OCR of the Document

View the Document >>

Elizabeth Goitein, Brennan Center for Justice, New York University School of Law, "Statement before House Committee on the Judiciary, Hearing on Section 702 of the FISA Amendments Act," March 1, 2017. Unclassified.

STATEMENT OF ELIZABETH GOITEIN CO-DIRECTOR LIBERTY AND NATIONAL SECURITY PROGRAM BRENNAN CENTER FOR JUSTICE AT NEW YORK UNIVERSITY SCHOOL OF LAW BEFORE THE UNITED STATES HOUSE OF REPRESENTATIVES COMMITTEE ON THE JUDICIARY HEARING ON SECTION 702 OF THE FISA AMENDMENTS ACT MARCH 1 2017 Introduction Chairman Goodlatte Ranking Member Conyers and members of the committee thank you for this opportunity to testify on behalf of the Brennan Center for Justice at New York University School of Law 1 The Brennan Center is a nonpartisan law and policy institute that seeks to improve our systems of democracy and justice I co-direct the Center's Liberty and National Security Program which works to advance effective counterterrorism policies that respect constitutional values and the rule of law Congress's goal when it passed the FISA Amendments Act in 2008 thus creating Section 702 of FISA was to give our government more powerful tools to address terrorist threats In keeping with this goal the authorities conferred by Section 702 have been used to monitor suspected terrorists overseas in order to trace their networks and interrupt their plots This use of the law is widely recognized as appropriate and has caused little controversy In writing the law however Congress did not expressly limit Section 702 surveillance to such activities Instead Congress gave significant discretion to the executive branch and the FISA Court trusting them to ensure that the law was implemented in a manner consistent with its objective For instance Congress allowed the government to target any foreigner overseas counting on intelligence agencies to focus their efforts on those who pose a threat to our interests Congress also did not specify what minimization should look like leaving that to the agencies and the judges of the Foreign Intelligence Surveillance Court It would be wrong to suggest that this trust has somehow been betrayed There has been very little evidence of intentional abuse or misuse The executive branch however has taken full advantage of the leeway provided in the statute Instead of simply acquiring the communications of suspected terrorists or foreign powers overseas the government is scanning the content of nearly all of the international communications that flow into and out of the United States via the Internet backbone and is acquiring hundreds of millions of these communications each year Based on the manner in which the data is collected this surveillance inevitably pulls in massive amounts of Americans' calls and e-mails We have also seen mission creep A statute designed to protect against foreign threats to national interests has become a major source of warrantless access to Americans' data and a tool for ordinary domestic law enforcement This outcome is contrary not only to the original intent of the Foreign Intelligence Surveillance Act but to Americans' expectations and their trust that Congress will protect their privacy and freedoms It is now up to Congress to enact reforms that will provide such protection 1 This testimony is submitted on behalf of a Center affiliated with New York University School of Law but does not purport to represent the school's institutional views on this topic More information about the Brennan Center's work can be found at http www brennancenter org I Background How Changes in Technology and the Law Led to a Massive Expansion in Government Surveillance Technological advances have revolutionized communications People are communicating at a scale unimaginable just a few years ago International phone calls once difficult and expensive are now as simple as flipping a light switch and the Internet provides countless additional means of international communication Globalization makes such exchanges as necessary as they are easy As a result of these changes the amount of information about Americans that the NSA intercepts even when targeting foreigners overseas has exploded 2 But instead of increasing safeguards for Americans' privacy as technology advances the law has evolved in the opposite direction since 9 11 In its zeal to bolster the government's powers to conduct surveillance of foreign threats Congress has amended surveillance laws in ways that increasingly leave Americans' information outside their protective shield the USA FREEDOM Act being the notable exception Section 702 is a particularly striking example Before 2007 if the NSA operating domestically sought to collect a foreign target's communications with an American inside the U S it had to show probable cause to the Foreign Intelligence Surveillance Court FISA Court that the target was a foreign power - such as a foreign government or terrorist group - or its agent The Protect America Act of 2007 and the FISA Amendments Act of 2008 which created Section 702 of FISA eliminated the requirement of an individualized court order Domestic surveillance of communications between foreign targets and Americans now takes place through massive collection programs that involve no case-by-case judicial review 3 In addition the pool of permissible targets is no longer limited to foreign powers or their agents Under Section 702 the government may target for foreign intelligence purposes any person or group reasonably believed to be foreign and located overseas 4 The person or group need not pose any threat to the United States have any information about such threats or be suspected of any wrongdoing This change not only renders innocent private citizens of other nations vulnerable to NSA surveillance it also greatly increases the number of communications involving Americans that are subject to acquisition - as well as the likelihood that those Americans are ordinary law-abiding individuals Further expanding the available universe of communications the government and the FISA Court have interpreted Section 702 to allow the collection of any communications to from or about the target 5 The inclusion of about in this formulation is a dangerous leap that finds no basis in the statutory text and little support in the legislative history In practice it has been 2 See ELIZABETH GOITEIN FAIZA PATEL BRENNAN CTR FOR JUSTICE WHAT WENT WRONG WITH THE FISA COURT 19-21 2015 https www brennancenter org sites default files analysis What_Went_%20Wrong_With_ The_FISA_Court pdf 3 See 50 U S C 1881a 4 50 U S C 1881a b 5 PRIVACY AND CIVIL LIBERTIES OVERSIGHT BD REPORT ON THE SURVEILLANCE PROGRAM OPERATED PURSUANT TO SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE ACT 37 2014 hereinafter PCLOB 702 REPORT available at https s3 amazonaws com s3 documentcloud org documents 1211947 pclob-section-702-report-prerelease pdf 2 applied to collect communications between non-targets that include the selectors associated with the target e g the target's e-mail address or phone number In theory it could be applied even more broadly to collect any communications that even mention ISIS or a wide array of foreign leaders and public figures who are common topics of conversation Although the NSA is prohibited from intentionally acquiring purely domestic communications such acquisition is an inevitable result of about collection Other than the foreignness and location criteria and certain requirements designed to reinforce them the only limitation on collection imposed by the statute is that the government must certify that acquiring foreign intelligence is a significant purpose of the collection 6 FISA's definition of foreign intelligence however is not limited to information about potential threats to the U S or its interests Instead it includes information that relates to the national defense or the security of the United States or the conduct of the foreign affairs of the United States 7 This could encompass everyday conversations about current events A conversation between friends or colleagues about the merits of the North American Free Trade Agreement or whether the United States should build a wall along the border with Mexico for instance relates to the conduct of foreign affairs Moreover while a significant purpose of the program must be the acquisition of foreign intelligence the primary purpose may be something else altogether 8 Finally the statute requires the FISA Court to accept the government's certifications under Section 702 as long as they contain the required elements 9 These factors greatly weaken the force of the foreign intelligence purpose limitation The government uses Section 702 to engage in two types of surveillance The first is upstream collection whereby the content of communications flowing into and out of the United States on the Internet backbone is scanned for selectors associated with designated foreigners As noted above the acquired communications include not only communications to or from the designated foreigners but