FISA Court’s Section 702 Opinion and Memo, Explained
Published by The Lawfare Institute
in Cooperation With
Background
On May 19, the Office of the Director of National Intelligence (ODNI) authorized the release of an unsealed Foreign Intelligence Surveillance Court (FISC) memorandum opinion and order from April 2022. The FISC opinion revealed significant violations of statutory requirements governing when the FBI is allowed to query Section 702 collections with U.S. person selectors. The order revealed that the FBI conducted over “278,000 non-compliant inquiries. . . of raw FISA-acquired information.” Most notably, the court warned that, if these violations continue, the number of FBI officials with access to FISA-sourced data could be “substantially limited.”
Section 702 is a provision of FISA allowing U.S. intelligence agencies to target foreign nationals “reasonably believed to be located outside the United States to acquire foreign intelligence information,” with limitations designed to avoid the “target[ting]” of U.S. citizens. As reflected in remarks by General Paul Nakasone, the dual-hatted commander of NSA and Cyber Command, Section 702 “allows the Intelligence Community to acquire the communications of specific foreign actors overseas and use those details to identify terrorist plots, track spies, identify cyber attacks and try to stop them as well as provide U.S. policymakers with the information they need to understand a wide range of national security threats.” Section 702 has also been criticized for enabling an end-run around the Fourth Amendment. Section 702 was passed in 2008 as a means of modernizing FISA to be responsive to the increasingly valuable foreign intelligence information that can be acquired from modern digital assets, which includes the collection of phone calls, emails, and texts, as well as various kinds of metadata.
To conduct surveillance under Section 702, the Attorney General and the Director of National Intelligence submit certifications that specify categories of intelligence that the intelligence community can use Section 702 to collect. The Attorney General and the Director of National Intelligence also submit targeting and minimization procedures that are designed to ensure that only non-U.S. persons outside the U.S. are targeted and that any incidentally collected U.S. person information is appropriately “safeguarded.” The FISC then reviews these certifications and procedures annually to ensure they comply with both FISA and the Fourth Amendment. This review includes an assessment of how the 702 program has functioned in practice and may also address compliance incidents. The FISC issues a written order explaining its reasoning, which may include an approval or require modifications to the targeting and minimization procedures or institute additional procedures like reporting requirements. The April 2022 order is an example of this process. Section 702 has been renewed by Congress once since 2008, in 2018, and is set to sunset at the end of this year.
Contents of April 2022 Memorandum and Order
The most significant part of the April 22 order concerns a series of “deficiencies in the querying practices of the (FBI).” Despite the issues, the court ultimately “conclude[s] that the querying and minimization satisfy statutory requirements.” Yet, the court nevertheless warns that if the misapplication of the querying and minimization processes by FBI officials “are not substantially mitigated by these recent measures, it may be necessary to…substantially limit[] the number of FBI personnel with access to unminimized Section 702 information.”
While Section 702 only authorizes the targeting of non-U.S persons reasonably believed to be located abroad, U.S. person communications are collected incidentally when the authorized targets communicate with U.S. persons. There are statutory rules and internal guidance for when and under what circumstances the FBI can use U.S. person query terms, like an email address, to query the database containing the product of 702 collection.
In Part IV of his opinion, Judge Rudolph Contreras of the FISC provided an overview of the government’s minimization and querying procedures for conducting data collection under Section 702. In approving the procedures, the court noted that, on multiple occasions since 2018, the FISC has held that the “FBI frequently violated the three-part legal standard articulated by the government.” These violations have persisted, even as the FISC first approved an original set of querying procedures specific to the FBI in 2019 and has repeatedly reviewed their application since then. In addition, the FBI’s creation of the Office of Internal Affairs to ensure “internal compliance” with statutory and constitutional requirements in 2020 has similarly failed to eliminate failures by the FBI to comply with the querying procedures, with the April 2022 order specifically highlighting the “volume of non-compliant batch inquiries” that have continued to emerge.
Further, in his order, Judge Contreras identified that U.S. government officials have located “queries of raw FISA acquired information [by the FBI]...without a specific factual basis to believe the query was reasonably likely to return foreign intelligence information or evidence of a crime.” For example, in several of these cases, FBI analysts conducted queries without knowing what precisely they were searching for or lacked a clearly articulated reason behind the targeting parameters. In others, FISC found the rationale insufficient at times to authorize a search under Section 702. In all, the FBI had improperly conducted FISA queries up to 278,000 times. These searches included the Bureau’s decision to investigate U.S. citizens participating in the George Floyd protests of summer 2020, extensive queries related to individuals allegedly tied to Jan. 6, 2021 attack on the U.S. Capitol, and 19,000 donors supporting a congressional candidate unnamed in the order, among others.
In Part IV.D.2, the court outlines and ultimately approves the government’s procedures to reduce the risk of unlawful queries by the FBI and other agencies. The FISC accepted recommendations for imposing a more rigorous, three-part test for authorizing FISA queries by the FBI under the “reasonably likely to retrieve” test and justifying why a query is being conducted in the first place.”
The order further requires that the Bureau individually justify searches with particularized facts to a certain case rather than having officials select among pre-determined categories. In one example, FISC points to a roughly 50 percent reduction in the total number of queries conducted as a result of changes that “require users to affirmatively elect to run searches against unminimized Section 702 information,” decreasing the likelihood of “non-compliance stemming from inadvertent querying.” They also have adopted additional tools to identify potentially illegal searches through an “automated process” and daily attorney review to ensure all requirements are met, as well asalso adopting a narrower standard under which the National Security Division at the Justice Department will assess whether a particular intelligence collection under Section 702 will result in unauthorized querying into the private data and metadata of U.S. citizens.
While FISC notes that the FBI will therefore benefit from a reduction in the number of violations, other benefits may include making the FBI more efficient by sorting through more tailored datasets. More broadly, the court’s findings will likely factor into the debate over reauthorizing FISA before its expiration later this year.