In this episode of “Intelligence Matters,” host Michael Morell speaks with Glenn Gerstell, former general counsel at the National Security Agency, about how and when the NSA is authorized to use electronic surveillance to collect intelligence on foreign targets. Gerstell offers a detailed explanation of the origins and evolution of the Foreign Intellingence Surveillance Act (FISA) and the statute, most commonly referred to as Section 702, that allows electronic surveillance using U.S. electronic communications service providers. He and Morell walk through the legal limitations put forth in the statute and the debate currently surrounding its reauthorization by Congress.
Highlights:
- On existing legal guardrails: “[N]ot only does the Section 702 provide the authority for the government to to undertake this kind of surveillance, but it also sets out the guardrails to to protect Americans, given the nature of the Fourth Amendment and our and our country’s values. So let’s start with the fact that there’s never been a case of a deliberate misuse of the statute. There’s been no recorded case and or no no case at all. And I was there for five years and certainly could vouch for it during my period time when there’s been a deliberate and malicious misuse of the statute to to to pervert its purpose.”
- On the national security stakes surrounding Section 702: “We certainly don’t want to go back to the pre-9/11 situation where there was information in the FBI available to the FBI that it wasn’t able to connect the dots to prevent 9/11. So we would never want to be in a position where the FBI had information in its files, in its 702 folder, so to speak, but because of its inability to access it, it wasn’t able to stop the next,God forbid, 9/11. So this is an important issue. We want the Bureau to be able to conduct legitimate, appropriate law enforcement activities to keep our nation safe. And yet, at the same time, we want to make sure that we’re doing so in a way that is consistent with American values and the Fourth Amendment.”
- On the importance of reauthorization: “[T]his statute is of crucial importance. It is absolutely been essential in counterterrorism. It’s been essential in helping the United States understand the activities of foreign adversaries. It’s increasingly important in cybersecurity. The problem has been that that by definition, what the statute is aimed at is classified information. So it’s very hard for the government to explain exactly how valuable it is other than to assure people: Yes, it’s really, really, really critical.”
Download, rate and subscribe here: iTunes, Spotify and Stitcher.
“Intelligence Matters” – Glenn Gerstell
Producer: Olivia Gazis
MICHAEL MORELL: Glenn, welcome back to Intelligence matters. It’s very nice to have you with us again.
GLENN GERSTELL: Thank you. I’m delighted to be back on your terrific podcast. Somewhere in there, I think is lurking a quip about Samuel Johnson’s comment on second marriage as being a triumph of hope over experience. But I’m happy to be back.
MICHAEL MORELL: It’s great to have you. So, Glenn, as you know, we’re going to talk about an extremely important issue that Congress is going to have to make some critical decisions about in the new year, which is the reauthorization of something called Section 702 of the Foreign Intelligence Surveillance Amendments Act of 2008. That’s a mouthful.
But before we get to that particular issue, I’d love to take a step back and start with what is the Foreign Intelligence Surveillance Act?
GLENN GERSTELL: The Foreign Intelligence Surveillance Act is an incredibly important statute. And in fact, given its importance, it’s surprising that it isn’t, you know, as well known, given its relevance to our national security and national well-being.
The statute is 45 years old, it dates from 1978, and it provides the exclusive authority as well as limits for electronic and physical surveillance conducted by the government inside the United States for foreign intelligence purposes, not for law enforcement purposes. And it’s not about surveillance that’s conducted overseas for foreign intelligence purposes, because that’s not covered by a statute; that’s covered by ordinary presidential executive orders.
MICHAEL MORELL: So what’s the history behind FISA?
GLENN GERSTELL: So the history behind FISA, we have to go more than 45 years. We have to go back all the way to 1792. Why? Because that’s when the Fourth Amendment to the Constitution was adopted. And as we all know, the concept of the Fourth Amendment limits, restricts unreasonable searches and seizures and requires that a warrant, search warrant be obtained by a federal judge before the federal government undertakes, in certain cases, searches and seizures.
