Earlier this year, Congress enacted the Reforming Intelligence and Securing America Act, or RISAA, capping a multi-year fight over whether to reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA). Section 702 allows the government to collect the communications of non-U.S. persons (people who are not U.S. citizens or lawful permanent residents) without a warrant. This spying “inevitably” sweeps in Americans’ private phone calls, text messages, and emails as well, which intelligence officials can then “query” the database for—again without a warrant. The government’s frequent abuses of this authority have caused bipartisan outrage, and many lawmakers in Congress vowed in 2023 not to reauthorize Section 702 without “significant reforms.”
As Congress negotiated what reforms to enact, intelligence officials began to make a new argument against a warrant requirement for U.S. person queries: That a significant number of such searches are “defensive” queries intended to identify the victims of foreign plots. As I explain in an article that will be published in the American University Law Review, this is a political argument, not a legal one. The Fourth Amendment protects the privacy rights of all U.S. persons, regardless of whether they are victims, and warrantless “defensive” searches violate those protections.
“Backdoor” Searches: Civil Liberties Concerns
Section 702 allows the government to collect the communications of non-U.S. persons who are located outside of the United States without first obtaining individualized court approval. Instead, intelligence agencies go to the Foreign Intelligence Surveillance Court (FISC) on an annual basis for judicial approval of the entire Section 702 program, including the rules governing who the government may target for collection; how it will minimize acquisition, retention, and dissemination of U.S. persons’ information; and when it may search through, or “query,” the communications it collects.
The FISC-approved rules allow intelligence officials to query their Section 702 databases whenever a search is reasonably likely to return foreign intelligence information. Whether this standard is satisfied is a question left to the discretion of executive branch officials; queries are not subject to individualized judicial review. This is true even when the government searches for Americans’ private communications that have been “incidentally” collected. Intelligence agencies perform tens of thousands of these “backdoor” warrantless searches every year.
That alone is a significant invasion of Americans’ privacy. But the problem is compounded by what the FISC has referred to as the government’s “persistent and widespread” violations of the querying rules. Declassified documents and oversight reports have revealed that officials have performed baseless searches for the private communications of racial justice protesters, a member of the House of Representatives, journalists, crime victims, a local political party, political donors, and January 6th suspects, among many others. And although the FISC assessed that recent policy reforms intended to stop these abuses were “having the desired effect,” even after those changes were made, FBI employees performed unauthorized searches for the communications of a U.S. Senator, a state senator, and a state court judge who reported alleged civil rights violations. These abuses have caused significant outrage, leading to broad support for changes to Section 702 in Congress and among the American public.
A New Justification: “Defensive” Searches
Historically, the government’s examples of how it uses Section 702 to safeguard national security have focused on the law’s value as a counterterrorism tool. In 2013, after former NSA contractor Edward Snowden leaked a trove of documents detailing the extent to which Section 702 and other authorities were used for domestic surveillance, the Obama administration shared a compilation of 54 counterterrorism “success stories” involving those authorities with oversight officials. Similarly, in 2017, Trump administration officials urged Congress to reauthorize Section 702 by emphasizing how intelligence agencies used the authority “to uncover [terrorist] plots and prevent attacks.”
During the most recent fight over reauthorization, however, many members of Congress were unusually resistant to re-upping the law without “significant reforms” such as a warrant requirement for backdoor searches. In response, intelligence officials made new arguments for why Section 702 should not be significantly altered. It was used to counter threats from the China, they said. It contributed to fighting fentanyl trafficking. And, they argued, warrants would be particularly inappropriate because backdoor searches were often used to identify the victims of foreign plots.
These “defensive” backdoor searches were reportedly used for a variety of purposes, including identifying potential victims of cyberattacks, discovering and warning victims of a Chinese government hack of a critical infrastructure facility, disrupting a hacking campaign targeting Deputy Attorney General Lisa Monaco, and interrupting kidnapping and assassination plots. According to the President’s Intelligence Advisory Board, defensive searches aid the government “in determining whether [a] U.S. person is a potential victim of, or a potential accomplice to, the threat that was the original purpose of the Section 702 collection.”
As with all public explanations of the government’s use of Section 702, descriptions of how defensive searches help achieve these ends are sparse, so it can be difficult for the public to thoroughly assess this technique. While the government often has a legitimate need to keep the details of its foreign intelligence programs secret, these searches deserve particular scrutiny—and merit more thorough explanation from the intelligence community—because many of the most egregious violations of the rules governing U.S. person queries , including the baseless searches for politicians, a local political party, political donors, and January 6th suspects, were ostensibly “defensive.” Moreover, and as discussed more thoroughly below, questions about the efficacy of defensive backdoor searches raise not only policy concerns, but also significant legal ones, because the extent to which a search is necessary is an important factor in determining whether it is constitutionally reasonable.
