Editor’s Note: This is part of a multi-part series on the FISA Section 702 reauthorization and reform debate.
As the debate over reauthorization of Section 702 continues to heat up, it has become increasingly clear that Congress intends to place restrictions on the government’s practice of “backdoor searches”—warrantless querying of Section 702-acquired data to access Americans’ communications. More than thirty civil society organizations from across the political spectrum support a requirement that the government obtain a warrant or a FISA Title I order before conducting such queries, and dozens of lawmakers have embraced this approach.
Some, however, have suggested a more limited version of this reform: a warrant requirement only for those FBI queries that seek evidence of a crime in cases not related to national security or foreign intelligence. Such a cramped approach to protecting Americans’ privacy would be a mistake, both as a legal matter and a practical one. Legally, the government must obtain a warrant or a FISA Title I order to conduct surveillance of Americans in national security or foreign intelligence cases; backdoor searches circumvent these critical legal protections. Practically, an exception for queries in such cases would allow the worst abuses that we have seen under Section 702—such as the FBI searching for racial justice activists’ communications based on a specious claim of potential foreign influence—to continue unchecked.
Recognizing these concerns, previous efforts to close the backdoor search loophole, including amendments that have twice passed in the House, have taken a comprehensive approach: They have required, at a minimum, probable-cause orders for all types of queries of Section 702 data performed by any agency for the purpose of retrieving Americans’ information. Congress should take the same approach this year.
Legal Requirements for Surveilling Americans
As I discussed in detail in a previous installment of this series, Section 702 allows the government to target foreigners abroad and collect all of their communications without any individualized court order. Although only foreigners may be targeted, the surveillance inevitably and (in the government’s parlance) “incidentally” sweeps in large volumes of Americans’ communications. Despite Congress’s mandate to minimize the retention and use of such information, multiple agencies routinely run queries of Section 702-acquired data for the express purpose of finding and retrieving Americans’ phone calls, text messages, and emails. The Foreign Intelligence Surveillance Court (“FISA Court”) has blessed this practice, as long as the queries are “reasonably likely” to produce foreign intelligence or (in the case of the FBI) evidence of a crime.
Backdoor searches are controversial because they provide an end-run around the legal requirements that would apply if the government sought direct access to Americans’ phone calls, emails, and text messages, rather than the indirect, “backdoor” access Section 702 affords. Those legal requirements differ slightly depending on the type of investigation involved, but in all cases—whether in a regular domestic criminal investigation, a domestic national security investigation, or a foreign intelligence investigation—they involve obtaining an individualized, probable-cause order from a court.
Since 1967, there has been no question that the Fourth Amendment requires the government to obtain a warrant to conduct surveillance of Americans’ electronic communications in regular domestic criminal investigations. In Katz v. United States, the Supreme Court held that the Fourth Amendment protects Americans against government intrusions on a “reasonable expectation of privacy.” It further held that Americans have such an expectation in communications that they seek to keep private—in that case, a phone call made from a closed phone booth. Congress responded to this case by enacting the Wiretap Act in 1968, codifying and building on the constitutional protections articulated in Katz to ensure robust protection for Americans’ communications in criminal cases.
Both Katz and the Wiretap Act, however, explicitly refrained from addressing the proper standards that should apply in cases involving national security. The Fourth Amendment’s application to domestic national security cases remained uncertain until 1972, when the Supreme Court squarely addressed the issue in a case referred to as “the Keith decision.”
As characterized by the government, Keith involved “attempts of domestic organizations to attack and subvert the existing structure of the Government”—essentially, acts of domestic terrorism allegedly attempted by anti-war activists. The Court noted that, “[t]hough the investigative duty of the executive may be stronger in such cases, so also is there greater jeopardy to constitutionally protected speech” because the targets of surveillance “may be those suspected of unorthodoxy in their political beliefs.” Emphasizing the critical separation-of-powers function historically served by warrants, the Court held that the Fourth Amendment’s warrant requirement applies in domestic national security cases.
Once again, though, the Court limited its own holding, expressly leaving open the question of whether and how the Fourth Amendment’s warrant requirement applies to surveillance aimed at “the activities of foreign powers, within or without this country” (emphasis added)—an issue the Court has never resolved. In the 1970s, a few courts of appeal confronted this question and held that there is a narrow “foreign intelligence exception” to the Fourth Amendment’s warrant requirement in cases where the Attorney General personally approved the surveillance. In some cases, however, courts explicitly limited this exception to surveillance of foreign powers or agents of foreign powers, and one appellate court expressed skepticism about whether such an exception exists. This set of decisions thus generated more questions than it answered.
In 1978, Congress stepped in and provided much-needed legal clarity through the enactment of FISA. Notably, FISA does not require the full slate of protections that the Fourth Amendment demands in non-foreign intelligence cases, nor does it impose the more robust restrictions and obligations contained in the Wiretap Act. But it does require the government, when seeking to conduct electronic surveillance of an American for foreign intelligence purposes, to show probable cause to the FISA Court that (1) the target of surveillance is a foreign power or an agent of a foreign power, and (2) the facilities to be surveilled are being used by a foreign power or agent of a foreign power. As applied to U.S. persons (i.e., American citizens or legal permanent residents), FISA defines “agent of a foreign power” in a way that generally entails participation in criminal activity, including espionage, sabotage, international terrorism, or identity fraud. Upon such a showing, the FISA Court issues a “FISA Title I order” authorizing the surveillance.
