Programmatic Electronic Surveillance for Foreign Intelligence

This chapter delves into the legal issues and techniques surrounding electronic surveillance for foreign intelligence, particularly focusing on data collection aspects related to privacy expectations in various forms of communication. The post-9/11 era witnessed a shift in surveillance methods, including secret programs outside of FISA, raising legal and public concerns. Explore the complexities of surveillance processes in the digital age.

• Surveillance
• Foreign Intelligence
• Privacy Rights
• Electronic Communications
• Post-9/11 Era

ftemp Follow

Uploaded on Feb 20, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Chapter 22 Programmatic Electronic Surveillance for Foreign Intelligence 1

2. Key Limitation on Data Collection as Discussed in this Chapter The legal issues and techniques in this chapter deal with the surveillance of data such as emails, texts, and phone calls in which the participants have a reasonable expectation of privacy. It does not apply to the world of social media and other instances in which the user puts data in the hands of a third party for purposes other the communication and storage of the information as part of otherwise protected communications. This third-party data is discussed in Chapter 23. 2

3. Exam Note We are going to look at the details of electronic surveillance outside of FISA and the use of FISA after the FISA amendments of 2008. We are looking at this in detail because it is at the heart of data collection in the packet-switched world, i.e., the world in which personal communications and media are all part of the same data stream. We are doing this so that you understand how this complicated process works and has been legally justified. I am not going to ask you about the operational details or history of the bulk surveillance process on the exam. 3

4. Post 9/11 Prior to 9/11, it is assumed that the US used the ordinary FISA process for collecting online information. Post 9/11, Bush II authorized a secret terrorist surveillance program outside of FISA for collecting telephone and internet data to be used in the war on terror. This secret program came to light in 2006. 4

5. The Terrorist Surveillance Program Pursuant to a still-secret executive order signed by the President in October 2001, the NSA had without warrants monitored the contents of telephone and Internet communications of thousands of persons inside the United States, where one end of the communication was outside the United States, in an effort to learn more about possible terrorist plots. The legal questions and public concern arose from the collection of internal US data. 5

6. Why the TSP Could Not Use FISA FISA, as passed, is an analog world statute. Since FISA was written for wiretaps, unamended it was assumed that it required specific targets for warrants. This was impossible for the TSP. 6

7. The Legal Authority for the TSP OLC View in 2005 7

8. Constitutional Authority Prize Cases Under Article II of the Constitution, including in his capacity as Commander in Chief, the President has the responsibility to protect the Nation from further attacks, and the Constitution gives him all necessary authority to fulfill that duty. See, e.g., Prize Cases, 67 U.S. (2 Black) 635, 668 (1863) (stressing that if the Nation is invaded, the President is not only authorized but bound to resist by force without waiting for any special legislative authority ); Campbell v. Clinton, 203 F.3d 19, 27 (D.C. Cir. 2000) (Silberman, J., concurring) ( [T]he Prize Cases stand for the proposition that the President has independent authority to repel aggressive acts by third parties even without specific congressional authorization, and courts may not review the level of force selected. ); id. at 40 (Tatel, J., concurring). 8

9. Constitutional Authority AUMF/WPR The Congress recognized this constitutional authority in the preamble to the Authorization for the Use of Military Force ( AUMF ) of September 18, 2001, 115 Stat. 224 (2001) ( [T]he President has authority under the Constitution to take action to deter and prevent acts of international terrorism against the United States. ), and in the War Powers Resolution, see 50 U.S.C. 1541(c) ( The constitutional powers of the President as Commander in Chief to introduce United States Armed Forces into hostilities [] [extend to] a national emergency created by attack upon the United States, its territories or possessions, or its armed forces. ). 9

10. Constitutional Authority Search Cases This constitutional authority includes the authority to order warrantless foreign intelligence surveillance within the United States, as all federal appellate courts, including at least four circuits, to have addressed the issue have concluded. See, e.g., In re Sealed Case, 310 F.3d 717, 742 (FISA Ct. of Rev. 2002) ( [A]ll the other courts to have decided the issue [have] held that the President did have inherent authority to conduct warrantless searches to obtain foreign intelligence information. We take for granted that the President does have that authority. ). 10