communications about them Although the data are first filtered in an attempt to weed out purely domestic communications the process is imperfect and domestic communications are inevitably acquired 10 The second type of Section 702 surveillance is PRISM collection under which the government provides selectors such as e-mail addresses to U S -based electronic communications service providers who must turn over any communications to or from the selector 11 Using both approaches the government collected more than 250 million Internet transactions a year as of 2011 12 Due to these changes wrought by Section 702 it can no longer be said that FISA is targeted at foreign threats To describe surveillance that acquires 250 million Internet communications a year as targeted is to elevate form over substance And on its face the statute does not require that the targets of surveillance pose any threat or that the purpose of the program be the collection of threat information 6 50 U S C 1881a g 2 A v 50 U S C 1801 e 2 8 In re Sealed Case 310 F 3d 717 734 FISA Ct Rev 2002 9 50 U S C 1881a i 3 A 10 PCLOB 702 REPORT supra note 5 at 36-41 11 Id at 33-34 12 Redacted 2011 WL 10945618 at 9 FISA Ct Oct 3 2011 7 3 Congress no doubt trusted that the executive branch would exercise these broad powers judiciously and would not conduct surveillance of innocent private citizens abroad simply because the statute on its face allows it And it is certainly possible that the government has chosen to focus its surveillance more narrowly than Section 702 requires The certifications that the government provides to the FISA Court - which include the foreign intelligence categories at which surveillance is aimed and could therefore shed some light on this question - have not been publicly disclosed by the government Even assuming that actual practices stop short of what the law allows however the available statistics suggest a scope of surveillance that is difficult to reconcile with claims of narrow targeting A leaked copy of one of the certifications listing the foreign nations and factions about which foreign intelligence may be sought lends support to the conclusion that surveillance is in practice quite broad it includes most of the countries in the world ranging from U S allies to small countries that play little role on the world stage More important Americans' privacy should never depend on any given administration's voluntary self-restraint or on the hope that the FISA Court will impose additional requirements beyond those laid out in the statute Section 702 establishes the boundaries of permissible surveillance and it clearly allows collection of communications between Americans and foreigners who pose no threat to the U S or its interests That creates an enormous opening for unjustified surveillance II Constitutional Concerns The warrantless acquisition of millions of Americans' communications presents deep Fourth Amendment concerns The communications obtained under Section 702 like any e-mails or phone calls include not only mundane conversations but the most private and personal confidences as well as confidential business information and other kinds of privileged exchanges Since the Supreme Court decided Katz v United States in 1967 the government has been required to obtain a warrant to wiretap Americans' communications 13 Moreover in a subsequent case the Court made clear that this requirement applied in domestic national security cases as well as criminal cases 14 A Incidental Collection The government nonetheless justifies the warrantless collection of international communications under Section 702 on the ground that the targets themselves are foreigners overseas and the Supreme Court has held in a different context that the government does not need a warrant to search the property of a non-U S person abroad 15 Although the communications obtained under Section 702 sometimes involve both foreigners and Americans 13 389 U S 347 1967 United States v U S Dist Court for the E Dist Of Mich Keith 407 U S 297 1972 15 See United States v Verdugo-Urquidez 494 U S 259 1990 14 4 the FISA Court along with federal courts in two circuits 16 have held that the authority to conduct warrantless surveillance of the foreign target entails the authority to incidentally collect the communications of those in contact with the target Outside of Section 702 however the case law does not support the existence of a right to warrantless incidental collection The courts reviewing Section 702 have relied on a line of cases dating back to the 1970s sometimes called the incidental overhear cases in which defendants challenged Title III wiretap orders on the ground that they did not name everyone whose communications might be recorded The courts held that a warrant meets the Fourth Amendment's particularity requirement as long it specifies the phone line to be tapped and the conversations to be acquired and if the government takes reasonable steps to avoid recording innocent conversations 17 It is hard to see how these rulings on the criteria for a valid warrant could justify warrantless collection of Americans' communications 18 If on the other hand the courts reviewing Section 702 have correctly interpreted the rule emerging from the incidental overhear cases then applying that rule in the Section 702 context would be a classic case of the law failing to keep up with technology A blanket rule that no warrant is needed for Americans who are in contact with a lawfully surveilled target might have made sense in the 1970s when there was almost certainly a warrant for the target himself given the infrequency of international communication and when government agents monitored the wiretap in real time so that they could turn off the recording equipment if innocent conversations were taking place That rule does not sufficiently protect Americans' reasonable expectation of privacy in an era where millions of Americans communicate with foreigners overseas on a routine basis those communications can easily be intercepted in massive amounts without any warrant and there is no mechanism for turning off the collection of innocent communications Equating the incidental surveillance that takes place in these materially different contexts is like equating a ride on horseback with a flight to the moon 19 B The Foreign Intelligence Exception Alternatively the FISA Court and more recently a district court following its lead 20 has relied on the foreign intelligence exception to the Fourth Amendment's warrant requirement The Supreme Court has never recognized this exception and there is significant controversy over its scope The FISA Court has construed the exception extremely broadly 16 See United States v Mohamud 843 F 3d 420 9th Cir 2016 United States v Hasbajrami No 11-CR-623 JG 2016 WL 1029500 E D N Y Mar 8 2016 In re Directives Pursuant to Section 105B of Foreign Intelligence Surveillance Act 551 F 3d 1004 1015 FISA Ct Rev 2008 17 See e g United States v Donovan 429 U S 413 1977 United States v Kahn 415 U S 143 1974 United States v Figueroa 757 F 2d 466 2d Cir 1985 18 See Elizabeth Goitein The Ninth Circuit's Constitutional Detour in Mohamud JUST SEC Dec 8 2016 https www justsecurity org 35411 ninth-circuits-constitutional-detour-mohamud The rulings are particularly inapt because Section 702 minimization procedures present little or no barrier to collection and the back-end protections on retention and use are significantly weaker than those that apply in the Title III context See Brief for Appellant at Argument I In re Sealed Case 310 F 3d 717 FISA Ct Rev 2002 No 02-001 noting that FISA's minimization standards are more generous than those in Title III 19 Riley v California 134 S Ct 2473 2488 2014 20 United States v Mohamud No 3 10-cr-00475 2014 WL 2866749 D Or June 24 2014 aff'd on other grounds 843 F 3d 420 9th Cir 2016 5 stating that it applies even if the target is an American and even if the primary purpose of collection has no relation to foreign intelligence 21 In the era before FISA however several federal courts of appeal had the opportunity to review foreign intelligence surveillance and they articulated a much narrower version of the exception 22 They held that it applies only if the target is a foreign power or agent thereof and only if the acquisition of foreign intelligence is the primary purpose of the surveillance They also emphasized the importance of close judicial scrutiny albeit after-the-fact in cases where the target challenges the surveillance While these cases addressed surveillance activities that differed in many respects from Section 702 it is clear that Section 702 surveillance would not pass constitutional muster under the standards they articulated A detailed analysis of the case law is beyond the scope of this testimony but the Brennan Center's report What Went Wrong With the FISA Court engages in such an analysis and explains why the foreign intelligence exception does not justify Section 702 surveillance in its current form 23 C The Reasonableness Test Even if a foreign intelligence