Lawmakers, privacy advocates and members of the intelligence community convened on Capitol Hill Tuesday to debate the renewal of the most divisive surveillance authority since the National Security Agency’s phone metadata program, potentially capable of sweeping up the communications of millions of Americans.
After last year’s last-minute renewal and reform of key Patriot Act surveillance powers, leaders on the Senate Judiciary Committee kicked off the debate more than a year early on a key provision in the 2008 Foreign Intelligence Surveillance Act (FISA) Amendments Act (FAA), scheduled to expire in December 2017.
Section 702 of the law authorizes NSA’s “upstream” surveillance programs — when the signals intelligence agency taps the physical infrastructure of the Internet, such as undersea fiber cables, to surveil the content of foreigners’ communications, including emails, instant messages, etc., as they exit and enter the U.S.
It also allows the agency to submit selectors to U.S.-based communications providers, like e-mail addresses, which then provide the agency with any communications relevant to the term.
The depth of such programs, disclosed in leaks by former NSA contractor Edward Snowden, allows NSA to surveil Americans’ communications with foreign targets overseas. According to privacy advocates, it also facilitates a loophole that lets NSA “incidentally” sweep up unrelated data belonging to Americans in the process.
“As a result of these changes, the amount of information about Americans that the NSA intercepts, even when targeting foreigners overseas, has exploded,” Elizabeth Goitein, co-director of the Liberty and National Security Program at NYU Law’s Brennan Center for Justice, told lawmakers Tuesday.
Under current law, NSA can share the raw data it warrantlessly collects with CIA and FBI. All three can hold onto data for a maximum of five years and encrypted communications, those “reasonably believed to contain secret meaning,” and “any U.S. person information that has foreign intelligence value or is evidence of a crime,” can be kept indefinitely. To date the agency has not revealed how many Americans are swept up annually in what privacy advocates have dubbed “back door searches.”
“Worse, even though the FBI would be required to obtain a warrant in order to access Americans’ communications absent a significant foreign intelligence purpose, the FBI may search the Section 702 data for Americans’ communications to use in criminal proceedings having no foreign intelligence dimensions whatsoever,” Goitein said. “This is a bait and switch that is utterly inconsistent with the spirit, if not the letter, of the prohibition on reverse targeting. It also creates a massive end run around the Fourth Amendment’s warrant requirement.”
Using Section 702 authority, NSA “collected more than 250 million Internet transactions a year as of 2011,” according to Goitein, including “millions of Americans’ communications.” She argued all data belonging to U.S. citizens collected absent a warrant should be disregarded.
While much of last year’s debate surrounding Section 215 renewal questioned whether the program actually helped prevent terrorist attacks, there’s no question Section 702 accomplishes the goal, according to former general counsel of NSA Matthew Olsen.
“I can attest that the FAA has proven to be a vital authority for the collection of foreign intelligence to guard against terrorism and other threats to our national security,” Olsen told lawmakers. “Section 702 has significantly contributed to our ability to prevent terrorist attacks inside the United States and around the world.”
Olsen, also a former director of the National Counterterrorism Center, federal prosecutor and special counsel to the FBI director, has since moved on to become president of consulting for IronNet Cybersecurity, the firm founded by former NSA Director Keith Alexander after he stepped down following the Snowden leaks.
In his former post as head of NCTC, Olsen said he relied daily on intelligence gathered under Section 702, which he described as “the hub of terrorism information, analysis, and operational planning for the federal government.”
“In the NCTC morning briefings, analysts frequently reported that a critical piece of intelligence was obtained through FAA collection,” he said. “And I often relied on FAA collection in my briefings and updates to other government officials and to the National Security Council.”
Olsen cited examples of intelligence gleaned from Section 702 put to use in the field overseas, and said as of 2014, more than a quarter of NSA’s reports regarding international terrorist threats come from Section 702 programs, with the percentage increasing annually.
The ex-intelligence official said safeguards already in place are enough to protect Americans’ data, and urged lawmakers to renew the authority, citing praise from the Privacy and Civil Liberties Oversight Board — the independent agency charged with assuring surveillance programs don’t run afoul of the law in the wake of 9/11.
“The program has proven valuable in the government’s efforts to combat terrorism as well as in other areas of foreign intelligence,” the agency’s 2014 report stated. “Monitoring terrorist networks under Section 702 has enabled the government to learn how they operate, and to understand their priorities, strategies, and tactics. In addition, the program has led the government to identify previously unknown individuals who are involved in international terrorism, and it has played a key role in discovering and disrupting specific terrorist plots aimed at the United States and other countries.”
Chairman of the PCLOB David Medine was on hand Tuesday to provide his own remarks.
Though useful, Medine said Section 702 “raises significant privacy and civil liberties issues through its incidental collection of the contents of U.S. persons’ communications.”
He added the law’s renewal presents an opportunity for lawmakers to enact several changes including a warrant requirement when searching for U.S. persons, narrower search terms for upstream collection and hard numbers on how much data programs sweep up on U.S. citizens.
“I hope Congress will use the reauthorization process as an opportunity to enhance privacy and civil protections in Section 702,” Medine said, “while maintaining a program that has provided enormously valuable information to protect our country from terrorism.”