Section 702 and the collection of international telephone and Internet content.

• Author: Donohue, Laura K.
• Position: Foreign Intelligence Surveillance Act Amendments Act of 2008 - Introduction through I. The Evolution of Section 702, p. 117-153

INTRODUCTION I. THE EVOLUTION OF SECTION 702 A. The President's Surveillance Program B. Redefinition of "Facility" under FISA C. The Protect America Act D. The FISA Amendments Act 1. Section 702 2. Sections 703 and 704 E. Executive Order 12,333 1. Shifting Communications and FISA Modernization 2. Executive Order 13,470 II. PROGRAMMATIC COLLECTION A. Targeting 1. Information To, From, and About Targets 2. Foreignness Determinations 3. Foreign Intelligence Purpose Determination 4. Result of Statutory Interpretations 5. Congressional Intent a. Minimization and Explicit Limits b. Potential Programmatic Collection As a Point of Opposition c. Acquiescence 6. FISC Oversight of Targeting Procedures 7. Law as Written Versus Law as Applied B. Post-Targeting Analysis C. Retention and Dissemination of Data 1. Retention of Encrypted Communications 2. Use of Section 702 Data in Criminal Prosecution III. FOREIGN INTELLIGENCE AND THE FOURTH AMENDMENT A. Application of the Warrant Clause in the United States 1. Criminal Law Versus Domestic Security 2. The Domestic Foreign Intelligence Exception 3. Concurrent Authorities 4. FISA Replacement of the Warrant Exception 5. Recognition of FISA as a Constitutional Limit B. Application of the Fourth Amendment Overseas 1. Meaningful Contact as a Precursor 2. Limits of the Warrant Clause Abroad C. Foreign Intelligence, Criminal Prosecution 1. Lawful Seizure and Subsequent Search of Data 2. Database Construction 3. Use of Data as Fourth Amendment Consideration 4. Notice and Section 702-derived Evidence a. Criminal Law Standard b. Notice Under the FAA: Theory and Practice D. Reasonableness Standard 1. Criminal Law Versus National Security Law 2. Incidental Interception IV. CONCLUSION INTRODUCTION

On June 6, 2013, the Washington Post and the Guardian captured public attention by reporting that the intelligence community was collecting large amounts of information about U.S. citizens. (1) The National Security Agency (NSA) and Federal Bureau of Investigation (FBI) were "tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person's movements and contacts over time." (2)

In conjunction with the articles, the press published a series of PowerPoint slides attributed to the NSA, describing a program called "PRISM" (also known by its SIGAD, US-984XN). (3) The title slide referred to it as the most used NSA SIGAD. (4) The documents explained that PRISM draws from Microsoft, Google, Yahoo!, Facebook, PalTalk, YouTube, Skype, AOL, and Apple-some of the largest e-mail, social network, and communications providers--making the type of information that could be obtained substantial: email, video and voice chat, videos, photos, stored data, VoIP, file transfers, video conferencing, notifications of target activity (for example, logins), social networking details, and special requests. (5) The slides noted that the program started in September 2007, with just one partner (Microsoft), gradually expanding to the most recent company (Apple, added October 2012), and that the total cost of the program was $20 million per year. (6) As of 2011, most of the more than 250 million Internet communications obtained each year by the NSA under Section 702 of the Foreign Intelligence Surveillance Act (FISA) Amendments Act derived from PRISM. (7)

A follow-up article two days later printed another slide depicting both PRISM and "upstream" collection of communications on fiber cables and infrastructure ("[c]ollection directly from the servers of ... U.S. Service Providers.") (8) Upstream interception allowed the NSA to acquire Internet communications "as they transit the 'internet backbone' facilities." (9) The NSA could collect all traffic crossing Internet cables--not just information targeted at specific Internet Protocol (IP) addresses or telephone number. The potential yield was substantial: in the first six months of 2011, the NSA acquired more than 13.25 million Internet transactions through its upstream collection. (10) The slide urged analysts to use both PRISM and upstream collection to obtain information. (11)

Within days of the releases, the intelligence community acknowledged the existence of the programs. (12) In August 2013 the Director of National Intelligence, James Clapper, offered further confirmation, noting that PRISM had been in operation since Congress had passed the 2008 FISA Amendments Act. (13) He declassified eight documents, (14) and by the end of the month, he had announced that the intelligence community would release the total number of Section 702 orders issued, and targets thereby affected, on an annual basis. (15)

Although much of the information about PRISM and upstream collection remains classified, what has been made public suggests that these programs push statutory language to its limit, even as they raise critical Fourth Amendment concerns. (16) Accordingly, this Article proceeds in three Parts: the evolution of Section 702, a statutory analysis of PRISM and upstream collection, and the attendant constitutional concerns.

