Report Discloses Unlawful “Backdoor Searches” of FISA Database

The Intelligence Community’s annual Statistical Transparency Report was released earlier this month, and there’s a significant piece of news buried in a footnote: On at least six occasions in 2018 and once in 2019, the government unlawfully reviewed wiretapped communications from a foreign intelligence database while pursuing ordinary criminal investigations unrelated to national security—something the previous year’s report claimed had never happened. The disclosure validates civil libertarian concerns about so‐​called “backdoor searches”: The use of broad foreign intelligence authorities nominally aimed at non‐​Americans outside the country to monitor Americans’ communications, circumventing the normal constitutional warrant process.

First, some context. Section 702 of the Foreign Intelligence Surveillance Act, which Congress created in 2008, permits the National Security Agency to obtain sweeping general warrants from the secretive FISA Court, under which they may intercept the communications of non-U.S. persons who are outside the country without individualized authorization. This effectively codified an extralegal wiretapping program secretly approved by President George W. Bush shortly after the 9/11 terror attacks in 2001. Traditionally, when intelligence agencies conducted wiretaps inside the United States, they needed a particularized warrant naming a specific target as long as one end of the communication was American. But §702 loosened the rules: Now instead of individualized warrants, the government asks the FISA Court to sign off on general “targeting procedures” used to select foreign targets located abroad. The communications of those targets can then be intercepted as they pass through American networks, including their communications with American citizens protected by the Fourth Amendment.

From the outset, civil libertarians have been worried that such an authority would inevitably vacuum up enormous quantities of Americans’ communications, even if wiretap “targets” were foreign. The incredible scale of collection virtually guarantees that’s the case: Last year the number of foreign §702 targets rose to an astonishing 204,968 (up from 164,770 in 2018). This massive cache of intercepts creates a tempting means of bypassing the ordinary warrant process for criminal investigations: Simply search for a U.S. person’s e‐​mail address, phone number, or other identifier in the §702 database.

Backdoor searches are quite common. We know that agencies other than FBI (which in effect means NSA and CIA) searched the database for U.S. person identifiers and reviewed intercepted contents as a result 9,126 times last year. FBI doesn’t count how frequently they query the database, but they’re now required to obtain a court order before actually reviewing U.S. person communications for criminal investigative purposes unrelated to national security. Until this most recent report, the government claimed that this had never happened. But the 2020 report discloses a number of recently discovered instances in which they did just that: One in 2016 (before the warrant requirement was added), six in 2018, and one in 2019—that we know of, at least. 

While it’s good these instances were belatedly detected, this disclosure underscores the problem of giving FBI, which has dual law enforcement and intelligence responsibilities, such poorly monitored access to the fruits of §702’s general warrants. Unlike other agencies, FBI is not required to report how often they query the §702 database for U.S. person identifiers—though by their own admission, they do so far more often than their peers. 

Congress should conduct vigorous oversight over how these unlawful searches occurred—and remove the exemption that spares FBI from having to tally their searches for Americans in this enormous database. The loophole exists because FBI says their systems aren’t designed to track the necessary information… a design choice that makes compliance problems like the ones newly disclosed more likely, and harder to catch when they occur.