That the government sometimes uses backdoor searches of Section 702 data to identify the victims of foreign plots is a powerful argument for why such searches can be valuable. But while it rebuts the argument that there should be a flat prohibition on U.S. person queries, it does not answer other questions, such as whether a warrant requirement would threaten national security. (While some claim that it would, that position is not supported by publicly available information.) Most importantly, it says nothing about whether backdoor searches violate the Fourth Amendment.
The Fourth Amendment Protects Victims
While there are policy reasons to allow the government to query its Section 702 databases for U.S. persons, it is important to understand what privacy protections are necessary to ensure that these searches are lawful. The first step in determining whether defensive backdoor searches are consistent with the Fourth Amendment is to establish whether victims are entitled to the Amendment’s protections. It seems like an obvious proposition that they are. After all, constitutional rights are not conditioned on the use one intends to put them to; the Constitution protects the guilty and the innocent alike. But in fact, there are very few cases that directly address whether searches targeting victims comply with the Fourth Amendment.
In part, this is due to issues of standing. Criminal defendants may not challenge the admissibility of evidence derived from searches targeted at other people, so judges typically will not reach the merits of motions to suppress evidence obtained from searches of victims’ property. In the rare instances when judges directly assess whether such searches were lawful, they have found no Fourth Amendment violations where law enforcement obtained a warrant prior to performing the search or one of the traditional exceptions to the warrant requirement, such as exigent circumstances, applied. More often, courts will note, without comment, that the government has obtained a warrant prior to searching for victims or searching a victim’s protected information. Implicit in each category of case is an assumption that victims have Fourth Amendment rights.
This assumption is apparent from other sources, too. For example, prior to 1979, the Federal Rules of Criminal Procedure authorized judges to issue search warrants only for property that was evidence of a crime; was criminally possessed; or was designed, intended, or had been used to commit a crime. That year, the Supreme Court adopted an amended version of Rule 41 which provided that “[a] warrant may be issued . . . to search for and seize any . . . person for whose arrest there is probable cause, or who is unlawfully restrained.” The Advisory Committee note for Rule 41 explains that this amendment was intended to allow law enforcement to search for kidnapping victims even in the absence of an exception to the warrant requirement—an acknowledgement that the Fourth Amendment requires a warrant even when law enforcement is searching for the victim of a crime.
The Department of Justice’s (DOJ) conduct and public statements indicate that it, too, recognizes that victims have Fourth Amendment rights. As the Center for Democracy and Technology’s Jake Laperruque has documented, DOJ regularly files warrant applications seeking to identify potential victims of hacking schemes. And in making the case against user-enabled end-to-end encrypted messaging services, DOJ officials have repeatedly emphasized that law enforcement would only seek to review Americans’ encrypted communications after obtaining a warrant—even when it comes to a need as urgent as rescuing child sex trafficking victims.
Both law and practice therefore demonstrate that there is no “defensive search” exception to the Fourth Amendment.
Fourth Amendment Reasonableness: Defensive Search Considerations
But that the Fourth Amendment protects victims is only a partial answer to the question of whether “defensive” backdoor searches require a warrant. The Constitution only prohibits “unreasonable” searches; it does not require all searches to be performed pursuant to a warrant.
As a threshold matter, U.S. person queries are “searches” that must be constitutionally reasonable. Some have argued that “only the initial Section 702 acquisition is a Fourth Amendment search or seizure” and that “subsequent querying of those lawfully acquired communications requires no separate Fourth Amendment justification.” As discussed below, this aligns with the FISC’s approach to reasonableness, which assesses collection and querying of Section 702 data as part of a single inquiry.
However, this view is inconsistent with cases such as Riley v. California, in which the Supreme Court held that law enforcement officials were required to obtain a warrant prior to searching a suspect’s cellphone which they had seized incident to arrest. Riley and similar cases demonstrate that just because information has been lawfully seized does not mean the government has carte blanche to search it. As the United States Court of Appeals for the Second Circuit held in United States v. Hasbajrami, “querying [is] a separate Fourth Amendment event that, in itself, must be reasonable.”(The court remanded the case to allow the district court to rule in the first instance on whether any U.S. person queries the government may have performed complied with the Fourth Amendment.)
But while the Supreme Court has said that warrantless searches are “per se unreasonable . . . subject only to a few specifically established and well-delineated exceptions,” no court to reach the merits of the issue has yet ruled that backdoor searches are unconstitutional. This is largely because the courts have engaged in a totality-of-the-circumstances assessment of reasonableness that considers in one sweep the entire intelligence cycle, from the point a target is identified until the ultimate deletion of unused or not useful data. The approach of the FISC is instructive in this regard.
