Internet activity on nonu. S. Citizens to gather intelligence. It runs 40 minutes. Good morning, everybody. Ill give you a quick welcome and a brief introduction of our first speaker. Im mike frank and im the director here of the wauds Program Office for the hoover institution. And welcome to sunrise or sunset, the future of section 702 the foreign Intelligence Surveillance act. Our first speaker will be john villasenor, who is member here at the institution. He wears a number of hats. Hes a professor at ucla where he olds appointments in schools of engineering, public affair, and governance. Hes also a visiting professor in the ucla school ofl law. He focuses on intersection of technology, policy, business law, and the ramifications of key technological trends and congress. He testified before congress, and hes also a member of the council of Foreign Relations where, and on cyber security. John is going to go through the basics of section 702 and sort of like a 101 introduction to it, and thatll setup our program for the rest of the day. John, welcome. Thank you all for coming today. So i realize theres probably some our countrys top experts of section 702 in the room or probably a little less. If youre one of the contres top 702 experts, you will learn nothing in the next few minutes. But the goal is to make sure were all sort of starting for the same foundation. Im not going to argue in favor or against any provisions. Im simply laying out what it is so were all starting from the same place. My understanding this will go to about 12 45, and then weve got lunch for you and well go into the remainder of the program. So let me just start at the highest level. Section 702 is part of title 7 of fisa and allows the attorney general and dni to jointly monitor communications persons other than u. S. Persons who are reasonably believed to be outside the United States to acquire foreign intelligence information. And so those are the three key requirements, which relate to section 702. What im going to do in this presentation is briefly give a little Historic Context. Because its helpful to sort of know how did we get here, talk specifically about the fisa act of 2008 which keyed up the conversation were having here in congress, and then ill go through the key points of section 702. This is scanned 1978 legislation, but this is the original fisa. Fisa was originally enacted in 1978, and it was to authorize electronic surveillance for foreign intelligence purposes. And it was directed at, you know, communications exclusively between or among foreign powers. That was in 1978. Another feature we see from the 1978 legislation is that there had to be no substantial likelihood the surveillance would require the contents of any communication in which the u. S. Person is a party. So from the earliest days of fisa we see this attention towards not intercepting u. S. Person communications if possible. The other thing thats notable back in the original fisa is you see the creation of the foreign Intelligence Surveillance court. A little hard to read, but it says the chief justice should designate seven District Court judges. Today we have 11 but back originally it was seven. And that was increased to 11 under the pacherate act of 2001. In addition, that same law also created the review venue, the Foreign Intelligence Court of review, which has been was very rarely used. So its the appeal venue, but it has been used. So that famework, section 702 and and title 7 didnt exist. It dates from the original act of fisa. So unsurprisingly for legislation that was originally put on the books in 1978 over the times, over the years heres some of the amendment that at least i was able to find. Im going to give specific attention to some of these latter ones here, because those latter amendments are the ones which created the section 702 that we have today. So a precursor to title 7, section 702 was something called the protect america act of 2007. It was enacted in august of 2007, and this was specifically heres the first time we see language like what we have in section 702 today. Having deni and the attorney general authorize the acquisition of foreign intelligence information concerning persons reasonably believed to be outside the United States. So this protect america act of 2007 had a sunset built into it. And it basically was automatically going to expire 180 days after enactment, which it was enacted in august of 2007, so it then expired at sunset in february of 2008. So from february 2008 onward, there was this discussion in congress about what to do. And then finally a couple months later in july of 2008 we have the passage into law of the fisa amendments act of 2008, which is the act that created the title 7 that we have today. So this was the first time we had that in the form essentially the way we have it today. So this is the legislation, creating title 7. And youll notice here its got a sunset. Im sorry, let me go back here. It was originally created at sunset on december 31, 2012, so a little over four years after the original enactment. So the day before it was going to expire, so in december 30, 2012, there was a reauthorization. So it would be nice to think in 2017 this would get resolved before december 30, 2017, but it might come down to the wire. It was extended the day before at sunset, and particularly this language here striking december 30, 2012, and this is the law we have on the books today. The reason we have so much press these days is the issue is extending this either with or without modifications is something thats been discussed quite a bit. So thats quite of a level setting. Here we are. So i thought it would be helpful also to because people also use these terms, sekz 7, fisa, so i wanted to put it all in context. Fisa has these titles. Im not going to read them all, but i bolded title 7, which is where section 702 lives. Title 