Skip Navigation
Analysis

How the FBI Violated the Privacy Rights of Tens of Thousands of Americans

A recently released secret court ruling found that the government’s warrantless surveillance of emails routinely violated the Fourth Amendment.

October 22, 2019

This article was origin­ally published by Just Secur­ity in two parts.

Earlier this month, the Office of the Director of National Intel­li­gence released three redac­ted opin­ions of the Foreign Intel­li­gence Surveil­lance Court (also known as the FISA Court) and the FISA Court of Review (FISCR). In the first opin­ion, the FISA Court held that the FBI’s proced­ures for access­ing Amer­ic­ans’ commu­nic­a­tions that are “incid­ent­ally” collec­ted under Section 702 of FISA viol­ated both the stat­ute and the Fourth Amend­ment. The govern­ment appealed, and in the second opin­ion, the FISCR upheld the FISA Court’s decision. The FBI was forced to revise its proced­ures to conform with the court’s ruling, and in the third opin­ion, the court approved the revised proced­ures.

The govern­ment will no doubt try to sell this as an over­sight success story. After all, the Depart­ment of Justice’s audits had detec­ted instances of FBI non-compli­ance with legal require­ments, and the Depart­ment repor­ted those instances to the FISA Court. The court soli­cited the assist­ance of amici and adop­ted their posi­tion in signi­fic­ant part. It ordered remed­ies that the FBI is now required to imple­ment. And all of this became public because Congress in 2015 required the disclos­ure of signi­fic­ant FISA Court opin­ions. The system worked, right?

I see a very differ­ent story. This is now the fourth major FISA Court opin­ion on Section 702 in 10 years docu­ment­ing substan­tial non-compli­ance with the rules meant to protect Amer­ic­ans’ privacy. The opin­ion, moreover, reveals that the FBI is conduct­ing liter­ally millions of back­door searches — includ­ing so-called “batch quer­ies” that rest on the same discred­ited legal theory used to justify the NSA’s bulk collec­tion of Amer­ic­ans’ phone records. Despite the enorm­ous implic­a­tions for Amer­ic­ans’ privacy and the govern­ment’s dismal record, the remedy sugges­ted by amici and imposed by the court was just more record-keep­ing. And the govern­ment sat on the opin­ion for a year, hoping for an appel­late victory that would help mitig­ate the PR damage from disclos­ure.

Back­ground: Section 702’s Troubled History

To put the court’s recent opin­ions in context, some back­ground is neces­sary. Under Section 702 of the Foreign Intel­li­gence Surveil­lance Act (FISA), passed in 2008, the National Secur­ity Agency (NSA), oper­at­ing inside the United States, is author­ized to collect commu­nic­a­tions of foreign­ers over­seas for foreign intel­li­gence purposes. No warrant is required for this collec­tion because courts have held that foreign­ers have no Fourth Amend­ment rights. Instead, each year, the FISA Court must sign off on the proced­ures that govern the surveil­lance.

Although ostens­ibly targeted at foreign­ers, Section 702 surveil­lance inev­it­ably sweeps in massive amounts of Amer­ic­ans’ commu­nic­a­tions. Recog­niz­ing the impact on Amer­ic­ans’ privacy, Congress required the NSA to “minim­ize” the shar­ing, reten­tion, and use of this “incid­ent­ally” collec­ted U.S. person data. But the govern­ment and the FISA Court have embraced an inter­pret­a­tion of “minim­ize” that is remark­ably… maximal. The NSA shares raw data with multiple other agen­cies — includ­ing the FBI and the CIA — and all of them retain the data for a func­tional minimum of five years. Moreover, the FBI routinely combs through it look­ing for Amer­ic­ans’ commu­nic­a­tions to use in purely domestic cases, even in situ­ations where the FBI lacks a factual predic­ate to open a full invest­ig­a­tion.

In 2011, the govern­ment disclosed to the FISA Court that it had misrep­res­en­ted the nature of its “upstream” collec­tion activ­it­ies under Section 702. (“Upstream” collec­tion takes place as the commu­nic­a­tions are trans­it­ing over the Inter­net back­bone; “down­stream” collec­tion acquires stored commu­nic­a­tions, usually from the serv­ers of Inter­net Service Providers.) When conduct­ing upstream surveil­lance, the govern­ment was acquir­ing, not just commu­nic­a­tions to or from the targets of surveil­lance, but commu­nic­a­tions that simply mentioned certain inform­a­tion about them (known as “abouts” collec­tion). As a result, the govern­ment was acquir­ing pack­ets of data contain­ing multiple commu­nic­a­tions, some of which had noth­ing to do with the target. This included tens of thou­sands of wholly domestic commu­nic­a­tions.

