Published by The Lawfare Institute
in Cooperation With
Brookings

Our little November NSA Trove-a-thon will shift gears now.  Having covered judicial materials---court filings, opinions, and similar items regarding NSA's bulk collection of telephony and internet metadata---we'll move to congressional oversight of those same subjects. So far as this post goes, that will mean time-traveling back to two historical documents: first, 2005 congressional testimony by then-Attorney General Alberto Gonzales and then-FBI Director Robert Mueller III, regarding the renewal of the government's surveillance authorities; and second, to a 2006 legal filing, submitted under Gonzales' name to the Foreign Intelligence Surveillance Court ("FISC"). The brief is of course a court document above all, but it also bears on oversight---perhaps more so in this particular context. According to the Director National Intelligence's most recent document dump, the submission was---seemingly---unsealed by the FISC at the government's request in 2009, and produced to both pairs of Intelligence and Judiciary committees pursuant to FISA's reporting provisions.  Enjoy.  Testimony by the Attorney General and the FBI Director  In first of the pair, Attorney General Gonzales and Director Mueller testify jointly, on April 27, before the Senate Select Committee on Intelligence, as to the import of the PATRIOT Act provisions which had been scheduled to sunset at the end of 2005. The testimony is divided into two parts: I. FISA Statistics Part one ticks off surveillance data.  The testimony indicates that the volume of FISC applications increased "dramatically" post 9/11, from 1,012 applications in 2000 to 1,758 in 2004. Of the 2004 applications, "none were denied, although 94 were modified by the FISA court in some substantial way." II. Uses of FISA Authorities in the War on Terrorism Gonzales and Mueller highlight for reauthorization four sections of the PATRIOT Act: roving wiretaps in §206, expansion of authorization periods for certain cases in §207, pen register/ trap and trace ("PR/TT") authorization in §214, and the authorization of business records production in §215. Additionally, they asked for permanent reauthorization of the Intelligence Reform and Terrorism-Prevention Act of 2004, which included a provision, also set to sunset at the end of 2005, that had expanded the definition of "agent of a foreign power" to include a "lone wolf"---a non-U.S. person who "acts alone or is believed to be acting alone and who engages in international terrorism or in activities in preparation therefor."

A. Roving Wiretaps

The document reveals that roving wiretaps had been issued under §206 forty-nine times, as of March 30, 2005. The document addresses critics of this provision head-on, contending that those who object that the provision "gives the FBI discretion to conduct surveillance of persons who are not approved targets of court-authorized surveillance" are "wrong." The FISA court, they note, must first still find probable cause that the target is either a foreign power or an agent thereof. They also address the criticism that §206 enables the FBI to wiretap all phone lines and internet connected related to a suspect, without having to identify a suspect by name. But FISA, they note, requires that the government identify a particular target, so each roving wiretap order is tied to an individual that FISC has probable cause to believe is a foreign power or an agent of a foreign power.

B. Authorized Periods for FISA Collection

As originally enacted, FISA permitted electronic surveillance of a class of individuals---agents of foreign powers who act in the U.S. as an officer of a foreign power, or as a member of a terrorist organization---for initial periods of 90 days, with extensions by application in increments of 90 days. It also allowed physical searches of any agent of a foreign power---including U.S. persons---for initial periods of 45 days, with extensions by application in increments of 45 days. §207 permits the government to conduct electronic surveillance and physical search of foreign powers and non-resident alien members of international groups for initial periods of 120 days, with extension by application for up to a year. Gonzales and Mueller estimated that §207 had saved "approximately 60,000 hours of attorney time in the processing of applications." In addition to militating for the preservation of §207, they asked that other proposals---for instance, allowing coverage of all non-U.S. person foreign powers for 120 days initially, with extensions by application for up to one year---be adopted by Congress.

C. Pen Registers and Trap and Trace Devices

The testimony describes PR/TT devices as "[s]ome of the most useful, and lease intrusive, investigative tools available to both intelligence and law enforcement investigators." Since 1986, the FBI had had authority to use PR/TT devices in run-of-the-mill criminal investigations so long as a prosecutor filed an application with a federal court that identified the applicant, the law enforcement agency conducting the investigation, and a certification by the applicant that the information was likely to be relevant to an ongoing criminal investigation. By contrast, in the pre-PATRIOT Act regime, the same PR/TT devices, when used to investigate a terrorist or spy, had to be cleared through a "complicated application under title IV of FISA," which required demonstration that the communication instrument was about to be used to communicate with a terrorist or spy. §214, "sensibly," they contend, "simplified the standard that the government must meet in order to obtain pen/trap data in national security cases." Under this provision, the applicant need only certify that the information is "foreign intelligence information not concerning a United States person, or is relevant to an investigation to protect against international terrorism or clandestine activities."

