Next week, the lame duck Congress will take up the issue of whether to extend the Foreign Intelligence Surveillance Act (FISA) Amendments Act (FAA) of 2008. The House of Representatives passed a five year extention, but during the the floor debate on that bill, lawmakers demonstrated a fundamental misunderstanding about how the FAA affects the privacy of Americans on American soil. Before rubber-stamping the bill, lawmakers in the Senate have the opportunity to address the misunderstanding and better protect American privacy. This post is the first in a series.
First, some definitions are required to understand the issues raised by the fAA. Target, monitor and direct are terms of art in FISA. The target is the individual or entity about which the United States seeks information. Individuals whose communications are collected are monitored. These individuals may or may not be the target, or agents of the target. Surveillance takes place, or is directed, at a communications facility or facilities. Non-US persons include entities as well as individuals that are of foreign intelligence interest to the United States. The targets need not be suspected of terrorism, criminal conduct or any other wrongdoing.
Section 1881a of the FAA creates a new source of authority for surveillance targeting any “non-US person” reasonably believed to be located overseas.The Attorney General (AG) and the Director of National Intelligence (DNI) may jointly authorize surveillance under the FAA for up to one year via a certification to the Foreign Intelligence Surveillance Court (FISC), or in exigent circumstances.
Traditionally, FISA allowed the government to target foreign entities for foreign intelligence information. Surveillance filters can be set to collect every message that contains the word terrorism, or to look for information about Iraqi or French policies that matter to the US. But FISA also required the government to specify to the FISC the individuals to be monitored, and to show probably cause that the target would use the facilities at which the government planned to direct surveillance. These safeguards discouraged wholesale collection of communications to and from innocent Americans.
By contrast, the FAA allows surveillance of a foreign entity without specifying the people to be monitored or the facilities, places, premises, or property at which surveillance will be directed. Because the target can be any foreign entity, the government can direct surveillance at any facility, even those on American soil, and monitor unspecified Americans’ international communications to or from suspected agents of the foreign entity, or even about that entity. However, the government may not target Americans or intentionally acquire purely domestic communications.
According to David Kris, formerly the Department of Justice’s head of national security, an [FAA] authorization targeting “al Qaeda” – which is a non-US person located abroad – could allow the government to wiretap any telephone that it believes will yield information from or about al Qaeda, either because the telephone is registered to a person whom the government believes is affiliated with al Qaeda, or because the government believes that the person communicates with others who are affiliated with al Qaeda, regardless of the citizenship of the communicant or the location of the telephone. Kris, National Security Investigations and Prosecutions 2d §17.9, Vol. 1 p. 625 (2012). Tip: replace "al Qaeda" with Iran, France, Wikileaks or Medecins Sans Frontieres or any non-US group of foreign policy interest to our government. Monitoring such communications isn't a rare accident; this is what the FAA was designed for.
MYTH: The FAA only authorizes surveillance of foreigners in foreign lands, and does not authorize surveillance of Americans on American soil.
FACT: The FAA authorizes surveillance of Americans’ international communications. While the FAA requires a non-US entity be the target of surveillance, anyone who communicates with agents of the target, or has foreign intelligence information about the target, may be monitored, regardless of the citizenship of the communicants or the location of the telephone. In sum, under the FAA the government:
- MAY warrantlessly acquire Americans’ foreign to foreign or one-end US communications; and
- MAY warrantlessly acquire Americans’ domestic communications, so long as the acquisition was unintentional.
MYTH: Warrantless surveillance of Americans under the FAA is rare.
FACT: We don’t know how common warrantless surveillance of Americans is under this law because the FAA does not provide for notice to monitored parties, reporting to Congress, or other mechanisms for transparency and oversight. On at least one occasion, the FISC found that FAA surveillance violated the Fourth Amendment. This is cause for alarm, rather than comfort: The FISC ability to supervise surveillance under the FAA is very narrow: it is required to issue an acquisition order if it finds that the government’s certification “contains all the required elements” and that the general “targeting and minimization procedures” are consistent with the requirements of the statute and the Fourth Amendment. It does not supervise the implementation of the government’s targeting or minimization procedures in any particular case. If the FISC was nevertheless able to identify constitutional violations, this is cause for Congress to investigate further.
MYTH: Minimization procedures are sufficient to protect the privacy rights of Americans.
FACT: The FISC makes only a general review of targeting and minimization policies. Those decisions are not reviewed in any individualized way. In any case, minimization would only exclude communications that the government should not keep. Under FAA, the government can direct surveillance at facilities in the United States and monitor all Americans’ international communications that are of foreign intelligence interest, for example, contain the word “terrorism” or are to and from agents of a foreign entity, say, Italy.
[Next: Minimization Under the FAA Does Not Adequately Protect Americans' Privacy]