The ongoing revelations about Lt. Gen. Michael Flynn’s alleged pre-inaugural contacts with Russian Ambassador Sergey Kislyak have generated some confusion about what privacy protections extend to US persons—i.e., citizens, permanent residents, or certain entities—under the Foreign Intelligence Surveillance Act (FISA). The revelations allegedly stem from “a wiretapped conversation that Mr. Flynn had with Mr. Kislyak,” and numerous reports have noted that it is “publicly known and acknowledged that the U.S. government uses FISA to wiretap foreign embassies.”
Some reports, however, are questioning the legality of the US Intelligence Community’s (USIC) interception or use of communications involving Flynn. As David Kris has already explained, this misunderstands how FISA both protects US person privacy and ensures that the government remains able to obtain and use intelligence necessary to protect the nation. Given the level of confusion generated by these reports, I think it would be helpful to further flesh out when the USIC can legally acquire and use intercepted communications involving US persons who are not themselves the government’s target.
The Wall Street Journal asks ominously whether “the spooks listening to Mr. Flynn obeyed the law.” And the Journal inaccurately states that FISA does not let the USIC “listen to the communications of Americans who may be caught in such eavesdropping” (this also assumes the American was not an authorized FISA target himself). Yet there is no prohibition on listening to both ends of a conversation when the USIC is conducting court-authorized surveillance of a communication facility used by an agent of a foreign power. There are, however, significant restrictions on how the USIC can use any US person information thereby acquired.
Specifically, the FBI, CIA, and National Security Agency each operates under FISA “minimization” procedures that establish protections over the retention and dissemination of US persons' private information. Nonpublicly available information of an unconsenting US person cannot be disseminated without all identifying information being masked, or “minimized.” Minimization, in turn, is subject to extensive executive and judicial oversight.
There is, however, an important exception for US person information that (1) meets the statutory definition of “foreign intelligence,” (2) is necessary to understand foreign intelligence (as Kris highlighted on Tuesday), or (3) is evidence of a crime. US person information that falls into one of these buckets does not have to be masked. The law does not require that the USIC turn a blind eye, nor should it. The USIC can use and disseminate pursuant to the minimization procedures this “unminimized” information, including the identity of a US person, if the standard is met as to that information.
A caveat, of course, is that dissemination is only permitted to recipients who need that information in the performance of their official duties. The public disclosure of such information is a wholly separate issue, beyond the scope of this article.
Congressman Devin Nunes (R-CA), chair of the House intelligence committee, asserted that the “big problem I see here is that you have an American citizen who had his phone calls recorded.” And Congressman Mike Johnson (R-LA) faulted the USIC for traversing “steps to protect the identity of the American caller.” Yet with respect to the USIC using Flynn’s unmasked identity for intelligence purposes, this use is appropriate subject to the above-described minimization procedures. Similarly, a Fox News report misses the point when it notes that “when the intelligence community captures phone calls of an American inside the US … steps must be taken to shield the American caller's identity.”
In short, given the multi-pronged exception set forth by statute and described above, the real question is whether that hypothetical “American caller’s identity” is itself foreign intelligence, necessary to understand foreign intelligence, or evidence of a crime. For example, if the American caller holds or is about to hold a sensitive government position and could be colluding with a hostile foreign power, one could imagine a legitimate foreign intelligence, counterintelligence, or law enforcement interest in that information. If that is the case, then the USIC can—and, arguably, should—use such information for mission purposes to protect the nation from any threat that such communication might reveal.