The Article begins by considering the origins of the current programs and the relevant authorities--particularly the transfer of part of the President's Surveillance Program, instituted just after September 11, to the 1978 Foreign Intelligence Surveillance Act (FISA). It outlines the contours of the 2007 Protect America Act, before its replacement in 2008 by the FISA Amendments Act (FAA). (17) The first Part ends with a brief discussion of the current state of foreign intelligence collection under Executive Order 12,333, outside either FISA or the FAA.

The Article next turns to statutory issues related to targeting, post-targeting analysis, and the retention and dissemination of information. It argues that the NSA has sidestepped FAA restrictions by adopting procedures that allow analysts to acquire information not just to or from, but also "about" targets. In its foreignness determination the agency assumes, absent evidence to the contrary, that the target is a non-U. S. person located outside domestic bounds. And weak standards mark the foreign intelligence purpose determination. Together, these elements allow for the broad collection of U.S. persons' international communications, even as they open the door to the interception of domestic communications. In regard to post-targeting analysis, the Article draws attention to the intelligence community's use of U.S. person information to query data obtained under Section 702, effectively bypassing protections Congress introduced to prevent reverse targeting. The Article further notes in relation to retention and dissemination that increasing consumer and industrial reliance on cryptography means that the NSA's retention of encrypted data may soon become the exception that swallows the rule.

In its constitutional analysis, the Article finds certain practices instituted under Section 702 to fall outside acceptable Fourth Amendment bounds. Although lower courts had begun to recognize a domestic foreign intelligence exception to the warrant clause, in 1978 Congress introduced FISA to be the sole means via which domestic foreign intelligence electronic intercepts could be undertaken. Consistent with separation of powers doctrine, this shift carried constitutional meaning. Internationally, practice and precedent prior to the FAA turned on a foreign intelligence exception. But in 2008 Congress altered the status quo, introducing individualized judicial review into the process. Like FISA, the FAA carried constitutional import.

If that were the end of the story, one could argue that the incidental collection of U.S. persons' information, as well as the interception of domestic conversations ought to be regarded in Justice Jackson's third category under Youngstown Sheet & Tube Co. v. Sawyer. (18) Renewal in 2012, however, points in the opposite direction. The NSA's actions, for purposes of the warrant clause, appear to be constitutionally sufficient insofar as foreign intelligence gathering to or from non-U.S. persons is concerned. The tipping point comes with regard to criminal prosecution. Absent a foreign intelligence purpose, there is no exception to the warrant requirement for the query of U.S. persons' international or domestic communications.

Although a warrant is not required for foreign intelligence collection overseas, the interception of communications under Section 702 must still comport with the reasonableness requirements of the Fourth Amendment. A totality of the circumstances test, in which the significant governmental interest in national security is weighed against the potential intrusion into U.S. persons' privacy, applies. The incidental collection of large quantities of U.S. persons' international communications, the scanning of content for information "about" non-U.S. person targets, and the interception of non-relevant and entirely domestic communications in multicommunication transactions, as well as the query of data using U.S. person identifiers, fall outside the reasonableness component of the Fourth Amendment.

The Article concludes by calling for renewed efforts to draw a line between foreign intelligence gathering and criminal law and to create higher protections for U.S. persons, to ensure that the United States can continue to collect critical information, while remaining consistent with the right to privacy embedded in the Fourth Amendment.

1. THE EVOLUTION OF SECTION 702

Section 702 is a product of history-one influenced by the Bush Administration's response to September 11. The President initially looked to constitutional authorities to support a wide-ranging surveillance program. Subsequent efforts to move the collection of international content to a statutory basis led to a redefinition of "facility" and new statutory language. Part of the...