an unanticipated consequence of
Jack M. Balkin
Jack Balkin: jackbalkin at yahoo.com
Bruce Ackerman bruce.ackerman at yale.edu
Ian Ayres ian.ayres at yale.edu
Mary Dudziak mary.l.dudziak at emory.edu
Joey Fishkin joey.fishkin at gmail.com
Heather Gerken heather.gerken at yale.edu
Mark Graber mgraber at law.umaryland.edu
Stephen Griffin sgriffin at tulane.edu
Bernard Harcourt harcourt at uchicago.edu
Scott Horton shorto at law.columbia.edu
Andrew Koppelman akoppelman at law.northwestern.edu
Marty Lederman marty.lederman at comcast.net
Sanford Levinson slevinson at law.utexas.edu
David Luban david.luban at gmail.com
Gerard Magliocca gmaglioc at iupui.edu
Jason Mazzone mazzonej at illinois.edu
Linda McClain lmcclain at bu.edu
John Mikhail mikhail at law.georgetown.edu
Frank Pasquale pasquale.frank at gmail.com
Nate Persily npersily at gmail.com
Michael Stokes Paulsen michaelstokespaulsen at gmail.com
Deborah Pearlstein dpearlst at princeton.edu
Rick Pildes rick.pildes at nyu.edu
Alice Ristroph alice.ristroph at shu.edu
Brian Tamanaha btamanaha at wulaw.wustl.edu
Mark Tushnet mtushnet at law.harvard.edu
Adam Winkler winkler at ucla.edu
In my last post, I compared the pending legislation to my speculation about the January 2007 FISA Court orders. Of course, it’s also interesting to compare the pending legislation to current (traditional) FISA. That can be done in two ways, both of which I will attempt here. First, cribbing from Chapter 7 of my book, I’ll describe the four main limits on current FISA’s regulatory scope, and explain how the new legislation will affect each of those limits. Next, approaching the issue in a different way, I will divide the world of electronic communications into three main groups, and say a few words about each group under traditional FISA and modernized FISA. 1. FISA’s Four Limits. Under current law, there are four significant limits on FISA’s regulatory scope with respect to surveillance. First, the statute does not apply where all parties to a wire or radio communication are located abroad, even if they are Americans (U.S. persons), and even if the surveillance is conducted inside the United States. Such foreign-to-foreign wire and radio communications are (and always have been) simply outside the statute’s scope. Under the new law, this will change, because surveillance targeting an American located abroad will generally be subject to Sections 703 (if the surveillance occurs in the United States) or 704 (if the surveillance occurs abroad), both of which require judicial findings of probable cause that the targeted American is an agent of a foreign power. This will be the case even if the American abroad is communicating with another person located abroad. In this respect, it would be fair to say that the new law will expand FISA. (Section 703 may be best seen as a limit on the contraction of FISA as discussed in the next paragraph, but Section 704 appears to be a genuine expansion.)
The opposite is true, however, with respect to stored e-mail. Although traditional FISA has never regulated surveillance of foreign-to-foreign wire or radio communications, as mentioned earlier it currently does regulate surveillance of foreign-to-foreign e-mail if the e-mail is acquired from storage inside the United States; and this is the case even if all parties to the e-mail are foreigners (non-U.S. persons). Under the new law, this anomaly will be corrected, and foreign-to-foreign e-mail exchanged between foreigners will no longer require a FISA warrant, even if acquired from storage in the United States. (As noted in the previous paragraph, however, if an American abroad is the target of such e-mail surveillance, Section 703 of the new statute will apply, even if the American is communicating with a foreigner who is also located abroad.) In this respect – concerning foreign-to-foreign e-mail exchanged between foreigners – the new law will contract FISA.
The second major limit in current FISA is that the statute does not apply where the surveillance target is located abroad and the surveillance occurs abroad. Again, the new statute will both expand and contract FISA in this area. It will expand FISA because Section 704 of the new statute will require a judicial finding of probable cause for such surveillance targeting Americans located abroad. But it will contract FISA because Section 702 of the new statute will eliminate the need for a traditional FISA order even if the surveillance (or other acquisition activity) targeting a foreign person located abroad occurs inside the United States.
The third major limit is that current FISA does not apply to wire surveillance where the target is a foreigner, and the surveillance occurs abroad. As discussed above, the main effect of the new statute will be to enlarge this exception to cover situations in which the surveillance occurs inside the United States, as long as the foreign target is (reasonably believed to be) located abroad. In this respect, it can be said that the new law will contract FISA’s regulatory reach.
Fourth and finally, current FISA does not apply to radio surveillance not targeting a U.S. person located in the United States where any party to the radio communication is outside the United States. This exception will be essentially unchanged under the new law.
