Highlights from the Newly Declassified FISCR Documents

Published On September 15, 2014 | By Marc Zwillinger and Jake Sommer | General

We are proud to say that we were the lawyers who represented Yahoo in its historic challenge to the government’s surveillance program in the Foreign Intelligence Surveillance Court (FISC) and the Foreign Intelligence Court of Review (FISCR) and its efforts over the past year to get the over 1,500 pages of filings released last Thursday to be declassified and unsealed. Having toiled in secret until recently, and having originally been told we would need to wait 25 years to tell anyone of our experience, it is refreshing to be able to write about the case in detail. Last week, the news was covered by all of the major papers, but for those interested in taking a deeper dive, we thought we’d share a little bit of a guide to the interesting nuggets you will (and won’t find) in the newly released documents.

First, the government’s prior position on standing may be a bit of a surprise. In more recent cases, like Clapper, it has argued that only the provider has standing to challenge surveillance orders under the FISA Amendments Act, not individual users who may have been caught up in the surveillance. But, in this fight, the government argued that Yahoo had no standing to challenge a directive on the basis of the Fourth Amendment rights of its users. See Government’s Ex Parte Brief at pages 53-56. Although the government was forced to change its position after it lost this issue at both the FISC and the FISCR — and such standing was expressly legislated into the FAA – had the government gotten its way, surveillance orders under § 702 would have been unchallengeable by any party until the fruits of the surveillance were sought to be used against a defendant in a criminal case. That would have given the executive branch even greater discretion to conduct widespread surveillance with little potential for judicial review. Even though Yahoo lost the overall challenge, winning on the standing point was crucial, and by itself made the fight personally worthwhile.

Second, the press has been very interested in the amount of fines that Yahoo faced. Even so, it has still underreported the pressure brought on Yahoo (and the court) to cause the surveillance to begin even while the case challenge was still pending. The FISC issued its decision on April 25, 2008, but we were not permitted to inspect the order until April 29, 2008 (and even then were not allowed to take notes), and did not receive a copy until May 5, 2008, when the government demanded that Yahoo give a same-day answer whether it would comply with the surveillance demand. This was a very difficult time for me personally, as my father, Eugene M. Zwillinger, died on April 30, 2008, and his funeral was on May 4, 2008. Notwithstanding the government’s time pressure, and my personal grief, we defied the government’s demand, filed rushed motions to appeal and to stay the decision, and had hoped to stave off compliance while we continued to litigate. This back and forth can be seen in the contentious letters included as exhibits to the Matthew Olsen declaration. The government’s response was forceful and immediate. It moved for contempt, and requested coercive fines of a minimum of $250,000 per day, doubling each week until Yahoo complied. Simple math indicates that Yahoo was facing fines of over $25 million dollars for the 1st month of noncompliance, and fines of over $400 million in the second month if the court went along with the government’s proposal. And practically speaking, coercive civil fines means that the government would seek increased fines, with no ceiling, until Yahoo complied. But it was not until the release of these documents that we also understood the pressure that the government placed on the court itself to deny Yahoo’s stay. Partially redacted declarations never before unsealed (and which Yahoo did not have access to at the time), show that DNI Michael McConnell declared to the Court that granting the stay “could cause great harm to the United States.” See McConnell Dec. at 2. Between the coercive fines, and the DNI’s sworn declaration, there was great pressure to cause the surveillance to begin.

Finally (as to the post), the records released reveal some of the difficulties for providers litigating in the FISC and the FISCR. The ex parte, classified appendix was just that: a treasure trove of documents, significantly longer than the joint appendix, which Yahoo had never seen before August 22, 2014. Yahoo was denied the opportunity to see any of the documents in the classified, ex parte appendix—even in summary form. Those documents bear a look today. They include certifications underlying the § 702 directives, procedures governing communications metadata analysis, a declaration from the Director of National Intelligence, numerous minimization procedures regarding the FBI’s use of process, and, perhaps most importantly, a FISC decision from January 15, 2008 regarding the procedures for the DNI/AG Certification at issue, which Yahoo had never seen. It examines those procedures under a “clearly erroneous” standard of review – which is one of the most deferential standards used by the judiciary. Yahoo did not have these documents at the time, nor the opportunity to conduct any discovery. It could not fully challenge statements the government made, such as the representation to FISCR “assur[ing the Court] it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary.” Nor could Yahoo use the January 15, 2008 decision to demonstrate how potential flaws in the targeting process translated into real world effects. This information disparity is part of the reason we have advocated for greater transparency in the FISC, as reflected by this testimony and article.

For Yahoo’s Statement on the Release of Documents click here.

A closing note from Elizabeth Banker – As the in-house counsel who managed the litigation for the company and partnered with Marc and Jake on the filings, I was proud that the company chose to take a stand because it was the right thing to do, not because it had any expectation of publicity or PR for its efforts to protect its users. Like Marc, I also lost my father while the litigation was on-going and though it forced me to spend time away from my family, I took comfort in the fact that my father would have been proud if he could have known what I was doing. Regardless of one’s personal feelings about how national security and civil liberties should be balanced, the law we challenged represented an unprecedented level of programmatic surveillance in the history of the U.S. that merited review in the courts before the program truly took off. In the wake of the Snowden leaks and the declassified decisions from the FISC that show how the government authority has been used, I feel our instincts to be wary of programs that do not involve judicial review of specific targets was, and remains, legitimate.

Photo by r2hox from Flickr

About The Authors

Marc is the founder and managing member of ZwillGen PLLC and has been regularly providing advice and counsel on issues related to the increasingly complex laws governing Internet practices, including issues related to Electronic Communications Privacy Act (“ECPA”), the Wiretap and Communication Acts, privacy, CAN-SPAM, FISA, spyware, adware, Internet gambling and adult-oriented content. He also helps Internet Service Providers and other clients comply with their compliance obligations pertaining to the discovery and disclosure of customer and subscriber information.

Jacob Sommer’s practice focuses on legal issues related to Internet-based services and social networking, with a focus on protecting client’s rights in litigation or government investigations involving the Copyright Act, Lanham Act, Digital Millennium Copyright Act (“DMCA”), Electronic Communications Privacy Act (“ECPA”), the Wiretap and Communication Acts, CAN-SPAM, FISA and federal and state laws governing Internet gambling. He also helps social networks, search engines, e-mail providers, ISPs and other clients fulfill their compliance obligations pertaining to the discovery and disclosure of customer and subscriber information.

Comments