Last week, the House Judiciary Subcommittee on Crime and Federal Government Surveillance held a hearing on “Fixing FISA: How a Law Designed to Protect Americans Has Been Weaponized Against Them,” ahead of the December 2023 expiration of the Section 702 surveillance authority. The three witnesses, Michael E. Horowitz (Inspector General, U.S. Department of Justice), Sharon Bradford Franklin (Chair, U.S. Privacy and Civil Liberties Oversight Board), and Beth A. Williams (Board Member, U.S. Privacy and Civil Liberties Oversight Board) all sketched out their visions for the good, the bad, and the ugly about the invasive surveillance power.
The witnesses managed to use the hearing to sketch out a vision for what a minimally sufficient bill to reform Section 702 would look like. However, they were not nearly as skeptical as we are of the necessity of domestic law enforcement’s use of these powers–especially when the information collected under 702 could be obtained by law enforcement with a warrant through more traditional avenues.
Section 702 allows the government to conduct surveillance inside the United States by vacuuming up digital communications so long as the surveillance is directed at foreigners currently located outside the United States. It also prohibits intentionally targeting Americans. Nevertheless, the NSA routinely (“incidentally”) acquires innocent Americans' communications without a probable cause warrant. Once collected, the FBI can search through this massive database of information by “querying” the communications of specific individuals.
Previously the FBI alone reported conducting up to 3.4 million warrantless searches of Section 702 data in 2021 using Americans’ identifiers. Congress and the FISA Court have imposed modest limitations on these backdoor searches, but according to several recent FISA Court opinions, the FBI has engaged in “widespread violations” of even these minimal privacy protections.
A just-published transparency report from the Office of the Director of National Intelligence (ODNI) includes a “recalculation” of these statistics, reporting instead just under 3 million searches for 2021, and around 120,000 and 800,000 for 2022 and 2020 respectively. The report says that a single cybersecurity investigation in 2021 involving attempts to “compromise critical infrastructure” led to “approximately 1.9 million queries related to potential victims—including U.S. persons—[and] accounted for the vast majority of the increase in U.S. person queries conducted by FBI over the prior year.”
But we should be far from reassured by these revised estimates of warrantless, backdoor searches of the 702 databases. First, even the lowest reported figure—nearly 120,000 searches in 2022—is still a whole lot of warrantless searches of Americans’ private communications. Second, the methodology used in this new report requires additional scrutiny. For example, it says that the FBI’s new counting method includes “deduplication,” where “instances in which the same query term was run multiple times, whether by the same user or by different users” are apparently treated as only one search. There’s no reason to consider that the right way to count, though. If police conducted separate warrantless searches of a person’s house on Monday, Wednesday, and Friday, a court would likely treat that as three separate violations of the person’s Fourth Amendment rights.
Regardless of the exact numbers, the disturbing history of overreach is why it’s so urgent that civil society, concerned people, and lawmakers act to pass legislation that radically reforms Section 702 before we’re stuck with another 4 years of warrantless backdoor searches of U.S. data.
The Good Suggestions:
Chair of the PCLOB Sharon Bradford Franklin had three vital recommendations for the committee to consider before voting on legislation to renew Section 702.
- Reduce the volume of “incidental collection.” The act of reducing the volume of U.S. persons’ data being swept up by Section 702 would also involve getting an accurate estimate of just how wide-reaching the problem is, something on which we are incapable of getting accurate figures at the moment.
- End backdoor searches of data on U.S. persons by requiring judicial review before domestic law enforcement agencies like the FBI are able to query information about individual U.S. persons, regardless of whether the search is reasonably likely to return information on foreign intelligence or is being used to gather evidence of a crime committed on U.S. soil.
- Permanently revoke the now defunct authorization to conduct “abouts” collection which was paused by the NSA in 2017 amid civil liberties concerns. These are collections of information not sent to or from a target but are communications “about” or which make reference to a surveillance target. Franklin believes we should not rest easy on the NSA’s pause of this procedure, but should ban it explicitly in any 702 renewal legislation.
These three suggestions are a good starting point, but much more work needs to be done to address the over-classification and government secrecy that hinders accountability, enables abuse, and prevents people from suing to address harms done by government surveillance.
The Bad Suggestions:
Government representatives are always quick to testify to the legitimacy and utility of these programs by vaguely referencing classified events or attacks that intelligence agencies thwarted thanks to this program. Part of the problems of over-classification and extreme secrecy is that we’re expected to take their word for it rather than be brought into the process of understanding whether and when these programs actually provide some utility and are not–like Section 215 of the USA FREEDOM Act–touted as absolutely necessary until their authorities expire with little to no pushback from the national security apparatus.
PLCOB member Beth Williams also suggested that Section 702 was not a “bulk” collection program because it required specific targeting of individuals for surveillance–a claim that EFF contests as being an absolute myth.
Even worse, Williams suggested Section 702 and its invasive surveillance capabilities–vacuuming up and reviewing communications, presumably with people overseas, should be used as a tool for vetting hopeful immigrants to the United States as well as being people vetted for government jobs. This might give immigration services the ability to audit entire communication histories before deciding whether an immigrant can enter the country. This is a particularly problematic situation that could cost someone entrance to the United States based on, for instance, their own or a friend’s political opinions—as happened to a Palestinian Harvard student when his social media account was reviewed when coming to the U.S. to start his semester.
Our 702 Reform Wishlist:
In addition to ending warrantless backdoor searchers, Section 702 also needs new measures of transparency to enable future audits and accountability of these secretive programs. FISA has long contained procedures for private parties to sue over surveillance that violates their rights, including a mechanism for considering classified evidence while preserving national security. But, in lawsuit after lawsuit, the executive branch has sought to avoid these procedures, and the judiciary, including the Supreme Court, has adopted cramped readings of the law that create a de facto national security exception to the Constitution. We need real accountability, and that includes the opportunity to contest surveillance in court.