Obviously, the idea of electronic surveillance couldn’t possibly have been in the founding fathers’ minds. So over the years, because the amendment was very much focused on the the colonists feeling about British soldiers breaking down doors, it had a very physical aspect to it. About all the court cases dealing with the Fourth Amendment were very focused on physical intrusions by the government.
But by the time of the 1960s, the amendment was applied to electronic surveillance, and it said that in certain cases warrants needed to be done. In other cases, it would sort of set out a series of rules through Supreme Court cases. But all of – because this wasn’t mostly regulated by statute, but instead by the Fourth Amendment, this area of of limits on surveillance, it wound up with a series of sort of patchwork court cases, one on this particular set of facts, another on another particular set of facts. So that by the time of the 1970s, we had a patchwork that was very inconsistent of rulings about the extent of government electronic surveillance.
And that, combined with the excesses and abuses of President Nixon, who, as you may remember, had a program of spying on his political enemies, and yes, including people such as Martin Luther King, Jr., etc.. So this caused Congress to set up the so-called Church and Pike hearings, which in turn finally led to the adoption in 1978 of a statute that would definitively provide guidance in this area for foreign intelligence purposes.
And that statute, FISA, basically did several things. It said that non-criminal electronic surveillance within the United States was going to be permissible only for the purpose of collecting foreign intelligence information or foreign counterintelligence information. It said that foreign powers and agents of foreign powers were okay; they were legitimate targets for electronic surveillance.
The statute set out that a probable cause standard, meaning a probable cause that someone was an agent of a foreign power, had to be met before electronic surveillance was permissible. The statute set up the only secret court in the nation, the Foreign Intelligence Surveillance Court, to hear applications for these kinds of of probable cause warrants.
And it made clear that the only circumstance under which electronic surveillance could be lawfully conducted in the United States for the purpose of foreign intelligence collection was either because you got a probable cause order from the FISC itself, the Foreign Intelligence Surveillance Court, or in the case of emergencies, the attorney general specifically approved it.
The statute has – FISA has several titles. Title I dealing with electronic surveillance, Title III dealing with physical searches, both of those required probable cause. And then Title VII, which is the one I have a feeling you’re going to be asking me more about, which is for activities conducted overseas.
MICHAEL MORELL: So, Glenn, that’s FISA. And let’s now — you predicted it. Let’s now get to Section 702 of the current act. What does that allow? What does that Section 702 allow the government to do?
GLENN GERSTELL: 702 is a critically important statute adopted in 2008 that allows electronic surveillance using U.S. electronic communications service providers. That’s a mouthful, but it’s a defined term in the in the statute where three elements are met, one where the target of the surveillance is a specific foreigner, a non-U.S. person. Two, the person, the foreigner has to be reasonably believed to be located outside the United States at the time of the surveillance. And three, the purpose of targeting this individual, this foreigner, has to be to acquire foreign intelligence information – another term defined in the statute very broadly, but basically covers almost every conceivable threat you can imagine to national security, deliberately intended by Congress to be broad.
So what’s notable about this is there’s nothing about probable cause. That was the rest of FISA that we talked about before. You don’t need an individual probable cause basis for determining someone is an agent of a foreign power or committed a crime or whatever. And it’s targeted against individuals. It’s not about bulk collection.
There are only four agencies that directly use this Section 702. One is my old agency, the National Security Agency; the others, the CIA, your agency, the Federal Bureau of Investigation, and the National Counterterrorism Center.
The maybe just one way of sort of just to sort of summarize a classic example of how this might be used, how 702 was used, is if the U.S. government was trying to track down, say, an al-Qaeda terrorist who might, for example, be using a U.S.-based email system, for example, just hypothetically, Gmail or Outlook or Yahoo – those are all U.S. systems that handle communications for foreigners.
Now, of course, the government might try to intercept that communication by this al-Qaeda terrorist overseas, but that’s much harder. You need an overseas presence. Maybe you need to get into that individual’s device or you need to be physically located where the communications are occurring. And that’s just difficult.
So the utility and the need for Section 702 in some ways is a tribute to the success of U.S. technology, really in the sense of billions of people around the world use U.S. communication systems from email, social media, chat programs, etc.. I’m not saying all these are all 702 targets, but think about Facebook, WhatsApp, Skype, etc. And this just underscores how U.S. electronic communications providers, electronic has affected our digital life – all through U.S. communications providers.
