Pursuant to a FOIA request from the Electronic Frontier Foundation (EFF), the FISA Court has released 18 redacted opinions regarding FISA Section 702. The opinions primarily concern the authorization of proposed targeting and minimization procedures to assure that their letter and implementation accord with statute and the Fourth Amendment. Below, we summarize each of these opinions, as well as the cover letter from the Civil Division in response to EFF’s FOIA request. Note that because many of the documents are heavily redacted, there are necessarily significant gaps in our presentation.
In a one-page letter to Mark Rumold of EFF, Rodney Patton, Senior Counsel in the Civil Division, explains that the accompanying files represent “the first batch of documents” in response to EFF’s FOIA request seeking as-of-yet-undisclosed FISC or FISC-R orders and opinions. Patton explains that all of the accompanying documents address Section 702 of FISA, that no documents responsive to the query have been withheld, and that within the week he will provide an estimate of when the next batch of documents will be ready.
This memorandum opinion and order from Judge Mary McLaughlin approves some form of surveillance program and associated procedures following an ex parte proceeding. The procedures cover targeting and information minimization, and the government submission has included the statutorily required attestations from the Attorney General, the Director of National Intelligence and affidavits from other national security officials. The court finds that the submission has included all necessary elements, and that the procedures are “substantially identical” to those approved in response to the government’s first Section 702 filing on September 4, 2008. Accordingly, the court concludes “that the targeting and minimization procedures are consistent with the requirements of 50 U.S.C. 1881a(d)-(e) and with the Fourth Amendment.”
This memorandum opinion and order from Judge John D. Bates rules on two matters. First, the court approves some form of surveillance program and associated targeting and minimization procedures. And second, the court approves a set of minimization procedures adopted by amendment to an existing program. Although large parts of the memorandum are redacted and much of the remainder is fairly straightforward, two issues are of particular note:
- After a prior submission of updated procedures, the court had requested that the government file an additional memorandum of law addressing “two specific legal issues raised by the targeting and minimization procedures.” The court then raised certain concerns based on these submitted memoranda, and so the Attorney General and the DNI executed two amendments to these submissions, essentially reverting to the use of prior (and previously approved) targeting and minimization procedures.
- The court notes that “implicit” in the government’s responsibility to implement statutorily satisfactory targeting and minimization procedures is an obligation to comply with those procedures. The court therefore considered two non-compliance incidents: a failure to purge § 1881a information that should have been removed, and a backlog in post-targeting review of selectors that may have been used from within the U.S. The court found that the government’s efforts to remedy these problems and ensure their non-recurrence adequately addressed these issues.
In this opinion and order, Judge Reggie Walton approves in part some form of surveillance program and accompanying procedures in response to a July 31, 2012 government ex parte submission. Judge Walton finds that the submissions contain the statutorily required elements and that the procedures accord with governing law. However, due to certain compliance problems, Judge Walton explains that he is unable to complete a review of amendments to previously approved certifications. Judge Walton therefore grants the government an extension of the time in which the court could complete its review of those amendments.
Although much of the discussion is redacted, the compliance issue relates to a “post-targeting review” that NSA conducts to ensure that surveilled phone numbers continue to be used by non-U.S. persons outside the U.S. Although Judge Walton determined that “for the purposes of the 2013 certifications,” NSA’s procedures were reasonably designed to comply with 702, he also determined that additional time would be required to review amendments to prior 702 certifications to ensure that these incidents had been resolved properly. Judge Walton also flags a previous order regarding potential non-compliance by FBI in its storage standards for raw data, but concludes that remedial action taken by the FBI appears to be sufficient to allow certification.
Judge Walton’s opinion also notes some minor changes to NSA and FBI minimization procedures. The opinion notes that NSA minimization procedures have been “clarified” to restrict all dissemination of information collected on U.S. persons (not just “reports” on U.S. persons); that FBI minimization procedures for the use of 702 information to prevent and respond to cyber attacks have been slightly altered; and that CIA minimization procedures have been altered to clarify that they apply to all employees and persons acting under the authority of the CIA.
