from Digital and Cyberspace Policy Program

The Case for Reforming Section 702 of U.S. Foreign Intelligence Surveillance Law

A man uses headphones while working at the Justice Ministry's agency for communications capturing in Buenos Aires, Argentina, on July 14, 2016. Marcos Brindicci/Reuters

To rein in the NSA’s collection, monitoring, and searching of U.S. citizens’ communications, Congress should reform section 702 of the Foreign Intelligence Surveillance Amendments Act.

June 26, 2017

A man uses headphones while working at the Justice Ministry's agency for communications capturing in Buenos Aires, Argentina, on July 14, 2016. Marcos Brindicci/Reuters
Report

On December 31, 2017, section 702 of the 2008 Foreign Intelligence Surveillance Amendments Act (FAA) will expire. Section 702 governs the domestic interception of foreigners’ communications, when the targets are believed to be outside the United States. Although externally directed, this statute is being used by agencies to monitor, collect, and search U.S. citizens’ communications for foreign intelligence and criminal activity. Congress has an opportunity to amend section 702 to safeguard U.S. national security, protect citizens, and comply with the Constitution.

Laura K. Donohue

Professor of Law at Georgetown Law, Director of Georgetown's Center on National Security and the Law, and serves as Amicus Curiae for the U.S. Foreign Intelligence Surveillance Court

Controversy marks the renewal debate. The Director of National Intelligence (DNI) states that the interception powers are vital to the intelligence community’s ability to protect the United States from foreign threats. About one quarter of the counterterrorism reports from the National Security Agency (NSA) include information derived from section 702 intercepts. Renewal is the intelligence community’s top legislative priority for 2017.

More on:

Cybersecurity

Privacy

Civil Liberties

Intelligence

In contrast, civil liberties organizations consider the current use of section 702 to be unconstitutional. These groups, along with legal analysts and members of Congress, criticize the sheer number of Americans whose communications the NSA collects—a figure that privacy advocates estimate to be in the tens of millions. Revelations about the interception of Donald J. Trump’s campaign workers’ communications with Russia have generated further concern about the potential use of surveillance for political gain.

Section 702 violates citizens’ rights, creates a situation ripe for abuse, and undermines the balance of power.

Section 702 is an important tool in the intelligence community’s arsenal. But the statute should be amended to bring it within constitutional bounds. Section 702 violates citizens’ rights, creates a situation ripe for abuse, and undermines the balance of power between the branches of government. Congress should use the renewal of section 702 to restrict the NSA’s ability to obtain certain kinds of information and to retain citizens’ communications. Congress should also reinstate the “primary purpose” test (which mandates that an intercept be for foreign intelligence purposes), prevent section 702 intercepts from being used to find evidence of ordinary criminal activity, and prohibit collection of communications about (not just to or from) targets.

How Section 702 Works

Section 702 authorizes the federal government, with some statutory restrictions, to intercept electronic communications inside the United States of individuals who are not U.S. persons (that is, U.S. citizens or legal residents). According to the law, the government must reasonably believe that the targets are outside the country at the time of collection.

Section 702 differs in important ways from traditional collection under the 1978 Foreign Intelligence Surveillance Act (FISA). For the government to obtain an order to intercept domestic communications under FISA, it must demonstrate probable cause that the target of the surveillance is a foreign power or an agent of a foreign power, and that each of the facilities to be placed under surveillance is likely to be used by the target. The statute generally defines “foreign power” as a foreign government, a foreign entity or political organization, or a group engaged in terrorism. For a U.S. person to be an agent of a foreign power, some level of suspected involvement in criminal activity is necessary.

Section 702, in contrast, is not subject to the same Fourth Amendment constraints, primarily because the statute targets foreigners overseas. The law, for instance, does not require the government to obtain an order specifying the person or place that it plans to target. Instead, the decision is left to the attorney general and the DNI, so long as the target is reasonably believed to be a non–U.S. person and outside the United States and collection meets the certification requirements. Specifically, the government must certify that targeting and minimization procedures—which are designed to minimize the acquisition and retention and prohibit the dissemination of information about U.S. persons that is not publicly available—meet the statutory requirements and that “a significant purpose” of the acquisition is to gather foreign intelligence. The Foreign Intelligence Surveillance Court (FISC) then determines whether the procedures comply with the law.

More on:

Cybersecurity

Privacy

Civil Liberties

Intelligence

One order 2013 affected around 89,000 targets. By 2015, the number of targets had reached nearly 95,000.

