FISA and EO 12333: Technology Allows Collection of Information of U.S. Citizens via Loopholes in the Law

By: Nicole Allaband,

“Technological developments are arriving so rapidly and are changing the nature of our society so fundamentally that we are in danger of losing the capacity to shape our own destiny. This danger is particularly ominous when the new technology is designed for surveillance purposes[.]”[1] Senator John Tunney (D-CA) said this in a hearing about the precursor to the bill that became the Foreign Intelligence Surveillance Act (“FISA”) in 1978.[2] Technology has continued to develop at a fast rate and yet the law is still trailing behind, leaving U.S. citizens open to privacy violations.

FISA established the Foreign Intelligence Surveillance Court (“FISC”) to review applications for authorization of electronic surveillance.[3] FISA governs the collection of “foreign intelligence.”[4] The probable cause required for authorization to collect information under FISA is very different from the probable cause required in domestic investigations. In domestic investigations, a court may issue a search or arrest warrant if probable cause is shown that a crime has been, or is being, committed.[5] However, under FISA, collection of information can occur, without a warrant, on finding probable cause that the target is a foreign power or agent, regardless of whether that foreign power or agent is suspected of criminal activity.[6] Only if the target of the FISA warrant is a U.S. citizen must there be probable cause that the person is involved in criminal activity.[7]

FISA has been amended several times since 1978. The 1994 and 1998 amendments allowed covert physical entries and pen/trap orders.[8] The USA-PATRIOT Act, passed shortly after 9/11, expanded the reach of FISA to circumstances in which foreign intelligence gathering is only a “significant” purpose of an investigation.[9] However, the amendments have not kept pace with new technologies.[10]

In addition to FISA, foreign intelligence is collected under Executive Order (“EO”) 12333.[11] The order was issued in 1981 by President Reagan and it governs surveillance the National Security Agency (“NSA”) conducts overseas.[12] Although U.S. citizens cannot be targeted under EO 12333, the NSA can conduct bulk collection which leads to incidental collection of large quantities of U.S. citizens’ communications.[13] Under EO 12333, when the NSA collects information abroad, it can presume the information collected belongs to non-U.S. citizens.[14]

EO 12333 and FISA were written before the Internet became what it is today but neither has been updated to match current technology. The Internet was not designed to conform to national borders; rather the Internet was built on efficiency, reliability, and minimizing costs.[15] Network traffic between two points in the United States may be naturally routed to a server abroad before reaching the endpoint in the United States.[16] Traffic between two domestic points that is routed abroad can therefore be swept up under EO 12333.[17] Unless the information collected specifically identifies the starting and ending point as being within the United States, the NSA can presume the communication is by and about a foreign national.[18] Unfortunately technology makes it “virtually impossible, in real time,” to determine the location or nationality of the target.[19] Information thus collected can be “retained for further processing.”[20]

Congress recently reauthorized Section 702 FISA.[21] Section 702 specifically authorizes the government to target and collect information from foreigners located abroad.[22] Despite the focus on foreign intelligence collection, Section 702 incidentally collects a large amount of communications from U.S. citizens (without a warrant).[23] Changes in technology coupled with outdated legislation has put Americans’ privacy at risk.[24] FISA defined “electronic surveillance” in 1978, and that definition has remained largely unchanged despite massive changes in technology.[25] The 2017 Reauthorization Act clarifies some procedures for the FBI to obtain collected information and mandates reporting requirements about material breaches.[26] However, the reauthorization does not update the definition of electronic surveillance to keep pace with current technology and the loopholes the intelligence community is able to exploit to collect information on U.S. citizens.[27] The current reauthorization lasts until 2023 but Congress should seriously consider updating the definition of electronic surveillance so that where the information is collected is not determinative of the collection process and the legal protections offered.[28]

[1] Joint Hearings on Surveillance Technology Before the Sen. Comm. On the Judiciary, Subcomm. on Const. Commercce, Spec. Subcomm. on Science, Tech., and Commerce, 94th Cong. 1 (1975) (Statement of Sen. John Tunney).

[2] See id; see also Foreign Intelligence Surveillance Act (FISA), Electronic Privacy Information Center, https://epic.org/privacy/surveillance/fisa/#Overview (last visited Jan. 30, 2018).

[3] See id.

[4] See id.

[5] See id.

[6] See id; see also Jessica Schneider, What is Section 702 of FISA, anyway?, CNN (January 11, 2018), https://www.cnn.com/2018/01/11/politics/trump-fisa-section-702-surveillance-data/index.html.

[7] See id. (only U.S. citizens are protected by the Fourth Amendment); Schneider, What is Section 702 of FISA, anyway?.

[8] See Schneider, What is Section 702 of FISA, anyway?.

[9] See id.

[10] See Jeffrey S. Brand, Eavesdropping on Our Founding Fathers: How a Return to the Republic’s Core Democratic Values Can Help Us Resolve the Surveillance Crisis, 6 Harv. Nat’l Sec. J. 1 (2015).

[11] See Foreign Intelligence Surveillance (FISA Section 702, Executive Order 12333, and Section 215 of the Patriot Act): A Resource Page, Brennan Center for Justice (last updated September 28, 2017), https://www.brennancenter.org/analysis/foreign-intelligence-surveillance-fisa-section-702-executive-order-12333-and-section-215.

[12] See id.

[13] See id.

[14] See id; see also Axel Arnbak & Sharon Goldberg, Loopholes for Circumventing the Constitution: Unrestrained Bulk Surveillance on Americans by Collecting Network Traffic Abroad, 21 Mich. Telecomm. Tech. L. Rev. 317, 335 (2015).

[15] See Arnbak & Goldberg, at 343.

[16] See id.

[17] See id. at 335.

[18] See id. at 321.

[19] See Williams C. Banks, Data Collection and Advancements in Surveillance Techniques: Next Generation Foreign Intelligence Surveillance Law: Renewing 702, 51 U. Rich. L. Rev. 671, 672 (2017).

[20] See Arnbak & Goldberg, at 321.

[21] See Robyn Greene, Americans Wanted More Privacy Protections. Congress Gave Them Fewer, Slate (Jan. 26, 2018), https://slate.com/technology/2018/01/congress-reauthorization-of-section-702-of-the-fisa-is-an-expansion-not-a-reform.html.

[22] See id.

[23] See id.

[24] See id; see also Arnbak & Goldberg, at 319.

[25] See Arnbak & Goldberg, at 329.

[26] See S.139 FISA Amendments Reauthorization Act of 2017, Congress.gov, https://www.congress.gov/bill/115th-congress/senate-bill/139/text?q=%7B%22search%22%3A%5B%22s.+139%22%5D%7D&r=1 (accessed Jan. 20, 2018).

[27] See id.

[28] See Arnbak & Goldberg, at 359.

Image Source:https://www.activistpost.com/2017/09/trump-admin-congress-renew-fisa.html.