In this order and opinion, Judge Bates approves some form of surveillance program and accompanying procedures in response to a 2010 government ex parte submission. The substance of the unredacted opinion and order are almost entirely identical to that in Document 2.
In this opinion and order, Judge Thomas F. Hogan approves a government surveillance request, together with accompanying procedures, in response to a 2009 government ex parte submission. In doing so, Judge Hogan determines that the government has submitted the requisite affidavits and certifications, and that the submitted sets of targeting (from FBI and NSA) and minimization procedures (from CIA, FBI and NSA) were consistent with statute and the Fourth Amendment.
Judge Hogan confirms that the latest sets of procedures are very similar to previous, approved procedures, but notes a handful of relatively small changes: the replacement of word “shall” with “will,” the replacement of a seven-day reporting deadline with “5 business days,” and a fully redacted change to the CIA procedures. Judge Hogan also flags that, for the first time, NSA and CIA have included an emergency provision allowing them to depart from the procedures to protect against an immediate harm to human life. Given that this provision is virtually identical to an already-approved parallel in the FBI procedures, it is legally safe ground.
Noting that compliance errors may “tip the scales” toward invalidation of otherwise acceptable procedures, Judge Hogan considers various compliance issues that had only been the subject of “preliminary notices to the Court.” He notes that in response to incidents in which NSA analysts improperly acquired the communications of U.S. persons, NSA’s Office of Oversight and Compliance had instituted more rigorous documentation and conducted remedial training. Slightly “more troubling” was an incident in which, due to a misunderstanding of the procedures, a CIA-connected individual (his exact role is redacted) improperly minimized a number of reports prior to disseminating them to other agencies. In response, ODNI, NSD and CIA worked together to implement increased oversight, as well as training and process changes. Judge Hogan deemed these remedial measures sufficient to allow him to approve the procedures in any case.
Judge Hogan also explains that the court has become aware that NSA and FBI do not report every compliance incident to the FISC. Instead, they limit their reporting to those incidents that involve “systemic or process issues,” that contradict presentations to the FISC, or that involve improper targeting of U.S. persons by an analyst who knew or should have known that he was targeting an American. Although he acknowledges that NSA has taken proper remedial action to some previously unreported incidents (particularly the failure to immediately detask the targeted accounts of U.S. persons), Judge Hogan expresses concern over the lack of reporting and therefore also orders the government to report to FISC “every compliance incident that relates to the operation of either the targeting procedures or the minimization procedures” it has just approved.
In this opinion and order, Judge Rosemary M. Collyer compels a number of unknown communications companies to comply with directives issued by the Attorney General and the DNI, presumably in assisting with surveillance. This order comes in response to a 2014 government request for such an order after the companies refused to comply with the directives. The directives were based on programs that the FISC approved ex parte in August 2014. Judge Collyer’s ruling follows the filing of briefs and a hearing, where both the government and the companies presented arguments in writing and through oral argument.
Although the majority of the analysis is redacted, Judge Collyer spends a good portion of the opinion reviewing 702 targeting and minimization procedures, emphasizing post-tasking analysis, periodic review, and multiple layers of oversight. Judge Collyer analyzes the 2014 directives to see whether they comport with Section 702, both on their face and in their implementation, spending most of the opinion on the latter. Responding to (what appears to be) arguments from the private parties that the procedures (as implemented) violate both FISA and the Fourth Amendment, Judge Collyer makes two conclusions. First, both the targeting and the minimization procedures afford as much protection as previous procedures upheld by the FISC and meet the relevant statutory requirements. And second, although the resisting parties (apparently service providers) have the standing to make Fourth Amendment claims, the 702 orders fall within the “foreign intelligence exception” to the warrant requirement and meet the Fourth Amendment’s “reasonableness” requirements.
