- ABA Groups
- Resources for Lawyers
- Career Center
- About Us
The author is with ZwillGen PLLC in Washington, D.C.
Surveillance and espionage were once practices ordinary Americans only read about in novels or saw in movie theaters. That is no longer true. America is at the center of a worldwide communications network. It is home to the world’s most popular telecommunications, email, instant message, and video chat providers. Because of America’s unique role, hundreds of millions of users send communications through American soil. At the same time, America’s enemies have grown from nation-states, like the Soviet Union, to small cells of terrorists that use ordinary communications networks. Taken together, it is not surprising that signals intelligence agencies like the National Security Agency (NSA), which intercept and analyze these signals, would seek and use surveillance powers to conduct more surveillance at home.
Part of this new regime means that more legal process to gather intelligence is being served on companies in the United States. Recent revelations have declassified documents describing the NSA’s broad “collect now, search later” approach to surveillance. This means that some electronic communications providers, and their in-house and outside counsel, are faced with new forms of legal process. But unlike criminal process, which is rooted in a large body of publicly available case law and which often comes to light in the course of criminal trials, this new process comes to these providers in secret. As documents recently declassified by the director of national intelligence demonstrate, the government has served a number of different kinds of orders on providers—each of whom must assess when and how they might comply with or challenge those orders.
My firm and I represented one such provider in In re Directives [Redacted] Pursuant to Section 105B of the Foreign Intelligence Surveillance Act [Redacted], 551 F.3d 1004 (FISA Ct. Rev. 2008). That case presented a challenge that more providers may face as the NSA explores its surveillance capabilities. The provider received process known as a 105B directive (which is now called a 702 directive) starting in 2007. In contrast with typical criminal process, there was no prior court review or approval of particular surveillance targets. Instead, a 702 directive, like the one served on that provider, approved of the government’s procedure for conducting surveillance—not its targets.
Faced with this process, the provider had to make decisions about how it could respond. The provider chose not to comply with the process, and the government filed a motion to compel in the Foreign Intelligence Surveillance Court (FISC), a secret court charged with reviewing and approving some types of surveillance.
The course of that litigation proved complex. The Foreign Intelligence Surveillance Court of Review (FISCR), which handles appeals from the FISC, had published a single opinion before the In re Directives case, and while the lower court, the FISC, had rules for proceedings, there were no publicly available decisions on which to rely in litigating the procedural aspects of the case. The merits of the case too were litigated in the dark. No docket was made available, and there was no public mention of the case until after it was appealed and the FISCR entered its decision. Some documents related to the case are still being declassified, but in the words of the FISCR’s declassified decision, there was “multitudinous briefing” in the FISC and ample briefing on appeal.
The FISCR released its opinion in In re Directives in 2009, and a beam of light shone on its decisions for the first time in seven years. But then the FISC went dark again. In late 2013, however, the director of national intelligence, in response to increased public pressure seeking information on surveillance activities, began releasing more FISC opinions that are instructive on how the FISC operates and how it has been interpreting the Fourth Amendment and process under the Foreign Intelligence Surveillance Act, 50 U.S.C. § 1801 et seq. (FISA) in the intervening years, giving much needed guidance to providers and outside counsel.
Understanding how to advise clients faced with FISA process, the challenges they face, and how to revise FISA to address public concerns about the NSA’s “collect now, search later” surveillance requires some history, legal analysis, and creative thinking. FISA’s history provides context for the reforms needed to adjust the balance between surveillance and privacy. Current events provide information about the extent of the problem. And creative thinking is required to create solutions.
FISA occupies an uneasy place. It resides where intelligence gathering meets the Fourth Amendment. FISA addresses the problem of how, and when, the government can conduct surveillance for intelligence-gathering purposes on United States soil. Over time, Congress has addressed this delicate balance by amending FISA to expand and contract surveillance capabilities. Today, FISA provides a comprehensive set of procedures for obtaining and using “foreign intelligence information” within the United States.
