On Nov. 8, the House Judiciary Committee passed, 27-8, a revised version of the USA Liberty Act of 2017 with several amendments. Below is a summary of the bill the committee passed, including key changes. (A summary of the prior discussion draft of the USA Liberty Act can be found here.)
Section 101: Court Orders and Protection of Incidentally Collected United States Person Communications
Section 101 includes the broadest and most potentially consequential reform and addresses what are commonly called “backdoor searches.” The provision requires the FBI to obtain approval from the Foreign Intelligence Surveillance Court (FISC) to view the results of a query the Bureau conducts on 702 databases if the result returns U.S. person information “for evidence of a crime.” It also addresses review procedures for the FISC, exceptions to the new requirement, simultaneous database queries, and consent exceptions.
FISC Review of FBI Applications to Query 702 Data
The bill sets forth the process by which the FISC reviews and adjudicates applications for contents of communications found through the means described above. The provision calls for an independent review that the application is complete pursuant to the Act, that the application satisfies probable cause to believe the contents of communication sought will provide evidence of a crime specified in 18 U.S.C. §2516 and that the agency will comply with minimization procedures to protect the privacy of U.S. persons that may be the subjects of incidental collection. Finally, the provision states a “denial of an application … may be reviewed as provided in section 103.”
Exceptions to New Warrant Requirement
The bill allows the attorney general to authorize the FBI to query a 702 database for the content of communications if any of the following conditions apply: (1) the query is reasonably designed to primarily provide foreign intelligence information; (2) the target of the query is subject to an order authorizing electronic or physical surveillance; (3) the attorney general determines that an emergency necessitates access to the 702 information; or (4) the attorney general makes a determination that the person identified by the queried term is “reasonably believed to be engaged in international terrorism” or is “reasonably believed to be acting for, or in furtherance of, the goals or objectives of” terrorists or foreign terrorist organizations.
The bill also requires that when the attorney general finds the existence of an emergency, he or she must (1) inform the FISC at the time of accessing or disseminating the 702 information; (2) apply for an order as soon as practicable but no less than seven days after the decision; (3) submit the factual basis for the determination; and (4) agree not to use information and cease further queries if such an order is denied. The bill also requires the attorney general to follow that process when determining that an individual identified by a query term is involved in terrorist activities.
Simultaneous Query of Databases
The bill requires the FBI director to, “[e]xcept as otherwise provided by law or applicable minimization procedures,” “ensure that all available investigative or intelligence databases of the Federal Bureau of Investigation are simultaneously accessed when the Bureau properly uses an information system of the Bureau to determine whether information exists in such a database.” This language offers additional clarification that the provision does not supersede existing restrictions, while previous drafts could have been read to require the querying of databases for which there are additional existing restrictions.
The bill says the FISC order requirement does not apply to “queries made using a term identifying a person who is a party to the communications acquired … or a person who otherwise has lawful authority to provide consent, and who consents to such queries” or “the accessing or dissemination of the contents of communications acquired … of a person who is a party to the communications, or a person who otherwise has lawful authority to provide consent, and who consents to such access or dissemination.” This language increases the number of individuals who may consent to these queries beyond just the individual whose information is targeted: A previous version said the requirements did not apply to “queries made using a term relating to a person who consents to such queries” or “the accessing or the dissemination of the contents of queried communications of a person who consents to such access or dissemination.”
Limitation on Use of Certain Excepted Queried Information
This section is new to the revised USA Liberty Act, and it limits the use of 702 information acquired by the FBI through the exceptions laid out above. The section prevents acquired or disseminated through one of these exceptions from being “received in evidence or otherwise used” except “(1) with prior approval of the Attorney General; and (2) in a proceeding or investigation in which the information or evidence is directly related to and necessary to address a specific threat of” (a) an act of terrorism, (b) espionage, (c) proliferation or use of a weapon of mass destruction, (d) a cybersecurity threat, (e) incapacitation or destruction of critical infrastructure, (f) a threat to the armed forces of the U.S. or those of an ally or to other personnel of the U.S. government or personnel to the government of an ally. This language responds to the concern regarding the “backdoor” use of more easily accessible 702 information to charge domestic crimes.
Section 102: Limitation on Collection and Improvements to Targeting Procedures and Minimization Procedures
The revised USA Liberty Act still codifies the termination of the “about” collection program until September 30, 2023. The bill requires “that the targeting of a person is limited to communications to or from the targeted person.”