The court was not pleased to learn about this signi­fic­ant issue three years into the program’s oper­a­tion. It held that the govern­ment’s hand­ling of the data viol­ated the Fourth Amend­ment, and it required the govern­ment to develop special rules — approved by the court in 2012 — for segreg­at­ing, stor­ing, retain­ing, and access­ing commu­nic­a­tions obtained through “upstream” collec­tion.

In 2015, the court was under the impres­sion that these rules were being followed. However, in approv­ing Section 702 surveil­lance that year, it noted several incid­ents of non-compli­ance with other rules designed to protect Amer­ic­ans’ privacy — includ­ing FBI viol­a­tions of protec­tions for attor­ney-client commu­nic­a­tions, a “fail­ure of access controls” by the FBI, and the NSA’s fail­ure to purge certain improp­erly collec­ted data. Once again, the court expressed displeas­ure at being noti­fied of infrac­tions long after they occurred.

In 2016, the FISA Court learned that the NSA had been viol­at­ing the rules estab­lished in 2012. Because those rules were designed to remedy a Fourth Amend­ment viol­a­tion occur­ring since the start of the program, the NSA’s non-compli­ance meant that its upstream collec­tion activ­it­ies had been oper­at­ing uncon­sti­tu­tion­ally for eight years. Moreover, the govern­ment did not report this issue for several months after discov­er­ing it. Unable to bring itself into compli­ance, the NSA made the only decision it could: In the spring of 2017, it aban­doned “abouts” collec­tion, which was at the root of the prob­lem.

When Section 702 came up for reau­thor­iz­a­tion in late 2017, civil liber­ties advoc­ates poin­ted to this troubled history. They also poin­ted to a grow­ing body of case law hold­ing that searches of govern­ment data­bases can, in certain circum­stances, consti­tute a separ­ate Fourth Amend­ment event. They argued that govern­ment agen­cies should be required to obtain a warrant before search­ing Section 702-obtained data for the commu­nic­a­tions of Amer­ic­ans (a prac­tice form­ally called “U.S. person quer­ies” and inform­ally dubbed “back­door searches”). They also urged Congress to ban “abouts” collec­tion, lest the govern­ment attempt to resume it.

Congress rejec­ted these propos­als. Although Congress did require the FBI to obtain the FISA Court’s permis­sion to conduct U.S. person quer­ies in a tiny sliver of cases, it blessed the vast major­ity of these searches, which previ­ously had no found­a­tion in the text of Section 702. It simply required the FBI to develop “query­ing proced­ures” that the FISA Court would have to approve. It also required the FBI to keep records of each U.S. person query it conduc­ted. With respect to “abouts” collec­tion, Congress required the govern­ment to obtain FISA Court approval and to give Congress advance notice before resum­ing the prac­tice.

The court’s Octo­ber 2018 Ruling

In March 2018, the govern­ment submit­ted its annual certi­fic­a­tions and proced­ures to the FISA Court for its approval. In a decision dated Octo­ber 18, 2018, and released last week, the FISA Court held that the FBI’s minim­iz­a­tion proced­ures viol­ated both the stat­ute and the Fourth Amend­ment. The court’s opin­ion addresses three main prac­tices by the FBI: down­stream collec­tion of certain commu­nic­a­tions; the FBI’s fail­ure to record USP quer­ies; and the FBI’s improper use of USP quer­ies.

Down­stream collec­tion and “abouts” commu­nic­a­tions. Although this section of the opin­ion is highly redac­ted, it appears that the govern­ment is engaged in a new form of down­stream collec­tion that raised a flag for the FISA Court. The court soli­cited amici’s advice about whether the stat­utory precon­di­tions for resum­ing “abouts” collec­tion apply to down­stream collec­tion, and whether certain activ­it­ies in the govern­ment’s 2018 certi­fic­a­tions involve the acquis­i­tion of “abouts” commu­nic­a­tions. Amici argued that the answer to both ques­tions was yes; the govern­ment’s answer was no in both cases. The court split the baby, hold­ing that the stat­utory require­ments apply to any kind of “abouts” collec­tion, but that no such collec­tion would occur under the govern­ment’s certi­fic­a­tions.

