Last night House Judiciary Chairman Jerry Nadler (D-NY) introduced for himself and House Intelligence Committee Chairman Adam Schiff (D-CA) the revised version of the USA FREEDOM Reauthorization Act of 2020, a bill that would reauthorize intelligence surveillance authorities due to sunset March 15, 2020, reform one of them, and make several important changes to the Foreign Intelligence Surveillance Act (FISA) to protect privacy and enhance transparency and oversight. Most importantly, the bill deletes the statutory authorization for the controversial Section 215 Call Detail Records (CDR) program. The bill also requires full probable cause orders to obtain in the intelligence context any information for which a warrant is required in the criminal context, and specifies that cell site location information and GPS information fall within this prohibition.
The bill contains other important reforms, including measures intended to address problems identified in Inspector General Michael Horowitiz’s investigation into the use of FISA authorities to surveil Carter Page, then a campaign advisor to presidential candidate Donald Trump. The bill also reauthorizes until December 2023 the Section 215 “traditional business records provision,” the roving intelligence wiretaps authority, and the lone wolf amendment to the Foreign Intelligence Surveillance Act (FISA) definition of agent of a foreign power.
While the bill includes important reforms that should be enacted, additional reforms from the bipartisan Safeguarding Americans Private Records Act would strengthen this legislation and should be considered.
[CDT issued a blog on the prior version of the USA FREEDOM Reauthorization Act found here.]
Major Reforms In The Bill
The Authorization for the CDR Program is Removed
The USA Freedom Reauthorization Act repeals the statutory authorization for the National Security Agency’s (NSA) CDR program from Section 215. A CDR is a record of a phone call or text message that reveals who contacted whom, when, and in the case of a phone call, for how long they spoke. The CDR program replaced the bulk telephony metadata program famously disclosed in 2013 by Edward Snowden with a more narrowly tailored version. However, even after that reform, the CDR program was operated unlawfully (by the NSA’s own admission) and at great cost to privacy. In 2018, there were only 14 orders issued under this program for the CDR’s of only 11 targets of surveillance. But, those orders generated the collection of 434,238,543 CDR’s in 2018 alone.
The program has been such a disaster the NSA voluntarily shut it down “after balancing the program’s relative intelligence value, associated costs, and compliance and data integrity concerns.” A review of the program by the Privacy and Civil Liberties Oversight Board (PCLOB) disclosed that in the three years that the program was operational, it cost $100 million. PCLOB’s report indicated and the return on investment was minimal, resulting in the NSA only writing and disseminating “15 intelligence reports derived in whole or in part from these CDRs,” which “the NSA characterized as  extremely low.”
Despite failing to demonstrate the program’s necessity, the White House requested that the program be permanently reauthorized. This demand was met with skepticism during both the Senate and House Judiciary Committee hearings. The bipartisan support for revoking this authority is strong. Importantly, this reform would not stymie the government’s ability to identify with whom a suspected terrorist is communicating. The government would still have the ability to gather records of who talked to whom using more targeted authorities.
Section 215 Cannot Be Used To Collect Information Subject To the Fourth Amendment’s Warrant Requirement
The bill prohibits the government from using Section 215 to collect any “tangible thing” that would require a search warrant in the context of a criminal investigation and with respect to which an individual has a reasonable expectation of privacy. The bill further clarifies this provision by affirmatively stating that 215 orders may not be used to secure the production of cell site location or GPS information, unless an emergency situation so permits. This is responsive to the concern that the IC may be using Section 215 orders to collect constitutionally protected information under a low standard akin to mere relevance to an investigation. In 2018 the Supreme Court in Carpenter v. United States held that the government must get a warrant prior to accessing seven days or more of historical cell-site location information. This will extend that requirement to the intelligence context.
This reform goes beyond protecting location information. Communications content is likewise protected by the Fourth Amendment’s warrant requirement, so it would also be off limits for purposes of Section 215 orders. Internet search history also enjoys such protection. Application to other sensitive records such as web browsing history is unclear. Perhaps most importantly the provision means that any decision by the Foreign Intelligence Surveillance Court (FISC) or the Foreign Intelligence Surveillance Court of Review (FISCR) that intelligence surveillance enjoys an exception from the Fourth Amendment’s warrant requirement is effectively nullified in the Section 215 context. This provision of law would require a full probable cause determination for information protected by the constitutional warrant requirement in criminal investigations even if the Fourth Amendment does not protect it on account of the surveillance being conducted in the intelligence context.
Unfortunately, negotiators added a qualification to this provision at the last minute: only “tangible things” in which a person has a “reasonable expectation of privacy” are put out of bounds for purposes of Section 215 surveillance. This opens the possibility that records protected by a statutory warrant requirement in which a person does not have a reasonable expectation of privacy, might be available with a Section 215 order.
