More on What FISA and the Fourth Amendment Requre -- And What They Don't: Over at Balkinization, Marty Lederman looks at the current dispute over the scope of NSA wiretapping powers and offers the following take:
[I]t must be the case that the NSA's aim is not simply to surveil foreigners who it already suspects as being part of Al Qaeda. It can obtain a FISA order as to those folks. What it wants, instead, is to be able to intercept foreign communications coming over domestic wires where (i) it does not have probable cause to believe that any of the parties is a terrorist or agent of a foreign power; and (ii) there is a chance that some of the intercepted communications will be with persons in the U.S.

FISA does not allow surveillance where both of those conditions obtain. (Indeed, insofar as the surveillance picks up U.S. persons in such cases, without proof that either party is the agent of a foreign power, it would probably violate the Fourth Amendment, too, at least according to the pre-FISA cases that considered the question.)
  As to the first point, I think that is clearly right. Federal law plainly allows the government to monitor foreign people with no connection to U.S. soil so long as the monitoring occurs outside the United States. Such persons have no Fourth Amendment rights under Verdugo-Urquidez, and FISA does not apply. So the government wants to do the same monitoring from the U.S. switches that they can do from monitoring posts outside the U.S. That is, they want to take out the relevance of where the monitoring site happens to be. The question is whether FISA allows particular measures to try to do that given the possibility of picking up calls and e-mails to the U.S.

  Second, there are two notable reasons to think that the Fourth Amendment is not implicated in this setting. First, there are some precedents indicating that if you call someone whose calls are being monitored without violating their reasonable expectation of privacy, then it does not violate your Fourth Amendment rights to have the call recorded. See, e.g., United States v. McNulty, 47 F.3d 100, 104-106 (4th Cir. 1995) (person speaking to a person on a cordless call being monitored by the police). I don't think the Supreme Court has addressed this theory, and I gather some VC readers will find it unpersuasive, but there are such cases on the books.

  Second, the Fourth Amendment generally is only triggered by intentional conduct. See Brower v. Inyo County, 489 U.S. 593 (1989) ("Violation of the Fourth Amendment requires an intentional acquisition of physical control."). If the government collects a call and doesn't know that it is conducting a search or seizure under the Fourth Amendment -- because it doesn't know a party has Fourth Amendment rights -- it may be that under Inyo there is no Fourth Amendment violation. (This latter argument is subject to the uncertainty as to whether wiretapping is a search or seizure or both, as well as how the mens rea requirement applies to searches, but I think it is still worth noting.)

Related Posts (on one page):

  1. Are Telcos Still Liable for NSA Cooperation?
  2. My Take on the New FISA Amendment:
  3. More on What FISA and the Fourth Amendment Requre -- And What They Don't:
My Take on the New FISA Amendment: Last night the House of Representatives approved a temporary amendment to the Foreign Intelligence Surveillance Act that passed the Senate on Friday night. President Bush will sign it shortly. The language is here. On the merits, I think this legislation on the whole seems relatively well done. I would have tinkered with it in some ways, and there are parts I'm not sure about, but the basic structure seems pretty good. Given that this is a 6-month temporary fix, not a permanent change, I tend to support it.

  Of course, we're talking about policy here, not law, and different people will have different reactions based on their policy preferences and sense of the threat. Some will think the new legislation is tepid; others will think it signals the coming of the National Surveillance State. Some people think Al Qaeda is about to nuke America, and others think Al Qaeda poses no threat at all. For the most part, our reactions to new surveillance laws hinge on where we fall on those two lines. My own preferences and sense of the threat are both somewhere roughly in the middle (or so I think -- it's hard to guess exactly what the distribution is). Based on those preferences and sense of the threat, as well as my initial read of the legislation, I think this legislation on the merits is relatively well done.

  So what does the legislation do? As I see it, there are three key parts of the new legislation. The first change is a clarification that FISA warrants are not needed for "surveillance directed at a person reasonably believed to be located outside of the United States." That is, if the government is monitoring someone outside the United States from a telecom switch in the U.S., it can listen in on the person's calls and read their e-mails without obtaining a FISA warrant first. The Fourth Amendment may still require reasonableness in this setting when one or more people on the call of e-mail are inside the U.S. or are United States citizens, but there is no statutory warrant requirement.

