Glenn Gerstell on “Avoiding the Worst Intelligence Failure of our Time: The Reauthorization of FISA Section 702
Today’s guest post is by former National Security Agency General Counsel (and LENS Speaker!) Glenn Gerstell. He is addressing one of the hottest issues in national security legislation today: whether section 702 of The Foreign Intelligence Surveillance Act should be renewed. You need to be up to speed on this issue, and Mr. Gerstell is the ideal person to explain it to you!
Avoiding the Worst Intelligence Failure of our Time: The Reauthorization of FISA Section 702
Glenn S. Gerstell
If Congress fails to reauthorize Section 702, history may judge the lapse of Section 702 authorities as one of the worst intelligence failures of our time.
— President’s Intelligence Advisory Board Review of FISA Section 702 (July 2023)
It’s hard to imagine another occasion when a senior group of national security experts has made so sweeping a statement about a failure to act. More alarming is that the prospect of such a failure is so real.
This is exactly the situation Congress and the national security establishment are facing with the year-end expiration of Section 702 of the Foreign Intelligence Surveillance Act. The statute, considered indispensable to the US Intelligence Community, allows the surveillance of foreign intelligence targets located overseas who use American email and other communications systems. Notwithstanding its crucial importance, the law is the subject of complex controversy – both old and new, and technical and political.
Understanding that controversy requires a brief explanation of the statute.
How we got here.
In 2008, Congress added Section 702 to the Foreign Intelligence Surveillance Act of 1978, which had formed the basis for constitutionally permissible surveillance for foreign intelligence purposes and established a new federal court, the Foreign Intelligence Surveillance Court (FISC), empowered to compel highly regulated surveillance on American soil.
The 2008 amendments allowed the FISC to, in effect, direct American communications service providers to disclose to the National Security Agency, the Central Intelligence Agency, the Federal Bureau of Investigation, and the National Counterterrorism Center the communications of specific, targeted foreigners located outside the United States for the purpose of acquiring “foreign intelligence information.”
The Amendments were a response to changes in technology– communications had shifted heavily to internet-based systems and global telecommunications networks, many of which were American-owned and operated.
Intelligence collected under Section 702 has, by all accounts, been extraordinarily critical in keeping the United States safe and in affording the government deep insight into the plans and capabilities of foreign adversaries.
NSA’s Director, General Paul Nakasone, recently gave examples of how the statute is “irreplaceable.” He noted how the statutory authority helped the government recapture the bulk of the ransom paid in the May 2021 Colonial Pipeline hacks. He also bluntly stated that the statute “saves lives,” citing as another example that Section 702 enabled the government to block the shipment of “Chinese precursor chemicals that are being utilized to synthesize into fentanyl.”
The current problem.
So, if the statutory program is almost universally acknowledged to be valuable and unique, why has the authority been reauthorized with declining majorities each time it has come up for renewal and why is renewal in question this year?
The answer grows out of the fact that the communications of innocent Americans who just happen to be in contact with a foreign surveillance target can get picked up by the government too. There’s no way of filtering out such communications since there’s no reliable way of figuring out, say, just from the face of an email, whether the recipient is an American.
Similarly, IP addresses and other technical aspects of electronic communications do not accurately reveal the recipient’s location or nationality. The result is that even though Section 702 was intended for foreign surveillance, some Americans’ communications – inevitably, unintentionally, and unavoidably – wind up in the hands of the government.
This “incidental collection” doesn’t affect the legality of the original collection, but privacy advocates have long felt uncomfortable with the government’s ability to search or “query” the database of collected information using the name or email address of an American. While the issue affects the other agencies who receive and analyze the Section 702 collection, most of the focus has been on the FBI, which has a domestic law enforcement mission in addition to its counterintelligence one.
Some privacy advocates have argued that the FBI should be required to obtain a search warrant before it is allowed to query the database for an American, on the theory that, but for the incidental collection, the FBI would normally need some other court process to acquire an American’s private communications.
Most legal experts point out that there is no requirement under the 4th Amendment to the Constitution, which regulates governmental searches, to obtain a warrant before searching lawfully acquired data. The government argues that there are layers of rules and regulations, with extensive independent oversight, of the Section 702 collection program – all designed to protect the privacy of Americans.
Unfortunately, the declassified opinions of the FISC have revealed over the years a significant number of occasions when the various regulations were not complied with. Although compliance failures occurred in several agencies, the more recent and sustained problems centered around the FBI.
In late 2021, the FBI instituted new rules and training, yielding a recent FISC opinion saying that the situation had favorably turned around. Nonetheless, and perhaps not surprisingly, Republican Congress members who have been vocal about their general distrust of the FBI have seized on these past Section 702 compliance errors to justify their views.
Solving the problem.
The result is that it’s by no means clear that rules changes and a positive court opinion will be sufficient to overcome political headwinds, especially as the nation will soon be less than a year away from a presidential election. Conservative members of Congress want to restrict the FBI’s querying of the Section 702 collection; liberal members want to increase privacy protections and transparency of the entire operation; and the Intelligence Community and the Administration want to ensure that the program continues with uninterrupted effectiveness.
Melding those disparate goals into some compromise reauthorization bill is the job of the judiciary and intelligence committees in the Senate and the House of Representatives, and obviously those committees themselves are rarely in agreement.
Consequently, the renewal of the statute can’t be taken for granted. After months of preliminary discussions and some hearings, negotiations have started and will continue throughout the fall. (The Standing Committee on Law and National Security of the American Bar Association has compiled an online collection of some of the more significant articles and documents about the current debate.)
Potential solutions being considered range from simply codifying the FBI’s recent reforms so they can’t be weakened without Congressional approval, to curtailing the FBI’s querying authority when Americans are involved, to flatly precluding the FBI’s role in the Section 702 program. Other changes to increase transparency of the FISC are also being considered. With all this in flux, and given the fraught political situation in general, a cliffhanger outcome in December is quite possible.
Even if the solutions aren’t agreed to until the last minute, with continued efforts on the part of Congress and the Administration, it should be possible to avoid, in the PIAB’s words, “one of the worst intelligence failures of our time.”
About the author:
Glenn S. Gerstell served as the general counsel of the National Security Agency (NSA) and Central Security Service (CSS) from 2015 to 2020. Mr. Gerstell practiced law for almost 40 years at the international law firm of Milbank, LLP, where he focused on the global telecommunications industry. A graduate of New York University and Columbia University School of Law, Mr. Gerstell is a recipient of the National Intelligence Distinguished Service Medal, the Secretary of Defense Medal for Exceptional Civilian Service, and the NSA Distinguished Civilian Service Medal.
The views expressed by guest authors do not necessarily reflect my views or those of the Center on Law, Ethics and National Security, or Duke University. See also here.
Remember what we like to say on Lawfire: gather the facts, examine the law, evaluate the arguments – and then decide for yourself!