2. On the assumption that the foregoing discussion left some readers unsatisfied (or perhaps even a little queasy), let me try to approach the issue from a different perspective, dividing the world of electronic communications into three groups, and analyzing each group under current law and the pending legislation. The three groups are:
(a) U.S.-to-U.S. communications, also known as domestic communications;
(b) foreign-to-U.S. communications, also known as one-end-U.S. communications; and
(c) foreign-to-foreign communications.
a. Domestic Communications. The first group to be discussed is purely domestic communications, where both parties are located in the United States. This includes, for example, a telephone call from Washington to New York. By and large, FISA has always regulated surveillance of these domestic communications. Certainly that was the case in 1978. Although the Protect America Act cast some doubt on this during its operative period (August 2007 to February 2008), the current legislation provides expressly that it does not apply to intentional acquisition of known domestic communications (Section 702(b)(4)). Accidental acquisition is possible, and no doubt in operation there will be interesting fact-intensive questions about whether and when the government “knows” that a communication is domestic. (This alone could be the topic of a separate discussion; for now, it’s enough to note that the statute requires the government to establish guidelines to address these concerns (702(g)(2)(A)(iii).) In theory, at least, the government cannot use the new statute to target domestic communications, even if exchanged between and among visiting foreigners in this country.
b. One-End-U.S. Communications. The second group is for “one-end-U.S.” communications, where one party, but not both, is located in the United States. This includes, for example, a telephone call from New York to London. Here, FISA has always been a mixed bag. But as I mentioned in prior posts, Congress in 1978 deliberately allowed NSA to conduct warrantless surveillance of international calls as long as it was not targeting individual Americans located in the United States. Vacuum-cleaner surveillance of communications to or from the United States, which didn’t target anyone in particular, was permitted if NSA took certain operational steps – namely, applying the vacuum cleaner either to a radio communication or to a wire or cable located outside the United States. And this was the rule even if that surveillance acquired calls to, from, or about Americans located in the United States.
The key with respect to surveillance of these one-end-U.S. communications was that no “particular, known” American in the United States could be targeted. For example, to paraphrase one witness who testified in Congressional hearings leading to FISA, the NSA could not run its vacuum cleaners over a transatlantic telephone cable with filters set to record all calls mentioning “David Kris” (or my home address, or my social security number). That kind of surveillance clearly would be designed to obtain information from or about a particular, known American located in the United States (me), and would therefore be subject to FISA. On the other hand, however, NSA could set its filters to record all calls mentioning the word “terrorism” – because that does not target anyone in particular – and could keep those calls even if some of them were made by me. (Of course, when I say that NSA “could” do something, I mean that it could do so legally, not operationally or technically.)
Under the modernized version of FISA, the government will have both more and less authority in this area. It will still need a warrant to target any particular, known American in the United States – that is unchanged. It will no longer need a traditional FISA warrant to target a foreign person located abroad, even if the surveillance occurs on wires or cables inside this country – that is a contraction of FISA. But it will need a judicial finding of probable cause to target an American person located abroad, whether the surveillance occurs inside the United States (Section 703) or abroad (Section 704) – that is an expansion of FISA, at least as to surveillance conducted abroad.
The third and final group in my taxonomy is for foreign-to-foreign communications, where all parties are located abroad. This includes, for example, a telephone call from London to Paris. As noted earlier, FISA has never – at any time – regulated surveillance of a wire or radio communication between two foreign locations, even if made by two Americans, and even if acquired inside the United States (as can happen because of the way the world’s telephone lines are laid out). But, as also noted earlier, it does currently regulate surveillance of an e-mail exchanged between persons in two foreign locations, if the e-mail is acquired from storage inside the United States, even if both the sender and recipient of the e-mail are foreigners. Under the new statute, if the target is a foreigner located abroad, FISA does not require a warrant (Section 702); if the target is an American, it requires a judicial finding of probable cause (Sections 703 and 704).
I've commented myself on where I think e-mail and other type unidirectional (albeit "store-and-forward") communications ought to go in the surveillance taxonomy (some links at my comment in your Part I), a couple more comments here)
David Kris: On the other hand, however, NSA could set its filters to record all calls mentioning the word “terrorism” – because that does not target anyone in particular – and could keep those calls even if some of them were made by me.
I find this weird. The more the NSA gobbles up (by being less specific about the target identification or specification), the less illegal it is?!?!?
Kind of like Scalia saying that your prohibited from torturing convicted felons, but torturing innocent people off the street is just good policy; the Eighth Amendment doesn't run to that kind of general abuse....
The only excuses I can think of to justify such thinking are 1) that if the NSA Hoovers every conversation around, your own dalliances will not be particularly embarrassing (certainly not enough so as to stand out compared to others ... unless the gummint wants to make an example of you), and these peccadilloes may well be lost in the chaff, and 2) the Hoovering may be done by machine so that no person is snooping on your privates. Of course, that depends on the machine settings, doesn't it? And FISA is all about oversight and review for possible abuse after the abuses of COINTELPRO, the spying on MLK, Operation Shamrock, etc....
