Yesterday’s story alleging that Internet companies were voluntarily participating in a program to give the NSA access to their systems has morphed overnight into an acknowledgement by the Director of National Intelligence that the activities of the type described in the article would have been part of compelled surveillance mandated by the government under Section 702 of the FISA Amendments Act (“FAA”).
This little-known provision of FISA allows the government to conduct warrantless surveillance on people reasonably believed to be located overseas, so long as the primary purpose of the collection is to acquire foreign intelligence information and no U.S. citizen is targeted directly, even though a U.S. citizen’s communications with the foreign person may also be captured. In order to initiate this surveillance, the Attorney General of the United States and the Director of National Intelligence first have to file a one-time certification with the FISA court, following the procedures described in 50 U.S.C § 1881(g). That certification must, among other things, contain attestations that there are procedures in place that are reasonably designed to—
- ensure that an acquisition authorized under subsection (a) is limited to targeting persons reasonably believed to be located outside the United States; and
- prevent the intentional acquisition of any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States;
- the minimization procedures to be used with respect to such acquisition—
- a significant purpose of the acquisition is to obtain foreign intelligence information;
In addition, the government must put suitable “minimization” procedures in place to avoid reviewing non-relevant communications.
Then, once a certification is on file, the Attorney General and the DNI may issue directives to electronic communication service providers (without any further external oversight) under 50 U.S.C. § 1881(h). These directives require providers to implement surveillance – just like when receiving an actual court order — and to maintain the secrecy of the records and of their assistance. The providers have no choice in the matter.
The fact that the government is actively using this process to conduct surveillance is not entirely a surprise. In fact, one brave provider challenged this very type of warrantless surveillance nearly 5 years ago, resulting in a decision of the Foreign Intelligence Surveillance Court of Review authorizing such surveillance and compelling the provider to cooperate, despite the fact that this procedure affords nearly unbridled discretion to the executive branch to select targets for the surveillance.
The DNI statement, combined with this court decision, sheds more light on the recent disclosure and strongly suggests that any disclosure of information by the named providers was done pursuant to these mandatory Directives. Rather than revealing a voluntary program that certain providers joined, this acknowledgement that disclosures were required by the FAA and endorsed by the FISA Court of Review should substantially influence the debate on whether the FAA re-authorization was a good thing and whether the statute is being used as it was intended.