The revised USA Liberty Act kept the requirement that the attorney general adopt specific procedures for handling unmasking requests, including documentation from “the requesting individual that such request is for legitimate reasons” and “retention of the records of each request,” including “a copy of the request,” “the name and position of the person who is making the request,” and, if approved, “the name and position of the individual who approved the request and the date of the approval.” The bill does not identify the party responsible for record retention; a previous version required “the requesting element of the Federal Government to retain records of each request.”
Within 90 days of the bill’s enactment, the director of national intelligence (DNI) must submit to the intelligence and judiciary committees in the House and Senate a report on the DNI’s progress ensuring the proper masking of incidentally collected communications of U.S. persons and the implementation of the procedures described above.
Section 103: Publication of minimization procedures under section 702
This section remains unchanged from the original draft of the USA Liberty Act, and requires the Director of National Intelligence to conduct a declassification review of adopted minimization procedures and make such procedures available “to the greatest extent practicable, which may be in redacted form.”
Section 104: Appointment of Amicus Curiae for Annual Certification
This section remains unchanged from the original draft of the USA Liberty Act. As I summarized previously, it
requires the FISC to appoint an amicus curiae, or special advocate and expert, in the certification process for Section 702’s surveillance programs, unless the court issues a finding that such appointment would not be appropriate. Amici were established in 2015’s USA FREEDOM Act, but until now, the FISC appointed them at its discretion.
Section 105: Increased Accountability on Incidentally Collected Communications
The bill requires the director of national intelligence (DNI) to report “the number, or good faith estimate, of communications acquired … of such section of United States persons.” A previous version mandated that the DNI report “the number, or good faith estimate, of communications acquired … of such section of known United States persons that the National Security Agency positively identifies as such in the ordinary course of its business.”
The bill also requires the DNI to report “the number of disseminations of communications acquired under … section 702 to the Federal Bureau of Investigation for cases not pertaining to foreign intelligence.” Additionally, it requires the DNI to report the number of individuals to whom the attorney general has delegated authority to approve FBI queries on 702 databases.
Section 106: Semiannual Reports on Certain Queries by Federal Bureau of Investigation
The bill requires the FBI director to report the number of applications to access 702 information the FBI submits, the number of applications that were approved and resulted in a positive hit, and the number of determinations made by the attorney general in this process.
The committee passed an amendment that adds further reporting requirements regarding FBI queries. The FBI director must now also report: (1) the number of times the attorney general determines that an “emergency situation requires the accessing or dissemination of the communications before an order”; (2) the number of times the court disagreed about the determination of an “emergency situation”; (3) the number of times the attorney general determined that the person identified by the queried term is “reasonably believed to be engaged in international terrorism” or is “reasonably believed to be acting for, or in furtherance of, the goals or objectives of an international terrorist or international terrorist organization”; and (4) the number of times the court disagreed about the determination that an individual was “reasonably believed to be engaged in international terrorism” or is “reasonably believed to be acting for, or in furtherance of, the goals or objectives of an international terrorist or international terrorist organization.”
Section 107: Additional Reporting Requirements
This section remained largely unchanged from the original draft of the USA Liberty Act, which required that the Attorney General report (1) the total number of applications for orders and extensions of orders approving electronic surveillance; (2) the total number granted, modified, or denied; and (3) the total number subjected to electronic surveillance, including U.S. persons, rounding to the nearest band of 500. The report must also include “a good faith estimate of the total number of persons who were targeted by the installation and use of a pen register or trap and trace device under an order or emergency authorization,” including U.S. persons, rounded to the nearest band of 500. Additionally, the report should include the number of U.S. persons whose information collected through electronic surveillance was then reviewed or accessed by a Federal officer, employee or agent, reported to the nearest band of 500. These reports must be submitted in unclassified form and made publically available no later than 7 days after submission.
Section 108: Application of Certain Amendments
The bill postpones the start date of the Section 101, 102 and 201(a) provisions until 120 days after the bill takes effect.
Section 109: Sense of Congress on Purpose of Section 702 and Respecting Foreign Nationals
(Note: Section 109 of the revised bill was subtitled Section 108 in previous versions.) The bill requires the intelligence community to conduct surveillance “within the bounds of treaties and agreements to which the United States is party, and there should be no targeting of non-United States persons to any unfounded discriminatory purpose or for the purpose of offering commercial competitive advantage” to U.S. companies (emphasis added).
A previous version required the intelligence community to “respect the norms of international comity by avoiding, both in actuality and appearance, targeting of foreign individuals based on unfounded discrimination or for the purpose of affording a commercial competitive advantage to” to U.S. companies (emphasis added).
The bill says “702 is meant to shield the United States, and by extension, the allies of the United States, from security threats.”
