an unanticipated consequence of
Jack M. Balkin
Jack Balkin: jackbalkin at yahoo.com
Bruce Ackerman bruce.ackerman at yale.edu
Ian Ayres ian.ayres at yale.edu
Mary Dudziak mary.l.dudziak at emory.edu
Joey Fishkin joey.fishkin at gmail.com
Heather Gerken heather.gerken at yale.edu
Mark Graber mgraber at law.umaryland.edu
Stephen Griffin sgriffin at tulane.edu
Bernard Harcourt harcourt at uchicago.edu
Scott Horton shorto at law.columbia.edu
Andrew Koppelman akoppelman at law.northwestern.edu
Marty Lederman marty.lederman at comcast.net
Sanford Levinson slevinson at law.utexas.edu
David Luban david.luban at gmail.com
Gerard Magliocca gmaglioc at iupui.edu
Jason Mazzone mazzonej at illinois.edu
Linda McClain lmcclain at bu.edu
John Mikhail mikhail at law.georgetown.edu
Frank Pasquale pasquale.frank at gmail.com
Nate Persily npersily at gmail.com
Michael Stokes Paulsen michaelstokespaulsen at gmail.com
Deborah Pearlstein dpearlst at princeton.edu
Rick Pildes rick.pildes at nyu.edu
Alice Ristroph alice.ristroph at shu.edu
Brian Tamanaha btamanaha at wulaw.wustl.edu
Mark Tushnet mtushnet at law.harvard.edu
Adam Winkler winkler at ucla.edu
Yesterday, in discussing H.R. 6304, the FISA modernization bill passed by the House on Thursday, I identified the key elements of current FISA, and described what I see as the main legal and operational arguments for and against modernizing the statute. Today, I’d like to describe the Bush Administration’s actual efforts to “modernize” electronic surveillance. There have been, essentially, three Administration approaches to modernizing electronic surveillance – one directed at each branch of the federal government. As it turns out, the first two approaches seem to have failed, but the third (embodied in H.R. 6304) appears to be on the verge of success.
a. Executive Branch. The Bush Administration’s first approach to modernization, illustrated by the TSP, was simply to ignore FISA. That method, relying on unilateral action by the executive branch, prevailed without public knowledge or challenge for approximately four years, until the famous December 2005 story by the New York Times. Much has been written about this period, on Balkinzation and elsewhere.
b. Judicial Branch. A little more than a year later, the government appeared to find a judicial solution to the problem of FISA modernization, advancing a new interpretation of the statute that at least one judge accepted. In January 2007, the FISA Court “issued orders authorizing the Government to target for collection international communications into or out of the United States where there is probable cause to believe that one of the communicants is a member or agent of al Qaeda or an associated terrorist organization.” As a result of these orders, the Department of Justice (DOJ) announced, “any electronic surveillance that was occurring” under the TSP “will now be conducted subject to the approval” of the FISA Court. Although DOJ so far has refused to disclose the legal theory underlying these court orders, it is worth considering whether and how they could have both complied with FISA and, as DOJ asserted, allowed the necessary “speed and agility” of warrantless surveillance. The following paragraphs set forth an educated guess about the January 2007 FISA Court orders, drawn from a much longer discussion in Chapter 15 of my book .
As noted in yesterday’s post, FISA has three essential substantive requirements: first, a target that is a foreign power or an agent of a foreign power; second, a facility being used by that target; and third, minimization. To satisfy these requirements without sacrificing speed and agility, it is necessary to identify the broadest possible target and facility, which will yield the broadest possible authorization order, which will require the fewest possible court orders for the most surveillance.
Identifying the broadest possible target is relatively straightforward under FISA – foreign powers (such as al Qaeda) are far broader than individual agents of a foreign power (such as Osama Bin Laden). This is entirely legitimate, and conventional, as long as the government is genuinely interested in getting information about al Qaeda, rather than any particular member of al Qaeda. If the government focuses its attention too much on any single terrorist, then that terrorist becomes the target. But if the government uses a wide-angle lens, focused on the group as a whole, it is comfortably within the requirements of FISA.
The broadest possible facility is harder to identify. A “facility” in FISA is the electronic analogue for location or place in an ordinary search – a concept with roots in the Fourth Amendment’s Particularity Clause. In a conventional criminal case, for example, the police obtain a warrant to search for the murder weapon in the suspect’s apartment. The warrant is not issued for the suspect’s entire apartment building, let alone his entire street or neighborhood, because that would be insufficiently particular. But nor is the warrant limited, for example, to the top drawer of the suspect’s desk – that is more particular than the Fourth Amendment requires. The location specified in a search warrant must be “reasonably” particular, and so too a FISA facility must be reasonably particular. For example, as noted in yesterday’s post, the traditional FISA facilities are 10-digit telephone numbers or name@domain e-mail addresses.