In support of her reasonableness analysis, Judge Collyer cites the compelling nature of the governmental interest and the thoroughness of the targeting and minimization procedures as an effective check on error. Judge Collyer explicitly rejects the companies’ request that the privacy interests of non-U.S. persons be taken into consideration when assessing “reasonableness.” Moreover, neither Presidential Policy Directive 28 nor various international agreements with respect to privacy are enforceable law in U.S. domestic courts, and so international standards for reasonable surveillance are inapplicable.
In this document, Judge Bates grants approval to NSA for the amendment of its minimization procedures in response to a 2012 ex parte submission. The amendments allow NSA greater latitude in sharing unminimized communications within the U.S. government.
In the opinion, Judge Bates recounts an October 3, 2011 order that the FISC issued concluding that one aspect of NSA’s upstream internet collection program was legally deficient, and how by November 30, 2011, the FISC issued another order recognizing that the government had remedied the deficiencies. He next analyzes the proposed amendments to those already approved procedures, to ensure they comply with the law. Although much of the analysis is redacted, the unredacted portions make clear that the amended procedures allows NSA to provide and retain unminimized data beyond a default deadline if the NSA Director—together with FBI and CIA—makes a determination (the subject of which is redacted), and this is reported to DOJ NSD and thereby to the FISC. NSA is also required to report incidents of non-compliance as well as general descriptions of unminimized data and any approved disseminations of US person information.
Judge Bates concludes that the amended procedures satisfy the statutory definition of minimization procedures and that they are narrowly tailored to allow only the sharing of relevant information. He also concludes that the procedures are “reasonably designed” to protect US person information and privacy, meeting both statutory and constitutional standards. In particular, Judge Bates points to the compelling nature of the government’s national security need, and the way in which it is cabined in terms of mission, geographical scope and duration. Citing an earlier FISCR decision, Judge Bates points out that minimization procedures that limit the retention, use and dissemination of information bear on the Fourth Amendment analysis. Thus, despite the fact that individuals’ communications content—which receives full Fourth Amendment protection—is implicated, given “the totality of the circumstances,” the procedures are still “reasonable” under the Fourth Amendment.
In this brief order, dated October 29, 2013, Judge Walton extends the time period for the court to review amendments to a certification initially submitted on July 31, 2013. The court had first granted an extension on August 30, 2013 allowing the government time to supplement the record for a compliance incident involving NSA post-tasking review (a review to ensure that telephone numbers targeted for collection were in fact being used outside of the U.S.). Judge Walton explains that over the following month, the government provided the court with substantial information sufficient to lead to court approval, but that on October 28, 2013, DOJ informed the court of an additional (similar) compliance issue. Given the need to conduct a hearing and gather information, Judge Walton extends the court’s time for reviewing the new procedures to November 8, with a hearing to be held on November 5. He determines such an extension is authorized by statute and in the interest of national security. During the intervening time, collection is slated to continue under the program and procedures approved for the initial August 30 extension.
In this brief document, Judge McLaughlin issues an order extending the time for the FISC to conduct its review of an amendment to currently approved minimization procedures. She notes the government’s efforts to address a compliance issue involving NSA’s failure to purge information that should have been destroyed under its minimization procedures, and the government’s expectation that it will not be able to fully implement corrective measures or provide FISC with full information about the incident until a certain redacted date in 2010. Judge McLaughlin therefore concludes that there is good cause to extend the time for its review to another redacted date in 2010.
Judge McLaughlin issues an order on a redacted government ex parte submission concerning some form of programmatic and associated procedures. The order directs the government to file a brief with appropriate supporting documents to answer a wide range of questions. There are three categories of questions. The first is almost entirely redacted.
