Virtually everyone in this room knows the basic story of how the Foreign Intelligence Surveillance Act (FISA) came about …
FISA was the product of a set of compromises unique to their time. The executive branch wanted a continuing discretion to employ wiretapping for foreign intelligence unfettered by judicial or congressional oversight. Because the Supreme Court’s Keith decision (United States vs. US District Court, 407 US 297 (1972)) concerned domestic security, the door was not shut. In addition, because Keith acknowledged a possibility that the rules might be different for foreign intelligence and the 1968 Crime Control Act disclaimed prescribing any rule for foreign intelligence gathering, it remained plausible to argue that the executive might make its own rules for collecting foreign intelligence.
[pullquoteright][M]ore Americans than ever are engaged in international communications, and there is far greater intelligence interest in communications to and from Americans. Both circumstances increase the likelihood that the government will be intercepting communications of innocent Americans, raising as many questions about the adequacy of FISA safeguards as they do about the adaptability of FISA architecture.”[/pullquoteright]Their hand was weakened considerably, however, by the effects of the Watergate scandal; lawsuits challenging warrantless surveillance; and the practical problem that telephone companies and government agencies were unwilling to approve electronic surveillance without a court order. There were, in addition, high profile investigations of illegal spying by intelligence agencies, including by the Senate Church Committee. The Church Committee reviewed nearly 40 years of domestic surveillance, learning that every president since Franklin D. Roosevelt had asserted and used the authority to authorize warrantless electronic surveillance and founding that “[t]oo many people have been spied upon by too many Government agencies and … Government has often undertaken the secret surveillance of citizens on the basis of their political beliefs, even when those beliefs posed no threat of violence or illegal acts on behalf of a hostile foreign power.” The Church Committee recommended a strict and careful separation of domestic and foreign intelligence gathering, although it recommended continued surveillance of “hostile foreign intelligence activity.”
Congress was thus emboldened to control executive overreaching in its use of surveillance. Civil liberties groups, such as ACLU, worried that if Congress set a wiretap standard too low, it could end up authorizing rather than curtailing intelligence agency excesses. In other words, would no legislation be better for civil liberties than bad legislation? At the same time, Congress recognized that “no United States citizen in the United States should be targeted for electronic surveillance by his government absent some showing that he at least may violate the laws of our society,” even though evidence of national security crimes could be collected during the electronic surveillance. After six years of hearings and discussion and through the stewardship of attorneys general Edward Levi and Griffin Bell, presidents Gerald Ford and Jimmy Carter, and several members of the House and Senate, FISA became law in 1978. In his signing statement, Carter said:
The act helps to solidify the relationship of trust between the American people and their Government. It provides a basis for the trust of the American people in the fact that the activities of their intelligence agencies are both effective and lawful. It provides enough secrecy to ensure that intelligence relating to national security can be securely required, while permitting review by the courts and Congress to safeguard the rights of Americans and others.
Beginning in 1978, the FISA authorized the means for electronic collection of foreign intelligence that served the nation well for many years. The basic idea was simple. Government may conduct electronic surveillance of Americans or others lawfully in the United States without traditional probable cause to believe that they had committed a crime if it could demonstrate to a special Article III court that it had a different kind of probable cause: reason to believe that targets of surveillance are acting on behalf of foreign powers. Over time, FISA was amended several times to extend its procedures to conduct physical searches, monitor suspected lone-wolf terrorists, and accommodate evolving threats.
[pullquoteright]If we must tolerate sweeping digital collection of our personal data, the FISC should have greater and more meaningful opportunities to oversee its collection—if not in advance, then after the fact.”[/pullquoteright]For a long time the process worked well as a mechanism to regulate surveillance of known intelligence targets. The FISA process and its eventual orders have always been limited, however. FISA was concerned with acquisition, not with the uses government might have for what is collected. FISA also assumed that officials know where the target is and what facilities the target will use for his communications. Knowing this much enabled the government to demonstrate the required probable cause to believe that the target was an agent of a foreign power or a lone wolf. Traditional FISA did not authorize intelligence collection for the purpose of identifying the targets of surveillance, or of collecting aggregate communications traffic and then identifying the surveillance target. In other words, FISA envisioned case-specific surveillance, not a generic surveillance operation, and its approval architecture was accordingly geared to specific, narrowly targeted applications. FISA was also based on the recognition that persons lawfully in the US have constitutional privacy and free expression rights that stand in the way of unfettered government surveillance.
Although the volume of FISA applications increased gradually through the 1990s, after the Sept. 11, 2001 terrorist attacks, the pace of electronic intelligence collection quickened, and Bush Administration officials argued that traditional FISA procedures interfere with necessary “speed and agility.” FISA applications doubled to more than 2,000 a few years after 9/11. The system was, it seemed, grinding along, but it was carrying a lot of weight.
Over the last decade-plus, critics argued that the patchwork-like architecture of FISA has become too rigid, complicated, and unforgiving to enable effective intelligence responses to crises. The computerization of communications that has so enriched our capabilities has also facilitated stealth and evasion by those seeking to avoid detection. Would-be targets of surveillance began communicating in ways that stress or evade the FISA system. Because of the pervasiveness of US telecom switching technology, collection inside the United States is now often the best or only way to acquire even foreign-to-foreign communications that were originally left unregulated by FISA.