Once the certification has been approved, the government identifies targets for surveillance. It obtains their communications either from equipment placed at strategic locations on the U.S. internet and telecommunications infrastructure (referred to as upstream collection), or from U.S.-based service providers such as Google, Microsoft, and Apple (called downstream or PRISM collection). Section 702 prohibits backdoor searches—that is, targeting non-U.S. persons overseas with the intent of placing U.S. persons under surveillance.

In 2013, former NSA contractor Edward Snowden leaked documents to the press revealing that the agency was using section 702 to collect massive amounts of data, including U.S. persons’ communications. The DNI and the Privacy and Civil Liberties Oversight Board (PCLOB) later confirmed the NSA’s upstream and downstream collection programs. The programs–directed at foreign countries, international organizations, groups, and individuals—implicated substantial numbers of targets. According to the DNI, the one order issued under section 702 in 2013 affected around 89,000 targets. By 2015, the number of targets had reached nearly 95,000.

The NSA obtained not only messages to or from these targets, but also, for upstream collection, data about the target (or selectors associated with the target) known as “about collection.” In addition, the agency collected every message in a multi-communication transaction (MCT)—a communication containing more than one message—linked to a collectable communication. This included U.S. persons’ communications, even when they were not sending a message to or from the target. It also led to the collection of entirely domestic conversations between citizens, unrelated to foreign intelligence.

The extent of such incidental collection appears to be significant: In 2014 the Washington Post reported that the NSA was collecting far more data on ordinary internet users than on legally targeted foreigners. In the files examined, nine out of ten account holders in a cache of intercepted conversations were not themselves a target, but simply caught up in the agency’s net. Nearly half of the files contained names, email addresses, and other details linked to U.S. persons.

Each agency maintains its own procedures for what it does with communications collected by the NSA under section 702. The NSA, CIA, FBI, and National Counterterrorism Center query downstream information for foreign intelligence purposes—broadly defined to include anything related to “the foreign affairs of the United States”—using U.S. persons’ information.

In 2011, the NSA was forbidden from querying upstream communications using information about U.S. persons. Five years later, FISC found out that the NSA had violated the rule “with much greater frequency” than it had previously disclosed. Citing the “lack of candor” and the “serious Fourth Amendment” issues at stake, FISC focused on U.S.-person queries of MCTs obtained in the collection of communications about targets—the kind of collection that was capturing domestic communications. Unable to separate these conversations from conversations to or from targets, the NSA announced in April 2017 that it would cease “about collection.” Simultaneously, the NSA expanded its authority to query all upstream data using U.S. persons’ information, bypassing the previous restraint.

The FBI’s minimization procedures allow it to query section 702 data to look for evidence of criminal activity. It can collect, analyze, and disseminate the data, even if it relates to highly sensitive personal matters such as sexual conduct; political activities (including “discussions with Members of Congress and their staff”); consulting with clergy; and psychiatric and medical appointments. In 2014 the PCLOB reported that the FBI frequently uses this power without registering its queries, making it impossible to track how often the FBI searches Americans’ communications without a warrant—a statement the DNI later verified.

In 2015, Congress made a modest effort to identify what appeared to be de facto backdoor searches, requiring the DNI to release the number of queries involving U.S. persons. In 2016, DNI reported 4,672 search terms used to query content that had not gone through minimization procedures, and 23,800 queries of un-minimized metadata by the NSA and CIA. The number omitted FBI searches.

Constitutional Issues Raised by Section 702

The most trenchant criticism of section 702 acquisition is that it violates the Fourth Amendment, which establishes “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable search and seizure.” The purpose of this clause was to prohibit general warrants, even as the clause that followed specified what would be required for a particularized warrant to be valid: it must be based “upon probable cause, supported by Oath or affirmation, and particularly [describe] the place to be searched, and the persons or things to be seized.”

Although section 702 theoretically prohibits the collection of Americans’ communications, in practice it acts as a general warrant. Using section 702, the intelligence community monitors and collects Americans’ international communications, as well as entirely domestic conversations, without oath or affirmation of wrongdoing. It does not apply to a particular person or place, nor does it specify the records to be obtained. A target may be in another country, but when the person on the other side is a U.S. person, then Americans’ rights are affected. Agencies are not required to delete their records of U.S. persons’ communications. To the contrary, they can be kept and queried to look for unrelated criminal activity—even though they are being collected without the ordinary protections that accompany Fourth Amendment searches.

