Information Privacy Law
Professor Ira Rubinstein
April 8, 2017
The Foreign Intelligence Surveillance Act of 1978 (“FISA”) governs foreign intelligence, and introduces a legal regime different from the Electronic Communications Privacy Act (“ECPA”, the statute governing surveillance for domestic law enforcement purposes). Requests for FISA Orders are heard by a specialized court, composed of federal judges: the Foreign Intelligence Surveillance Court. The test for court authorizing surveillance under FISA is whether there is probable cause that the party to be monitored is a “foreign power” or “an agent of a foreign power”.
In some cases, surveillance can be conducted under FISA without requiring a court order: the President of the United States, through the Attorney General, may authorize electronic surveillance without a court order to acquire foreign intelligence information for periods of up to one year, if the Attorney General certifies in writing under oath that the electronic surveillance is solely directed at the acquisition of the contents of communications exclusively between foreign powers, or the acquisition of technical intelligence, other than the spoken communications of individuals, from premises under the exclusive control of a foreign power. An additional requirement is that there must be no substantial likelihood that the surveillance will acquire the contents of any communication to which a United States person is a party. FISA also requires “minimization procedures” to be followed. These are procedures reasonably designed to minimize the acquisition and retention, and prohibit the dissemination, of non-publicly available information concerning unconsenting United States persons.
These rules have become the subject of media attention due to the controversy over incidental collection of conversations of US Citizens in the context of a potential involvement of Russian intelligence in the US Presidential election. The New York Times article cited below clarifies the distinction between the FISA rules, which relate primarily to the collection of communications on US soil between non-US citizens; and Executive Order 12333, which relates to collecting information outside of the US. Privacy protections under Order 12333 are less stringent than under FISA. According to the article, the criticism aimed at the Obama administration is misplaced, because the activities that resulted in the accidental collection of communications of US citizens occurred on US soil and under FISA, rather than under Executive Order 12333. The drafters of FISA anticipated that some communications of US citizens may be picked up in the US, and included a requirement for “minimization procedures” to be put in place, to minimize the acquisition, retention and dissemination of non-publicly available information about US citizens.
 50 U.S.C.S. § 1803.
 50 U.S.C.S. § 1802.