exception applied the surveillance would still have to be reasonable under the Fourth Amendment The reasonableness inquiry entails weighing the government's interests against the intrusion on privacy 24 In undertaking this analysis courts generally accept that the government's interest in protecting national security is of the highest order - as it certainly is But to determine the reasonableness of a surveillance scheme one must also ask whether it goes further than necessary to accomplish the desired end For instance how does it further national security to allow the targeting of foreigners who have no known or suspected affiliation with foreign governments factions or terrorist groups How does it further national security to permit the FBI to search for Americans' communications to use in prosecutions having nothing to do with national security 25 Moreover in assessing the impact on privacy rights the FISA Court has focused on the protections offered to Americans by minimization procedures 26 As discussed below however these protections fall short in a number of significant respects On their face they allow Americans' communications to be retained disseminated and used in a wide range of circumstances 21 See e g In re Directives 551 F 3d 1004 In re DNI AG Certification REDACTED No 702 i -08-01 FISA Ct Sept 4 2008 22 See e g United States v Truong Dinh Hung 629 F 2d 908 913 4th Cir 1980 United States v Brown 484 F 2d 418 426 5th Cir 1973 United States v Butenko 494 F 2d 593 604-05 3rd Cir 1974 en banc United States v Buck 548 F 2d 871 875 9th Cir 1977 23 GOITEIN PATEL supra note 2 at 11-12 35-43 24 Maryland v King 133 S Ct 1958 1970 2013 25 See infra Part V 26 In re Directives 551 F 3d at 1015 6 III Risks and Harms of Mass Data Collection Constitutional concerns aside the mass collection and storage of communications that include sensitive information about Americans carries with it significant risks and harms which must be considered in evaluating what the appropriate scope of surveillance should be A Risk of Abuse or Mishandling of Data The substantive legal restrictions on collecting information about Americans are looser than they have been since before 1978 At the same time the amount of data available to the government and the capacity to store and analyze that data are orders of magnitude greater than they were during the period of J Edgar Hoover's worst excesses History teaches us that this combination is an extraordinarily dangerous one To date there is only limited evidence of intentional abuse of Section 702 authorities 27 There have however been multiple significant instances of non-compliance by the NSA with FISA Court orders Notably these include cases in which the NSA did not detect the noncompliance for years and the agency's overseers had no way to uncover the incidents in the meantime Given that these incidents went unreported for years even when the agency was not trying to conceal them it is not clear how overseers would learn about intentional abuses that agency officials were making every effort to hide In other words regardless of whether intentional abuse is happening today the potential for abuse to take place - and to go undiscovered for long periods of time - is clearly present Inadvertent failures to adhere to privacy protections are a concern in their own right On multiple occasions in the past decade the FISA Court has had occasion to rebuke the NSA for repeated significant and sometimes systemic failures to comply with court orders These failures took place under multiple foreign intelligence collection authorities including Section 702 and at all points of the programs collection dissemination and retention It is instructive to review some of the Court's comments in these cases The following statements are excerpted from four opinions o In summary since January 15 2009 it has finally come to light that the FISC's authorizations of this vast Section 215 telephony metadata collection program have been premised on a flawed depiction of how the NSA uses the metadata This misperception by the FISC existed from the inception its authorized collection in May 2006 buttressed by repeated inaccurate statements made in the government's submissions and despite a government-devised and Court-mandated oversight regime The minimization procedures proposed by the government in each successive application and approved and adopted as binding by the orders of the FISC have been so frequently 27 See e g Letter from Dr George Ellard Inspector Gen Nat'l Sec Agency to Sen Charles E Grassley Sept 11 2013 available at http www privacylives com wp-content uploads 2013 09 09262013-NSA-Surveillance-09-1113-response-from-IG-to-intentional-misuse-of-NSA-authority pdf detailing 12 instances of intentional abuse of NSA bulk surveillance data most involving employees searching for information on their romantic partners 7 o o o o o o o o o o o o and systemically violated that it can fairly be said that this critical element of the overall bulk collection regime has never functioned effectively 28 The government has compounded its non-compliance with the Court's orders by repeatedly submitting inaccurate descriptions to the FISC 29 T he NSA continues to uncover examples of systematic noncompliance 30 Under these circumstances no one inside or outside of the NSA can represent with adequate certainty whether the NSA is complying with those procedures 31 U ntil this end-to-end review is completed the Court sees little reason to believe that the most recent discovery of a systemic ongoing violation will be the last 32 The Court is troubled that the government's revelations regarding NSA's acquisition of Internet transactions mark the third instance in less than three years in which the government has disclosed a substantial misrepresentation regarding the scope of a major collection program 33 The current application for pen register trap and trace data raises issues that are closely related to serious compliance problems that have characterized the government's implementation of prior FISA orders 34 As far as can be ascertained the requirement was simply ignored 35 Notwithstanding this and many similar prior representations there in fact had been systematic overcollection since redacted This overcollection had occurred continuously since the initial authorization 36 The government has provided no comprehensive explanation of how so substantial an overcollection occurred 37 G iven the duration of this problem the oversight measures ostensibly taken since redacted to detect overcollection and the extraordinary fact that the NSA's end-to-end review overlooked unauthorized acquisitions that were documented in virtually every record of what was acquired it must be added that those responsible for conducting oversight at NSA failed to do so effectively 38 The history of material misstatements in prior applications and non-compliance with prior orders gives the Court pause before approving such an expanded collection The government's poor track record with bulk PR TT acquisition presents threshold concerns about whether implementation will conform with or exceed what the government represents and the Court may approve 39 As noted above NSA's record of compliance with these rules has been poor Most notably NSA generally disregarded the special rules for disseminating United States 28 In re Production of Tangible Things from Redacted No BR 08-13 at 10-11 FISA Ct Mar 2 2009 Id at 6 30 Id at 10 31 Id at 15 32 Id at 16 33 Redacted 2011 WL 10945618 at 5 n 14 FISA Ct Oct 3 2011 34 Redacted Docket No PR TT Redacted at 4 FISA Ct Redacted available at https www dni gov files documents 1118 CLEANEDPRTT%202 pdf 35 Id at 19 36 Id at 20 37 Id at 21 38 Id at 22 39 Id at 77 29 8 o o o o person information outside of NSA until it was ordered to report such disseminations and certify to the FISC that the required approval had been obtained The government has provided no meaningful explanation why these violations occurred but it seems likely that widespread ignorance of the rules was a contributing factor 40 Given NSA's longstanding and pervasive violations of the prior orders in this matter the Court believes that it would be acting well within its discretion in precluding the government from accessing or using such information 41 The cases in which the FBI had not established the required review teams seemed to represent a potentially significant rate of non-compliance 42 The Court was extremely concerned about these additional instances of noncompliance 43 Perhaps more disturbing and disappointing than the NSA's failure to purge this information for more than four years was the government's failure to convey to the Court explicitly during that time that the NSA was continuing to retain this information 44 It is unclear whether these failures occurred because the NSA was not putting sufficient effort into compliance because the NSA lacked the technical capability to ensure consistent compliance or for some other reason Whatever the explanation the fact that the agency's many failures to honor privacy protections were inadvertent is of limited comfort when the NSA is asking Congress and the American public to entrust it with extensive amounts of private data Moreover the fact that little evidence of intentional abuse has emerged to date is not a cause for complacency Government insiders have made reference to a culture of compliance and professionalism that emerged in the decades following the Church Committee's investigation 45 But organizational cultures change and are highly influenced by leadership There is simply no guarantee that the degree of institutional self-restraint exercised in the past will continue indefinitely In this vein it is significant that some intelligence experts who until recently defended the wide discretion permitted by Section 702 have seemingly revisited their conclusions in light of today's tumultuous and uncertain political landscape Matthew Olsen who served as NSA General Counsel and the Director of the National Counterterrorism Center was a strong supporter of the FISA Amendments Act when it was being debated in 2008 and has often testified on its behalf 46 At a recent public conference however he stated I fought hard for 40 Id at 95 Id at 115 42 Redacted at 48-49 FISA Ct Nov 6 2015 available at www dni gov%2Ffiles%2Fdocuments%2F20151106702Mem_Opinion_Order_for_Public_Release pdf t MDM3MGZmYjY1ZWQ5YjUyMTQ5ZjQ1ZTA0ZDExNjY 2NWU0ZTE1ZWJlNSxaRjRxYlRaQg%3D%3D 43 Id at 50 44 Id at 58 45 See Peter P Swire The System of Foreign Intelligence Surveillance Law 72 GEO WASH L REV 1306 1326 n 135 2004 46 See e g Oversight and Reauthorization of the FISA Amendments Act The Balance between National Security Privacy and Civil Liberties Hearing Before the S Comm on the Judiciary 114th Cong 2016 statement of Matthew G Olsen Former Director National Counterterrorism Center hereinafter Olsen Statement 41 9 increasing information sharing and for the modernization of FISA As I fought for these changes I did not bargain on the current political environment That was beyond my ability to imagine T his is a time of soul-searching for me 47 B Chilling Effect When Americans are aware that intelligence agencies are collecting large amounts of their data and not just the data of suspected criminals and terrorists it creates a measurable chilling effect on free expression and communication After Edward Snowden's revelations in June 2013 an analysis of Google Trends data showed a significant five percent drop in U S based searches for government-sensitive terms e g dirty bomb or CIA A control list of popular search terms or other types of sensitive terms such as abortion did not show the same change 48 In 2013 PEN America surveyed 528 American writers to learn how the disclosures affected their behavior Twenty-eight percent reported curtailing social media activities 24 percent avoided certain topics by phone or email 16 percent chose not to write or speak on a certain topic and 16 percent avoided Internet searches or website visits on controversial or suspicious topics 49 These kinds of self-censorship are inimical to the robust exchange of ideas necessary for a healthy democracy The impact of overbroad surveillance has been particularly acute in Muslim American communities According to one study after the Associated Press reported on the New York City Police Department's surveillance activities Muslims reported a decline in mosque attendance and Muslim Student Association participation as well as a marked reticence to speak about political matters in public places or to welcome newcomers into the community 50 Fear of surveillance and the possibility that religious or political discussions could be misconstrued or misunderstood has measurably impeded these communities' ability to freely practice their faith or even to participate fully in civic life C Risk of Data Theft Any massive government database containing sensitive information about Americans also raises concerns about data theft The disastrous 2015 attack on the Office of Personnel Management's database in which personal data concerning more than 21 million current and former federal employees was stolen ostensibly by the Chinese government illustrated how vulnerable government databases are 51 A few months later hackers published contact 47 Intelligence Under a Trump Administration Panel Discussion at 2016 Cato Surveillance Conference CATO INSTITUTE at 47 20 Dec 14 2016 https www cato org multimedia events 2016-cato-surveillance-conferencepanel-intelligence-under-trump-administration 48 Alex Marthews Catherine Tucker Government Surveillance and Internet Search Behavior Apr 29 2015 available at http dx doi org 10 2139 ssrn 2412564 49 Lee Rainie Mary Madden Americans' Privacy Strategies Post-Snowden PEW RESEARCH CTR Mar 16 2015 http www pewinternet org 2015 03 16 americans-privacy-strategies-post-snowden 50 See generally MUSLIM AMERICAN CIVIL LIBERTIES COALITION MACLC ET AL MAPPING MUSLIMS NYPD SPYING AND ITS IMPACT ON AMERICAN MUSLIMS 2013 available at http www law cuny edu academics clinics immigration clear Mapping-Muslims pdf 51 Kaveh Waddell Dustin Volz OPM Announces More Than 21 Million Victims Affected by Second Data Breach ATLANTIC July 9 2015 http www theatlantic com politics archive 2015 07 opm-announces-more-than-21million-affected-by-second-data-breach 458475 10 information for 20 000 FBI employees and 10 000 Department of Homeland Security employees that they may have obtained by hacking into a Department of Justice database 52 The broad scope of Section 702 data and the possibility that it could include a wealth of valuable foreign intelligence information makes it an attractive target for hacking Its inclusion of large amounts of information about presumptively innocent Americans significantly increases the harm that would be caused by such an event D Economic Consequences Another important concern is the negative impact of Section 702 collection on the U S technology industry After Snowden's disclosures revealed the extent of NSA collection American technology companies reported declining sales overseas and lost business opportunities In a survey of 300 British and Canadian businesses 25 percent of respondents indicated they were moving their data outside of the U S 53 An August 2013 study by the Information Technology and Innovation Foundation estimated that the revelations could cost the American cloud computing industry $22 to $35 billion over the coming years representing a 1020% loss of the foreign market share to European or Asian competitors 54 Another analyst found this estimate to be low and predicted a loss to U S companies as high as $180 billion 55 The economic news went from bad to worse in late 2015 when the Court of Justice of the European Union CJEU invalidated the Safe Harbor agreement - a 2000 decision of the European Commission allowing the transfer of personal data from the European Union EU to the United States based on the premise that the U S met certain EU-law requirements about the handling of that information The court held that EU law requires U S companies to give the data a level of protection that is essentially equivalent to the protections under EU law including the Charter of Fundamental Rights of the EU - akin to an EU bill of rights Under this standard the court found that the European Commission had failed to ensure that EU citizens' data was sufficiently protected within the U S While the court did not make express findings about Section 702 the law unquestionably loomed large in the court's analysis as the authority it confers is inconsistent with many of the essential rights and principles the court described For instance upstream surveillance is clearly implicated by the CJEU's conclusion that generalized access to the content of electronic communications compromises the essence of the right to privacy 56 52 Mary Kay Mallonnee Hackers Publish Contact Info of 20 000 FBI Employees CNN Feb 8 2016 http www cnn com 2016 02 08 politics hackers-fbi-employee-info 53 DANIELLE KEHL ET AL OPEN TECHNOLOGY INSTITUTE SURVEILLANCE COSTS THE NSA'S IMPACT ON THE ECONOMY INTERNET FREEDOM CYBERSECURITY 8 2014 https static newamerica org attachments 534surveillance-costs-the-nsas-impact-on-the-economy-internet-freedom-cybersecurity Surveilance_Costs_Final pdf 54 DANIEL CASTRO INFORMATION TECHNOLOGY AND INNOVATION FOUNDATION HOW MUCH WILL PRISM COST THE US CLOUD COMPUTING INDUSTRY Aug 5 2013 http www itif org publications how-much-will-prismcost-us-cloud-computing-industry 55 James Staten The Cost of PRISM Will Be Larger Than ITIF Projects FORRESTER Aug 14 2013 http blogs forrester com james_staten 13-08-14-the_cost_of_prism_will_be_larger_than_itif_projects 56 See Case C-362 14 Schrems v Data Protection Commissioner ECLI EU C 2015 650 Oct 6 2015 available at http curia europa eu juris document document jsf text docid 169195 doclang en see also Sarah St Vincent Making Privacy a Reality The Safe Harbor Judgment and Its Consequences for US Surveillance CENTER FOR DEMOCRACY TECHNOLOGY Oct 26 2015 https cdt org blog