And the only alternative is the Chinese market for things like WeChat, etc.. But they don’t have any traction outside the United States. So the fact that we need an ability to access U.S. communications infrastructure for finding out about how foreigners are communicating is really a success story of American technology.
MICHAEL MORELL: So, Glenn, this technological progress we’ve made and the success of American companies is why this needed to be added to the law in 2008, correct?
GLENN GERSTELL: Yes, exactly right. I think there were two factors that led to changing the original FISA adopted in 1978 to updating it in 2008. One was the geopolitical factor, which we’re all fully aware of. After 9/11, we became acutely and horribly aware that threats to the homeland were arising from abroad. So we needed to have a greater focus on foreign-generated maliciousness that would affect us here in the United States.
And the second, as you correctly point out, is the technology’s changed. In 1978, there were no emails. Most international phone calls were routed by satellite. And FISA in 1978 was deliberately written so that it didn’t affect the ability of the U.S. intelligence community at the time to intercept satellite or radio communications. They didn’t fall within FISA.
But now, fast forward to the early 2000s, people are using email – again, using American service providers. And most phone calls aren’t routed at the time by satellites, but instead are going over terrestrial cables and submarine cables connected to it, often connected to the United States. So technology changed, and the result was that in order at the time for the intelligence community to go after a foreigner who was using an email or a telephone, they wound up having to go have a probable cause warrant under the old FISA, which was often difficult to do, certainly wasn’t scalable. And wound up in a perverse situation where foreigners were getting more Fourth Amendment protection than they were entitled to. They were getting an individualized probable cause order from a court.
So that’s why the Section 702 was added: to make it easier, consistent with the Fourth Amendment, to deal with this technological change.
MICHAEL MORELL: So, Glenn, for great clarity, who can the IC target under section 702 and who can’t?
GLENN GERSTELL: So again, this is a foreign-targeted statute. So no U.S. citizen anywhere around the world in the United States, outside the United States, no U.S. citizen can be a target under Section 702. That’s a matter of the both the statute as well as the implications of the Fourth Amendment.
Number two, the intelligence community can’t target a foreigner in an effort to get information about a known U.S. person. So they can’t sort of use that as an excuse, so to speak, to get to a U.S. person.
Number three, you can’t target anybody in the U.S., whether they’re even a foreigner, an alien, anybody in the U.S. cannot be a target if they’re in the United States at the time of the surveillance.
And then most importantly, it has to be for this specific intelligence purpose. So if there’s some other purpose, such as law enforcement or – although there’s never been a case of this – someone just wanted to find out information about their boyfriend or girlfriend, you couldn’t use this statute for that.
And to give you a sense of it, the Office of the Director of National Intelligence produces a report under statute about how many people have been targeted under Section 702. The most recent report came out several months ago and said that in 2021, the most recent year for which information is available, there were 232,000 targets, foreign targets under Section 702.
MICHAEL MORELL: Glenn, how does the program work? How does the IC obtain permission under the act to collect on specific issues?
GLENN GERSTELL: So the the fascinating part of this statute, the innovative nature of the statute, was that instead of requiring a probable cause, individualized court warrant for a particular target, it set up a system where the the Foreign Intelligence Surveillance Court, the FISC, would approve a set of procedures. And based on those procedures, the executive branch could then make individual targeting decisions.
And those individual targeting decisions would conform to something that I know you’re familiar with, which is the National Intelligence Priorities Framework, which is a scheme established periodically by the federal Government to decide how it ranks foreign intelligence goals and objectives and looks at threats to national security and looks at everything from, say, nuclear proliferation to terrorist attacks, whatever.
MICHAEL MORELL: Right.
GLENN GERSTELL: That information is communicated to, say, the National Security Agency, which then decides in order to fulfill that priority, we’re going to go after and try to target a particular terrorist. And that has to be done in accordance with procedures that are established by the court to to make sure that the targets are legitimate and conform to these certifications that the Director of National Intelligence and the Attorney General have given to the court saying these are permitted areas of foreign intelligence collection.
