Fixing FISA after the Carter Page Report

This article appeared on Just Security on January 15, 2020.
  • Related Content

At a Senate Judiciary Committee hearing held shortly after the release of his scathinging report on the FBI’s investigation of erstwhile Trump aide Carter Page, DOJ Inspector General Michael Horowitz had a telling exchange with Sen. Marsha Blackburn (R‐​Tenn):

Blackburn: Let me ask you this, how often do you find mistakes in a FISA Application?

Horowitz: This is actually the first time my office has done a deep dive into a particular application. We’ve done higher level reviews on the FISA process and have found various issues at a higher level, but this is the first time we’ve been able to delve in this way.

Blackburn: It’s a fairly fairly unusual occurrence?

Horowtiz: Let me put it this way, I would hope so.

Presumably Blackburn had expected a rather different response: That the embarrassing catalog of omissions, errors, and misrepresentations that the IG’s office found in applications for FISA surveillance of Page were extraordinary and unprecedented—suggesting some special vendetta against the Trump campaign. Horowitz’s discomfiting, candid reply deserves to be unpacked, because it implies at least three important points worth bearing in mind. 

First, while surveillance of an advisor to a presidential campaign is certainly an unusual use of the Foreign Intelligence Surveillance Act, there is no reason to suppose that Page’s case is some sort of extreme outlier. On the contrary—as common sense would suggest and Horowitz’s report confirms—investigators were acutely aware that this was an enormously sensitive case certain to draw intense scrutiny. Thus the initial FISA application targeting Page, at least, was unusually detailed, and received additional layers of review before being submitted to the Foreign Intelligence Surveillance Court (FISC). It’s reasonable to infer, then, that many of the thousands of FISA applications filed each year have defects as bad or worse than those Horowitz identified here.

Second, if we want an explanation for those errors, Horowitz’s answer suggests one more systemic than a cartoonish anti‐​Trump vendetta: Nobody is doing the kind of thorough investigation that would find and correct those problems. In a criminal investigation, the purpose of a so‐​called Title III wiretap order is to obtain evidence for a criminal prosecution. While the initial application is submitted in secret, defense attorneys will be entitled to discovery at trial, and have ample incentive to hunt for government missteps. What’s more, investigators know they need to keep track of potentially exculpatory information, which they’ll be obligated to turn over. Even in cases where no prosecution results, the target of a Title III wiretap has to be notified once the wiretap ends, and may take legal action. The purpose of FISA surveillance, by contrast, is gathering foreign intelligence, not collecting evidence for use in court: The vast, vast majority of FISA targets will never be prosecuted. Unlike a Title III, a FISA might be “successful” from the government’s perspective—because it yielded foreign intelligence information—without actually validating its initial premise that the target is a foreign agent. In short, while the FISA process looks superficially somewhat similar to its criminal counterpart on the front end, it lacks the adversarial mechanisms on the back end that constitute a critical part of the criminal process.

Third, we should be wary of the temptation to think about potential FISA reforms exclusively in terms of this case, and the findings of this one report. Not merely because we don’t yet know which of the problems identified by Horowitz are most pervasive—and thus most indicative of the need for a remedy at the policy level—but because Horowitz focused almost entirely on Title I of FISA, which most closely resembles the traditional warrant process, with judges making particularized probable cause determinations. An intelligence investigation in which a FISA order was sought assuredly made use of myriad other intelligence tools, most of which involve far less oversight: Business records orders (§215), pen registers to collect communications metadata (§214), and National Security Letters for certain categories of financial or telecommunications records. Horowitz says little about these, perhaps because these other tools had not been as central to the public controversy surrounding the Page investigation. But if corners are cut to the extent documented by Horowitz even in the case of Title I orders, the most rigorously scrutinized, we can hardly suppose everything’s copasetic with authorities that effectively operate on the honor system.

Title I FISA Orders

The most obvious takeaway from the Horowitz report is that we need far more comprehensive “deep dive” investigations into the use of intelligence tools, both to discover how pervasive the defects Horowitz identified are in other Title I FISA applications, and whether there are comparable problems with other surveillance authorities. As the Inspector General’s report demonstrates, there are serious issues that will not be identified by “higher level” reviews, such as the omission of information that would tend to undermine the government’s case. But such “deep dives” need not just serve as a guide for policymakers: They can also serve as a partial remedy, precisely by replicating (imperfectly) the mechanisms and incentives that serve as checks on criminal investigations.

While, of course, it is not realistic to expect reviews this exhaustive for any significant percentage of FISA investigations, a deeper review of a representative sample of U.S. person FISA applications—not simply verification that facts asserted in the application have documentary support, but a review of the case file and correspondence for material omissions—may help to reproduce some of the incentives that exist on the criminal side. Case agents will be conscious of the possibility—the risk, if not the certainty—that they will be called to explain why some fact favorable to the target of surveillance was omitted from an application. Even if only a small fraction of FISA applications can be so reviewed, such a process would introduce an incentive to focus on potentially exculpatory information currently absent from FISA.

On the front end, the role of existing FISC amici could be expanded to permit discretionary intervention in applications being submitted to the Court—not merely in cases in which the FISC itself seeks their perspective—at least in cases designated “special investigative matters” because of their potential implications for religious, political, or press freedoms. The current remit of the amici is to advise the Court in cases involving “novel or significant” legal interpretations or requiring technical expertise. But civil liberties interests need not be “novel” to require an advocate to make them sufficiently salient to a judge. The participation of amici would add a dimension not typically provided by existing internal oversight, which tends to be more focused on formalistic compliance than weighing competing equities and interests.