Section 201: Limitation on Retention of Certain Data
This section remained largely unchanged from the original version of the USA Liberty Act, which, as I summarized previously,
reaffirms the intelligence community’s commitment to destroy communications that are known not to contain foreign intelligence information within 90 days of learning that they do not contain foreign intelligence information. However, the NSA director can individually waive the requirement to purge communications not containing foreign intelligence if the director determines the waiver is necessary to protect national security. This can allow the NSA to retain data from known U.S. persons that do not contain foreign intelligence at their discretion.
Section 202: Improvements to Privacy and Civil Liberties Oversight Board
As I summarized previously, the original version of the USA Liberty Act
reform[ed] the Privacy and Civil Liberties Oversight Board (PCLOB), which is an independent organization that has statutory authority and duty to audit the surveillance activities of the intelligence community. The bill allows the PCLOB to hire staff and continue working even if all five members have not been nominated and confirmed, addressing past roadblocks to efficiency.
The revised version of the USA Liberty Act adjusted the scope of the three mandatory reports required of the PCLOB. Before, the bill charged the PCLOB with reporting (1) how communications acquired under 702 are used to prevent and defend against terrorism, (2) how technology affects such prevention and defense, and (3) how privacy and civil liberties are affected by 702 surveillance and changes in technology. While the first reporting requirement has remained unchanged, the second reporting requirement now also asks “how effectively the foreign intelligence elements of the intelligence community” have responded to the newly emerging challenges presented by technology in the prevention and defense of terrorism. The third reporting requirement now also asks whether “race, religion, political affiliation, or activities protected by the First Amendment are determinative in the targeting or querying decisions made” under 702 authorities.
Section 203: Privacy and Civil Liberties Officers
This section has not changed substantially from the original draft of the USA Liberty Act, and codifies that “officers” referenced in Section 1062(a) of the Intelligence Reform and Terrorism Prevention Act of 2004 refers to the Director of the NSA, Director of the FBI, and Director of the CIA. This section further codifies the role the PCLOB plays in auditing the incidental collection of U.S. persons communication “to assess compliance with mandatory procedures” and “the effect of this section on the privacy of” U.S. persons.”
Section 204: Whistleblower Protections for Contractors of the Intelligence Community
Paragraph (1) of this section grants federal contractors the same whistleblower protections as federal employees by preventing federal officials from “tak[ing] or fail[ing] to take a personnel action with respect to any contractor employee as a reprisal for a lawful disclosure of information by the contractor employee” to designated agency heads regarding violations under the Act, violations of federal law, and egregious mismanagement. It also allows contractors to “raise a violation of paragraph (1) in any proceeding to implement or challenge a personnel action described in such paragraph.” This, in effect, affords contractors the right to claim a violation of their whistleblower protections as a defense to retaliatory personnel actions.
Section 301: Extension of Title VII of FISA
This section remained unchanged from the original USA Liberty Act, which, as I summarized previously,
reauthorizes Title VII of FISA, which includes Section 702, pursuant to the USA Liberty Act’s provisions until September 30th, 2023. This renews the “upstream” and “downstream” surveillance programs for six years, a longer larger time period than the 2012 reauthorization, which renewed the program for five years.
Section 302: Increased Penalty for Unauthorized Removal and Retention of Classified Documents or Material
The revised USA Liberty Act removed subsection (b), which criminalized the negligent removal of “documents or materials without authority and knowingly retaining such documents or materials at an unauthorized location” as a misdemeanor offense.
This section has not changed substantially from the original draft of the USA Liberty Act, and sets forth the requirement that the Comptroller conduct “a study of the unauthorized disclosure of classified information and the classification system of the United States.”
This section has not changed substantially from the original draft of the USA Liberty Act, and declares it is a sense of Congress that “the barriers, whether real or perceived, to sharing critical foreign intelligence among the intelligence community that existed before September 11, 2001, are not reimposed by sharing information vital to national security among the intelligence community” in a manner consistent with this Act.
This section has not changed substantially from the original draft of the USA Liberty Act, and declares it is a sense of Congress that the Executive is authorized to “share information learned by acquiring communications” under 702 with allies “to prevent and defend against terrorism.”
This section lays out technical amendments to improve procedures of the FISA Court.
This section is a severability clause that maintains that should any provision or amendment made by this Act be held invalid, that the remainder of the Act not be affected.
Amendment to Title III
The committee passed an amendment that adds a section to Title III stating that nothing in the bill should “be construed to limit the application or effect of criminal penalties under section 552a(i) of title 5, United States Code, section 1924 of title 18, United States Code, or any other relevant provision of law” relating to unauthorized disclosure of 702 information.