January 13, 2016
Hon. James R. Clapper
Director, Office of the Director of National Intelligence
Washington, DC 20511
Dear Director Clapper:
We received your office’s December 23, 2015 response, signed by Civil Liberties Protection Officer Alexander W. Joel, to our October 29, 2015 letter, which requested that you provide basic information about how Section 702 of the Foreign Intelligence Surveillance Act (FISA) affects Americans and other U.S. residents. We continue to believe that the information requested in our October 29 letter is essential to providing Congress and the American people with crucial facts about Section 702 – especially prior to any legislative reauthorization efforts. No member of Congress should be forced to vote on such a critical matter while they and their constituents are kept in the dark about the extent to which Section 702 is being used to surveil Americans and other U.S residents.
We appreciate your offer of a meeting for the purposes of ensuring that ODNI fully understands our requests and concerns, explaining the status of ODNI’s existing efforts, and exploring whether alternative approaches might address our concerns in cases where your office asserts that there are challenges to providing the requested information. However, to the extent the initial information provided in the letter is indicative of what we may hope to learn at the meeting, we are concerned that this engagement may not meaningfully respond to our requests or advance the public discussion. We write to identify the areas where the initial responses contained in the December 23 letter miss the mark, in order to facilitate a more robust discussion in person.
1. Estimate of How Many Communications Involving U.S. Residents Are Subject to Surveillance
Our first request was for an estimate of how many communications involving U.S. persons are collected under Section 702. We noted that, in response to previous requests for the same information by members of Congress, your office has stated that such a count would be too resource-intensive and would itself violate Americans’ privacy. Our letter provided a detailed response to these arguments, including a proposal for ascertaining this information while minimizing privacy intrusions.
Instead of responding to this proposal, the December 23 letter quotes the PCLOB’s description of the government’s arguments – the very ones we addressed in our letter. It then sets forth the PCLOB’s five recommendations for data the NSA should provide regarding the acquisition and use of communications involving U.S. persons (which include subsets of the data we requested), and states that the NSA is working on reviewing and/or implementing them.
This information is neither new nor responsive to our request. We note in particular that the PCLOB’s Recommendations Assessment Report, which the December 23 letter cites, was published nearly a year ago, and that to our knowledge the Intelligence Community has not yet released any new information publicly as result. Our October 29 letter acknowledged the PCLOB’s recommendations but explained why additional data on Section 702 is needed and how it can feasibly be obtained.
Moreover, while the more limited data disclosures recommended by the PCLOB would certainly shed important light on how Section 702 affects Americans, the December 23 letter indicates that only the fourth recommendation is “in the process of implement[ation].” For the first three recommendations, the NSA “has been reviewing how to implement” them, and for the fifth, the data – which the NSA already tracks – is being “review[ed] for potential inclusion in public reporting.” Four of the PCLOB’s five recommendations are thus still under review fully eighteen months after the PCLOB issued its report. It is difficult to view such limited progress on a small subset of the data we seek as responsive to our request.
2. FBI’s Use of U.S. Person Identifiers to Query Section 702 Data
Our second request asked you to work with the Attorney General to determine and disclose the number of times that the FBI uses U.S. person identifiers to query Section 702 data. The December 23 letter responds by citing the PCLOB’s observation that the FBI does not track U.S. person queries (despite conducting them routinely). We cited this same observation in our initial letter, but noted that the NSA’s and CIA’s practices suggest that such tracking is possible and could be implemented by the FBI. We also noted that, to the extent commingled databases complicate the provision of this information, the FBI could report the total number of U.S. queries of commingled databases and the number of U.S. queries that returned Section 702-derived data. The December 23 letter does not acknowledge or respond to these suggestions.
We are troubled, moreover, by the letter’s implicit suggestion that the PCLOB’s recommendations are a ceiling for what the Intelligence Community is willing to discuss. The PCLOB is a critically important oversight body, but it does not define the boundaries of appropriate civil liberties concerns or responses. In this case, the information at issue has also been requested by two members of the Senate Select Committee on Intelligence and has clear implications for civil liberties in the United States. The ODNI should therefore undertake to provide the requested information.
