What to Expect for the PATRIOT Act Reauthorization

(Illustration: CJ Ostrosky / POGO; photo of iPhone: Flickr / Charlie)

Several controversial provisions of the PATRIOT Act—the law that vastly expanded national security surveillance in the wake of the September 11 attacks—are set to expire on March 15 unless Congress passes a new bill reauthorizing them. Congress should only reauthorize these provisions if it uses this opportunity to pass much-needed reforms to protect Americans’ privacy rights from improper surveillance.

Over the last four decades, the government’s national security surveillance powers have increased significantly; whenever Congress passes a new law to further this expansion, as it did with the PATRIOT Act, it’s building onto FISA.

As we have previously detailed, the history of PATRIOT Act surveillance is one of unprecedented violations of Americans’ civil liberties. And many of the most egregious misuses of the PATRIOT Act stem from systemic dysfunction throughout various aspects of the intelligence community in how national security surveillance as a whole operates.

Now, there is renewed momentum in Congress for broad reforms to surveillance laws beyond the PATRIOT Act, especially following the December 2019 release of the report by the Justice Department’s top watchdog that found problems with the Department of Justice application to wiretap Carter Page— who had previously served as President Donald Trump’s campaign aide—as part of an investigation into Russian interference in the 2016 presidential election. The report is a timely contribution to the reauthorization debate, spotlighting issues with a related provision of national security surveillance law, and with the oversight systems for national security surveillance. As Congress considers how to make national security surveillance more accountable, it should broadly examine problems with surveillance powers and the checks currently in place to guard against abuse, and pursue remedies accordingly.

Here’s what you need to know about national security surveillance, what to expect during the upcoming reauthorization debate, and what policies will be most important when Congress proposes new legislation.

What exactly is the PATRIOT Act, and how did it affect the rules governing national security surveillance?

The PATRIOT Act was passed by Congress and subsequently signed into law by President George W. Bush in October 2001. The law expanded national security surveillance and also brought about a range of institutional changes, such as facilitating greater coordination between government agencies. While some elements of the law were intended to solve the types of problems that preceded the September 11 attacks, many others were simply from the executive branch’s long-standing wish list of ways to increase its surveillance powers. Congress passed the PATRIOT Act with little debate and little scrutiny of some of the bill’s problematic provisions, with insufficient consideration to how broadly parts of it could be used.

The PATRIOT Act amended a preexisting law, the Foreign Intelligence Surveillance Act, governing all foreign intelligence and national security surveillance authorized by Congress (as opposed to internationally focused surveillance powers the president wields based on their inherent authority in the Constitution). That law, commonly known by its acronym, FISA, was passed in 1978 and created the authority for the government to obtain warrants to surveil individual targets based on probable cause that they are an “agent of a foreign power.” The Foreign Intelligence Surveillance Court, also known as the FISA Court, which was also created as part of the law, approves these warrants.

FISA has dramatically expanded since then. Over the last four decades, the government’s national security surveillance powers have increased significantly; whenever Congress passes a new law to further this expansion, as it did with the PATRIOT Act, it’s building onto FISA.

What’s expiring in March?

Three provisions from the PATRIOT Act and related surveillance laws with “sunset” clauses—which require Congress to renew them regularly—are about to expire: roving wiretaps, the “lone wolf” provision, and Section 215. We believe Congress should only reauthorize these provisions if it passes major reforms in the same bill (see below for more on what those reforms should be).

Roving wiretaps give the government the authority to issue one surveillance order for a target that is intermittently using multiple communications identifiers. For example, the FBI could use a roving wiretap to be able to surveil a target jumping between different phone numbers by using “burner phones.” This is a logical tool for intelligence agencies to want, but it does raise concerns about whether targets will always be properly designated.

The lone wolf provision, which was added to FISA as part of the Intelligence Reform and Terrorism Prevention Act of 2004, allows the government to monitor a foreign national who is suspected of aiding international terrorism but is not connected to a terrorist organization. This combination may sound unlikely, and in fact, to the best of our knowledge, the provision has never been used.