D. Access to Tangible Things

§215, which authorizes agencies to obtain a FISA Court order to produce "any tangible thing," was widely publicly critiqued because it had not exempted libraries and booksellers. But, Gonzales and Mueller contended, "[t]he absence of such an exemption is consistent with criminal investigative practice." And in any event, libraries and booksellers "should not become safe havens for terrorists and spies"; by way of example, they pointed to Brian Regan, a former defense contractor working at the National Reconnaissance Office, who was convicted of espionage and had used public libraries in Northern Virginia and Maryland to acquire the addresses of embassies of foreign governments. They also addressed the concern that §215 allows the government to target Americans based on their reading lists: "[t]he provision explicitly prohibits the government from conducting an investigation of a U.S. person based solely upon protected First Amendment Activity." But to the extent that the provision is unclear, they supported amendments to the provision to clarify any ambiguities.

E. The "Wall"

In this section, Gonzales and Mueller detailed the implementation history of FISA, which requires "certification from a high-ranking Executive Branch official that 'the purpose' of the surveillance or search was to gather foreign intelligence information." The courts and Justice Department had interpreted that to mean the "'primary purpose' of the collection had to be to obtain foreign intelligence information rather than evidence of a crime." According to Gonzales and Mueller, "the prevailing interpretation and implementation of the 'primary purpose' standard had the effect of sharply limiting coordination and information sharing between intelligence and law enforcement personnel" because the Department of Justice began formally and informally stovepiping law enforcement and intelligence functions, lest criminal prosecution overcome intelligence gathering as a "primary purpose" and thus cut off FISA authorities from a given operation. § 218 and § 504 of the PATRIOT Act "erased the perceived statutory impediment to more robust information sharing between intelligence and law enforcement personnel": §218 by changing the "primary purpose" requirement to a "significant purpose" requirement, and §504 by explicitly allowing intelligence officials to "consult" with federal law enforcement officials. The document then lists a number of operations, the success of which Gonzales and Mueller attribute to the lifting of the "wall." These include the dismantling of terror cells in Portland, Oregon, and Lackawanna, New York, as well as the conviction of several Al Qaeda and Lashkar-e-Taiba affiliates operating in the United States. Similarly, pre-PATRIOT Act federal law hampered law enforcement officials from sharing information with intelligence agencies. §203 lifted those barriers in large part by "creating a generic exception to any other law purporting to bar Federal law enforcement, intelligence, immigration, national defense, or national security officials from receiving, for official use, information regarding foreign intelligence or counterintelligence obtained as part of a criminal investigation." Again, they detail specific examples of operational successes attributable to such information-sharing, including: obtaining "[i]nformation about the organization of a violent jihad training camp," acquiring travel and financing details relating to "members of a sedition conspiracy who traveled from the United States to fight alongside the Taliban," uncovering an assassination plot, revealing fraudulent travel documents used by "a high-ranking member of a designated foreign terrorist organization," and the criminal prosecutions of individuals who participated in terrorist training camps. The pair then identify specific intercepted communications made possible by §203 information-sharing, and describe the provision as "critical to the operation of the National Counterterrorism Center." The document also indicates that the 2004 Threat Task Force relied on §203(d) information sharing to secure high-profile events including the G-8 Summit, the Democratic and Republican National Conventions, and the 2004 presidential election.

F. Protecting Those Complying with FISA Orders

Finally, the joint AG-FBI Director testimony advocates for preservation of §225, which "provides immunity from civil liability to communication service providers and others who assist the United States in the execution of FISA orders." No such immunity existed prior to the PATRIOT Act. Briefing by the Attorney General to the Foreign Intelligence Surveillance Court  In our second document, dated May 23, 2006, then-Attorney General Alberto Gonzales briefs the Foreign Intelligence Surveillance Court in support of telephony metadata collection. Specifically, the brief articulates the government's request to produce call detail records, in bulk, from phone companies pursuant to 50 U.S.C. §1861(a)(1). Broadly speaking, there do not seem to be any extraordinary revelations in the memorandum; all of the programs Gonzales discusses have been discussed, refined, and debated at great length in previously-disclosed documents. Still, the filing provides an interesting window into the government's thinking (legal and otherwise) as of 2006.  The rhetoric throughout is direct, ardent, and almost solely focused on the threat from Al Qaeda.  Take, for example, the filing's introduction, which contains this impassioned plea:
Here, the Government's interest is the most compelling imaginable: the defense of the Nation in wartime from attacks that may take thousands of lives. On the other side of the balance, the intrusion is minimal. As the Supreme Court has held, there is no constitutionally protected interest in metadata, such as numbers dialed on a telephone. . . . Indeed, only a tiny fraction (estimated by the NSA to be 0.000025% or one in four million) of the call detail records actually will be seen by a trained NSA analyst.
With this out of the way, the government's submission sets forth some background on the threat posed by Al Qaeda---and, implicitly, hints at the urgency underlying its submission to the FISC. Given the severity of the threat and the tendency of terrorists to make phone calls to and from the United States, Gonzales concludes that metadata collection solves the problem that "although investigators do not know exactly where the terrorists' communications are hiding in the billions of telephone calls flowing through the United States today, we do know that they are there, and if we archive the data now, we will be able to use it in a targeted way to find the terrorists tomorrow" (emphasis in original). The argument continues that the collection of metadata allows analysts to engage in "contact chaining"---analyzing the contacts made by the "seed" telephone number and by numbers two additional "hops" out to detect otherwise-concealed patterns of suspicious behavior. I. Statutory Analysis Moving to the legal analysis portion of the brief, Gonzales begins by articulating the §501(c)(1) provision of FISA, which directs FISC to enter an order requiring the production of tangible things if the government's application meets the requirements of the statute. §501(b)(2) articulates those requirements: any application must include a statement showing that there are "reasonable grounds to believe" the following criteria are met:

