Office of the Director of National Intelligence General Counsel Robert Litt delivered remarks titled, "Privacy, Technology, and National Security: An Overview of Intelligence Collection," at the Brookings Institution on July 18, 2013.
Excerpt from his remarks:
IV. FISA Collection
In showing that this approach is in fact the way our system deals with intelligence collection, I'll use FISA as an example for a couple of reasons. First, because FISA is an important mechanism through which Congress has legislated in the area of foreign intelligence collection. Second, because it covers a wide range of activities, and involves all three sources of law I mentioned earlier: constitutional, statutory and executive. And third, because several previously classified examples of what we do under FISA have recently been declassified, and I know people want to hear more about them.
I don't mean to suggest that FISA is the only way we collect foreign intelligence. But it's important to know that, by virtue of Executive Order 12333, all of the collection activities of our intelligence agencies have to be directed at the acquisition of foreign intelligence or counterintelligence. Our intelligence priorities are set annually through an interagency process. The leaders of our Nation tell the Intelligence Community what information they need in the service of the Nation, its citizens and its interests, and we collect information in support of those priorities.
I want to emphasize that the United States, as a democratic nation, takes seriously this requirement that collection activities have a valid foreign intelligence purpose. We do not use our foreign intelligence collection capabilities to steal the trade secrets of foreign companies in order to give American companies a competitive advantage. We do not indiscriminately sweep up and store the contents of the communications of Americans, or of the citizenry of any country.
We do not use our intelligence collection for the purpose of repressing the citizens of any country because of their political, religious or other beliefs. We collect metadata—information about communications—more broadly than we collect the actual content of communications, because it is less intrusive than collecting content and in fact can provide us information that helps us more narrowly focus our collection of content on appropriate targets. But it simply is not true that the United States Government is listening to everything said by every citizen of any country.
Let me turn now to FISA. I'm going to talk about three provisions of that law: traditional FISA orders, the FISA business records provision, and Section 702. These provisions impose limits on what kind of information can be collected and how it can be collected, require procedures restricting what we can do with the information we collect and how long we can keep it, and impose oversight to ensure that the rules are followed. This sets up a coherent regime in which protections are afforded at the front end, when information is collected; in the middle, when information is reviewed and used; and at the back end, through oversight, all working together to protect both national security and privacy. The rules vary depending on factors such as the type of information being collected (and in particular whether or not we are collecting the content of communications), the nature of the person or persons being targeted, and how narrowly or broadly focused the collection is. They aren't identical in every respect to the rule that apply to criminal investigations, but I hope to persuade you that they are reasonable and appropriate in the very different context of foreign intelligence.
So let's begin by talking about traditional FISA collection. Prior to the passage of FISA in 1978, the collection of foreign intelligence was essentially unregulated by statutory law. It was viewed as a core function of the Executive Branch. In fact, when the criminal wiretap provisions were originally enacted, Congress expressly provided that they did not "limit the constitutional power of the President . . . to obtain foreign intelligence information . . . deemed essential to the national security of the United States." (3) However, ten years later, as a result of abuses revealed by the Church and Pike Committees, Congress imposed a judicial check on some aspects of electronic surveillance for foreign intelligence purposes. This is what is now codified in Title I of FISA, sometimes referred to as "traditional FISA."
FISA established a special court, the Foreign Intelligence Surveillance Court, to hear applications by the Government to conduct electronic surveillance for foreign intelligence purposes. Because traditional FISA surveillance involves acquiring the content of communications, it is intrusive, implicating recognized privacy interests; and because it can be directed at individuals inside the United States, including American citizens, it implicates the Fourth Amendment. In FISA, Congress required that to get a "traditional" FISA electronic surveillance order, the Government must establish probable cause to believe that the target of surveillance is a foreign power or an agent of a foreign power, a probable cause standard derived from the standard used for wiretaps in criminal cases. And if the target is a U.S. person, he or she cannot be deemed an agent of a foreign power based solely on activity protected by the First Amendment—you cannot be the subject of surveillance merely because of what you believe or think.
Under the minimization procedures, an analyst who listens to a conversation involving a U.S. person that has no foreign intelligence value cannot generally share it or disseminate it unless it is evidence of a crime. Even if a conversation has foreign intelligence value—let's say a terrorist is talking to a confederate—that information may only be disseminated to someone with an appropriate need to know the information pursuant to his or her mission.
