Skip Navigation
Fellows

The NSA’s Backdoor Search Loophole

For people concerned about the privacy of their calls and e-mails, the warrantless collection of phone and Internet content under section 702 of the FISA Amendments Act demands a closer look.

November 14, 2013

Cross­pos­ted from The Boston Review.

The conver­sa­tion in Wash­ing­ton about legis­lat­ive reform of the NSA’s surveil­lance prac­tices has centered on the bulk collec­tion of Amer­ic­ans’ phone records pursu­ant to section 215 of the Patriot Act. The USA FREE­DOM Act, sponsored by Senator Leahy and Repres­ent­at­ive Sensen­bren­ner, would end bulk collec­tion, while the FISA Improve­ments Act, emer­ging from the Senate intel­li­gence commit­tee, would allow it to continue. But there has been relat­ively little discus­sion of how the bills would address another NSA program: the warrant­less collec­tion of tele­phone and Inter­net content under section 702 of the FISA Amend­ments Act (FAA). For people in this coun­try concerned about the privacy of their calls and e-mails, this aspect of the bills demands a closer look.

At its core, section 702 allows the NSA to collect the content of elec­tronic commu­nic­a­tions without any indi­vidu­al­ized court order if the “target” of the commu­nic­a­tions is “reas­on­ably believed” to be a foreigner over­seas, and if a signi­fic­ant purpose of the surveil­lance is to acquire foreign intel­li­gence inform­a­tion. “Reverse target­ing,” the target­ing of a U.S. person under the guise or pretext of target­ing a foreigner, is expressly prohib­ited. Admin­is­tra­tion offi­cials are thus tech­nic­ally correct in their repeated pronounce­ments that section 702 targets foreign­ers, not Amer­ic­ans.

This char­ac­ter­iz­a­tion is one of the major reas­ons Amer­ic­ans have paid less atten­tion to the program. It also explains the absence of any push­back when offi­cials describe section 702 author­it­ies as “clearly legal,” because it is well settled that non-citizens over­seas are not entitled to the protec­tions of the Fourth Amend­ment. But there is much more to section 702 than meets the eye. Notwith­stand­ing the require­ment of “target­ing” foreign­ers, the program toler­ates—and even contem­plates—a massive amount of collec­tion of Amer­ic­ans’ tele­phone calls, e-mails, and other elec­tronic commu­nic­a­tions.

Even though the target must be a non-citizen, program­matic surveil­lance under section 702 sweeps up all inter­na­tional commu­nic­a­tions to, from, or about the target. This includes commu­nic­a­tions coming into or out of the United States. Gran­ted, the NSA may capture these calls and e-mails only if it intends to acquire “foreign intel­li­gence inform­a­tion.” But the FAA defines this term so broadly—it encom­passes any inform­a­tion relev­ant to the foreign affairs of the United States – that it would in theory permit the capture of almost all commu­nic­a­tions between Amer­ic­ans and their friends, relat­ives, or busi­ness asso­ci­ates over­seas. The NSA refers to this as “incid­ental” collec­tion, but there is noth­ing “incid­ental” about it. As offi­cials made clear during the debates lead­ing up to the enact­ment of section 702, commu­nic­a­tions involving Amer­ic­ans were “the most import­ant to us.”

Amer­ic­ans’ commu­nic­a­tions also may be collec­ted by acci­dent—re­ferred to by the NSA as “inad­vert­ent” collec­tion, to distin­guish it from the “incid­ental” collec­tion that happens by design. Under section 702, there is no need for the govern­ment to specify—or even know—the iden­tity of the person whose commu­nic­a­tions are being inter­cep­ted. The govern­ment must employ court-approved target­ing proced­ures, which are supposed to ensure that the target is “reas­on­ably believed” to be a foreigner over­seas. As a result of Edward Snowden’s leaks, however, we now know that these proced­ures allow the NSA to “presume” that the target is a foreigner over­seas as long as it has no specific inform­a­tion to the contrary. Reports also indic­ate that the NSA, in sift­ing through Inter­net traffic, employs search terms that are designed to achieve “51% confid­ence” in the target’s foreignness—just slightly better odds than a coin toss.

Between “inad­vert­ent” and “incid­ental” collec­tion, it is likely that Amer­ic­ans’ commu­nic­a­tions comprise a signi­fic­ant portion of the 250 million Inter­net trans­ac­tions (and undis­closed number of tele­phone conver­sa­tions) inter­cep­ted each year without a warrant or show­ing of prob­able cause. At first blush, this may seem to fly in the face of the Fourth Amend­ment. The law, however, provides an appar­ent safe­guard.