In ruling that the intelligence agencies’ targeting, minimization, and querying procedures are consistent with the Fourth Amendment, the FISC has repeatedly declined to consider collection and querying separately. Although recognizing that searches raise “further, post-acquisition ‘intrusion[s] into the privacy of . . . U.S. persons’” (and that, depending on the purpose of the query, “[a]dditional Fourth Amendment concerns can arise”), it nevertheless considers whether the government’s targeting, querying, and minimization procedures, as written and as applied, will “as a whole” protect Americans’ privacy interests.
The problem with this approach is that neither the government’s nor U.S. persons’ interests are static throughout the intelligence cycle. Treating them as if they are warps the Fourth Amendment analysis by conflating collection, when the government’s interests are at their strongest and U.S. persons’ are at their weakest, with querying, where the opposite is true—particularly when it comes to defensive backdoor searches.
The government’s current Section 702 certifications allow it to use the authority to collect information relating to terrorism, the proliferation of weapons of mass destruction, and “foreign governments and related entities.” (It is not yet known whether the government has used RISAA’s expanded definition of foreign intelligence information to obtain a counternarcotics certification.) Each of these is clearly a subject in which the government has a compelling interest in obtaining information. At the point of collection, then, the government’s interests are substantial.
The same cannot be said when it comes to backdoor searches. In a recent report on Section 702, the independent Privacy and Civil Liberties Oversight Board raised significant questions about the value of such searches, observing that “[t]he FBI in particular struggled to provide . . . affirmative examples of the unique value of U.S. person queries of Section 702 information in criminal investigations, and to date, the government has been unable to identify a single criminal prosecution arising from U.S. person queries.” On the other hand, the Board did note that defensive searches were “the strongest examples of the value of U.S. person queries.”
However, the government’s interest encompasses not just the value of a search, but also the degree to which it is necessary. And when it comes to purely defensive backdoor searches—that is, searches intended solely to identify potential victims of foreign plots—the government has a far less intrusive means of gaining access to the communications it seeks: It can ask the subject of the search for permission. Doing so would eliminate Fourth Amendment concerns, as consent searches do not require a warrant, and would bring backdoor searches in line with existing policy, which requires FBI officials to use “the least intrusive means to obtain information” so that they “effectively execute their duties while mitigating potential negative impacts on . . . privacy and civil liberties.” (The CIA, NSA, and NCTC all have similar policies.)
When it comes to U.S. persons’ interests, they are lower at the point of collection than they are when it comes to backdoor searches. Section 702 collection targets non-U.S. persons who are located abroad, and the government cannot use Section 702 to “reverse target” U.S. persons. The Fourth Amendment does not apply extraterritorially to non-citizens who lack substantial voluntary connections to the United States, so when the government targets those individuals for collection, U.S. persons are generally understood to have a reduced privacy interest because the acquisition of the Americans’ communications is “incidental.”
U.S. persons’ privacy interests are, straightforwardly, strongest when the government performs a backdoor search. People have a substantial privacy interest in the content of their communications, and their expectation that their communications are private is constitutionally reasonable. While the nature of the backdoor search—whether it is intended to return the communications of victims or misfeasors—impacts the government’s relative interests, it has no impact on the privacy analysis of the individuals surveilled; the Fourth Amendment protects the suspect and the victim, the guilty and the innocent, alike.
Backdoor searches therefore occur at a point in the intelligence process when the interests of the U.S. persons who are the subjects of the search are at their zenith, and the government’s foreign intelligence interests are at their nadir. This is especially true for the subjects of defensive searches.
The FISC’s totality-of-the-circumstances approach unduly weights the Fourth Amendment analysis in the government’s favor by mixing the analyses for collection (seizure), where the foreign intelligence exception is most likely to apply, with the analysis for U.S. person queries (search), where it is least likely to apply. For backdoor searches, including defensive ones, to be constitutional, they must be performed pursuant to a warrant.
***
As Congress considers whether and in what form to reauthorize Section 702 when it expires in 2026, one question will surely be whether backdoor searches should be subject to a warrant requirement. Supporters of the status quo will likely argue that no such requirement should be imposed, in part because so many U.S. person queries are “defensive.” But even if that is a compelling policy argument against eliminating intelligence agencies’ authority to perform U.S. person queries, the Fourth Amendment requires that these searches be performed pursuant to a court order, regardless of whether the subject of the search is a victim. Congress can help protect the constitutional rights of all Americans by enacting a warrant requirement for backdoor searches of Section 702 data.