Championing Responsible National Security Policy

Facts on FISA: Correcting the Record on the Section 702 House Floor Debate

This piece originally appeared on Just Security.

Last week the House voted to extend Section 702 of the FISA Amendments Act of 2008, a warrantless surveillance authority that is targeted at foreigners but affects a huge number of Americans, a move that will codify some of Section 702’s most controversial practices. The reauthorization bill (S.139) was rapidly developed by the House Intelligence Committee (known by the acronym, HPSCI) and rushed to the House floor. This occurred directly after the narrow defeat of an amendment led by Reps.Justin Amash (R-Mich.) and Zoe Lofgren (D-Calif.) that would have replaced the bill with The USA Rights Act, an alternative 702 reauthorization which would have imposed strict new privacy requirements.

As we move forward with this new iteration of Section 702, it’s critical to look back at the debate and correct the record on inaccurate statements about this law and the proposals to reauthorize it. The following is a compilation of all factual errors that I uncovered while reviewing the entire floor debate, with explanations and corrections:

Rep. Chris Stewart (R-Utah)

Rep. Stewart began the debate by lamenting how he was “dismayed by the amount of disinformation being propagated by those who oppose Section 702.” This dismay seems displaced by Rep. Stewart, who made no less than four separate factual misstatements during the debate.

Statement: “Section 702 targets spies, terrorists, weapons proliferators, and other foreign adversaries who threaten the United States.”

FACTS: The law is touted as a national security authority that can be used to target spies, terrorists, proliferators, and foreign adversaries. However, it additionally permits targeting of any foreigner abroad for foreign intelligence purposes. And this includes any information “that relates to the conduct of the foreign affairs of the United States.” Such an overbroad category is sufficiently sweeping to permit surveillance of individuals on the basis of commonplace activities such as protesting outside a U.S. embassy, supporting a human rights group, or writing about international relations or global economics. The NSA’s own slides on Section 702 describe it as collecting on topics such as “energy” and “political affairs.”

Statement: “Under S.139 [HPSCI bill] if the [FBI] conducts a US person query into its database during a criminal investigation not related to national security, and conducts a 702 [query], the FBI must obtain an order from the FISA Court prior to accessing the content of the communication.”

FACTS: The US person queries Rep. Stewart referred to are a means of deliberately seeking out Americans’ communications incidentally collected via Section 702 warrantless surveilance and maintained in government databases. The Congressman significantly overstates how broadly this “warrant requirement” applies to US person queries by the FBI. The HPSCI bill only requires the FBI to obtain court approval to conduct a query during the middle phase of an investigation, specifically during a “predicated” investigation; The FBI investigative process begins with an “assessment” phase before advancing into steps of a “predicated” investiation. This leaves the FBI free to conduct warrantless queries for Americans’ communications during this earlier stage of investigations. In addition to this, there is an even more problematic loophole in this bill (albeit one that does not directly contradict Rep Stewart’s statement) that allows the government to conduct warrantless queries of the databases of Americans’ information that’s been collected under the auspices of Section 702 when it has no open investigation. All of this creates a perverse incentive for law enforcement to dig through emails more vigorously when it has less suspicion.

And critically, the HPSCI bill also contains a loophole that would largely subsume even the meek predicated investigation warrant rule. Beyond being limited only to queries during certain stages of criminal investigations, this “warrant requirement” contains a large exception for any query that “could assist in mitigating or eliminating a threat to life or serious bodily harm.” The language of this exception is so broad — it includes risks that are not imminent and any assistance in vaguely “mitigating” rather than preventing or prosecuting – that it could be used as the basis for warrantless queries during investigations that have no direct bearing on threats of serious bodily harm.

Statement: “Under US[A] Rights Act, the FBI would not be able to look at lawfully collected data related to suspicious activity similar to that of the 9/11 hijackers.”

FACTS: The USA Rights Act would simply establish a probable cause warrant requirement to query the collected data of any U.S. persons or persons in the U.S. with no exceptions other than emergency situations. It offers avenues of access for both foreign intelligence and domestic law enforcement queries. Such a requirement may be too onerous for some lawmakers, but it is far from the blanket prohibition that Rep. Stewart described.

Statement: “The bill’s reforms include …. Limiting the instance when the government can use Section 702 information to prosecute U.S. people.”

