House Democrats and Republicans have reached a deal on a bill to reauthorize what the Intelligence Community (IC) and Trump Administration have characterized as essential surveillance authority under the Foreign Intelligence Surveillance Act (FISA) before they expire on March 15. The “USA FREEDOM Act Reauthorization of 2020” (H.R. 6172) was unveiled yesterday and reported out of the Rules Committee and could come to the floor today. I have not had time to delve into the substance of the bill, but media account portray this version as being substantially similar to the bill that was nearly marked up but with additional reforms to the FISA process to sweeten the bill for some Democrats and Republicans.
A few weeks ago, the two House committees of jurisdiction had reached agreement on a bill that would end the most controversial of the programs but an opponent of the deal was set to offer amendments during markup that would have likely sunk the bill. Moreover, at that time a privacy oversight body issued a long-awaited report on the most controversial of the authorities, finding it rife with problematic, even arguably illegal, conduct that produced little intelligence of value. However, given the agreement at the leadership level on a bill, it is likely opportunities for debate and amendment will be strictly controlled. And yet, at this point, it is unclear what the Senate will do ahead of the March 15 deadline.
Last year, the Trump Administration asked that Congress permanently extend these programs instead of reauthorizing them for a period of years as has been the custom since passage of the USA PATRIOT Act in 2001. In an August 2019 letter sent before he stepped down, former Director of National Intelligence Dan Coats asked the Senate and House Intelligence and Judiciary Committees for “the permanent reauthorization of the provisions of the USA FREEDOM Act of 2015 that are currently set to expire in December…[that] provide the IC with key national security authorities.” However, a number of stakeholders have balked at a permanent reauthorization of these programs, especially the call detail records program because the NSA has shut down the program. Nonetheless, the Administration is requesting those authorities in the event there is a need in the future.
The House Judiciary Committee set a February 26 markup of the bill that had been agreed upon with the House Intelligence Committee. The “USA FREEDOM Reauthorization Act of 2020” would end the call detail record (CDR) program the National Security Agency (NSA) has operated after former Intelligence Community contractor Edward Snowden exposed the more expansive bulk telephony metadata collection program. In response to these disclosures, Congress passed the “Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act of 2015” (aka the USA FREEDOM Act of 2015) (P.L. 114-23) that barred bulk collection programs like the NSA’s and instituted the more targeted CDR program described in the Committee Report:
if the government can demonstrate a reasonable, articulable suspicion that a specific selection term is associated with a foreign power or an agent of a foreign power engaged in international terrorism or activities in preparation therefor, the Foreign Intelligence Surveillance Court (FISC) may issue an order for the ongoing, daily production of call detail records held by telephone companies. The prospective collection of call detail records is limited to 180 days. The government may require the production of up to two ‘‘hops’’—i.e., the call detail records associated with the initial seed telephone number and call detail records (CDRs) associated with the CDRs identified in an initial ‘‘hop.’’
The “USA FREEDOM Reauthorization Act of 2020” would end the CDR program prospectively, meaning this authority could still be used retrospectively (i.e. past CDRs and investigations.) However, as the NSA has shuttered the CDR program, these provisions may amount to a de facto closure of the program. The bill would also require the agencies using FISA to obtain warrants for “tangible things” as opposed to FISA orders if a warrant would be required in a criminal investigation. Moreover, any evidence gathered through FISA electronic surveillance would need to be identified as such. The bill would place a deadline on the time within which the Director of National Intelligence must complete its declassification review and public any significant FISA decisions, orders, or opinions. This would need to happen within six months. The powers of FISA amici curiae would be strengthened to allow them to better fulfill their adversarial role. And, the roving wiretap, “lone wolf” provision, and the business records provisions would be extended until December 1, 2023.
According to media accounts, longtime critic of the FISA system, Representative Zoe Lofgren (D-CA), was dissatisfied with the bill, calling it “so pitiful that it is not even worth pursuing.” She added that “[w]e have the opportunity to reform the system…[and] [w]e should take that opportunity.” Reportedly, Lofgren was going to offer amendments changing the bill to require that an amici curiae be appointed to oppose every government application under FISA to surveil an American and to change the definition of business records to exclude cell phone location, web browsing data, and search history. Information on the other amendments was not made available. Nonetheless, given the disquiet many Republicans have for the FISA program because of surveillance of some associated with the Trump campaign, it is possible Lofgren’s amendments would have been adopted, disrupting the carefully negotiated compromise bill.
Lofgren was one of the bipartisan cosponsors of the “Safeguarding Americans’ Private Records Act of 2020” introduced in both chambers in late January. In their press release, the sponsors claimed “[t]he bill includes a host of reforms:
- It would permanently end the flawed phone surveillance program, which secretly scooped up Americans’ telephone records for years.
- It would close loopholes and prohibit secret interpretation of the law, like those that led to unconstitutional warrantless surveillance programs.
- It would prohibit warrantless collection of geolocation information by intelligence agencies.
- It would respond to issues raised by the Inspector General’s office by ensuring independent attorneys, known as amici, have access to all documents, records and proceedings of Foreign Intelligence Surveillance Court, to provide more oversight and transparency.
