The fight brewing in Congress over how to reauthorize a key surveillance tool
Nearly a decade ago, FBI agents arrested a 24-year-old legal permanent resident from Afghanistan in the U.S. who was charged with conspiracy to bomb the New York City subway system.
A tool approved by Congress in 2008 helped federal officials catch this man, Najibullah Zazi, and prevent him from carrying out his plot. That tool is set to expire Dec. 31, and a debate has been brewing among lawmakers about where a reauthorization should fit on the spectrum of balancing broad surveillance powers and protecting individuals' privacy.
To unravel the 2009 plot, officials relied on the authority provided by the Foreign Intelligence Surveillance Act's (FISA) Section 702. They used it to expose an email address used by an al Qaeda courier in Pakistan, which revealed communications with an unknown person located in the U.S. who was seeking advice on how to build explosives. The National Security Agency (NSA) passed the information along to the FBI, which identified the man as Zazi. After he and his co-conspirators were arrested, the Privacy and Civil Liberties Oversight Board, an independent executive branch agency, said that, "Without the initial tip-off about Zazi and his plans, which came about by monitoring an overseas foreigner under Section 702, the subway bombing plot might have...succeeded."
Congress is now wrestling with how to modify the program, last renewed in 2012, and dubbed the "crown jewels of the intelligence community" by former FBI Director James Comey. Documents leaked by former NSA contractor Edward Snowden in 2013 revealed that the government has used this capability to collect data, which has intersected with Americans' communications.
The program authorizes the government to collect electronic communications of foreigners outside of the U.S. and acquire foreign intelligence information, sometimes crossing paths with communications involving Americans. The program cannot be used to specifically target Americans anywhere in the world, it cannot be used to target anyone located inside the U.S. and it cannot be used to target a foreign person while intending to obtain communications of an American.
A lengthy 2014 report by the Privacy and Civil Liberties Oversight Board said that the "the information the program collects has been valuable and effective in protecting the nation's security and producing useful foreign intelligence" and it had found "no evidence of intentional abuse."
Several proposals to tweak the program have been pending in both chambers. Here's what they aim to do:
Extend FISA through 2025, but add more transparency: Senate Intelligence bill
In late October, the Senate Intelligence Committee advanced the FISA Amendments Reauthorization Act, offered by Chairman Richard Burr, R-North Carolina, which would extend the sunset of FISA to Dec. 31, 2025. It would require more transparency for Sec. 702 targets through reporting to Congress, provide additional privacy protections for U.S. citizens and enhance penalties against leakers, among other provisions. The legislation would require the attorney general and director of national intelligence to adopt clear procedures for querying data acquired incidentally under Sec. 702. It would also codify a practice known as "about" collection that the NSA halted earlier this year in which Sec. 702 collected Americans' emails and text messages that were exchanged with people abroad that just mentioned targets or information like email addresses for foreigners whom the agency was spying on.
Extend FISA through 2023, but add protections: House Judiciary bill
The House Judiciary Committee recently advanced its measure, the USA Liberty Act, sponsored by Chairman Bob Goodlatte, R-Virginia, and Ranking Member John Conyers, D-Michigan. While they said their bill preserves the core purpose of Sec. 702 to prevent terrorist plots, it would create a new framework of protections and transparency requirements to protect civil liberties.
The bill stresses that the main reason to to query 702 databases is to return foreign intelligence information. If the government, however, wants to access content from the databases in criminal investigations, the bill would require the government to first obtain a warrant from the Foreign Intelligence Surveillance Court (FISC) with some exceptions including communication with a known terrorist and emergencies.
It would reauthorize Sec. 702 for another six years through Sept. 30, 2023.
The Department of Justice opposes the measure, according to lawmakers, and Attorney General Jeff Sessions said last week that the original act, as passed and previously reauthorized, is constitutional, suggesting he would prefer a "clean" reauthorization.
"I believe it works and I am worried about additional burdens, particularly a warrant requirement which could be exceedingly damaging to the effectiveness of the act," Sessions said. "We're willing to talk to you about some of the concerns that exist out there. Hopefully we can work our way through it and accept the concerns and fix the concerns you have without going too far."
Meanwhile, the American Civil Liberties Union (ACLU) said that the bill "falls short" from what's needed to protect Americans from warrantless government surveillance.
"The bill would still allow the CIA, NSA, FBI, and other agencies to search through emails, text messages, and phone calls for information about people in the U.S. without a probable cause warrant from a judge," said ACLU Legislative Counsel Neema Singh Guliani in a statement.