The second explores the effect of prior non-compliance on the Court’s analysis (note, the nature of this past non-compliance is not specified). Judge McLaughlin first asks how this non-compliance affects the Court’s analysis under 50 U.S.C. 1881a. In 2009 §1881a outlined procedures allowing the Attorney General and the DNI to authorize “for a period of up to 1 year from the effective date of the authorization, the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information.” This type of targeting must comply with a number of targeting and minimization procedures [50 U.S.C. 1881a (c)(1)(A)]. Judge McLaughlin goes on to request more information regarding representations made concerning prior FAA certifications and a 2008 hearing. She also inquires into steps taken to identify, scope out, diagnose the causes of, and purge information related to, prior instances of unauthorized collection. McLaughlin is particularly interested in an instance of “FAA upstream collection” and its differences from other types of intelligence collection.
The third list of questions delves into the effect of revised minimization procedures. Judge McLaughlin asks whether FBI guidelines allowing communications acquired in a manner “inconsistent with the limitations” in FISA §70s(b) to remain, for some time, on archival back-up systems also apply to other communications that should be removed from FBI systems. She also inquires into the effects of the government’s decision not to incorporate prior statements on FBI minimization procedures into its ex parte submission (e.g., presumptions regarding U.S.-person status and case-by-case determinations to retain certain communications). McLaughlin ends by asking why it is appropriate to authorize NSD to approve exceptions and modifications to minimization rules for attorney-client communications in criminal matters without FISC approval.
This memorandum opinion and order by Judge Hogan approves certain collection procedures for foreign intelligence information. It also orders that the government “report to the Court . . . every compliance incident that relates to the operation of either the targeting procedures or the minimization procedures approved herein.”
The targeting and minimization procedures before Judge Hogan are “either substantially identical, or very similar” to procedures approved by the Court earlier in 2009. A few changes, however, are deemed worthy of note. First, the government replaced “will” for “shall” throughout its procedures, though it averred that the change is “purely stylistic.” Second, the government changed the deadline for complying with various reporting requirements from “seven days” to “five business days” to “remove any potential ambiguity in calculating the deadline.” Third, the government added an emergency provision to NSA and CIA minimization procedures similar to that already included in FBI minimization procedures. This provision would allow departure from usual practice, “to protect against an immediate threat to human life.” The government averred that NSA and CIA would promptly report use of these emergency provisions to the DNI and NSD. Fourth, the government recognizes a few material differences in CIA minimization procedures. The nature of these differences is redacted.
Judge Hogan subsequently finds that the targeting and minimization procedures are consistent with 50 U.S.C. § 1881a(d)-(e) and the Fourth Amendment. Most of Hogan’s analysis leading to this conclusion is based on an assessment of how NSA and CIA have addressed past intelligence collection errors. He approvingly takes note of efforts by NSA’s Office of Oversight and Compliance to document targeting decisions and conduct remedial training not only for individual analysts but also entire offices and management chains. Hogan is more troubled by conduct at the CIA, where a person “significantly misunderstood the minimization regime,” suggesting that similarly significant errors may be common. Nonetheless, Judge Hogan is satisfied with efforts at both agencies to improve compliance with minimization procedures.
In this 2014 decision, Judge Collyer finds that FISA, the FISC Rules of Procedures, and requirements of constitutional due process do not “require, or provide for discretionary, disclosure” of FISC opinions cited by the government in separate litigation. Collyer also decides, pursuant to the FISC Rules of Procedure, that each quotation or reference used in the separate litigation “fairly represents what those opinions say on the discrete point addressed.” Therefore, the requesting party (redacted) does not have a “need to know” the remainder of the classified opinion, pursuant Executive Order 13526, “Classified National Security Information.” As a matter of constitutional due process, Judge Collyer determines that case law supports “non-disclosure of surveillance materials” pursuant 50 U.S.C. § 1806(f), even when attorneys seeking access have security clearances.
In this 2010 decision, Judge McLaughlin approves certain procedures for use by the NSA, FBI, and CIA pursuant 50 U.S.C. 1881a.
