Surveillance

Madison at Fort Meade: Checks, Balances, and the NSA

By Peter Margulies
Tuesday, May 10, 2016, 12:45 PM

When a group of civil society representatives and academics gathered at the NSA this past Thursday, it became clear—to me at least—that the NSA has taken the teachings of James Madison very much to heart. Of course, I’d be surprised if code-breakers and computer mavens are actually spending their days parsing Federalist No. 51. But the thoughtful and engaged discourse of NSA officials exemplified a renewed commitment to Madison’s wisdom that the best security against concentration of powers in one branch of government resides in giving each branch the “necessary constitutional means … to resist encroachments of the others.” Ironically, a more insular approach to queries of data collected under national security authorities persists at the FBI, which has far more daily interaction with U.S. courts.

Exhibit A of the NSA’s commitment to Madisonian principles was the clear respect agency officials had for the advocacy of Foreign Intelligence Surveillance Court (FISC) amicus curiae Amy Jeffress. Jeffress participated in the proceeding that yielded the recently released November 2015 FISC opinion upholding the constitutionality of § 702 of the FISA Amendments Act (FAA). My own extrapolation from the nod to Jeffress’s efforts is that Congress, as it considers reauthorization of the FAA in 2017, should provide an even more robust role for a public advocate (see Steve’s article here and Marty and Steve’s post here).

The widespread view emerging from Thursday’s civil society meeting was that the presentation of opposing viewpoints in court leads to better-reasoned judicial opinions. This is hardly a revolutionary view—indeed, it is fundamental to the virtue of deliberation that Hamilton attributed to judicial review in Federalist No. 78. But historically, the FISC has proceeded almost exclusively in ex parte proceedings, with the government making its case and the FISC sometimes asking the government for more information and sometimes agreeing with the government’s initial application. As a result, FISC opinions from the pre-Snowden era addressing the legality of surveillance programs were often conclusory, with relatively little in-depth analysis or consideration of opposing positions.

Critics of surveillance practice have long argued that the thin analysis in FISC opinions paved the way for broad readings of legal authorities, such as the Court’s approval of the Section 215 domestic metadata program. This is not to reopen the question of Section 215’s legality, which I have previously defended here. As Lawfare readers are aware, the USA Freedom Act (see Bart Forsyth’s analysis here) transferred metadata collection to private telecommunications carriers, addressing many—but not all—of the critics’ concerns. The critics’ procedural point, however, is that the FISC’s dependence on ex parte proceedings makes such broad readings more likely.

Judge Hogan’s November 2015 FISC opinion upholding Section 702 is more comprehensive in its analysis. Judge Hogan started with the basics: In enacting 702, Congress barred the targeting under the statute of U.S. citizens, lawful residents (LPRs), and other persons physically located in the United States, all of whom are protected by the Fourth Amendment. Congress only permitted the collection of communications in which the target was a non-U.S. citizen or non-LPR reasonably believed to be located outside the United States.

In finding that Section 702 complies with the Fourth Amendment, Judge Hogan cited several limits that the NSA has imposed on how it uses U.S. person data that is incidentally collected under this provision. For example, the NSA does not query U.S. person data collected upstream, directly from Internet hubs, since that dataset is more likely to contain U.S. person information than is downstream collection (which is done by private carriers or Internet Service Providers pursuant to specific requests from the NSA). Moreover, government agencies only query the downstream Section 702 dataset for foreign intelligence information or evidence of a crime.

As the recent 2015 transparency report from NSA demonstrates, the authority is used sparingly: in 2015, the NSA used fewer than 5,000 U.S. person search terms to query the content of unminimized Section 702 communications (although pursuant to statute we don’t know the number of FBI queries). In addition, the government will only introduce Section 702 evidence in a prosecution for an offense involving national security or a limited number of serious crimes. Moreover, as Judge Hogan noted, FBI queries unrelated to crimes involving foreign intelligence “rarely, if ever” yielded positive results. The requirement that virtually all FBI  queries that result in access to Section 702 data be recorded as such curbs the risk that FBI analysts would pose queries for reasons unrelated to statutory criteria (such as ethnicity, religion, or political opinion).

That said, Judge Hogan’s analysis of FBI querying procedure was insufficiently rigorous on three points. In each area, the FBI has fewer safeguards than the NSA. First, unlike the NSA, the FBI does not maintain a separate database for Section 702 data. According to the 2014 Section 702 report by the Privacy and Civil Liberties Oversight Board (PCLOB), the FBI tags Section 702 data electronically, but includes this data in a broader database that also includes purely domestic data collected by the FBI pursuant to court orders or other legal authorities. Aggregating databases in this way makes it far more difficult to monitor who has access to the 702 data.

