Section 702 -- the statute that allows the NSA to collect internet communications and data in bulk -- is up for renewal at the end of this year. The NSA, thanks to Ed Snowden, faced more of an uphill battle than usual when renewing Section 215 (bulk metadata collections). For the first time in its existence, the NSA ended up with a compromise (the USA Freedom Act), rather than a straight renewal.
The Intelligence Community appears to be trying to get out ahead of straight renewal opponents. The Office of the Director of National Intelligence has released a Section 702 Q&A at millennial watering hole Tumblr. By returning its own soft serve questions with canned talking points, the ODNI is hoping to show just how lawful its upstream collection is.
It also hopes to obscure something that's been around since the 2008 FISA Amendments Act: backdoor searches. Other government agencies have had the ability to peruse the NSA's collections, which were ostensibly gathered solely for national security use. The FBI is the most frequent backdoor searcher, seeing as it has rebranded as a counterterrorism unit over the past several years, which has allowed it to expand its surveillance capabilities and increase exploitation of the NSA's data stores.
The ODNI's Q&A document sort of admits this, but tries to downplay the implications of allowing a domestic law enforcement agency free access to national security-focused surveillance intake.
The government’s minimization procedures restrict the ability of analysts to query the databases that hold “raw” Section 702 information (i.e., where information identifying a U.S. person has not yet been minimized for permanent retention) using an identifier, such as a name or telephone number, that is associated with a U.S. person. Generally, queries of raw content are only permitted if they are reasonably designed to identify foreign intelligence information, although the FBI also may conduct such queries to identify evidence of a crime. As part of Section 702’s extensive oversight, DOJ and ODNI review the agencies’ U.S. person queries of content to ensure the query satisfies the legal standard. Any compliance incidents are reported to Congress and the FISC.
It still sort of sounds like a backdoor search, even with supposed strict oversight, but the ODNI adds a footnote claiming it isn't:
Queries of Section 702 data using U.S. person identifiers are sometimes mischaracterized in the public discourse as “backdoor searches.”
Oh, that crazy "public discourse." Won't it get anything right? Here's Emptywheel's Marcy Wheeler to explain what the ODNI won't.
While it’s true that NSA and CIA minimization procedures impose limits on when an analyst can query raw data for content (but not for metadata at CIA), that’s simply not true at FBI, where the primary rule is that if someone is not cleared for FISA themselves, they ask a buddy to access the information. As a result — and because FBI queries FISA data for any national security assessment and “with some frequency” in the course of criminal investigations. In other words, partly because FBI is a domestic agency and partly because it has broader querying authorities, it conduct a “substantial” number of queries as opposed to the thousands done by CIA.
Wheeler goes on to point to the Privacy and Civil Liberty Oversight Board's (RIP) report on Section 702 as evidence of this common FBI practice. While the PCLOB mostly punted on Section 702, finding it to be less blatantly-unconstitutional than the Section 215 program, it still found the FBI perused raw NSA collections quite frequently, both for foreign intelligence information and evidence of criminal activity. The PCLOB was unable to assess how frequently these "none dare call it a backdoor" searches occurred because the FBI has no way of tracking how often it dips into the NSA's collections. With no data and no reporting, it's pretty disingenuous to claim there's effective oversight over the Section 702 program.
Marcy Wheeler also noticed something unusual in the brand new FISC Section 702 report -- newly-required by the USA Freedom Act. According to the numbers released by the FISA Court, zero 702 applications were approved in 2016.
Wheeler points out the process for Section 702 approval runs much like that of Section 215, with applications either being approved by the FISA court or sent back for fixes. Once approved, extensions can be requested, but only for up to 60 days at a time. As she notes, the last 702 submission wouldn't have been able to coast through 2016 without a renewal.
The prior approval before last year was November 6, 2015, so it would only have had to have been extended 2 months to get into this year. So that seems to suggest there was at least a three month (application time plus extension) delay in approving the certifications for this year.
Note, too, that the report shows the only amicus appointed last year was Marc Zwillinger for a known PRTT application, so this hold up wasn’t even related to an amicus complaint.
In any case, this may reflect significant issues with 702.
The Snowden documents -- along with some from other unidentified leakers -- generated far more scrutiny of Section 702 than the NSA has ever experienced. It's not tough to imagine at least a couple of FISA judges being surprised with the scope of what they were approving. The number of submissions is redacted, but the footnote attached makes it clear the government submitted more than one application. This span with zero approvals dates back to the middle of last year, so it's been a bit of a dry run for the NSA.
The NSA has run into issues before with Section 702, the last time being in 2011, when the FISA court found the "upstream collection" of internet data to be "deficient on constitutional and statutory grounds." The NSA obtained extensions and apparently modified the order until it reached the FISA court's standards. This long delay between approvals could suggest the NSA is back in constitutionally-deficient waters, which definitely isn't where it wants to be as the program heads for renewal.