Remarks as Prepared for Delivery
I’m in charge of the National Security Division at the Department of Justice. We are responsible for investigating and prosecuting terrorists, spies and the wide range of threats posed by our most capable and dangerous nation-state adversaries. But I will tell you that the issue at the top of my mind every day is how we are going to make sure that Section 702 of the Foreign Intelligence Surveillance Act (FISA) is reauthorized. 702 is the foundational authority for our efforts to protect the nation.
For those of you who are less immersed in the world of FISA, let me pause and provide some background. Section 702 is the law that allows the Intelligence Community (IC) to collect the communications of non-U.S. persons located overseas, who are communicating foreign intelligence information, and who are using U.S. communications services.
Unless Congress acts, Section 702 will expire at the end of the year. Renewing this law before it expires is among the most consequential national security decisions we face as a country.
There isn’t a day that goes by that I am not meeting with Justice Department leadership and speaking to counterparts at the FBI, the Intelligence Community and the National Security Council to coordinate our efforts to ensure the United States retains its most valuable collection authority.
Day after day, we are working with members of Congress and legislative staff to move toward bipartisan, common-sense solutions to protect the safety and liberties of Americans.
The urgency and pace of this daily work does not leave me much time to step back and assess the broader picture. I’d like to take this opportunity today to take stock of the progress we’ve made and the work we have left to do.
In February of this year, the Attorney General and the Director of National Intelligence wrote a letter urging Congress to swiftly reauthorize 702, stating that it would be impossible to replicate the speed and agility of this invaluable tool. That same day I delivered remarks in D.C. to make the affirmative, public case on the value of 702 overall and to communicate the robust protections in the law. It was also important to take responsibility for serious compliance errors and to commit to redoubling our efforts to ensure those mistakes didn’t happen again.
Today, eight months later, I am optimistic that Congress will vote to reauthorize 702 with bipartisan support before it expires. Before turning to the path forward, let me talk a little bit about how we got here and the three major areas where I see progress.
First, we have made the case for the fundamental value of Section 702. We have demonstrated how 702 enables the U.S. government to gain intelligence about our most pressing threats. We have done this both with classified examples to Congress and with declassified examples for the public. This includes intelligence about terrorism as well as growing threats from nation-state adversaries. We have shown, for example, how Section 702 gives us insight into the Chinese government’s efforts to spy on us and steal our technology; North Korea’s nuclear program; and Russia’s further invasion of Ukraine.
702 is incredibly valuable in the cyber realm as well. It played a key role in our response to the cyberattack on Colonial Pipeline. Using 702, we acquired information that verified the identity of the hacker, as well as information that enabled our efforts to recover the majority of the ransom payment.
702 has also provided intelligence in the fight against the global fentanyl threat. It has enabled intelligence agencies to monitor the production of fentanyl overseas and to trace precursor chemicals back to China.
At this point, there is clearly broad consensus that the intelligence we get from Section 702 is irreplaceable; and there is no serious dispute over its value in protecting Americans.
Second, we have made progress in explaining how the FBI and the Intelligence Community use 702 to keep Americans safe. This includes demonstrating the critical importance of what are often referred to as “U.S. person queries.”
This is a central issue, so let me step back to give more context. When I say a “query,” I mean using a term to retrieve specific information that already is lawfully in the government’s possession. It is like finding some particular bit of information in your email inbox — you probably don’t read every single email. You enter a keyword to find what you’re looking for quickly within what is already stored in your inbox.
The ability to query 702 data is what makes it possible to actually use the information the government has collected to identify and disrupt threat streams, defend warfighters and inform policymakers. It is a way of sorting and sifting through already lawfully collected information, just as the government does with other sets of information.
And in many cases, queries of 702 information using identifiers associated with U.S. persons – for example, the name or email address of a U.S. person – are essential to identify links between foreign actors and threats inside the United States.
This is particularly true for the FBI, which is the only agency with the authority to act inside the United States to protect us from threats emanating from overseas. It’s especially important for the FBI to conduct U.S. person queries at the early stages of a national security investigation, whether to run down a terrorism or cyber-related lead, or to enable the FBI to warn and protect victims of foreign hacking or spying.
For example, if the FBI learns that a spy working for the People’s Republic of China (PRC) has a list of U.S. phone numbers on their phone, FBI investigators may query FBI 702 data with those phone numbers – and some of them may be U.S. persons’ phone numbers – to help identify others working for the PRC or even potential victims of PRC espionage. And this is not just hypothetical. The FBI, in fact, was able to disrupt an ongoing assassination and kidnapping plot, in part, because FBI investigators searched their 702 data with U.S. person identifiers and quickly discovered the nature and extent of the plotting.
Finally, we have implemented significant improvements on top of the protections already in the statute and guidelines for 702. Under the requirements of Section 702, every year the government submits for FISA court approval a set of stringent legal requirements for how the Intelligence Community can collect, retain, disseminate and query information using Section 702. Each agency must have internal compliance mechanisms to ensure they are abiding by those rules.