As far as I can determine, the government seems to have persuaded the FISA Court in January 2007 that the international gateway switches, which essentially are the junctions between the U.S. and the rest of the world’s telecommunications grids, are reasonably particular FISA “facilities,” and that al Qaeda is using them. If that is right, it means that a handful of orders gave the government access to all, or almost all, of the international telecommunications traffic entering or leaving the United States. That is very speedy and agile.
The problem, of course, is that while al Qaeda is using those switches, so is everyone else. Even under the most extreme estimates, al Qaeda cannot account for more than a tiny percentage of calls transiting the switches.
It is possible that the government and the FISA Court saw this problem, and dealt with it through minimization. What they may have decided is that while the government has authority to conduct surveillance of al Qaeda on the switches, it cannot actually have someone monitor – listen to or record – any individual call without probable cause (or something like probable cause) that at least one party to the call is a terrorist (or something like a terrorist). This minimization standard may resemble the normal probable-cause determination required by FISA for agents of a foreign power, except that it is made by the executive branch rather than by the FISA Court.
To understand the function of such a FISA order, consider an (admittedly flawed) analogy to the world of ordinary searches. Imagine that the FBI obtains a warrant to search for drugs anywhere in New York City. Standing alone, this seems too broad – a clear Particularity Clause problem. But now imagine that the warrant provides expressly that while the FBI has nominal authority to search all buildings in New York, it may not enter any particular building unless a Supervisory Special Agent or higher-ranking official finds probable cause that drugs are indeed located within that building. Rightly or wrongly, this is the basic idea behind the January 2007 orders as described above. Again, the clever aspect is that those orders moved the bedrock probable-cause requirement of FISA from the front end of the statute, where a judge decides it, to the back end, where the executive branch applies it as part of minimization, subject only to after-the-fact review by the court. If this is indeed what the FISA Court decided in January 2007, it is easy to understand why the government announced the result publicly, as it seems to solve many of the problems posed by the TSP being conducted in violation of FISA.
It appears, however, that in April 2007, another FISA Court judge rejected the government’s interpretation at least in part, imposing limits and conditions that the executive branch apparently could not tolerate. As the DNI explained to Congress in September 2007, “we were devoting substantial expert resources towards preparing applications that needed FISA Court approval. This was an intolerable situation, as substantive experts, particularly IC subject matter and language experts, were diverted from the job of analyzing collection results and finding new leads, to writing justifications that would demonstrate their targeting selections would satisfy the statute.”
c. Legislative Branch. The government’s setback in the FISA Court led to a third approach, involving the legislative branch, that appears to have culminated in the bill passed by the House of Representatives on Thursday. I’m still working my way through the bill, but here is my initial take on its essential provisions, with new FISA Title VII section numbers noted in parentheses so any interested readers can check my work and correct it if I’ve messed up.
The new bill allows the government, “[n]otwithstanding any other provision of law,” to engage in the “targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information” (702(a)). There is no probable-cause requirement; the only thing that matters is (the government’s reasonable belief about) the target’s location. The acquisition must be to obtain foreign intelligence information, which includes information necessary to protect against the full range of foreign threats to national security, including both international terrorism and espionage, and information with respect to a foreign power that is necessary to the national defense or foreign affairs. The acquisition is not limited to any particular facility or place (702(g)(4)), which means that the government can use it to direct surveillance (or other acquisition methods) at various facilities without obtaining a separate authorization for each one.
The acquisition authority granted by the statute is subject to several essential requirements and limitations:
First, the acquisition “may be conducted only in accordance with” what are referred to in the bill as “targeting procedures” (702(c)(1)(A)) which must be “reasonably designed” to “ensure that any acquisition … is limited to targeting persons reasonably believed to be located outside the United States,” and to “prevent the intentional acquisition” of communications “known, at the time of the acquisition,” to be purely domestic (702(d)(1)) – these communications remain subject to surveillance under traditional FISA (702(b)(4)).
Second, the acquisition “may be conducted only in accordance with” some version of traditional “minimization procedures” (702(c)(1)(A)), which must be “consistent with” FISA’s definition of that term for electronic surveillance or physical searches (702(e)).
Third, a senior Justice Department official and the Director of National Intelligence must certify in advance (or if necessary, a week after acquisition begins (702(g)(1)), that the targeting and minimization procedures satisfy the statutory requirements, that a “significant purpose” of the acquisition is to obtain foreign intelligence information, and that the acquisition involves the assistance of an electronic communication service provider (702(g)(2)).
Fourth, where the targeted person is a United States person – e.g., a U.S. citizen or green card holder – more restrictive measures apply depending primarily on whether the acquisition occurs inside or outside the United States (703 and 704).
