Glenn S. Gerstell served as general counsel of the National Security Agency from 2015 to 2020 and is now a senior adviser at the Center for Strategic and International Studies.
Somehow, FISA has become a four-letter word.
One of our country’s most important and successful national security statutes, the Foreign Intelligence Surveillance Act of 1978 (FISA)—which Congress adopted and amended over four decades by wide (albeit declining) margins—is now so controversial that Congress has been forced to let critical provisions expire because legislators can’t come to any agreement on how to amend it.
As the supervisor during both the Obama and Trump administrations of attorneys who relied on FISA for authorization to conduct lawful foreign surveillance, I fully appreciate the need to protect civil liberties and privacy rights in any surveillance program; but I also know how critical the statute is for generating intelligence to keep our country safe.
The current swirl of controversy around FISA is distracting from the truth about how the law operates, what the real challenges are, and where there is room for improvement.
Why and How FISA Was Created
Largely in response to President Nixon’s domestic surveillance abuses revealed by the Church-Pike hearings [PDF], and partly to address the confused state of the law [PDF] over whether a judicial warrant was needed to tap a phone line in national security cases, the U.S. Department of Justice under the Ford and Carter administrations worked with Congress to create a novel and complex statutory scheme.
That scheme was set out in FISA with the intent of regulating electronic surveillance and the compelled production of physical evidence, if conducted within the United States for national security purposes, consistent with the Fourth Amendment’s protection for U.S. persons. Congress used a complex definition of “electronic surveillance”—depending on what type of surveillance is being conducted, where the target is located, and where the electronic interception occurs, all rooted in the technology of 1978—to determine what is covered by the statute. Congress expressly exempted from FISA any surveillance conducted overseas by the country’s spy agencies, unless it targeted a U.S. person. (Generally, such exempted surveillance activities are instead governed by presidential executive order, and are subject to fewer restrictions and less oversight.)
A key element of the scheme was the creation of the Foreign Intelligence Surveillance Court (FISC) to hear in a classified setting the U.S. government’s requests for national security surveillance or searches. The court—the only one in the nation that conducts its business in complete secrecy—meets in Washington, DC and has eleven judges drawn from the federal judiciary, appointed on a rotating basis by the chief justice of the United States.
Four agencies use FISA as part of their surveillance operations—The Federal Bureau of Investigation, the National Security Agency (NSA), the Central Intelligence Agency, and the National Counterterrorism Center. A hypothetical example of its application could work this way: The FBI might suspect an official of a foreign embassy in the United States of spying, and submit an application to the FISC for permission to undertake surveillance in the United States against that official or perhaps even a U.S. citizen believed to be assisting that official. The application would (among other things) have to show specific facts, in a sworn affidavit, that there was “probable cause” that the “target,” namely the official or U.S. citizen, was “an agent of a foreign power.” The FISC usually grants the application, although it is far from a rubber stamp, and often asks for additional information and occasionally turns down applications. The FBI would then serve the FISC’s order on the target’s telephone company or email provider in the United States, which would be legally required to facilitate a wiretap of the target’s phone calls or turn over the target’s emails to the FBI for its investigation.
Amendments after 9/11
After the 9/11 terrorist attacks, FISA was significantly amended several times to give the U.S. government more effective tools to fight terrorism and address supervening changes in technology. U.S. email providers were dominating global communications and international phone calls were increasingly routed not via satellite but through subsea and terrestrial cables connected to the United States. The result was that foreigners were getting more legal protection than they were entitled to (namely, a “probable cause” judicial order), simply because they were using American communications systems, thus triggering the use of FISA. In response, Section 702 [PDF] was added to FISA in 2008 with a novel basis for foreign surveillance: the government wouldn’t need to seek an order from the FISC against a specific target if the target was a not a U.S. person, was reasonably believed to be overseas, and was within one of several categories of pre-approved targets, for example, international terrorists.
In return for dispensing with the requirement for a specific court order against the target, FISC-approved procedures designed to minimize the effect of incidental collection of U.S. persons’ communication were adopted. Moreover, the surveillance operations were overseen by Congress, the Privacy and Civil Liberties Oversight Board [PDF], and various executive branch agencies, and were subject to detailed public reporting. In the course of more than a decade of 702 operations, there has not been a single case of willful misconduct by any government official.
Section 702 was renewed in early 2018 for another six years after a contentious congressional debate with many privacy organizations expressing their opposition. The provision turned out to be extraordinarily useful to the nation’s spy agencies and was said to have been critical in uncovering terrorist plots. Last year, Section 702 was used against approximately two hundred thousand foreign targets [PDF].
Two other amendments to the original FISA have been the subject of controversy. One set of amendments expanded the government’s rights to seek physical evidence for foreign intelligence information, including the right to compel businesses to turn over customer records (for example, a bank turning over its customers’ financial records, a storage rental company turning over records of who rented storage units, or a dealer giving records of firearm sales). Another amendment, adopted in 2015 in reaction to Edward Snowden’s revelation of a classified NSA program to collect in bulk Americans’ telephone billing records, enabled the NSA to ask the FISC for an order requiring telephone companies to supply on an ongoing basis individual “call data records” (but not the content of phone calls) of Americans who had been in contact with possible international terrorists. After trying for a few years to make the revised program work, NSA in 2019 publicly suspended the effort for technical reasons, concluding that it wasn’t worth it. Not surprisingly, the agency’s decision fueled the arguments of parties on both sides of the surveillance debate, with some saying the failure proved the government’s overreach and others saying a hobbled scheme was doomed to be ineffective. All of this set the stage for today’s controversies—discussed in part two.