December 1: 702 Query Successes
- To help the FBI identify the extent of a foreign government’s kidnapping and assassination plots. The timely identification of the foreign government’s plans and intentions in Section 702-acquired information contributed to the FBI’s disruption of the plots.
- To help the FBI identify efforts undertaken by the People’s Republic of China to hack a transportation hub in the United States. Resulting information helped FBI identify where the hackers had achieved successful compromises of network infrastructure. This enabled the FBI to alert the network operators so they could take action to mitigate the intrusions.
- To discover that Iranian hackers had conducted extensive research on the former head of a federal department. The FBI was then able to notify the targeted individual and his department so they could take appropriate security measures.
- To discover the nature of a U.S. person’s contact with intelligence officers from a particular country. The FBI’s investigation revealed the U.S. person to be unwitting of the illicit activities of the intelligence officers, and obtained important intelligence about a hostile foreign state’s attempts to acquire sensitive information relating to proliferation of weapons of mass destruction.
Statement for the Record in Part:
Reauthorization of Section 702 of the Foreign Intelligence Surveillance Act
Before closing, I would be remiss if I did not underscore an urgent legislative matter directly relevant to our discussion today. As the committee knows, at the end of December, Section 702 and other provisions of the Foreign Intelligence Surveillance Act (FISA) will expire unless renewed.
Loss of this vital provision, or its reauthorization in a narrowed form, would raise profound risks. For the FBI in particular, either outcome could mean substantially impairing, or in some cases entirely eliminating, our ability to find and disrupt many of the most serious security threats I described earlier in my statement.
I am especially concerned about one frequently discussed proposal, which would require the government to obtain a warrant or court order from a judge before personnel could conduct a “U.S. person query” of information previously obtained through use of Section 702. A warrant requirement would amount to a de facto ban, because query applications either would not meet the legal standard to win court approval; or because, when the standard could be met, it would be so only after the expenditure of scarce resources, the submission and review of a lengthy legal filing, and the passage of significant time—which, in the world of rapidly evolving threats, the government often does not have. That would be a significant blow to the FBI, which relies on this longstanding, lawful capability afforded by Section 702 to rapidly uncover previously hidden threats and connections, and to take swift steps to protect the homeland when needed.
To be sure, no one more deeply shares Members’ concerns regarding past FBI compliance violations related to FISA, including the rules for querying Section 702 collection using U.S. person identifiers, than I do. These violations never should have happened and preventing recurrence is a matter of utmost priority. The FBI took these episodes seriously and responded rigorously, already yielding significant results in dramatically reducing the number of “U.S. person queries” by the FBI of the Section 702 database and in substantially improving its compliance rate. Moreover, as we publicly announced in June, the FBI is implementing further measures both to keep improving our compliance and to hold our personnel accountable for misuse of Section 702 and other FISA provisions, including through an escalating scheme for employee accountability, including discipline and culminating in possible dismissal.
Together with other leaders of the Intelligence Community and the Department of Justice, I remain committed to working with this committee and others in Congress, on potential reforms to Section 702 that would not diminish its critical intelligence value. There are many options for meaningfully enhancing privacy, oversight, and accountability, while fully preserving Section 702’s efficacy. Doing that will be critical to fulfilling the FBI’s continuing mission of identifying and stopping national security threats within the U.S. homeland.
A new report confirms what national security leaders have long warned: If Congress fails to reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA), the U.S. stands at the brink of a self-inflicted national security calamity. (This op-ed was published on August 17, 2023, on The Hill online. Matt Olsen is the assistant attorney general for national security, Department of Justice, and Joshua A. Geltzer is the deputy assistant to the president and deputy homeland security advisor executive director.)
The President's Intelligence Advisory Board (PIAB) report highlights how crucial Section 702 of the Foreign Intelligence Surveillance Act is to the nation’s security, including to the FBI’s efforts to protect Americans from foreign threats, and recognizes that the reforms put in place by the FBI have yielded substantial compliance improvements. We agree that Section 702 should be reauthorized in a manner that does not diminish its effectiveness, as well as reassures the public of its importance and our ability to adhere rigorously to all relevant rules. We look forward to engaging with Congress on the recommendations in the PIAB report, and appreciate the board’s professionalism, expertise, and judgment in conducting this important assessment.
The Intelligence Community today released, in redacted form, the April 2023 Opinion of the Foreign Intelligence Surveillance Court (FISC), which highlights that the remedial measures the FBI began implementing in 2021 and 2022 are working to improve the FBI’s Section 702 query compliance. The 2023 Opinion also demonstrates the effectiveness of the FISC’s oversight responsibilities, as well as the FBI’s commitment to full compliance.
"The 2023 FISC Opinion confirms the significant improvement in the FBI’s Section 702 querying compliance since the implementation of our substantial reforms," said FBI Director Christopher Wray. "Section 702 is critical in our fight against foreign adversaries. We take seriously our role in protecting national security and we take just as seriously our responsibility to be good stewards of our Section 702 authorities. Compliance is an ongoing endeavor, and we recently announced new additional accountability measures. We will continue to focus on using our Section 702 authorities to protect American lives and keeping our Homeland safe, while safeguarding civil rights and liberties."
