Telco Immunity Is Just the Icing on the FISA Bill

I’ve got an in-depth piece at Ars Technica examining the provisions of the FISA “compromise” that the Senate will vote on this week. Most of the media coverage has focused on the telecom immunity question, but I thought it was important to dig into the law’s other provisions, which are potentially more important in the long run. Sadly, but not unexpectedly, the news isn’t good:

When it comes to judicial oversight of domestic-to-foreign calls, the legislation the House passed last month is an unambiguous victory for the White House and a defeat for civil libertarians. The legislation establishes a new procedure whereby the Attorney General and the Director of National Intelligence can sign off on “authorizations” of surveillance programs “targeting people reasonably believed to be located outside the United States.” The government is required to submit a “certification” to the FISA court describing the surveillance plan and the “minimization” procedures that will be used to avoid intercepting too many communications of American citizens. However, the government is not required to “identify the specific facilities, places, premises, or property” at which the eavesdropping will occur. The specific eavesdropping targets will be at the NSA’s discretion and unreviewed by a judge. Moreover, the judge’s review of the government’s “certification” is much more limited than the scrutiny now given to FISA applications. The judge is permitted only to confirm that the certification “contains all the required elements,” that the targeting procedures are “reasonably designed” to target foreigners, and that minimization procedures have been established.

Crucially, there appears to be no limit to the breadth of “authorizations” the government might issue. So, for example, a single “authorization” might cover the interception of all international traffic passing through AT&T’s San Francisco facility, with complex software algorithms deciding which communications are retained for the examination of human analysts. Without a list of specific targets, and without a background in computer programming, a judge is unlikely to be able to evaluate whether such software is properly “targeted” at foreigners.

The House legislation also drastically extends the timeline for reviewing surveillance activities, potentially allowing the government to commence eavesdropping and then drag out judicial review for months. Under existing law, the government must obtain judicial approval within 72 hours of the start of emergency wiretapping. In contrast, the judicial review of “certifications” can stretch out as long as four months. After beginning eavesdropping, the government has a week to submit its “certification” to the FISA court, which has 30 days to review the application. If the judge finds problems with the certification, the government can continue eavesdropping for another 30 days before it is required to comply with the order. And the government can buy still more time by filing an appeal to the FISA Court of Review. The appeals court may take as long as 60 days to make its decision, and the government will often be allowed to continue eavesdropping throughout the process of judicial review. This means that in many cases, the government will have completed its spying activities long before the courts reach a decision on its legality.

I point out that after a 2002 court decision, there are now few restrictions on coordination between intelligence-gathering and law enforcement agencies. So while the NSA wouldn’t be able to specifically target American citizens for surveillance, it could follow suggestions from the FBI to tailor its filters to intercept evidence of American citizens engaged in, say, tax evasion or Internet gambling. Terrorism would need to be a “significant purpose” of the surveillance, but if these “intelligence gathering” activities can be designed to also catch a significant number of domestic criminals, so much the better!

It’s also important to remember that, as I write over at the Technology Liberation Front, the FBI has a long history of engaging in illegal wiretapping even when doing so is expressly prohibited by statute. The same is true of the NSA. Therefore, it’s sheer fantasy to imagine that the executive branch won’t exploit every loophole available to it. Federal spying agencies will do what they’ve always done: push the law to the breaking point in pursuit of more sweeping spying powers, and maybe break the law outright. This is why judicial oversight is so important, and why it’s so disturbing to see Congress replace traditional warrants with “certifications” that can cover broad eavesdropping programs. That will make abuses of power much easier to carry out and much harder for judges to monitor.