Written Briefs

briefcase-featured-image

The FBI Should Require a Search Warrant

leaf Elizabeth Goitein

Section 702 of the Foreign Intelligence Surveillance Act authorizes warrantless surveillance and therefore may only be targeted at foreigners outside the United States. Over the past 15 years, however, it has become a rich source of warrantless access to Americans’ communications and a powerful domestic spying tool. Congress should put an end to this misuse of the law by requiring the FBI to obtain a warrant or FISA Title I order before searching data obtained under Section 702 for Americans’ communications. [1]

Section 702 was enacted after 9/11 to give the government greater powers to monitor suspected foreign terrorists. It authorizes the government to target almost any foreign person or entity abroad and collect their communications without obtaining any individualized court order. The Foreign Intelligence Surveillance Court (“FISA Court”) approves general procedures for the surveillance, but it has no role in approving individual targets. There are nearly a quarter of a million targets under Section 702.

Although the targets of surveillance must be foreigners abroad, Americans communicate with foreigners, and so the surveillance inevitably sweeps in enormous volumes of Americans’ communications. The government refers to this collection as “incidental.” Were it otherwise—i.e., if the government intended to eavesdrop on these Americans—the government would have to obtain either a warrant (in a criminal investigation) or a FISA Title I order (in a foreign intelligence investigation; such orders are issued by the FISA Court if the government can show probable cause that the American is an agent of a foreign power).

To prevent the government from using Section 702 as an end-run around these constitutional and statutory requirements, Congress required the government to (1) “minimize” the retention and use of this “incidentally” acquired information, and (2) certify annually that it is not using Section 702 to access the communications of particular, known Americans (which would constitute “reverse targeting”).

Despite these protections, the FBI routinely combs through Section 702 data for the express purpose of finding and reviewing Americans’ phone calls, text messages, and emails. In other words, having obtained the data without a warrant by certifying that its intent is not to access the communications of particular, known Americans, the government—once the data is in its hands—regularly runs searches for the communications of particular, known Americans. As I have noted many times, this is a bait and switch that drives a massive hole through the Fourth Amendment. In 2022 alone, the FBI conducted more than 200,000 of these “backdoor searches” (as they are commonly known). [2]

In most cases, the only substantive restriction on these searches is a FISA Court-approved rule that each search must be “reasonably likely” to return foreign intelligence or evidence of a crime. That’s an extremely low bar, and yet, according to the FISA Court, the FBI has engaged in “persistent and widespread violations” of this rule. These violations have included alarming abuses, such as searches for the communications of 141 Black Lives Matter protesters, more than 19,000 donors to a congressional campaign, two members of Congress, and multiple U.S. government officials, journalists, and political commentators, among many others.

After these abuses came to light, the FBI made several changes to its internal procedures in an attempt to bring the bureau into compliance. But those changes proved insufficient. Since their implementation, the government has continued to report FBI violations at a rate of approximately 4,000 per year. And these violations continue to include shocking abuses, such as searches for the communications of a U.S. senator, a state senator, and a state court judge who contacted the FBI to report civil rights violations by a local police chief.

The constitutionality of backdoor searches is unsettled. The FISA Court, which is notoriously deferential to the government, has upheld them, and four district courts have followed the FISA Court’s lead. But the only federal appellate court to squarely address the issue rejected the government’s argument that the warrantless searches are lawful because the information was lawfully collected. A unanimous panel of the Second Circuit noted that, under prevailing case law, “lawful collection alone is not always enough to justify a future search.” The panel held that backdoor searches require a separate Fourth Amendment analysis, and it remanded the case to the district court to perform that analysis. That case is still pending.

Regardless of what the courts ultimately hold, however, Congress has the right and responsibility to protect Americans’ privacy. It should do so by requiring the FBI to obtain a warrant or FISA Title I order before accessing Americans’ communications obtained under Section 702. This notion is neither new nor radical. In 2013, a panel of experts appointed by President Obama—including former acting CIA director Michael Morrell and President George W. Bush’s chief counterterrorism advisor, Richard A. Clarke—unanimously recommended this measure. The House has twice passed such a requirement. And it is the primary reform in the Protect Liberty and End Warrantless Surveillance Act, which passed through the House Judiciary Committee in December by a remarkable bipartisan vote of 35-2.