But all in all, shouldn't the fact that something is pervasive be more cause for alarm?!?!?
I find this weird. The more the NSA gobbles up (by being less specific about the target identification or specification), the less illegal it is?!?!?
Arne, I take you to be knowledgeable about wiretapping, even if you can't tell us everything you know. I am wondering if you agree with this analysis. It was my understanding that the whole objection to Bush's warrantless surveillance was that he was doing just that, vacuuming up our international calls. I thought the objection to the PAA was that it made all international calls fair game for warantless surveillance.
Now our guest commentator is saying that FISA has allowed just that all along, which would seem to imply that the Administration was not breaking FISA at all.
NSA could set its filters to record all calls mentioning the word “terrorism” – because that does not target anyone in particular – and could keep those calls even if some of them were made by me.
Yes; that's probably what happens upstream of the Quantico circuit.
(Of course, when I say that NSA “could” do something, I mean that it could do so legally, not operationally or technically.)
My understanding is our best guess is essentially all traffic is snooped, about 10% of it is selected by filters on whatever basis, e.g. a mention of "terrorism", and that 10% is saved. I would say the system operationally and technically is coming along just fine.
perhaps your own dalliances will not be particularly embarrassing . . . or the Hoovering may be done by machine so that no person is snooping on your privates.
The history of Hoovering is that once this kind of data gets stored, it will get abused.
No matter what the original intent, which I'll freely grant is good, that database is a fruitful source of abuse. It's just waiting for it, it's way too tempting, it never gets erased, it never becomes less tempting, and history shows it will get abused.
The only known effective way to prevent rights abuse is not to store it in the first place. The fundamental problem with Hoovering is it sets up all the conditions for later abuse.
"I have billions of private conversations but it's OK they're all locked up here and you can trust me" is a non-starter for privacy.
Today Senator Feingold noted these four changes from FISA. I hope David or one of the commenters will speak to them in practical terms:
1. (Paraphrasing the DNI on the PAA): "the government could legally collect all communications between the United States and overseas." I.e. the "significant purpose" test is toothless.
2. (Paraphrasing the DNI on the Senate bill, which the current one mirrors): "the government can wiretap a person overseas indefinitely without a warrant, no matter how interested it may really be in the American with whom that person overseas is communicating."
The Senator says reverse targeting is subject to no judicial oversight, not, e.g., requiring (as the Senator proposed) a court order if a significant purpose is to reverse-target. How does this compare with FISA's regime?
3. Acquisitions may continue pending appeal from an adverse FISA Court decision. How would that sit under FISA minimization? [Question: Does acquired information have to be ditched if SCOTUS affirms on appeal? Even that is not apparent to me.]
4. The exigency exception is so broad ("no time to get a warrant") as to swallow the rule and calls for no after the fact judicial review of the exigent action (which is what the Senator proposed).
5. Minimization is one thing without the (ghost of) Hoover on at full throttle but is next to useless in the envisioned regime.
I suspect Senator Feingold is overstating none of this, but I hope one or more of you enlighten me on these points.
Let me first say that I appreciate the analysis from the esteemed guest blogger. I'm unable, however, to find in this analysis a discussion of the differences between FISA and the new bill on who can authorize hoovering, and it seems to me that is a significant issue.
Thanks for blogging on a difficult subject! It is really helpful to have someone read through the statute.
Can I make a small suggestion? I think this is the kind of thing that cries out for a chart, with slots for the targeted person and the other caller and the variables: location of caller, location of surveillance, nationality/immigrant status. Actually, two charts, one with the old and one with the new, and highlights in the areas where there is a change.
Or I guess I could just do it myself, but I'm lazy ;-)
It looks as if one of the problems of both old and new FISA is the paradigm that Americans have constitutional rights and foreigners don't have any rights at all. Note the parallel with traditional Islam, which divides the world into the Dar-al-Islam (the house of peace, the Muslim-ruled world) and the Dar-al-Harb (the house of war, everywhere else). I've blogged a bit elsewhere on this.
It might be an idea to start from the opposite, universalist presumption that everyone, including random Iraqis and Afghans, has certain fundamental privacy rights which no government can invade except for cause. Then you define a rule-of-law régime - perhaps not very demanding - that ensures these rights are balanced against legitimate national security and law enforcement interests. Finally you decide what additional protections are required for American citizens to meet the standards of the US Constitution. Location would become, as Kris suggests, as legally irrelevant as it is in practice.
Just wondering if anyone noticed that H.R.6304 changes the definition of "weapons of mass destruction"? It now includes any explosive, incendiary, or poison device that can cause a mass casualty incident (Formerly it needed to be a nuclear, chemical or biological weapon).
For those of us who are responders for disaster incidents, an MCI (mass casualty incident) is any incident where the number of victims is greater than the number of responders. So this new definition includes IED's. I guess when they pass this, they will have finally found the WMD in Iraq.