Fisa court oversight: a look inside a secret and empty process
Glenn Greenwald, The Guardian
Tuesday 18 June 2013 19.36 EDT
Since we began began publishing stories about the NSA’s massive domestic spying apparatus, various NSA defenders – beginning with President Obama – have sought to assure the public that this is all done under robust judicial oversight. “When it comes to telephone calls, nobody is listening to your telephone calls,” he proclaimed on June 7 when responding to our story about the bulk collection of telephone records, adding that the program is “fully overseen” by “the Fisa court, a court specially put together to evaluate classified programs to make sure that the executive branch, or government generally, is not abusing them”.
The GOP chairman of the House Intelligence Committee, Mike Rogers, told CNN that the NSA “is not listening to Americans’ phone calls. If it did, it is illegal. It is breaking the law.” Talking points issued by the House GOP in defense of the NSA claimed that surveillance law only “allows the Government to acquire foreign intelligence information concerning non-U.S.-persons (foreign, non-Americans) located outside the United States.”
The NSA’s media defenders have similarly stressed that the NSA’s eavesdropping and internet snooping requires warrants when it involves Americans. The Washington Post’s Charles Lane told his readers: “the government needs a court-issued warrant, based on probable cause, to listen in on phone calls.” The Post’s David Ignatius told Post readers that NSA internet surveillance “is overseen by judges who sit on the Foreign Intelligence Surveillance Court” and is “lawful and controlled”. Tom Friedman told New York Times readers that before NSA analysts can invade the content of calls and emails, they “have to go to a judge to get a warrant to actually look at the content under guidelines set by Congress.”
This has become the most common theme for those defending NSA surveillance. But these claim are highly misleading, and in some cases outright false.
Under the FAA, which was just renewed last December for another five years, no warrants are needed for the NSA to eavesdrop on a wide array of calls, emails and online chats involving US citizens. Individualized warrants are required only when the target of the surveillance is a US person or the call is entirely domestic. But even under the law, no individualized warrant is needed to listen in on the calls or read the emails of Americans when they communicate with a foreign national whom the NSA has targeted for surveillance.
As a result, under the FAA, the NSA frequently eavesdrops on Americans’ calls and reads their emails without any individualized warrants – exactly that which NSA defenders, including Obama, are trying to make Americans believe does not take place.
Contrary to the claims by NSA defenders that the surveillance being conducted is legal, the Obama DOJ has repeatedly thwarted any efforts to obtain judicial rulings on whether this law is consistent with the Fourth Amendment or otherwise legal. Every time a lawsuit is brought contesting the legality of intercepting Americans’ communications without warrants, the Obama DOJ raises claims of secrecy, standing and immunity to prevent any such determination from being made.
The supposed safeguard under the FAA is that the NSA annually submits a document setting forth its general procedures for how it decides on whom it can eavesdrop without a warrant. The Fisa court then approves those general procedures. And then the NSA is empowered to issue “directives” to telephone and internet companies to obtain the communications for whomever the NSA decides – with no external (i.e. outside the executive branch) oversight – complies with the guidelines it submitted to the court.
In his interview with the president last night, Charlie Rose asked Obama about the oversight he claims exists: “Should this be transparent in some way?” Obama’s answer: “It is transparent. That’s why we set up the Fisa Court.” But as Politico’s Josh Gerstein noted about that exchange: Obama was “referring to the Foreign Intelligence Surveillance Court – which carries out its work almost entirely in secret.” Indeed, that court’s orders are among the most closely held secrets in the US government. That Obama, when asked about transparency, has to cite a court that operates in complete secrecy demonstrates how little actual transparency there is to any this.
When it is time for the NSA to obtain Fisa court approval, the agency does not tell the court whose calls and emails it intends to intercept. It instead merely provides the general guidelines which it claims are used by its analysts to determine which individuals they can target, and the Fisa court judge then issues a simple order approving those guidelines. The court endorses a one-paragraph form order stating that the NSA’s process “‘contains all the required elements’ and that the revised NSA, FBI and CIA minimization procedures submitted with the amendment ‘are consistent with the requirements of [50 U.S.C. §1881a(e)] and with the fourth amendment to the Constitution of the United States'”. As but one typical example, the Guardian has obtained an August 19, 2010, Fisa court approval from Judge John Bates which does nothing more than recite the statutory language in approving the NSA’s guidelines.
Once the NSA has this court approval, it can then target anyone chosen by their analysts, and can even order telecoms and internet companies to turn over to them the emails, chats and calls of those they target. The Fisa court plays no role whatsoever in reviewing whether the procedures it approved are actually complied with when the NSA starts eavesdropping on calls and reading people’s emails.