Finally—and perhaps most importantly—the presumption that FISA surveillance will be permanently covert should be ended. Currently, the only FISA targets who normally become aware of surveillance are the small fraction the government ultimately chooses to prosecute for a crime—which is to say, those whose wiretaps did indeed produce strong evidence confirming the government’s suspicion that they were engaged in wrongdoing. A target whose surveillance proves to have been unjustified, perversely, has no remedy, because they will never learn of it. While there will doubtless be cases in which the protection of sources and methods precludes such notice—where publicizing even the identities of erroneous targets would feed too much vital information to genuine adversaries—this should no longer be the default. At the termination of FISA surveillance of a U.S. person, there should be a rebuttable presumption of notice parallel to that required by Title III surveillance, unless the government can demonstrate to the FISC that such notice would entail a concrete national security harm sufficiently grave to outweigh the target’s interests. (Here, too, FISC amici should have an opportunity to represent those interests.) As the Supreme Court wrote in Berger v. New York, the requirement that targets of a search be given notice absent exigent circumstances “would appear more important in eavesdropping, with its inherent dangers, than that required when conventional procedures of search and seizure are utilized.” Indeed, notice is an important component of what makes a search “reasonable” in Fourth Amendment terms. It was the absence of notice that particularly sparked Lord Camden’s ire in the seminal English case of Entick v. Carrington:

[The warrant] is executed by messengers with or without a constable (for it can never be pretended, that such is necessary in point of law) in the presence or the absence of the party, as the messenger shall think fit, and without a witness to testify what passes at the time of the transaction; so that when the papers are gone, as the only witnesses are the trespassers, the party injured is left without proof.

If this injury falls upon an innocent person, he is as destitute of remedy as the guilty: and the whole transaction is so guarded against discovery, that if the officer should be disposed to carry off a bank bill he may do it with impunity, since there is no man capable of proving either the taker or the thing taken.

While the facts of specific cases may justify delaying or waiving notice to a target, that justification should still need to be made on a case‐​by‐​case basis: It should not simply be categorically presumed that the government’s ex ante foreign intelligence purpose in seeking a wiretap automatically provides sufficient ex post grounds for leaving a target “destitute of remedy.”

Other Surveillance Authorities

While the Horowitz report says relatively little about other investigative tools deployed in the Page investigation, government acquisition of detailed financial and telecommunications metadata can in many ways be as intrusive as the collection of content. Yet multiple authorities—including the aforementioned §215, §214, and National Security Letters—permit such information to be obtained with little more than an assertion of “relevance to an investigation.” In the case of National Security Letters, judicial approval is not even required. The FBI could have used this panoply of tools to conduct incredibly revealing surveillance of Page without risking similar criticism, because they would not have needed to establish probable cause to believe he was acting as a foreign agent. It would be enough that the case agents regarded his activities as potentially relevant to their probe. That bar should be raised.

Here, current law provides a straightforward mechanism for strengthening civil liberties protections while still allowing investigators enormous flexibility. FISA’s business records authority (§215) specifies that records are presumptively relevant to an intelligence investigation if they pertain to:

(a) a foreign power or an agent of a foreign power

(b) the activities of a suspected agent of a foreign power who is the subject of such an authorized investigation, or

(c) an individual in contact with, or known to, an agent of a foreign power who is the subject of such authorized investigation.

All three of the aforementioned authorities should be amended to require a showing that records are relevant to the investigation and fall into one of these three quite broad categories. This would help ensure both that the net of “relevance” is not cast so wide it encompasses individuals without a concrete link to a valid investigative target, and that peripheral associates of a target are not automatically or indiscriminately subject to invasive monitoring without some specific basis for believing their records are needed, beyond the mere fact of association with a target.

In the case of National Security Records, the scope of telecommunications records obtainable should be restricted to “basic subscriber information”—such as name, address, length of service, and billing address—while more detailed “electronic communications transaction records” and “toll billing records” require use of an authority subject to judicial approval, such as §215. This should give investigators the necessary latitude—and enough initial information—to assess whether a court order should be sought without exposing a detailed roadmap of individuals’ digital activities before a judge is involved.

In Page’s case, of course, these changes would not in themselves have made much difference, since the FBI had successfully persuaded the FISC that he was probably a foreign agent. But they might have limited the collateral damage to friends and associates whose finances, phone records, and online activity all became automatically available to the government as a result. While only Page himself was directly subject to full‐​content FISA surveillance, everyone in contact with him would have become “presumptively” subject to extensive metadata surveillance as a result of that association.

In addition to being advisable in themselves, then, reforming these metadata authorities can be thought of as a backstop or supplement to FISA Title I reform. Even with the best imaginable procedures, the government will sometimes target people for surveillance improperly, or for longer than is justifiable. Narrowing the government’s power to acquire metadata ensures that such errors are at least not compounded by authorizing granular monitoring of their entire social universe.

Julian Sanchez

Julian Sanchez is a senior fellow at Cato and focuses primarily on issues at the busy intersection of technology, privacy, civil liberties, and new media — but also writes more broadly about political philosophy and social psychology.