The FBI’s practice of aggregating databases sets up two further problems not sufficiently addressed in Judge Hogan’s opinion. Because the FBI aggregates Section 702 data and data collected under other authorities, it is currently not practicable to require FBI personnel to provide a written justification for Section 702 queries. (Hogan opinion, p. 28) This is problematic if one wishes to curb undiscerning or indiscriminate queries of the Section 702 database. (The PCLOB urged in its Section 702 report that the NSA (but not the FBI) provide such justifications, and Judge Hogan’s opinion confirms that both the NSA and the CIA have adopted the PBLOB’s recommendation.)  

Finally, the FBI uses a counterintuitive definition of the term, “query,” that excludes requests for unminimized Section 702 data made by FBI personnel not cleared for access to this data (probably because the restricted FBI employee, who may be a field agent outside of Washington, lacks the requisite training). In such cases, the FBI employee receives notice that the search has triggered a positive “hit” in Section 702 data, but a search filter bars access to the data itself. The restricted FBI employee can only gain access under the following conditions: 1) authorization of another FBI employee cleared for access, based on either, 2a) a reasonable probability that the data concerns foreign intelligence information or is evidence of a crime, or, 2b) the restricted employee’s help in determining the data’s compliance with 2a’s criteria.

This counterintuitive definition gives the FBI too much latitude in declining to document searches of Section 702 data. My concern here is not with FBI access to Section 702 data, per se—I agree that to efficiently “connect the dots” on terrorist plots, the FBI should have access to this information without prior judicial authorization. Requiring a court order as a condition for such access would unduly burden law enforcement. My principal concern is with properly documenting such access, since diligent documentation will in itself limit indiscriminate searches. That’s where the FBI’s current practice falls short.

It may overstate the case to assert, as Liza Goitein does here, that the FBI’s counterintuitive definition of Section 702 queries masks a substantial loophole in querying procedure. Judge Hogan credited the government’s assurance that such situations are “very rare.” Nevertheless, the failure to clearly label a search by a restricted FBI employee as a query undermines transparency under Section 702. While secrecy is both inevitable and necessary in gathering foreign intelligence, a hard-won lesson learned in the wake of the Snowden disclosures is that lack of transparency reduces the perceived legitimacy of intelligence collection programs. To minimize this negative perception, the FISC should require more transparency in the FBI’s documenting of queries (and Congress should mandate it in the 2017 reauthorization).

These concerns, while they should have prompted further analysis by Judge Hogan, are too minor and ministerial to call into question the court’s holding that Section 702 is consistent with the Fourth Amendment. (District judges in the Second and Ninth Circuits have reached similar conclusions—see here and here.) Tellingly, these points also do not address the NSA. The NSA’s querying protocol is more precise and exacting than the FBI’s. While both the FISC and Congress should ensure that the FBI is subject to comparable procedures, that issue does not diminish Judge Hogan’s diligence in addressing the NSA’s safeguards.

Even in the absence of an amicus making opposing arguments, Judge Hogan may well have engaged in the comprehensive analysis of NSA safeguards that distinguishes his opinion. However, it seems logical to infer that the cogency and diligence of Jeffress’s advocacy encouraged careful analysis from the court. That careful analysis, as well as the prospect of future amicus input, in turn may restrain future government requests for unduly broad readings of statutory collection authority. Hamilton, in Federalist No. 78, posited that judicial review would have this salutary ex ante effect. Of course, review should also not be unduly intrusive; for an insightful analysis of how oversight can strike this balance, see Privacy and Civil Liberties Oversight Board PCLOB member Rachel Brand’s post here.

When Congress takes up reauthorization of the FAA in 2017, expansion of the amicus authority in the USA Freedom Act into a full-fledged public advocate should be a cardinal topic of legislative deliberations. Notably, no one at Thursday’s civil society conclave even remotely suggested that the involvement of a distinguished lawyer like Jeffress would risk disclosure of sensitive national security data. Similarly, a full-time public advocate, chosen from lawyers of a comparable pedigree, would pose no threat on this score. Moreover, the establishment of a full-time public advocate would promote public confidence in the resiliency of the NSA’s internal constraints; any slippage in those safeguards would soon become known to the advocate, and then to the FISC and Congress. A public advocate might also exert a healthy influence on the FBI’s query procedures, which require tweaking.

While the intelligence community might have to make minor adjustments, a diligent public advocate would not stifle the enterprise and ingenuity that we expect these agencies to show in “the common defence.” A public advocate could assist Congress, the courts, and civil society in fashioning a conception of privacy that minimizes gratuitous or invidious intrusions while promoting both individual and general welfare. (See Susan Hennessey’s post here.) Thursday’s gathering suggested that working within a framework of rules to accomplish this goal is integral to the NSA’s mission. A public advocate would make these rules function more effectively.

Madison and Hamilton would not be surprised.

Topics: