Within days of 9/11, Pentagon lawyer John Yoo sent an internal memo suggesting that the government might use “electronic surveillance techniques and equipment that are more powerful and sophisticated than those available to law enforcement agencies in order to intercept telephonic communications and observe the movement of persons but without obtaining warrants for such uses.” As a result, President George W. Bush signed an executive order which authorized the NSA to eavesdrop on citizens and non-citizens alike in the United States to search for evidence of terrorist activity and to do so without the task of obtaining a warrant from the FISC. The program accelerated later after the CIA captured a high-priority al-Qaeda operative, Abu Zudayba, in Pakistan.
The CIA had seized a treasure trove of cell phones, computers and phone directories. The CIA and NSA were under a directive to exploit this information as quickly as possible. As a result of tracking the calls and reading the email messages to and from al-Qaeda figures, the NSA began monitoring others linked to them, some in the United States. Thus, they created a chain or web of communications. In fact, several of the targets were in the US and according to the NSA numbered in the hundreds.
After the program was started, Congressional leaders were brought into the office of Vice President Dick Cheney and briefed by Michael Hayden, then-Director of the NSA, Cheney and CIA Director George Tenet. According to sources, Senator John D. Rockefeller (D-WV) expressed concerns, as did some members of the FISC. However, the Bush administration defended the program as a necessary tool in detecting and thwarting terrorist attacks. They noted that at any one time, they monitored up to 500 individuals domestically, and anywhere from 5,000 to 7,000 individuals abroad.The program was justified because it thwarted a plot by Iyman Faris, an Ohio trucker and naturalized citizen, who planned to bring down the Brooklyn Bridge with blowtorches. Another plot using bombs made from fertilizer was thwarted on British subway stations using information from the program.
The Bush administration, responding to criticism in the press and in Congress, justified the program as not only necessary, but legally authorized under the September, 2001 Congressional resolution granting Bush the authority to wage war on al-Qaeda and other terrorist groups. Regardless, in light of the revelations, the Justice Department audited the NSA program in 2004. The Justice Department expanded and refined a checklist that was to be followed in determining if monitoring was to be initiated.
Under FISA, the law had to be reauthorized and in 2007 that happened. What resulted was a modification called the Protect America Act (PAA) which Bush signed into law in August, 2007. Since its passage, the alleged “abuses” have essentially been codified into law.
Under the PAA, communications that begin or end in a foreign country can be monitored without going through the FISA process. In effect, the PAA removed that firewall of protecting civil liberties from the court and centered it in the DOJ and intelligence community. The government must certify the legality of the acquisition program with FISC and provide guidance to telecommunications companies for compliance. If a company refuses to comply, the government can ask the FISC to force compliance.
Perhaps most relevant aspect is Section 702 of the law. It was originally set to sunset in 2017, but was renewed. Section 702 authorized the collection, use, and dissemination of electronic communications stored by internet service providers like Google, Facebook, and Microsoft, or traveling across the internet’s backbone (the telecom providers). Unlike traditional FISA surveillance, Section 702 does not require that the target be a suspected terrorist, spy, or agent of a foreign government. It only requires that it be a non-US person abroad and that a significant portion of the surveillance be to obtain “foreign intelligence information,” although there need not be any specific purpose to the surveillance.
So how does Section 702 work? The Attorney General along with the Director of National Intelligence (DNI) submit certifications to FISC for approval. The certification must:
- Identify the categories of foreign intelligence to be gathered;
- Contain targeting and minimization procedures approved by the Attorney General;
- Attest that these procedures guarantee Fourth Amendment rights;
- Attest that there is a specific purpose;
- Attest that the program uses a United States electronic communications service provider, and;
- Attest that the program complies with established FISA guidelines.
If the elements are met, the FISC must approve the program. The FISC plays no role in the targeting decisions as they are reserved for the NSA after consulting with the FBI and CIA.
There are two known programs- PRISM and Upstream. In PRISM, the government collects all information to and from a targeted “selector” (such as an email address) directly from US-based electronic communications providers (like Apple or Google). The NSA receives all that information which, at this point, is “unminimized.”
Upstream is slightly different. Here, the government collects all internet transactions that contain information to, from, or about a targeted selector as the transactions flow through network gateways controlled by US-based providers. Only the NSA may receive such information, but can send that information to the FBI or CIA upon request ONLY if it has gone through the NSA minimization process.
The NSA, CIA, and FBI are permitted to query Section 702-acquired information by using various search terms. Each agency has their own restrictions on the searches which are based on their minimization procedures. Unfortunately, there is another thing called the “backdoor loophole.” Access to information can be obtained by using a US name as an identifier in a query although an address, telephone number, or email address can also be used. This allows these government agencies to obtain information on American citizens without first obtaining a warrant. Once the loophole was discovered, the CIA and NSA can use a US identifier only after attesting to a finding that such a query was “highly likely” to find foreign intelligence information. However, no such restrictions existed for the FBI.
For certain serious crimes, 702-derived information can be used in a criminal court against US citizens. For all other crimes, the 702 information can be used to derive other evidence that can be used in court. As is obvious, this is an end-around the Fourth Amendment. And to make matters worse, because the FBI was not restricted, contractors of the FBI- of which there are many- are also granted access to the 702 query option.
The post-9/11 surveillance state will be more closely examined in another part of this series.