This article is third in a series of five about the importance of Section 702. You can read the first article, “How the Section 702 Program Helps America Thwart Terrorist Plots,” here, and the second article, “Anti-Terror Law’s Safeguards Against Incidental Collection of Domestic Data Are Sufficient,” here.
Section 702 of the Foreign Intelligence Surveillance Act is up for reauthorization before the end of 2017.
Originally passed in 1978, FISA was amended in 2008 by the FISA Amendments Act, which added a new Title VII, “Additional Procedures Regarding Certain Persons Outside the United States.”
The Section 702 program is a targeted intelligence-collection program that allows the U.S. Intelligence Community to target non-U.S. persons reasonably believed to be located outside the United States, for the express purpose of acquiring foreign intelligence information.
Since 2008, this surveillance of the online activities of targeted foreigners has provided invaluable information to American intelligence officials in the fight against terrorism.
Additionally, the program has been subject to careful oversight by Congress, the Foreign Intelligence Surveillance Court, the Department of Justice, the Office of the Director of National Intelligence, inspectors general of agencies that conduct Section 702 acquisition, and the Privacy and Civil Liberties Oversight Board to ensure that it achieves the proper balance between national security and civil liberties.
And yet, critics think that the program still infringes on Americans’ rights. Their concerns center on the reality that, in collecting information about foreign actors, the Section 702 program will also incidentally collect information about American citizens.
As explained in The Heritage Foundation’s 2016 paper, “Maintaining America’s Ability to Collect Foreign Intelligence: The Section 702 Program,” Section 702 is a constitutional, lawful, and effective program.
This nine-part blog series will address the main criticisms of the Section 702 program in greater depth and show how they are off base, highlight its effectiveness as a targeted foreign-intelligence program, and look at some of its most successful cases.
Ultimately, this blog concludes that the program is so vital to America’s national security, and is subject to sufficient oversight to safeguard Americans’ privacy rights, that Congress should reauthorize Section 702 in its current form or with modest reforms that enhance oversight without adversely affecting the operational effectiveness of the program.
In today’s digital age, our capacity to intercept our adversaries’ electronic communications is vital to our national security and counterterrorism efforts.
Section 702, which permits the surveillance of foreign persons outside the U.S. to collect significant foreign intelligence information, is perhaps the most critical component of that capacity. Indeed, more than 25 percent of the National Security Agency’s intelligence reports regarding international terrorism are based on Section 702 collection.
Besides being effective, Section 702 was carefully crafted to provide sufficient protection for the privacy of U.S. persons. Under Section 702, the government is prohibited from intentionally targeting a U.S. person (or someone known to be in the U.S., regardless of nationality), and if a U.S. person’s communications are incidentally gathered in the course of targeting a non-U.S. person, there are stringent safeguards—“minimization procedures”—that are designed to protect that information.
These minimization procedures establish strict controls with regard to the collection, retention, dissemination, and use of acquired U.S. person information.
Besides the limitations written into the statute, Section 702 collection operations by the NSA, FBI, CIA, and National Counterterrorism Center are also subject to rigorous oversight to ensure they are conducted in accordance with the Constitution, the statute, and internal guidelines.
This multilayered oversight is conducted by all three branches of the federal government.
- Executive Branch Oversight
First, there is strict oversight conducted by various entities of the executive branch, from the intelligence agencies themselves, from the Department of Justice, and from the Office of the Director of National Intelligence.
Compliance oversight is routinely conducted within the agencies using 702 authority by agency compliance officers and civil liberties and privacy officers.
All agency personnel involved in targeting persons for surveillance under Section 702 receive mandatory training on targeting and minimization procedures and on all agency policies governing surveillance collection. Additionally, all targeting nominations and decisions under Section 702 are subject to multiple layers of internal review.
Finally, the head of each 702 participating agency must provide an accounting of the number of disseminated reports containing U.S. person identities, the number of times those identities were unmasked in the reporting, and the number of targeted individuals who were later found to be inside the U.S.
The Justice Department and the Office of the Director on National Intelligence are also vested with oversight responsibility for the 702 program. Attorneys in the National Security Division of the Justice Department, together with a team at the Office of the Director of National Intelligence, review all targeting decisions under Section 702.
They also review the mandatory reports of any incidents of noncompliance under 702, and at least every two months, they conduct a detailed on-site review at each agency to examine any incidents of noncompliance and recent targeting and minimization decisions.
In accordance with the statute, the attorney general and director of national intelligence also conduct a semiannual assessment of the agencies’ compliance with targeting and minimization procedures and the internal acquisition guidelines. Those assessments are shared with the Foreign Intelligence Surveillance Court and Congress.
In addition, the inspectors general of the relevant agencies play a significant role in Section 702 oversight. The statute authorizes them to conduct evaluations of agency compliance with targeting and minimization procedures.
2. Judicial Oversight
The judiciary also provides meaningful Section 702 oversight through the Foreign Intelligence Surveillance Court. That court reviews the government’s annual certifications, which specify the categories of foreign intelligence targets that the government seeks to surveil under Section 702, to ensure compliance under FISA and the Fourth Amendment.
It also receives and reviews the reports of any incidents of noncompliance, the biannual report of the attorney general and the director of national intelligence regarding compliance with procedures, and the reports of agency heads and inspectors general of agencies that conduct Section 702 acquisition.
Additionally, the Foreign Intelligence Surveillance Court examines the government’s targeting procedures to satisfy itself that the government is taking all necessary steps to target only non-U.S. persons outside the United States, as well as the government’s minimization procedures that protect incidentally acquired U.S. person information.
