Congress has begun its long journey towards a likely reauthorization of the Section 702 of the FISA Amendments Act. PCLOB devoted significant ink to 702 in a 2014 report and followed up this February with an assessment of the implementation of its recommendations. Among these was a proposal for “additional limits . . . on the FBI’s use and dissemination of Section 702 data in connection with non-foreign intelligence criminal matters.” This recommendation reflected concern about the use of U.S. person information collected incidentally or inadvertently through Section 702’s programmatic surveillance. In other words, it mirrors the concerns behind the old “FISA wall” separating foreign intelligence collection from domestic law enforcement.
The intermingling of data within the internet’s infrastructure raises the question of “the wall” in a particularly thorny iteration. Taking as a starting point the fact that with current technology, it is impossible to completely separate non-U.S. person from U.S. person communications collected under programmatic surveillance programs, the question is, what limits are we willing to put on the use of the data thus collected?
While front-end protections distinguish the treatment of U.S. persons and non-U.S. persons—reflecting underlying Fourth Amendment and policy distinctions— the question of what to do with the data once we have it is complicated by the fact that, inevitably, non-targeted information of Americans will be collected. That question is really two: how should the data be shared within the IC, and to what extent can it be used in subsequent criminal proceedings?
The answer to the latter question is, apparently, that it may be used to a significant extent in criminal proceedings. This seems consistent with opinions from the FISA Court of Review, which emphasized the lack of Fourth Amendment protections for incidental eavesdropping, and generally affirmed the reasonableness of non-individualized data collection as part of a broader program.
If such information can be used at trial or as part of a domestic investigation—and, according to the FISA Court of Review in In Re Sealed Case, such was the intent of Congress when passing FISA—the rules governing its sharing appear even more important. If we accept the need for programmatic surveillance, and if we know for a fact that it will include information about U.S. persons for whom there is no individualized suspicion, then it stands to reason that there should be some limits on who can have access to that information.
Or does it? The arguments for dismantling the original wall can clearly be applied to Section 702 (or EO 12333) data. The warrant requirement doesn’t apply because there are special needs, or a foreign intelligence exception. The collection is reasonable because of the compelling government interest in national security and the oversight and minimization procedures in place to prevent abuse. This is the line of reasoning followed by PCLOB in its 2014 report. Without a Fourth Amendment concern, the reasons for limiting access to 702 information—for erecting some variation on the “wall”—would seem to disappear.
The one variable within that analysis is the oversight and minimization element of the reasonableness inquiry. Foreign intelligence collection will probably always be held a special needs case, and the government will always have a strong interest in national security. But the back-end restrictions on the use of data—a key part of the reasonableness analysis, for both PCLOB and the FISA Court of Review—are more easily subject to modification, and in theory can be tailored to augment the “reasonableness” of different types of data collection.
PCLOB said as much at the conclusion of its constitutional analysis:
[G]iven the comparatively low standards for collection of information under Section 702, standards for querying the collected data to find the communications of specific U.S. persons may need to be more rigorous.
This “pay me now or pay me later” approach has interesting implications. If there remains a sense that the use of FISA information must be treated differently, this suggests that some version of “the wall” is, if not necessary, at least helpful for establishing reasonableness.
Minimization procedures are a kind of mini-wall in themselves, albeit a porous one. From the evidence, it seems they are porous enough to prevent the kind of “stove-piping” that inhibited the IC before 9/11. That is surely a good thing. On the other hand, the reasons that the wall was thought necessary in the first place are, if anything, presented in a stronger form when considering programmatic collection. U.S. person information that is swept up via PRISM or upstream collection is not the object of any showing of cause whatsoever. This data appears only because it is collected incidentally, inadvertently, as “about” data, or as part of a multi-communication transaction. There remains some question as to whether this is properly allowed under Section 702—PCLOB’s 2014 assessment found only that upstream collection was not prohibited by the text, and was arguably within the statute’s intent.
The discomfort provoked by this type of data seems to drive the emphasis on back-end restrictions of programmatically collected data. But if we assuage doubts about the reasonableness of programmatic collection as a whole by relying on minimization and oversight procedures, we may want to subject more of that process to judicial review. Thus, the PCLOB recommendations to create additional checks on the sharing of Section 702 data—for example, by requiring FISC approval for U.S. person queries—though probably not required by law, may be advisable as a matter of policy.