In early October, Michael Horowitz, the Department of Justice’s Inspector General, issued another report on the Foreign Intelligence Surveillance Act, or FISA. This report, his third major release on the subject in two years, concludes the Inspector General’s audit of the FBI’s process for ensuring that FISA applications are accurate.
Natalie Orpett and Benjamin Wittes have capably summarized the audit’s origins and basic findings. In short, the Inspector General found widespread mistakes in the FBI’s implementation of its “Woods Procedures,” which are designed to ensure that factual statements in FISA applications are accurate.
This latest report deals primarily with errors in maintaining “Woods Files,” which are supposed to contain supporting documentation for each factual assertion in a FISA application. These lapses, as bureaucratic as they may seem, are important: the Woods Procedures exist because past FISA inaccuracies showed the need for tighter fact-checking.
In light of the IG’s latest report, how worried should we be about the state of the FISA process? In one respect, the answer is simple: inaccuracies and sloppy recordkeeping in the FISA process are always a problem. FISA surveillance is classified and FISA Court proceedings are ex parte—only the government appears; if its filings misstate or omit important facts, there is no opposing party to dispute them.
Even after the IG’s two-year audit and series of reports, however, important questions remain:
Orpett and Wittes comment that “unlike in the Page case, these errors did not result in the court being misled on material matters.” That appears to be literally true: it seems that none of the errors that the I G found would have changed the outcome of a case.
I would be cautious in drawing too much assurance from this, however. The reason for caution is that the Inspector General’s fact-checking reveals only whether there was support for the factual assertions that made it into each FISA application. It cannot not reveal whether important facts were left out.
That is a big asterisk: Omissions were among the biggest flaws in the Carter Page FISA application. For example, the FBI omitted the critical fact that Page had been a source for another U.S. government agency and had reported his contacts with Russian intelligence officers to that agency. If disclosed, that would have cast Page’s contacts with Russian spies in an entirely different light: reporting those contacts back to the U.S. government indicates loyalty to the U. S., not Russia. An FBI employee was later indicted and pled guilty to making false statements in connection with that omission.
The Page application also left out statements that would have raised doubts about information from British spy-for-hire Christopher Steele, whose reporting the FBI used in the FISA application. Steele compiled the infamous “Steele Dossier,” a pastiche of gossip and hearsay financed and shopped to the government by opponents of the Trump campaign. Steele told the FBI that his primary sub-source was a “boaster” and “egoist” who “may engage in some embellishment.” Yet the application omitted Steele’s caveats about his source.
This IG’s review did not look for omissions. Nor could it have realistically done so on this scale—even this narrowly scoped audit took almost two years. Searching for omissions entails examining the entire universe of facts that are known to the government and potentially relevant to the case. It is thus much more laborious than checking statements in an application against a file of supporting documents.
For that reason, we don’t know whether past applications—other than Page’s—contained errors of omission. But absence of evidence is not evidence of absence. We do know that in 183 cases, agents didn’t keep an adequate Woods File. This suggests that, in some quarters, a culture of lax compliance prevailed. Whether it led to important omissions in any of these cases remains unknown.
Now for something potentially more encouraging: much has changed since the period covered by the IG’s report (fiscal years 2015-2019). As Orpett and Wittes note, many reforms have been implemented in response to the Crossfire Hurricane report and the initial Management Advisory Memorandum on this audit—by the FBI, by the Attorney General and the Department of Justice’s National Security Division and by the FISA Court in a series of orders.
One of the most important is that the National Security Division is now conducting “completeness” reviews, which check not just for the accuracy of statements in the file but also for omissions. And they are doing a lot of these reviews: DOJ conducted completeness checks of 95 applications from May 2020 to March 2021. Henceforth, the Justice Department will also share the results of both its accuracy reviews (which check statements in applications against the supporting documents) and completeness reviews (which also check for omissions) with the FISA Court twice a year.
Will these reforms work? The results of accuracy and completeness reviews in the years to come will be indicative of whether compliance has tightened. Close scrutiny by Congress, the FISC, and other oversight bodies will be needed to ensure that the compliance culture improves.
Most of the changes made thus far in response to the IG’s findings aim to ensure that applications are accurate. And accuracy is essential. But it is not the only standard by which we should measure FISA applications.
Just as important is whether the (accurate) facts are presented in a manner that enables the judge to provide meaningful scrutiny of the government’s case. Do applications inadvertently impede critical analysis by inundating the reader with information?
In a White Paper released earlier this year during my tenure as Chairman of the U.S. Privacy and Civil Liberties Oversight Board, I noted that the applications can be taxing for a reader new to the matter. “The amount of information,” I wrote in describing my findings, “can be overwhelming, and it is not always clear how each fact relates to the others, or what weight the government assigns to each.”
Steps to improve the clarity of applications, like those proposed in the White Paper, would help drafters think rigorously about which facts are essential to probable cause, which are merely supportive and why the surveillance is necessary in the first place. They would also allow judges and advisors to spend less time hunting for the key facts buried within a lengthy recitation, and more time analyzing the strength of the government’s case.
Requests to renew FISA applications are another example of how accuracy, while important, is not enough. A request to renew existing surveillance would most naturally take the form of an update: what the government learned from the surveillance, and how that or any other new information bears on the need to continue. Surprisingly, however, renewals typically adopt the same format as the initial application, simply dropping new information into the first application in bold text.
Even if the newly added information is accurate, this approach neglects what is most important: what was learned during the initial surveillance and what those findings suggest about whether additional surveillance is needed. Focusing on new information and the need for further surveillance, rather than recycling a lightly updated version of the initial filing, would help both the government and the court to assess critically the need for further surveillance.
There are also broader issues and room for improvement beyond the applications themselves. Are there ways to make the process in highly sensitive cases more considered and less susceptible to groupthink? Should DOJ attorneys be integrated into certain counterintelligence or counterterrorism investigations at an earlier stage, enabling them to provide more informed, rigorous review when a FISA is sought? Should the FBI and DOJ create a regularized process for red-teaming highly sensitive FISA applications?
An objection to each of these ideas is that they will make the process slower and more bureaucratic. Perhaps so—but perhaps, in a very small subset of the most sensitive cases (those involving political leaders or aides, journalists, religious leaders and the like), it should be. Reforms implemented by Attorney General Barr have already moved in this direction, requiring that the Attorney General personally approve surveillance targeting political candidates or their aides.
In many other cases, however, the prevailing bureaucratic incentives should encourage the government to move faster and do more. The U. S. faces a formidable peer competitor in China and significant counterintelligence and counterterrorism threats from many other quarters. The challenge is to provide greater protection for Americans while ensuring that FISA remains a versatile, agile tool for monitoring genuine foreign threats. For that reason, my recent White Paper proposes reducing the burden of compliance tasks that have become redundant or repetitive and streamlining the FISA process for certain foreign targets, while providing greater scrutiny of applications to target U.S. citizens.
Catching foreign spies would be a pyrrhic victory if Americans come to distrust their government in the process. Policymakers seeking to “fix” FISA thus face a demanding task: rather than trading trust for capability, or vice versa, they must solve for both.