Along with reviewing these materials, the Foreign Intelligence Surveillance Court can—and routinely does—require the government to provide additional descriptions and testimony to ensure that the court fully understands the operation of the Section 702 program.
3. Congressional Oversight
In addition to the extensive oversight performed by the executive and judicial branches, Congress plays an important oversight role regarding Section 702.
The statute requires that the attorney general and director of national intelligence biannually provide the House and Senate Intelligence and Judiciary Committees with joint assessments that discuss trends in compliance and recommended changes to reduce compliance issues.
These committees also receive and review the 702 certifications submitted to the FISA court, the directives sent to the electronic communication service providers that assist in implementing the authorized 702 collection, semiannual reports from the attorney general listing every incident of noncompliance, copies of any order by the court or pleading by the government that contains a significant legal interpretation of Section 702, and the results of inspector general reviews of the use and handling of U.S. person information that is collected under Section 702.
This comprehensive and multilayered infrastructure of oversight by all three branches of government is more than sufficient to ensure that the government’s surveillance activities under Section 702 conform to the requirements of the law and the Constitution.
This conclusion was confirmed in 2014 when the independent Privacy and Civil Liberties Oversight Board conducted an extensive and probing assessment of Section 702. The board’s report indicated that it had found no single intentional violation of the statute, targeting procedures, or minimization procedures, and observed that “the government has taken seriously its obligations to establish and adhere to a detailed set of rules regarding how it handles U.S. person communications that it acquires under the program” and that its members were “impressed with the rigor of the government’s efforts to ensure that it acquires only those communications it is authorized to collect, and that it targets only those persons it is authorized to target.”
This conclusion was later echoed in a declassified opinion of the FISA court, which noted that “the implementing agencies, as well as [the Office of Director of National Intelligence] and the [National Security Division], devote substantial resources to their compliance and oversight responsibilities under Section 702. As a general rule, instances of noncompliance are identified promptly and appropriate remedial actions are taken … .”
As an important adjunct to this oversight, there is now much more public transparency about the 702 program, with the Intelligence Community now publicly releasing the semiannual assessments, FISA court opinions, and redacted versions of the entire 702 package—including certifications, declarations, and minimization and targeting procedures.
Despite this expansive oversight, some critics remain concerned about the collection and investigative use of U.S. person information that is incidentally collected under Section 702.
As explained above, although U.S. persons cannot be targeted for surveillance under Section 702, their communications can be collected in the course of surveilling a non-U.S. person and can be stored and queried by the intelligence agencies for foreign-intelligence purposes and by the FBI for both foreign-intelligence and law-enforcement purposes.
Recognizing the national security value of the 702 collection platform and its well-regulated implementation, critics have largely refrained from arguing against reauthorization of the authority. Instead, they have focused on restricting the use of the U.S. person information collected thereunder.
Specifically, many have urged Congress to require that the government obtain a search warrant from a federal judge before its personnel query its Section 702 collection with a U.S. person identifier (e.g., email address).
Imposing such a warrant requirement on our intelligence and law enforcement officials would be an unnecessary departure from historical practice and legal precedent.
Incidental collection is an inevitable byproduct of any of the existing types of electronic communications surveillance—whether that surveillance is conducted under Section 702, under traditional FISA, under the criminal investigative wiretap authority in 18 U.S.C. § 2518, or under Executive Order 12333.
Once acquired under these authorities, any U.S. person information is stored and can be examined (or “queried”) by law enforcement and intelligence officials. There is nothing under the law or the Constitution that limits the government from using the incidentally collected, lawfully acquired surveillance information in furtherance of its intelligence and law enforcement investigations.
Indeed, every court that has considered the issue has concluded that querying the lawfully collected Section 702 information is consistent with the Fourth Amendment.
We see no legal or logical reason to treat 702 collection differently and to require an agent to secure a probable-cause warrant from a federal judge before querying the 702 collection for incidentally collected U.S. person communications.
In fact, there is a very good reason not to do that, as these communications from a foreign national-security target to a U.S. person—often here in the United States—may be the most concerning and the most important for purposes of detecting and preventing a national security threat, such as a terrorist attack on the homeland.
The last thing our investigators need is an unnecessary procedural roadblock that will impede and possibly derail their efforts to detect a threat against our country and our people.
Although we disagree with the critics’ demand for a warrant requirement, we are sympathetic to their concern about the need for informed oversight of the collection and use of U.S. person information under Section 702.
Therefore, we support the provision in the current bill before the House—H.R. 3989—that would require the NSA to provide statistics regarding the number of U.S. person communications intercepted under Section 702.
While we accept the assertions from Director of National Intelligence Dan Coats and others in the Intelligence Community that logistical and operational challenges make it “infeasible” to provide specific numbers, Congress would be justified in requiring the NSA to periodically provide Congress with some form of sampling or approximation, and/or an explanation why such a showing is not practical.
Similarly, we agree with the proposal in H.R. 3989 to require a report on the number of U.S. person communications that are disseminated in intelligence reports and/or used in the course of criminal investigations and that are unrelated to national security or foreign intelligence.
Finally, given the quality of its work in this area, we would support Congress assigning the Privacy and Civil Liberties Oversight Board the responsibility to conduct periodic reviews along the lines of its 2014 review.
In conclusion, it is imperative to our national security that Congress reauthorize Section 702 without imposing unnecessary limitations that undermine its effectiveness.
It is equally imperative, however, that Congress and the American people have assurance that this authority is being used in accordance with the law and the Constitution.
We submit that the existing compliance infrastructure, augmented by one or more of the additional compliance provisions described above, will be more than sufficient to provide that assurance in the years ahead.