5 is business records. This is everyone here is familiar probably with the section 215 of the pacherate act. Thats not section 702. That lives in title 5, and were talking about title 7. Section 702 is a portion of title 7. So we kind of push into title 7 here, and we get the sections within fisa, within title 7. And again, im not going to read all of these other than to highlight obviously were here to talk about section 702. Notably these are other than u. S. Persons. So section 702 as i suggested from the very beginning is specifically designed in relation to look at communications of people who are thought u. S. Persons that contrasts with some of the other sections of title 7 which actually address the u. S. Persons. So section 702 is specifically nonu. S. Persons. So thats sort of Historic Context and a present context of where section 702 sits within title 7 and more broadly within fisa. So now lets talk about what these key terms mean. First of all, u. S. Person, im not going to read the whole definition, but when we talk about u. S. Person we of course mean a citizen of the United States, and also as it says here an alien admitted for lawful permanent residence. This definition is referred in title 7 as the definition of u. S. Person. So lets take a look at what it allows. So section 702 allows an authorization of correcting communications of persons reasonably believed to be located outside the United States. It doesnt mean they necessarilyal in every single case are, but they need to be reasonably believed to be outside the u. S. The goal needs to be to acquire foreign intelligence information. Thats it. Thats the goal of this thing. The authorization to do that is basically the attorney general and dni jointly are able to give this authorization. But they can do so under two conditions. One is upon the issuance of an order pursuant to an order issued by the foreign Intelligence Surveillance court is sort of prong one. Alternatively, in addition, theres a subsequent prong that allows the dni and Foreign Intelligence Court, provided they go back within i believe seven days and file the appropriate paperwork with the foreign Intelligence Surveillance court. So thats the kind of key authorization language that you have in the statute. But im going to take a detour here. And were talking about section 702, but i think a brief two minute detour to talk about section 704. The reason i wanted to do that is because a lot of discussion of section 702 you hear people talk about lack of proximate cause, and just to provide the context there, section 702 relates to nonyoouz persons. And section 704 by contrast targets u. S. Persons outside the United States. And notably this is the statutory language from section 704, theres a proximate cause prong in that. So people often will contrust the proximate cause requirement that must be satisfied for section 704 with the absence of such requirement for collections under section 702. And again in section 704 theres a definition which identifies some key features of what proximate cause is. And again, that language is not in section 702. So we turn now to section 702 and well talk about what is foreign intelligence information. Theres a definition of that, and theres sort of a twoprong definition and the second prong sort of soothes the first. Well talk about both. This is one of two slides on this. Its information, and this is sort of what youd expect, addressing an actual or potential attack, sabotage, international terrorism, or clandestine intelligence activities by a foreign power. So thats foreign intelligence information. Theres an additional portion of the defernition is broader, and thats this right here. Its information with respect to a foreign power that relates to and concerning u. S. Persons necessary to the National Defense or the superiority of the United States or the conduct of the Foreign Affairs of the United States. So i think its reasonable that everything in this slide, attacks and international terrorism, and clandestine intelligence, you can argue theyre sort of consumed by these. So this to me sort of defines the scope of this. So one of the things that people discuss is what is the scope of foreign intelligence information and how broadly should that be interpreted . But thats the statutory language there. Theres the limitations here. And i want to go through each of these because its important to remind myself and remind us all what you cant do. So first of all crur not allowed to target any person where if you know that person is inside the United States. You also cant target a person outside the u. S. If the purpose is to target somebody get information on somebody inside the u. S. So for example, lets suppose i am communicating im in the United States, im me, im communicating with someone outside the u. S. And if the government were to want to get my communications, they couldnt use section 702 to do an end run around requirements, and say lets go get communications outside because then were going to get johns communication as well. This is explicit under title 702 here. Youre not allowed to go after u. S. Persons. So even if that persons outside the United States, that no way relieves the obligations to cspan needs you to speak from the podium. Okay, sorry. Cspan needs me to speak from the podium. Okay, and then lets see number four, youre not aloed to do required communications where everybodys inside the United States. So section 702 cant be used for that. And finally and obviously incredibly importantly, everything has to be done in the manner consistent with the Fourth Amendment. So thats something you cant do under section 702. So what happens is the attorney general and the dni basically provide to the forage Intelligence Surveillance court the certification explaining why theyve met all it requirements and whyd theyd want to get an order to target to the acquisition. Theres a second thing i mentioned before and if thats invoked, then they have no later than seven days after that they then have to provide the paperwork for the courts. So these are two sorts of prongs of how you can proceed on this. Solet me move this over so i can see this a bit better. We talked about this a lot with section 702 in targeting and minimization. So targeting refers to the set of procedures designed to make sure the persons who are targeted do is satisfy the requirements of section 702. In that theyre located outside the United States, and theyre explicitly subjected to review by the Foreign Intelligence Court. So theyll look at the the procedures and either accept or reject them. Another phrase you see a lot is minimization. And minimization is something that gets developed by each relevant unit of the Intelligence Committee. And it also is subject to review by the foreign Intelligence Surveillance court. And whats interesting if you look at tha whats interesting is that is that law doesnt say expectply what the minimization procedures are. What it says is what they must do, what they must satisfy. In other words, the details arent laid out here, but what it must do is defined here. And it aims to protect acquisition and retention and dissemination of notpublicly available information about u. S. Persons. Again, i bold faced this, number two, the protection against identifying u. S. Persons. And then item four also has protections against u. S. Persons. Interestingly, item three here is evidence of a crime, it is being or about to be committed. This is only one of these prongsthality doesnt explicitly have a u. S. Card added. So it looks at all this stuff and then itll look at targeting and look at the certification thats submitted by the attorney general and dni and look at the minimization procedures. And if all of those pass, you can assure an order pursuant to which the dni and attorney general can authorize the collection. So this is if the court finds that the certification has all required elements, it addresses targeting minimization, the Fourth Amendment is satisfied, then the court has to prove acquisition. So thats how it works. So what happens is you can compile pel an Electronics Communications provider to provide the government with assistance to accomplish the acquisition. So the government would engage with one of the regular companies that provides the Communication Services that are the subject of potential acquisition, and the government will reimburse the company for having done so. And theres also a liability shield as well. So a company that receives an order or directive to then, you know, perform an acquisition cant then be sued by somebody claiming that theyre information was acquired without their consent, because theres a liability shield associated with that. In terms of over sight, theres ap kind of host of mechanisms that kind of range from mechanisms internal to an element of the Intelligence Committee out to grelgs committe committees and beyond. The Inspector General of the department of justice and the specter general of each element, they can review concompliance. At least twice a year the attorney general and dni assess compliance with respect to minimization procedures. Twice a year they select a report, and once a year and it just happened a couple of weeks ago, dni publishes a report, basically a tranceparence report that identifies a number of information, including section 702 orders, search terms, queries, and so on. They do this every year, and like i mention said, just a month or so published that report for a calender year, 2016. So these are examples of some of the over sight mechanisms that are built into the wall. Another form of oversight or disclosure is that fisk rulings are redacted and then published by the officer of director of National Intelligence. So theres a tumbler. Com. Many of you may have seen this, ive seen on the record where you can go and download rulings, significant rulings as well as other documents that dni has chosen to publish in relation to section 702. And then in addition the companies that receive the 702 directives are allowed to do reporting. And theres a complicated set of formulas in exactly what they are and not allowed to report and how they round the numbers how precisely they round the numbers of what they report. But theres explicit provision that allows those companies to for report the number of directives, rounded to some number, that theyve actually received. So theres kind of, like i said, a layered set of oversight mechanisms. So thats the kind of statutory framework. Im going to briefly talk about some of the kind of operational things that inevitably happen and sometimes lead to discussion of section 702. So just as the fundamental key point here is section 704 targets u. S. Persons, but nonetheless its just statistically inevitable. If youre conducting many, many acquisitions, if the number gets large enough even though there was no express intent to require communication of a u. S. Person, just statistically that is going to happen on some instances. And that is sometimes used identified using the term intendal collection. So youll see that term discussed in relation to section 702. Another term you might see is mct which stands for either multiple communication tranceations or multicommunication trance actions. And the idea there is you can have lawful interpretation of a particular communication. But because that communication is bundled with other communications, you can then unintentionally sweep in communications that you wouldnt have necessarily been specifically trying to get. So that is used, the phrase mct, the acronym is used to describe that. So im going to talk about down stream, and up stream collection. Ill use nsas own language to describe these things. As nsa has described in a press releas