Blog

The NSA's Backdoor Search Loophole

November 14, 2013

The conversation in Washington about legislative reform of the NSA’s surveillance practices has centered on the bulk collection of Americans’ phone records pursuant to section 215 of the Patriot Act. The USA FREEDOM Act, sponsored by Senator Leahy and Representative Sensenbrenner, would end bulk collection, while the FISA Improvements Act, emerging from the Senate intelligence committee, would allow it to continue. But there has been relatively little discussion of how the bills would address another NSA program: the warrantless collection of telephone and Internet content under section 702 of the FISA Amendments Act (FAA). For people in this country concerned about the privacy of their calls and e-mails, this aspect of the bills demands a closer look.

At its core, section 702 allows the NSA to collect the content of electronic communications without any individualized court order if the “target” of the communications is “reasonably believed” to be a foreigner overseas, and if a significant purpose of the surveillance is to acquire foreign intelligence information. “Reverse targeting,” the targeting of a U.S. person under the guise or pretext of targeting a foreigner, is expressly prohibited. Administration officials are thus technically correct in their repeated pronouncements that section 702 targets foreigners, not Americans.

This characterization is one of the major reasons Americans have paid less attention to the program. It also explains the absence of any pushback when officials describe section 702 authorities as “clearly legal,” because it is well settled that non-citizens overseas are not entitled to the protections of the Fourth Amendment. But there is much more to section 702 than meets the eye. Notwithstanding the requirement of “targeting” foreigners, the program tolerates—and even contemplates—a massive amount of collection of Americans’ telephone calls, e-mails, and other electronic communications.

Even though the target must be a non-citizen, programmatic surveillance under section 702 sweeps up all international communications to, from, or about the target. This includes communications coming into or out of the United States. Granted, the NSA may capture these calls and e-mails only if it intends to acquire “foreign intelligence information.” But the FAA defines this term so broadly—it encompasses any information relevant to the foreign affairs of the United States – that it would in theory permit the capture of almost all communications between Americans and their friends, relatives, or business associates overseas. The NSA refers to this as “incidental” collection, but there is nothing “incidental” about it. As officials made clear during the debates leading up to the enactment of section 702, communications involving Americans were “the most important to us.”

Americans’ communications also may be collected by accident—referred to by the NSA as “inadvertent” collection, to distinguish it from the “incidental” collection that happens by design. Under section 702, there is no need for the government to specify—or even know—the identity of the person whose communications are being intercepted. The government must employ court-approved targeting procedures, which are supposed to ensure that the target is “reasonably believed” to be a foreigner overseas. As a result of Edward Snowden’s leaks, however, we now know that these procedures allow the NSA to “presume” that the target is a foreigner overseas as long as it has no specific information to the contrary. Reports also indicate that the NSA, in sifting through Internet traffic, employs search terms that are designed to achieve “51% confidence” in the target’s foreignness—just slightly better odds than a coin toss.

Between “inadvertent” and “incidental” collection, it is likely that Americans’ communications comprise a significant portion of the 250 million Internet transactions (and undisclosed number of telephone conversations) intercepted each year without a warrant or showing of probable cause. At first blush, this may seem to fly in the face of the Fourth Amendment. The law, however, provides an apparent safeguard.

Under section 702, the NSA must adopt “minimization procedures” that are “reasonably designed . . . to minimize the acquisition and retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons.” Information about Americans may be kept and shared only under narrow circumstances—for instance, if the information is evidence of a crime or is necessary to understand foreign intelligence information. The full statutory logic thus unfolds as follows: In a programmatic effort to collect intelligence about foreign nationals, the warrantless acquisition of information about U.S. persons may be inevitable—but it should be kept to a minimum. Moreover, when such warrantless acquisition does occur, the information that relates to U.S. persons generally should be segregated out and destroyed or masked unless it falls under certain delineated exceptions.

Enter the “backdoor search loophole.” In 2011, the NSA persuaded the Foreign Intelligence Surveillance Court to approve a new set of minimization procedures under which the government may use U.S. person identifiers—including telephone numbers or e-mail accounts known to belong to Americans—to search the section 702 database for, and read, communications of or about those individuals. (The previous minimization requirements had expressly prohibited this practice.) The government may intentionally search for this information even though it would have been illegal, under section 702’s “reverse targeting” prohibition, for the government to have such intent at the time of collection. And the government may use U.S. person identifiers to search the raw, unminimized data set—which means, effectively, that minimization never takes place for those individuals.

We do not know the criteria by which the government decides which Americans are subject to these warrantless searches. However, at a recent public event, NSA General Counsel Raj De let slip a previously undisclosed fact: unlike when the government searches its pool of telephone metadata for particular Americans’ information, there is no requirement that the government have “reasonable articulable suspicion” of terrorist activity before searching the actual content of communications acquired under section 702. Indeed, it seems likely that the only criterion in place is the one included in the Senate intelligence committee’s bill: that the purpose of the search must be the acquisition of foreign intelligence information.

This is no limitation whatsoever. The law already requires the NSA to have a foreign intelligence purpose at the time it collects the communications. The hurdle has thus been cleared before the search ever takes place. More fundamentally, if a foreign intelligence purpose could justify monitoring Americans’ communications without any individual court order, there would be no need for targeting or minimization requirements under section 702. Yet the statute is clear on this point: if the government wishes to obtain foreign intelligence information about an American target, it cannot do so through programmatic surveillance—it must apply for an individualized order under a different section of the Foreign Intelligence Surveillance Act.

The details of section 702’s operation are admittedly more complex than the bulk collection of phone call metadata under section 215. But the bottom line is clear–and so is the choice presented by the dueling bills in Congress. The USA FREEDOM Act would shut the “back door search” loophole by requiring the government to obtain an individual court order before searching through section 702 data for communications of or about Americans. The FISA Improvements Act would bless the status quo, under which the government may peruse a vast quantity of Americans’ telephone and e-mail communications at will. In the post-Snowden world, it is hard to imagine a more consequential fork in the road.

Photograph: Chad Hunter

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.