Before Congress passed FISA in 1978, there were no clear rules for when the executive branch could conduct clandestine surveillance for foreign intelligence purposes. Prior to FISA, every president since at least 1931 used surveillance to protect national security interests—even when no law specifically allowed that surveillance. See Sen. Rep. No. 94-755 (1976), Book III, Supplementary Detailed Staff Reports on Intelligence Activities and the Rights of Americans [hereinafter Church Report], available at www.intelligence.senate.gov/pdfs94th/94755_III.pdf. Presidents justified this surveillance by pointing to their role as commander-in-chief combined with their duty and authority to execute the laws of the United States. U.S. Const. art. II, § 1, § 2, cl. 1; see Church Report, supra, at 279.
This power remained relatively untested until the seminal case United States v. U.S. District Court for Eastern District of Michigan, Southern Division, 407 U.S. 297 (1972), also known as the Keith case. There, the government prosecuted three individuals for conspiring to bomb an office of the Central Intelligence Agency in Ann Arbor, Michigan. The Keith defendants moved to compel the government to disclose electronic surveillance information the government collected without first getting a warrant. The attorney general argued the surveillance satisfied the Fourth Amendment because it was necessary “to gather intelligence information deemed necessary to protect the nation from attempts of domestic organizations to attack and subvert the existing structure of the Government.” Id. at 300. The Supreme Court found that the government must get a warrant before engaging in domestic surveillance, but limited its opinion to “domestic aspects of national security” and stated that it “express[ed] no opinion as to the issues which may be involved with respect to activities of foreign powers or their agents.” Id. at 321. Keith changed the landscape of domestic surveillance, but lower courts struggled to decide when surveillance required a warrant and when surveillance fell outside Keith’s holding; as a result, they increasingly invalidated surveillance. See Zweibon v. Mitchell, 516 F.2d 594, 651 (D.C. Cir. 1975).
Faced with this uncertainty and the revelations about warrantless surveillance, the Senate created the Church Committee to investigate the executive branch’s use of warrantless surveillance. The committee’s report provided revelations much like those that are coming to light today as a result of Edward Snowden’s leaks. The committee’s report, which is actually 14 separate reports regarding intelligence abuses, provides one of the most extensive, in-depth examinations of the use and abuse of surveillance powers in the United States. The Church Report revealed that from the early 1960s to 1972, the NSA targeted certain Americans’ international communications by placing their names on a watch list. It contended that intercepting these Americans’ communications was part of monitoring programs it was conducting against international communications channels. As is the case in news reports today, “to those Americans who have had their communications—sent with the expectation that they were private—intentionally intercepted and disseminated by their Government, the knowledge that NSA did not monitor specific communications channels solely to acquire their message is of little comfort.” Church Report, supra, at 735.
History tends to repeat itself. Today, newspapers have reported that the NSA engages in bulk telephone records surveillance using the “Business Records” provision in section 215 of FISA (50 U.S.C. § 1861). This bulk surveillance, however, isn’t anything new. The Church Report provides shockingly similar revelations about the NSA’s Operation SHAMROCK. Much like recent revelations about today’s bulk records collection, Operation SHAMROCK, which lasted all the way from August 1945 until May 1975, collected millions of telegrams leaving or transiting the United States and monitored certain telephone links between the United States and South America. As part of this monitoring, the NSA intercepted Americans’ international communications and disseminated those communications to other intelligence agencies. In doing so, the NSA “never informed the companies that it was analyzing and disseminating telegrams of Americans.” Unlike today, however, “the companies, who had feared in 1945 that their conduct might be illegal, apparently never sought assurances that NSA was limiting its use to the messages of foreign targets once the intercept program had begun.” Church Report, supra, at 740–41.
The NSA discontinued SHAMROCK in 1975, but it still incidentally collected Americans’ communications—much like it does (to a lesser extent) today. The Church Committee described the NSA’s “initial interception of a stream of communications” as “analogous to a vacuum cleaner.” “NSA picks up all communications carried over a specific link that it is monitoring. The combination of this technology and the use of words to select communications of interest results in NSA analysts reviewing the international messages of American citizens, groups, and organizations for foreign intelligence.” Id. at 741. This is eerily similar to the FISC’s description of bulk records collection as recently as October 2011, in which it stated “that NSA has acquired, is acquiring, and . . . will continue to acquire tens of thousands of wholly domestic communications,” Redacted, slip op. at 33 (FISA Ct. Oct. 3, 2011), because it intercepts all communications over certain Internet links it is monitoring and is “unable to exclude certain Internet transactions.” Id. at 30.