In other words, electronic surveillance under FISA's Title I implicates the well-recognized privacy interest in the contents of communications, and is subject to corresponding
protections for that privacy interest—in terms of the requirements that it be narrowly targeted and that it have a substantial factual basis approved by the Court, and in terms of the limitations imposed on use of the information.
Now let me turn to the second activity, the collection of business records. After FISA was passed, it became apparent that it left some significant gaps in our intelligence collection authority. In particular, while the Government had the power in a criminal investigation to compel the production of records with a grand jury subpoena, it lacked similar authority in a foreign intelligence investigation. So a provision was added in 1998 to provide such authority, and was amended by Section 215 of the USA-PATRIOT Act passed shortly after 9/11. This provision, which is generally referred to as "Section 215," allows us to apply to the FISA Court for an order requiring production of documents or other tangible things when they are relevant to an authorized national security investigation. Records can be produced only if they are the type of records that could be obtained pursuant to a grand jury subpoena or other court process—in other words, where there is no statutory or other protection that would prevent use of a grand jury subpoena. In some respects this process is more restrictive than a grand jury subpoena. A grand jury subpoena is issued by a prosecutor without any prior judicial review, whereas under the FISA business records provision we have to get court approval. Moreover, as with traditional FISA, records obtained pursuant to the FISA business records provision are subject to court-approved minimization procedures that limit the retention and dissemination of information about U.S. persons—another requirement that does not apply to grand jury subpoenas.
Now, of course, the FISA business records provision has been in the news because of one particular use of that provision. The FISA Court has repeatedly approved orders directing several telecommunications companies to produce certain categories of telephone metadata, such as the number calling, the number being called, and the date, time and duration of the call. It's important to emphasize that under this program we do not get the content of any conversation; we do not get the identity of any party to the conversation; and we do not get any cell site or GPS locational information.
The limited scope of what we collect has important legal consequences. As I mentioned earlier, the Supreme Court has held that if you have voluntarily provided this kind of information to third parties, you have no reasonable expectation of privacy in that information. All of the metadata we get under this program is information that the telecommunications companies obtain and keep for their own business purposes. As a result, the Government can get this information without a warrant, consistent with the Fourth Amendment.
Nonetheless, I recognize that there is a difference between getting metadata about one telephone number and getting it in bulk. From a legal point of view. Section 215 only allows us to get records if they are "relevant" to a national security investigation, and from a privacy perspective people worry that, for example, the government could apply data mining techniques to a bulk data set and learn new personal facts about them—even though the underlying set of records is not subject to a reasonable expectation of privacy for Fourth Amendment purposes.
On the other hand, this information is clearly useful from an intelligence perspective: It can help identify links between terrorists overseas and their potential confederates in the United States. It's important to understand the problem this program was intended to solve. Many will recall that one of the criticisms made by the 9/11 Commission was that we were unable to find the connection between a hijacker who was in California and an al-Qaida safe house in Yemen. Although NSA had collected the conversations from the Yemen safe house, they had no way to determine that the person at the other end of the conversation was in the United States, and hence to identify the homeland connection. This collection program is designed to help us find those connections.
In order to do so, however, we need to be able to access the records of telephone calls, possibly going back many years. However, telephone companies have no legal obligation to keep this kind of information, and they generally destroy it after a period of time determined solely by their own business purposes. And the different telephone companies have separate datasets in different formats, which makes analysis of possible terrorist calls involving several providers considerably slower and more cumbersome. That could be a significant problem in a fast-moving investigation where speed and agility are critical, such as the plot to bomb the New York City subways in 2009.
The way we fill this intelligence gap while protecting privacy illustrates the analytical approach I outlined earlier. From a subscriber's point of view, as I said before, the difference between a telephone company keeping records of his phone calls and the Intelligence Community keeping the same information is what the Government could do with the records. That's an entirely legitimate concern. We deal with it by limiting what the Intelligence Community is allowed do with the information we get under this program—limitations that are approved by the FISA Court:
- First, we put this information in secure databases.
- Second, the only intelligence purpose for which this information can be used is counterterrorism.
- Third, we allow only a limited number of specially trained analysts to search these databases.