The 2023 FISC Opinion released today, which reviewed activity after the 2021/2022 reforms were implemented, highlights how the FBI’s reforms have contributed to significant improvements, saying there were "further indications that the measures are having the desired effect." Notably, the Court calculated the FBI’s compliance rate with the querying standard to be over 98% after these reforms were implemented.
The FISC acknowledged it was encouraged by the reforms and it "anticipated that the new default settings ‘should eliminate non-compliance stemming from inadvertent querying’ of such information." The Court also "noted 'preliminary indications' that such changes were 'resulting in substantial reductions in the number of U.S.-person queries.'"
While the Opinion cited incidents of noncompliance with the FBI’s Sensitive Query Policy and Querying Procedures—as well as compliance incidents that were previously disclosed in the FISC’s previously released 2022 Opinion—the Court nonetheless determined that, "Despite the reported errors, there is reason to believe that the FBI has been doing a better job in applying the query standard."
Additionally, in the time since these incidents occurred, the FBI has implemented new FISA query accountability measures with escalating consequences for negligent conduct to further deter the kinds of compliance incidents cited by the Court.
Most notably, the Court concluded that, "Given recent indications that the FBI is improving its implementation of Section 702 querying requirements, the Court finds that the FBI’s querying and minimization procedures, taken as a whole and as likely to be implemented, are consistent with the requirements of the statute and the Fourth Amendment."
FISA Section 702 is an indispensable tool in the FBI’s efforts to protect against national security threats. It authorizes the targeted collection of foreign intelligence information from non-U.S. persons located abroad. Section 702 will expire on December 31, 2023, unless Congress takes action to reauthorize it.
The FBI is responsible for upholding the Constitution and protecting Americans, including their privacy and civil liberties. Section 702 authorities are crucial to fulfilling our mission, but the FBI acknowledges that noncompliance is unacceptable. Continued improvement to 702 querying standards is vital to maintaining public trust, and the FBI is committed to taking effective measures to ensure compliance.
The Intelligence Community (IC) today released, in redacted form, the Foreign Intelligence Surveillance Court’s (FISC) April 2023 Opinion, which post-dated FBI FISA reforms.
- The Court highlighted that these major reforms the FBI implemented in 2021 and 2022 to improve Section 702 querying compliance are working.
- The 2023 Opinion discussed many of those remedial measures, concluding they were encouraged by the reforms and acknowledged that there are “further indications that these measures are having the desired effect.”
The FISC’s previous April 2022 Opinion was released by the IC in May 2023, which the Court discussed in the 2023 Opinion.
- The 2022 Opinion documented a series of significant compliance incidents regarding the FBI’s querying of FISA Section 702 information.
- Notably, the FISC’s 2022 Opinion reviewed activity that pre-dated the FBI’s reforms from 2021/2022.
- The Court had not had the opportunity to review the FBI’s querying practices after the implementation of our reforms at the time of the 2022 Opinion
The 2023 Opinion issued today included review of FBI practices after the implementation of the 2021/2022 reforms.
- The same judge who issued the April 2022 opinion, in reviewing the FBI’s querying over the last year and during periods after our reforms went into effect, found improvement in multiple areas.
- The Court made several statements throughout the Opinion highlighting the effectiveness of the reforms:
- Page 83: “There are further indications that these measures are having the desired effect.”
- Page 87: “…there is reason to believe that the FBI has been doing a better job in applying the query standard.”
- Page 88: “…implementation of the querying standard is encouraging” and “On balance…FBI application of the querying standard appears to have improved.”
- Page 88: “The information reported regarding the FBI’s recent implementation of the querying standard is encouraging,” and “On balance…FBI application of the querying standard appears to have improved.”
- Page 93: the Court cited “recent indications that the FBI is improving its implementation of Section 702 querying requirements” when finding the FBI’s querying and minimization procedures to be consistent with the statute and the Fourth Amendment.
The Court found the FBI’s compliance rate with the query standard to be over 98% after our reforms were implemented.
- Page 84/85: The Court calculated the FBI’s rate of non-compliance with the query standard as about 1.7% for queries against Section 702 data, and about 1.8% for all FISA queries.
The 98% compliance rate shows our reforms have led to substantial improvement; however, there are still errors. The Court discusses some of these in the opinion:
- Page 86: Non-compliant queries of a U.S. and state senator in June 2022, which were not sufficiently tailored, and which did not receive pre-approval.
- Page 86: Non-compliant query of a state judge in Oct 2022, which lacked adequate justification, and which did not receive pre-approval.
- Page 86, Footnote 52: May 2022 queries of U.S. academic, which complied with the query standard, but personnel failed to obtain the pre-approvals required under the FBI’s new policies.
- Page 87, Footnote 53: Batch query of 1,023 terms, which complied with the query standard, but personnel failed to obtain the pre-approvals required under the FBI’s new policies.
- Page 87/88, Footnote 56: The Court documents a number of smaller non-compliant batch queries, while noting they do not approach the scale of prior errors.
- Pages 88 to 90: Mislabeling errors in FBI’s recordkeeping, which are unrelated to compliance with the query standard. As the Court notes, these mostly involve erroneously giving the added protection of U.S. person status to non-U.S. person queries.
- In response to noncompliant batch queries, in June 2023 Deputy Director Abbate mandated that pre-approval by an FBI attorney be required for all batch queries, not only those resulting in 100 or more queries.
- The FBI’s Office of Internal Auditing found similar mislabeling errors in their review, as was reported in May 2023. The OIA made two recommendations to correct the errors, both of which the FBI is working to implement.
The first four incidents above involved a failure by the user to properly follow new policies the FBI put in place during its 2021-2022 remedial measures.
- New, improved mandatory FISA training went into effect in December 2022, after all of the above-mentioned compliance incidents occurred, and now requires users to demonstrate understanding of our policies before they can complete the training.
Deputy Director Abbate announced new accountability procedures in June 2023 defining specific consequences for employees who fail to properly abide by policies the FBI has put in place to prevent exactly the above types of noncompliance.
- These accountability procedures are detailed in a June 13, 2023, press release available on the FBI’s website.
The 2023 Opinion also cites several previously disclosed compliance errors. It is important to note that these are not new incidents. For example:
- Page 87, Footnotes 54: and 55 References from the 2018 and 2022 Opinions respectively the Court cited to strike a contrast between prior practices and the improvements documented in the 2023 Opinion.
- Page 88, first two bullets: Prior violations involving two field offices are references from the 2022 Opinion which the Court cited to strike a contrast between prior practices and the improvements documented in the 2023 Opinion.
- Page 91: The Court discusses violations of the court order requirement in Section 702(f)(2). These are the same incidents the Intelligence Community previously disclosed in the Office of the Director of National Intelligence’s Annual Statistical Transparency Report in April 2023—they are not new nor newly-identified incidents.
April 24: FBI Releases FISA Query Guidance
April 5, 2023: Director Wray Remarks on Section 702 at Texas A&M University
November 2021: Background: FISA Query Guidance Documents
Congress enacted the Foreign Intelligence Surveillance Act (FISA) in 1978 to provide oversight of foreign intelligence surveillance activities while maintaining the secrecy necessary to effectively monitor national security threats. FISA sets out procedures for physical and electronic surveillance and collection of foreign intelligence information.
FISA also established the United States Foreign Intelligence Surveillance Court (FISC), a special federal court to consider issuing search warrants under FISA. To investigate a particular foreign target in the U.S., for example, an FBI special agent must first submit an application to the FISA Court establishing probable cause.
In 2008, Congress enacted Section 702 of FISA, which authorizes targeted intelligence collection of specific types of foreign intelligence information—such as information concerning international terrorism or the acquisition of weapons of mass destruction.
Section 702 only permits the targeting of non-U.S. persons who are reasonably believed to be located outside the U.S. it is not a bulk collection program; 702 is targeted, meaning every decision is individualized and documented and then reviewed by an independent oversight team.
Although all 702 targets must be non-U.S. persons reasonably believed to be located outside the U.S., Congress has always recognized that such targets may send an email or have a phone call with a U.S. person. For this reason, 702 requires specific procedures to minimize the acquisition, retention, and sharing of any information concerning U.S. persons.
“Minimize,” however, does not always mean “eliminate”—if, for example, a foreign terrorist indicated that a U.S. person was a key member of an ongoing terrorist plot, the information would be appropriately shared to allow the FBI to take further investigative steps. Congress also amended Section 702 to require specific procedures to ensure the querying of any 702-acquired information is consistent with the Fourth Amendment.
“In a technology environment where foreign threat actors can move to new communication accounts and infrastructure in a matter of hours—if not minutes—702 provides the agility we need to stay ahead.”
Director Christopher Wray
What Is Section 702?
Section 702 is a key provision of the FISA Amendments Act of 2008 that permits the government to conduct targeted surveillance of foreign persons located outside the United States, with the compelled assistance of electronic communication service providers, to acquire foreign intelligence information.
The government uses the information collected under Section 702 to protect the United States and its allies from hostile foreign adversaries, including terrorists, proliferators, and spies, and to inform cybersecurity efforts.
Who Can Be Targeted?
Non-U.S. persons, located abroad, who are expected to possess, receive, or communicate foreign intelligence information.
Why It's Needed
Congress enacted Section 702 to address a collection gap that resulted from the evolution of technology in the years after FISA was passed in 1978.
By the mid-2000s, many terrorists and other foreign adversaries were using email accounts serviced by U.S. companies.
Because of this change in communications technology, the government had to seek individual court orders, based on a finding of probable cause, to obtain the communications of non-U.S. persons located abroad. This proved costly because of the resources required and because the government couldn’t always meet the probable cause standard, which was designed to protect U.S. persons and persons in the U.S.
Who Can't Be Targeted?