That history tells us where FISA comes from and the problems Congress was trying to solve. Congress had two main goals: provide some oversight where there was none, and draw clear lines so that law enforcement would know when it could use foreign intelligence process and when it had to follow ordinary criminal process. To address these goals, FISA contains two important parts. First, it established a framework for judicial review by creating the Foreign Intelligence Surveillance Court and the Foreign Intelligence Surveillance Court of Review. It also created a new FISA process to replace criminal process such as warrants, subpoenas, surveillance orders, and pen register/trap and trace orders. The FISA versions of each of these has less stringent requirements for the government to satisfy than criminal process. See 50 U.S.C. § 1801–12 (electronic surveillance equivalent to Title III orders), 50 U.S.C. § 1821–29 (physical searches like search warrants), 50 U.S.C. § 1841–46 (pen registers and trap-and-trace devices), 50 U.S.C. § 1861–62 (business records like grand jury subpoenas).
Second, FISA addressed when law enforcement can and cannot use these FISA processes to conduct surveillance or gather evidence. As it was originally enacted, law enforcement could obtain FISA process, rather than criminal process, when the “primary purpose” of surveillance was to gather foreign intelligence information. At the same time, Congress explicitly excluded activities conducted abroad from FISA’s reach. It also did not provide protection for U.S. citizens when they left the United States. See H.R. Rep. No. 95–1283, at 51 (1978).
To fill in the gaps FISA left and to provide rules of executive branch intelligence agencies, President Reagan issued Executive Order 12,333, United States Intelligence Activities (46 Fed. Reg. 59,941 (Dec. 4, 1981)). That order (as amended) remains the basis for executive branch surveillance for foreign intelligence purposes. What is important is that the order sets forth procedures that apply where FISA did not, specifically for surveillance of United States persons located abroad. Id. § 2.5.
Foreign intelligence gathering continued under FISA and Executive Order 12,333 for nearly two decades without major revision or challenge, until the attacks of September 11, 2001. Following 9/11, Congress passed the USA Patriot Act, which amended FISA by expanding law enforcement authority and lowering the standards required to obtain surveillance authority. Pub. L. No. 107–56 (H.R. 3162), 115 Stat. 272 (2001). The act eliminated the “primary purpose” test and replaced it with a “significant purpose” test. Id. § 218. The “primary purpose” test led law enforcement to create a wall between agencies that engaged in criminal prosecutions (such as parts of the Federal Bureau of Investigation and the Department of Justice) and agencies that primarily engaged in foreign intelligence gathering (such as the NSA). One of the problems identified in the aftermath of 9/11 was a reluctance to share information because of this “primary purpose” rule—and the fear that doing so could put surveillance or criminal prosecutions at risk.
In a rare published decision (there have been only two), the FISCR upheld the “significant purpose” test in In re Sealed Case, 310 F.3d 717 (FISA Ct. Rev. 2002). The FISC court had found that the “significant purpose” standard was lower than the “primary purpose” standard but that the Fourth Amendment did not require more. The court concluded that the procedures and government showings required under FISA, even if they do not meet the warrant requirement, come close enough that FISA as amended by the Patriot Act meets the balancing test between Fourth Amendment rights and the need to protect against national security threats. In re Sealed Case would prove to be a launching point for reconciling FISA with the Fourth Amendment and for chipping away at the warrant requirement for foreign intelligence-gathering purposes.
In December 2005, a New York Times article revealed a warrantless domestic wiretapping program, the Terrorist Surveillance Program (TSP), in which the NSA was allowed to eavesdrop on communications where at least one party was not a United States person. According to reports, technical glitches resulted in some “purely domestic” communications being subject to surveillance. The surveillance was based on a 2002 executive order that allowed the NSA to monitor international email messages and international telephone calls transmitted by communications networks based in the United States—surveillance that was outside the scope of review in In re Sealed Case. That executive order claimed that FISA’s warrant requirements were implicitly superseded by the passage of the congressional resolution authorizing the use of military force against terrorists and that the president’s inherent authority under Article II of the Constitution to conduct foreign surveillance trumped FISA.
