FISA Court Rejects Arguments By First Public Advocate To Argue NSA PRISM Backdoor Searches Are Unconstitutional
from the so-that's-a-shame dept
The USA Freedom Act, however, added the ability of the FISC to appoint a public advocate. Many have been quite reasonably skeptical about this -- in terms of how often it would be used, who would be appointed and how seriously the FISC would take the public advocate. In this case, we see that the public advocate did, in fact, argue that parts of the PRISM program were unconstitutional... and the FISC then rejected that. In this case, the court appointed Amy Jeffress, a former federal prosecutor and DOJ official -- which might make some skeptical of her willingness to actually advocate for the public -- however, this ruling shows that she did, in fact argue that the program was unconstitutional (her actual arguments have not been released).
It appears that the FISC specifically asked Jeffress for her thoughts on the so-called "backdoor searches" that we've discussed before. Specifically, while the NSA is only supposed to collect info on non-US persons, it can collect and then hang onto a huge swath of information under the 702/PRISM program, including what's referred to as "about" information (i.e., any information "about" a suspected terrorist -- meaning your emails mentioning a terrorist could get sucked up). Historically, if the NSA came across any US person's information this way they're supposed to dump it. But through some twists and turns, these days the information gets kept... and is considered "incidentally" collected. Oh and the FBI and CIA then get access to all of that data as well for searching.
In this analysis, the FISC was examining how constitutional that whole thing is (and we'll have another more detailed post on that as well). The FISC specifically asked Jeffress for an analysis of two specific issues here. Did either of the following two things violate the 4th Amendment: (1) the searches of the information collected in this manner that might return information concerning US persons, and (2) information that is preserved under this system for "litigation purposes" that might otherwise be required to be destroyed under so-called minimization rules. The second one is basically the issue that came up in some EFF cases, where the EFF is challenging the legality of the NSA collecting this data at all, but the NSA started deleting the data in question, because it's required to delete data after five years. So there's a question of whether or not that data can legally be kept, even if it needs to be kept for the lawsuit. On this, it appears the court is fine with holding onto data for such litigation preservation.
However, on question number (1), Jeffress apparently noted that the FBI being able to do these backdoor searches appears to go way beyond what's allowed. Remember, this information was collected specifically for the purposes of national security. The whole 702 program was designed and approved on the basis that it was about national security. Yet, it appears that once the FBI gets its hands on it, it's used for all sorts of other stuff. This is just what everyone had assumed before when first learning about these backdoor searches. Jeffress starts off by arguing that these kinds of searches simply go beyond what the law itself allows:
Amicus curiae Amy Jeffress has raised concerns regarding the querying provisions of the FBI Minimization Procedures.... Ms. Jeffress does not specifically assert that the querying provisions render the procedures inconsistent with the applicable statutory definition of minimization procedures. Nevertheless, she contends that the FBI Minimization Procedures "go far beyond the purpose for which the Section 702-acquired information is collected in permitting queries that are unrelated to national security." ...However, the court doesn't buy it:
The Court respectfully disagrees.The counter argument to this, from Jeffress, appears to be that this is a misreading of the law in question. While it does say such information may be retained and disseminated for the purpose of law enforcement, that doesn't mean that bulk collection data can be queried for the purpose of law enforcement. This is an important distinction. Jeffress' reading of the law is basically "okay, if in the process of going through this for legitimate foreign intelligence purposes you ALSO come across evidence of domestic criminal activity, you don't need to ignore it and can pass it on to law enforcement." But that's worlds away from what we actually have today, which is that the NSA basically says "boo, terrorism!" and collects a ton of useless information, but then lets the FBI trawl through for any evidence of criminal behavior.
There is no statutory requirement that all activities involving Section 702 data serve solely a foreign intelligence national security purpose. To be sure, Section 702 was enacted to permit "the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information."... But even at the time of acquisition, the statute does not require the government to have as its sole purpose obtaining foreign intelligence information. Rather, the AG and DNI need certify only that obtaining foreign intelligence information is "a significant purpose" of the acquisition. Under the "significant purpose" standard, an acquisition under Section 702 is permissible "even if 'foreign intelligence' is only a significant -- not a primary -- purpose" of the targeting decision....