- Fourth, even those trained analysts are allowed to search the database only when they have a reasonable and articulable suspicion that a particular telephone number is associated with particular foreign terrorist organizations that have been identified to the Court. The basis for that suspicion has to be documented in writing and approved by a supervisor.
- Fifth, they're allowed to use this information only in a limited way, to map a network of telephone numbers calling other telephone numbers.
- Sixth, because the database contains only metadata, even if the analyst finds a previously unknown telephone number that warrants further investigation, all she can do is disseminate the telephone number. She doesn't even know whose number it is. Any further investigation of that number has to be done pursuant to other lawful means, and in particular, any collection of the contents of communications would have to be done using another valid legal authority, such as a traditional FISA.
- Finally, the information is destroyed after five years.
The net result is that although we collect large volumes of metadata under this program, we only look at a tiny fraction of it, and only for a carefully circumscribed purpose—to help us find links between foreign terrorists and people in the United States. The collection has to be broad to be operationally effective, but it is limited to non-content data that has a low privacy value and is not protected by the Fourth Amendment. It doesn't even identify any individual. Only the narrowest, most important use of this data is permitted; other uses are prohibited. In this way, we protect both privacy and national security.
Some have questioned how collection of a large volume of telephone metadata could comply with the statutory requirement that business records obtained pursuant to Section 215 be "relevant to an authorized investigation." While the Government is working to determine what additional information about the program can be declassified and disclosed, including the actual court papers, I can give a broad summary of the legal basis. First, remember that the "authorized investigation" is an intelligence investigation, not a criminal one. The statute requires that an authorized investigation be conducted in accordance with guidelines approved by the Attorney General, and those guidelines allow the FBI to conduct an investigation into a foreign terrorist entity if there is an "articulable factual basis . . . that reasonably indicates that the [entity] may have engaged in . . . international terrorism or other threat to the national security," or may be planning or supporting such conduct. (5) In other words, we can investigate an organization, not merely an individual or a particular act, if there is a factual basis to believe the organization is involved in terrorism. And in this case, the Government's applications to collect the telephony metadata have identified the particular terrorist entities that are the subject of the investigations.
Second, the standard of "relevance" required by this statute is not the standard that we think of in a civil or criminal trial under the rules of evidence. The courts have recognized in other contexts that "relevance" can be an extremely broad standard. For example, in the grand jury context, the Supreme Court has held that a grand jury subpoena is proper unless "there is no reasonable possibility that the category of materials the Government seeks will produce information relevant to the general subject of the grand jury's investigation." (6) And in civil discovery, relevance is "construed broadly to encompass any matter that bears on, or that reasonably could lead to other matter that could bear on, any issue that is or may be in the case." (7)
In each of these contexts, the meaning of "relevance" is sufficiently broad to allow for subpoenas or requests that encompass large volumes of records in order to locate within them a smaller subset of material that will be directly pertinent to or actually be used in furtherance of the investigation or proceedings. In other words, the requester is not limited to obtaining only those records that actually are potentially incriminating or pertinent to establishing liability, because to identify such records, it is often necessary to collect a much broader set of the records that might potentially bear fruit by leading to specific material that could bear on the issue.
When it passed the business records provision, Congress made clear that it had in mind such broad concepts of relevance. The telephony metadata collection program meets this relevance standard because, as I explained earlier, the effectiveness of the queries allowed under the strict limitations imposed by the court—the queries based on "reasonable and articulable suspicion"—depends on collecting and maintaining the data from which the narrowly focused queries can be made. As in the grand jury and civil discovery contexts, the concept of "relevance" is broad enough to allow for the collection of information beyond that which ultimately turns out to be important to a terrorist-related investigation. While the scope of the collection at issue here is broader than typically might be acquired through a grand jury subpoena or civil discovery request, the basic principle is similar: the information is relevant because you need to have the broader set of records in order to identify within them the information that is actually important to a terrorism investigation. And the reasonableness of this method of collection is reinforced by the all of the stringent limitations imposed by the Court to ensure that the data is used only for the approved purpose.
I want to repeat that the conclusion that the bulk metadata collection is authorized under Section 215 is not that of the Intelligence Community alone. Applications to obtain this data have been repeatedly approved by numerous judges of the FISA Court, each of whom has determined that the application complies with all legal requirements. And Congress reauthorized Section 215 in 2011, after the Intelligence and Judiciary Committees of both Houses had been briefed on the program, and after information describing the program had been made available to all Members. In short, all three branches of Government have determined that this collection is lawful and reasonable—in large part because of the substantial protections we provide for the privacy of every person whose telephone number is collected.