A group of plaintiffs sought to challenge the TSP in American Civil Liberties Union v. National Security Agency, 438 F. Supp. 2d 754 (E.D. Mich. 2006). The district court ruled that the surveillance violated the Fourth Amendment, finding that the TSP was implemented without regard to the Fourth Amendment or to FISA, and thus violated FISA, the standards of Title III, and the Fourth Amendment. On appeal, however, the Sixth Circuit dismissed the case, finding that the plaintiffs lacked standing to challenge the TSP because they had not alleged that they were the actual victims of warrantless surveillance. ACLU v. NSA, 493 F.3d 644 (6th Cir. 2007); see also Clapper v. Amnesty Int’l, 133 S. Ct. 1138 (2013).
Following the public outcry in response to the New York Times article and the ACLU decision, the Bush administration proposed the Protect America Act of 2007 (PAA), Pub. L. No. 110-55, 121 Stat. 552, which was designed to address surveillance of communications facilities located in the United States that transmit communications between individuals both of whom are located abroad. PAA § 105A. Again, just as in 1978, the government needed more guidance on when FISA applied and when the executive branch was free of its requirements. The PAA addressed a new problem: capturing wholly foreign communications on U.S. soil. In the past, to capture foreign communications between non-U.S. persons, the government simply implemented surveillance on foreign communications networks, which are not subject to restrictions imposed by the Fourth Amendment or any statute. Now that foreign communications could be transferred within the United States and the TSP’s constitutionality had been called into doubt, the intelligence community required a new tool to continue that surveillance. The PAA, by providing a number of procedures to conduct surveillance of targets outside the United States, and in an attempt to avoid resort to traditional warrants and Title III orders, implemented a system of internal controls at the NSA as well as overarching review of policies and procedures by the FISC. The PAA was a stopgap measure, to preserve some aspects of warrantless surveillance of foreign communications transmitted within the United States while Congress worked to overhaul FISA.
Notably, the PAA, like the Patriot Act, again changed the test of when the FISA process does and does not apply. The PAA changed the focus from the identity of the party targeted to whether a party was present in the United States. This change made it much simpler for the attorney general and the director of national intelligence to approve surveillance—rather than certifying that both parties to the communication were foreign powers or agents of foreign powers, they now only had to certify that the target of the surveillance was located outside the United States. Under the PAA, the director of national intelligence and the attorney general could permit, for up to one year, “the acquisition of foreign intelligence information concerning persons reasonably believed to be outside the United States” if they determined that the acquisition met five specified criteria and the minimization procedures for that surveillance were approved by the FISC. PAA § 105B. In practical terms, the government could serve providers with orders that the FISC approved, and then name the targets of surveillance later.
One provider, Yahoo, challenged this in In re Directives [Redacted] Pursuant to Section 105B of the Foreign Intelligence Surveillance Act [Redacted], 551 F.3d 1004 (FISA Ct. Rev. 2008). In that case, the government revealed that it not only complied with the PAA but also voluntarily complied with Executive Order 12,333, 46 Fed. Reg. 59,941, 59,951 (Dec. 4, 1981), which taken together mean that the certifications at issue “permit[ted] surveillances conducted to obtain foreign intelligence for national security purposes when those surveillances are directed against foreign powers or agents of foreign powers reasonably believed to be located outside the United States.” In re Directives, 551 F.3d at 1008. The court upheld these warrantless searches, finding that because the purpose of the surveillance was to gather foreign intelligence information, it fell under a “foreign intelligence exception to the Fourth Amendment’s warrant requirement” so long as it was directed against foreign powers or agents of foreign powers reasonably believed to be located outside the United states. Id. at 1012.
The court also found that the searches were reasonable because they complied with Executive Order 12,333, which required probable cause to believe that an individual is outside the United States and a finding that such surveillance was necessary, and which limited the duration of the surveillance and thus contained sufficient protections to avoid risk of mistake or executive branch misconduct.
