Marty, Patrick, David,
Let's play a game, a game I call "guess the classified program." Here's how it will work. I'll imagine a secret government program, but I won't tell you anything about it. I'll hand you a poorly written, decades-old statute and then leak a few hints about it through the Times.
Then, you guys have to guess exactly what the program is and how it works.
Whoever wins that game will go on to the bonus round. Now I'll give you another 16 pages of legalese called the "Protect America Act." Your task: Tell me exactly how the new law changes the secret program.
Ready to play?
Oh, wait, that's the game we're already playing.
So, here's my guess: I think it's all about the filters. Let me explain. Back in the 1970s, as David explains, almost all foreign calls were made by bouncing the calls off satellites. The NSA put up listening stations around the world, and those listening stations scooped up all the foreign calls it could from the air and sent them back to the NSA.
When Congress passed FISA in 1978, Congress mostly stayed away and let the NSA do its thing. The monitoring was occurring abroad and was targeting people outside the United States, so Congress didn't much care.
FISA is in the headlines today because those old dividing lines no longer work. Today communications are traveling over fiber-optic lines, and there's no longer a clear connection between the location of the people monitored and the location of their communications. As David says, all the traffic is mixed together. Grandma's e-mail to cousin Thelma in Omaha, Neb., is carried over the same line as communications among al-Qaida trainees in the mountains of Pakistan. Finding a foreign-to-foreign call or e-mail requires dipping into a stream of traffic and filtering out the calls that are between foreigners.
The real debate is about those filter settings. It's about how filters are set both when the government has no warrant and when it does. In a perfect world, we would have perfect filters. They would identify and sort all of the conversations that fit into different legal boxes, like foreign-to-foreign or foreign-to-domestic. Heck, in a perfect world, we could just monitor the bad guys and never watch the good guys. But we don't live in a perfect world, and the question is how to set those filters to match up with the nice boxes of the law.
As far as I can tell, the secret FISA court decisions and the Protect America Act that it triggered involve different approaches to how to set the filter. We know that the different judges on the FISA court split on the legality of the government's initial plan. In all likelihood, they disagreed on whether the plan was using lawful filter settings. The law allows the government to monitor foreign-to-foreign communications without a warrant. One judge thought the government's filter setting would do that. Another disagreed.
The Protect America Act solves the problem—at least from the government's perspective—by saying that "reasonable" filter settings are good enough. The intelligence folks work with particular targets in mind: They identify individual bad guys and try to watch them. Under the new law, the government can, without a warrant, set its filter to capture the communications of those targets "reasonably believed" to be outside the United States. It can then ask the FISA judges to check out the new filter settings. So long as the filter settings aren't a really wacky way to try to identify foreign communications, the judges have to go along and approve the program.
Is this a good idea or a bad one? I think it depends on the filter settings. Maybe the NSA has figured out settings that accurately identify foreign traffic. Maybe its settings can identify traffic to or from particular cities or regions, or can otherwise identify traffic likely to be of interest. We don't know, as the filter settings are classified. And with good reason, too: Announcing the filter setting tells the world how to sneak through. But without knowing the setting, it's hard for to know how the law is going to work.
Marty, you speculate that the government is breaking this down into two stages. A first computer uses a wide initial filter to identify foreign calls. Next, a second computer filters through that database for suspicious calls and e-mails that might contain terrorist communications. If you're right, wouldn't the desirability of the program hinge on those filter settings? Imagine the filters at both stage are perfect. The data-mining passes on only calls and e-mails involving terrorists discussing their plans. Wouldn't that be pretty much ideal? It seems to me that we get uncomfortable only when the filter settings are lousy. The worse the filter, the more innocent people are being watched. So, again, can we really evaluate the program without knowing the filter and how accurate it is?
David raises a really cool constitutional question: How can the government filter through all that traffic and still make the search "reasonable" under the Fourth Amendment? It can because the filter setting determines the legality of the screening. For example, if the filter is set so that it doesn't collect any contents of communications, it wouldn't be a Fourth Amendment search at all. That's what the 9th Circuit held recently in United States v. Forrester: Monitoring at an ISP that collects only noncontent information doesn't trigger Fourth Amendment protection.
The same idea applies when the government targets content. The issue is how the filter is set and what the monitoring collects. This came up in United States v. Scarfo, a New Jersey case from 2001. In that case, the government obtained a warrant and installed a keystroke-monitoring device on the computer of a New Jersey Mafia boss, Little Nicky Scarfo. The monitoring revealed the boss's encryption pass phrase, letting the government decrypt his private files and use the evidence against him. Scarfo argued that the warrant was an illegal general warrant because it let the government screen every single keystroke he typed.
But the judge disagreed with Little Nicky. He ruled that the legality of the monitoring depended on what the government was looking for, rather than what information passed through the filter. The same idea applies to monitoring over communications networks. So long as the filter setting is reasonable, the search should be reasonable.
As I said, it's all about the filters.