Notably, beyond revoking the authority for the NSA to restart the telephone collection program, the bill would also exclude from the definition of “tangible thing” in the Section 215 business records exception: Cell site location information, Global positioning system information, Internet website browsing information, and Internet search history information. The bill also contains language that would limit the use of Section 215 to only counterterrorism and foreign intelligence matters and limit the retention of any such material to three years unless it includes foreign intelligence. Moreover, the bill would increase the justification requirements the government must meet before a nondisclosure requirement (aka gag order) can be placed on a company subject to a Section 215 order. The bill also expands the role and powers of the lawyers (aka amici curiae) assigned to argue against FISA warrants and warrantless surveillance. The government would need to submit a report on the use of its roving wiretap authority, which is incidentally one of the expiring authorities. The bill would also set sunset dates for National Security Letter authorities, another means by which surveillance has been conducted by the U.S. government.
Two weeks ago, Attorney General William Barr met with Senate Republicans and made the case for an extension of the expiring FISA authorities with the Trump Administration committing to addressing concerns from the right about the FISA process turned up in the Department of Justice’s Office of the Inspector General’s report on the FISA surveillance of an advisor to the 2016 Trump campaign, Carter Page. It is expected Senate Majority Leader Mitch McConnell (R-KY) will push for a clean reauthorization as he has in the past during other reauthorizations of different FISA authorities. However, fellow Kentucky Senator, Republican Rand Paul claimed President Donald Trump does not want a clean extension and instead wants the program reformed, which, if accurate, would dovetail with his public statements and tweets about what he sees as abusive investigations into his 2016 presidential campaign.
There are other Republicans who support reforming the FISA program. House Judiciary Committee Ranking Member Doug Collins (R-GA) issued a statement after the “USA FREEDOM Act of 2020” was introduced:
- Democrats are completely ignoring the serious abuse committed against President Trump’s campaign in 2016, regardless of the fact that Inspector General Horowitz’s report confirmed that our intelligence community committed an unforgivable offense when the FBI abused its power to unlawfully spy on Carter Page. There must be accountability for those who committed these offenses and Mr. Nadler’s bill fails to impose any penalty on wrongdoers.
- In order to restore the American people’s faith in our premier law enforcement agency, we must reform FISA to ensure our intelligence community and FBI are deterred from ever wielding their significant power to spy on American citizens. Any FISA reform bill that moves forward must protect American citizens—including future presidents and presidential campaigns—from unlawful spying. Democrats’ bill fails to accomplish this goal, and in fact, makes it more difficult to conduct legitimate surveillance against terrorist targets. The American people deserve better.
Also in late February, the Privacy and Civil Liberties Oversight Board (PCLOB or Board) released its “Report on the Government’s Use of the Call Detail Records Program Under the USA Freedom Act“ that noted that in only two instances did the CDR program turn up intelligence that was unique and valuable despite having collected over 434 million CDRs in 2018. Opponents of the program have seized on the PCLOB’s review to further argue for closing down the CDR program even though the Board did not find any willful violations of the USA FREEDOM Act, the latter point being likely to be used by proponents of the program.
PCLOB noted that “[i]n 2018, the government obtained a relatively low number of FISA court orders—14—and collected a large number of CDRs—more than 434 million, including an unknown number of duplicates, involving 19 million phone numbers.” The Board stated that “USA Freedom Act CDRs were cited in 15 intelligence reports over the program’s four-year operation…[and] [o]f the 15 reports citing USA Freedom Act CDRs, FBI received unique information from two of the intelligence reports.” PCLOB added that “[b]ased on one report, FBI vetted an individual, but, after vetting, determined that no further action was warranted…[and] [t]he second report provided unique information about a telephone number, previously known to US authorities, which led to the opening of a foreign intelligence investigation.”
- The program experienced a series of compliance incidents and data-integrity problems, which led NSA to issue about a dozen notices to the FISA court since 2016. After repeatedly discovering anomalies in the data it received, NSA suspended the collection of CDRs in early 2019. NSA subsequently deleted all CDRs collected under the USA Freedom Act.
- Some of the compliance incidents were of types that could have arisen in other intelligence or equivalent law enforcement collection authorities. These include incidents involving information inadvertently omitted from a FISA court application, certain NSA officers who had access to data without required training, and a provider’s production of data beyond the end date of an order.
- Other incidents raise questions unique to the contours of the USA Freedom Act. Beginning in 2016, NSA identified a series of data-integrity problems related to [redacted] and other data errors. In most of these cases, NSA systems unknowingly relied on inaccurate first-hop data to determine which second-hop requests to issue.
- Additional compliance incidents arose from other data errors, such as overwriting of data fields with incorrect or unrelated data.
PCLOB asserted that “[t]hese problems, taken together, contributed to NSA’s decision to delete the USA Freedom Act CDR data in 2018 and again in 2019, and its decision to eventually suspend the program…[and] [b]ased on a review of the facts, the Board determined that the compliance incidents were inadvertent, not willful.” PCLOB stated that “NSA took steps to remedy each compliance incident, including notifying appropriate oversight entities, imposing additional limits on data requests, and deleting erroneously obtained data…[and] [i]n response to each compliance incident that raised questions about the scope of permitted collection under the statute, NSA chose to follow a narrower, rather than a more expansive, understanding of its authority under the USA Freedom Act.”