11. Constitutional Authority Search Cases The NSA activities described by the President are also consistent with the Fourth Amendment and the protection of civil liberties. The Fourth Amendment s central requirement is one of reasonableness. For searches conducted in the course of ordinary criminal law enforcement, reasonableness generally requires securing a warrant. Outside the ordinary criminal law enforcement context, however, the Supreme Court has, at times, dispensed with the warrant, instead adjudging the reasonableness of a search under the totality of circumstances. Foreign intelligence collection, especially in the midst of an armed conflict in which the adversary has already launched catastrophic attacks within the United States, fits squarely within the special needs exception to the warrant requirement. 11

12. Statutory Authority AUMF The President s constitutional authority to direct the NSA to conduct the activities he described is supplemented by statutory authority under the AUMF. The AUMF authorizes the President to use all necessary and appropriate force against those nations, organizations, or persons he determines planned, authorized, committed, or aided the terrorists attacks of September 11, 2001, in order to prevent any future acts of international terrorism against the United States. 2(a). 12

13. Statutory Authority AUMF The AUMF clearly contemplates action within the United States, see also id. pmbl. (the attacks of September 11 render it both necessary and appropriate that the United States exercise its rights to self-defense and to protect United States citizens both at home and abroad ). In Hamdi v. Rumsfeld, 542 U.S. 507 (2004) At least five Justices concluded that the AUMF authorized the President to detain a U.S. citizen in the United States because detention to prevent a combatant s return to the battlefield is a fundamental incident of waging war and is therefore included in the necessary and appropriate force authorized by the Congress. 13

14. Statutory Authority - FISA By expressly and broadly excepting from its prohibition electronic surveillance undertaken as authorized by statute, section 109 of FISA permits an exception to the procedures of FISA referred to in U.S.C. 2511(2)(f) where authorized by another statute, even if the other authorizing statute does not specifically amend section 2511(2)(f). The AUMF satisfies section 109 s requirement for statutory authorization of electronic surveillance, just as a majority of the Court in Hamdi concluded that it satisfies the requirement in 18 U.S.C. 4001(a) that no U.S. citizen be detained by the United States except pursuant to an Act of Congress. < AUMF 14

15. The End of the TSP After the TSP was made public, the AG was able to get a FISA warrant to continue the TSP, with some limitations. The FISC declined to renew the expiring order. Lawsuits were brought against the carriers for delivering the information without a proper warrant. These were resolved by the statutory immunity. The legally of the TSP as argued by the OLC was never resolved by the courts. Standing and classified information limited legal attacks directly against the government over the program. 15

16. Why Did FISA Need to be Amended? Surveillance of foreign persons outside the US does not need statutory authority. Modern communications mean foreign calls can route through the US. Some calls will involve US persons in the US as ancillary collection. Carriers want the legal protection of clear statutory authority for orders to cooperate. 16

17. The FISA Amendments Act (FAA) (2008) 17

18. Title VII - FISA Amendments Act (FAA) Section 702 Title VII of FISA includes Section 702, which permits the Attorney General and the DNI to jointly authorize the targeting of (i) non-U.S. persons (ii) reasonably believed to be located outside the United States (iii) to acquire foreign intelligence information. See 50 U.S.C. 1881a. All three elements must be met. 18

19. What Is Section 702? 19

20. Why Does the IC Need Section 702? 20

21. 21

22. 22

23. The FISA Warrant Process 23

24. The Certifications 24

25. The FISC Order 25

26. Surveillance Directives based on the FISC Order 26

27. Collection Flowchart 27

28. U.S. Person 702 retains the same definition of U.S. persons. As defined by Title I of FISA, a U.S. person is a citizen of the United States , an alien lawfully admitted for permanent residence (as defined in section 101(a)(20) of the Immigration and Nationality Act), an unincorporated association a substantial number of members of which are citizens of the United States or aliens lawfully admitted for permanent residence, or a corporation which is incorporated in the United States, but does not include a corporation or an association which is a foreign power, as defined in [50 U.S.C. 1801(a)(1), (2), or (3)]. 50 U.S.C. 1801(i). 28

29. Target The term target is defined as the individual person, group, entity composed of multiple individuals, or foreign power that uses the selector such as a telephone number or email address. The actual identity behind the selector may not be know. 29

30. Dissemination In the most basic sense, dissemination refers to the sharing of minimized information. As it pertains to FISA (including Section 702), if an agency (in this instance NSA) lawfully collects information pursuant to FISA and wants to disseminate that information, the agency must first apply its minimization procedures to that information. 30

