Commentary: Why the FISA Act Isn’t the Privacy-Stealing Monster Some Think It Is
Last year brought news both good and bad in the fight against terrorism. On the positive side, the Islamic State’s brutal “caliphate” has virtually collapsed under a U.S.-led military campaign, and large parts of Iraq and Syria are free of its tyranny. At the same time, terrorist attacks in New York City and in Europe reminded all that the terrorist threat to the United States and its allies persists.
Mindful of recent victories and enduring challenges, Congress last week reauthorized one of the U.S. government’s most important intelligence tools in the fight against terrorism. Section 702 is on its face as obscure as it sounds—a recent addition to the 1978 Foreign Intelligence Surveillance Act, or FISA. In practice, it allows the government to collect the electronic communications of non-Americans located overseas if they are involved in terrorism or other activities affecting U.S. security. By reauthorizing Section 702, and by adding additional limits on how the law can be used, Congress moved to keep the nation safe while protecting Americans’ privacy and civil liberties.
The need for Section 702 grew out of changes in communications technologies. In its original form, FISA required court approval every time the government wanted to surveil a foreign spy, terrorist, or other agent of a foreign power on U.S. soil. With the Internet, however, digital messages flit across the globe with little regard for borders. When the messages of a terrorist overseas might be stored in a server here—or move through cables in the United States en route to somewhere else—FISA’s distinction between domestic and foreign surveillance blurred. In 2008, Congress added new provisions, including Section 702. Under its authority, the government can conduct U.S.-based surveillance of a terrorist in Yemen, or a Russian spy in Moscow, without getting a court order for every target.
The NSA calls Section 702 its “most significant tool in the NSA collection arsenal for the detection, identification, and disruption of terrorist threats to the U.S. and around the world.” In one case, for instance, 702 was used to collect the email of an al Qaeda courier based in Pakistan, when an unknown American contacted the terrorist seeking advice on making explosives. Acting on the tip from the NSA, the FBI identified the American as Colorado resident Najibullah Zazi, and arrested him and two co-conspirators in September 2009. They had been days away from executing a plot to bomb the New York subway.
For all its national security value, Section 702 also raises legitimate civil liberties concerns, and worries about privacy-animated opponents of last week’s reauthorization. When the government surveils foreigners, Americans communicating with them can have their communications collected and stored in government databases. For this reason, 702 is subject to rigorous oversight: within the NSA and other agencies, by lawyers at the Justice Department and the Office of the Director of National Intelligence, by the Intelligence and Judiciary committees in Congress, by the independent Privacy and Civil Liberties Oversight Board, and by the Foreign Intelligence Surveillance Court, which supervises the program and must sign off on its operation each year. Collectively, these actors scrutinize every aspect of how the program operates, from initial targeting to how the data is stored, searched, and used.
The bill signed into law last week wisely adds further protections, imposing new limits on the FBI’s ability to search 702 data in criminal investigations and on the Justice Department’s ability to use that data to prosecute domestic crimes. Privacy advocates on both the left and right sought more drastic changes, including a complete ban on searching 702 data to find information about people in the United States. Concerns about that practice are understandable, and the bill takes modest steps to address them. A complete ban, however, would have risked re-erecting the “wall” between foreign intelligence and criminal investigations that contributed to the government’s failure to detect the 9/11 plot. If someone under FBI investigation is communicating with terrorists overseas, the FBI should be aware of the connection.
In the end, the 702 purists did not get the “clean reauthorization” they sought, and the most ardent civil libertarians did not see all of their favored protections adopted. Instead, a combination of Republicans and Democrats came together to reauthorize a law, with additional safeguards, that is a critical national security tool. In these hyper-polarized times, their actions suggest that bipartisanship is still possible where the nation’s security is at stake.
Richard Fontaine is president of the Center for a New American Security and coauthor of Surveillance Policy: A Pragmatic Agenda for 2017 and Beyond.