making-privacy-a-reality-the-safe-harbor- 11 Although the U S and the European Commission have devised a new arrangement known as the Privacy Shield legal challenges to that agreement are underway 57 - and recent developments have given a boost to these challenges In particular some of the protections U S officials had cited to assuage concerns about the breadth of Section 702 and other U S surveillance programs have been or may soon be eroded The Privacy and Civil Liberties Oversight Board has lost its chairman and three other members and is effectively dormant A recent executive order issued by President Trump removes Privacy Act protections for foreigners The current CIA director previously proposed revoking a directive issued by President Obama that extended some protections to foreigners' data obtained under foreign intelligence programs 58 In the absence of reforms to Section 702 and other surveillance authorities it appears likely that the Privacy Shield will ultimately be invalidated by the CJEU or potentially even by the European Commission itself which can suspend the arrangement unilaterally Experts believe this would deal a massive economic blow to U S companies and could undermine the very structure of the Internet which requires free data flow across borders In the meantime the legal limbo in which U S companies find themselves constrains their ability to pursue business opportunities in Europe E Potential National Security Harms Last but clearly not least there is a risk to national security in acquiring too much data While computers can glean relationships and flag anomalies they cannot replace human analysis and human beings have limited capacity When they are presented with an excess of data real threats can get lost in the noise This is not merely a theoretical concern After the intelligence community failed to intercept the so-called underwear bomber the suicide bomber who nearly brought down a plane headed to Detroit on Christmas Day 2009 an official White House review observed that a significant amount of critical information was available to the intelligence agencies but was embedded in a large volume of other data 59 Similarly the independent investigation of the FBI's role in the shootings by U S Army Major Nidal Hasan at Fort Hood concluded that the crushing volume of information was one of the factors that hampered accurate analysis prior to the attack 60 judgment-and-its-consequences-for-us-surveillance-reform describing the relationship between the CJEU's holding and Section 702 surveillance 57 See Reuters French Privacy Groups Challenge the EU's Personal Data Pact with U S FORTUNE Nov 2 2016 http fortune com 2016 11 02 privacy-shield-pact-challenge 58 See Letter from Fanny Hidvegi European Policy Manager Amie Stepanovich U S Policy Manager Access Now for Vera Jourova Commissioner European Commission Claude Moraes Member European Parliament re Impact of new U S policies and regulatory frameworks on the privacy rights of users in Europe Feb 8 2017 available at https www accessnow org cms assets uploads 2017 02 Letter-to-Jourova pdf 59 THE WHITE HOUSE SUMMARY OF THE WHITE HOUSE REVIEW OF THE DECEMBER 25 2009 ATTEMPTED TERRORIST ATTACK 3 available at http www whitehouse gov sites default files summary_of_wh_review_12-25-09 pdf 60 Lessons from Fort Hood Improving Our Ability to Connect the Dots Hearing Before the Subcomm on Oversight Investigations and Mgmt of the H Comm on Homeland Security 112th Cong 2 2012 statement of Douglas E Winter Deputy Chair William H Webster Commission on the Fed Bureau of Investigation Counterterrorism Intelligence and the Events at Fort Hood Texas on November 5 2009 12 Whatever threat information may exist amidst the 250 million Internet communications acquired yearly under Section 702 there is surely a large amount of chaff Because this may make it more difficult to find the threats it is important for lawmakers to examine whether the current scope of Section 702 collection may be too broad from a security standpoint as well as a privacy one IV Minimization and Its Loopholes Legal and policy defenses of Section 702 surveillance rely heavily on the existence of minimization procedures to mitigate the effects of incidental collection The concept behind minimization is fairly simple The interception of Americans' communications when targeting foreigners is inevitable but because such interception ordinarily would require a warrant or individual FISA order incidentally collected U S person information generally should not be kept shared or used subject to narrow exceptions The statutory language however is much more complex It requires the government to adopt minimization procedures which it defines as procedures that are reasonably designed to minimize the acquisition and retention and prohibit the dissemination of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain produce and disseminate foreign intelligence information 61 The statute also prohibits disseminating non-foreign intelligence information in a way that identifies U S persons unless their identity is necessary to understand foreign intelligence information or assess its importance The one caveat is that the procedures must allow for the retention and dissemination of information that is evidence of a crime which has been is being or is about to be committed and that is to be retained or disseminated for law enforcement purposes 62 The lack of specificity in this definition and the tension between its general rule and its caveat has allowed the government to craft rules that are permissive and contain multiple exceptions To begin with the NSA may share raw data with the FBI and CIA 63 All three agencies generally may keep unreviewed raw data - including data about U S persons - for five years after the certification expires 64 they also can seek extensions from a high-level official 65 61 50 U S C 1801 h 1 50 U S C 1801 h 3 63 LORETTA LYNCH U S DEP'T OF JUSTICE MINIMIZATION PROCEDURES USED BY THE NATIONAL SECURITY AGENCY IN CONNECTION WITH ACQUISITIONS OF FOREIGN INTELLIGENCE INFORMATION PURSUANT TO SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE ACT OF 1978 AS AMENDED 6 c 2015 hereinafter NSA 702 MINIMIZATION PROCEDURES available at https www dni gov files documents 2015NSAMinimizationProcedures_Redacted pdf 64 Id at 3 c 1 2015 although the retention period for communications obtained through upstream collection is two years as specified in section 3 c 2 LORETTA LYNCH U S DEP'T OF JUSTICE MINIMIZATION PROCEDURES USED BY THE FEDERAL BUREAU OF INVESTIGATION IN CONNECTION WITH ACQUISITIONS OF FOREIGN INTELLIGENCE INFORMATION PURSUANT TO SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE ACT OF 1978 AS AMENDED III G 1 a 2015 hereinafter FBI 702 MINIMIZATION PROCEDURES available at https www dni gov files documents 2015FBIMinimization_Procedures pdf LORETTA LYNCH U S DEP'T OF JUSTICE MINIMIZATION PROCEDURES USED BY THE CENTRAL INTELLIGENCE AGENCY IN CONNECTION WITH ACQUISITIONS OF FOREIGN INTELLIGENCE INFORMATION PURSUANT TO SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE ACT OF 1978 AS AMENDED 2 2015 hereinafter CIA 702 MINIMIZATION PROCEDURES available at https www dni gov files documents 2015CIAMinimizationProcedures_Redacted pdf 62 13 and the 5-year limit does not apply to encrypted communications which are becoming increasingly common among ordinary users of mobile devices or communications reasonably believed to contain secret meaning 66 The agencies may keep indefinitely any U S person information that has foreign intelligence value or is evidence of a crime 67 If the NSA discovers U S person data that has no foreign intelligence value and contains no evidence of a crime the agency is supposed to purge the data 68 The NSA however interprets this requirement to apply only if the NSA analyst determines not only that a communication is not currently of foreign intelligence value to him or her but also would not be of foreign intelligence value to any other present or future foreign intelligence need 69 This is an impossibly high bar and so in practice this requirement rarely results in actual purging of data 70 The FBI and the CIA have no affirmative requirement to purge irrelevant U S person data on detection relying instead on age-off requirements Moreover if the FBI reviews information containing U S person information and makes no determination regarding whether it is foreign intelligence information or evidence of a crime the 5-year limit evaporates and the FBI may keep the data for a longer period of time that remains classified 71 If any of the three agencies - all of which have access to raw data - disseminate information to other agencies they must first obscure the identity of the U S person but once again there are several exceptions to this rule For instance the agencies need not obscure the U S person's identity if it is necessary to understand or assess foreign intelligence or if the communication contains evidence of a crime 72 In short the NSA routinely shares raw Section 702 data with the FBI