The government hasn’t said exactly what those areas of collection are. I think it fair to assume that they’re all, you know, the threats you would expect against our homeland.
MICHAEL MORELL: So, Glenn, take us inside the process. Once the IC has permission to collect on those specific areas that you talked about, what does the collection process look like? What happens then?
GLENN GERSTELL: So only two agencies actually can initiate targeting decisions. The National Security Agency and the FBI – they’re the only ones that have targeting procedures, detailed, 20-, 30-, 40-page set of procedures that are approved by the Foreign Intelligence Surveillance Court, and those procedures require a series of checks and double checks and oversight to make sure that the people being targeted are fully consistent with the law.
And once that’s done, the agencies – after all sorts of series of internal vetting – are able to send a directive, usually managed – the actual physical production of this is done through the FBI, which has the relations with communications providers – and a directive is sent to the U.S. communications provider, who might hypothetically be a U.S. telephone company or an Internet provider such as Google or Microsoft or someone. Just hypothetical names here. And they are served with a directive that says, ‘Please give us all the information in your possession pursuant to the terms of the order on a named individual.’
And so that would cause that entity under court order – just the same as a regular search warrant for law enforcement purposes – to provide that information, which could include ongoing information, not just a snapshot, to the FBI or to the NSA. And that process is valid for a year. After a year, the agency has to go back and get a have yet to get a new directive, but it’s targeted at the specific person and it winds up being the equivalent of a search warrant for law enforcement purposes.
MICHAEL MORELL: Right. So again, very importantly, walk us through two things: the protections for U.S. persons that are in place and then the oversight of the program to ensure that the government is not abusing its power. What does that look like?
GLENN GERSTELL: Sure. That’s the critical part of the statute. So not only does Section 702 provide the authority for the government to undertake this kind of surveillance, but it also sets out the guardrails to protect Americans, given the nature of the Fourth Amendment and our country’s values.
So let’s start with the fact that there’s never been a case of a deliberate misuse of the statute. There’s been no recorded case, no case at all – and I was there for five years and certainly could vouch for it during my period time – there’s been no deliberate and malicious misuse of the statute to pervert its purpose.
MICHAEL MORELL: The girlfriend or boyfriend, possibility, for example.
GLENN GERSTELL: Exactly. So that fortunately hasn’t happened. And there’s lots of layers of oversight to make sure that happens.
But the issue that’s involved here is that there could be, and there inevitably will be, the incidental collection of Americans’ information. Why? Because when the intelligence community is targeting a foreigner, in most cases, the foreigners are going to be talking to another foreigner. Indeed, the very kind of foreigners that 702 is aimed at is probably the ones with whom we’re interested in what their foreign activities are.
But every now and then one will be inevitably talking to an American or receiving calls from an American, and that incidental collection, so to speak, is going to be picked up under 702. It’s completely legal. The Supreme Court has made clear time and again the fact that incidentally collected information against the other person on the other end of a phone call or an email opposite the target doesn’t defeat the legality of it, but that raises certain -obviously is going to raise civil liberties and privacy concerns when Americans’ information is being incidentally collected under an otherwise perfectly lawful 702 action.
So as a result, there’s all sorts of layers of regulation internally and externally to make sure that the information is being correctly obtained in the first place, that it’s deleted after it’s no longer relevant or it’s expired; after five years it must be deleted, as a general rule.
Within in the NSA – we could spend a whole podcast on the layers of oversight – but there’s an inspector general, a specific compliance division, the Office of the General Counsel, where I used to be, the Director of the National Intelligence and the Department of Justice check every targeting decision after the fact to make sure it was legitimate.
The Foreign Intelligence Surveillance Court oversees the whole process. The Department of Defense has a separate unit to double check the checkers. There are two congressional committees that have oversight in this area. The Privacy and Civil Liberties Oversight Board also reports on 702. So there’s lots and lots of layers, and rightly so. By the way, I’m not complaining. Lots of layers of of redundant, deliberately redundant, oversight of this area.