Under the bill, the FISA Court reviews the targeting and minimization procedures to ensure that they meet the statutory requirements and the Fourth Amendment (702(i)), and orders modifications if necessary; the court reviews the certification only as a matter of form, to ensure that it “contains all the required elements” (702(i)(3)(A)-(B)). The court’s order is issued to the government only – there is no provision in the bills for a secondary order. Instead, the government itself issues a “directive” to electronic communication service providers requiring their assistance (702(h)). Providers may challenge such directives in the FISA Court (702(h)(4)), and the government may seek FISA Court orders compelling compliance from a recalcitrant provider (702(h)(5)). Thereafter, providers may be punished via contempt of court for noncompliance (702(h)(4)(G) and (h)(5)(D)). There are reporting and oversight procedures, including review by Inspectors General of the government’s compliance with the targeting and minimization procedures, and the number of targets originally believed to be abroad but later determined to have been located in the United States (702(l)), and there is a reiteration of FISA’s 1978 “exclusivity provision” in Section 102 of the bill.
It is interesting to compare the pending legislation to the TSP as it may have been implemented just prior to, and just after, the January 2007 FISA Court orders. There appear to be two main differences. First, the pending legislation applies only to targets located abroad, while the January 2007 orders may have allowed surveillance of targets in the U.S. (as long as they were making international calls). Second, more importantly, the pending legislation focuses only on the target’s location (or the government’s reasonable belief about his location) not his status or conduct as a terrorist or agent of a foreign power. In other words, there is no requirement that anyone – the FISA Court or the NSA – find probable cause that the target is a terrorist or a spy before (or after) commencing surveillance. This may well be a reaction, or perhaps an over-reaction, to the FISA Court’s April 2007 order, which appears to have frustrated the government by requiring more, or more frequent, reporting about the status of certain surveillance targets. But, as discussed above, the Administration’s request for this aspect of the bill seems to have provoked a countervailing limitation from Congress, in that the pending legislation extends some version of FISA to surveillance conducted abroad of a U.S. person who is located abroad; today, such surveillance is conducted unilaterally by the executive branch, without statutory regulation or judicial review and approval, albeit with a requirement that the Attorney General find probable cause that the U.S. person is an agent of a foreign power. (It is also interesting to compare the pending legislation to the current, traditional version of FISA, but in an abundance of caution I plan to seek prepublication review for that comparison, and therefore cannot provide it here.)
Looking ahead, I believe the pending legislation probably represents only an interim solution to the problem of FISA modernization. First, it is extremely complicated. As I read the bill, it establishes at least five different categories of full-content acquisition: (1) traditional electronic surveillance, (2) traditional physical searches, (3) surveillance or searches targeting non-U.S. persons reasonably believed to be abroad, (4) surveillance or searches targeting U.S. persons reasonably believed to be abroad when the acquisition occurs in the United States, and (5) surveillance or searches targeting U.S. persons reasonably believed to be abroad when the acquisition occurs outside the United States. FISA has always been an arcane and difficult statute, but the intricacy of the pending legislation risks confusing the government officials who must apply it, often under substantial time pressure. This can lead to errors of both major types – improper acquisition of private communications (or other information) that undermines liberty and privacy, and improper abstention from acquisition that undermines security.
In addition, the pending legislation continues to rely, at least to some degree, on the location of the surveillance target. For now, that may be the best we can do. For the long run, however, we may need more radical change. If the government genuinely cannot determine a person’s location, it makes no sense to use geography as a trigger for FISA’s warrant requirements. In those circumstances, a geographical approach will always be too broad or too narrow – treating all communicating parties, or none, as if they were in the United States.
Second, more importantly, the pending legislation focuses only on the target’s location (or the government’s reasonable belief about his location) not his status or conduct as a terrorist or agent of a foreign power.
When this in significant fashion affects "the people," it seems to be of particular 4A concern especially in the 21st Century international communications world.
It might not be immediately relevent, but four justices in particular think citizenship is key when dealing with habeas. Locale isn't the deciding factor. Why not other constitutional rights?
Not that unlimited power to wiretap others doesn't concern me. But, when "the people" of the United States are involved in particular, some status/conduct link should be present.
I appreciate as well the explanation of the details of this legislation. Immunity rankles, but it isn't the only matter of concern. As with the rush job last time, the short time allowed to understand this bill before voting is atrocious.
The fact experts can't quite get a handle of things yet is sooo telling.
Is there some reason you call the NSA's warrantless wiretapping program the "terrorist surveillance program"? Why prefer a sales slogan to an accurate term?
Is there some reason you don't mention that the administration is proceeding with massive infrastructure for surveillance of domestic communication, regardless of law, legislature, or courts?
Is there some reason you don't mention that the warrantless wiretapping program that has been revealed, and attempted to be justified and posthoc blessed as legal, is far from the whole of the program?
One of the key unanswered questions is whether this bill would authorize wholesale interception and recording of communications to and from the US or whether it would only permit particularized (albeit very extensive) interception of the communications of selected individuals. The answer to this question turns in part on the meaning of "targeting." I have posed this question at length in a blog at the CDT site, http://blog.cdt.org/2008/06/25/does-targeting-authorize-the-vacuum-cleaner/ My comment accepts and builds on David Kris' analysis. I welcome comments either at the CDT site or here.