Case: [Redacted Caption] Gov't Ex Parte Submission of Reauthorization Certifications & Related Procedures, Ex Parte Submission of Amended Certifications & Request for an Order Approving Such Certifications & Amended Certifications (Dec. 2019) (702, Boasberg J.)

Section 702 of the FISA Amendments Act of 2008, 50 U.S.C. § 1881a, permits the Attorney General (AG) and the Director of National Intelligence (DNI) to conduct foreign intelligence surveillance targeting the communications of non-U.S. persons located abroad. The government need not establish probable cause that the target of electronic surveillance is a foreign power or agent of a foreign power, nor must the government specify the nature and location of the facilities or places that surveillance will occur. Communications of U.S. citizens and residents are frequently collected "incidentally" if those U.S. persons are communicating with or about a targeted foreigner.

Section 702 requires that the AG, through the Department of Justice (DOJ), and DNI, through the Office of the Director of National Intelligence (ODNI), submit annual “certifications” that define the categories of foreign actors that may be appropriately targeted. By law, these certifications must include specific targeting and minimization procedures adopted by the AG in consultation with the DNI. These certifications must be approved by the Foreign Intelligence Surveillance Court (FISC) before Section 702 surveillance may be conducted. For a more in-depth overview of the certification process, see [In re DNI/AG 702(i) Certification 2008] in this Clearinghouse.

This entry describes the 2019 certification. On September 17, 2019, the Attorney General and the Office of the Director of National Intelligence submitted the targeting, minimization, and querying procedures of the Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA), National Security Agency (NSA), and the National Counter-Terrorism Center (NCTC) to the FISC for their annual review. Judge James E. Boasberg took the case, and he issued an order on December 6, 2019 approving all procedures.

The 2019 minimization procedures were submitted a little later than usual because of the longer than typical approval process in 2018; for more information on that set of FISC cases, see [Caption Redacted] DNI/AG 702(h) Cerifications 2018 (July 2019) (702, Cabranes, J.; Tallman, J.; Sentelle, J.). Judge Boasberg dedicated part of this opinion to discuss the status of the implementation of the changes that the FBI promised to make to their querying procedures, essentially search terms of data collected under 702 of FISA, in the 2018 minimization procedures approval process. Specifically, the FBI promised to collect the query terms used on 702 data and improve procedures for justifying a search of the 702 data, which are typically used to target foreign individuals, for queries about a U.S. person. Judge Boasberg noted that the FBI had made progress in recording its query terms, highlighting the use of a SharePoint site to document the terms. Though this was a temporary fix, he was satisfied that it showed progress toward the ultimate goal. Judge Boasberg next discussed the justification process, saying that there were still "widespread violations" of FISC querying standards within the FBI, even after the approval of the 2018 procedures. However, he noted that FBI employees still needed time to adjust to the new protocols, and highlighted the use of a new FBI program to make it easier to opt out of searching 702 data. He found these remedies to be satisfactory, and did not allow these issues to hold up approval.

Judge Boasberg also discussed changes to the NSA's targeting procedures. First, he noted new opt-out procedures in the upstream data collection process. The circumstances under which the opt-out procedures would occur were redacted. Judge Boasberg was confident that this procedure did not put U.S. citizens at significantly greater risk of surveillance under 702, though. He also discussed new procedures surrounding the transfer of targeting information between the NSA and the FBI. While he said that the change left the NSA with leeway to determine what information it shares with the FBI when it refers a target to the FBI for surveillance, he was satisfied with the NSA's proposal to provide updates to the court every 45 days on the standardization of this information transfer.

Judge Boasberg also analyzed the querying and minimization procedures of all the agencies. Most of this section focused on User Activity Monitoring (UAM), or the surveillance of employees on the agency's computer network to make sure they're using the internet appropriately. Judge Boasberg was pleased with the CIA and FBI's protocols here, saying that limiting access to this information to insider threat analysts and regularly deleting information that did not pose a threat satisfied requirements in the FISA. Though the NSA did not regularly review or delete irrelevant UAM, Judge Boasberg allowed it, buying the NSA's argument that it may take time to identify an insider threat, and that there was a very low risk of this information being used in a 702 context in the first place. Another highlight of Judge Boasberg's opinion noted the extension of the NSA's retention of upstream communications data from two years to five years. He stated that this was acceptable because changes in upstream monitoring in previous 702 approvals greatly reduced the risk of U.S. citizens being caught up in 702 monitoring.

From an administrative standpoint, Judge Boasberg said that the filing conformed to statutory requirements for information to include, and that the procedures, considered as a unit, met the Fourth Amendment's requirements, making them reasonable searches and seizures.

With the approval, the case is now closed. The next 702 approval process occurred in 2020.