The heavy redac­tions make it diffi­cult to assess the signi­fic­ance of this part of the opin­ion. However, on its face, the defin­i­tion of “abouts” collec­tion — basic­ally, anything other than a commu­nic­a­tion to or from the target — should not be diffi­cult to apply. It is worri­some that the govern­ment and amici reached differ­ent conclu­sions about whether a certain form of collec­tion merited the label “abouts.” The uncer­tainty strongly supports a suspi­cion civil liber­ties advoc­ates have held for some time: that the select­ors the govern­ment uses to identify the commu­nic­a­tions to be collec­ted are not neces­sar­ily unique iden­ti­fi­ers (such as email addresses), but can sweep in people other than the inten­ded targets (as would, for instance, IP addresses).

The stat­utory require­ment to count U.S. person quer­ies. In its Janu­ary 2018 reau­thor­iz­a­tion of Section 702, Congress ordered the govern­ment to adopt query­ing proced­ures that included “a tech­nical proced­ure whereby a record is kept of each United States person query term used for a query.” Instead, in the query­ing proced­ures that the FBI submit­ted to the FISA Court, the Bureau announced that it “intends to satisfy the record-keep­ing require­ment by keep­ing a record of all quer­ies” — in other words, the FBI would lump together U.S. person quer­ies and non-U.S. person quer­ies, without distin­guish­ing between them.

The govern­ment defen­ded this approach with a weak argu­ment that the stat­utory text was some­how ambigu­ous, and that both the legis­lat­ive history and policy consid­er­a­tions weighed against requir­ing the FBI to docu­ment U.S. person quer­ies. In a refrain often heard when an intel­li­gence or law enforce­ment agency is asked to devote time or resources to safe­guard­ing civil liber­ties, the govern­ment claimed that requir­ing the FBI to figure out whether a partic­u­lar invest­ig­at­ive subject was a U.S. person would “divert resources from invest­ig­at­ive work . . . to the detri­ment of public safety.”

The FISA Court has histor­ic­ally yiel­ded to such pleas, and on this occa­sion, the court seemed sympath­etic. Ulti­mately, however, the court concluded that it had no choice. It stated: “Regard­less of how persuas­ive the FBI’s consid­er­a­tions may be, the court is not free to substi­tute its under­stand­ing of sound policy — or, for that matter, the under­stand­ing of the Director of the FBI — for the clear command of the stat­ute.” The law, the court held, was unam­bigu­ous in its direct­ive to count U.S. person quer­ies.

On appeal, the FISCR upheld the court’s ruling on this ques­tion. The FISCR, however, seemed some­what less sympath­etic to the govern­ment’s posi­tion. Under the FBI’s query­ing proced­ures, “U.S. person query term” is defined as “a term that is reas­on­ably likely to identify one or more specific United States persons.” This defin­i­tion does not require a high level of certainty. Moreover, the proced­ures provide for the applic­a­tion of default assump­tions in cases where specific inform­a­tion is lack­ing. Under these circum­stances, it is hard to argue with the FISC­R’s assess­ment that count­ing U.S. person quer­ies is not “a burden­some substant­ive require­ment,” and that it would simply mean “adding one (largely minis­terial) item to the check­list that FBI person­nel most likely already work through when conduct­ing quer­ies for invest­ig­at­ive purposes.”

Some­what oddly, the FISCR did not resolve the other major issue on appeal: whether the FBI’s repeated viol­a­tions of its own query­ing and minim­iz­a­tion proced­ures rendered those rules unlaw­ful and uncon­sti­tu­tional as imple­men­ted. Those viol­a­tions, and the FISA Court’s fail­ure to require an adequate remedy for them, will be the subject of Part II of this post.

Improper quer­ies of Section 702 commu­nic­a­tions. The most eye-open­ing part of the Octo­ber 2018 opin­ion is the section address­ing the “large number” of quer­ies under­taken by the FBI since April 2017 that did not comply with internal rules, the stat­ute, or the Fourth Amend­ment.

