====== Incidental Collection: The Ultimate Guide to FISA, Section 702, and Your Privacy Rights ====== **LEGAL DISCLAIMER:** This article provides general, informational content for educational purposes only. It is not a substitute for professional legal advice from a qualified attorney. Always consult with a lawyer for guidance on your specific legal situation. ===== What is Incidental Collection? A 30-Second Summary ===== Imagine the government is a fisherman with a special permit to catch a very specific, dangerous type of shark (a foreign terrorist) in the deep ocean (the global internet). The permit, called a `[[fisa_warrant]]`, only allows them to target that one type of shark. However, to catch it, they use a massive net. As they haul in the net, they not only catch the target shark but also many dolphins (the emails, texts, and calls of ordinary Americans) that happened to be swimming nearby or communicating with the shark. This is the essence of **incidental collection**. It's the government's gathering of your private communications, not because they are targeting you, but because your data got swept up in a net legally cast for a foreign intelligence target. This practice, primarily authorized under `[[fisa_section_702]]`, sits at the heart of one of America's most intense debates: the constant, grinding tension between the government's need to protect national security and every citizen's fundamental right to privacy under the `[[fourth_amendment]]`. Understanding incidental collection is crucial to understanding the landscape of digital privacy in the 21st century. * **Key Takeaways At-a-Glance:** * **What It Is:** **Incidental collection** is the gathering of communications from U.S. persons without an individualized warrant when they are communicating with foreign intelligence targets who are under surveillance by agencies like the [[national_security_agency]]. * **The Impact on You:** **Incidental collection** means your private digital communications—emails, social media messages, video calls—can be collected and stored by the U.S. government if you interact with a non-U.S. person who is the target of foreign surveillance. * **The Core Controversy:** A key debate surrounding **incidental collection** is the "backdoor search loophole," where agencies like the [[federal_bureau_of_investigation]] can later search this massive database of data using Americans' names or emails for domestic criminal investigations, potentially bypassing traditional warrant requirements. ===== Part 1: The Legal Foundations of Incidental Collection ===== ==== The Story of Incidental Collection: A Historical Journey ==== The story of incidental collection is the story of America's struggle to balance security and liberty, a tension that exploded with the advent of digital communication. Its roots lie in the pre-digital era. In the mid-20th century, intelligence agencies engaged in widespread domestic surveillance against civil rights leaders, anti-war activists, and political opponents, often without any judicial oversight, under programs like `[[cointelpro]]`. Public outrage over these abuses led to a landmark congressional investigation in the 1970s known as the Church Committee. The committee's stunning report revealed a history of unchecked spying on Americans and concluded that "intelligence activities have undermined the constitutional rights of citizens." In response, Congress passed the **Foreign Intelligence Surveillance Act of 1978 ([[fisa]])**. This was a monumental compromise. It created a secret court, the `[[foreign_intelligence_surveillance_court]]` (FISC), to review government requests for surveillance warrants against foreign powers or agents of foreign powers on U.S. soil. For the first time, there was a legal process for foreign intelligence surveillance, but it was a process separate from the ordinary criminal justice system and its `[[probable_cause]]` standard. The digital revolution and the September 11th attacks shattered this framework. The internet erased physical borders, making it possible for a terrorist in Afghanistan to communicate instantly with someone in Ohio. The old FISA law, focused on individuals and specific phone lines, was seen as too slow and cumbersome for this new reality. In the wake of 9/11, the government expanded its surveillance powers, first through the `[[patriot_act]]` and then, more significantly, through the **FISA Amendments Act of 2008**. This 2008 law created the now-famous **Section 702**. Instead of requiring individual warrants, Section 702 allows the Attorney General and the Director of National Intelligence to authorize broad surveillance *programs* targeting non-U.S. persons located outside the United States to acquire foreign intelligence. It is this programmatic, high-volume collection that inevitably sweeps in the communications of Americans, giving birth to