and CIA and the agencies' minimization procedures suggest that U S person information is almost always kept for at least five years and in many circumstances much longer The sharing and retention of U S person information are not unrestricted but it is a stretch to say that they are minimized under any common sense understanding of the term 65 PCLOB 702 REPORT supra note 5 at 60 NSA 702 MINIMIZATION PROCEDURES supra note 63 at 6 a 1 a CIA 702 MINIMIZATION PROCEDURES supra note 64 at 3 c 67 NSA 702 MINIMIZATION PROCEDURES supra note 63 at 6 a FBI 702 MINIMIZATION PROCEDURES supra note 64 at III G CIA 702 MINIMIZATION PROCEDURES supra note 64 at 3 a 7 d 68 NSA 702 MINIMIZATION PROCEDURES supra note 63 at 3 b 1 3 c 69 PCLOB 702 REPORT supra note 5 at 62 70 Id 71 FBI 702 MINIMIZATION PROCEDURES supra note 64 at III G 1 b 72 Id at V A-B NSA 702 MINIMIZATION PROCEDURES supra note 63 at 6 b CIA 702 MINIMIZATION PROCEDURES supra note 64 at 5 7 d 66 14 V Back Door Searches Perhaps the most problematic aspect of the minimization procedures is that they allow all three agencies to query Section 702 data using U S person identifiers with the express goal of retrieving and analyzing Americans' communications 73 If the government wishes to obtain an American's communications for foreign intelligence purposes it must secure an individual court order from the FISA Court after demonstrating that the target is an agent of a foreign power If the government wishes to obtain an American's communications for law enforcement purposes it must get a warrant from a neutral magistrate To ensure that Section 702 is not used to avoid these requirements the statute contains a prohibition on reverse targeting - i e targeting a foreigner overseas when the government's intent is to target a particular known person reasonably believed to be in the United States Before conducting Section 702 surveillance the government must certify that it does not intend to target particular known Americans And yet immediately upon obtaining the data all three agencies may sort through it looking for the communications of particular known Americans - the very people in whom the government just disclaimed any interest Worse even though the FBI would be required to obtain a warrant in order to access Americans' communications absent a significant foreign intelligence purpose the FBI may search the Section 702 data for Americans' communications to use in criminal proceedings having no foreign intelligence dimensions whatsoever 74 This is a bait and switch that is utterly inconsistent with the spirit if not the letter of the prohibition on reverse targeting It also creates a massive end run around the Fourth Amendment's warrant requirement Some have defended these back door searches claiming that as long as information is lawfully acquired agencies may use the information for any legitimate government purpose This argument ignores Congress's command to agencies to minimize information about U S persons The very meaning of minimization is that agencies may not use the information for any purpose they wish Minimization is a constitutional requirement as well as a statutory one as Judge Bates of the FISA Court has observed T he procedures governing retention use and dissemination bear on the reasonableness under the Fourth Amendment of a program for collecting foreign intelligence information 75 73 NSA 702 MINIMIZATION PROCEDURES supra note 63 at 3 b 5 FBI 702 MINIMIZATION PROCEDURES supra note 64 at III D CIA 702 MINIMIZATION PROCEDURES supra note 64 at 4 74 ROBERT S LITT ODNI PRIVACY TECHNOLOGY AND NATIONAL SECURITY AN OVERVIEW OF INTELLIGENCE COLLECTION July 18 2013 https www dni gov index php newsroom speeches-and-interviews 195-speechesinterviews-2013 896-privacy -technology-and-national-security-an-overview-of-intelligence-collection 75 Redacted 2011 WL 10945618 at 27 FISA Ct Oct 3 2011 In cases involving the foreign intelligence exception to the warrant requirement the reasonableness of a surveillance scheme turns on weighing the government's national security interest against the privacy intrusion While the surveillance scheme should be evaluated as a whole it is difficult to see how any scheme could pass the reasonableness test if a significant component of the scheme were not justified by any national security interest This is one of several errors in my view in the FISA Court's 2015 decision upholding the constitutionality of back door searches See Elizabeth Goitein The FBI's Warrantless Surveillance Back Door Just Opened a Little Wider JUST SEC Apr 21 2016 https www justsecurity org 30699 fbis-warrantless-surveillance-door-opened-wider 15 Indeed restrictions on searches of lawfully obtained data are the constitutional norm not the exception In executing warrants to search computers the government routinely seizes and or copies entire hard drives However agents may only conduct searches reasonably designed to retrieve those documents or files containing the evidence specified in the warrant 76 The fact that the government lawfully obtained and is in possession of the computer's contents does not give it license to conduct any search it wishes that would violate the terms on which the government obtained the computer's contents in the first place The same principle holds true in the analog world When the police obtain a warrant to search a house for a murder weapon they may enter the house and in appropriate cases search every room But after they find or fail to find the murder weapon they are not allowed to continue searching for other items they may have some interest in simply because they are now in the house Their entrance into the house was legal but that does not entitle them to search for anything inside it That would be exceeding the terms accompanying their initial access to the house Under Section 702 the terms on which the government is authorized to collect data without a warrant include a limitation on whom the government may target - i e the government may only target foreigners overseas To obtain access to the data on those terms and then search for Americans' data is the equivalent of seizing a computer to search for child pornography and then searching for evidence of tax fraud or obtaining access to a house to search for a murder weapon and then conducting a search for drugs Compounding the constitutional harm the government has not fully and consistently complied with its statutory and constitutional obligation to notify criminal defendants when it uses evidence obtained or derived from Section 702 surveillance Before 2013 the government interpreted obtained or derived from so narrowly that it notified no one In the three and a half years since the government's approach reportedly changed 77 the government has provided notification in only eight known cases even though the Privacy and Civil Liberties Oversight Board PCLOB reports that the FBI searches Section 702 every time it conducts a national security investigation 78 and there have been several hundred terrorism and national security convictions during this time 79 There is reason for concern that the government is avoiding its notification requirements by engaging in parallel construction - i e recreating the Section 702 evidence using less controversial means 80 Attorneys have asked the Department of Justice to 76 See e g United States v Ganias 755 F 3d 125 2nd Cir 2014 rev'd en banc on other grounds 824 F 3d 199 2nd Cir 2016 77 For more background see Patrick C Toomey Why Aren't Criminal Defendants Getting Notice of Section 702 Surveillance -- Again JUST SEC Dec 11 2015 https www justsecurity org 28256 arent-criminal-defendantsnotice-section-702-surveillance-again 78 PCLOB 702 REPORT supra note 5 at 59 79 DEP'T OF JUSTICE UNITED STATES ATTORNEYS' ANNUAL STATISTICAL REPORT FISCAL YEAR 2015 at 14 DEP'T OF JUSTICE UNITED STATES ATTORNEYS' ANNUAL STATISTICAL REPORT FISCAL YEAR 2014 at 12 DEP'T OF JUSTICE UNITED STATES ATTORNEYS' ANNUAL STATISTICAL REPORT FISCAL YEAR 2013 at 60 80 See Toomey supra note 69 John Shiffman and Kristina Cooke Exclusive U S Directs Agents to Cover Up Program Used to Investigate Americans REUTERS Aug 5 2013 3 25 PM http www reuters com article us-deasod-idUSBRE97409R20130805#X7BeCQSb0GrEDTJX 97 16 share its policies for determining when information is considered to be derived from Section 702 but the Department refuses to provide them Importantly opposition to warrantless searches for U S person information is not a call to re-build the barriers to cooperation among agencies often attributed to the wall Threat information including threat information that focuses on U S persons can and should be shared among agencies when identified and the agencies should work together as necessary in addressing the threat What the Fourth Amendment cannot tolerate is the government collecting information without a warrant with the intent of mining it for use in ordinary criminal cases against Americans That is why President Obama's Review Group on Intelligence and Communications Technologies - a five-person