FACTS: This statement is misleading. Although the bill does limit instances when the government can use Section 702 information as evidence admitted in criminal court proceedings (with significant loopholes, to be discussed below in reference to other misstatements), there are absolutely no limits on the government using Section 702 information as the basis for opening an investigation, which would lead to more evidence being collected and used in court to prosecute a suspect.

The entire exclusionary doctrine is founded on the principle that prosecutions extend beyond the courtroom: information that’s been unlawfully obtained by the government cannot be used as part of a prosecution, even if that information is simply used in support of the case and not directly used in court. The doctrine generally holds that all evidence derived from improperly obtained and inadmissible materials is “Fruit of the Poisonous Tree” and is inadmissible as well. The HPSCI bill creates a “Fruit of the Poisonous Tree Loophole,” whereby some Section 702 information would be inadmissible for court under the bill, but could nonetheless serve as the foundation for deriving significant information that is then used as in-court evidence. Further, Section 702 information could be “reverse engineered” into information obtained from other sources — a process known as parallel construction — and then used for domestic prosecutions of anycrime. And as a comprehensive report by Human Rights Watch recently detailed, parallel construction may be a fairly common phenomenon with little opportunity for transparency or redress

Rep. Mike Conway (R-Texas)

Statement: “Abouts [sic] collection does not collect names of targets, just selectors [such as an email address]”

FACTS: This statement is nearly accurate regarding the previous form of a currently suspended practice known as “about” collection, but with a set of significant exceptions: As the New York Times reported in 2015, the NSA used “about” collection to gather communications data not just by looking for communications mentioning specific “selectors” like email addresses and phone numbers, but also on the basis of IP addresses and “cyber signatures” found within content.

But more importantly, the HPSCI bill expands “about” collection to go far beyond communications that contain specific target selectors. In fact, in its authorization for “about” collection, the bill includes no references to selectors, but rather defines “about” collection as “a communication that contains a reference to, but is not to or from, a target.” (Emphasis added) That “contains a reference to” phrase is incredibly dangerous, because for example, it would be easy for the government to argue (and a court to accept) that emails between two people mentioning the name of a target as something that “contains reference to a target.” So if any American sent or received emails from someone abroad (including another U.S. citizen) that contained words such as “ISIS” or “Vladimir Putin,” they likely could be swept up under the HPSCI bill’s form of “about collection” because those emails “contain a reference to a target.”

Rep. Bob Goodlatte (R-Va.)

Statement: “[With Section 702] They have to go to the court and get approval for the selectors [i.e. targets] to gather information on a quarterly basis.”

FACTS: This was one of the most shocking misstatements of the debate, particularly from the Chairman of the House Judiciary Committee. Rep. Goodlatte inaccurately portrayed the most basic concept of Section 702, which is that the law is in fact a warrantless surveillance authority. Rep. Goodlatte described it as a system where the government goes to the Foreign Intelligence Surveillance Court and gets particularized approval of targets. However, the founding principle of Section 702 is to sidestep this process so the Intelligence Community can more easily monitor foreign targets. The result is a sweeping system with over 100,000 targets, a scale that likely could never be achieved if individualized court approval were actually required as Rep. Goodlatte said.

Statement: “The [HPSCI] bill requires, for the first time, a warrant to access 702 collected communications on US persons in criminal investigations.”

FACTS: This statement repeats previous inaccuracies described above, falsely asserting that the HPSCI bill’s “warrant requirement” applies generally to criminal investigations, rather than in a mere portion of cases, specifically those at the “predicated” phase I mentioned earlier. Not only does the bill contain a wide array of loopholes that could be exploited today, the goverment could very well adjust future practices to maximize access to Section 702 data and thereby its ability to engage in warrantless U.S. person queries in the future. For example, the FBI could shift greater emphasis to early stage investigations. Or, the Attorney General’s office could adjust its guidelines to permit a broader scope of activities in the unprotected early phase of investigations, or draft guidance establishing extremely broad parameters for “mitigating a threat to life or serious bodily harm” that would allow the FBI to frequently discard the “warrant requirement” during predicated investigations.

Statement: “There is an amendment that will be offered, sponsored by Mr. Amash and Mrs. Lofgren, that would prevent the FBI from ever querying its 702 database using a US person term.”

