On Tuesday, the Office of the Director of National Intelligence released some redacted versions
of three previously secret FISA Court rulings. There are a few interesting things in them, but one notable point, found in a ruling
from last November regarding the NSA's 702 PRISM program, is that the FISC took advantage of the provision in the USA Freedom Act to appoint a public advocate to argue on behalf of the public
. One of the big complaints in the past, is that the FISA Court is no court at all. Only one side -- the government -- gets to present its case, and then the judges decide.
The USA Freedom Act, however, added the ability of the FISC to appoint a public advocate. Many have been quite reasonably skeptical about this -- in terms of how often it would be used, who would be appointed and how seriously the FISC would take the public advocate. In this case, we see that the public advocate did, in fact, argue that parts of the PRISM program were unconstitutional... and the FISC then rejected that. In this case, the court appointed Amy Jeffress, a former federal prosecutor and DOJ official -- which might make some skeptical of her willingness to actually advocate for the public -- however, this ruling shows that she did, in fact argue that the program was unconstitutional (her actual arguments have not been released).
It appears that the FISC specifically asked Jeffress for her thoughts on the so-called "backdoor searches" that we've discussed before
. Specifically, while the NSA is only supposed to collect info on non-US persons, it can collect and then hang onto a huge swath of information under the 702/PRISM program, including what's referred to as "about" information (i.e., any information "about" a suspected terrorist -- meaning your emails mentioning a terrorist could get sucked up). Historically, if the NSA came across any US person's information this way they're supposed to dump it. But through some twists and turns, these days the information gets kept... and is considered "incidentally" collected. Oh and
the FBI and CIA then get access to all of that data as well for searching.
In this analysis, the FISC was examining how constitutional that whole thing is (and we'll have another more detailed post on that as well). The FISC specifically asked Jeffress for an analysis of two specific issues here. Did either of the following two things violate the 4th Amendment: (1) the searches of the information collected in this manner that might return information concerning US persons, and (2) information that is preserved under this system for "litigation purposes" that might otherwise be required to be destroyed under so-called minimization rules. The second one is basically the issue that came up in some EFF cases, where the EFF is challenging the legality of the NSA collecting this data at all, but the NSA started deleting the data in question, because it's required to delete data after five years. So there's a question of whether or not that data can legally be kept, even if it needs to be kept for the lawsuit. On this, it appears the court is fine with holding onto data for such litigation preservation.
However, on question number (1), Jeffress apparently noted that the FBI being able to do these backdoor searches appears to go way beyond what's allowed. Remember, this information was collected specifically for the purposes of national security. The whole 702 program was designed and approved on the basis that it was about national security. Yet, it appears that once the FBI gets its hands on it, it's used for all sorts of other stuff. This is just what everyone had assumed before when first learning about these backdoor searches. Jeffress starts off by arguing that these kinds of searches simply go beyond what the law itself allows:
Amicus curiae Amy Jeffress has raised concerns regarding the querying provisions of the
FBI Minimization Procedures.... Ms. Jeffress does not specifically
assert that the querying provisions render the procedures inconsistent with the applicable
statutory definition of minimization procedures. Nevertheless, she contends that the FBI
Minimization Procedures "go far beyond the purpose for which the Section 702-acquired
information is collected in permitting queries that are unrelated to national security." ...
However, the court doesn't buy it:
The Court respectfully disagrees.
There is no statutory requirement that all activities involving Section 702 data serve
solely a foreign intelligence national security purpose. To be sure, Section 702 was enacted to
permit "the targeting of persons reasonably believed to be located outside the United States to
acquire foreign intelligence information."... But even at
the time of acquisition, the statute does not require the government to have as its sole purpose
obtaining foreign intelligence information. Rather, the AG and DNI need certify only that
obtaining foreign intelligence information is "a significant purpose" of the acquisition. Under the "significant purpose" standard, an acquisition
under Section 702 is permissible "even if 'foreign intelligence' is only a significant -- not a
primary -- purpose" of the targeting decision....