The third program I want to talk about is Section 702, part of the FISA Amendments Act of 2008. Again, a little history is in order. Generally speaking, as I said before, Title I of FISA, or traditional FISA, governs electronic surveillance conducted within the United States for foreign intelligence purposes. When FISA was first passed in 1978, Congress did not intend it to regulate the targeting of foreigners outside of the United States for foreign intelligence purposes.
This kind of surveillance was generally carved out of coverage under FISA by the way Congress defined "electronic surveillance." Most international communications in 1978 took place via satellite, so Congress excluded international radio communications from the definition of electronic surveillance covered by FISA, even when the radio waves were intercepted in the United States, unless the target of the collection was a U.S. person in the United States.
Over time, that technology-based differentiation fell apart. By the early twenty-first century, most international communications travelled over fiber optic cables and thus were no longer "radio communications" outside of FISA's reach. At the same time there was a dramatic increase in the use of the Internet for communications purposes, including by terrorists. As a result, Congress's original intention was frustrated; we were increasingly forced to go to the FISA Court to get individual warrants to conduct electronic surveillance of foreigners overseas for foreign intelligence purposes.
After 9/11, this burden began to degrade our ability to collect the communications of foreign terrorists. Section 702 created a new, more streamlined procedure to accomplish this surveillance. So Section 702 was not, as some have called it, a "defanging" of the FISA Court's traditional authority. Rather, it extended the FISA Court's oversight to a kind of surveillance that Congress had originally placed outside of that oversight: the surveillance, for foreign intelligence purposes, of foreigners overseas. This American regime imposing judicial supervision of a kind of foreign intelligence collection directed at citizens of other countries is a unique limitation that, so far as I am aware, goes beyond what other countries require of their intelligence services when they collect against persons who are not their own citizens.
The privacy and constitutional interests implicated by this program fall between traditional FISA and metadata collection. On the one hand we are collecting the full content of communications; on the other hand we are not collecting information in bulk and we are only targeting non-U.S. persons for valid foreign intelligence purposes. And the information involved is unquestionably of great importance for national security: collection under Section 702 is one of the most valuable sources of foreign intelligence we have. Again, the statutory scheme, and the means by which we implement it, are designed to allow us to collect this intelligence, while providing appropriate protections for privacy. Collection under Section 702 does not require individual judicial orders authorizing collection against each target. Instead, the FISA Court approves annual certifications submitted by the Attorney General and the Director of National Intelligence that identify categories of foreign intelligence that may be collected, subject to Court-approved "targeting" procedures and "minimization" procedures.
The targeting procedures are designed to ensure that we target someone only if we have a valid foreign intelligence purpose; that we target only non-U.S. persons reasonably believed to
be outside of the United States; that we do not intercept wholly domestic communications; and that we do not target any person outside the United States as a "back door" means of targeting someone inside the United States. The procedures must be reviewed by the Court to ensure that they are consistent with the statute and the Fourth Amendment. In other words, the targeting procedures are a way of minimizing the privacy impact of this collection both as to Americans and as to non-Americans by limiting the collection to its intended purpose.
The concept of minimization procedures should be familiar to you by now: they are the procedures that limit the retention and dissemination of information about U.S. persons. We may incidentally acquire the communications of Americans even though we are not targeting them, for example if they talk to non-U.S. persons outside of the United States who are properly targeted for foreign intelligence collection. Some of these communications may be pertinent; some may not be. But the incidental acquisition of non-pertinent information is not unique to Section 702. It is common whenever you lawfully collect information, whether it's by a criminal wiretap (where the target's conversations with his friends or family may be intercepted) or when we seize a terrorist's computer or address book, either of which is likely to contain non-pertinent information. In passing Section 702, Congress recognized this reality and required us to establish procedures to minimize the impact of this incidental collection on privacy.