Under section 702, the NSA must adopt “minim­iz­a­tion proced­ures” that are “reas­on­ably designed . . . to minim­ize the acquis­i­tion and reten­tion, and prohibit the dissem­in­a­tion, of nonpub­licly avail­able inform­a­tion concern­ing uncon­sent­ing United States persons.” Inform­a­tion about Amer­ic­ans may be kept and shared only under narrow circum­stances—­for instance, if the inform­a­tion is evid­ence of a crime or is neces­sary to under­stand foreign intel­li­gence inform­a­tion. The full stat­utory logic thus unfolds as follows: In a program­matic effort to collect intel­li­gence about foreign nation­als, the warrant­less acquis­i­tion of inform­a­tion about U.S. persons may be inev­it­able—but it should be kept to a minimum. Moreover, when such warrant­less acquis­i­tion does occur, the inform­a­tion that relates to U.S. persons gener­ally should be segreg­ated out and destroyed or masked unless it falls under certain delin­eated excep­tions.

Enter the “back­door search loop­hole.” In 2011, the NSA persuaded the Foreign Intel­li­gence Surveil­lance Court to approve a new set of minim­iz­a­tion proced­ures under which the govern­ment may use U.S. person iden­ti­fi­er­s—in­clud­ing tele­phone numbers or e-mail accounts known to belong to Amer­ic­ans—to search the section 702 data­base for, and read, commu­nic­a­tions of or about those indi­vidu­als. (The previ­ous minim­iz­a­tion require­ments had expressly prohib­ited this prac­tice.) The govern­ment may inten­tion­ally search for this inform­a­tion even though it would have been illegal, under section 702’s “reverse target­ing” prohib­i­tion, for the govern­ment to have such intent at the time of collec­tion. And the govern­ment may use U.S. person iden­ti­fi­ers to search the raw, unmin­im­ized data set—which means, effect­ively, that minim­iz­a­tion never takes place for those indi­vidu­als.

We do not know the criteria by which the govern­ment decides which Amer­ic­ans are subject to these warrant­less searches. However, at a recent public event, NSA General Coun­sel Raj De let slip a previ­ously undis­closed fact: unlike when the govern­ment searches its pool of tele­phone metadata for partic­u­lar Amer­ic­ans’ inform­a­tion, there is no require­ment that the govern­ment have “reas­on­able artic­ul­able suspi­cion” of terror­ist activ­ity before search­ing the actual content of commu­nic­a­tions acquired under section 702. Indeed, it seems likely that the only criterion in place is the one included in the Senate intel­li­gence commit­tee’s bill: that the purpose of the search must be the acquis­i­tion of foreign intel­li­gence inform­a­tion.

This is no limit­a­tion what­so­ever. The law already requires the NSA to have a foreign intel­li­gence purpose at the time it collects the commu­nic­a­tions. The hurdle has thus been cleared before the search ever takes place. More funda­ment­ally, if a foreign intel­li­gence purpose could justify monit­or­ing Amer­ic­ans’ commu­nic­a­tions without any indi­vidual court order, there would be no need for target­ing or minim­iz­a­tion require­ments under section 702. Yet the stat­ute is clear on this point: if the govern­ment wishes to obtain foreign intel­li­gence inform­a­tion about an Amer­ican target, it cannot do so through program­matic surveil­lance—it must apply for an indi­vidu­al­ized order under a differ­ent section of the Foreign Intel­li­gence Surveil­lance Act.

The details of section 702’s oper­a­tion are admit­tedly more complex than the bulk collec­tion of phone call metadata under section 215. But the bottom line is clear–and so is the choice presen­ted by the duel­ing bills in Congress. The USA FREE­DOM Act would shut the “back door search” loop­hole by requir­ing the govern­ment to obtain an indi­vidual court order before search­ing through section 702 data for commu­nic­a­tions of or about Amer­ic­ans. The FISA Improve­ments Act would bless the status quo, under which the govern­ment may peruse a vast quant­ity of Amer­ic­ans’ tele­phone and e-mail commu­nic­a­tions at will. In the post-Snowden world, it is hard to imagine a more consequen­tial fork in the road.

Photo by cthoyes.