Nor does FISA foreclose any examination or use of information acquired pursuant to
Section 702 that lacks a purpose relating to foreign intelligence. It is true that the govemment's
minimization procedures must be "reasonably designed in light of the purpose and technique of
the [collection], to minimize the . . . retention, and prohibit the dissemination, of nonpublicly
available information concerning unconsenting United States persons consistent with the need of
the United States to obtain, produce, and disseminate foreign intelligence information," and must limit the dissemination of nonpublicly available
information identifying unconsenting United States persons to certain circumstances.... Notwithstanding these requirements, however, FISA states that the minimization
procedures must also "allow for the retention and dissemination of information that is evidence
of a crime which has been, is being, or is about to be committed and that is to be retained or
disseminated for law enforcement purposes." ... Hence, FISA does not merely
contemplate, but expressly requires, that the government's procedures provide for the retention
and dissemination of Section 702-acquired information that is evidence of crime for law
enforcement purposes. This requirement applies whether or not the crime in question relates to
foreign intelligence or national security.
The counter argument to this, from Jeffress, appears to be that this is a misreading of the law in question. While it does say such information may be retained and disseminated for the purpose of law enforcement, that doesn't mean that bulk collection data can be queried for the purpose of law enforcement
. This is an important distinction. Jeffress' reading of the law is basically "okay, if in the process of going through this for legitimate foreign intelligence purposes you ALSO come across evidence of domestic criminal activity, you don't need to ignore it and can pass it on to law enforcement." But that's worlds away from what we actually have today, which is that the NSA basically says "boo, terrorism!" and collects a ton
of useless information, but then lets the FBI trawl through for any evidence of criminal behavior.
Unfortunately, the FISC just doesn't see that argument.
It would be a strained reading of the definition of minimization procedures to permit FBI
personnel to retain and disseminate Section 702 information constituting evidence of a crime
implicating a United States person for law enforcement purposes, but to prohibit them from
querying Section 702 data in a manner designed to identify such evidence. And such an
interpretation would lead to anomalous results: FBI personnel who came across one
communication acquired under Section 702 that incriminates a United States person perhaps
because it was responsive to a query for foreign intelligence information would be prohibited
from running queries tailored to identify additional communications obtained under Section 702
pertaining to the same criminal activity, even though Section 1801(h)(3) explicitly authorizes the
retention and dissemination of such information for law enforcement purposes.
This seems like a stretch to me. There are lots
of situations where law enforcement may be able to lawfully access some information, but not lawfully access other information. Hell, under the scenario described, it seems like the FBI could use the information obtained from a legitimate national security query to then
issue a subpoena or warrant for the other information, since we're mostly talking about information held by 3rd parties anyway.
made the constitutional arguments... which also fell flat.
Amicus curiae Amy Jeffress urges the Court to reconsider its prior Fourth Amendment
assessments and to reach "a different conclusion" in light of the provisions of the FBI
Minimization Procedures, discussed above, permitting agents and to query the Section
702-acquired information in the possession using United States-person information for the
purpose of finding evidence of crimes unrelated to foreign intelligence....
Ms. Jeffress asserts that without additional safeguards, such querying is inconsistent with the
requirements of the Fourth Amendment:
The querying procedures effectively treat Section 702-acquired data like
any other database that can be queried for any legitimate law enforcement purpose. The
minimization procedures do not place any restrictions on querying the data using U.S.
person identifiers. . . . As a result, the FBI may query the data using U.S. person
identifiers for purposes of any criminal investigation or even an assessment. There is no
requirement that the matter be a serious one, nor that it have any relation to national
security. . . . [T]hese practices do not comply with . . . . the Fourth Amendment.
According to Ms. Jeffress, the querying provisions of the FBl Minimization Procedures
should be revised to "require a written justification for each U.S. person query of the database
that explains Why the query is relevant to foreign intelligence information or is otherwise
justified," or in some other manner that provides additional protection for the United States-
person information in the FBI's possession.
The court rejects this -- and also rejects Jeffress' claim that each search by the FBI should get its own 4th Amendment scrutiny -- saying the whole program can be judged as one. The reason for rejecting the constitutional claim, however, is pretty weak. It basically says, well, the government has to balance national security with privacy and in this case, it's okay. It also notes that there are some limitations on what the FBI can look at and also the fact that the FBI has rarely actually found evidence of criminal activity while trawling through the database (though I fail to see how that impacts the constitutional question at all...).
So, it does look like Jeffress put forth a decent argument... but the court simply didn't buy it. That's obviously going to happen, but the real question is whether or not the FISC will ever
take the arguments of a public advocate seriously.