the modern era of **incidental collection**. The revelations by `[[edward_snowden]]` in 2013 brought these programs, like PRISM and Upstream, into the public spotlight, forcing a national reckoning with the sheer scale of this collection and its implications for every American's privacy. ==== The Law on the Books: Statutes and Codes ==== The legal architecture supporting incidental collection is complex, but it primarily rests on two pillars that are in constant tension with each other. * **`[[fisa_section_702]]` (50 U.S.C. § 1881a):** This is the engine of modern incidental collection. It does **not** permit the government to target a U.S. citizen anywhere in the world, or anyone within the United States. Its legal authority is strictly limited to targeting **non-U.S. persons reasonably believed to be located outside the U.S.** * **Statutory Language:** The law allows the government to authorize "the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information." * **Plain English:** The government can get a year-long programmatic order from the FISC to monitor vast streams of communications, so long as the *intended targets* are foreigners abroad. The law acknowledges that the communications of U.S. persons will be collected in this process and establishes rules, called `[[minimization_procedures]]`, for handling that data. * **The `[[fourth_amendment]]` to the U.S. Constitution:** This is the bedrock of American privacy rights. It protects citizens from "unreasonable searches and seizures" and states that warrants must be based on probable cause. * **Statutory Language:** "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause..." * **Plain English:** The government generally cannot search your property or communications without getting a specific warrant from a judge based on evidence that you have committed a crime. The central legal conflict is this: Does the large-scale, warrantless collection of Americans' emails and messages under Section 702—even if "incidental"—constitute an "unreasonable search" under the Fourth Amendment? Courts have largely struggled with this question, often dismissing challenges on procedural grounds rather than deciding the ultimate constitutional issue. ==== A Nation of Contrasts: Key Legal Arenas ==== Unlike a state law that varies from Texas to California, the rules for incidental collection are federal. However, the "jurisdiction" that matters is not geographic but institutional. Different parts of the government interact with this law in vastly different ways, creating a complex system of checks and balances. ^ **Institution** ^ **Role in Incidental Collection** ^ **What It Means For You** ^ | `[[foreign_intelligence_surveillance_court]]` (FISC) | Approves the broad Section 702 surveillance programs. It reviews the government's targeting and minimization procedures to ensure they comply with the law. Operates largely in secret. | The FISC is the primary judicial check on surveillance programs, but its non-adversarial, secret nature means its rulings and reasoning are rarely subject to public scrutiny. | | **Article III Federal Courts** | Hear constitutional challenges to Section 702 brought by civil liberties groups (like the `[[aclu]]`) and review the use of incidentally collected evidence in criminal trials. | These are the public courts where the legality of Section 702 can be challenged. However, it's very difficult for plaintiffs to prove they have been spied on, a requirement known as `[[standing_(legal)]]`, often leading to cases being dismissed. | | **Congressional Oversight** | The House and Senate Intelligence Committees are responsible for overseeing the intelligence community. Section 702 must be periodically reauthorized by a vote of the full Congress. | Congress holds the power of the purse and the law. The public debates during Section 702 reauthorization are a critical opportunity for the public to influence the rules governing surveillance. | | **The Executive Branch (DOJ, NSA, FBI)** | The `[[department_of_justice]]` and intelligence agencies draft the surveillance rules, carry out the collection, and use the intelligence. The `[[fbi]]` also conducts "backdoor searches" of the collected data. | These are the agencies that gather and use your data. Their interpretation and implementation of the rules have the most direct impact on your privacy. | ===== Part 2: Deconstructing the Core Elements ===== ==== The Anatomy of Incidental Collection: Key Components Explained ==== To truly grasp incidental collection, you need to understand its moving parts. It's not a single action but a multi-stage process. === Element: The Foreign Intelligence Target === The entire legal justification for Section 702 rests on its purpose: acquiring "foreign intelligence information" from **non-U.S. persons located outside the United States**. This is the "shark" in our fishing analogy. The government cannot use Section 702 to target an American citizen or a legal permanent resident. However, the definition of "foreign intelligence information" is broad, covering everything from terrorism and weapons proliferation to the foreign affairs of another country. * **Hypothetical Example:** The NSA believes a foreign national in Germany is an operative for a hostile intelligence service. They decide to target this person's email account under their Section 702 authority. This targeting is legal under the statute. === Element: The Collection Method (PRISM vs. Upstream) === The government uses two major methods to collect data under Section 702. * **PRISM Collection:** This involves the government sending a directive to a U.S.-based electronic communication service provider (like Google, Apple, or Meta) ordering them to turn over all communications associated with a specific "selector" (e.g., the target's email address or phone number). The company is legally compelled to comply and is forbidden from disclosing the order. * **Upstream Collection:** This is far broader. The NSA taps directly into the "backbone" of the internet—the massive fiber-optic cables and infrastructure that carry data across the globe. The agency uses powerful filters to search for communications to, from, or "about" a target selector as the data flows past. Because it's screening huge volumes of traffic, Upstream collection is more likely to sweep in purely domestic communications that happen to be routed overseas. === Element: The "Incidental" Collection of U.S. Person Data === This is the core event. An American's data gets collected because they are on the other end of a communication with a valid foreign target. * **Hypothetical Example:** You, a U.S. citizen living in Chicago, email your old college friend who now lives and works in Germany. Unbeknownst to you, your friend is the foreign national being targeted by the NSA. When you send your email, the NSA's PRISM collection system, which is monitoring your friend's inbox, legally acquires a copy of your email. Your communication has been **incidentally collected**. The same thing happens if your friend emails you. === Element: Minimization Procedures === Because the law anticipates incidental collection, it requires the government to establish **minimization procedures**. These are rules, approved by the FISC, designed to protect the privacy of U.S. persons whose data gets swept up. * **Key Rules Often Include:** * **Restrictions on Retention:** Data identified as belonging to a U.S. person that is not relevant foreign intelligence must be destroyed after a certain period (often five years). * **Restrictions on Dissemination:** There are strict controls on sharing U.S. person information with other agencies or officials. * **Use of Privileged Information:** Communications protected by `[[attorney-client_privilege]]` or other legal privileges have special handling requirements. * The effectiveness and enforcement of these procedures are a major point of contention for privacy advocates. === Element: The "Backdoor Search" Loophole === This is perhaps the most controversial aspect of the entire program. All the data collected under Section 702—including the incidentally collected communications of Americans—is placed into a massive, searchable database. While the *collection* was aimed at foreigners, the **search** of that database is a different story. The FBI can then search this repository using U.S. person identifiers (like an American's name, email, or phone number) for its own domestic criminal investigations, often without getting a warrant. Critics call this the "backdoor search" loophole because it allows the FBI to access Americans' private communications for purposes entirely unrelated to foreign intelligence, effectively bypassing the Fourth Amendment's warrant requirement. * **Hypothetical Example:** The FBI is investigating a domestic fraud case in Chicago. An agent runs your name through the Section 702 database. The search returns the email you sent to your friend in Germany. The agent can now read your private communication, which they would have otherwise needed a probable cause warrant to obtain. In 2021, the FBI conducted as many as 3.4 million such searches. ==== The Players on the Field: Who's Who in Incidental Collection ==== * **The National Security Agency ([[nsa]]):** The primary agency responsible for conducting foreign signals intelligence. The NSA operates the PRISM and Upstream collection systems. * **The Federal Bureau of Investigation ([[fbi]]):** A major consumer of Section 702 intelligence. The FBI uses it for counterterrorism and counterintelligence but also performs millions of "backdoor searches" for routine domestic criminal cases. * **The Foreign Intelligence Surveillance Court ([[fisc]]):** The secret court established by FISA that reviews and approves the yearly certifications authorizing the Section 702 surveillance programs. * **The Department of Justice ([[doj]]):** Along with the Director of National Intelligence, the DOJ's Attorney General is responsible for creating the program's rules and submitting them to the FISC for approval. * **U.S. Tech Companies:** Companies like Google, Meta, Apple, and Microsoft are compelled by law to comply with PRISM directives and turn over user data. They are prohibited from notifying the user. * **Civil Liberties Organizations:** Groups like the American Civil Liberties Union (`[[aclu]]`) and the Electronic Frontier Foundation (`[[eff]]`) are the primary public watchdogs, challenging the legality of these programs in court and advocating for legislative reform. ===== Part 3: Your Rights and Protections in the Digital Age ===== While you cannot stop incidental collection from happening, understanding your rights and the legal landscape empowers you to be an informed citizen and take practical steps to protect your digital privacy. ==== Step-by-Step: Understanding Your Rights in an Era of Mass Surveillance ==== === Step 1: Understand the Scope of the Collection === - Acknowledge that this is not about the government individually targeting you. It is about a system of programmatic surveillance where your data can be swept up. The risk is highest for those who communicate frequently with people outside the U.S., such as journalists, academics, lawyers, and business owners. === Step 2: Know Your Rights Under the Fourth Amendment === - Your constitutional right against unreasonable searches has not been erased. The core legal principle remains: the government needs a warrant based on probable cause to search your home, your property, and your digital "papers and effects." The central debate is whether a "backdoor search" of a pre-existing database constitutes a new search that requires a warrant. Many legal scholars and civil liberties groups argue forcefully that it does. === Step 3: Learn About Minimization and Querying Procedures === - Understand that there are rules in place, called `[[minimization_procedures]]`, that are supposed to protect your data. More recently, reforms have focused on "querying procedures," which are rules governing how the FBI can search the database. For example, recent FBI policy changes require higher-level approval for searches related to sensitive investigations. However, critics argue these internal rules are insufficient and a warrant from a judge is the only adequate protection. === Step 4: Follow the Legislative Debates === - Section 702 is not a permanent law; it must be reauthorized by Congress every few years. These reauthorization periods are the most important battlegrounds for reform. Pay attention to proposed amendments, such as those that would require a warrant for "backdoor searches" or increase public transparency. Contact your representatives to voice your opinion on the proper balance between security and privacy. === Step 5: Consider Digital Privacy Tools === - While no tool can guarantee immunity from state-level surveillance, using services that offer strong, end-to-end encryption can provide a powerful layer of protection. When a message is end-to-end encrypted, only the sender and receiver can read it. The service provider (e.g., WhatsApp or Signal) cannot decrypt and read the message, meaning they cannot turn over its content to the government even if served with a PRISM directive. ==== Essential Paperwork: Key Document Types Explained ==== You are unlikely to ever personally handle these documents, but understanding them is key to understanding the system's mechanics. * **Section 702 Certification:** This is the foundational document. It is a broad certification, signed by the Attorney General and Director of National Intelligence, and submitted annually to the FISC. It doesn't name individual targets. Instead, it describes categories of foreign intelligence targets (e.g., international terrorists) and the procedures the government will use to ensure those targets are non-U.S. persons outside the U.S. Approval of this certification authorizes the entire program for a year. * **FISC Court Orders:** The orders issued by the `[[fisc]]` are typically top secret. They approve the government's 702 Certifications and the associated minimization procedures. Declassified orders have provided the public with the most significant insights into how the court interprets the government's surveillance powers. * **`[[national_security_letter]]` (NSL):** While not directly part of Section 702, an NSL is a related tool worth knowing. It is a type of administrative subpoena used by the FBI to compel companies to turn over subscriber information, billing records, and other metadata without a court order. NSLs come with a gag order, preventing the recipient from ever disclosing that they received one. ===== Part 4: Landmark Cases That Shaped Today's Law ===== Challenging secret surveillance programs in public court is notoriously difficult, primarily because it's nearly impossible for an individual to prove they have been monitored. This legal hurdle, known as `[[standing_(legal)]]`, has defined the case law. ==== Case Study: Clapper v. Amnesty International USA (2013) ==== * **The Backstory:** A group of lawyers, journalists, and human rights organizations who frequently communicate with people overseas sued the government. They argued that there was a high probability their communications were being collected under the FISA Amendments Act of 2008, forcing them to take costly measures (like flying overseas for meetings) to protect confidentiality. * **The Legal Question:** Can a plaintiff challenge the constitutionality of a surveillance law based on a "reasonable likelihood" that their communications will be collected, or must they show actual proof of being monitored? * **The Court's Holding:** The Supreme Court, in a 5-4 decision, ruled that the plaintiffs lacked standing. The Court found their fear of being monitored was "speculative" and they could not present concrete evidence that the government was targeting their specific communications. * **Impact on You:** This ruling created a "catch-22" for privacy advocates. You can't challenge the secret surveillance program in court unless you can prove you've been spied on, but you can't find out if you've been spied on because the program is secret. It makes constitutional review of these programs exceedingly difficult. ==== Case Study: Wikimedia Foundation v. NSA (2015) ==== * **The Backstory:** The Wikimedia Foundation (the non-profit behind Wikipedia), along with other organizations, challenged the NSA's Upstream surveillance program. They argued that because Upstream vacuums up a massive amount of internet traffic, it was virtually certain that their communications with millions of users around the world were being collected and analyzed. * **The Legal Question:** Was Wikimedia's argument about the nature of Upstream collection strong enough to overcome the standing problem from *Clapper*? * **The Court's Holding:** The case has had a long and complex journey through the courts. While an initial dismissal was reversed, the plaintiffs have continued to face significant hurdles in proving their claims without access to classified information about how Upstream works. * **Impact on You:** This case highlights the unique challenges of challenging mass, indiscriminate surveillance like Upstream. It keeps the legal question of whether this type of bulk collection is constitutional alive, but its ultimate outcome remains uncertain. ==== Case Study: United States v. Mohamud (2012) ==== * **The Backstory:** In a domestic terrorism trial, the government notified the defendant that it intended to use evidence "derived from" Section 702 surveillance. This was one of the first times such evidence was used in a major criminal case. The defendant's lawyers challenged the use of this evidence as a violation of his Fourth Amendment rights. * **The Legal Question:** Is the warrantless surveillance authorized by Section 702 constitutional? Can evidence obtained or derived from it be used against a defendant in a criminal trial? * **The Court's Holding:** The District Court upheld the constitutionality of the surveillance and allowed the evidence. The judge, in a secret review of the classified materials, concluded that the surveillance was "not directed at" the U.S. citizen defendant and therefore did not violate his Fourth Amendment rights. * **Impact on You:** This case set a crucial precedent that evidence from incidental collection could be used to convict an American citizen. It affirmed the government's view that as long as the *target* is foreign, the collection is reasonable, a position that remains highly contested by privacy advocates. ===== Part 5: The Future of Incidental Collection ===== ==== Today's Battlegrounds: Current Controversies and Debates ==== The debate over incidental collection is not a historical artifact; it is a raging, contemporary battle. The central controversies today are: * **The "Backdoor Search" Loophole:** This is the number one issue for reformers. A bipartisan coalition in Congress has repeatedly tried to pass legislation that would require the FBI to obtain a warrant from a judge before searching the Section 702 database for information on American citizens. Intelligence agencies have fiercely resisted this change, arguing it would cripple their ability to "connect the dots" and prevent terrorist attacks. * **Reauthorization of Section 702:** The law is not permanent and must be renewed by Congress. The reauthorization votes, which happen every few years, have become increasingly contentious. The close votes and