NSA Axes “About” Collection: Win for Privacy Advocates, Loss for Us All?

–by Taylor Henry

Abstract:

This article discusses the NSA’s recent policy change to its electronic surveillance program, under Section 702 of the FISA Amendments Act (FAA), to stop collecting electronic communications that are “about” its targets. This policy change should result in the collection of fewer communications that are purely between American citizens, but it also may have a detrimental effect on Section 702’s use as a counterterrorism tool.

Citations:

FISA Amendments Act of 2008, Pub. L. No. 110-261, 122 Stat. 2436 (codified in scattered sections of 50 U.S.C.); Privacy and Civil Liberties Oversight Board, Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act 10 (2014), https://www.pclob.gov/library/702-Report.pdf; Tim Cushing, NSA Makes Pitch for Section 702 Approval While its 702 Requests Aren’t Being Approved by the Court, techdirt (Apr. 27, 2017, 10:45 AM), https://www.techdirt.com/articles/20170424/16521837225/nsa-makes-pitch-section-702-approval-while-702-requests-arent-being-approved-court.shtml; Report of the Director of the Administrative Office of the U.S. Courts on Activities of the Foreign Intelligence Surveillance Courts for 2016, U.S. Courts (2016), http://www.uscourts.gov/sites/default/files/ao_foreign_int_surveillance_court_annual_report_2016_final_0.pdf; Robert Chesney, Can NSA Drop “About” Collection Without Gutting “To/From” Collection?, Lawfare (Apr. 28, 2017), https://lawfareblog.com/can-nsa-drop-about-collection-without-gutting-tofrom-collection; Charlie Savage, N.S.A. Halts Collection of Americans’ Emails About Foreign Targets, N.Y. Times (Apr. 28, 2017), https://www.nytimes.com/2017/04/28/us/politics/nsa-surveillance-terrorism-privacy.html?_r=0; Press Release, NSA, NSA Stops Certain Foreign Intelligence Collection Activities Under Section 702 (Apr. 28, 2017), https://www.nsa.gov/news-features/press-room/press-releases/2017/nsa-stops-certain-702-activites.shtml; Statement of Elizabeth Goitein, U.S. House of Representatives Committee on the Judiciary (Mar. 1, 2017), https://judiciary.house.gov/wp-content/uploads/2017/02/Goitein-Testimony.pdf.

***

Although most Americans recognize the name Edward Snowden, few are likely to recognize the name of a government program that is responsible for the collection of hundreds of millions of electronic communications per year. This program, Section 702 of the FISA Amendments Act (FAA), has recently undergone an abrupt and dramatic policy change that has significant consequences for the reauthorization of the FAA, which is set to expire in December 2017.

Section 702 is a complicated but crucial intelligence-gathering tool, as it authorizes electronic surveillance conducted by the National Security Agency (NSA). Essentially, the NSA collects the contents of electronic communications, including emails and text messages, where the “target” is reasonably believed to be a non-U.S. person located outside the United States. “U.S. persons” include U.S. citizens, U.S. permanent residents, and virtually all U.S. corporations. Therefore, the government cannot use Section 702 to intentionally spy on American citizens located in the U.S., or anyone located within the U.S., and the targeting must be done with the purpose of acquiring foreign intelligence information.

This statutory limitation has not shielded Section 702 from criticism by privacy advocates and national security experts. In reality, countless Americans’ communications are swept up in 702 collection, stored by the government, and can be “queried” by government agencies. This phenomenon is called incidental U.S. person collection. It can occur when a U.S. person is communicating with a non-U.S. person who has been targeted, or when two non-U.S. persons are discussing a U.S. person. Because a U.S. person was not intentionally targeted by the NSA, this collection is lawful under 702, and the information may be utilized by the government.

Another important aspect of the Section 702 program is querying. “Querying” occurs when a government analyst searches 702 collected data with identifiers, such as an email address. The most problematic aspect of 702 collection is arguably the FBI’s ability to query 702 data to find evidence of domestic crimes, which many privacy advocates have criticized as being a “backdoor loophole” around the Fourth Amendment warrant requirement. This is because a probable cause warrant is not required for electronic surveillance under Section 702.

Each year, the government provides the Foreign Intelligence Surveillance Court (FISC) with its targeting and minimization procedures, which FISC then approves. Unlike the warrants used by domestic law enforcement, 702 certifications are not individualized and are not required to meet any probable cause standard. FISC is only required to approve the targeting and minimization procedures.

The FISC releases the amount of certifications it grants each year. This year’s annual report disclosed that the FISC had not approved any 702 certifications yet, even though the current 702 certification had expired.  It wasn’t until a few days later that the New York Times reported that the FISC had been dragging its feet because the NSA had self-reported several inadvertent “compliance incidents.” In response to the FISC’s reluctance, the NSA announced that it would end a particularly controversial part of the 702 program: “about” collection.

“About” collection occurs when the NSA obtains communications where neither the sender nor receipt is a target of collection. “About” collection is controversial because of the relatively high risk that such collection will result in acquiring purely domestic communications. Neither the individual involved, nor the conversation held is required to be a target in order for the collection to be lawfully acquired by the NSA, so long as some part of the content of the communication mentions a target identifier. When put in context within the broad scope of Section 702–that it is not technically limited to counterterrorism efforts–“about collection” means that emails could be lawfully collected when they concern the “merits of [NAFTA] or whether the United States should build a wall along the border with Mexico,” simply because such conversations “relate[] to the conduct of foreign affairs.”

While this policy change sounds like a win for everyone, there is reason to be concerned by this change. Section 702 is a counterterrorism tool that is frequently used by the government. The NSA estimates that over 25% of its reports concerning international terrorism include information based on Section 702 collection. However, until this recent elimination of the “about collection,” the NSA had maintained that it was impossible to stop collecting “about” communications without eliminating a substantial amount of the “to/from” communications it seeks.

In its press release, the NSA noted that this limitation still exists, but that it is outweighed by privacy concerns. While some national security experts are concerned about how this change might lessen the effectiveness of Section 702 as a counterterrorism tool, this policy will certainly be a topic of discussion in Congress’ up