Accordingly, regardless of whether the government seeks to investigative a robbery, protect national security against domestic terrorism, or obtain the communications of a suspected spy, the law unambiguously requires the government to obtain either a warrant or a FISA Title I order before conducting surveillance of a U.S. person. Backdoor searches allow the government to evade these legal protections through a bait and switch: the government obtains the data without a warrant by certifying that it is targeting only foreigners abroad, and then it searches the collected data for Americans’ communications.
Against this backdrop, the government’s frequent refrain that it should be allowed to use “lawfully collected” information for any “lawful purpose” rings hollow. As I will discuss in a future post, the government’s claim misstates the law; although the FISA Court has approved backdoor searches, the only regular federal appellate court to rule on this issue has held that a query is a “separate Fourth Amendment event” from the initial collection and therefore must be subject to an independent constitutional analysis. But even if that were not the case, it is clear that backdoor searches are enabling an end-run around the constitutional and statutory protections that normally apply when the government seeks to access Americans’ communications.
Abuses of Foreign Intelligence Queries
Allowing the government to continue conducting backdoor searches when seeking foreign intelligence would not only greenlight the government’s circumvention of the Fourth Amendment and FISA; it would allow the worst abuses of Americans’ rights to continue.
Indeed, historical abuses of the power to conduct foreign intelligence surveillance were a driving force behind FISA’s enactment. In the 1970s, the Church Committee revealed that the FBI, the CIA, and the NSA had all engaged in improper surveillance of Americans under the guise of “foreign intelligence” collection. Anti-war protesters and racial justice activists were subject to surveillance on the ostensible grounds that they had been targeted and potentially infiltrated by foreign communists. Congress passed FISA to rein in such practices, yet echoes of these abuses have continued in the modern era. Government monitoring of Muslim American communities after 9/11 and, more recently, the Movement for Black Lives has relied in part on claims of potential foreign influence.
It should come as no surprise, then, that the most alarming violations of the rules that govern U.S. person queries of Section 702 data have occurred in cases where the government purportedly sought to obtain foreign intelligence. Specifically:
- An FBI agent conducted searches for the communications of more than 130 people involved in the protests against the police killing of George Floyd. According to the FISA Court, the FBI maintained that there was a “reasonable basis to believe the queries would return foreign intelligence,” based on what appears to be a highly strained conjecture of foreign influence.
- An FBI agent ran a batch query for the communications of more than 19,000 donors to a single congressional campaign. The agent in question justified the query on the ground that the campaign was a target of “foreign influence”; the Department of Justice later determined that only eight of the identifiers used in the query had sufficient ties to foreign influence activities to comply with the querying (To reduce the likelihood of such large-scale violations, the FBI in 2021 implemented a requirement that “batch jobs” involving 100 or more queries must be approved by an FBI attorney. A FISA Court opinion released last week, however, shows that the FBI has already violated that requirement in at least one instance.)
- The FBI ran a query using the name of U.S. Congressman Darrin LaHood, reportedly based on concerns that “a foreign government had targeted him as part of an espionage or covert influence intelligence operation.”
- FBI agents ran thousands of queries aimed at people or groups suspected of involvement in the January 6, 2021 attack on the U.S. Capitol to look for evidence of “foreign influence,” despite having no reason to believe such evidence existed.
- The FBI ran a query using the names of a “local political party” to determine “if the party had connections to foreign intelligence.”
The above examples are among those most commonly cited by lawmakers when expressing concerns about backdoor searches. Yet none of these violations would have been prevented by a requirement that the government obtain a warrant before conducting queries in “evidence-of-a-crime-only” cases (i.e., cases in which the purpose of the query is to obtain evidence of a crime only, not foreign intelligence).
To be sure, the violations listed above predate changes to FBI procedures that appear to have reduced non-compliance, according to an April 2023 FISA Court opinion made public last week. But even with a compliance rate of 96-99% (as reported by the government), between 2,000 and 8,000 of the 200,000 queries that FBI performs each year will still violate querying rules if no warrant requirement is imposed—and those violations are highly likely to involve foreign intelligence queries. Indeed, the April 2023 opinion recounts a recent violation in which an FBI agent conducted four queries using the last names of a U.S. Senator and a state senator on the ground that they were being targeted by a foreign intelligence service.
Similarly, it would be a mistake for Congress to limit the warrant requirement to the FBI. The current focus on FBI abuses, while understandable, has obscured the fact that the NSA, CIA, and NCTC are also permitted to conduct U.S. person queries—albeit only for foreign intelligence purposes—and they do so thousands of times each year. The NSA and CIA, in particular, are theoretically outward-focused and perform no domestic security function; yet in 2016 (the last year before the government’s reports combined NSA and CIA queries with NCTC queries), the two agencies collectively performed 5,288 backdoor searches to retrieve the content of Americans’ communications. While this number may seem small compared to the 200,000 backdoor searches the FBI conducted in 2022, it still dwarfs the number of FISA Title I orders (around 300 in 2022) that are issued annually.
