Way back in 2013, in Marty Lederman’s review of the NSA Review Group’s Report, he pointed to the Report’s suggestion that Section 702 collection was limited to use with counterterrorism, counterproliferation, and cybersecurity.
The Report contains an interesting clue about how the government is presently using Section 702 that I do not recall being previously disclosed—and raises a related question about legal authorities under that provision of the FAA:
The Report explains (page 136) that in implementing Section 702, “NSA identifies specific ‘identifiers’ (for example, e-mail addresses or telephone numbers) that it reasonably believes are being used by non-United States persons located outside of the United States to communicate foreign intelligence information within the scope of the approved categories (e.g., international terrorism, nuclear proliferation, and hostile cyber activities).
Later, on pages 152-53, the authors “emphasiz[e] that, contrary to some representations,section 702 does not authorize NSA to acquire the content of the communications of masses of ordinary people. To the contrary, section 702 authorizes NSA to intercept communications of non-United States persons who are outside the United States only if it reasonably believes that a particular ‘identifier’ (for example, an e-mail address or a telephone number) is being used to communicate foreign intelligence information related to such matters as international terrorism, nuclear proliferation, or hostile cyber activities.” (Italics in original.)
I may be mistaken, but I don’t believe that there’s anything in the statute itself that imposes the limitations in bold–neither that the NSA must use such “identifiers,” nor that international terrorism, nuclear proliferation, and hostile cyber activities are the only topics of acceptable foreign intelligence information that can be sought. Perhaps the FISC Court has insisted upon such limits; but, as far as I know, the Section 702 authority as currently codified is not so circumscribed.
Of course, if you’re a regular emptywheel reader, you likely know where this has been suggested in the past, since I’ve been pointing out this apparent limitation to Section 702 since June 10 and discussed some implications of it here, here, and here.
In a response to Lederman, Julian Sanchez provided some specific cautions about treating these category limits as true “limitations.” He suggests it is unlikely that the Intelligence Community or the FISA Court would impose such limitations.
The 702 language, codified at 50 U.S.C. §1881a, permits the NSA to acquire any type of “foreign intelligence information,” which is defined extraordinarily broadly to encompass, inter alia, anything that relates to the “conduct of the foreign affairs of the United States.” But here we have the Review Group suggesting repeatedly that 702 surveillance is only for acquiring certain specific types of foreign intelligence information, related to nuclear proliferation, international terrorism, or cybersecurity. Have the intelligence agencies or the FISC imposed a more restricted reading of “foreign intelligence information” than the FISA statute does? I doubt it.
While I agree with most of Sanchez’ other cautions, I actually do think it likely that the FISC conducts a review that ends up in such limited certifications. They did it for application of Section 215 to the phone dragnet (which legally could have been used for counterintelligence purposes) and I think they may well have done so with Section 702.
FISCR only ruled bulk content collection legal for “national security” foreign intelligence purposes
We’ll learn whether I’m right or not when the FISC releases more of the 2008 Yahoo challenge to Protect America Act directives. But there is enough detail in the unclassified August 22, 2008 FISA Court of Review opinion released in early 2009 to suggest where that limitation may have come from.
The FISCR opinion, written by Bruce Selya, describes the certifications before the Court as limited to “foreign intelligence for national security purposes,” a limitation that already circumscribes PAA (and the FISA Amendments Act, as Sanchez has laid out), which allow their use for foreign intelligence generally.
In essence, as implemented, the certifications permit surveillances conducted to obtain foreign intelligence for national security purposes when those surveillances are directed against foreign powers or agents of foreign powers reasonably believed to be located outside the United States. [my emphasis]
This limitation is important because of the way Selya deals with the affirmation, in the FISC ruling before the FISCR, that there is a foreign intelligence exception to the Fourth Amendment: by instead finding a special needs exception to the Fourth tied to national security. Read more