The NSA recently said it would stop collecting signals intelligence solely “about” foreign targets by tapping the backbone of the internet resident within the United States. The announcement comes ahead of congressional consideration of the NSA’ s broader authorities outlined in Section 702 of the Foreign Intelligence Surveillance Act (FISA), a provision that is due to expire at the end of the year unless reauthorized by Congress. The Cipher Brief spoke with Nuala O’Connor, the President and CEO of the Center for Democracy and Technology, about what the NSA changes are, why they came about, and how they fit into the broader debate over reauthorizing the controversial authorities under which the NSA gleans foreign intelligence from communications data within or transiting the United States.
The Cipher Brief: What is “about” collection under FISA Section 702 and how was it collected?
Nuala O’Connor: Section 702 of the FISA Amendments Act made a fundamental change in how the United States conducts its foreign intelligence programs. It eliminated the requirement that a judge find probable cause to believe a target is a terrorist or spy, and instead allows the government to broadly collect “foreign intelligence information” so long as the target is a non-U.S. person overseas.
It was believed that this program was limited to collecting communications that were either to or from a target and that the NSA found the communications by looking at records like the routing data. But after the Snowden revelations it is now clear that the NSA was searching the content of communications for those “about” a target, and was sweeping in data on people unrelated to an actual intelligence investigation. We also learned that due to the technology used in the program, these “about” searches returned wholly domestic communications and communications that weren’t even “about” a target at all.
TCB: Why has the NSA decided to halt “about” collection?
NO: According to press reports, the NSA might not have had much choice. The NSA discovered it was out of compliance with the privacy rules governing “about” collection and notified the FISA Court and Congress. The FISA Court has always considered this practice a close call legally, and in 2011 held that the practice would violate the statute and the Fourth Amendment absent very strict limitations on how the information is used. While we expect a court opinion to be made public sometime in May, all signs point to the FISA Court directing a stop to the program because of a lack of compliance with the privacy rules.
TCB: The NSA statement says that “current technological constraints” played a role in the decision to halt “about” collection. Does this have anything to do with the increasing prevalence of end-to-end encryption that limits the NSA from seeing the contents of messages?
NO: While that may be possible, reports from the Privacy and Civil Liberties Oversight Board and prior FISA court opinions generally refer to the technology that acquires the communications and its inability to avoid collecting wholly innocent information. Recent press reports seem to imply that there is also an inability to segregate out that information as required by court order. That “technological constraints” are the pivotal factor here implies that if overcome, the “about” collection can resume absent Congressional action.
TCB: Should the end of “about” collection be considered a victory for privacy and civil liberties groups? Why?
NO: Yes. While 702 needs additional changes to limit its impact on constitutional and human rights, “about” collection was one of the most invasive practices under the law. It ignored the special protection that communications content has received under U.S. law and permitted the government to knowingly collect, keep and use data that was completely unrelated to terrorism or espionage.
TCB: Was the ending of “about” collection under 702 a concession by the NSA in order to better position themselves for the reauthorization of FISA 702 authorities, which are due to expire at the end of the year?
NO: That may have been a consideration, but stopping “about” collection will not address all of the valid concerns that privacy advocates, academics, and some government officials have raised since the program was codified in 2008. Representatives and Senators across the political spectrum have signaled that they want common-sense reforms to 702 that would minimize the collateral privacy damage done by such broad spying programs. The sunset is seven months away, which offers plenty of time for a thoughtful oversight process, debate, and meaningful reform.
TCB: Are there any precedents for this announcement, such as the ending of Section 215 telephone metadata collection? What are the parallels?
NO: This 702 “about” practice and revelation is similar to the Section 215 phone records program in three ways. First, it springs from a novel statutory interpretation that was neither considered by Congress nor a fair, plain reading of the text. The Center for Democracy and Technology (CDT) was intimately involved with the development of 702 and its drafters always described the program as limited to collecting the communications of targets, not about them. Similarly, 215 was always described as collecting records relevant to terror investigations, and that was publicly understood to mean there would be some nexus to a suspect, and not suspicionless mass collection of all U.S. phone records.
Second, 702 “about” collection apparently operated in violation of a court order and mandatory privacy protections – potentially for years – as did the Section 215 phone program. Both compliance problems speak to the systemic failures in oversight and accountability mechanisms. While the government often notes that it catches and addresses the occasional bad apple, it has successfully avoided explaining its fundamental inability to follow the law.
Third, these two programs are testament to what happens when complicated and sophisticated surveillance programs develop under a secret body of law, before a secret court, and only with oversight by secretive congressional committees. We hope that Congress demands a public accounting of how 702 works so that it may receive a full and fair vetting.
TCB: Should FISA 702 collection be amended further if it is to be reauthorized?
NO: Yes, there are a number of reforms that can be made to 702 that do not impede the law’s intent. Congress can limit 702 to the collection of information pertaining to spies, terrorists, weapons of mass destruction, and other enumerated threatening behavior. This would end the far broader and less justified practice of collecting anything that is relevant to the “national defense” or “foreign affairs” of the United States.
Congress can also require better protections for U.S. information after it is collected. Representatives Thomas Massie (R-KY), who serves on the Oversight and Government Reform Committee, and Zoe Lofgren (D-CA), a member of the Judiciary Committee, proposed legislation that passed in the House that would require the government to get a court order before searching its vast databases for U.S. persons. Congress should also consider strict limitations about when 702 data can be used in criminal prosecutions.
CDT’s May 2016 statement before the Senate Judiciary Committee articulates our recommendations for reforming 702.
