I've been puzzling over something since the temporary FISA amendment passed in August. The Administration has claimed they needed on easy fix: to allow NSA to wiretap electronic communication that starts and finishes on foreign soil, whether or not that communication passes through the US between sender and recipient. Yet both times when Congress sets about providing that easy fix to FISA, the Administration demands much more. I believe those demands reveal what this FISA amendment is really about, and I believe this bill will legalize the Total Information Awareness program (or something like it) that the Administration had to scrap because Americans hated the idea. In other words, the battle happening in Thursday's Senate Judiciary Committee mark-up of the bill is about massive data mining--it's not primarily about discrete taps of individuals' phones.
There are two demands on which the Administration has refused to budge:
- Basket warrants
I'm going to do a three-part series, looking first at each of these issues on which the Administration is intransigent, then explaining why I think this means they're trying to authorize a massive data mining program.
Minimization is the word for the procedures the government uses to remove and (eventually) delete any data from US persons collected incidentally in the course of surveilling someone overseas. If we could be guaranteed that minimization procedures are sound, then the whole debate over wiretapping would be easier because we could rest assured that if the NSA picked up anything on a US person it didn't have a warrant for, it had to destroy it. That would mean that Americans could trust that they would only be wiretapped with a warrant approved (eventually, anyway) by a judge.
But we don't have a guarantee that minimization procedures are sound. On the contrary, we've got an administration that absolutely refuses to pass a FISA amendment with such guaranteed minimization procedures. Back when Mike McConnell was blabbing about the FISA program, he revealed that the Administration's biggest complaint with the Democratic bills amending FISA was the language on minimization. The Democratic Senate bill required the Administration to tell Congress' Intelligence Committees if it failed to meet its own stated procedures on minimization. The Democratic House bill allowed (but did not require) the FISC to review the actual surveillance to ascertain whether the government had met its own standards for minimization.
Apparently, those two weak forms of minimization oversight were too much for the Administration, which withdrew its support for the Senate bill and instead supported a bill that didn't even require the Administration to reveal what its minimization procedures were, much less require the FISC to review compliance with those procedures.
The bill passed by the Senate Intelligence Committee is better than the temporary FISA amendment. It requires the government to tell the FISC and Congress what its minimization requirements are:
The Court shall review minimization procedures required by subsection (f) to assess whether such procedures meet the definition of minimization procedures under the definition of 101(h).
And it requires the Director of National Intelligence and the Attorney General to provide bi-annual reports to Congress and the FISC that include an assessment of whether the government is fulfilling its minimization procedures.
Not less frequently than once every 6 months, the Attorney General and the Director of National Intelligence shall assess compliance with the targeting and minimization procedures required by subsections (e) and (f) and shall submit each assessment to:
(1) the Foreign Intelligence Surveillance Court; and
(2) the congressional intelligence committees.
The Inspector Generals of agencies conducting surveillance under this law,
are authorized to review the compliance of their agency or element with the targeting and minimization procedures required by subsections (e) and (f);
But note: they are not required to review this compliance--they are simply authorized to do so. Nor are the DNI and AG required to integrate such IG reviews into their own reports to Congress.
In other words, the executive branch conducts the only review of whether the executive branch is complying with its minimization procedures. There is no court or Congressional review of whether the government is adequately isolating and protecting the information of US persons.
This is a problem that Sheldon Whitehouse is troubled by--and one he's trying to change.
In protecting the privacy of Americans while conducting surveillance, the critical element is judicial oversight. In the August law, the FISC was authorized only to review the Government’s determination that its surveillance targets persons ―reasonably believed to be outside the United States – and to intervene only if the Government’s determination is ―clearly erroneous. In contrast, under this bill, the FISC will need to approve both the ―targeting determination and the ―minimization procedures that are designed to protect U.S. citizens in America whose communications are intercepted incidentally. This bill also rejects the unduly permissive standard of review that the August law had imposed.
While these changes are positive and significant, there remains important work to be done to improve the bill. The FISC should not be required to approve the minimization procedures for warrantless surveillance of Americans and then forced to ignore their implementation. I have drafted and introduced an amendment that would clarify that the FISC has the same powers to review the Government’s compliance with minimization procedures for warrantless surveillance as it does with the minimization procedures used pursuant to traditional FISA warrants. This change is not yet a part of the bill, but I will continue to press for the Court’s clear authority to check on the implementation of these minimization procedures. U.S. citizens whose communications are incidentally intercepted should enjoy a two-stage protection: the minimization procedures themselves, and the salutary prospect of judicial review of compliance. Engaging more than one branch of government is a traditional protection in our American system of government. [my emphasis]
But when Orrin Hatch discussed Whitehouse's proposed amendment with Ken Wainstein in the most recent Senate Judiciary hearing on the FISA amendment, Wainstein provided a reason why the government does not want FISC to review compliance with minimization requirements that is nothing short of wacky:
Hatch: FISC, minmization, wouldn’t this make FISC in the position of where it’s making intelligence analysis.
KW It would put FISC where’s it’s being operational. It would be a tall order for FISC to assess compliance.
Look carefully at that exchange: Hatch (who not doubt was prepped for this question by the Administration) suggests that if the Court reviews compliance with minimization procedures, it will put "FISC in the position where it's making intelligence analysis." And Wainstein corrects Hatch and says FISC would be put in an "operational" role. WTF do either one of these statements mean? Why would a simple review of compliance with procedures put a court in either an analytical or an operational role?
At a minimum, I suspect, the claim that FISC would be in an analytical or operational role if it reviewed the government's compliance with its own minimization procedures means that it is not very easy to review compliance with these procedures. Indeed, the language suggests any review of compliance with minimization procedures would itself require a great deal of data analysis.
So one possible reason the Administration refuses to allow real oversight of its minimization procedures is that such a review would itself require complex data analysis. There may well be another reason--the government may know that its minimization procedures aren't going to work, and so they don't want anyone getting too close. In any case, the reason the Administration is squeamish on minimization procedures because they're just not going to work with the program it intends to authorize.