National Security Division lawyers audit each agency’s compliance with those procedures to assess collection decisions, review queries, examine disseminations of 702 intelligence that may contain U.S. person information, and remediate incidents of non-compliance so that we don’t repeat them. We report every instance of non-compliance to both the FISA court and to Congress. The IC’s track record of compliance is part of the court’s annual consideration of whether to approve the Section 702 program for another year.
The reality is that the strength of these protections rests on the rules being followed every time. In the past several years, however, we have identified and reported certain compliance issues with FBI’s use of U.S. person queries. These kinds of errors are unacceptable. We recognized that to maintain the trust of Congress and the American public, we could not wait on legislation to address these problems.
That’s why we have implemented several key remedial measures to bolster compliance. The FBI has made major changes across the board to its systems and its policies.
And we are seeing the results. These remedial measures have had quick and dramatic impacts. There was a 93% decrease in FBI U.S. person queries from 2021 to 2022, thanks largely to imposing an opt-in requirement in FBI databases to prevent individuals querying 702 information without intending to do so. A new requirement to obtain preapproval prior to running “batch job” queries has similarly dramatically reduced the number of mistakes. A FISA court opinion from earlier this year reported a 98% compliance rate with the query standard.
We also have to reinforce compliance regimes with accountability. That’s why, earlier this year, the FBI implemented new policies for holding their workforce accountable for FISA compliance. These changes ensure that those trusted with FISA access are held to a high standard, and that if they do not meet that standard, clear steps are taken – from revoking their FISA access to referring their conduct for further disciplinary action, including termination.
But even though we’ve made progress demonstrating the value of 702 and improving compliance, we know there is more work to be done. Which brings me to the crux of the legislative debate as it currently stands – what additional reforms may be needed regarding the FBI’s ability to query its 702 holdings.
We are engaging every day with Congress to consider changes that enhance privacy and compliance without compromising Section 702’s effectiveness. One clear starting point would be to codify into law the remedial measures the FBI has implemented.
Now, let me address one component of the debate head on – that is the question of whether court approval should be required before the FBI can look at 702 data in its holdings. Then I’ll explain why I am convinced that such a requirement is both misguided and dangerous.
As a threshold matter, a so-called “warrant” requirement is not legally necessary. Neither the statute nor the Fourth Amendment require a warrant or other court order for a U.S. person query. Every court that has addressed this issue, including three U.S. circuit courts of appeals, has reached that same conclusion.
And more importantly, choosing as a matter of policy to impose a court-review process for U.S. person queries will actually make the country less safe.
Fundamentally, in fast moving national security investigations, there just isn’t time to go through the lengthy process generating a court filing, reviewing it appropriately, filing it, having it reviewed by a FISA court adviser, and finally obtaining from a FISA court judge a court order, which can take weeks. A delay of even a few days could be the difference between warning a critical infrastructure company in time to prevent their systems from being compromised. It could be the difference between catching a foreign intelligence officer in the act of stealing classified information versus doing damage control after they’ve already passed the information to our adversaries.
Even if the court could transform itself entirely to move at operational speed, some queries simply could not meet a probable cause showing or some other heightened legal standard. In most cases, the government is conducting queries in the earliest moments of an investigation, reviewing the data in its possession at a time when there may be little available information about a potential threat. In an early-stage espionage investigation, for example, the FBI may not know whether a U.S. person is a victim of malign foreign activity or a co-conspirator. In fact, one purpose of the query is to help answer precisely that question.
The misguided focus on prior court approval has made it more difficult to see the genuine, compromise solutions that do exist. Given the stakes, it is important to respond clearly and forcefully to damaging warrant proposals. We must be clear that the Constitution simply does not require a warrant for the FBI to examine its lawfully collected holdings, even using U.S. person queries.
But that does not mean we don’t recognize the real privacy implications for Americans. To the contrary, the existing laws and procedures impose several specific protections for the handling of U.S. person information. This is in addition to the protections designed to protect everyone, regardless of nationality.
Likewise, as every intelligence agency leader has made clear, prior court approval is not operationally feasible. But that does not mean we oppose any measures that might make it harder or create more work for those charged with protecting the country. I am confident that reforms can generate concrete and meaningful protections, while preserving the basic value of this authority.
As we look at potential reforms, we are focused on questions like: what lessons should the FBI draw from highly successful compliance models at places like NSA, including requiring a second set of eyes on queries and reviews by agency lawyers? How much operational delay would be consistent with specific mission requirements, to allow for additional protections and review? If calls for judicial involvement are really meant to address a trust deficit, rather than imposing new legal thresholds, can trust be bolstered with post-query review in a way that avoids dangerous operational delays?
The touchtone question for me remains: does a proposed reform meaningfully address the underlying concern without undermining the operational efficacy of 702?
These are tougher calls than the false binary choice between an operationally devastating warrant requirement versus sticking with the status quo. I am encouraged by the progress we have made in this debate, even as I recognize the challenges ahead.
The path to reaching compromise and consensus requires more effort than staking out extreme positions and hoping the other side blinks before the clock strikes midnight.
But we are committed to continuing the hard work to find the right solutions on behalf of our fellow citizens.
Comments
No comments on this item Please log in to comment by clicking here