Mr. Weissmann, you were the General Counsel of the Federal Bureau of Investigation (FBI) from 2011 until October 2013. Did your legal work at the FBI change after the Snowden leak, and if so, what was the main difference?
From a legal perspective, there was a series of issues. First of all, there has been quite a lot of litigation: Internet providers have initiated litigation in the Foreign Intelligence Surveillance Act (FISA) court – a special US court dealing with secret investigations – because they wanted to disclose more information about government requests for access to personal data. Then there is ongoing litigation challenging the surveillance of telephone metadata and of foreign electronic communications under sections 215 and 702 FISA. And of course there have been requests under the Freedom of Information Act (FOIA) and congressional hearings in which FBI personnel participated. Finally, there has been some declassification of materials that needn’t be kept secret anymore after the leaks. There’s now a website of the Director of National Intelligence where declassified documents are published, such as decisions of the FISA court on procedures and letters to Congress about surveillance programs.
The NSA surveillance program publicly known as “PRISM” is based on section 702 of FISA, which allows targeting of foreign persons located abroad. Besides, section 215 of the PATRIOT Act – the so-called “business records” provision – has been interpreted to authorize the collection, in bulk, of all metadata of phone calls and e-mails within the US. To what extent is court approval required to use these powers? How tight is judicial oversight? Isn’t there a privacy interest already when data is merely collected?
There are now many declassified documents that set out the exact procedures. In short, surveillance under section 702, which was a publicly available provision long before the Snowden leaks, does not require a specific warrant each time and individual is targeted. What is needed is general FISA court approval of targeting rules and minimization procedures. Once a year, the FISA court approves rules for such surveillance measures for specific purposes, e.g. related to investigations into terrorism. These procedures also make clear what may be done with the data once collected. Prior to the enactment of section 702, no such specific authority was needed. Section 702 imposed a legal regime with specific protections – for instance, to ensure that the person targeted is indeed a foreigner, is overseas, and that there is no reverse targeting, e.g. indirect targeting of U.S. persons by formally targeting someone abroad.
Under section 215, a court order is indeed required, and the data collection only applies to telephone metadata, not to the content of communications. So it’s just information like: “this number called that number”. The order extends to all communications that clients of a specific provider had during a certain time span. The theory behind this is that we want to preserve communication data because it may be important to have such data available if something happens later, e.g. when you are investigating a terrorist threat. I understand that there is a privacy interest at stake when accessing the collected data. The FISA court took the middle road in balancing this interest: It does not require another warrant to access the acquired data, but it laid down conditions for accessing the collected data, such as reasonably articulable suspicion. Further, if the agencies exceed the powers granted by the court order, each incident must be reported.
Suppose the FBI had a suspicion that terrorists in Germany were plotting an attack on the U.S. Can you briefly describe what section 702 would allow you to do, and describe the procedure that you would follow if you wanted to intercept the suspects’ communications?
First of all, you have to ask yourself what’s the purpose of the proposed measures? Anti-terrorism would certainly fall into the realm of pre-approved targeting under section 702. But you need to document that the suspects are overseas, and you need to know about the nationality of the person – often this will require information from intelligence sources. In fact there’s quite a lot of cooperation between different U.S. agencies like the NSA or the FBI, but also with agencies from foreign countries. Then you would do the tasking if there was sufficient proof of all of the above, set up a system to train agents about minimization, and then monitor that the persons don’t change locations. Then finally you’d try to intercept their email or telephone communications, depending on the authorization.
The FISA court (FISC) is a special court charged, inter alia, with overseeing the section 702 operations. The court’s chief justice has recently raised concerns whether the FISC is an effective review mechanism. What are the court’s weaknesses? And which reform proposals, such as an ombudsman or amicus curiae, would you support?
I don’t think Judge Walton said that FISC is an ineffective review mechanism. Certainly there is a 99%+ approval rate of government requests, but this is just the same rate (or lower) than in usual criminal cases. Most decisions by the FISC concern ordinary single target surveillance operations, so-called “traditional FISA” applications: That’s the bulk of the court’s workload, and those cases are decided on the basis of probable cause.
Most of the FISC reform proposals generally apply to the very few cases where broad surveillance programs are concerned, such as the orders under section 215. One idea is to have “another voice heard” by the court in the non-adversarial procedures, such as an amicus curiae or a privacy advocate. The government has already stated it wouldn’t object to an amicus, i.e. an outside person appointed by the court on a case-by-case basis. Personally I think that is fine idea, however it would need to be narrowly tailored to cases that actually deserve additional scrutiny. As I mentioned, a lot of the FISC’s work is routine, and that shouldn’t be turned into lengthy adversarial proceedings. But having an additional voice heard with respect to so-called “bulk” applications made by the government would be beneficial to the integrity of the process.
The constitutionality of section 702 was challenged in the U.S. Supreme Court, but the court held that the particular plaintiffs had no standing and thus did not decide the case on the merits. Since the Snowden leaks have made it much easier to establish standing, further lawsuits e.g. by the American Civil Liberties Union (ACLU) are currently under way. In your view, is section 702 constitutional, and if so, why?
There are a variety of lawsuits challenging the constitutionality of section 702, and it will now be for the courts to decide that issue. In my view the sooner it’s clarified, the better. If it’s indeed unconstitutional, it is better for the government to know it now. I personally think the basic structure of the law is clearly permissible: The warrant requirement of the 4th Amendment to the U.S. Constitution, which requires a warrant for wiretaps, doesn’t apply abroad. We generally don’t export our law to people in other countries – that would be hubris. There have to be jurisdictional limits, so we only apply the 4th Amendment to everyone in the U.S – foreigners or Americans alike – and Americans wherever they are. There are of course a host of other legal issues raised by 702, which the courts will grapple with.
But when the US projects its intelligence capacity abroad, shouldn’t US constitutional protections travel as well?
The Constitution protects everyone in the United States, whatever their nationality; and it protects Americans overseas. But the law does not apply to all citizens of all countries of the world wherever they are located. Congress could choose to try to expand the law, but I don’t see that coming any time soon.
Germany has just co-sponsored a UN General Assembly Resolution affirming the right to privacy on the internet. German scholars have argued that the surveillance program violates international law, namely the human right to privacy in Art. 17 of the Intl Covenant on Civil and Political Rights, sovereignty, the NATO treaty und the Vienna Convention on Diplomatic Relations. Did international law matter in any way in the legal discussions at the FBI and within the intelligence community? Is PRISM legal under international law?
Section 702 is a congressional statute that the FBI has to deal with. If international law is raised in the proceedings against its constitutionality, then the Department of Justice will deal with it. In the two public FISC decisions regarding section 215, the court did not address international law. I’m confident that given the creativity of groups like the ACLU, they will raise international law questions in litigation to come against the constitutionality of sections 215 and 702. And certainly the discussion is ongoing whether constitutional privacy rights should be extended to foreigners abroad by statute.
There has been some discussion among German opposition politicians to give Edward Snowden political asylum in Germany. What would the FBI do if that happened?
I don’t deal with hypotheticals, but that would be an issue for the Departments of State and of Justice.
Mr. Weissmann, thank you very much.
Interview: Ulf Buermeyer & Michael Riegner
Ulf Buermeyer ist Richter am Landgericht Berlin und derzeit LLM-Student an der Columbia Law School.
Michael Riegner ist wissenschaftlicher Mitarbeiter am Lehrstuhl für öffentliches Recht und Rechtsvergleichung an der Universität Gießen und derzeit LLM-Student an der New York University.