How does Section 702 work in practice? As of today, there are certifications for several different categories of foreign intelligence information. Let's say that the Intelligence Community gets information that a terrorist is using a particular email address. NSA analysts look at available data to assess whether that email address would be a valid target under the statute—whether the email address belongs to someone who is not a U.S. person, whether the person with the email address is outside the United States, and whether targeting that email address is likely to lead to the collection of foreign intelligence relevant to one of the certifications. Only if all three requirements of the statute are met, and validated by supervisors, will the email address be approved for targeting. We don't randomly target email addresses or collect all foreign individuals' emails under Section 702; we target specific accounts because we are looking for foreign intelligence information. And even after a target is approved, the court approved procedures require NSA to continue to verify that its targeting decision is valid based on any new information.
Any communications that we collect under Section 702 are placed in secure databases, again with limited access. Trained analysts are allowed to use this data for legitimate foreign
intelligence purposes, but the minimization procedures require that if they review a communication that they determine involves a U.S. person or information about a U.S. person, and they further determine that it has no intelligence value and is not evidence of a crime, it must be destroyed. In any case, conversations that are not relevant are destroyed after a maximum of five years. So under Section 702, we have a regime that involves judicial approval of procedures that are designed to narrow the focus of the surveillance and limit its impact on privacy. I've outlined three different collection programs, under different provisions of FISA, which all reflect the framework I described. In each case, we protect privacy by a multi-layered system of controls on what we collect and how we use what we collect, controls that are based on the nature and intrusiveness of the collection, but that take into account the ways in which that collection can be useful to protect national security. But we don't simply set out a bunch of rules and trust people to follow them. There are substantial safeguards in place that help ensure that the rules are followed.
These safeguards operate at several levels. The first is technological. The same technological revolution that has enabled this kind of intelligence collection and made it so valuable also allows us to place relatively stringent controls on it. For one thing, intelligence agencies can work with providers so that they provide the information we are allowed to acquire under the relevant order, and not additional information. Second, we have secure databases to hold this data, to which only trained personnel have access. Finally, modern information security techniques allow us to create an audit trail tracking who uses these databases and how, so that we have a record that can enable us to identify any possible misuse. And I want to emphasize that there's no indication so far that anyone has defeated those technological controls and improperly gained access to the databases containing people's communications. Documents such as the leaked secondary order are kept on other NSA databases that do not contain this kind of information, to which many more NSA personnel have access.
We don't rely solely on technology. NSA has an internal compliance officer, whose job includes developing processes that all NSA personnel must follow to ensure that NSA is complying with the law. In addition, decisions about what telephone numbers we use as a basis for searching the telephone metadata are reviewed first within NSA, and then by the Department of Justice. Decisions about targeting under Section 702 are reviewed first within NSA, and then by the Department of Justice and by my agency, the Office of the Director of National Intelligence, which has a dedicated Civil Liberties Protection Officer who actively oversees these programs. For Title I collection, the Department of Justice regularly conducts reviews to ensure that information collected is used and disseminated in accordance with the court-approved minimization procedures. Finally, independent Inspectors General also review the operation of these programs. The point is not that these individuals are perfect; it's that as you have more and more people from more and more organizations overseeing the operation of the programs, it becomes less and less likely that unintentional errors will go unnoticed or that anyone will be able to misuse the information.
But wait, there's more. In addition to this oversight by the Executive Branch, there is considerable oversight by both the FISA Court and the Congress. As I've said, the FISA Court has to review and approve the procedures by which we collect intelligence under FISA, to ensure that those procedures comply with the statute and the Fourth Amendment. In addition, any compliance matter, large or small, has to be reported to the Court. Improperly collected information generally must be deleted, subject only to some exceptions set out in the Court's orders, and corrective measures are taken and reported to the Court until it is satisfied.
And I want to correct the erroneous claim that the FISA Court is a rubber stamp. Some people assume that because the FISA Court approves almost every application, it does not give these applications careful scrutiny. In fact the exact opposite is true. The judges and their professional staff review every application carefully, and often ask extensive and probing questions, seek additional information, or request changes, before the application is ultimately approved. Yes, the Court approves the great majority of applications at the end of this process, but before it does so, its questions and comments ensure that the application complies with the law.
Finally, there is the Congress. By law, we are required to keep the Intelligence and Judiciary Committees informed about these programs, including detailed reports about their operation and compliance matters. We regularly engage with them and discuss these authorities, as we did this week, to provide them information to further their oversight responsibilities. For example, when Congress reauthorized Section 215 in 2009 and 2011 and Section 702 in 2012, information was made available to every member of Congress, by briefings and written material, describing these programs in detail.