panel including a former acting director of the CIA Michael J Morell and chief counterterrorism advisor to President George W Bush Richard A Clarke - unanimously recommended closing the back door search loophole by prohibiting searches for Americans' communications without a warrant 81 VI Foreign Nationals and Human Rights Risks Section 702 surveillance also raises concerns about the privacy and human rights of foreign nationals who are not foreign powers agents of foreign powers or affiliated with terrorism While the Fourth Amendment might not apply to these individuals the right to privacy is a fundamental human right recognized under international law - including treaties such as the International Covenant on Civil and Political Rights that the U S has signed In Presidential Policy Directive 28 PPD-28 President Obama acknowledged that all persons should be treated with dignity and respect regardless of their nationality or wherever they might reside and all persons have legitimate privacy interests in the handling of their personal information 82 PPD-28 requires agencies to extend certain privacy protections to foreign nationals when conducting electronic surveillance Most notably personal information of non-U S persons may be retained or disseminated only if retention and sharing would be permitted for comparable information concerning U S persons 83 This is a significant change but several factors limit its actual and potential impact Most notably the future viability of PPD-28 is uncertain given that President Trump already has rescinded several of President Obama's orders and CIA Director Mike Pompeo when he served in Congress argued that PPD-28 should be revoked 84 Additionally even if PPD-28 remains in place the directive does not prevent the acquisition of information about foreign nationals who pose no threat to the United States Finally the limits on retention and sharing of U S person information are not particularly strict to begin with and it remains to be 81 See PRESIDENT'S REVIEW GRP ON INTELLIGENCE AND COMMUNICATIONS TECHNOLOGIES LIBERTY AND SECURITY IN A CHANGING WORLD 29 2013 available at http www whitehouse gov sites default files docs 201312-12_rg_final_report pdf 82 EXEC OFFICE OF THE PRESIDENT PRESIDENTIAL POLICY DIRECTIVE PPD-28 2014 available at http www lawfareblog com wp-content uploads 2014 01 2014sigint mem_ ppd_ rel_ pdf 83 Id at 4 a i 84 See Mike Pompeo David B Rivkin Jr Time for a Rigorous National Debate About Surveillance WALL ST J Jan 3 2016 https www wsj com articles time-for-a-rigorous-national-debate-about-surveillance-1451856106 17 seen whether and how the agencies incorporated PPD-28's requirement of comparability in their 2015 minimization procedures which have not been declassified A particular concern relates to the sharing of Section 702 information with foreign governments Agencies have significant leeway to share foreign intelligence information as long as the sharing is consistent with U S law clearly in the national interest and intended for a specific purpose and generally limited in duration 85 Although the agency should have confidence that the information is not likely to be used by the recipient in an unlawful manner or in a manner harmful to U S interests 86 there is no express requirement or mechanism to ensure that governments with poor or spotty human rights records will not use the information to facilitate human rights violations - for instance to harass or persecute journalists political dissidents human rights activists and other vulnerable groups whose communications may have been caught up in the Section 702 collection 87 VII Must We Leave Section 702 in Its Current Form Having discussed the concerns surrounding Section 702 surveillance it is important to address the arguments that have been put forward for its necessity These arguments have varying degrees of merit but none of them forecloses the possibility of reforms A Restoring FISA's Original Intent Executive branch officials have argued that Section 702 was necessary to restore the original intent behind FISA which was being subverted by changes in communications technology These officials note that FISA in 1978 required the government to obtain an individual court order when collecting any communications involving Americans that traveled by wire but required an individual court order to obtain satellite communications only when all of the communicants were inside the U S Asserting that 'wire' technology was the norm for domestic calls 88 while almost all transoceanic communications into and out of the United States were carried by satellite which qualified as 'radio' vs 'wire' communications 89 they infer that Congress intended to require the government to obtain an order when acquiring purely domestic communications but not when obtaining communications between foreign targets and Americans This intent was undermined when fiber-optic cables later became the standard method of transmission for international calls 85 OFFICE OF THE DIR OF NAT'L INTELLIGENCE FOREIGN DISCLOSURE AND RELEASE OF CLASSIFIED NATIONAL INTELLIGENCE ICD 403 E 1 Mar 13 2013 available at http www dni gov files documents ICD ICD403 pdf 86 OFFICE OF THE DIR OF NAT'L INTELLIGENCE CRITERIA FOR FOREIGN DISCLOSURE AND RELEASE OF CLASSIFIED NATIONAL INTELLIGENCE ICPG 403 1 D 2 Mar 13 2013 available at http www dni gov files documents ICPG ICPG403-1 pdf 87 See AMOS TOH FAIZA PATEL ELIZABETH GOITEIN BRENNAN CTR FOR JUSTICE OVERSEAS SURVEILLANCE IN AN INTERCONNECTED WORLD 28-31 2016 http www brennancenter org sites default files publications Overseas_Surveillance_in_an_Interconnected_World p df 88 Statement of Kenneth L Wainstein Partner Cadwalader Wickersham Taft LLP before the Subcommittee on Crime Terrorism and Homeland Security of the House Committee on the Judiciary at 4 May 31 2012 89 Statement of Kenneth L Wainstein Assistant Attorney General National Security Division Department of Justice before the House Permanent Select Committee on Intelligence at 4 Sept 6 2007 18 The problem with this theory is two-fold First it would have been quite simple for Congress to state that FISA orders were required for purely domestic communications and not for international ones Instead Congress produced an elaborate multi-part definition of electronic surveillance that relied on particular technologies rather than the domestic versus international nature of the communication Second it is not correct that almost all international communications were carried by satellite the available evidence indicates that one third to one half of international communications were carried by wire 90 A more plausible explanation for the original FISA's complex scheme - one with much stronger support in the legislative history - was put forward by David Kris a former head of the Justice Department's National Security Division Mr Kris concluded that Congress intended to require a court order for international wire communications obtained in the U S and that the purpose behind its definitional acrobatics was to leave legislation covering surveillance conducted outside the U S and NSA satellite surveillance for another day 91 Although Congress never followed up the legislative history of FISA made clear that the gaps in the statute's coverage of NSA's operations should not be viewed as congressional authorization for such activities as they affect the privacy interests of Americans 92 A related argument in support of Section 702's necessity is that certain purely foreign-toforeign communications which Congress never intended to regulate now travel through the United States in ways that bring them within FISA's scope In practice this appears to be a fairly discrete albeit thorny problem that applies to one category of communication e-mails between foreigners that are stored on U S servers 93 Section 702 however goes far beyond what would be necessary to solve that problem as it eliminates the requirement of an individualized court order for the acquisition of any communication between a foreign target and an American Moreover there is a flip side to this issue changes in technology have also caused certain purely domestic communications to travel outside the U S in ways that remove them from FISA's scope Purely domestic communications once traveled on copper wires inside the U S and FISA thus required a court order to obtain them for foreign intelligence purposes Today digital data may be routed anywhere in the world - and U S Internet Service Providers may store domestic communications on overseas servers - rendering these communications vulnerable to surveillance under Executive Order 12333 which has far fewer safeguards 94 Any legislation 90 David Kris Modernizing the Foreign Intelligence Surveillance Act 3 Brookings Inst Working Paper 2007 available at http www brookings edu media research files papers 2007 11 15%20nationalsecurity%20kris 1115_nationalsecu rity_kris pdf 91 Id at 13-23 92 S REP NO 95-701 at 35 1978 reprinted in 1978 U S C C A N 3973 4004 93 FISA regulates three basic types of