The guidelines submitted by the NSA to the Fisa court demonstrate how much discretion the agency has in choosing who will be targeted. Those guidelines also make clear that, contrary to the repeated assurances from government officials and media figures, the communications of American citizens are – without any individualized warrant – included in what is surveilled.
The only oversight for monitoring whether there is abuse comes from the executive branch itself: from the DOJ and Director of National Intelligence, which conduct “periodic reviews … to evaluate the implementation of the procedure.” At a hearing before the House Intelligence Committee Tuesday afternoon, deputy attorney general James Cole testified that every 30 days, the Fisa court is merely given an “aggregate number” of database searches on US domestic phone records.
Obama and other NSA defenders have repeatedly claimed that “nobody” is listening to Americans’ telephone calls without first obtaining warrants. This is simply false. There is no doubt that some of the communications intercepted by the NSA under this warrantless scheme set forth in FAA’s section 702 include those of US citizens. Indeed, as part of the Fisa court approval process, the NSA submits a separate document, also signed by Holder, which describes how communications of US persons are collected and what is done with them.
The decisions about who has their emails and telephone calls intercepted by the NSA is made by the NSA itself, not by the Fisa court, except where the NSA itself concludes the person is a US citizen and/or the communication is exclusively domestic. But even in such cases, the NSA often ends up intercepting those communications of Americans without individualized warrants, and all of this is left to the discretion of the NSA analysts with no real judicial oversight.
The top secret rules that allow NSA to use US data without a warrant
Glenn Greenwald and James Ball, The Guardian
Thursday 20 June 2013 18.59 EDT
- Document one: procedures used by NSA to target non-US persons
- Document two: procedures used by NSA to minimise data collected from US persons
Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information “inadvertently” collected from domestic US communications without a warrant.
The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used.
The Fisa court’s oversight role has been referenced many times by Barack Obama and senior intelligence officials as they have sought to reassure the public about surveillance, but the procedures approved by the court have never before been publicly disclosed.
(T)he Fisa court-approved policies allow the NSA to:
• Keep data that could potentially contain details of US persons for up to five years;
• Retain and make use of “inadvertently acquired” domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;
• Preserve “foreign intelligence information” contained within attorney-client communications;
• Access the content of communications gathered from “U.S. based machine[s]” or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.
The broad scope of the court orders, and the nature of the procedures set out in the documents, appear to clash with assurances from President Obama and senior intelligence officials that the NSA could not access Americans’ call or email information without warrants.
The documents also show that discretion as to who is actually targeted under the NSA’s foreign surveillance powers lies directly with its own analysts, without recourse to courts or superiors – though a percentage of targeting decisions are reviewed by internal audit teams on a regular basis.
One such warrant seen by the Guardian shows that they do not contain detailed legal rulings or explanation. Instead, the one-paragraph order, signed by a Fisa court judge in 2010, declares that the procedures submitted by the attorney general on behalf of the NSA are consistent with US law and the fourth amendment.
Those procedures state that the “NSA determines whether a person is a non-United States person reasonably believed to be outside the United States in light of the totality of the circumstances based on the information available with respect to that person, including information concerning the communications facility or facilities used by that person”.
It includes information that the NSA analyst uses to make this determination – including IP addresses, statements made by the potential target, and other information in the NSA databases, which can include public information and data collected by other agencies.
Where the NSA has no specific information on a person’s location, analysts are free to presume they are overseas, the document continues.
“In the absence of specific information regarding whether a target is a United States person,” it states “a person reasonably believed to be located outside the United States or whose location is not known will be presumed to be a non-United States person unless such person can be positively identified as a United States person.”
If it later appears that a target is in fact located in the US, analysts are permitted to look at the content of messages, or listen to phone calls, to establish if this is indeed the case.
Referring to steps taken to prevent intentional collection of telephone content of those inside the US, the document states: “NSA analysts may analyze content for indications that a foreign target has entered or intends to enter the United States. Such content analysis will be conducted according to analytic and intelligence requirements and priorities.”
The NSA is empowered to retain data for up to five years and the policy states “communications which may be retained include electronic communications acquired because of limitations on the NSA’s ability to filter communications”.
Even if upon examination a communication is found to be domestic – entirely within the US – the NSA can appeal to its director to keep what it has found if it contains “significant foreign intelligence information”, “evidence of a crime”, “technical data base information” (such as encrypted communications), or “information pertaining to a threat of serious harm to life or property”.
All boldface is my emphasis, italics and links are from the original.