The future of FISA
News that court-approved Foreign Intelligence Surveillance Act (FISA) searches dropped to new lows in 2020 hit the papers recently, and it raised some eyebrows as well as speculation as to the root causes of the drop. Despite that speculation, current events such as the recent Colonial Pipeline ransomware attack and the continuing and increasing threats of cyber and other foreign terrorism have made it clear that FISA is more necessary than ever.
Does there need to be a commitment to protecting the Fourth Amendment rights of U.S. citizens? Absolutely. Following those guidelines and properly training FBI analysts who use the raw data from the NSA will ensure that analysts’ FISA wiretapping and surveillance requests are made ethically and correctly and will continue to be a powerful resource in fighting foreign terrorism.
Why the drop in FISA requests?
The decline in FISA requests has been ongoing for the last three years. However, the significant decrease in 2019 was primarily the result of two events: the FBI overreach when it wiretapped former President Trump campaign advisor Carter Page, and the COVID-19 pandemic, which halted travel both within the US and internationally. This suppressed the opportunity for physical terrorism threats on American soil by foreign actors. It was natural then, for there to be less of a need for wiretapping foreign suspects, at least in the short term. As the pandemic recedes, that will change.
The Carter Page overreach, coming a few years after the Edward Snowden leak, caused a couple of black eyes for the NSA and the FBI. It’s also indicative of an ongoing problem. As a former intelligence analyst, I know how it is. It’s our job to seek out that information and make the correlations with foreign adversaries, thereby preventing an attack or identifying perpetrators.
When you’re in a SCIF (sensitive compartmented information facility), you are required to minimize the viewing pane when you discover the information doesn’t pertain to your investigation. But it’s not always easy to discern when you need to follow up or look away. You get into a groove, you’re looking at all this raw data, and without consistent and reinforced training, it’s too easy to expand the scope of your research.
Partly for these reasons, I think it’s very likely the number of infringements is vastly underreported. Authorities have already implemented one change that is going to help a lot: they have eliminated a preview pane that included additional data on other searches. But we need stringent adherence to regulations and a renewed commitment to training.
There has always been natural ebb and flow to FISA requests. In part that’s due to what’s happening in the global arena. There won’t always be a pandemic of course, and geopolitics change all the time. We don’t need to loosen FISA restrictions to meet those threats. We need a strong FISA with privacy protections for Americans, and we need well-trained FBI employees who understand the restrictions in place and how to work within these guidelines.
How must FISA change?
I joined the FBI in 2004 and the Secret Service in 2008, which was the year that FISA was amended with stronger regulations around search requests that strengthen protection of US citizens’ right to privacy. We’ve come a long way since then. If anything, the need for a surveillance and wiretapping to counter foreign threats is stronger than ever, especially nowadays, as we deal with cyber threats against our infrastructure and social institutions. But to ensure FISA’s effectiveness, it must adhere to those procedures and prevent scope creep.
The most important task ahead is for the FBI to double down on a commitment to train analysts and to respect and protect Americans’ right to privacy. This may make it more difficult for intelligence analysts to seek private information on Americans who were suspected of colluding with foreign adversaries. I’m not sure how we can go about remedying that, but the first step is to re-educate and re-train analysts on how we go about these investigations from the jump.
Make no mistake: it’s of vital importance that analysts focus only on national security and not broaden the scope of their research into off-limits areas. I’m a big proponent of this hard line, because without it, that’s where we get into trouble.
Why we need FISA
In the cybersecurity field, international cyber terrorism is the biggest threat the country is dealing with right now. The attack on the Colonial Pipeline, any kind of attack on our grid or infrastructure – these are the things that keep me up at night. Whether these are enemy state attacks or individual foreign actors, we need all the tools we can muster to prevent and mitigate these attacks.
It doesn’t take much to invoke fear and cause chaos. The Colonial Pipeline ransomware attack brought about the shutdown of the pipeline by the company for a couple of days. But the main cause of the gas shortage was the hoarding that resulted from the panic. And these sorts of attacks can be instigated from outside the country and abetted by cooperation from bad actors in the U.S.
Combined with traditional physical terror threats instigated by countries that want to cause us harm economically and influence our democratic institutions, it’s clear we need FISA as much now as ever.
What does the future hold?
I expect to see changes in how the FISA courts view foreign intelligence in a post-COVID world. There are a lot of remote capabilities in how criminal misconduct is occurring, which is exactly the sort of threat that FISA can help counter. It’ll be interesting to see how courts might allow the federal government or intelligence agencies a bit more leeway in extenuating circumstances, based on the intelligence request. We’ve always had the ability to act immediately in cases of national security, and it’ll be interesting to see if the courts will lean that way in the future.
At the same time, I expect that FISA will be under a microscope in coming months and years. I predict a great deal of micromanagement and public scrutiny, as officials try to stay on the right side of privacy laws and out of the public eye. I expect the FBI and the NSA to commit to ensuring that FISA search requests adhere to the law and don’t go beyond the scope of the request.
Otherwise, any more missteps will be more than just bad publicity – they will cause an erosion of public trust and hamper our nation’s security experts in their ability to provide actionable intelligence.