MICHAEL MORELL: So Glenn, there’s one thing I don’t understand in the context of what we’re talking about, is you’ll see something called ‘U.S. person queries,’ and that doesn’t have a great connotation to it. What are we talking about there?
GLENN GERSTELL: So as I said, the essential concern on the part of privacy advocates and people who focus on the Fourth Amendment, quite understandably, is the fact that there will be incidental collection of Americans’ communications, emails, telephone calls, whatever. And that will wind up in the database that the intelligence agencies and the FBI maintain for perfectly appropriate purposes.
And when an issue arises for foreign intelligence purposes, or in the case of the FBI for law enforcement purposes, that database can be queried. And someone could, in effect, say, ‘Let’s see if Glenn Gerstell’s name pops up in this, because we just had a terrorist incident and let’s see if Glenn Gerstell is involved in this.’
And you could run my name, so to speak, through this. In the case of the NSA and the CIA, there are very, very, very limited circumstances in which they could use a U.S. person’s name to look through their database. And that’s just very rarely done. And that’s not much of the subject of concern.
What is a subject of concern is the FBI. Why is that? Because the FBI has a dual mission. It’s both focused on national security issues, particularly counterintelligence. And it also is the federal general law enforcement agency. So, prior to some amendments done in the most recent reauthorization, the FBI had the ability to query that database to look for American names if it was in the midst of an investigation, including a very preliminary investigation, just starting one out.
Now, as a result of some some tightening up of the statute, the FBI actually needs to get a search warrant if it’s going to check an American name in that database where it’s already involved in an ongoing investigation. So if they have an ongoing investigation, they’re looking for a specific name and they know they’re investigating Glenn Gerstell, they need to get a search warrant to see if my name pops up in the 702 database. Otherwise, they don’t.
But obviously the concern is that, ‘Well, look, the FBI would have needed a search warrant to get some of this information had they been doing it for law enforcement purposes.’ So the argument of some people is, ‘Well, this is a backdoor way to get the FBI to get some information that it wouldn’t otherwise have been able to, because it was looking for a foreign intelligence purpose.’ And that’s what FISA was all about – foreign intelligence purposes – they weren’t supposed to get an extra serving of Americans’ information on this for free, so to speak.
And so that’s the issue. And just to give you a sense of the quantity of it, the most recent report shows that over 3 million times last year, the FBI queried the database for U.S. persons content or metadata, the details of their phone call. And depending upon your point of view, you can either say, ‘Well, that’s a big number or a little number,’ but we don’t need to get into that.
The point is that they are querying the database and that does cause some concern. There’s all sorts of rules about this and limits, etc.. But at the end of the day, that has the been the focus of of concern, which is the ability to query a database originally set up for other purposes.
Having said that, let me be clear that there are many reasons, all valid, why we would want the FBI to have this ability. We certainly don’t want to go back to the pre-9/11 situation where there was information available to the FBI that it wasn’t able to connect the dots to prevent 9/11. So we would never want to be in a position where the FBI had information in its files, in its 702 folder, so to speak, but because of its inability to access it, it wasn’t able to stop the next, God forbid, 9/11. So this is an important issue.
We want the bureau to be able to conduct legitimate, appropriate law enforcement activities to keep our nation safe. And yet, at the same time, we want to make sure that we’re doing so in a way that is consistent with American values and the Fourth Amendment. And I might add, the 702 statute has come up for investigation, for a look by the courts time and again, and it has always been found constitutional.
Congress set out the statute to be within the bounds of the Fourth Amendment – sort of if you think of a property owner who builds a fence about a foot or so inside the property line just to be really careful and sure that they’re not going over the line – that’s how Section 702 was constructed.
MICHAEL MORELL: And just to be clear, those U.S. person queries require a search warrant.
GLENN GERSTELL: U.S. person queries require a search warrant in the case where it’s for what’s called a predicated investigation, where the FBI is is is undertaking something that it has something more than just a tip. It’s actually investigating something and is undertaking a formal investigation.