A particularly controversial provision of the PATRIOT Act, Section 215, gives the government immense power to demand records from companies for national security investigations. Section 215 exists in law as the “business records provision” of FISA, and authorizes the government to demand virtually any “tangible things” that do not consist of communications content, and without any suspicion of wrongdoing. The executive branch has repeatedly abused the authorities in Section 215—a problem that has been reduced, but not fully resolved.

The National Security Agency (NSA) previously used Section 215 to engage in nationwide bulk collection of phone records, a gross misapplication beyond what Congress authorized the law to do. When it last reformed the provision, in 2015, Congress outlawednationwide bulk collection, and created the authority for a new “call detail records program.” This program is more limited but is invasive nonetheless, allowing the NSA to obtain all call records of both a designated target and everyone they communicate with. (More on how the program works and its current status below.)

Why do these provisions have sunsets?

Sunset clauses give Congress a built-in mechanism to periodically assess whether provisions of laws like the PATRIOT Act are working as intended, and to make changes if lawmakers deem it necessary. For surveillance law, sunsets create checkpoints where the executive branch needs to show Congress that it hasn’t misused its new surveillance power, or that technical issues and advances haven’t dramatically changed what the authority means. Given the litany of major problems that the PATRIOT Act has enabled, it’s easy to see the value of sunsets for this sort of law.

Sunsets have also proven useful in achieving reforms. When the three provisions discussed above were about to expire in 2015, lawmakers refused to extend them without reforms. This helped Congress pass the USA FREEDOM Act, which instituted a number of reforms to protect privacy, prohibited nationwide bulk collection of phone records, and created the authority for the call detail records program. Now we have a chance to demand additional reforms, and fix problems that have developed over the last few years.

What’s the most important change for Congress to make to the PATRIOT Act?

In our view, it’s most important that Congress rescind the authority within Section 215 for the call detail records program. Although this program was a huge improvement over the one it replaced, which allowed nationwide bulk collection of phone records, it is still problematic.

There are three key reasons for Congress to pull the plug on the call detail records program. First, the program is highly invasive. In 2018, the NSA used it to collect records from over 19 million phone numbers, based on fewer than 50 targets. Surveillance on this scale, and of individuals not suspected of any wrongdoing, is unacceptable.

Second, we have no reason to believe it aids national security. The intelligence community has provided no evidence that the program has contributed to the detection or disruption of a terrorist plot. In multiplehearings last year, NSA officials refused to say if the program had ever done so, even though, as lawmakers noted, the agency was happy to make such statements in the past regarding surveillance systems and programs that had provided value.

Third, the call detail records program is dysfunctional on a technical level. The program has had multiple instances of overcollection—meaning the NSA received phone records the law didn’t authorize it to collect. These problems were so severe that in response to the first instance of overcollection, the agency purged its entire stores of call records data from the program, and following the second, it shut down the program. The program is still dormant, pending further review and developments.

If the call detail records program is left on the books and gets restarted later, could the NSA collect my call records?

That’s definitely a risk. The call detail records program uses what’s known as “contact chaining,” which grabs all the call records of an individual target as well as those of everyone they talk to. So even if you never spoke to the target, but had a mutual contact, such as your doctor, lawyer, or pastor, your call logs with that mutual contact would be collected by the NSA.

The program has been shut down for over a year because of the technical issues mentioned above, not because of how invasive the program is. If the NSA feels that it has sufficiently resolved those technical issues, it seems likely the agency would restart the program.

Removing the portion of Section 215 that creates the authority for the program would rule out the possibility that the NSA could restart it.

What other parts of FISA and the PATRIOT Act need reform?

While the three mentioned above are the only ones that will actually expire if Congress doesn’t act, a new law extending these provisions could also take on a significant range of additional reforms to FISA. Many problems we’ve seen in PATRIOT Act surveillance ultimately result from broader, systemic issues with how FISA as a whole operates.