Judge McLaughlin emphasizes three facts on the record. First, she notes instances in which NSA targeting and minimization procedures did not reach certain NSA systems and that incompletely purged information was found in finished intelligence reports disseminated by NSA. Second, she writes that “due to a technical problem” NSA had not provided documents regarding certain targeting decisions to DOJ and the DNI despite prior government representations attesting that all documents would be so provided. Third, she notes issues with implementation of NSA’s purging and post-targeting review procedures. Judge McLaughlin then assesses how these issues should affect prior decisions that NSA’s minimization procedures comply with 50 U.S.C. 1881a.
First, McLaughlin notes that since purging issues were discovered, NSA “has taken substantial steps to address the problem and to ensure prospective compliance with its Section 702 targeting and minimization procedures.” The precise character of these steps has been redacted, though we do see the government assert that copies of raw communications determined to be domestic communications are also subject to purge. Therefore, Judge McLaughlin finds that “In light of NSA’s improved procedures, the agency’s past purging problems do not preclude the Court from finding that targeting and minimization procedures . . . meet the applicable statutory requirements and are consistent with the Fourth Amendment.”
Second, Judge McLaughlin is satisfied by government assurance that the software problem preventing NSA from providing certain documents to DOJ and the DNI has been addressed.
Third, Judge McLaughlin arrives at a similar analysis and conclusion regarding NSA’s post-targeting review backlog. Judge McLaughlin finds that “NSA’s improved alert-review process substantially reduces the risk that its recognition of data subject to purge will be delayed for lengthy periods of time.”
This April 2009 decision and order from Judge McLaughlin approves certain targeting and minimization procedures for the NSA, FBI, and CIA. Included in the Court’s analysis was an assessment of overcollection incidents in 2008. Details of this overcollection are largely redacted, though we can see that these instances of overcollection were limited to “the means of acquiring Internet communication” and not “acquisition of telephone communications.” Judge McLaughlin reports that NSA purged all erroneously acquired files. The government represented that “substantial remedial and preventative measures” were adopted in response to these incidents. In analyzing the importance of these incidents, Judge McLaughlin finds that “substantial implementation problems can, notwithstanding the government’s intent, speak to whether the applicable targeting procedures are ‘reasonably designed’ to acquire only the communications of non-U.S. persons outside the United States. Nevertheless, Judge McLaughlin still concludes that overcollection does not preclude a conclusion that the NSA targeting procedures are “reasonably designed” and constitute sufficient minimization procedures. In conducting the Fourth Amendment analysis, Judge McLaughlin finds that though overcollection “must be accorded more relative weight in the Fourth Amendment balancing,” this does not “considering the totality of the circumstances, ultimately tip the scales toward prospective invalidation of the procedures under review.”
Separately, Judge McLaughlin finds that the NSA minimization procedures on dissemination of information to foreign governments changed from those approved in 2008. The new provision would allow properly minimized information “of or concerning a U.S. person” to be provided to a foreign government “in a manner consistent with subsections 6(b) and 7 of the NSA Minimization procedures.” A second change is redacted from Judge McLaughlin’s opinion. A third change deletes a number of sections from the NSA’s minimization procedures that allowed NSA to disseminate information to certain foreign governments in non-report form for purposes “unrelated to obtaining technical and linguistic assistance.” Notwithstanding these changes, Judge McLaughlin determines that NSA’s minimization procedures comply with the Fourth Amendment and the FISA definition of minimization procedures.
The FBI’s revised minimization procedures are also found to comply with statute, notwithstanding certain modifications from those presented in 2008. Many of the changes are “merely terminological clarifications” or “closely track provisions approved by the Court in the 2008 Dockets.” A noteworthy change allowed NSD, rather than the Court, to approve exceptions and modifications to minimization rules for attorney-client communications in criminal matters. The Court authorized a similar authority in the context of CIA minimization procedures in 2008.
This 2013 decision and order from Judge Walton authorizes amendments to previously approved minimization procedures for the NSA, FBI, and CIA. Judge Walton finds that the revised procedures are, in most respects, identical to previously approved procedures. Only two changes warrant particular attention.