31. Section 702 Targets and Tasking. [Remember that the program collects a huge mass of data that can only be analyzed by searching it with a computer for key words or patterns.] Under Section 702, the government targets a particular non-U.S. person, group, or entity reasonably believed to be located outside the United States and who possesses, or who is likely to communicate or receive, foreign intelligence information, by directing an acquisition at i.e., tasking selectors (e.g., telephone numbers and email addresses) that are assessed to be used by such non-U.S. person, group, or entity, pursuant to targeting procedures approved by the FISC. 31

32. What Information do you Need to use an Email Address as a Selector? Next the NSA analyst must verify that there is a connection between the target and the selector and that the target is reasonably believed to be (a) a non- U.S. person and (b) located outside the U.S. This is not a 51% to 49% foreignness test. 32

33. What Has to Be Documented? For each selector, the NSA analyst must document the following information: (1) the foreign intelligence information expected to be acquired, as authorized by a certification, (2) the information that would lead a reasonable person to conclude the selector is associated with a non-U.S. person, and (3) the information that would similarly lead a reasonable person to conclude that this non-U.S. person is located outside the U.S. 33

34. The FISCs Role. Under Section 702, the FISC determines whether certifications provided jointly by the Attorney General and the DNI meet all the requirements of Section 702. Remember, this is a four corners review. If the FISC determines that the government s certifications its targeting, minimization, and, as described below, querying procedures meet the statutory requirements of Section 702 and are consistent with the Fourth Amendment, then the FISC issues an order and supporting statement approving the certifications. 34

35. Certifications. The certifications are jointly executed by the Attorney General and DNI and authorize the government to acquire foreign intelligence information under Section 702. Each annual certification application package must be submitted to the FISC for approval. The package includes the Attorney General and DNI s certifications, affidavits by certain heads of intelligence agencies, targeting procedures, minimization procedures, and, as described below, querying procedures. 35

36. How Did the FAA change the Certifications to the FISC for a FISA Warrant? the FISC need not find probable cause of foreign agency or otherwise review individualized surveillance applications under the FAA. Instead, the Attorney General and DNI merely certify to the FISC that acquisitions under the program will meet the targeting objectives and limitations set out above, and that they will satisfy traditional FISA minimization procedures. [The warrant covers all collection, so there are no individualized determinations, only procedural certifications. This will make it very difficult to attack the warrants if the evidence is used in a criminal trial.] 36

37. How does the FAA change the Standards for Warrants for US persons Outside of the US? In addition to programmatic collection, the FAA provided for the first time that if the government wants to target the communications of a U.S. person outside the United States, it must now apply for a traditional FISA order based on probable cause to believe that the target has knowingly engaged in international terrorism activities or certain other activities that involve and are about to involve criminal violations. 50 U.S.C. 1881b, 1881c. This solves the problem of who can issue a warrant on US persons outside of the US, at least for electronic data. Key this justifies the collection but is only binding on telcom companies subject to US jurisdiction. Foreign companies will have to be accessed through cooperation with the foreign government or hacked. 37

38. Minimization Procedures for US Persons The minimization procedures detail requirements the government must meet to use, retain, and disseminate Section 702 data, which include specific restrictions on how the IC handles non-publicly available U.S. person information acquired from Section 702 collection of non-U.S. person targets, consistent with the needs of the government to obtain, produce, and disseminate foreign intelligence information. 38

39. Masked U.S. Person Information. Agency minimization procedures generally provide for the substitution of a U.S. person identity with a generic phrase or term if the identity otherwise does not meet the dissemination criteria; this is informally referred to as masking the identity of the U.S. person. For example, instead of reporting that Section 702- acquired information revealed that non-U.S. person Bad Guy communicated with U.S. person John Doe (i.e., the actual name of the U.S. person), the report would mask John Doe s identity, and would state that Bad Guy communicated with an identified U.S. person, a named U.S. person, or a U.S. person. 39

40. Unmasking U.S. Person Information for Other Agencies Recipients of NSA s classified reports, such as other federal agencies, may request that NSA provide the U.S. person identity that was masked in an intelligence report. The requested identity information is released only if the requesting recipient has a need to know the identity of the U.S. person and if the dissemination of the U.S. person s identity would be consistent with NSA s minimization procedures (e.g., the identity is necessary to understand foreign intelligence information or assess its importance), and additional approval has been provided by a designated NSA official. 40