To begin, the opin­ion provides the first glimpse of just how preval­ent the FBI’s U.S. person quer­ies really are. In the past, the FBI has claimed it has no way even to estim­ate this number. It was nonethe­less clear that the number was signi­fic­ant, as the Privacy and Civil Liber­ties Over­sight Board (PCLOB) repor­ted that the FBI runs quer­ies of data­bases contain­ing Section 702 data at the earli­est stage of every assess­ment or invest­ig­a­tion.

The court’s Octo­ber 2018 opin­ion reveals that the FBI in 2017 conduc­ted 3.1 million quer­ies on one system alone. This number encom­passes U.S. person and non-U.S. person quer­ies alike, but as the court observed: “[G]iven the FBI’s domestic focus it seems likely that a signi­fic­ant percent­age of its quer­ies involve U.S.-person query terms.” Almost certainly, then, the total number of U.S. person quer­ies run by the FBI each year is well into the millions.

In theory, the FBI’s proced­ures are supposed to limit these searches. The key limit­a­tion, as set forth in the query­ing proced­ures, is as follows:

“Each query of FBI systems [contain­ing raw Section 702 data] . . . must be reas­on­ably likely to retrieve foreign intel­li­gence inform­a­tion, as defined by FISA, or evid­ence of a crime, unless other­wise specific­ally excep­ted in these proced­ures.”

This require­ment essen­tially mirrors the one previ­ously contained in the FBI’s minim­iz­a­tion proced­ures. The FISA Court once again held, as it has in the past, that this limit­a­tion, “as writ­ten,” satis­fies both the stat­ute and the Fourth Amend­ment.

But that didn’t end the court’s analysis. The court went on: “FISC review of minim­iz­a­tion proced­ures under Section 702 is not confined to the proced­ures as writ­ten; rather, the court also exam­ines how the proced­ures have been and will be imple­men­ted.” The court then noted that, “[s]ince April 2017, the govern­ment has repor­ted a large number of FBI quer­ies that were not reas­on­ably likely to return foreign-intel­li­gence inform­a­tion or evid­ence of a crime.” These included multiple one-off incid­ents of FBI person­nel running U.S. person quer­ies acci­dent­ally or for improper personal purposes. (In a frank state­ment that reveals why limits on access are a poor substi­tute for adequate limits on collec­tion, the FISA Court commen­ted that it was less concerned about personal misuses of the data, because “[i]t would be diffi­cult to completely prevent person­nel from query­ing data for personal reas­ons.”) They also included several incid­ents indic­at­ive of more systemic prob­lems, includ­ing:

  • In March 2017, the FBI, against the advice of the FBI’s Office of General Coun­sel, conduc­ted quer­ies using 70,000 iden­ti­fi­ers “asso­ci­ated with” people who had access to FBI facil­it­ies and systems.
  • On a single day in Decem­ber 2017, the FBI conduc­ted over 6,800 U.S. person quer­ies using Social Secur­ity Numbers.
  • Between Decem­ber 7–11, 2017, an FBI offi­cial improp­erly reviewed raw FISA inform­a­tion result­ing from 1,600 U.S. person quer­ies.
  • On more than one occa­sion, the FBI conduc­ted dozens of U.S. person quer­ies to gather inform­a­tion about poten­tial inform­ants.

The govern­ment told the FISA Court that these errors stemmed from “funda­mental misun­der­stand­ings by some FBI person­nel [about] what the stand­ard ‘reas­on­ably likely to return foreign intel­li­gence inform­a­tion’ means.” This is a remark­able admis­sion, given that this stand­ard has been in place for several years, and given the govern­ment’s repeated assur­ances to the FISA Court during this time that access to Amer­ic­ans’ data was restric­ted to person­nel who were care­fully trained in the applic­able limits.

The court expressed “seri­ous concern” about “the large number of quer­ies evid­en­cing a misun­der­stand­ing of the query­ing stand­ard — or indif­fer­ence to it.” It iden­ti­fied three factors that heightened its concern. First, it cited limit­a­tions on exist­ing over­sight mech­an­isms. It noted that some FBI offices field offices go for peri­ods of two years or more between over­sight visits, and ulti­mately, Justice Depart­ment over­seers “review only a small portion of the quer­ies conduc­ted.” It also observed that “the docu­ment­a­tion avail­able to [over­seers] lacks basic inform­a­tion that would assist in identi­fy­ing prob­lem­atic quer­ies.” Given these limit­a­tions, the court wrote, “it appears entirely possible that further query­ing viol­a­tions involving large numbers of U.S.-person query terms have escaped the atten­tion of over­seers and have not been repor­ted to the court.”

