Lost amidst the news about former FBI Director Jim Comey’s high-profile testimony last week was the kick-off of the debate on reauthorization of an intelligence program under which the government scans the content of international communications that flow to and from the United States via the internet for foreign intelligence purposes.
The program, known as the section 702 program for the provision in the Foreign Surveillance Intelligence Act that created it, is due to expire at the end of the year and the directors of the FBI, National Security Agency (NSA) and National Intelligence were on Capitol Hill to defend it.
Trump administration officials have called for a permanent “clean” reauthorization which Thomas Bossert, the president’s homeland security and counterterrorism adviser, outlined in a recent New York Times op-ed. Senator Tom Cotton and over a dozen other Republican Senators including Intelligence Committee Chairman Richard Burr had introduced such a “clean” reauthorization bill earlier in last week.
However, civil liberties groups have long voiced concerns about the program and seek reforms in any reauthorization legislation. Last week, Facebook, Amazon, Microsoft, Google, and other tech companies sent a letter to House Judiciary Chair Robert Goodlatte seeking their own proposed reforms.
Section 702 authorizes the government to collect from U.S. companies the communications data of non-U.S. persons (non-citizens or lawful permanent residents) abroad.
During last week’s hearing, Director of National Intelligence Dan Coats argued that Section 702 has produced "significant intelligence that is vital to protect the nation" and cited the prevention of a New York subway bombing, as well as the government’s ability to have tracked down and ultimately kill the self-declared Islamic State’s second-in-command Hajji Iman. The program’s intelligence value was substantiated by the independent Privacy and Civil Liberties Oversight Board (PCLOB), which found that
Monitoring terrorist networks under Section 702 has enabled the government to learn how they operate, and to understand their priorities, strategies, and tactics, […] and has led the government to identify previously unknown individuals who are involved in international terrorism, and it has played a key role in discovering and disrupting specific terrorist plots aimed at the United States and other countries.
The program focuses on targeting non-U.S. persons reasonably believed to be located abroad and the intelligence community has ceased its practice of collecting communications that only mention foreign targets (rather than with targets).
Despite these developments, there are still two outstanding sets of concern: (1) searches of the incidentally collected communications of U.S. persons and (2) the collection via the compelled cooperation of U.S. companies and analysis of bundles of data that may include communications with non-U.S. persons who are not targets.
Although the program prohibits “targeting” U.S. persons in collection of data, it allows the search of that data using U.S. person identifiers in investigations. The NSA and CIA only search using a “statement of facts showing that a query is reasonably likely to return foreign intelligence information” but that restriction does not apply to the FBI. The section 702 database is vast, including not only the communications with non-U.S. persons abroad who are surveillance targets but also data caught up in batches with communications on the internet backbone with surveillance targets. The Foreign Intelligence Surveillance Court that oversees the program deemed these searches to be constitutional but many scholars believe it was wrong to do so.
Despite validating the program’s significant intelligence value, the PCLOB concluded that the lack of information about the collection of Americans’ communications under section 702 “hampers attempts to gauge whether the program appropriately balances national security interest with the privacy of U.S. persons” and recommended that the government provide to Congress data related to this collection. Last week, despite requests from numerous lawmakers and privacy organizations and his own commitment to work to produce the information, DNI Coats refused to provide data on the number of Americans’ communications collected under 702.
Of particular concern to U.S. tech companies is the collection of communications of overseas foreigners who are not targeted for surveillance. The U.S. tech sector has been criticized by foreign governments, and U.S. internet products and services have come under suspicion from users since the Edward Snowden disclosures revealed the extent of section 702 collection. The European Court of Justice referenced section 702 when it struck down the EU-U.S. Safe Harbor, the agreement that had treated U.S. company handling of EU persons’ data as compliant with EU data protection laws. The replacement Privacy Shield has already been challenged in European courts, although the European Commission is defending the deal. Having communications traffic move away from the United States not only diminishes revenue for U.S. firms, but also undermines the ability of intelligence agencies to collect and analyze communications.
Reform proposals are beginning to surface. After last week’s hearing, Judiciary Committee Ranking Member Dianne Feinstein endorsed authorization (though with a sunset) and proposed codifying the NSA’s decision to end collection of communications that merely mention a target and a requirement for an outside counsel each time the government seeks the Foreign Intelligence Surveillance Court’s approval of continuation of 702 collection.
The importance of the program for intelligence purposes—and the political drama swirling around—shouldn’t prevent a well-reasoned consideration of how best to preserve the program’s important intelligence-gathering capabilities, while respecting U.S. persons’ constitutional rights and avoiding disincentives to international use of U.S. technology infrastructure.