  The second change is a requirement of a formal authorization of a program to do such monitoring. The Director of National Intelligence and the AG have to approve a program (for up to one year) reasonably designed to be limited to the monitoring of persons outside the United States. Those procedures have to be submitted to the FISA court, which then reviews whether the Executive's conclusion that the procedures are reasonably designed to only pick up the communications of people reasonably believed to be outside the U.S. is "clearly erroneous." If the conclusion is clearly erroneous, the court sends them back and tells the Executive to try again. The government can also appeal that determination to the FISA Court of Review and if needed the Supreme Court. I'm not exactly sure, but my sense is that this is a one-size-fits-all order; that is, the one authorization covers all the providers.

  The third change -- and probably the most important, albeit something that a lot of people will overlook -- is that ISPs and telcos have to comply with the program. They will get compensation for their time and effort "at the prevailing rate," and they can challenge the legality of the program in the FISA court, but they can't opt out of the program if it is held to be legal. In effect, the government's certification of the program is akin to a court order; it makes the program mandatory instead of optional. So long as the program passes legal muster, the providers have to go along with it; if they refuse to cooperate, the FISA Court can hold them in contempt. (Note that the providers can't be held civilly liable for their mandatory participation in the program, either.)

  This is pretty complicated legislation, and my morning-after blogging isn't going to capture a lot of the nuances. Still, here are some reactions. First, I have a number of concerns about the legislation from a civil liberties perspective. For example, limiting judicial review to whether it is clearly erroneous that something is reasonably designed to target those reasonably believed to be outside the U.S. seems like a pretty weak threshold. I'm guessing that the FISA Court judges will be pretty tough on this despite the statutory language, but the statutory language itself is obviously very deferential. I also would want the courts to pass on the reasonableness of the government's method more than once a year (note that under the sunset, an authorization can go on for a year even if the legislation has been sunsetted; I gather this means that the legislation is really effective for a year, not six months). I also have an instinctive difficulty with the mandatory nature of the program without individualized court orders forcing compliance.

  At the same time, this legislation does a number of things well. I think I basically agree with the idea that if someone is outside the United States, FISA should not regulate the monitoring of their communications. Intelligence agencies have long been able to monitor such calls from listening posts outside the U.S. without triggering FISA (think Echelon); this legislation makes the same rule apply regardless of where the communication is routed. Although I'm not happy about forcing ISPs and providers to comply with a mandatory program, the basic idea of letting the government access those communications without a statutory warrant requirement seems appropriate.

  I also like the idea of submitting the means of implementing FISA to the judges for evaluation. Although the review is deferential, it recognizes that the technical means of implementing FISA's broad guidance is really critical to how the statute operates. I also think it's important that this is a temporary fix. If the Patriot Act experience is any guide, any reauthorization will come with some serious legislative scrutiny and a ratcheting up of oversight mechanisms as a condition of re-approval.

  Anyway, those are my tentative thoughts. More reactions can be found at Balkinization and Obsidian Wings.
Are Telcos Still Liable for NSA Cooperation?

As Orin noted below, one of the most significant changes to FISA is that ISPs and Telcos are now required to cooperate with the program. Yet according to today's WSJ (subscription only), the FISA reforms do not resolve questions about ISP and Telco liability for cooperation with the program in the past.

he measure lacks a provision sought by the White House and telecommunications companies: protection from lawsuits filed against phone companies by privacy groups and customers for past cooperation with government spy programs.

Under the expansion of surveillance authority since Sept. 11, 2001, some major phone companies have complained that their cooperation has left them vulnerable to legal liabilities. AT&T Inc. and Verizon Communications Inc. have been sued by civil-liberties groups and state-utility regulators. Some phone companies have curtailed their cooperation with intelligence programs in recent months, according to people familiar with the matter. The new law instead provides a more limited element of legal cover by compelling phone companies to cooperate. . . .

Partly to tackle the companies' concerns, the new law includes language that compels telecommunications providers to cooperate with government intelligence surveillance orders. The compulsion order is critical, because it provides phone companies with a ready-made justification if sued. The law also explicitly gives telecom companies protection for future cooperation with government surveillance programs.

However, absent from the law is a blanket liability protection to absolve companies for any privacy violations that may have occurred during their cooperation with earlier surveillance activities. The White House pushed for such a measure and has promised to try to have it included when a long-term update to FISA is considered, probably later this year.

UPDATE: Jack Balkin notes liability protection remains high on the Administration's wish-list and offers some thoughts.