surveillance wiretapping the interception of radio communications and the monitoring of information through other electronic means -- which in 1978 referred primarily to bugging Although e-mails may be captured in transit by wiretapping or for e-mails sent wirelessly interception of radio signals once they are stored on a server their acquisition is considered monitoring Because FISA regulates monitoring within the U S regardless of the nationality of the target stored foreign-to-foreign e-mails come within its ambit DAVID S KRIS J DOUGLAS WILSON NATIONAL SECURITY INVESTIGATIONS PROSECUTIONS 2d 7 27 16 6 2012 94 GOITEIN PATEL supra note 2 at 19-20 TOH ET AL supra note 87 at 8-10 19 that attempts to address the unanticipated inclusion of purely foreign communications should address the unanticipated exclusion of purely domestic communications as well It should also address another way in which technological advances have undermined the protections of FISA As noted above FISA governs the acquisition of wire communications as long as one of the communicants is inside the United States but it governs the acquisition of radio communications only if the sender and all recipients are inside the United States 95 In addition even if a communication travels most of its route by wire it is considered a radio communication if intercepted during a non-wire portion of transmittal 96 Today as cell phones are replacing landlines more and more wire communications have a wireless component 97 - allowing the government to acquire an increasing number of international phone calls on U S soil outside FISA's legal framework This unintended exception to FISA's coverage threatens to swallow the rule unless Congress acts to fix it B Thwarting Terrorist Plots Executive officials have stated and the PCLOB and the president's Review Group on Intelligence and Communications Technologies have found that Section 702 surveillance played a role in detecting and thwarting a number of terrorist plots That is after all the most important function the statute is intended to serve if it did not accomplish this goal it presumably should go the way of the now-discontinued Section 215 bulk collection program which by most reliable reports added little counterterrorism value Whether Section 702 is useful is thus a question of critical importance It is not however the only question that must be answered There is also the question of whether effective surveillance could be conducted in a manner that entails less intrusion on the privacy of lawabiding Americans and foreigners Indeed in the few cases that have been made public - including those of Najibullah Zazi Khalid Ouazzani David Headley Agron Hasbajrami and Jamshid Muhtorov - it appears that the targets of the Section 702 surveillance were known or suspected to have terrorist affiliations 98 Intelligence officials have confirmed that this is the norm in cases where Section 702 surveillance has been critical - i e that the typical such case has involved narrowly focused surveillance targeting a specific foreign individual overseas based on the government's reasonable belief the individual was involved with terrorist activities 99 Such cases do not support the idea that the NSA needs the authority to target any foreigner overseas and collect all of his communications with Americans 95 50 U S C 1801 f 2 3 See KRIS WILSON supra note 93 at 7 6 97 Although most wireless communications today do not technically travel via radio waves the legislative history of FISA indicates that Congress intended to cover a broader range on the electromagnetic spectrum See id at 7 7 98 See 2009 Subway Plot NEW AMERICA http securitydata newamerica net extremists terror-plot html id 1543 2009 New York Stock Exchange Plot NEW AMERICA http securitydata newamerica net extremists terrorplot html id 1542 2009 Jyllands Posten Plot NEW AMERICA http securitydata newamerica net extremists terrorplot html id 1583 2011 Agron Hasbajrami NEW AMERICA http securitydata newamerica net extremists terrorplot html id 1616 2012 Islamic Jihad Union Support Network NEW AMERICA http securitydata newamerica net extremists terror-plot html id 1575 99 See Olsen Statement supra note 46 at 5 96 20 We must also ask whether the costs to our liberties are too high It is commonly said that if terrorists succeed in undermining our values they win But while this notion is often invoked it is also often forgotten The United States was founded on a set of core principles and none of these was more important than the right of the citizens to be free from undue intrusions by the government on their privacy 100 Our Constitution promises us that law-abiding citizens will be left alone It is incumbent upon us as a nation to find ways of addressing the terrorist threat that do not betray this promise VIII Who Decides - The Need for Transparency Within constitutional bounds set by our nation's courts it is up to the American people - speaking through their representatives in Congress - to decide how much surveillance is too much But they cannot do this without sufficient information While a significant amount of information about Section 702 has been declassified in recent years critical information remains unavailable For instance the certifications setting forth the categories of foreign intelligence the government seeks to collect - but not the individual targets - have not been released even in redacted form Unlike the NSA and the CIA the FBI does not track or report how many times it uses U S person identifiers to query databases containing Section 702 data The list of crimes for which Section 702 data may be used as evidence has not been disclosed Nor have the policies governing when evidence used in legal proceedings is considered to be derived from Section 702 surveillance The length of time that the FBI may retain data that has been reviewed but whose value has not been determined remains secret Perhaps most strikingly despite multiple requests from lawmakers dating back several years the NSA has yet to disclose an estimate of how many Americans' communications are collected under Section 702 The NSA has previously stated that generating an estimate would itself violate Americans' privacy ostensibly because it might involve reviewing communications that would otherwise not be reviewed In October of last year a coalition of more than thirty advocacy groups - including many of the nation's most prominent privacy organizations - sent a letter to the Director of National Intelligence urging that the NSA go forward with producing an estimate 101 The letter noted that as long as proper safeguards were in place the result would be a net gain for privacy In April 2016 a bipartisan group of fourteen House Judiciary Committee members sent the DNI a letter making the same request 102 Eight months later the members wrote again to memorialize their understanding in light of interim conversations and briefings that the DNI would provide the requested estimate early enough to inform the debate and with a target date 100 Michael W Price Rethinking Privacy Fourth Amendment Papers and the Third-Party Doctrine 8 J NAT ' L SECURITY L POL ' Y 247 250-64 2015 101 Letter from Brennan Ctr for Justice et al to James Clapper Dir Nat'l Intelligence Oct 29 2015 available at https www brennancenter org sites default files analysis Coalition_Letter_DNI_Clapper_102915 pdf 102 Letter from Rep John Conyers Jr et al to James Clapper Dir Nat'l Intelligence Apr 22 2016 available at https www brennancenter org sites default files legal-work Letter_to_Director_Clapper_4_22 pdf 21 of January 2017 103 It is now March and the administration has issued neither the estimate nor any public response to the members' second letter This basic information is necessary for Americans to evaluate the impact of Section 702 on their privacy It is also necessary because most Americans are not lawyers and when they hear that a surveillance program is targeted only at foreigners overseas and that any acquisition of Americans' communications is incidental they may reasonably assume that there is very little collection of their own calls and e-mails An estimate of how many communications involving Americans are collected would help to pierce the legalese and give Americans a truer sense of what the program entails In short Section 702 is a public statute that is subject to the democratic process and the democratic process cannot work when Americans and lawmakers lack critical information More transparency is urgently needed so that the country can begin an informed public debate about the future of foreign intelligence surveillance Thank you again for this opportunity to testify 103 See Press Release U S House Comm on the Judiciary Democrats Bipartisan House Coalition Presses Clapper for Information on Phone Email Surveillance Dec 16 2016 available at https democratsjudiciary house gov news press-releases bipartisan-house-coalition-presses-clapper-information-phone-emailsurveillance 22                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu