One of the most hotly debated aspects of Section 702 is the practice of querying 702-acquired data using U.S.-person identifiers—in particular, queries conducted by the FBI in non-national-security criminal investigations. Some label these “backdoor searches,” although the Foreign Intelligence Surveillance Court has held that such queries are not searches that trigger the Fourth Amendment’s warrant requirement.
Even assuming that the practice is constitutional, however, it nonetheless raises legitimate civil liberties concerns. General Michael Hayden quipped yesterday that “even to this former director of NSA, using U.S. person data to query the lawfully collected foreign intelligence is a not trivial privacy question.”
The challenge for observers has long been assessing the scale of the potential privacy problem. The FBI told the Privacy and Civil Liberties Oversight Board that it is “extremely unlikely that an agent or analyst who is conducting an assessment of a non-national-security crime would get a responsive result from the query against the [FBI’s] Section 702-acquired data.” (Note that the FBI only receives data from 702’s PRISM, or downstream, component; until last week’s major change to 702’s upstream component, upstream was far more likely to pull in some wholly domestic communications.) But that failed to assuage many critics, perhaps because “extremely rare” lacks the power of a simple number.
Read the full article at Lawfare.