Surveillance and Bulk Data Collection
Secrecy has pervaded the design and implementation of bulk data collection and other surveillance programs. Those programs have together led to the collection and storage of the content and metadata of e-mails and telephone calls of millions of individuals. (174) After 9/11, President Bush authorized the NSA to collect telephony and Internet metadata and telephone and Internet content without review by the Foreign Intelligence Surveillance Court (FISC) pursuant to the President's Surveillance Program (PSP), also known by its code name, STELLARWIND. (175) Both the contours and legal justifications for activities conducted under the PSP have shifted over time. (176) After the New York Times revealed in December 2005 that the National Security Agency (NSA) was collecting telephone content between the United States and overseas--one component of the PSP--the Bush Administration provided its first legal explanation of the program to the public. (177) Initially, the Administration grounded the PSP on the President's Article II Commander in Chief authority, the War Powers Resolution, and the AUMF, which the Administration said overrode FISA's prohibition on warrantless electronic surveillance. (178) Continuing concerns about the PSPs legal foundations prompted the Administration to bring it within the FISA umbrella. In July 2004, the FISC approved the Administration's request to bring the Internet metadata program under FISA's pen register and trap and trace provisions, (179) and in May 2006, it approved the Administration's request to bring the bulk collection of telephony metadata within FISA's business records provision. (180) The other PSP collection programs--those aimed at international telephone and Internet content--were subsequently shifted to FISA through the passage of the Protect America Act (PAA) in 2007 and the FISA Amendments Act of 2008 (FAA), which made the temporary changes of PAA permanent.
Even when the executive publicly invoked statutory authority for the PSP--whether under the AUMF, section 215 of the USA PATRIOT Act, section 702 of the FAA, or other provisions of FISA--it resisted providing the underlying legal rationale contained in still-secret OLC memoranda and FISC opinions. (181) In addition to approving and reauthorizing bulk data collection programs, the FISC opinions found in several instances that the programs exceeded existing authority, violated prior court orders, and impermissibly captured the domestic communications of tens of thousands of Americans. (182) The public were not the only ones kept in the dark. Congress was informed selectively and incompletely about these surveillance programs and the legal basis for them. (183) While its opinions had almost always remained secret before, (184) the FISC had typically engaged in the routine application of law to facts--determining whether a warrant should issue in a particular case--rather than engaging injudicial lawmaking by interpreting the scope and legality of new surveillance programs. (185)
The U.S. government's bulk data collection programs have served as a focal point for concerns about secret law. Prior to the revelations by former NSA contractor Edward Snowden, some lawmakers had correctly predicted that Americans would be "stunned" when they learned about secret government interpretations of statutes, such as section 215 of the USA PATRIOT Act. (186) Since the revelations, advocacy groups have attacked "a hidden body of law that defines the government's power to collect information about millions of Americans" and pressed for increased disclosure and transparency. (187)
Surveillance depends on a degree of secrecy. (188) The government cannot conduct effective surveillance of a target that knows it is being watched. Secrecy is thus necessarily more pervasive in surveillance than in kinetic activities, such as detention and targeting, that have a visible impact and, in turn, increase pressure on public officials to justify their actions. Yet as with detention and targeting, secrecy alone does not capture the controversy over hidden interpretations of the government's legal authority. That controversy also stems from the use of elastic standards and a resistance to rules that might more sharply constrain government conduct.
Prior to FISA, foreign intelligence collection was largely unregulated by statute and unsupervised by courts. Congress enacted FISA in 1978 following the Church Committee's report documenting decades of warrantless surveillance of U.S. citizens, including for political purposes, (189) and the Supreme Court's decision in Keith suggesting that a special, less restrictive framework for foreign intelligence surveillance might be constitutionally permissible. (190) FISA, as Laura Donohue has observed, "became the instrument designed to limit the NSA's collection of information on U.S. citizens." (191) It subjected all domestic foreign intelligence surveillance, and some surveillance abroad, to a specific warrant procedure modeled on, but ultimately distinct from, the warrant procedure for criminal cases. Warrants were issued by the newly created FISC, which meets in secret and imposes a less onerous showing than for ordinary criminal wiretaps. (192) FISA also required minimization procedures that are "reasonably designed in light of the purpose and technique of the particular surveillance, to minimize the acquisition and retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information." (193) Congress subsequently amended FISA to authorize other forms of intelligence gathering. (194) In general, however, FISA retained its basic structure, demanding a particularized showing in relation to the target prior to the collection of information, an individualized court order, and heightened protections for U.S. persons. (195)
The bulk collection of domestic telephony metadata, which circumvented this basic framework, is a commonly cited example of secret lawmaking. After 9/11, the Bush Administration began collecting domestic telephone call and Internet records without judicial authority. (196) In May 2006, the FISC approved the bulk collection of records under section 215 of the USA PATRIOT Act; over the next seven years, fifteen different FISC judges issued thirty-five orders reauthorizing the collection. (197) The FISC orders did not become public until June 2013, when The Guardian first published documents obtained by Snowden. (198)
The bulk telephony metadata program, however, demonstrates more than legal secrecy; it also highlights the inflationary potential of standards in the national security context. The precursor of the section 215 program was added to FISA in 1988. (199) It originally allowed the government to obtain an order compelling the production of business records in foreign intelligence or international terrorism investigations from common carriers, public accommodation facilities, storage facilities, and vehicle rental facilities. (200) To obtain an order authorizing the production of records under this provision, the government had to provide the FISC with "specific and articulable facts giving reason to believe that the person to whom the records pertain fed was] a foreign power or an agent of a foreign power." (201) After 9/11, Congress modified this provision through section 215 of the USA PATRIOT Act and subsequent legislation. Section 215 provided for the production of "any tangible things (including books, records, papers, documents, and other items)." (202) It further required the government to provide the FISC with "a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation (other than a threat assessment) ... to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities." (203)
Section 215 thus broadened the type of records that may be obtained, replaced the requirement of "specific articulable facts" with a more generalized concept of "relevance," and eliminated the requirement that the target be a "foreign power or an agent of a foreign power" and instead required only that the items be obtained in the course of an investigation to obtain "foreign intelligence information" to "protect against international terrorism or clandestine intelligence activities." (204) Although Congress still insisted on a connection between the records sought and the target of the investigation, (205) these changes reduced the degree of specificity required of the government to obtain information. The USA PATRIOT Act made changes to other FISA provisions that similarly enhanced the government's ability to obtain and search electronic files. (206)
Section 215's treatment of "relevance" illustrates how standards can reduce constraints on the government's ability to conduct surveillance. Under the section 215 program, bulk telephony metadata collection is considered relevant to counterterrorism investigations because it provides the necessary "historical repository of metadata" that may later be accessed through a more particularized query. (207) Without that historical repository, government officials have explained, it might not be feasible to identify and examine chains of communications between a terrorist suspect and his own contacts across different time periods and communications networks. (208) As one district judge found in upholding the program, bulk telephony metadata collection is relevant to counterterrorism investigations because "it allows the querying technique to be comprehensive" and enables the government to "draw connections it might otherwise never be able to find."...