Second, the court — for the first time — acknow­ledged the tension between the substant­ive limits on quer­ies contained in the FBI’s proced­ures, and the Bureau’s vigor­ous encour­age­ment to its person­nel to run quer­ies early and often. Indeed, an FBI offi­cial submit­ted a declar­a­tion to the court stat­ing that “FBI encour­ages its person­nel to make maximal use of quer­ies — provided they are compli­ant with the FBI’s minim­iz­a­tion proced­ures . . . .” FBI offi­cials are thus simul­tan­eously told to maxim­ize and minim­ize their access to U.S. person inform­a­tion. In the court’s words:

“On the one hand, the FBI is oblig­ated to query Section 702 and other FISA inform­a­tion only in circum­stances satis­fy­ing a query­ing stand­ard that does not apply to FBI inform­a­tion gener­ally. On the other hand, it has set up its systems to facil­it­ate running the same query simul­tan­eously across FISA and non-FISA data­sets . . . and encour­ages person­nel to make maximal use of such quer­ies, even at the earli­est invest­ig­at­ive stages. Those policy decisions may well help FBI person­nel work effi­ciently and ‘con­nect dots’ to protect national secur­ity . . . but they also create an envir­on­ment in which unduly lax applic­a­tions of the Section 702 query­ing stand­ards are more likely to occur.”

Third, the court discussed the FBI’s use of “batch quer­ies” — perhaps the most explos­ive revel­a­tion in the opin­ion. The FBI’s query­ing proced­ures require that “[e]ach query” must be reas­on­ably likely to retrieve foreign intel­li­gence inform­a­tion or evid­ence of a crime. The govern­ment, however, has taken the posi­tion that “an aggreg­a­tion of indi­vidual quer­ies” — also referred to as a “batch query” — “can satisfy the query­ing stand­ard, even if each indi­vidual query in isol­a­tion would not be reas­on­ably likely to return foreign-intel­li­gence inform­a­tion or evid­ence of a crime.” So, for instance, if the FBI has inform­a­tion that an employee at a partic­u­lar company is plan­ning illegal actions, but the FBI has no know­ledge of who the employee is, the Bureau would be justi­fied (the govern­ment argues) in running quer­ies for every employee at that company. This is presum­ably the theory on which the FBI ran the massive numbers of quer­ies described above (e.g., 70,000 quer­ies on indi­vidu­als with access to FBI systems and facil­it­ies).

If this sounds famil­iar, it should. This is the same rationale the NSA used to justify “bulk collec­tion” of Amer­ic­ans’ tele­phone records. Even though the applic­able stat­ute, Section 215 of the Patriot Act, allowed the govern­ment to obtain records only if they were “relev­ant” to an author­ized invest­ig­a­tion, the FISA Court allowed the NSA to collect the phone records of nearly every Amer­ican — most of which were, of course, entirely irrel­ev­ant to any invest­ig­a­tion — on the ground that some relev­ant records were likely buried within them. When this prac­tice was made public as a result of Edward Snowden’s disclos­ures, it was unable to with­stand either judi­cial review (the Second Circuit Court of Appeals held that it viol­ated the stat­ute) or the judg­ment of Congress (which changed the law in 2015 with the goal of prohib­it­ing bulk collec­tion).

As the NSA’s bulk collec­tion program illus­trates, there is no logical limit to how many quer­ies the FBI could aggreg­ate based on the theory that the result will likely yield foreign intel­li­gence or evid­ence of a crime. Indeed, the larger the number of indi­vidu­als swept in, the more likely it is that the quer­ies, in aggreg­ate, will turn up results. It is a small step from “batch quer­ies” to “bulk quer­ies.” The court did not seem alarmed by the implic­a­tions of the theory — it opined that “[p]erhaps in the abstract it would be reas­on­able for the FBI to run such an aggreg­ated query” — but it nonethe­less expressed skep­ti­cism that such an approach could be recon­ciled with the text of the FBI’s query­ing proced­ures, which require “[e]ach query” to be reas­on­ably likely to return foreign intel­li­gence inform­a­tion or evid­ence of a crime.

