Earlier this Fall I wrote about how certain materials from the In Re Directives litigation before the Foreign Intelligence Surveillance Court of Review (“FISCR” or “Court”) had been declassified. Last Monday, the Office of the Director of National Intelligence released the transcript from oral argument in the FISCR case, which was held on June 19, 2008, before Chief Judge Bruce Selya, and Senior Circuit Judges Morris Arnold and Frank Winter.
By way of reminder: Yahoo! had petitioned for review of an earlier decision by the Foreign Intelligence Surveillance Court (“FISC”) which had rejected the tech company’s challenge to directives issued under the Protect America Act of 2007 (“PAA”), and targeting persons---foreigners and US persons alike---thought to be abroad. As prescribed by the PAA, the directives had required Yahoo! to open up a still-undisclosed number of user accounts to government surveillance. But Yahoo! protested. Before the FISCR the company argued that, to the extent it was directed at US persons, the surveillance ran counter to the Fourth Amendment’s warrant provision; or alternatively that, to the extent that a “foreign intelligence surveillance” exception to the warrant requirement permitted the surveillance in principle, the surveillance was nevertheless unreasonable. Ultimately, neither claim carried the day, as the FISCR sustained the directives' lawfulness and ordered compliance with them.
Below you’ll find a thematically-organized account the argument’s highlights.
The three-judge panel pressed Yahoo!’s counsel Marc Zwillinger at some length on whether the directives injured Yahoo!, such that it could pursue its challenge. Judge Morris Arnold asked bluntly: “If this order is enforced and it’s secret, how can you be hurt? The people [Yahoo’s customers] don’t know that they’re being monitored in some way…What’s the damage to your consumer?” Zwillinger’s response---that the existence of a general perception on the part of subscribers that their accounts were being monitored might constitute an injury in and of itself---did not appear to impress Arnold. The judge countered that the perception among such people would exist “whether we enforce this order or not...so the market’s already discounted for any injury that you might suffer.” And he added that this same perception would exist on the part of the customers of Yahoo! competitors; thus, in effect, the company could not argue that it was being injured relative to other similarly situated companies in the market.
The Non-Existent E-Mail Accounts
Court and counsel also debated this odd little fact: an undisclosed number of accounts identified for surveillance no longer existed---either because they never existed to begin with, or because they been closed at some point prior to the directives' implementation. The question was what that meant, practically as well as legally. Zwillinger argued that the high number of non-existent accounts was “indicative of a problem”---namely, the inadequacy of safeguards meant to ensure that the government was, in fact, snooping on persons “reasonably believed to be outside the United States,” as required by the PAA. But Chief Judge Bruce Selya countered that the closing of the accounts may have been further evidence that the government was on to something; perhaps, Selya surmised, the intended targets “may be one step ahead of the government and may have closed the accounts.”
That wasn’t all. Because surveillance requests were processed at his client’s Sunnyvale, California headquarters, Zwillinger argued, there was a strong likelihood that the snooping in fact would sweep up significant numbers of Yahoo! customers within the United States. That, according Zwilliger, cast further doubt on the government’s account of the surveillance at issue. “Constitutionally,” he said, “the key question is how does the lack of particularity [in the targeting approval procedures] harm U.S. persons…you have an example like we have where more of our users are from the United States.” Then acting Solicitor General Greg Garre simply dismissed this out of hand. The surveillance here, according to Garre, was “no different than surveillance that has been conducted for decades outside of FISA with respect to satellite communications.” Thus it was of no moment that collected communications had been routed through Yahoo!’s California office and servers: the targets of the surveillance were still persons reasonably believed to be located outside the United States---just as the PAA required.
Collection v. Use
Another flashpoint: what the government did (or didn’t do) with incidentally collected stuff, and whether the use or the gathering up mattered most from a Fourth Amendment standpoint. For his part, Zwillinger suggested that, owing to the absence of any real particularity in targeting, the government might well be “building a database on millions of people in the United States.” But Garre saw no such problem: “If an error is detected, the procedures provide that the information acquired should be destroyed. There is no database that is acquired with information that is incidentally collected; and under the targeting procedures, there is a provision for destroying evidence.”
Judge Ralph K. Winter Jr. seemed more sympathetic to the government’s position in this respect. He noted the government’s minimization procedures:
It seems to me it would be highly unlikely there would be any consequences if they…by mistake got into my email account, even if I had something on there that would be even in the remotest interest to anyone else, so what? They don’t know who I am, or anything about it, and there are minimization procedures. So it seems to me…you’re talking about very abstract harms….The people you’re talking about don’t even know that an email may have been read by somebody.
On this point---and also unfavorably for Yahoo!--the same judge also seemed to link privacy harm with actual, contemporaneous awareness of the government’s activities. Naturally enough, Yahoo!’s lawyer had cited Fourth Amendment jurisprudence to the effect that downstream use is a secondary concern; the privacy analysis, according to court cases, concerns the moment of collection. Well the same had to hold true, argued Zwilliger, of Yahoo! subscribers, US persons whose communications might be implicated by the surveillance dragnet. Winter wasn’t buying the analogy. Yahoo!’s customers, he observed, had no knowledge of the surveillance at all. It thus was different, in his view, from the paradigmatic case of a group of people in an apartment who experience a search and seizure up close---and suffer an injury as a result, irrespective how the government might use the seized material.
The Warrant Requirement and Its Exceptions
Chief Judge Selya may have tipped the Court’s hand when he sought to summarize the government’s case: “There is a national security exception that eliminates the necessity in this type of situation for a warrant requirement, and that the state and the government’s procedures under the statute, as exemplified in this case, comport with other aspects of the Fourth Amendment that would be or might be adequate.” (This was prescient stuff, and foreshadowed the court’s eventual written opinion.)
Exception or no, the Fourth Amendment still puts a premium on reasonableness. Zwillinger argued that, even assuming the current situation fell outside of the direct scope of the Fourth Amendment’s Warrant Clause, the principles of the warrant requirement were still essential in “determining the reasonableness of a surveillance,” and that he “it’s not putting a back door warrant requirement in to say if you’re going to do warrantless surveillance, you still need to do it consistent with reasonableness.” In his opinion, the facts that large numbers of non-existent accounts were caught up in the directives, and that the process of identifying individuals surveillance was fundamentally opaque, added up to a manifestly unreasonable outcome. Zwillinger cited the Court’s decision in In Re Sealed case and argued that among the factors identified by the Court for determining reasonableness, prior judicial review was a critical element---and there really hadn't been any such review here. But Judge Arnold quibbled. He said the government did have to submit to prior judicial review, to the extent the FISC had to authorize the surveillance requests. Still, Zwillinger thought this was not enough to ensure that persons targeted for surveillance were, in fact, located overseas.
Garre responded that it would be “extraordinary” for the Court to conclude that foreign intelligence surveillance should be subject to robust ex ante review by a judge, “when for decades it has been the case throughout our history that foreign intelligence surveillance with respect to U.S. persons outside the United States has been conducted outside the requirement of any prior judicial approval.” In his view, adding additional procedural checks would hinder the Executive Branch’s ability to quickly respond to threats and “would come at a cost that Congress recognized and the Executive recognized that the need for speed, secrecy, and flexibility in obtaining foreign intelligence information is vital.”