Requiring a warrant to access Americans’ communications would leave untouched the core of Section 702: the ability to monitor foreign threats. That is where the value of this program overwhelmingly lies. The administration has made a strong case that the collection and review of foreigners’ communications is a critical national security tool. By contrast, according to the Privacy and Civil Liberties Oversight Board, the administration has provided scant evidence of the value of warrantless backdoor searches. It has cited only a handful of cases in which such searches were useful—mostly for the purpose of identifying potential victims of malign foreign activities. In these cases, as the PCLOB chair noted, the government could have obtained the potential victim’s consent or cited exigent circumstances. “Consent” and “exigent circumstances” are among the exceptions to the Fourth Amendment’s warrant requirement that are expressly incorporated into Protect Liberty and End Warrantless Surveillance Act.

In short, requiring the FBI to obtain a warrant or FISA Title I order for backdoor searches is the only way to end documented abuses and vindicate Americans’ constitutional rights while protecting national security.

Footnotes

1 - I also believe the warrant requirement should apply to other agencies that receive and search Section 702 data, but that goes beyond the scope of this argument.

2 - The Office of the Director of National Intelligence has also provided a “de-duplicated” figure of 119,383, which represents the number of unique identifiers used in the searches. The lower number, however, would exclude instances of the same American being subject to multiple searches — e.g., if a person’s communications are searched by different FBI personnel for independent reasons, or on multiple occasions over the course of an investigation to find any new communications — even though each query would represent a distinct privacy intrusion.

Read more

The FBI Should Not Require a Search Warrant

leaf Glenn Gerstell

Requiring the Federal Bureau of Investigation to get a court order before it looks at its own legally acquired information is not just unnecessary, but also and more importantly, dangerous to our national security.

The Facts

Under Section 702 of the Foreign Intelligence Surveillance Act, about 3% of the surveillance targets – approximately 7,900 foreigners [1] and no Americans – were relevant to what the FBI calls a “fully predicated national security investigation” (basically the most serious type of formal investigation). The emails and other communications of only those targets were sent to the FBI for inclusion in its Section 702 computer database. [2] If it has a “specific factual basis” to believe an American individual or entity is the victim or otherwise related to that national security investigation, the FBI can search or “query” that database for that American’s name, email or other identifying information. [3]

Critics have labeled this querying “warrantless surveillance” – but that wrongly insinuates that a warrant might otherwise be legally required. Moreover, querying is not surveillance [4] -- no new communication is being acquired by the government; no behavior is being newly monitored; the government is simply looking at something it lawfully obtained and put in its files. Another myth is that Section 702 allows the FBI to scour vast troves of Americans’ emails to their loved ones, their medical providers, or their religious advisers. [5] None of this is true.

No Court Has Ever Said A Warrant Is Required

Every court to have expressly ruled on whether a warrant is needed for the FBI to query its 702 database for Americans’ information has said there is no such requirement. There is a clear judicial consensus on the point. Indeed, the court most familiar with the specialized nature of these queries, the Foreign Intelligence Surveillance Court (FISC), explicitly rejected any such requirement in separate reviews in 2015, 2018, 2022 and 2023. After noting that two federal district courts had similarly declined to impose a warrant requirement, one Court of Appeals reexamined this issue and stated that the act of querying should entail a separate Fourth Amendment analysis that might trigger a warrant requirement in some situations. But recognizing it did not have enough facts, it declined to rule on the question.[6] Tellingly, the last two reviews of the issue by the FISC afforded it the opportunity to explicitly consider the Court of Appeals discussion, and after reviewing amicus briefs on the very point, it declined both times to follow the Court of Appeals’ analysis.

Requiring a Warrant Requirement Won’t Advance Americans’ Privacy

Americans’ privacy is not being invaded in any meaningful way by FBI queries, even without a warrant. The only emails and communications of an American that are ever included in the FBI’s 702 database are those directly to or from a foreign national security targets. While the number of Americans in contact with ISIS recruiters, Chinese spies or other foreign national security targets under Section 702 is unknown, it must surely be a miniscule fraction of the population.

Recognizing that a warrant is not legally required but still seeking some compromise, a split Privacy and Civil Liberties Oversight Board proposed that after the FBI determined there was a hit in the 702 database, it should obtain a FISC order based on a showing of likely foreign intelligence information (the current standard) before it could access the content. That is mostly privacy theater: A FISC judge is highly unlikely to disbelieve an affidavit that on its face asserts that a query is reasonably likely to retrieve foreign intelligence information.

Yet a more dangerous problem would be created if a new, higher standard for queries was imposed, such as probable cause to believe that the American is an agent of a foreign power or that evidence of a crime will be revealed. That would indeed have the effect of shielding many emails from the FBI, since an agent would rarely be able to establish probable cause at the early stages of an investigation – exactly the point at which the 702 database is used, to find initial connections. But the Bureau would miss opportunities to uncover Americans who might be the victims or targets of foreign espionage or blackmail efforts, or Americans who are engaging with overseas narco-terrorists, for example.