Ulti­mately, the court held that the extent of improper query­ing rendered the FBI’s proced­ures, as imple­men­ted, incon­sist­ent with Section 702’s “minim­iz­a­tion” require­ment. It also held that the FBI’s prac­tices viol­ated the Fourth Amend­ment’s reas­on­able­ness require­ment. Although it found the govern­ment’s interest in acquir­ing foreign intel­li­gence inform­a­tion to be “partic­u­larly intense,” it quoted a decision by the Foreign Intel­li­gence Surveil­lance Court of Review (FISCR) stat­ing that if “the protec­tions that are in place for indi­vidual privacy interests are . . . insuf­fi­cient to alle­vi­ate the risks of govern­ment error and abuse, the scales will tip toward a find­ing of uncon­sti­tu­tion­al­ity.” The court concluded: “Here, there are demon­strated risks of seri­ous error and abuse, and the court has found the govern­ment’s proced­ures do not suffi­ciently guard against that risk.”

To cure these defects, the court recom­men­ded — and the FBI ulti­mately adop­ted, after the govern­ment’s unsuc­cess­ful appeal to the FISCR — a remedy proposed by amici. Specific­ally, any time the FBI runs a U.S. person query that returns Section 702 data, FBI person­nel are not permit­ted to view the content (although they may still view non-content “metadata”) unless they first docu­ment the reas­ons why they believed the query was likely to return foreign intel­li­gence or evid­ence of a crime. The court opined that this require­ment would force FBI person­nel to think more care­fully about the applic­able stand­ard before running quer­ies, and would assist over­sight person­nel in determ­in­ing whether the stand­ard was indeed being honored.

A Triumph of Over­sight?

The FISA Court iden­ti­fied seri­ous prob­lems with the govern­ment’s submis­sions, engaged amici to provide advice, considered and partly agreed with their argu­ments, held the govern­ment’s actions to be not only unlaw­ful but uncon­sti­tu­tional, and adop­ted a remedy proposed by amici — all of which was made public, albeit with redac­tions. Taken in isol­a­tion, these facts might seem to tell a resound­ing success story for over­sight of foreign intel­li­gence surveil­lance.

But such a conclu­sion would ignore many other sali­ent facts. For one thing, the govern­ment sat on the FISA Court’s Octo­ber 2018 opin­ion for almost a year, instead of promptly declas­si­fy­ing and releas­ing it as envi­sioned by Congress in the 2015 USA FREE­DOM Act. Clearly, the govern­ment was hoping for a win on appeal that would neut­ral­ize the negat­ive impact on public opin­ion. Had the appeal taken several addi­tional months to resolve, there is no doubt that we would still be in the dark about the FBI’s activ­it­ies today.

As for the substance of the opin­ion, the illu­sion of account­ab­il­ity fades when one considers the many aspects of the court’s own ruling that were left entirely unad­dressed by its chosen remedy. The court’s opionion cited the follow­ing major prob­lems and sources of concern:

  • FBI person­nel are funda­ment­ally confused about what “reas­on­ably likely to return foreign intel­li­gence or evid­ence of a crime” means.
  • Over­sight is limited because over­seers review only a tiny frac­tion of quer­ies.
  • Over­sight is limited because over­seers lack docu­ment­a­tion of the justi­fic­a­tion for quer­ies.
  • There is a mismatch between the FBI’s query­ing proced­ures, which purport to place substant­ive limits on quer­ies, and the FBI’s policy of encour­aging routine use of those quer­ies at the earli­est stage of every invest­ig­a­tion.
  • “Batch” quer­ies are seem­ingly incon­sist­ent with the text of the FBI’s query­ing proced­ures.

The remedy imposed by the court — a require­ment that FBI person­nel docu­ment their reas­ons for perform­ing a U.S. person query before view­ing content inform­a­tion — addresses only one of these prob­lems (lack of docu­ment­a­tion for over­seers to review). After all, if FBI agents truly do not under­stand what “reas­on­ably likely to return foreign intel­li­gence or evid­ence of a crime” means, requir­ing them to docu­ment their miscon­cep­tions will not produce any greater under­stand­ing; it will merely reaf­firm the confu­sion that the court already observed.