41. Who can Query 702 Information in Government Databases? The NSA, CIA, and FBI are permitted to query 702-acquired information by using a variety of search terms. Each individual agency s own minimization procedures and statutory warrant requirements limit the search terms that analysts can use. 41

42. Use in Criminal Trials Section 102(A) restricts the use of U.S. person information obtained under Section 702 as evidence in a criminal proceeding. Such information may only be used if (1) the FBI obtained a court order as described in Section 101; or (2) the criminal proceeding involves one of an enumerated list of conduct, including death, kidnapping, serious bodily injury, crimes against minors, incapacitation of critical infrastructure, cybersecurity, and transnational crime. In essence, this section codifies Justice Department guidelines concerning the use of collected information in criminal proceedings. A determination that the proceeding qualifies as related to or involving one of these categories of serious crimes is not judicially reviewable. 42

43. Revised Querying Procedures. With the reauthorized FAA of 2017, Congress amended Section 702 to require that querying procedures be adopted by the Attorney General, in consultation with the DNI. Section 702(f) requires that a record of each U.S. person query term be kept. 43

44. What is PRISM collection? What is PRISM collection? The data stays with the provider, which is required to save it. The government does not hold the database in PRISM collection. In PRISM collection, the government sends a selector, such as an email address, to a United States-based electronic communications service provider, such as an Internet service provider ( ISP ), and the provider is compelled to give the communications sent to or from that selector to the government. PRISM collection does not include the acquisition of telephone calls. The National Security Agency ( NSA ) receives all data collected through PRISM. In addition, the Central Intelligence Agency ( CIA ) and the Federal Bureau of Investigation ( FBI ) each receive a select portion of PRISM collection. 44

45. [Case Title Redacted] The Upstream Data Collection Problem 45

46. What is Upstream Collection? This is collection of raw data from flowing between servers routing Internet traffic. This is not targeted. Upstream collection includes complete telephone calls, not just metadata, in addition to Internet communications. Data from upstream collection is received only by the NSA. upstream collection of Internet communications includes two features that are not present in PRISM collection: the acquisition of so-called about communications and the acquisition of so-called multiple communications transactions ( MCTs ). 46

47. About Communications An about communication is one in which the selector of a targeted person (such as that person s email address) is contained within the communication but the targeted person is not necessarily a participant in the communication. [For example, if a terrorist subject includes your auto dealer client s email in a message about a where to get a car repaired.] Rather than being to or from the selector that has been tasked, the communication may contain the selector in the body of the communication, and thus be about the selector. 47

48. Multiple communications transactions ( MCTs ). An MCT is an Internet transaction that contains more than one discrete communication within it. If one of the communications within an MCT is to, from, or about a tasked selector, and if one end of the transaction is foreign, the NSA will acquire the entire MCT through upstream collection, including other discrete communications within the MCT that do not contain the selector. Simple example email attachments. 48

49. % of Total Collections or Total of Improper Collections? In arguing that NSA s targeting and minimization procedures satisfy the Fourth Amendment notwithstanding the acquisition of MCTs, the government stresses that the number of protected communications acquired is relatively small in comparison to the total number of Internet communications obtained by NSA through its upstream collection. That is true enough, given the enormous volume of Internet transactions acquired by NSA through its upstream collection (approximately 26.5 million annually). But the number is small only in that relative sense. The Court must also take into account the absolute number of non-target, protected communications that are acquired. In absolute terms, tens of thousands of non-target, protected communications annually is a very large number. 49

50. The 4th Amendment Problem In sum, then, NSA s upstream collection is a small, but unique part of the government s overall collection under Section 702 of the FAA. NSA acquires valuable information through its upstream collection, but not without substantial intrusions on Fourth Amendment-protected interests. Indeed, the record before this Court establishes that NSA s acquisition of Internet transactions likely results in NSA acquiring annually tens of thousands of wholly domestic communications, and tens of thousands of non-target communications of persons who have little or no relationship to the target but who are protected under the Fourth Amendment. Both acquisitions raise questions as to whether NSA s targeting and minimization procedures comport with FISA and the Fourth Amendment. 50

Load More ...