The PAA was a stopgap measure and was eventually replaced by the FISA Amendments Act of 2008 (FAA), Pub. L. No. 110-261, § 403, 122 Stat. 2436, 2473. The FAA repealed the most troublesome provision of the PAA, which provided for warrantless surveillance of foreign intelligence targets “reasonably believed” to be outside the United States, even if they were U.S. persons, by adding a new section to FISA entitled “Additional Procedures Regarding Certain Persons Outside the United States.” Much of this section enshrines the protections present in Executive Order 12,333’s treatment of U.S. persons that the court relied on in In re Sealed Case and In re Directives to uphold the surveillance of United States persons located abroad.
The FAA again addressed the question of when FISA applies via a complicated web of procedures and processes for each category of target subject to surveillance: individuals outside the country that are not “U.S. Persons” (section 1881a), acquisitions inside the country targeting U.S. persons outside the country (section 1881b), and U.S. persons outside the country (section 1881c). Different processes are required for each type of target, but in a nutshell, U.S. persons receive slightly more protection. The most important change is that there is no prior judicial review of surveillance conducted in the United States that targets non-U.S. persons located outside the United States. FAA § 1881a. To conduct surveillance of U.S. persons outside the United States, however, the government must first obtain FISC approval of the particular targets. FAA § 1881b.
FISA’s history and current events demonstrate that we are at a point in the cycle where it is again time to address the two basic questions: How do we provide oversight of intelligence-gathering activities? And when does this oversight apply? FISA, from a textual perspective, provides the government with far-reaching authority for surveillance and specific process for each type of surveillance it may want to conduct, but the public was relatively unaware of how the government used that authority until Edward Snowden leaked classified documents in late 2013 providing some detail on the NSA’s use of surveillance activities. In response, the government has begun declassifying a wealth of FISC decisions, letters to Congress, and other information regarding the NSA’s use of FISA authorities. A detailed analysis of these opinions could lead to a new report as voluminous as the Church Committee’s reports, but even a high-level analysis provides some context for moving forward.
The recently released opinions—such as Redacted, LEXIS 157706 (FISA Ct. Oct. 3, 2011), and Redacted II, LEXIS 157706 (FISA Ct. Nov. 30, 2011)—confirm what appeared to be the case in In re Directives, that the FISC has adopted an exception to the warrant requirement for foreign intelligence gathering—particularly where the government seeks communications that are not wholly domestic. In those cases, despite finding that the NSA knowingly collected wholly domestic communications that had nothing to do with foreign intelligence, the FISC generally approved most of the government’s targeting and minimization procedures. On a bad set of facts for the government, the FISC held that only a small part of the NSA’s surveillance program was unconstitutional and only because the NSA did not make enough of an effort to delete wrongly collected communications—a problem the NSA soon remedied. Redacted II, LEXIS 157705 (FISA Ct. Nov. 30, 2011).
The window left open in Keith seems to be closed. Similarly, the FISC has approved of the NSA’s “collect now, restrict searching later” approach to minimization. See In re Application of the F.B.I. for an Order Requiring the Production of Tangible Things from [Redacted], No. BR 13-109, LEXIS 134786 (FISA Ct. Sept. 13, 2013). In other words, the FISC has found no constitutional or statutory impediment to the government “over collecting” data—so long as it does not intentionally collect wholly domestic communications and it has minimization procedures to restrict access. There is no indication that the government has used its surveillance powers improperly (except in a limited number of circumstances attributable to NSA employee misconduct), but the FISC has not taken a robust view of the Fourth Amendment.
As was the case back in the late 1970s, the American public has reacted to executive surveillance activities—some of which are eerily similar to the NSA’s use of surveillance authority in the mid– to late 1970s. And as was the case in the late 1970s, it may again be time for Congress to take action. The problems remain quite similar to those Congress faced in 1978: provide oversight where there is none, or where it is inadequate, and make clear when the government can, and cannot, use different types of FISA process.