If it’s just doing a generalized search, where it doesn’t have any particular investigation going on and is running down some tips or something, then it doesn’t need the search warrant, but that’s because it’s not aimed at a particular person at that point. It’s just a generalized sort of background query. And the theory is they don’t need a search warrant for that. Indeed, a search warrant would be impossible to obtain because they don’t have probable cause to search for anybody. So that’s the theory there.
MICHAEL MORELL: So, Glenn, that’s all great background on FISA and Section 702 – perhaps more background than some people want. But I think it’s really important to lay all that out. Now, let me ask you about the impact of 702. How important is 702 to the intelligence collected by the intelligence community?
GLENN GERSTELL: The simple fact, Michael, is that this statute is of crucial importance. It is absolutely been essential in counterterrorism. It’s been essential in helping the United States understand the activities of foreign adversaries. It’s increasingly important in cybersecurity.
The problem has been that by definition, what the statute is aimed at is classified information. So it’s very hard for the government to explain exactly how valuable it is other than to assure people, ‘Yes, it’s really, really, really critical.’
I can tell you, having been inside for five years inside the National Security Agency, both approving the FISA orders and most importantly, seeing the information that came back and how valuable it is, that that’s what’s led NSA to say that it is the single most important source of statutory authority for the agency. A very, very substantial portion of its reporting – I don’t know what they’ve said publicly, but I wouldn’t be surprised if it’s a majority, but certainly a very substantial portion of all of its reporting is derived from 702 – and, I might add, much of what finds its way in the President’s Daily Brief, that top secret information that goes to the president every day about the threats facing our nation, is derived from 702. So it’s critically important.
In the last go around, when it was most recently reauthorized, the federal government had occasion to declassify some examples of how this has been used. And they’re all on the public record. There’s a fascinating story of someone named Haji Iman, who was the number two ISIS terrorist, you probably remember, who had a $7 million bounty on his head.
NSA spent two years trying to track him down using 702. They finally did. There was an attack aimed at him, an attempt to capture him in 2016, leading to his death. The ISIS recruiter, Shawn Parson, who was famous for having instructional videos on the Web that talked about how you should find Americans and kill them anywhere you can, he was tracked down through 702.
Najibullah Zazi, who had a plot to bomb the New York City subway system, was, interdicted through 702. And the and the Privacy and Civil Liberties Oversight Board specifically looked at that case and they said, ‘This was the but for cause, 702 was the but for cause of stopping that plot.’
So we’ve had a bunch of these, it’s classified, formerly classified vignettes or stories declassified. The government’s going to have to do that again in connection with the upcoming re-authorization and make sure that everybody understands how important this is.
The area where it’s increasingly important, Michael, is in cybersecurity, because we know what the threats to our cybersecurity are – they’re from overseas ransomware gangs. They’re from nation states such as Russia, China, etc.. And that’s where 702 is going to make a huge, huge difference.
MICHAEL MORELL: So, Glenn, now we get to the reauthorization. And first question regarding reauthorization is how many times in the past has Section 702 had to be reauthorized and how much debate around that was there?
GLENN GERSTELL: So it was passed in 2008 with bipartisan support, but still about, you know, about a maybe 25% or 30% of the House and Senate voted against it. It was renewed in 2012 and then in late 2017, 2018, signed by President Trump, again renewed to the present time, up to December of ’23. And then there was a little, although bipartisan, there was about a third of the House and Senate that voted against it.
MICHAEL MORELL: Okay. So when does the current law expire? When is reauthorization needed to keep the program going?
GLENN GERSTELL: So the law is going to expire at the end of December in 2023. And by all indications, it’s running into a little bit of of headwinds from both the left and right. I think that’s a big mistake because I think the debate shouldn’t be, ‘Oh, let’s balance these various virtues of privacy and civil liberties versus the value of the statute.’
I think the value of the statute is so overwhelmingly clear and has never really been questioned, that the debate should be, ‘Okay given that the value is there, and that’s the presumption, let’s see what concerns need to be addressed.’
And I think that’s how this should be framed.
MICHAEL MORELL: So for those who are opposed to reauthorization, say, maybe they haven’t made up their mind yet, but are leaning that way, what are their concerns? What are their arguments for not reauthorizing?
