Create a new version of paste:

  Just to preempt some of the comments likely to be attached to this article, I thought I'd start it out with some facts.

Traffic metadata (things like email "envelope" information, source and destination IPs, etc.) has long been fair game without a warrant as the digital analogue of a "pen register" under Smith v. Maryland 442 US 735 (1979), and is part of the provision that supports lawful NSA data collection under the FISA Amendments Act of 2008 and other law, in conjunction with telecommunication operators like AT&T. The content of traffic of US Persons is NOT fair game, without a properly adjudicated warrant.

The FISA Amendments Act of 2008, passed by a two-thirds majority in both houses of Congress, allows for foreign intelligence collection on non-US Persons without a warrant, no matter where the collection occurs. The longstanding Smith v. Maryland allows for the collection and examination of communications metadata without a warrant. The FISC ruling explicitly finds legal such collection under the now-sunset Protect America Act and the current FISA Amendments Act of 2008.

In order to determine which traffic content may be collected for foreign intelligence purposes, the traffic metadata must be examined. Even when a target in question is a specific non-US Person of foreign intelligence interest, traffic metadata must first be examined in order to target that person! Because examining traffic metadata was found explicitly legal and Constitutional three decades ago by the United States Supreme Court, doing so in order to target legitimate foreign intelligence collection is a legal application in the digital world.

The major issues for foreign SIGINT were twofold:

- A lot of traffic is now digital versus analog, and cannot be targeted by aiming a directional antenna at a particular geographic locale. It is now traveling largely via things like fiber optic cables, intermixed with all manner of other communications. In order to target the collection, it is no longer a case of tapping a single landline telephone, or sitting on a Navy vessel offshore from some area of interest between individuals talking on two-way radios; it's finding that traffic in a sea of global digital communications.

- Foreign communications of non-US Persons physically outside of the US was increasingly traveling through the US. Previously fair game for foreign intelligence collection throughout the history of such collection in the United States, it suddenly became off-limits without a warrant because it was incidentally routed through locations in the United States. Foreign intelligence collection on non-US Persons outside of the US does not require a warrant, and fundamentally still shouldn't simply because their traffic happens to enter the US.

This was a case of changing technology necessitating an update to a law. A supermajority of both houses of Congress agreed. Some comments:

Sen. Dianne Feinstein:

"This bill, in some respects, improves even on the base bill, the 1978 Foreign Intelligence Surveillance Act. It provides clear protections for U.S. persons both at home and abroad. It ensures that the Government cannot conduct electronic surveillance on an American anywhere in the world without a warrant. No legislation has done that up to this point."

Then-DNI Mike McConnell:

"Now here's the other thing that most Americans don't appreciate, haven't been exposed to. When we redid that law, the law now says any U.S. person, any U.S. person, that's targeted for foreign intelligence must be protected by a warrant anywhere on the globe. So we actually have a much more stringent law today protecting Americans and civil liberties."

"The debate and the dilemma for us is how do you modernize that law for the modern age? And we debated. For two years we debated and we finally came to closure. The good news is when it was finally voted, two-thirds of the House and two-thirds of the Senate voted for it and here's what it says today: if it's a U.S. person anywhere in the globe, you must have a warrant."

Unfortunately, this discussion is so mired in politics, personal grinding of axes, confusion about early NSA programs (like the so-called Terrorist Surveillance Program, or TSP, which was not renewed after January 2007), and isolated examples of legitimate abuse or misconduct, that not many seem interested in having any real discussion about how foreign intelligence can be reasonably conducted in the digital age. Instead it is a sea of frantic arm-waving and breathless blogging about how the Constitution is being shredded, when the mechanisms of law and judicial oversight have explicitly established the activities as legal.

The cornerstone of the current law and the FISC decision is the protection of the privacy and rights of United States persons. The current law is even more stringent with respect to US Persons than previous law: an individualized warrant from FISC is required to target a US Person anywhere on the globe; before, US Persons did not enjoy the same explicit protections under the law outside of the US.

What monitors this? The same oversight and processes that we trust, by proxy, to monitor the activities of the Intelligence Community. Namely,

- The intelligence oversight committees of both houses of Congress

- Legal counsel for all Intelligence Community components

- The Foreign Intelligence Surveillance Court

- The Department of Justice

- The Executive Branch

In fact, FISA Modernization is listed as the number one major milestone of the Office of the Director of National Intelligence under the tenure of Mike McConnell.

In sum:

1. A warrant is not required to collect intelligence when the target is not a US Person, regardless of where the collection occurs, including within the US.

2. A warrant is always required to collect intelligence when the target is a US Person, whether inside or outside of the US (more strict than previous law).

3. This requires determining which traffic content can be lawfully collected without a warrant, sometimes with the assistance of telecom operators in the US. In order to determine which traffic can be lawfully collected without a warrant, basic information about the traffic, such as its source and destination, must also be examined. Such examination of traffic — a "pen register" — also does not require a warrant.

The job of our foreign intelligence services is to collect information on the activities and plans of US adversaries. This activity has never required a warrant, because non-US Persons outside of the US are not protected by the Constitution of the United States.

The path traffic takes shouldn't prevent us from doing this job.

The real issue is the questionable legal landscape that existed from 2001 to 2007 and briefly again in 2008 after the expiration of the Protect America Act.

These are questions which may never be answered. Namely, the President's authority under Article II of the Constitution in conjunction with the Authorization for the Use of Military Force (AUMF). NSA and the Community had a legal opinion about the legality of the activity - there is always a legal opinion. Our current Attorney General agrees that the President has inherent, intrinsic authority under Article II that cannot be impinged upon by any statue; whether the above activity is explicitly one of those authorities is a legal question that may never be answered, because the programs in question (e.g., TSP) ceased.

Right now, collection may occur within the United States without a warrant, as long as the target is not a US citizen. This activity is explicitly legal under:

- The temporary Protect America Act of 2007, which was in force from August 5, 2007 to February 17, 2008,

- The FISA Amendments Act of 2008, which became Public Law 110-261 on July 10, 2008, and is in force at present,

- The August 2008 FISC ruling.

The hallmark of the FISA amendments are judiciously protecting US persons, while removing restrictions on where and how foreign intelligence on non-US Persons can be collected simply because it's traveling through a glass pipe in San Francisco instead of over the air on the streets of Yemen - and that includes warrantless monitoring of identified foreign intelligence targets, and the technical mechanisms via which their communications can be located, targeted, and extracted from data streams within the US.

The paradigm has been shifted from something (a collection point, a person) being physically within the US to the legal status of the person or entity itself. This is a higher standard, but it is one that enables foreign intelligence services do do their jobs, particularly with regard to SIGINT.

Former NSA and CIA director General Michael Hayden summed up the situation quite succinctly: "We're pretty aggressive within the law. As a professional, I'm troubled if I'm not using the full authority allowed by law."

I wonder if anyone in the media is interested in having this discussion, or if it's all going to be accusations from whistleblowers, with no consideration of the associated challenges for foreign SIGINT in a digital world?