End "about" collection: Leahy-Lee bill
On Friday, Sens. Patrick Leahy, D-Vermont, and Mike Lee, R-Utah, teamed up to introduce the USA Liberty Act, modeled after the House Judiciary bill. It would codify an end to "about" collection, increase protections for queries of Sec. 702 data and extend warrant protections to Americans and people in the U.S. for queries of Sec. 702 contents in both national security and ordinary criminal investigations.
Tighten rules about surveilling Americans: Wyden-Paul bill
Two major privacy advocates -- Sens. Ron Wyden, D-Oregon and Rand Paul, R-Kentucky -- have unveiled the USA RIGHTS Act. Sens. Bernie Sanders, I-Vermont, Dean Heller, R-Nevada, and Elizabeth Warren, D-Massachusetts, are among those backing the bill. It would require government officials to obtain a warrant before searching further into Sec. 702 data for communications involving Americans. A bipartisan group of lawmakers have introduced a companion bill in the House.
The Constitution Project has endorsed the Wyden-Paul bill, says senior counsel Jake Laperruque, who called Sec. 702 "one of the most invasive surveillance authorities we've seen in the modern era."
"It's really significant that you have this authority, that without ever obtaining probable cause or suspicion or going to a court for any type of approval for individualized surveillance, targets over 100,000 people," he said.
Clean reauthorization of 702, make permanent: Cotton bill
Earlier this year, Sen. Tom Cotton, R-Arkansas, introduced legislation that would offer a "clean" reauthorization of Sec. 702 and extend the program permanently. Sessions and Director of National Intelligence Dan Coats endorsed a clean, permanent reauthorization in a September letter to congressional leaders.
In an effort to persuade Congress to back a clean reauthorization, senior Trump administration officials have pointed to a series of cases in recent months.
The NSA, for instance, tracked down the man who was second in command for the Islamic State in Iraq and Syria, Haji Iman, using Sec. 702's collection authorities. Director of National Intelligence Dan Coats revealed the operation to the public, declassifying it for an open congressional hearing earlier this year. The NSA, and other intelligence community agencies, spent over two years from 2014 to 2016 searching for Haji Iman. Using 702, they collected intelligence involving Haji Iman's close associates and ultimately identified his location and tracked his movements, Coats said. In March 2016, U.S. forces tried to capture Iman and two of his associates by shots were fired at the aircraft used by the U.S.
"U.S. forces returned fire, killing Haji Iman and the other associates at that location. Subsequent -- subsequent Section 702 collection confirmed Haji Iman's death," Coats described to lawmakers. "As you can see from this sensitive example, Section 702 is an extremely valuable intelligence collection tool, and one that is subject to a rigorous, effective oversight program."
The U.S. also used information collected through 702 to help Turkish authorities nab the man responsible for the attack on an Istanbul nightclub earlier this year. NSA Director Admiral Mike Rogers has also publicly confirmed that the intelligence community used Sec. 702 to support its conclusion that Russia tried to interfere in the 2016 presidential election.
In the nearly 10 years since Congress enacted the legislation that established Sec. 702, Coats said that there have been "no instances" of intentional violations of 702. Out of three billion Internet users, there were 106,469 authorized targets in 2016 and about 1,939 Americans were unmasked last year based on data collected under Sec. 702.
A "senior NSA analyst" told reporters in September that when section 702 was started in 2008, it was a "game changer," and has become a "critical tool," and a "critical essential ingredient" in the fight against terrorists living overseas. A "senior US government official authorized to speak on behalf of his agency," called 702 legally "irreplaceable," and the "single most important statute the NSA has."
A former senior intelligence official told CBS News that lawmakers don't seem to fully grasp the extent of how Sec. 702 is used.
"It is used for more than terrorism and I think that people tend to forget that. It's an important source of foreign intelligence in a number of areas," the source said. "Although some of the uses are classified, the government has said that among other things, it's used in cyber crime and combating the proliferation of weapons of mass destruction. It's not only a counterterrorism tool, and I think for that reason some of the proposals that say it should only be used for terrorism are missing the mark."
None of the bills that are pending would prevent officials from using 702 for other foreign intelligence purposes besides terrorism.
Because lawmakers are divided over a reauthorization, experts say it's difficult to predict which of the legislative measures will prevail. Congress may even have to approve a short-term extension to buy more time for negotiations.
Laperruque said he suspects there will be "hype to get this done" because the program could shut down sooner than the end of the year.
"For a program of this scale, the [intelligence community] has to sort of go into a wind-down mode a couple of weeks earlier than that. They can't just shut off 702 on New Year's Eve," he said. "They both for logistics, and the way their systems work, start preparing for that in advance. Because this is a significant collection authority they need to brace for what happens if the system gets turned off and they lose their ability to collect for a day or even for a few hours."
CBS News' Andy Triay contributed to this report.