In theory, the docu­ment­a­tion could be used as a mech­an­ism to identify person­nel who require remedial train­ing or even admin­is­trat­ive discip­line. But the court did not order any such meas­ures, and the FBI’s revised proced­ures don’t contem­plate them. In any case, it is clear from the court’s opin­ion that the Justice Depart­ment would require expan­ded over­sight capa­city to detect non-compli­ance in anything more than a frac­tion of cases. The court did not direct the Justice Depart­ment to devote more resources to over­sight, and so virtual piles of docu­ment­a­tion record­ing FBI agents’ vari­ous inter­pret­a­tions of the legal stand­ard for quer­ies will languish unex­amined. Know­ing this, FBI agents are unlikely to spend much time or thought on writ­ing out their rationales.

Nor does the court’s remedy do anything about the mixed message the FBI sends its person­nel by simul­tan­eously limit­ing (in its query­ing and minim­iz­a­tion proced­ures) and urging (in its policies and rhet­oric) the use of quer­ies. It was an import­ant step forward for the court to recog­nize this funda­mental discon­nect in the FBI’s prac­tice. But the discon­nect will continue unless and until the court orders the FBI to harmon­ize its policies and its rhet­oric with its Section 702 proced­ures.

The court also strongly sugges­ted that “batch quer­ies” are incon­sist­ent with the text of the FBI’s query­ing proced­ures. However, it did not order the FBI either to stop batch quer­ies or to alter its proced­ures to allow them. The FBI’s revised proced­ures, which the FISA Court approved in Septem­ber 2019, still have the language that would seem to fore­close batch quer­ies. But there is no indic­a­tion, either in the proced­ures or in any other public docu­ment, that the FBI has stopped the prac­tice; and the FISA Court appar­ently forgot to ask, as its Septem­ber 2019 opin­ion does not even mention the issue.

More to the point, the court should have barred “batch quer­ies” outright. The FISA Court’s find­ing that Section 702 surveil­lance is consti­tu­tion­ally reas­on­able has always hinged on a delic­ate balance between the govern­ment’s interest in collect­ing foreign intel­li­gence and Amer­ic­ans’ privacy interests in their commu­nic­a­tions. The ostens­ible exist­ence of strict limit­a­tions on govern­ment offi­cials’ access to Amer­ic­ans’ commu­nic­a­tions — includ­ing the require­ment that quer­ies must be designed to return foreign intel­li­gence or evid­ence of a crime — has been a key factor in the court’s conclu­sion that the balance tips in the govern­ment’s favor. Allow­ing the FBI to conduct tens of thou­sands of quer­ies in a “batch,” when it is appar­ent that the vast major­ity of them will not yield any such inform­a­tion or evid­ence, would require a signi­fic­ant repos­i­tion­ing of the scales.

One final obser­va­tion: The court’s modest record-keep­ing remedy is partic­u­larly inad­equate in light of the govern­ment’s history of Section 702 viol­a­tions. On four separ­ate occa­sions, as recoun­ted in Part I of this post, the FISA Court has found that the govern­ment was improp­erly hand­ling or access­ing Amer­ic­ans’ commu­nic­a­tions. On three of those occa­sions, the court held or other­wise indic­ated that these actions viol­ated the Fourth Amend­ment. Aston­ish­ingly, at no point in Section 702’s exist­ence has the govern­ment oper­ated the program in full compli­ance with consti­tu­tional require­ments. In light of this history, the court should have required changes far more substan­tial than (as the FISCR described it) “adding one (largely minis­terial) item to the [FBI’s] check­list.”

After a decade of trial and error, the FISA Court should have required FBI agents to obtain warrants before search­ing for Amer­ic­ans’ commu­nic­a­tions. In my opin­ion, the court erred when it held that recent case law does not support a warrant require­ment for U.S. person quer­ies of Section 702 data. Nonethe­less, even if a warrant require­ment were not compelled by the case law, the court still could have concluded that warrants are neces­sary here. In light of the repeated fail­ure of the govern­ment, over the course of more than a decade, to adhere to the proced­ural require­ments that the court has held the Fourth Amend­ment does require, the court could easily have determ­ined that noth­ing short of a warrant require­ment will guard against the “risks of seri­ous error and abuse” that have thus far rendered the govern­ment’s prac­tices uncon­sti­tu­tional. Now that would have been a triumph of foreign intel­li­gence surveil­lance over­sight.