passionate debates reflect a growing unease across the political spectrum with the scale of modern government surveillance and its impact on Americans' privacy. * **Transparency and Oversight:** How can we have meaningful public debate about secret programs approved by a secret court based on secret interpretations of the law? Advocates are constantly pushing for more declassification of FISC rulings and more detailed public reporting on how many Americans' communications are collected and searched under Section 702. ==== On the Horizon: How Technology and Society are Changing the Law ==== The future of surveillance and privacy is being shaped by forces beyond the courtroom and Congress. * **Artificial Intelligence (AI):** The use of AI to analyze the vast quantities of data collected under Section 702 presents both promise and peril. The government sees AI as a tool to more quickly identify threats within the data. Privacy advocates fear it could lead to automated systems making judgments about individuals with little human oversight, potentially creating a system of predictive digital policing. * **The Spread of Encryption:** As more of the world's digital communication becomes protected by strong, end-to-end encryption, the effectiveness of programs like PRISM and Upstream may diminish. This has led to an intense debate over whether tech companies should be forced to build "backdoors" into their systems for law enforcement access—a move that cybersecurity experts warn would create massive new security vulnerabilities for everyone. * **Data Localization and a Splintering Internet:** As other countries become warier of U.S. surveillance, many are passing "data localization" laws that require their citizens' data to be stored on servers within their own borders. This could make it harder for the NSA to collect data and could lead to a "splinternet," where the global, open internet is replaced by a series of national or regional networks with different rules, fundamentally changing the digital world. The law of incidental collection is not static. It is a constantly shifting battleground where technological advancement, national security imperatives, and the fundamental American value of privacy collide. ===== Glossary of Related Terms ===== * **[[backdoor_search]]:** The practice of searching the database of communications collected under Section 702 using U.S. person identifiers for domestic law enforcement purposes without a warrant. * **[[cointelpro]]:** A series of covert and often illegal projects conducted by the FBI aimed at surveilling, infiltrating, and discrediting domestic political organizations. * **[[edward_snowden]]:** A former NSA contractor who, in 2013, leaked classified documents revealing the existence and scale of programs like PRISM and Upstream. * **[[fisa]]:** The Foreign Intelligence Surveillance Act of 1978, the foundational law governing foreign intelligence surveillance in the U.S. * **[[fisa_section_702]]:** A provision of FISA, added in 2008, that authorizes programmatic surveillance targeting non-U.S. persons located abroad. * **[[fisc]]:** The Foreign Intelligence Surveillance Court, a secret court that oversees requests for surveillance warrants under FISA. * **[[fourth_amendment]]:** The part of the U.S. Constitution that protects citizens from unreasonable searches and seizures. * **[[minimization_procedures]]:** Rules approved by the FISC designed to minimize the acquisition, retention, and sharing of information concerning U.S. persons. * **[[national_security_agency]] (NSA):** The U.S. intelligence agency responsible for global monitoring, collection, and processing of information and data for foreign and domestic intelligence and counterintelligence purposes. * **[[national_security_letter]] (NSL):** An administrative subpoena issued by the U.S. government to gather information for national security purposes. * **[[prism_program]]:** A Section 702 collection program where the NSA gathers data directly from U.S. tech companies like Google and Facebook. * **[[probable_cause]]:** The legal standard required for a court to issue a warrant, indicating a reasonable basis for believing a crime has been committed. * **[[standing_(legal)]]:** The requirement that a person bringing a lawsuit must have a personal stake in the outcome and have suffered a concrete injury. * **[[upstream_collection]]:** A Section 702 collection program where the NSA taps into the physical infrastructure of the internet to copy and filter communications. * **[[u.s._person]]:** A term of art in intelligence law that includes U.S. citizens, lawful permanent residents, and U.S. corporations. ===== See Also ===== * [[foreign_intelligence_surveillance_act_(fisa)]] * [[fourth_amendment]] * [[warrant]] * [[privacy_rights]] * [[patriot_act]] * [[national_security_agency]] * [[foreign_intelligence_surveillance_court]]