First, new provisions in all minimization procedures require additional analysis to confirm the “foreignness” of a target before certain categories of previously-acquired communications may be used in any manner. At NSA, these provisions require that analysts assess and document whether the content provides a reasonable basis for believing that the target was outside the United States at the time. Additional requirements are redacted. This provision was prompted by two non-compliance incidents involving post-tasking checks designed to ensure that telephone numbers tasked under Section 702 haven’t roamed into the United States. Details for both of these incidents are almost entirely redacted, though Judge Walton does describe how the episodes prompted more searching judicial review. That review included bi-weekly reports on the government’s investigation and remediation of the overcollection, a more fulsome investigation by NSA, the purging of relevant data by NSA, and the adoption of additional internal procedures at NSA. Despite overcollection, Judge Walton is satisfied that NSA’s additional protocols would purge appropriate communications.
Second, a new provision in the FBI minimization procedures allows the limited use of “ad hoc” storage systems for FISA-acquired information. This is also related to a prior compliance problem regarding the storage of FISA-acquired information. It appears that FISA-acquired information was stored on non-compliant systems to take advantage of tools not available on compliant systems. The revised procedures would allow FBI to, in some circumstances, retain, review, and analyze non-minimized FISA-acquired information in databases or systems that do not comply with Section III. Sections IV, V, and VI of the revised procedures govern the handling information on these systems and have been previously approved by FISA Courts. These sections impose a variety of requirements on the use of ad hoc systems, including access limitations, retention restrictions, query limitations, auditing requirements, and procedures for handling privileged attorney-client communications. In the Court’s estimation, these requirements sufficiently tailor the procedures such that they comply with 50 U.S.C. § 1801(h) and the Fourth Amendment.
In this 2010 document, Judge Bates orders the government to file a memorandum addressing a number of legal issues related to a submission of amended NSA minimization procedures by a certain redacted date. The proposed procedures authorize specific new activities (redacted). Judge Bates appears to have particular Fourth Amendment concerns regarding the new authorization, possibly related to a definition that seems to include U.S. persons in contravention of 50 U.S.C. § 1881a(b)(3).
Judge Bates also highlights the potential legal concerns with a new provision that would allow NSA to retain, process, and disseminate any communication acquired while a target of 702 collection is inside the United States or after they are determined to be a U.S. person “to the extent reasonably necessary to counter any imminent threat to human life or the national security that is related to the target.”
In this October 2011 document, Judge Bates orders the government to file a memorandum explaining in more detail the collection of multiple communications transactions for which the ‘active user’ is not known to be the tasked selector. The Court had previously been assured that NSA was not engaging in upstream collection of internet communications, including the acquisition of entire transactions. This significant overcollection, as Judge Bates terms it, necessitates: (1) a legal analysis of internet transactions acquired without the Court’s knowledge, (2) a legal analysis of the extent to which this information falls within criminal prohibitions set forth in 50 U.S.C. 1809(a), (3) an assessment of whether collections include information not authorized for acquisition but not subject to criminal prohibition, (4) an assessment of whether the overcollected information is no longer retained by NSA or accessible to its analysts, and (5) a description of how the government proposes to treat unauthorized collections in its possession and plans to remediate any prior use of such information before a FISA Court, in addition to any other matters that should be brought to the Court’s attention.
In this 2013 document, Judge Walton grants the government’s motion to extend the Court’s time limit for reviewing a (redacted) proposed procedure until October 29, 2013.
Judge Walton writes that as of August 28, 2013, the government is continuing to identify overcollected data potentially subject to purge. The government argues, and Judge Walton agrees, that this information would be critical for the Court to fulfill its statutorily required review, which requires a complete record detailing the scope of overcollection. Judge Walton determines that 50 U.S.C. § 1881a(j)(2) allows, in this situation, an extension of the Court’s time limit to issue orders concerning amendments to targeting and minimization procedures.