The FISA Bill: A Paper Tiger

The Washington Post has a defense of the FISA bill that shows a breathtaking level of naivete. Consider this sentence, for example:

The measure requires an individualized, court-approved warrant to conduct surveillance targeted at Americans’ communications with those overseas and – in an expansion of existing FISA protections – at Americans abroad.

It’s true that the bill contains language nominally prohibiting surveillance “targeted at” a particular American. If the NSA wants to spy specifically on Tim Lee in St. Louis, it will need to get an individualized FISA warrant to do so. But what the Post fails to mention is that while an individual warrant would be required to intercept just my communications, no warrant would be required to intercept all international calls by St. Louis residents. As long as no particular St. Louisans were the “target” of the surveillance, and as long as foreign intelligence was “a significant purpose” of this surveillance program—an easy standard to meet—nothing would prevent the government from also using the information intercepted for a variety of other purposes, such as catching people engaged in tax evasion or online gambling.

Moreover, precisely because of the lack of judicial oversight of such dragnet surveillance programs, it’s not clear that the prohibition on “targeting” Americans will have any teeth. Here’s what’s likely to happen: the NSA will develop a variety of sophisticated software algorithms to scan all the traffic intercepted for various patterns of interest to the NSA and other federal agencies. The NSA could conceivably use hundreds of different filters that single out particular communications based on a variety of criteria—keywords, unusual patterns of calls or emails, communications with current suspects, and so forth. The judge reviewing the “certification” for such a program would be required to wade through hundreds of pages of documentation describing what the software did—probably written in dense, technical language and then translated into lawyer-speak. I’ve got a computer science degree, and I doubt I could tell whether the algorithms so described “targets” Americans; certainly no 70-year-old judge is going to be able to do so.

It’s also important to remember that both the NSA and the FBI have a long history of evading laws they find inconvenient, and to using the results for unsavory purposes. From the 1930s until at least the 1970s, federal agencies repeatedly used illegal wiretaps and break-ins to spy on journalists, political activists, civil rights leaders, elected officials, actors, and other prominent individuals. They assembled files on thousands of Americans that included information about their sexual orientation, sexual dalliances, political opinions, and other potentially embarrassing information. The information collected was used for blackmail, intimidation, titilation, and to manipulate the political process. We have no evidence that the NSA or FBI are currently doing any of these things, but it would be naive to assume that it won’t happen in the future.That means that the judicial procedures for verifying that the rules are being followed are at least as important the rules themselves. A “no targeting” rule is worthless unless it comes with effective procedures for enforcing that rule. When Congress crafts surveillance law, it should assume that the government will try to skirt the rules, and include enforcement mechanisms that are hard to circumvent. Two crucial mechanisms in the original FISA legislation were the requirement for individualized warrants, and the requirement that telecom companies only participate in surveillance programs in response to a court order. Together, these requirements ensured that wiretapping activities got prompt and thorough scrutiny from a judge.

The legislation the Senate is on the verge of passing undermines both of these safeguards, replacing individualized warrants with broad “certifications” and allowing the government to issue “directives” directly to telecom companies without court involvement. Together these provisions make it trivially easy for government officials to evade proper oversight, either by submitting “certifications” that are so complex that no judge can understand them, or by simply issuing “directives” to telecom companies and then dragging out the judicial review process until the desired information has been collected.

The bottom line is that while the new FISA legislation nominally requires judicial oversight, it will be trivially easy for future government officials to evade. The bill may nominally require “individualized, court-approved warrant to conduct surveillance targeted at Americans’ communications with those overseas,” but it won’t be a meaningful constraint on government officials who wish to skirt the law in the future. And given the long history of law-breaking by government officials in the past, it’s a matter of when, not if, such abuses occur again.