Nor does FISA foreclose any examination or use of information acquired pursuant to Section 702 that lacks a purpose relating to foreign intelligence. It is true that the govemment's minimization procedures must be "reasonably designed in light of the purpose and technique of the [collection], to minimize the . . . retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information," and must limit the dissemination of nonpublicly available information identifying unconsenting United States persons to certain circumstances.... Notwithstanding these requirements, however, FISA states that the minimization procedures must also "allow for the retention and dissemination of information that is evidence of a crime which has been, is being, or is about to be committed and that is to be retained or disseminated for law enforcement purposes." ... Hence, FISA does not merely contemplate, but expressly requires, that the government's procedures provide for the retention and dissemination of Section 702-acquired information that is evidence of crime for law enforcement purposes. This requirement applies whether or not the crime in question relates to foreign intelligence or national security.
Unfortunately, the FISC just doesn't see that argument.
It would be a strained reading of the definition of minimization procedures to permit FBI personnel to retain and disseminate Section 702 information constituting evidence of a crime implicating a United States person for law enforcement purposes, but to prohibit them from querying Section 702 data in a manner designed to identify such evidence. And such an interpretation would lead to anomalous results: FBI personnel who came across one communication acquired under Section 702 that incriminates a United States person perhaps because it was responsive to a query for foreign intelligence information would be prohibited from running queries tailored to identify additional communications obtained under Section 702 pertaining to the same criminal activity, even though Section 1801(h)(3) explicitly authorizes the retention and dissemination of such information for law enforcement purposes.This seems like a stretch to me. There are lots of situations where law enforcement may be able to lawfully access some information, but not lawfully access other information. Hell, under the scenario described, it seems like the FBI could use the information obtained from a legitimate national security query to then issue a subpoena or warrant for the other information, since we're mostly talking about information held by 3rd parties anyway.
Jeffress also made the constitutional arguments... which also fell flat.
Amicus curiae Amy Jeffress urges the Court to reconsider its prior Fourth Amendment assessments and to reach "a different conclusion" in light of the provisions of the FBI Minimization Procedures, discussed above, permitting agents and to query the Section 702-acquired information in the possession using United States-person information for the purpose of finding evidence of crimes unrelated to foreign intelligence.... Ms. Jeffress asserts that without additional safeguards, such querying is inconsistent with the requirements of the Fourth Amendment:The court rejects this -- and also rejects Jeffress' claim that each search by the FBI should get its own 4th Amendment scrutiny -- saying the whole program can be judged as one. The reason for rejecting the constitutional claim, however, is pretty weak. It basically says, well, the government has to balance national security with privacy and in this case, it's okay. It also notes that there are some limitations on what the FBI can look at and also the fact that the FBI has rarely actually found evidence of criminal activity while trawling through the database (though I fail to see how that impacts the constitutional question at all...).The querying procedures effectively treat Section 702-acquired data like any other database that can be queried for any legitimate law enforcement purpose. The minimization procedures do not place any restrictions on querying the data using U.S. person identifiers. . . . As a result, the FBI may query the data using U.S. person identifiers for purposes of any criminal investigation or even an assessment. There is no requirement that the matter be a serious one, nor that it have any relation to national security. . . . [T]hese practices do not comply with . . . . the Fourth Amendment.According to Ms. Jeffress, the querying provisions of the FBl Minimization Procedures should be revised to "require a written justification for each U.S. person query of the database that explains Why the query is relevant to foreign intelligence information or is otherwise justified," or in some other manner that provides additional protection for the United States- person information in the FBI's possession.
So, it does look like Jeffress put forth a decent argument... but the court simply didn't buy it. That's obviously going to happen, but the real question is whether or not the FISC will ever take the arguments of a public advocate seriously.