One aspect of the newly-passed FISA law that deserves a bit of extra scrutiny is the amount of pressure it puts on “minimization procedures,” one of the few points of contact between the surveillance program and the FISA court. This is arguably part of a drift we’ve already seen a fair amount of in foreig intel surveillance.
With traditional wiretapping, most of the protection of civil liberties is done up front: Law enforcement marshalls its evidence, shows that there’s probable cause to suspect a particular person or group, shows that there’s reason to expect that they will be using a particular communications facility, shows that the information sought can’t be obtained by ordinary investigative methods, and gets a judge to sign off in advance. For intel surveillance, even under traditional FISA warrants, the rules have always been a little different: You’d get a broader up-front collection mandate, with the understanding that you were probably going to collect a lot of irrelevant information, and then “minimize” that information after the fact, when you had chance to sort it out and figure out what was important and what wasn’t. And there are good reasons for this: Spies and terrorists often speak in coded language, or just in other languages that can’t be immediately translated.
Still, given that surveillance under the new FISA bill shift almost the whole burden of civil liberties protection to post hoc minimization, it’s worth considering exactly what that means.
Minimization takes place in three stages: Acquisition (filtering what’s kept right at the moment of interception), Retention (what’s saved and what’s discarded—or, as we’ll see, “discarded”), and Dissemination. Acquisition is allowed to be pretty broad. At the “retention” stage, the rules are similarly loose. A recent FISC opinion describes the applicable standard:
The most critical step in retention is the analysis in which an informed judgment is made as to whether or not the communications or other data seized is foreign intelligence information. To guide FBI personnel in this deterinination the Standard Minimization Procedures for U.S. Person Agent of a Foreign Power in Section 3.(a)(4) Acquisition/Intereeption/Monitoring and Logging provide that “communications of or concerning United States persons that could not be foreign intelligence information or are not evidence of a crime . . . may not be logged or summarized.” (emphasis added). Minimization is required only if the information “could not be” foreign intelligence. Thus, it is obvious that the standard for retention of FISA-acquired information is weighted heavily in favor of the government.
Given the assumption that intelligence targets do not just openly say things like: “So, the bombing is on for next Tuesday, right?” there is probably not a whole lot that could not be foreign intelligence information—and even here, evidence of a crime can be retained whether or not it its related to foreign intelligence.
Even here, though, “retention” does not mean what you probably think it means. Apparently, at least as recently as a few years ago, intercepted information was considered “retained” if it was logged and indexed for easy retrieval. It could be considered “minimized” if not logged, even if a raw recording or copy of the intercept was kept. Bear in mind that while, at the time of FISA’s passage, it was probably true that failure to log a recording rendered it inacessible for practical purposes, the NSA and other agencies have extremely sophisticated search software for both text and audio. A table of contents is less important if you can Google.
David Kris and Doug Wilson, in their absolutely invaluable book National Security Investigations and Prosecutions discuss a 2003 case, U.S. v. Sattar. In that case, they write, over the course of extended FISA surveillance of a group of targets, “approximately 5,175 pertinent voice calls .. were not minimized.” But when it came time for the discovery phase of a criminal trial against those targets, the FBI “retrieved and disclosed to the defendants over 85,000 audio files … obtained through FISA surveilance.” That is, though these communications were “minimized,” when faced with the legal duty to cough up what they had, the FBI was still able to pull up the full records. Let me boldface this part, because it’s pretty important: Just because a communication has been “minimized” doesn’t mean it’s not being kept.
At the dissemination stage, agencies are supposed to redact identifying information of U.S. persons except when necessary to make sense of foreign intelligence information or when it constitutes evidence of a crime. One potential issue here is that given the government’s broad and continuing data mining, there’s at least a reasonable question to be raised as to whether the likely identity of one party to a communication could be pinpointed without enormous effort if the agency receiving a redacted transcript has access to those capabilities.
Now, minimization is great, and as I say above, there are solid reasons why intelligence surveillance probably needs to shift some oversight and checks from the front-end to the back-end, relative to Title III criminal wiretapping. But it is not a substitute for front-end oversight, and certainly not if we now have the capacity to do truly mass-scale acquisition and filtering.