FBI Tightened Rules for Searching NSA Database After FISA Court’s Criticism

September 8, 2020 Updated: September 8, 2020

The FBI late last year raised its requirements on agents who seek to search an NSA foreign intelligence database for information on Americans, declassified documents released on Sept. 4 show.

The changes, aimed at preventing abuse of the database and privacy violations, came after years of criticism by the Foreign Intelligence Surveillance Court (FISC), a judicial body that checks whether the government uses its extensive spying powers properly.

The requirements stipulate that agents must write a justification for each search of the database that involves a U.S. person.

During a recent background call with the media, a senior FBI official said that the FBI in fact only implemented the new query justification reporting in December 2019.

The bureau “re-trained the entire workforce” on the new reporting criteria, the official said.

The court, led by District Judge James Boasberg, gave the FBI a pass, saying it’s “not altogether surprising” that FBI personnel still need help measuring each query against the proper legal standard.

“The FBI is really just starting to implement that documentation requirement on a comprehensive basis,” Boasberg said in his Dec. 6 opinion (pdf).

The NSA database is supposed to only collect communications, such as emails and phone calls, of foreigners located outside the United States, as outlined in Section 702 of the Foreign Intelligence Surveillance Act (FISA). In practice, however, communications of Americans end up in the database when they communicate with anybody on the target list. In 2019, the NSA targeted over 200,000 individuals, the Director on National Intelligence reported (pdf).

The FBI is allowed to search the database for information on Americans as long as the queries are “reasonably likely to return foreign intelligence information or evidence of a crime.” A new rule established in 2017 states that if the search is related to a criminal investigation, it must be linked to national security or a threat of serious physical harm, otherwise the FBI would need to go to the FISC for a separate court order.

In practice, the FBI has many times violated the rules and searched the database for all sorts of impermissible reasons, the FISC has found.

In March 2016, the Department of Justice (DOJ) found out that some contractors had access to “raw” Section 702 information on FBI systems “that went well beyond what was necessary to respond to the FBI’s requests,” FISC said in an April 2017 opinion (pdf).

In 2017, Congress passed the FISA Amendments Reauthorization Act, which imposed additional restrictions and reporting requirements on the use of Section 702 information.

But problems persisted.

In 2018, the FISC criticized the FBI for its practice of bundling many targets into one query with a justification that only applied on the whole, but not necessarily to each individual target. The DOJ found a number of other instances when the FBI used the database improperly, including to vet some of its prospective sources.

The full extent of the problems was hard to gauge, though, because the FBI was not tracking which queries were related to Americans and which were not.

The court thus told the FBI it needs to make its agents identify each query related to U.S. persons and write a justification for each.

In 2019, however, the DOJ informed the FISC of dozens more improper searches of the database, such as to vet a potential source, to vet a local police officer candidate, and to vet a maintenance crew visiting an FBI office.

In one incident, the FBI ran queries on about 16,000 people, but the DOJ found that only seven of them were legitimate targets.

Follow Petr on Twitter: @petrsvab