There’s a section of DiFi’s FakeFISAFix bill, called “Restrictions on the Querying of the Contents of Certain Communications,” that purports to put new limits on the searches of data collected under Section 702 for US person information.
(1) LIMITATION ON QUERY TERMS THAT IDENTIFY A UNITED STATES PERSON.—A query of the contents of communications acquired under this section with a selector known to be used by a United States person may be conducted by personnel of elements of the Intelligence Community only if the purpose of the query is to obtain foreign intelligence information or information necessary to understand foreign intelligence information or to assess its importance.
(A) IN GENERAL.—For any query performed pursuant to paragraph (1) a record shall be retained of the identity of the Government personnel who performed the query, the date and time of the query, and the information indicating that the purpose of the query was to obtain foreign intelligence information or information necessary to understand foreign intelligence information or to assess its importance.
While the additional record-keeping is a significant improvement (remember, the IC has been saying they can’t even count this), I think, as it does with Section 215 searches, the language of the bill may actually expand the searches for US person content in information collected under Section 702.
As a threshold matter, the language restricting certain searches to foreign intelligence purposes only codifies the status quo. The language John Bates approved in 2011 (see page 23 and following) when he gave NSA and CIA this authority (FBI apparently already had it) limited such searches to those “reasonably likely to yield foreign intelligence information.”
In addition, this provision permits such searches for the IC in general. As far as we know for sure, only NSA, CIA, and FBI have this authority (though NCTC have recently gotten their own FISA minimization procedures which might allow them). But this language would seem to permit other agencies within the IC — say, DEA — to query 702 data for US person information as well.
Moreover, the section specifically excludes dialing, routing, and addressing information from this.
(B) CONTENT.—The term ‘content’, with respect to a communication—
(i) means any information concerning the substance, purport, or meaning of that communication; and
(ii) does not include any dialing, routing, addressing, or signaling information
While leaving this stuff out of the definition of content makes sense under the law, this would have the effect of permitting searches on Section 702 data to see if US persons were in there (to see whether a US person was in contact with the target, for example), by searching on the selector as metadata rather than content. Such searches wouldn’t require the same documentation, nor would they bear the intelligence purpose limitation (though I think Bates’ ruling would still limit that).
In other words, thus far, this section seems to create the illusion of oversight for such searches, but oversight that only covers one kind of search on US person data. And it still very much allows reverse targeting using a person’s phone number or IP address.
Finally there’s the rest of the language.
(3) CONSTRUCTION.—Nothing in this subsection may be construed
(A) to prohibit access to data collected under this section as may be necessary for technical assurance, data management or compliance purposes, or for the purpose of narrowing the results of queries, in which case no information produced pursuant to the order may be accessed, used, or disclosed other than for such purposes;
(B) to limit the authority of a law enforcement agency to conduct a query for law enforcement purposes of the contents of communications acquired under this section; or
(C) to limit the authority of an agency to conduct a query for the purpose of preventing a threat to life or serious bodily harm to any person
My concerns about the technical access mirror the concerns I have about such access to the phone dragnet.
But what this construction language also does is explicitly suggest law enforcement officers (FBI plus DEA again, and I’ll bet the Secret Service) can search the content of Section 702 information (and this is not even limited to a selector — a phone number or IP address) for any law enforcement reason, even one having nothing to do with foreign intelligence. (Remember, under minimization rules, the NSA refers evidence of crime it comes across to FBI, but that shouldn’t permit FBI to just trawl databases of Section 702 data to find crimes.) Add in the language permitting an agency, any agency, to conduct queries for the purpose of preventing threat to life or serious bodily harm, language that we know NSA has rewritten in secret to include threats to property.
Among all the troubling uses these two paragraphs could be put, there’s a ton of cybersecurity and IP applications. Collecting on Kim DotCom as a foreign intelligence target, for example, would allow you to search for any evidence that Americans stored stolen IP in MegaUpload given the NSA definition of “threat to life” as “threat to property.” All without a warrant of any kind.
In short, as the FakeFix did with Section 215 collections, this language purportedly adding limits to searches of US person data collected under Section 702 appears to allow reverse targeting to continue without being tracked, and seems to permit access to Section 702 data for other reasons with no apparent limits.
I’m less certain about this than I am about the Section 215 data; we have much less information about what is currently going on with these searches.
But it sure seems to envision fairly unlimited reverse targeting and use of Section 702 information to conduct criminal and hacking investigations with no due process.
Update; Changed the language on law enforcement searches, which was stated too strongly.