3. Notification of Use of Information “Derived From” Section 702
Finally, our letter requested that you disclose how the Department of Justice and other agencies interpret FISA’s statutory notice requirement. The December 23 letter responds that the Department of Justice’s standards and analyses for notification of FISA surveillance are “similar” to the notification standards for surveillance under Title III of the Omnibus Crime Control and Safe Streets Act of 1968. This response repeats the Department of Justice’s public position as set forth in previous court filings. As noted in our letter, however, reports on the use of FISA-derived evidence in criminal cases and other proceedings, along with the PCLOB’s description of routine FBI queries of Section 702 data, simply do not square with the lack of actual notifications in these cases. That is why we requested that you disclose the relevant legal interpretations rather than relying on the Justice Department’s brief public statements, which provide little concrete information. Moreover, other agencies, such as the Treasury Department, must have their own interpretations regarding when they must provide notice of Section 702 surveillance, yet no information on these interpretations has been made publicly available or is provided in the December 23 letter.
We recognize that it may be both advantageous and necessary to engage in further dialogue regarding our requests in the October 29 letter. We welcome an in-person exchange between Intelligence Community officials and our organizations. However, for such a meeting to be productive, it is critical that officials be willing and prepared to respond to the specific proposals in our letter and, if necessary, offer alternative mechanisms for obtaining this information. To that end, we are providing in advance some of the questions that we hope officials attending the meeting will be able to answer:
• What barriers, if any, exist to using automated processes to identify whether parties to communications obtained under Section 702 are likely to be U.S. persons? What avenues has the NSA explored to address these barriers, and with what result? Would you be willing to work with our organizations’ technologists on finding solutions?
• Our letter stated that a limited sampling of communications under certain conditions could be an acceptable last-resort method of estimating how many communications obtained through PRISM are likely to involve U.S. persons. What specific concerns, if any, do you have with this proposal as we described it?
• What measures, if any, have you undertaken to determine the specific allocation of resources that would be necessary to perform such a sampling?
• How did the NSA conduct the sampling it performed to provide the FISC with an estimate of the number of U.S. persons whose communications were contained in multi-communication transactions obtained under Section 702 through upstream collection? What resources were involved? Could that process be used as a model or otherwise be informative?
• What has led to the 18-month delay in beginning implementation of the PCLOB’s recommendations to count (a) the number of telephone communications acquired under Section 702 in which one caller is located in the United States, and (b) the number of Internet communications acquired under Section 702 through upstream collection that originate or terminate in the United States? When can we expect these numbers to be shared with Congress and the public?
• We understand the FBI currently does not track whether U.S. person identifiers are used to query databases containing information derived from Section 702 surveillance. What, if anything, prevents the FBI from changing its practices to do so? To the extent obstacles have been identified, what avenues have you explored for working around them or for finding alternative methods of obtaining this information? (We ask that the relevant FBI official(s) attend the meeting to assist in answering these questions.)
• What policies or guidelines, if any, exist to help determine when evidence has been “obtained or derived from” FISA collection such that FISA’s notification requirement is triggered? Why have such policies or guidelines not been made public? (We ask that relevant officials from the Department of Justice be present at the meeting, as well as relevant officials from other agencies, such as the Treasury Department, that rely on Section 702-derived evidence in legal proceedings.)
The above questions provide a sense of the level of specificity and substance at which we hope to engage. We look forward to a productive discussion.
Advocacy for Principled Action in Government
American-Arab Anti-Discrimination Committee
American Civil Liberties Union
American Library Association
Bill of Rights Defense Committee
Brennan Center for Justice
Center for Democracy & Technology
The Constitution Project
Defending Dissent Foundation
Electronic Frontier Foundation
Electronic Privacy Information Center (EPIC)
Fight for the Future
Government Accountability Project
National Association of Criminal Defense Lawyers
National Security Counselors
New America’s Open Technology Institute
PEN American Center
Project On Government Oversight
Restore the Fourth
The Sunlight Foundation
World Privacy Forum