FACTS: This is a gross distortion of The USA Rights Act. The amendment in no way contained an outright ban on querying 702 databases for US person information, but rather it simply contained a consistent warrant requirement for U.S. person queries Rep. Goodlatte later correctly describes the Amash-Lofgren bill as requiring a warrant at the outset before access to US person data, indicating his comment may have been a mere slip of tongue or drafting error in his remarks rather than an effort to mislead Nonetheless, it was a serious error that would mislead anyone listening to this part of the debate.

Statement: “In routine criminal cases, when the FBI accesses US person communications that were incidentally collected, without first obtaining a warrant, the FBI will not be permitted to use those communications in a criminal prosecution.”

FACTS: Once again, the HPSCI bill is misrepresented and presented as containing a solid prohibition on using Section 702 for most domestic prosecutions. In reality, it only prevents use as evidence in court, while leaving open the door for prosecutions to be built upon evidence obtained via Section 702. For example, while emails from Section 702 indicating marijuana sales or tax fraud may not be used in court, they could form the foundation of a prosecution, and all information used in court could be directly derived from warrantless Section 702 surveillance.

Rep. Adam Schiff (D-Calif.)

Statement: “In the absence of a warrant the [HPSCI bill] provides that evidence that would be obtained would be excluded from use in court.”

FACTS: Unlike other misstatements regarding prosecutorial limits imposed by the HPSCI bill, this statement properly states that the bill only applies to in-court use, rather than inaccurately stating that the bill more broadly prevents 702 information being used for any part of a prosecution. However, Rep. Schiff significantly overstates the limits of the HPSCI bill by ignoring broad exceptions allowing for in-court use Notably, the bill contains undefined exceptions that would allow 702 data to be used in the courtroom for cases involving any crime that the Attorney General believes “relates to national security” or “involves cybersecurity.” Such broad and unclear terms could be used to sweep up civil rights activists under the category of “Black Identity Extremists” or hook in low-level crimes involving “cybersecurity” purely for use of an electronic device as part of its commission.

Rep. Tom Marino (R-Pa.)

Statement: “As a U.S. Attorney I used this [Section 702] – my office used this Section – we followed the law to the letter there were no complaints.”

FACTS: As New York Times reporter Charlie Savage quickly noted, Rep. Marino resigned from his post as a U.S. Attorney in 2007, the year before Section 702 was passed into law, making it impossible that he used the authority. Perhaps Rep. Marino innocuously confused Section 702 with a prior foreign surveillance authority. But even if so, this kind of personal endorsement of 702 as a former prosecutor can create undue influence over colleagues and constituents

Rep. Steve King (R-Iowa)

Statement: “[For the HPSCI bill] We’ve got a probable cause requirement for any criminal investigation, that protects U.S. persons.”

FACTS: This is a correction I’ve described above in reference to statements by other members of Congress, but, it’s important to note how frequently this same falsehood was repeated. The HPSCI bill does not provide a general warrant requirement during criminal investigations, only at a later stage. The exception for assisting in any effort to mitigate threats of serious bodily harm further riddles this “requirement” with loopholes that could be broadly exploited. And unlike Reps Stewart and Goodlatte, Rep. King ignores the broad national security exception, which expands potential for warrantless U.S. person queries during criminal investigations even further.

Rep. Jim Sensenbrenner (R-Wisc.)

Statement: “What about collection means, is that for example, if you have two jihadists that are in Pakistan communicating with each other that they didn’t like something that Mr. Nadler said, the FBI can pick up the name Nadler, and go into all of his emails, all of his texts, all of the information that they have on him.”

FACTS: It’s important to highlight errors in this debate not just from surveillance proponents, but also from privacy advocates. This statement is an erroneous description of “about” collection. “About” collection involves collection of communications of non-targets based on content within those communications. It does not, as Rep. Sensenbrenner describes in his hypothetical, involve collecting the emails of an individual because a target mentions them. The FBI could read emails and texts by Rep. Nadler collected via Section 702 using a US person query (in fact, it has been reported that Congressmen’s communications have been swept up using Section 702), but this would involve querying after incidental collection – it could not directly occur as a result of “about” collection.

Additionally, Rep. Sensenbrenner’s description of “all of his emails, all of his texts” is overbroad – although Section 702 likely sweeps up a huge amount Americans’ communications, because Americans cannot be a Section 702 target, it is virtually impossible for all an Americans’ communications to be collected under the law.