FISA Amended to Allow Acquisition of Cross-Border Communications Without a Court Order
On August 5, 2007, President Bush signed the "Protect America Act of 2007." The Act amends the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. § 1801 et seq.) ("FISA") by removing from supervision of the FISA Court surveillance of communications that begin or end in a foreign country. Under the Act, communications can be monitored (i.e., intercepted) in real time or reviewed after receipt and storage, for example, in the case of email.
The Act removes from the definition of "electronic surveillance" in FISA any surveillance directed at a person reasonably believed to be located outside the United States. As such, surveillance of these communications no longer requires a government application to, and order issuing from, the FISA Court.
The Act provides procedures for the government to "certify" the legality of an acquisition program, for the government to issue directives to providers to provide data or assistance under a particular program, and for the government and recipient of a directive to seek from the FISA Court, respectively, an order to compel provider compliance or relief from an unlawful directive. Providers receive costs and full immunity from civil suits for compliance with any directives issued pursuant to the Act.
With costs and civil liability addressed, providers are only likely to seek relief from the FISA Court if they have reason to believe that the target communication does not involve a foreign participant, if the directive is so broad as to vitiate the particularity requirement for a foreign intelligence nexus, or if compliance will be unduly burdensome – notwithstanding the possibility of cost recovery – such as where compliance will require changes to technology or network architecture that are impractical or otherwise will substantially interfere with the provision of customer services.
A summary of key provisions follows.
Attorney General or Director of National Intelligence Can Direct Communications Providers to Intercept Communications or Provide Communications Data
The Act empowers the Attorney General or Director of National Intelligence ("DNI") to authorize, for up to one year, the acquisition of communications concerning "persons reasonably believed to be outside the United States" if the Attorney General and DNI determine that each of five criteria has been met:
(1) there are reasonable procedures in place for determining that the acquisition concerns persons reasonably believed to be located outside the United States;
(2) the acquisition does not constitute electronic surveillance (meaning it does not involve solely domestic communications);
(3) the acquisition involves obtaining the communications data from or with the assistance of a communications service provider who has access to communications;
(4) a significant purpose of the acquisition is to obtain foreign intelligence information; and
(5) minimization procedures outlined in the FISA will be used.
This determination by the Attorney General and DNI must be certified in writing, under oath, and supported by appropriate affidavit(s). If immediate action by the government is required and time does not permit the preparation of a certification, the Attorney General or DNI can direct the acquisition orally, with a certification to follow within 72 hours. The certification is then filed with the FISA Court.
Once the certification is filed with the FISA Court, the Attorney General or DNI can direct a provider to undertake or assist in the undertaking of the acquisition.
FISA Court Can Compel Compliance With Government Directives and Can Review Legal Challenges Brought by Providers
If a provider fails to comply with a directive issued by the Attorney General or DNI, the Attorney General may seek an order from the FISA Court compelling compliance with the directive. Failure to obey an order of the FISA Court may be punished as a contempt of court.
Likewise, a person receiving a directive may challenge the legality of that directive by filing a petition with the FISA Court. An initial review must be conducted within 48 hours of the filing to determine whether the petition is frivolous, and a final determination concerning any non-frivolous petitions must be made – in writing – within 72 hours of receipt of the petition.
Determinations of the FISA Court may be appealed to the Foreign Intelligence Court of Appeals, and a petition for a writ of certiorari of a decision from the FICA can be made to the U.S. Supreme Court.
All petitions must be filed under seal.
Provider Compensation and Immunity From Civil Suit
The Act allows providers to be compensated, at the prevailing rate, for providing assistance as directed by the Attorney General or DNI.
The Act provides explicit immunity from civil suit in any federal or state court for providing any information, facilities, or assistance in accordance with a directive under the Act.
Procedures but Not Individual Requests to Be Reviewed by FISA Court
Within 120 days, the Attorney General must submit to the FISA Court for its approval the procedures by which the government will determine that acquisitions authorized by the Act conform with the Act and do not involve purely domestic communications. The FISA Court then will determine whether the procedures comply with the Act. The FISA Court thereafter will enter an order either approving the procedures or directing the government to submit new procedures within 30 days or cease any acquisitions under the government procedures. The government may appeal a ruling of the FISA Court to the FICA and ultimately the Supreme Court.
Reporting to Congress
On a semiannual basis, the Attorney General shall inform the Intelligence and Judiciary Committees of the House and Senate of incidents of noncompliance with a directive issued by the Attorney General or the DNI, incidents of noncompliance with FISA Court-approved procedures by the Intelligence Community, and the number of certifications and directives issued during the reporting period.
Sun-Setting and Transition
The amendments to FISA made by the Act expire 180 days after enactment, except that any order in effect on the date of enactment remains in effect until the date of expiration of such order and such orders can be reauthorized by the FISA Court.
# # #