In late 2013, numerous members of Congress began proposing bills to reform FISA and provide new protections. See Mark M. Jaycox, “Cheat Sheet to Congress’ NSA Spying Bills,” Elec. Frontier Found. (Sept. 11, 2013), www.eff.org/deep links/2013/08/effs-cheat-sheet. Given the heated nature of the current debate, it is likely that the particular content of these bills will change daily, and summarizing their particularities is best left to blogs. Still, the bills generally fall into two categories: increasing transparency and restructuring the process. A few bills address bulk collection of records under section 215, but none takes a comprehensive approach to changing the question of when FISA applies and when it does not.
The current system of checks and balances under the FAA is simply not enough. It’s not because of a lack of desire by the providers to defend their users. Unlike the telephone and telegraph companies that did not act to end NSA spying in the Operation SHAMROCK era, providers today are taking a much more active role in the process. Yahoo challenged the FISA process in 2008, interest groups have filed actions seeking information about surveillance practices, and now providers have brought declaratory judgment actions seeking to reveal more information about surveillance process they receive.
One of the pending bills, Senator Blumenthal’s FISA Court Reform Act of 2013, Senate Bill 1460 and Senate Bill 1467, provides an answer that, having had the experience of litigating before the FISC myself, I believe could provide much needed improvements. That bill provides for a new Office of the Special Advocate, which introduces an adversary to the court. (This is similar to the public privacy advocate that President Obama recently proposed.) The act attempts to solve a basic problem with the current oversight procedures: There is no true adversarial process for most of the legal issues that arise. The newly declassified opinions the director of national intelligence has released make this abundantly clear. Setting aside the legal arguments, the procedural history of the opinions indicates delays on the government’s part, a lack of supervision after the court issues its orders, and a preference for secrecy over public disclosure at any cost. Appointing a special advocate ad litem for the public would ensure that novel legal arguments in the FISA court would face a consistent, steady challenge no matter who the provider is, thereby strengthening the FISA process by subjecting results to checks and balances.
Without such a process, the court and the Department of Justice must work through difficult legal issues with no balancing input. An advocate could participate in all cases involving a new statute or authority or a new interpretation or application of an existing authority. The special advocate could choose the cases in which to be involved, or the court or a provider that receives process could request its involvement where an opposition would be useful to test and evaluate the government’s legal arguments. The special advocate’s office could be established with proper security safeguards to draft, store, and access classified records more efficiently. It could also be required to report to the public and Congress the number of cases it has argued and how often it has limited or pared back the government’s requests. It would provide a vital counterpoint for legislators exercising their oversight duties.
The special advocate would be especially useful in cases in which the government demands access to communications in a way that may have a profound effect on people other than the target, such as when decryption may be involved or when a provider is asked to provide assistance in ways that are unlike traditional wiretaps.
Providing for an advocate in front of the court would also resolve several problems for companies and individuals faced with receiving FISA process or having evidence gathered using that process used against them. The statutory process as it stands now does not necessarily provide for complete transparency or a level playing field for the provider. As the published decision in In re Directives makes clear, a phalanx of 11 government lawyers, including the acting solicitor general of the United States, was involved in defending the statute. The decision also shows that some of the documents relied on by the court of review were classified procedures submitted as part of an ex parte appendix that remains sealed. 551 F.3d at 1013–14.
If an advocate were present in other matters before the FISC, the government and court would be more likely to provide more public information on what challenges have and have not been successful. Public access would also provide litigators with a much greater opportunity to use those challenges in advising and defending their clients. The FISC’s decisions may or may not have been correct, depending on your view, but the secrecy employed up to this point erodes the safeguards built into our adversarial court system. The presence of an advocate would help to ensure that the government cannot continue to keep new opinions classified, unless it is truly in the interest of national security to do so.
Revising FISA is no easy task, and analyzing and responding to the FISA process presents thorny questions. There is one constant throughout the history of surveillance, as was the case in the Church Report and as is the case today with news reports about NSA surveillance: The government will use the surveillance power it is given to its fullest. This article does not opine on when that is and is not appropriate. America’s long history of surveillance and current events demonstrate a need to revise the process and take a hard look at whether courts have the tools to oversee executive branch surveillance and when the executive branch should be allowed to use foreign intelligence procedures. Introducing an advocate to test the government’s theories and surveillance in every case—even the ones it brings ex parte—would go a long way toward ensuring that the American public is not shocked again.