Another day, another FISA Court opinion approving a program that sweeps up millions of Americans’ communications, despite finding that the FBI has failed to comply with the rules meant to protect Americans’ privacy. 1/25 intel.gov/assets/documen…
To refresh your recollection, here’s my Tweet thread on the last FISC opinion (issued Dec. 2019) approving Section 702 surveillance in the face of widespread violations of privacy rules by the FBI and NSA:
https://twitter.com/lizagoitein/status/1301970798190751745?lang=en2/25
Basically, the 2019 opinion chided the government for its violations, but the court approved the surveillance on the condition that the government implement new training and record-keeping requirements…3/25
…which would somehow lead to compliance with the rules this time, even though the government has been violating these rules—and promising to end the violations through better training and oversight—for years. 4/25
Since that last opinion, more information has emerged about FBI violations in 2019 and early 2020. Let’s start with the part of the newly released November 2020 opinion addressing the FBI’s ongoing violation of the statute itself. 5/25
Since Jan. 2018, the law has required FBI agents to get a court order before reviewing Section 702 data about Americans in certain cases. A year ago, the government quietly reported that this requirement was triggered in a handful of cases, yet no court order was obtained. 6/25
But the govt’s report vastly understated the extent of the problem. The newly released FISC opinion reports that one oversight review unearthed 40 queries, in cases ranging from health-care fraud to transnational organized crime, in which the FBI broke the law… 7/25
…and concludes, after naming several other examples, that “similar violations of” the court-order requirement “have likely occurred across the Bureau.” In fact, according to the court, the FBI has *never* complied with this statutory obligation. 8/25
Even in cases where no court order is required to access Americans’ communications, the FBI continued to violate the minimal requirement, contained in FISC-approved procedures, that its queries be designed to return foreign intelligence or evidence of a crime. 9/25
We already knew this was happening. But the November 2020 opinion cites several additional “compliance incidents” suggesting that “the FBI’s failure to properly apply its querying standard . . . was more pervasive than was previously believed.” 10/25
Some examples: FBI agents scoured databases for the communications of people who came to the FBI to perform repairs; victims who reported crimes; and business, religious, and community leaders applying to participate in the FBI’s “Citizens Academy.” 11/25
Then there are “batch queries.” We learned in 2019 that the government was performing searches of large groups of people based on the theory that at least some of those queries would prove justified. As the FISC pointed out, this violated the FBI’s own rules… 12/25
… under which each individual query must meet be designed to retrieve foreign intelligence or evidence of a crime. To help promote compliance with this rule, the court ordered the FBI to document the justifications for its US person queries. 13/25
It turns out that the “bulk search” feature used by at least one FBI system did not require any such documentation. According to the FISC, this “system failure went undetected or unreported for nearly a year” before it was fixed. 14/25
The court observed: “The failure to require a written justification for a bulk query involving a U.S.-person query term is particularly concerning given the indiscriminate nature of such queries.” 15/25
The court’s November 2020 opinion describes several other non-compliance issues, but I won’t go into all of them here, because that’s not really the point. The point is what the court did after outlining all of these violations. 16/25
The FISC can only approve Section 702 surveillance if the privacy protections are adequate as written *and* as implemented. Compliance with these procedures, as the court has held, is key to the constitutionality of the entire program. 17/25
Given the widespread violations described by the FISC, one would think the FBI would have to show that the violations had stopped before the court could give its approval. 18/25
Here, though, the court noted that covid had prevented the oversight necessary to determine whether the new training and record-keeping requirements implemented by the FBI in late 2019 and early 2020 had made any difference. 19/25
As the court stated, “While the Court is concerned about the apparent widespread violations of the querying standard… it lacks sufficient information at the time to assess the adequacy of the FBI system changes and training, post-implementation.” 20/25
Lacking evidence to show whether the persistent violations had ended, the court was unable to find that the program complied with the law. Just kidding! The court held that, “in the absence of evidence to the contrary,” it would assume that everything was going fine now. 21/25
Under the best of circumstances, that seems like the wrong default when Americans’ constitutional rights are at stake. Under the circumstances here—namely, a 12-year pattern of governmental non-compliance—the court’s “no news is good news” approach is inexplicable. 22/25
Yes, covid has presented major obstacles to oversight. But that’s hardly a justification for assuming that all is well. To state the obvious, absence of oversight doesn’t generally foster improvements in agencies’ behavior. 23/25
The FISC treated it as an excuse for getting to "yes." And so the cycle continues. Oversight requirements are imposed… the oversight reveals widespread violations… the court responds by imposing more oversight requirements… which reveal more widespread violations… 24/25
…and while all of this is going on, the court continues to approve the program. Well, at least one thing has remained predictable during these uncertain times. See you all back here next year. 25/25
• • •
Missing some Tweet in this thread? You can try to
force a refresh