First, Congress should provide stronger oversight and more transparency for the activities of the FISA Court. In 2015, in order to promote privacy rights, the USA FREEDOM Act created an amicus curiae, or “friend of the court,” role for an outside litigator to provide the court with added expertise, specifically in cases involving novel questions of law. This was a good start, but Congress should expand this role so the amicus has access to more materials and a greater range of proceedings.

Second, Congress should reform FISA so that it properly protects location privacy. In 2018, the Supreme Court ruled that the Fourth Amendment requires law enforcement to obtain a warrant for electronic location tracking—specifically for cellphone location tracking—but left many details ambiguous. Many provisions of FISA, notably Section 215, could allow the government to demand location records that reveal Americans’ most sensitive activities and interactions. Congress should include legislative language requiring a warrant for this type of location surveillance.

Third, Congress should require that the government notify individuals when they are targeted by FISA surveillance. When an individual is subject to a traditional criminal wiretap, the law requires that, after the investigation is over, the government notify the individual. But most of the invasive types of surveillance the government conducts under FISA do not require this type of notification. This leaves individuals unable to challenge the government’s conduct in court if they believe they were improperly targeted for surveillance or that the surveillance was conducted improperly.

These are among the most important reforms that new legislation should make, but they are far from the only ones. Privacy advocates, including POGO, have highlighted a range of reforms Congress should act on, including systemic changes to prevent surveillance abuse. And in addition to long-standing surveillance concerns, the recent Justice Department Inspector General report has shone a light on other problems Congress should turn its attention to.

How are problems highlighted in the inspector general report about FISA Court proceedings connected to the PATRIOT Act reauthorization?

The Justice Department Inspector General’s December 2019 report investigates the use of the warrant-focused provision of FISA built into the original law. In its debate leading up to the PATRIOT Act reauthorization, Congress is focusing on how to make the FISA system more accountable, so it’s an obvious choice for lawmakers to examine this issue as well.

The report revealed serious problems with assertions the government made to the FISA Court in order to obtain a warrant to wiretap and surveil other electronic communications of former Trump campaign advisor Carter Page. Specifically, the inspector general discovered that while the original warrant application was done properly, information in the applications to renew the warrant omitted and mischaracterized important information.

The inspector general found no evidence that political bias motivated these omissions and misrepresentations, but it’s worth noting that investigators can be driven by a much more basic problematic impulse: confirmation bias, and the desire to keep pursuing a suspect they believe is guilty. That’s one of the reasons it is critically important that judges, who are able to look at investigations from an independent vantage point, approve surveillance requests. But in order for the system to work, the judge needs to receive all relevant information.

What if Congress can’t agree on new legislation before the deadline?

If Congress is unable or unwilling to pass a bill that properly addresses these issues, it could kick the can down the road and push back the PATRIOT Act deadline a few months. But this would be extremely irresponsible.

The PATRIOT Act provisions that are about to sunset were originally set to expire on December 15, but Congress opted to delay the sunset to wait for publication of the inspector general report (and because the impeachment of Trump was absorbing most of the time in the House of Representatives’ schedule). Now, however, there is no reason for Congress to delay action on these critically important issues that affect all Americans’ privacy rights.

What is the Project On Government Oversight doing to push for reform?

Our main priority is to ensure that Congress passes a strong reform bill to protect privacy rights and prevent abuse of surveillance powers. We’ll be working with a coalition of advocates and experts to persuade Congress to act, and making sure that the legislative language accomplishes what it purports to.

The recently introduced Safeguarding Americans’ Private Records Act is a bipartisan bill that includes many of the key improvements to FISA we’ve been pushing for. We’ve been campaigning for years to change the PATRIOT Act, and improve privacy protections in FISA as a whole. With the passage of the USA FREEDOM Act in 2015, our work helped roll back overbroad surveillance; but that law was a step forward, not a complete solution. We’ll be continuing to work with congressional offices to highlight the risks that overbroad surveillance poses, and how to fix them. And, as the PATRIOT Act reauthorization deadline approaches, we plan to make sure lawmakers take another big step in protecting us from unchecked and excessive surveillance.