Requiring a Warrant Requirement Won’t Advance Americans’ Privacy

Section 702 has proven vital to defending American companies and individuals from foreign cyberattacks; apparently about half of all FBI queries are cyber-related. A warrant requirement would be devastating to those efforts. In an ongoing cyberattack, queries must often be run within hours, and would rarely reveal the content of Americans’ emails or other communications. Yet requiring a warrant, which would take days to obtain, would render tardy queries useless, and advance no privacy interest at all, since no personal communications content would be involved. The most likely beneficiary of any warrant requirement: a foreign ransomware gang.

Warrant Requirement Will Endanger National Security andTurn Back the Clock on Counterterrorism Efforts

Imposing a requirement to obtain a warrant in the preliminary stages of an investigation -- precisely when the 702 database is most useful [7] – is contrary to the fundamental recommendations of national commissions on 9/11 and Ft. Hood terrorist attacks, which urged federal authorities to quickly “connect the dots” by looking at all information in the hands of the government.

The logistics and volume of requiring a warrant would be a major impediment to that objective. Preparation of an affidavit, internal review, judicial consideration and final issuance of a warrant would consume critical resources and take days or weeks, and might not even be possible if probable cause needed to be established.

A Better Solution Is Available

To ensure that past abuses in FBI querying are not repeated, Congress is now considering a combination of increased oversight, stricter approvals, more audits, restrictions on the number of personnel who conduct queries, and greater training. A thoughtful and tailored approach will provide better safeguards for cybersecurity and national security and Americans’ privacy.

It makes no sense to hobble the universally recognized effectiveness of the Section 702 program with a gratuitous warrant requirement, which will trivially affect the privacy of a tiny group of Americans but endanger the security of all Americans.

Footnotes

1 - For the 12-month period ended February 2023, the most recent such period publicly available

2 - I also believe there should be no warrant requirement for the other agencies that receive and search Section 702 data, but that goes beyond the scope of this argument.

3 - Congress is likely, in one form or another, to eliminate the FBI’s ability to search the database for evidence solely of domestic crimes. This is almost never done anyway, but it makes sense to preclude this type of query, given the foreign intelligence rationale for Section 702

4 - An often-quoted advocate for a warrant requirement claimed that “Section 702 has become a go-to domestic spying tool for the FBI.”

5 - Three members of the Privacy and Civil Liberties Oversight Board ominously noted that “Americans’ communications captured through surveillance can include discussions of political and religious views, personal financial information, mental and physical health information, and other sensitive data.” Undeniably true, but misleading. It would seem unlikely that such sensitive information would be communicated by Americans to foreign national security targets. And if such information was communicated to foreign adversaries, overseas terrorists, international cybercriminals and the like, there arguably is a heightened national security rationale to learn more about such connections, which should outweigh individual privacy concerns in balancing interests to meet the reasonableness test of the Fourth Amendment.

The court stated: “What kinds of querying, subject to what limitations, under what procedures, are reasonable within the meaning of the Fourth Amendment, and when (if ever) such querying of one or more databases, maintained by an agency of the United States for information about a United States person, might require a warrant, are difficult and sensitive questions. We do not purport to answer them here, or even to canvass all of the considerations that may prove relevant or the various types of querying that may raise distinct problems.” US v. Hasbajrami, 945 F.3d 641 at 672-673 (2019) (emphasis added).

The President’s Intelligence Advisory Board recently noted that “U.S. person queries are necessary in order to identify foreign threats to the homeland….A U.S. person query serves as a preliminary exploratory tool to retrieve the most basic data needed to determine whether there is either a threat to a U.S. person or the nefarious involvement of a U.S. person.”

Read more

Oral Arguments

Amicus Briefs

Don't Rebuild the Surveillance Wall Taken Down After 9/11

Both parties agree that surveillance targeting of foreigners outside the U.S. does not require a warrant under the Fourth Amendment and if the government seeks to target an American, it must obtain a Title III warrant or a FISA court order. Indeed, Congress has authorized such collection three times with bipartisan majorities over the last 15 years.

When it comes to searching this database of lawfully collected data using American identifiers, both parties also agree that not a single federal court has ever held that the Fourth Amendment requires a warrant.

Thus, the only question is whether Congress should nonetheless require the FBI to go a federal judge to get a warrant when it searches data already lawfully in its files.

