The legislative debate over Section 702 of the Foreign Intelligence Surveillance Act has ended with passage of a six-year reauthorization that omitted many of the provisions privacy advocates had argued were necessary. But the legal and policy debate is likely to continue in the U.S. and in European courts.
We took different positions in the overall debate on Section 702. But we agree that there is an important step the U.S. government can take now to bolster transparency and accountability within the program without unduly burdening legitimate intelligence activities.
Section 101 of the FISA Amendments Reauthorization Act requires the attorney general, in consultation with the director of national intelligence, to adopt procedures by which agencies will be able to query data collected under Section 702. The statute requires that those procedures be consistent with the Fourth Amendment and, in the case of queries involving United States persons, ensure that a record is kept of the query.
We believe that this provision affords an opportunity to provide greater public knowledge of—and increased accountability for—the operation of Section 702. Specifically, we urge that procedures adopted include the following five features:
First, the procedures should be unclassified and released to the public to the greatest extent feasible. It is important as a matter of good government, and also beneficial to the intelligence community, that the public know as much as possible about how U.S. intelligence agencies operate. The intelligence community’s experience with transparency over the past five years should enable it to draft procedures that do not reveal intelligence sources and methods. Indeed, previous rules for querying were incorporated in the agencies’ minimization procedures, which have been publicly released (with redactions) for the past several years.
Second, the procedures should apply to United States persons and to foreigners. Public debate in this country focused on the issue of U.S. person queries and whether they comported with the Fourth Amendment. But while foreigners outside the United States do not have Fourth Amendment rights, they do have legitimate privacy interests that the United States should respect. U.S. intelligence activities are being challenged in European courts as insufficiently protective of the privacy of Europeans, and differentiating between U.S. persons and foreigners in this context will add to that perception. Moreover, the legislative provision does not limit the requirement of procedures to U.S. person queries.
Third, the querying procedures should apply to law enforcement queries as well as queries for foreign intelligence purposes. We believe it is clear that the legislation requires this.
Fourth, the procedures should require that a record be made and kept of each query term and the basis for each query. The minimization procedures of the National Security Agency and the CIA already require that queries be “reasonably likely to return foreign intelligence information” and that U.S. person queries be justified by a statement of facts. While the FBI’s procedures require that, “to the extent reasonably feasible,” queries be designed to “find and extract foreign intelligence information or evidence of a crime,” no statement of facts is required. Analysts should be able to articulate, on an individualized basis, why they think their query meets these standards and should be required to memorialize that basis.
Finally, the procedures should provide for some independent periodic auditing of the queries and the recorded justifications for them, as the Department of Justice and the Office of the Director of National Intelligence already do for targeting under Section 702 and public reports of the results of those audits. This would facilitate accountability, and it could help members of the public have a better sense of when and how queries are conducted.
There will be objections to this approach. Most notably, the FBI’s systems are set up to query Section 702 information and other information together. A requirement to document the basis for the query before initiating it would therefore in practice apply to Section 702 queries and other queries alike, creating a significant administrative burden. But under FBI procedures, an analyst will generally be told only that Section 702 information exists in response to a query and must get supervisory approval to obtain the information. The requirements to memorialize the reasons for the query could be applied to the FBI at that stage, substantially lessening the burden.
In addition, every new rule creates additional complexity and opportunities for inadvertent compliance violations. The public should be cognizant of that and should differentiate between significant or pervasive violations and minor, isolated ones. The former would provide genuine cause for concern; the latter may be inevitable given the pressures on intelligence analysts and the volume of their work.
We recognize that our proposal contemplates a non-trivial expenditure of time and effort by the agencies and their employees. Systems may need reconfiguration; analysts would need training and would have to spend more time on each query; compliance review would require agency resources. But meaningful oversight mechanisms rarely come without administrative burden. We recommend that the querying procedures adhere to these standards not because the approach is costless but because the public benefit that would be achieved is worth the cost.
Editor’s note: This piece was crossposted at Just Security.