Much like the FBI, moreover, the NSA has a poor track record when it comes to compliance with restrictions on U.S. person queries. Between 2012 and 2017, the FISA Court barred the NSA from conducting U.S. person queries of Section 702 data that had been obtained through “Upstream” collection, because this form of collection was sweeping in tens of thousands of wholly domestic communications. In 2016, the NSA’s own Inspector General found that NSA agents had engaged in “widespread” violations of this querying prohibition. Fully 85 percent of the NSA’s queries between 2015-2016 using identifiers of U.S. persons targeted under certain other provisions of FISA resulted in improper querying of Section 702 data. The NSA’s failure to timely report these violations led the FISA Court to chide the agency for its “institutional lack of candor.”
Querying violations by the NSA have featured less prominently in recent FISA Court opinions, but they continue to occur in significant numbers. In an April 2022 opinion, for instance, the FISA Court reported that a flawed processing system used by the NSA resulted in 18 identified instances of improper U.S. person queries in 2021, and that “other improper U.S.-person queries also likely occurred.” In addition, NSA agents conducted 77 U.S. person queries that had not been properly approved. Given that internal audits review only a fraction of agents’ queries—and therefore detect only a fraction of violations—it is likely that the NSA is conducting hundreds of backdoor searches each year that violate applicable limits.
Support for Closing the Backdoor Search Loophole
At least one opponent of closing the backdoor search loophole has attempted to portray a full warrant requirement—i.e., one that applies to all U.S. person queries, regardless of their purpose or the agency conducting them—as a new and radical idea with little support. In fact, the opposite is the case. For nearly a decade, advocates, experts, and lawmakers have coalesced around a backdoor search solution that would require a warrant for all U.S. person queries conducted by any U.S. agency. Indeed, some broadly supported proposals have gone even further and restricted the type of information the government could obtain even with a warrant.
In 2013, for instance, President Obama appointed a five-person panel—including former acting director of the CIA Michael J. Morell and former chief counterterrorism advisor to President George W. Bush Richard A. Clarke—to review government surveillance practices in the wake of Edward Snowden’s disclosures. This Review Group on Intelligence and Communications Technologies unanimously recommended that “the government” (including all agencies) should be barred from:
“search[ing] the contents of communications acquired under section 702, or under any other authority covered by this recommendation, in an effort to identify communications of particular United States persons, except (a) when the information is necessary to prevent a threat of death or serious bodily harm, or (b) when the government obtains a warrant based on probable cause to believe that the United States person is planning or is engaged in acts of international terrorism.”
In addition, on several occasions, Representatives Thomas Massie (R-KY) and Zoe Lofgren (D-CA) have offered an amendment to close the backdoor search loophole. Under this amendment, no agency could perform U.S. person queries of Section 702 data unless two conditions were met: (1) the agency obtained a probable-cause order under either FISA or the criminal law, and (2) the query sought to obtain foreign intelligence. In other words, the amendment prohibited queries for evidence-of-a-crime purposes outright, and it permitted queries for foreign intelligence purposes only with a warrant or a probable-cause order issued by the FISA Court. In 2014 and 2015, the House voted by significant bipartisan margins to pass this amendment. In 2016, a vote on the amendment failed, but the vote took place in the immediate aftermath of a terrorist attack that killed 49 people at a nightclub in Orlando. Although there was no reason to believe that warrantless queries could have helped prevent the attack—to the contrary, the attack occurred despite the availability of warrantless queries—the incident nonetheless created an atmosphere in which members were reluctant to vote for any measure that might be perceived as reining in government surveillance powers.
The amendment resurfaced again during the last reauthorization of Section 702, and this time, members of the Senate joined in. Senator Diane Feinstein (D-CA)—hardly known for being soft on national security matters—led an amendment that was cosponsored by Senators Mike Lee (R-UT) and Patrick Leahy (D-VT), as well as then-Senator Kamala Harris (D-CA). That amendment required any agency that wished to perform a U.S. person query to show probable cause to the FISA Court that the subject of the query was an agent of a foreign power or that the information sought may relate to a crime for which electronic surveillance may be authorized under the Wiretap Act. The amendment included no exception for foreign intelligence inquiries or for agencies other than the FBI. Unfortunately, amendments to close the backdoor search loophole did not receive votes in either the House or the Senate during the 2017-2018 reauthorization process.
More than thirty civil society organizations have signed on to a list of reforms that Congress should enact this year. The top reform on the list is that “[a]gencies should be required to obtain a warrant or FISA Title I order before conducting [U.S. person queries].” This reform—without any carveouts, whether for national security or foreign intelligence investigations; for searches performed by the NSA, CIA, or NCTC; or for searches aimed at identifying potential victims (a separate issue discussed here and here)—should be the starting point for any conversation about reauthorization. Without such a measure, Section 702 will continue to serve as an end-run around the protections of the Fourth Amendment and FISA, and the worst abuses of the power to conduct U.S. queries will continue.