The NSA has aggravated the constitutional problem by adopting practices that increase access to citizens’ communications. Unless evidence exists that the target is a U.S. person or is inside the country, the agency assumes these criteria are met, meaning that potentially all communications to and from the United States can be monitored and collected. This practice raises further First Amendment concerns relating to the freedom of association and freedom of religion, as well as historic Fifth Amendment rights.

There is also the risk that the executive branch will use section 702 to monitor political opposition. Watergate aside, history is replete with examples of executive power wielded inappropriately. In the 1960s, the NSA’s Project MINARET began by focusing on individuals traveling to Cuba. By the time the program ended in 1973, it was directed at civil rights leaders and anyone suspected of criminal activity. CIA programs have intercepted the international communications of members of Congress, as well as political candidates, while the FBI’s COINTELPRO actively sought to discredit and undermine political adversaries.

The myriad noncompliance issues with section 702 demonstrate the inability of the agencies to abide by the rules set by FISC. With so much information concentrated in one place, the program is ripe for abuse.

Congress should require the NSA to delete communications that are exclusively between U.S. persons.

Too much power in the executive branch is especially problematic, as it threatens the separation of powers. In the past, the executive branch has used surveillance and false criminal charges to undermine the operation of the other branches in their constitutional duties.

Under section 702, moreover, the judiciary is not involved in the targeting decisions either at the time of collection or subsequently. The executive branch determines when to query the databases using U.S. persons’ information and what to do with the data. The process of parallel construction, whereby law enforcement agencies recreate the evidentiary trail, means that section 702 data rarely makes it into court. The result constrains judicial power.

Recommendations for Revising Section 702

Intelligence collection is vital for U.S. national security. It is equally critical that the country adheres to constitutional limits to protect rights, allow for political opposition, and ensure the separation of powers. Four important steps would help to move the law in the right direction.

First, Congress should require the NSA to delete communications that are exclusively between U.S. persons, and to obtain a court order to retain conversations to which a U.S. person is party, bringing collection into conformity with traditional FISA procedures. These minimization procedures are necessary to protect citizens affected by targeting decisions. Currently, as long as the data was not acquired in a way that violates the statutory targeting conditions, the intelligence community may retain citizens’ communications. Congress should require the intelligence community to follow traditional FISA rules, which mandate that U.S. persons’ information obtained from the warrantless interception of communications generally must be destroyed.

Second, section 702 should be amended to prohibit U.S. person queries unless they are subject to a procedure akin to those outlined by FISA: an individualized order from FISC supported by probable cause that the information to be obtained is relevant to foreign intelligence. In addition, queries should be limited to foreign intelligence collection and not extended to ordinary criminal activity. This alteration is critical to ensure that section 702 does not become a way to circumvent the Fourth Amendment.

Third, Congress should reinstate the “primary purpose” test, replacing the language added in 2008 requiring that only “a significant purpose” be for foreign intelligence. If the primary purpose is criminal, then the government should go through existing procedures for collecting evidence of a crime, such as obtaining a warrant for a wiretap, and not through foreign intelligence collection authorities.

Fourth, the statute should contain a prohibition on “about collection” to prevent the NSA from collecting messages mentioning targets. Congress should similarly prohibit the NSA from collecting MCTs unless it obtains only messages to or from the target, deleting other bundled messages. This alteration creates an incentive for the NSA to find a way to protect U.S. persons’ messages.

These would be necessary first steps in bringing section 702 within constitutional bounds. Congress might also consider other proposals, such as prohibiting parallel construction (wherein the NSA passes section 702 information to law enforcement agencies, who construct alternative evidentiary trails), specifying what “derived from” in section 702 means (to facilitate judicial challenges), and preventing citizens’ metadata collection.

This Cyber Brief is part of the Digital and Cyberspace Policy program. The Council on Foreign Relations takes no institutional positions on policy issues and has no affiliation with the U.S. government. All views expressed in its publications and on its website are the sole responsibility of the author or authors.

Top Stories on CFR

Immigration and Migration

Dara Lind, a senior fellow at the American Immigration Council, sits down with James M. Lindsay to discuss the record surge in migrants and asylum seekers crossing the U.S. southern border.

Center for Preventive Action

Every January, CFR’s annual Preventive Priorities Survey analyzes the conflicts most likely to occur in the year ahead and measures their potential impact. For the first time, the survey anticipates that this year, 2024, the United States will contend not only with a slew of global threats, but also a high risk of upheaval within its own borders. Is the country prepared for the eruption of election-related instability at home while wars continue to rage abroad?

Central America