelligence Community to submit to the FISA Court that its queries are lawful.

Backdoor searches can be conducted at an assessment or pre-assessment stage with no suspicion—in fact as FBI Director Chris Wray recently noted, a random (even anonymous) tip can be sufficient justification to query Americans’ communications, creating the potential for a fishing expedition of our emails, texts, and calls, absent restrictions. And FBI searches can be conducted for purely domestic criminal purposes, with the fruits of searches used in investigation and prosecution of any crime, even if totally unrelated to foreign intelligence or national security. This creates serious risk of improper focus and abuse, as made abundantly clear by recent surveillance efforts directed at minorities and political activists.

Codifies “about” collection. The House Intelligence and Senate Intelligence bills would also codify the highly controversial and unnecessary practice of “about” collection, in which NSA gathers communications that are neither to nor from a Section 702 target, but mention a target’s communication identifier (such as an email or username). Early in 2017, the FISA Court prohibited this practice due to serious compliance problems. Once this occurred, the government admitted “about” collection was far less important than previously stated; NSA itself said that even without “about” collection, its system would retain surveillance capabilities “that provides the greatest value to national security.” Nonetheless, both bills permit the Intelligence Community to resume “about” collection once it obtains FISA Court approval. Because the FISA Court’s objections were on Constitutional grounds due to the level of domestic communications incidentally collected and accessed, this approval is actually necessary under any circumstances, but permitting “about” collection upon such approval would be the first time Congress would ever authorize this activity under any condition. By allowing “about” collection so long as courts say that it complies with the Constitution, the provision effectively amounts to a codification.

This authorization of content-based collection would be deeply problematic both because of the harm to privacy that “about” collection causes, and for the broader precedent it would create. Because “about” collection gathers up communications that are neither to nor from a target, it can sweep up wholly domestic communications. Additionally, the practice has been riddled with compliance problems, which is why the FISA Court eventually forced NSA to shut it down. But more broadly, Congressional authorization of surveillance based on the content of what is monitored is a terrifying precedent. With the potential to engage in automated scans of emails, laptops, cloud databases, and even video feeds with software designed to detect certain faces or heat signatures, the concept of “content-based collection” could open the door to a wide array of surveillance in which searches occur first and are later justified (or not) based on the result.

Expansion of foreign intelligence surveillance in general. Beyond codifying the most egregious practices of Section 702 into law, the House Intelligence and Senate Intelligence bills actually expand overall surveillance authorities under FISA. Since Edward Snowden’s revelations, the government has defended Section 702 as a “targeted” program in which it must designate individual entities for surveillance. But both bills would permit targeting of “a facility, place, premises, or property.” This opens the door to bulk surveillance. The government has interpreted “facilities” to mean communications hubs that route emails of millions of Americans, permitting it to engage in bulk surveillance, and “place” could open the door to entire cities, regions, or countries being designated as a Section 702 “target,” possibly making everyone within that space subject to continuous monitoring. Further, the House Intelligence bill expands the definition of “agent of a foreign power”—the basis for surveillance under Title I of FISA—to include anyone who engages in an array of cyber-related activities. Because Title I of FISA permits surveillance of Americans in the United States so long as the government demonstrates probable cause that they are “agents of a foreign power,” this change could improperly expand domestic surveillance by creating unprecedentedly low standards for monitoring Americans’ communications.

Whistleblower protections needed. These bills also lack whistleblower shields for federal contractors in the Intelligence Community, who lost protection against retaliation for making good-faith disclosures in 2012. Whistleblowers are the American public’s first line of defense against waste, fraud, and abuse in the federal government. Contractors currently make up at least one-third of the Intelligence Community’s workforce. Without adequate protection, these contractors have no legitimate means by which to challenge illicit retaliatory action taken against their lawful, good-faith disclosures, and so they must choose between sitting as silent observers of abuse or being exposed to retaliation. Considering the potential for abuse of public privacy, strong, best-practice whistleblower protections are absolutely essential and should be a priority for lawmakers as they consider this legislation. The versions of the reauthorization bill that were introduced by the House Judiciary Committee and by Senators Lee and Leahy both have adequate provisions that would remedy the current situation and protect federal contractors in the Intelligence Community from retaliation from their supervisors.

Both the House Intelligence and Senate Intelligence bills would be significantly worse than a straight reauthorization of Section 702. Luckily, these are not Congress’s only options. It could also act on the Wyden-Paul bill, or the Lee-Leahy bill, both of which have the support of the Project On Government Oversight and The Constitution Project. These measures enact significant reforms in a variety of areas—most notably fixing the backdoor search loophole—and do so in a manner that would not inhibit the national security value Section 702 does provide. But leadership in both the House and Senate do not seem to have the appetite to give Section 702 reauthorization the rigorous review and consideration it requires. This is unacceptable. This program gives the Intelligence Community the ability to collect communications to and from Americans without a warrant, and gives agencies including the FBI the ability to deliberately seek out those communications via queries, totally absent suspicion of wrongdoing and irrespective of the demands of the Fourth Amendment. Its scale and potential for abuse is massive. And it deserves a serious debate and due consideration of all the options available.

Rebecca Jones contributed to this report.