Doing so would be a huge mistake, slowing down time-sensitive investigations of spies and terrorists and essentially recreating the very wall between criminal investigations and foreign intelligence torn down after the 9/11 attacks that killed nearly 3,000 Americans.

The FBI’s Office of Inspector General report on 9/11 reminds us that prior to 911, it was the legal and policy “wall” between the criminal and intelligence sides of the FBI, and misunderstandings about the wall, that led FBI and CIA officers to fail to share information about two known terrorists, Khalid Mihdhar and Nawaf al Hazmi, who entered the U.S. well before 9/11, lived here under their true names, and eventually conducted those deadly terrorist attacks.

Given the limited number of Americans whose information is likely to be found in the small collection of 702 data provided to the FBI, and notwithstanding the number of searches conducted— notably not the number of times actual data on Americans was found—it would be a mistake to rebuild the wall by imposing a warrant requirement not mandated by the Constitution.

Prof. Jamil Jaffer is the Director of of the National Security Law & Policy Program at Antonin Scalia Law School at George Mason University and the Founder of the National Security Institute. 

Read more
Jamil Jaffer
avatar

The cost of imposing a warrant requirement on searches of the 702 database is clear and devastating. The benefit is hypothetical at best.

Warrants for such searches aren’t required by law. So a warrant requirement has value only if the courts would do a better job of policing access to 702 data than the many internal controls already imposed on FBI agents. At first glance, this seems obvious; FISA judges have a reputation for being more independent and more careful than FBI agents in protecting privacy.

But it is by no means clear that FISA judges would perform as well if Congress required them to review hundreds or thousands of additional 702 search applications. There are only a handful of FISA judges, and massively expanding their workload will inevitably turn warrant reviews into a routine, even cursory, task.

In contrast, once all of its proposed internal safeguards are adopted, the FBI is likely to do a better job of reviewing 702 searches, both because it has far more resources to validate requests and because it can effectively discipline agents who don’t take privacy seriously. Under current and proposed FBI rules, agents who improperly access 702 data run the risk of losing access to that data, or losing their jobs, or even in egregious cases being indicted.

None of those penalties will fall on FISA judges who do a poor job of reviewing 702 searches. History suggests that they won’t even face reputational harm. In 2016 and 2017, FISA judges approved four separate FISA applications to wiretap Carter Page without questioning the applications’ shoddy and even fraudulent evidentiary foundation. Those judges did not show the care or independence that many advocates of a warrant requirement seem to expect from judicial review, but none has been penalized, or even criticized, for their errors. Such errors will only increase if thousands of 702 searches are added to the courts’ workload.

Americans will pay for the warrant requirement by experiencing more terrorism, more foreign interference, more drug deaths, and less cybersecurity. In exchange, they should get more than an uncertain promise that judges might add a little value to the review of 702 searches.

Stewart Baker is a Partner at Steptoe & Johnson LLP and is a former General Counsel of the National Security Agency.

Read more
Stewart Baker
avatar

Requiring a warrant for US person queries is the key safeguard needed for Section 702. Warrantless queries have been repeatedly abused, including to snoop on protesters, political donors, journalists, lawmakers, and even a government analyst’s online dating matches. These problems are persistent — in the most recently reported year, the FBI conducted an estimated four thousand improper queries, an average of over 10 every day — proving self-policing in insufficient and independent oversight is needed.

A warrant rule is not just critical for privacy, it’s also operationally feasible: According to the Privacy and Civil Liberties Oversight Board, most value from US person queries comes from “defensive” searches related to victims, which could be easily streamlined using a standard consent exception to warrant requirements. Legislation requiring warrants for US person queries has been carefully designed with exceptions not just for consent, but also for emergencies and searches focused on malware. And the warrant rule wouldn’t apply to metadata, which can yield valuable information such as web traffic that provides crucial information related to cyberattacks. While the government has repeatedly lauded the value Section 702 provides, it’s offered shockingly few examples of US person queries proving useful, and no evidence where a warrant rule (with these sensible exceptions) would have proven an insurmountable obstacle.

The bottom line is a warrant rule won’t stop US person queries needed to keep America safe - it will stop abusive queries and improper spying that are incompatible with our democracy.

Jake Laperruque is Deputy Director of CDT's Security and Surveillance Project

 

Read more
Jake Laperruque
avatar
×

Note from the Editor: The Federalist Society takes no positions on particular legal and public policy matters. Any expressions of opinion are those of the author. To join the debate, please email us at [email protected].