GLENN GERSTELL: So there’s a range of of opposition to the possible reauthorization. Foreigners such as the Europeans who are involved in a discussion with the United States right now over transatlantic data flows, they’re sort of in favor of the statute because it provides the statutory guardrails. And if we didn’t have the statute, those guardrails wouldn’t be there.
And then in the United States, there’s both left and right coming together with some concerns. Privacy and civil liberties groups, understandably, are worried about the incidental collection and the restrictions on querying that we’ve discussed already.
On the right, there was concern over the Carter Page, Steele dossier and the spying on the Russian ambassador that led to the getting information about Michael Flynn. The president, Trump himself, claimed that the Trump Tower was spied on.
All this had nothing to do with with 702, but it had something to do with FISA, other sections of FISA. So it’s gotten wrapped up and in some ways in some Republican circles, FISA has become a four letter word.
MICHAEL MORELL: Yeah, so just to be clear, all those issues you talked about, not 702 issues.
GLENN GERSTELL: Not 702. All those other issues about the Carter Page, Steele dossier, blah, blah, blah, that was all under Title I of FISA, which is the statute that provides for a probable cause order. Those were all court-approved, individual court-approved. So that’s completely irrelevant to this.
MICHAEL MORELL: So, Glenn, what would happen if Congress can’t agree and the statute expires at the end of 2023?
GLENN GERSTELL: So that’s going to be a movie with an ending that nobody likes either on the left or the right.
It’s going to be a bad national security outcome because, as I said, given the importance of this statute to dealing with our national security threats and most especially cybersecurity, we’re going to be losing a big source of insight, and especially in the area of cybersecurity, right at the time when we’re facing these extraordinary increases in ransomware and cyber attacks. That’s just the wrong time for that.
So there’s no question on the national security side that not having this statute is going to be a big, big hole in what we can do.
But apart from the the authority side on what we can do, we’d also be losing the protections of the statute. And just to give you one quick example of it, there’s a section in Title IV which is a companion part of section 702, which is section 704, which is a very limited authority that allows the targeting of Americans overseas for U.S. and foreign intelligence surveillance. Nothing to do with 702 directly, but still part of the same statute. It’s all part of the thing that would lapse in December.
And section 704 had something in it that was what the civil liberties people, advocates, were in favor of, which is it added a requirement for a specific probable cause-based FISA court order in order to target an American overseas for foreign intelligence purposes.
And when that goes away, as it will in December of next year, then we’re left with the prior law, which simply allows the Attorney General to do it on his or her own motion.
So we’d be losing not only the authority that keeps our nation safe, but we’d also be losing some of these very important privacy and civil liberties guardrails, which are all part and parcel of the statute.
MICHAEL MORELL: So, Glenn, one kind of last area to probe here. Does Section 702 need to be reformed?
GLENN GERSTELL: Well, as I said, I think I start with the proposition that Section 702 is of incalculable and, I hope, demonstrable value that the federal government’s going to make that case this year. And so we definitely need some version of this authority, given, as I said, that foreigners around the world are using American communications service providers for their emails, , their online communications. So we know we need in some way to have this capability.
I don’t think we necessarily need to reform it right now. But longer term, our society, our nation needs to decide what we want the Fourth Amendment to be in this digital age. Is a Fourth Amendment search really occurring when a database is queried in an electronic communication without any person, without any individual looking at it, is looking at a series of zeros and ones in a database. Is that really a Fourth Amendment implication? Are we really worried about our privacy?
What does it mean to have the federal government have these restrictions at a time when the private sector, which knows so much more about your digital life, doesn’t have those restrictions?
So I think over time, we’re going to need to sort out what privacy means in the digital age. That’s more than 702, but 702 will be a piece of that very important discussion.
MICHAEL MORELL: Glenn, thank you so much for taking the time to explain all of this to us. You know, it really sounds to me like every member of Congress should should listen to this episode. And I wouldn’t be surprised as Congress starts discussing this, if we don’t find you testifying, you know, before Congress.
But thank you so much for joining us. It’s been a real education. Thank you.
GLENN GERSTELL: Thank you. It’s been a privilege. And I’m delighted to be able to talk about this very important topic.