Figuring Out FISA

FIGURING OUT FISA….I wish I could figure out what just happened over the weekend with those competing amendments to the FISA law, but it’s tough to get a handle on because — duh — a lot of the details are classified. There’s an awful lot of guesswork involved in trying to figure out what’s going on. But here goes anyway.

The background seems to be fairly simple. What we know — or think we know, anyway — is that a FISA judge had approved a certain type of surveillance and then, a short time ago, a new FISA judge rotated in to the court, took a fresh look, and ruled against it. Everybody’s best guess is that the ruling has something to do with monitoring communications in which one end is outside the United States and the other end is unknown.

Thirty years ago this problem didn’t exist. The old telephone network was circuit switched, which meant that if a terrorist in Kabul called a cell in Hamburg, the call would most likely be routed on a copper wire that ran roughly from Aghanistan to Germany. It was legal to monitor this call without a warrant, but the only place to do it was outside the country. We couldn’t have monitored it from inside the U.S. if we wanted to.

In a modern packet switched network things are different. When you send an email, it gets broken up into packets and tossed onto the internet, where each packet is routed to its destination. When all the packets arrive, they’re put back together and you can then read the message. The same is true for an increasing number of telephone calls.

But the packets don’t follow any specific path. They might go all around the world before ending up at their final destination. In particular, since the United States hosts a great deal of the world’s routing capacity, an email from Kabul to Hamburg might get routed through a U.S. switch. This gives U.S. intelligence services a capability they didn’t have in the past: they can eavesdrop on foreign communications by monitoring switches that are physically located within the United States.

Which is great except for one thing: it’s hard to say for sure exactly what the source or destination of a packet-switched communication is. Is Kabul communicating with Hamburg (OK to surveil without a warrant) or with New York (not OK)? An IP address is suggestive, but not conclusive. Orin Kerr provides the following hypothetical:

Imagine that the government has reason to believe that an Al-Qaeda cell uses a particular Internet service provider in Kabul and a particular type of software to communicate about a terrorist plot targeting the United States. In this case, the government has probable cause to believe that monitoring the ISP would uncover terrorist intelligence information. But how broad can the monitoring be? Can the government look at all of the traffic coming to or from that ISP in Kabul? Or can it only look at traffic to or from that ISP that uses that particular software? Or only some specific portion of the traffic from that ISP using that software?

More fundamentally, is NSA allowed to monitor traffic passing through U.S. switches at all without a warrant? Even though it doesn’t know for sure that all of it is taking place outside the U.S.? Can it monitor part of the traffic? None of the traffic? What algorithm is acceptable for providing a high likelihood that the monitored traffic is all outside the U.S.?

Now, this is a genuinely difficult question. Everyone agrees that it’s OK to monitor foreign traffic without a warrant, and everyone agrees that it’s not OK to monitor domestic traffic without a warrant. But what if, for technical reasons, it’s no longer possible to say with absolutely certainty where the traffic is going to? What if it’s not possible to monitor a specific person, but only a defined category of traffic?

This is the problem that the competing FISA amendments were apparently trying to resolve, and both the Democratic bill (which failed) and the White House bill (which passed) addressed it by allowing surveillance of persons who are “reasonably believed” to be outside the U.S. The FISA court would determine if NSA’s procedures are reasonable. Over at Obsidian Wings, Publius spells out the difference:

The Democratic bill…and this is critical…explicitly excluded (1) communications with a U.S. person inside the United States and (2) communications in which all participants are in the United States. Thus, the bill provided protections against domestic surveillance. For these types of calls, the government needed an old-fashioned warrant. (The Democratic bill’s carve-out provisions are in Sec. 105B(c)(1)(A).)

The White House bill (pdf) — soon to be law — took a much different approach. It just flatly withdrew all of this surveillance from the FISA regime. More specifically, the bill (Sec. 105A) states that any “surveillance directed at a person reasonably believed” to be outside the United States is completely exempt from FISA (i.e., it’s not considered “electronic surveillance”). [Marty] Lederman spells all this out very well and in more detail, but the upshot is virtually anything — including calls inside the United States or involving U.S. citizens — is fair game.

The White House bill not only fails to prohibit domestic surveillance, but opens a huge hole for just that purpose. It exempts from FISA scrutiny any communication that is “directed at” persons reasonably believed to be outside the U.S., and then leaves this phrase undefined and therefore wide open:

For surveillance to come within this exemption, there is no requirement that it be conducted outside the U.S.; no requirement that the person at whom it is “directed” be an agent of a foreign power or in any way connected to terrorism or other wrongdoing; and no requirement that the surveillance does not also encompass communications of U.S. persons. Indeed, if read literally, it would exclude from FISA any surveillance that is in some sense “directed” both at persons overseas and at persons in the U.S.

If this is right, it means that Democrats caved in on a simple provision meant to prohibit domestic surveillance without a warrant. Under the White House bill, the only oversight against abuse of the “directed at” clause is the Attorney General’s say-so, and the FISA court is required to accept the AG’s reasoning unless it’s “clearly erroneous.” This is about as toothless as oversight comes.

Democrats pretty clearly got steamrolled on this. Until Thursday they were negotiating productively with Director of National Intelligence Mike McConnell and had reached agreement on the bill’s language. Nobody was making a big deal out of it because things seemed to be going smoothly. Then, at the last second, the White House rejected the language its own DNI had accepted and suddenly all hell broke loose. Democrats weren’t ready for it, and with Congress about to adjourn and no backup strategy in place, they broke ranks and caved in. The only concession they got was a six-month sunset in the bill.

Was this the White House’s strategy all along? To lull Dems into a stupor and then hit them over the head at the last minute with brand new demands? Hard to say, but it sure looks deliberate. Democrats are going to have to learn to play in the big leagues if they want to keep up.