Changing technologies have also turned the traditional sequence of FISA processes on its head. We discovered after 9/11 that investigators could enter transactional data about potential terrorists and come up with a list that included four of the hijackers—a sort of reverse of the typical FISA-supported investigation. Powerful computers and data-mining techniques permitted intelligence officials to select potential surveillance targets from electronic databases of previously unimaginable size. The wholesale quality of this expansive computer collection and data mining is incompatible with the retail scope of the original FISA process. Instead of building toward an individual FISA application by developing leads on individuals with some connection to an international terrorist organization, the government could develop algorithms that search thousands or even millions of collected e-mail messages and telephone calls for indications of suspicious activities.
At the same time, more Americans than ever are engaged in international communications, and there is far greater intelligence interest in communications to and from Americans. Both circumstances increase the likelihood that the government will be intercepting communications of innocent Americans, raising as many questions about the adequacy of FISA safeguards as they do about the adaptability of FISA architecture. This tension formed the context for a series of post-9/11 developments, culminating in the FISA Amendments Act of 2008 (FAA). The FAA codified, now until Dec. 31, 2015, a procedure to permit broad, programmatic surveillance focused on patterns of suspicious activities and not on a specific individual or the contents of their communications through changes in FISA that overcame the case-specific orientation of the original statute.
The FISA architecture was changed to accomplish this neat trick in a simple way. The definition of electronic surveillance was amended so as not to apply to surveillance of a person reasonably believed to be outside the US. Under the new legislation, the DNI and the attorney general were authorized to collect foreign intelligence “directed at” persons reasonably believed to be outside the US, without obtaining an order from the Foreign Intelligence Surveillance Court (FISC), even if one party to the communication was a US citizen inside the US. The predicate for collection thus became the location of the target, not his status in relation to a foreign power or terrorist organization.
Under the FAA, the role of the FISC is narrowly circumscribed. The attorney general submits procedures to the FISC by which the government will determine that acquisitions conducted under the program meet the program targeting objectives and satisfy traditional FISA minimization procedures. After a FISC judge approves the program targeting procedures, executive branch officials authorize the surveillance of persons reasonably believed to be outside the US and issue directives compelling communications carriers to assist.
From its beginnings, the overarching FISA question has been how to evaluate and weigh the basic values of security and individual liberties when electronic surveillance is used to collect foreign intelligence. The Constitution continues to provide a baseline. The Fourth Amendment Warrant Clause applies to electronic surveillance conducted for foreign intelligence purposes within the US if the surveillance involves US persons who do not have a connection to a foreign power. FISA now permits such electronic surveillance as the inevitable byproduct of surveillance of unprotected targets, but the Act does little to insulate US persons from the effects of the surveillance. If the combination of terrorism threats and computerization demands a more nimble capacity to conduct suspicion-less electronic surveillance to combat terrorism, the discretion that is necessarily part of that system should be carefully controlled, either at the point of collection or when the information is maintained or used by the government.
Programmatic surveillance adds considerably to FISA’s complexity, and it has already produced implementation problems. For example, with the revolution in digital communications, the idea of a geographic border has become an increasingly less viable marker for legal authorities and their limits. Using the Internet, packets of data that constitute messages travel in disparate ways through networks, many of which come through or end up in the US. Those packets, and countless Skype calls and instant messages, originate from the US in growing numbers, and the sender may be in the US or abroad. Likewise, it may or may not be possible to identify the sender or recipient by the e-mail addresses or phone numbers used to communicate.
Nor do we think of our international communications as being in any way less private than our domestic calls. In 1978, Congress apparently exempted from FISA international surveillance conducted abroad because, when FISA was enacted, electronic communications by Americans did not typically cross offshore or international wires. Now, of course, we do communicate internationally and our message packets may travel a long distance, even if we are corresponding by e-mail with a friend in the US who is in the same city. The location or identity of the communicants is simply not a useful marker in Internet communications.
The FISC remains an especially successful court. It was created to do a job that traditional Article III judges were reluctant to do and that the executive branch preferred be left to them. At the same time, the FISC was created at a time when surveillance abuses cast a shadow over the integrity of these important foreign-intelligence activities. In the years between creation of the court and the 9/11 attacks, the FISC developed expertise in foreign intelligence surveillance and the court gained considerable respect from observers inside and outside government.
The combination of the criminalization of many terrorist activities and the digital revolution in communications and surveillance capabilities altered the role of the FISC and, following the 2008 amendments to FISA, strained its utility as an independent arbiter of lawful FISA surveillance. The programmatic surveillance now sanctioned by the FISC is a cause for concern because the special court has assumed more of an administrative function than a judicial role. There remain opportunities to revise minimization rules and to make government retention or dissemination of private information about innocent persons less likely. At the same time, if we must tolerate sweeping digital collection of our personal data, the FISC should have greater and more meaningful opportunities to oversee its collection—if not in advance, then after the fact.
In our legal system, we attach great importance to the value of fair processes. In national security law and policy, when secrecy has been an important operational requisite, we have developed review and oversight processes to help assure that unilateral power is not abused. So has it been with FISA. In the years since 9/11, those process safeguards have been compromised. If FISA is to have a meaningful role for the next 35 years, the role of the FISC as overseer of the system will have to be restored, one way or the other.
ENDNOTE: The Celebration of the 35th Anniversary of the US Foreign Intelligence Surveillance Court was sponsored by the American Bar Association Standing Committee on Law and National Security, Georgetown Law; the Center on National Security Law, University of Virginia School of Law; and the Institute for National Security and Counterterrorism.