(1) that the business records are relevant to an authorized investigation, other than a threat assessment, that is being conducted, for example to protect against international terrorism; (2) that the investigation is being conducted under guidelines approved by the Attorney General under Executive Order 12333; and (3) that the investigation is not being conducted of a U.S. person solely upon the basis of activities protected by the First Amendment.

Gonzales maintains that the application fully complies with all of these statutory requirements. Specifically he analyzes three factors: relevance, tailoring, and minimization.

A. Relevance

Relevancy should be construed broadly, Gonzales argues, to mean pertinence. And though he admits that "a substantial portion of the telephony metadata that is collective would not relate" to counterterrorist operations, he counters that "when acquired, stored, and processed, the telephony metadata would provide vital assistance to investigators in tracking down [redacted] operatives." In other words, bulk collection is necessary in order to identify more targets with precision---you need the whole haystack, comprised of irrelevant and relevant stuff, to find the needle.

 B. Tailoring

As to the question of whether the bulk collection program is sufficiently tailored to achieve the government's aims, Gonzales urges as a guideline the Supreme Court's "special needs" jurisprudence, "which balances any intrusion into privacy against the government interest at stake to determine whether a warrant or individualized suspicion is required." He reiterates that the security interest is overwhelming, and the privacy interest is minimal; in any case, he notes that Fourth Amendment reasonableness "does not require the least intrusive means, because the logic of such elaborate less-restrictive-alternative arguments could raise insuperable barriers of virtually all search-and-seizure powers" (quoting the Supreme Court in Veronia School District 47J v. Acton).

C. Minimization

Next, the Attorney General articulates the minimization procedures intended to protect information belonging to U.S. persons. First, NSA may query the archived data only when it has identified an individual telephone number for which there exists reasonable, articulable suspicion. Moreover, any data query must be approved by one of seven people: "the Signals Intelligence Directorate Program Manager for Counterterrorism Special Projects; the Chief or Deputy Chief, Counterterrorism Advanced Analysis Division; or one of four specially authorized Counterterrorism Advanced Analysis Shift Coordinators in the Analysis and Production Directorate of the Signals intelligence Directorate." NSA's Office of General Counsel would then review and approve proposed queries of metadata. NSA would also engage in oversight by certifying that any information, prior to dissemination, "is related to counterterrorism information and is in fact necessary to understand the foreign intelligence information or to assess its importance." And every time an analyst queries the data, the search would be recorded in order to ensure accountability. Then, at least every 90 days, the Department of Justice would review a sample of NSA justifications for such queries. As for storage, the Attorney General indicates that the collected metadata would be retained for five years, then destroyed. Finally, if the government is to request an extension of any order, it must provide to FISC a report about the queries made subsequent to the approval of the initial application. II. Constitutional Analysis In a brief, three-page analysis, the Attorney General dispenses with constitutional concerns. He argues that there is no constitutionally protected privacy interest in telephony metadata: there is no general expectation that such data will be secret, and thus bulk collection does not violate the Fourth Amendment. Nor does bulk collection, he writes, violate the First Amendment: although the breadth could theoretically chill speech, the "strict restrictions" on access, retention, and dissemination of the information are sufficient to address such concerns.

Lauren Bateman is a student at Harvard Law School, where she is an editor of the Harvard Law Review. She previously worked as a National Security Legislative Correspondent for Senate Majority Leader Harry Reid, and she takes a special interest in legislative procedure. She also interned for the United States Attorney's Office for the District of Nevada, and was a Research Fellow for the Project on National Security Reform. She graduated with a B.A., magna cum laude, in History and Government from The College of William & Mary in 2009.

Subscribe to Lawfare