Reforms To Address the Carter Page FISA Application Process
Inspector General Michael Horowitz’s report, Review of Four FISA Applications and Other Aspects of the FBI’s Crossfire Hurricane Investigation, identified a litany of omissions, errors and misrepresentations in the applications for FISA surveillance of Trump campaign advisor Carter Page. In response to the report the FBI and the FISC are currently identifying steps the agency needs to take in order for the FISC to be able to trust the accuracy of the materials presented before it. A number of reforms included in this revised USA FREEDOM Reauthorization Act respond to the need for greater protections in the process governing FISA applications to ensure the accuracy of materials presented to the FISC, and extend new safeguards for United States persons, including:
- The bill requires that applications made to the FISC include a certification by the individual presenting the application that the attorney for the government and DOJ has been appraised of all information that might reasonably call into question the accuracy of the application.
- This bill would expand the category of cases in which an amicus in the FISC may be appointed to include those matters that present “exceptional” concerns about the protection of the rights of a US person under the first amendment to the Constitution. This is a narrow expansion. Any case in which first amendment concerns are significant is a case in which an amicus should be appointed to help the FISC address those concerns. The bill also strengthens the role of the amici by granting them access to the information they need to make the strongest case possible, and also gives them the power to recommend a matter before the FISC or FISCR be certified for appeal.
- The bill adopts part of an idea from Republicans on the House Permanent Select Committee on Intelligence, including Chairman Devin Nunes (D-CA)’s bill H.R. 5396 FISA Improvements Act of 2019. The bill would require the government and the FISC to maintain a record of substantive written communications between the government and the Court. H.R. 5396 wisely went further to require a record of oral communications as well—the very type of communications most susceptible to mischief-making between the government and the FISC.
- The bill calls for the Attorney General and Director of the FBI to issue regulations regarding case files to ensure that applications to the FISC are accurate and complete.
- The bill would require applications before the FISC seeking an order to electronically surveil or conduct a physical search of U.S. person’s residence, to include a statement outlining what other techniques have been carried out to surveil the US person.
- Applications to target an elected federal official or a candidate in a federal election must include a statement that the AG has approved the investigation in writing.
- The bill establishes that there will be compliance officers within federal agencies that make applications to the FISC who will be charged with conducting routine audits to ensure the agency’s compliance with FISA, including the accuracy of applications made before the FISC.
These are important reforms to FISA that should attract bipartisan support, and would make strides in increasing the American people’s confidence about the operation of this secretive process. A pending investigation into the use of FISA authorities led by IG Horowitz is due to issue findings that could result in calls for additional systemic reforms.
Reforms That Increase Transparency About How the Government Wields Its Authority
The USA Freedom Act of 2015 required that significant or novel FISC or FISCR opinions be published to ensure that the government is not operating on the basis of secret law. However, there was no deadline for the government to meet, and it sometimes delayed for many months the publication of important decisions. This bill would prospectively put the government on a 6 month shot clock to release such opinions and compel the IC to finish a review of prior unreleased opinions within a year.
Additionally, the USA Freedom Act required the IC to publish annual transparency reports detailing how it uses its surveillance authorities including the types of orders used, and the number of individuals and records affected by such use. The IC has long resisted efforts to provide the public an accounting of how many U.S. persons are impacted by Section 702 surveillance, which is limited to targeting non-U.S. persons reasonably believed to be abroad. This bill will require the FBI to report the number of search terms and the number of queries of FISA material “reasonably likely to identify a United States person.” Requiring such disclosure has been a long standing priority of the privacy and civil liberties community.
It would also compel the U.S. government to disclose two significant internal legal interpretations. The first is how the US government determines whether information is “obtained or derived” from surveillance authorized under FISA. This is important to defendants in criminal cases against whom FISA-derived evidence is used. Few defendants are provided notice about the use of information derived from FISA surveillance. The bill also requires the government to disclose how it interprets the statutory prohibition on conducting an investigation of a US person “solely upon the basis of activities protected by the first amendment to the Constitution.” “Solely” is a high bar, and may be insufficiently protective of rights. The disclosure of this legal interpretation could inform the need for reforms to bolster protections for first amendment rights.
Finally, the bill tasks the Privacy and Civil Liberties Oversight Board to craft a public report on two things: (i) the extent to which activities protected by the First Amendment, as well as race, religion, ethnicity, gender and the like, inform FISA surveillance activities; and (ii) the impact of the use of FISA surveillance on First Amendment activities and these protected classes. This report could identify the need for additional reforms.
This revised version of the USA FREEDOM Reauthorization Act does not include all of the reforms we would have liked to see. For example, the bill does not address the overly-broad relevance-based standard for Section 215 collection, and its rules to limit retention of tangible things collected under Section 215 are riddled with loopholes that should be closed. We are hopeful that if Congress does not enact this legislation by the March 15 sunset date that it takes the time necessary to address these reforms and others in the Safeguarding Americans Private Records Act.