As discussed in detail in NS-DC-0068
, the Protect America Act (PAA) was passed in 2007 in order to avoid compliance with the FISA Court's interpretation of traditional FISA. The PAA amended FISA in two important ways. First, it allowed warrantless collection of international communications to or from the U.S. from facilities inside the U.S. Second, it allowed warrantless collection of foreign to foreign communications from facilities inside the U.S.
This is the first case in which the FISA Court reviewed the government's procedures for authorizing surveillance under the PAA. In order to authorize surveillance, the Attorney General and the Director of National Intelligence (DNI) had to carry out two statutory requirements. First, they had to determine that there were reasonable procedures in place for ensuring that the surveillance to be undertaken concerned people located outside of the U.S. Second, they had to determine that the acquisition in question did not constitute electronic surveillance as defined by FISA and the PAA. The PAA changed FISA by exempting surveillance of people reasonably believed to located outside the U.S. from FISA's definition of electronic surveillance. Therefore, to meet the second requirement of the PAA, the AG and the DNI had to reasonably believe that a target of surveillance was located outside of the U.S.
The PAA also included provisions for FISA Court review of the government's authorizations of surveillance for compliance with the statute. The statute required the government to submit their procedures for determining that the surveillance concerned people outside the U.S. and did not constitute electronic surveillance. The statutory standard of review was for clear error, and review was narrowly confined to whether the procedures proposed by the government met the statutory requirements.
In an order dated October 11, 2007, the FISA Court (Judge Colleen Kollar-Kotelly) asked the government to supplement its procedures submitted to the Court under seal (the Court references a surveillance certification filed on August 10, 2007 and a corresponding set of procedures filed on August 17, 2007; neither of these documents appear to have been declassified or otherwise made public as of April 2015) by answering several questions regarding the adequacy of the procedures at protecting against the acquisition and retention of protected communications of U.S. persons.
The government responded to the Court's order with answers in a document dated October 26, 2007, and the Court issued a new order approving the use of the procedures as explained by the government's response on January 15, 2008.
The PAA raised considerable concerns that surveillance of some wholly domestic communications would now be outside of traditional FISA. This happened because the PAA broadly defined "person" to include not only individuals, but also groups, entities, associations, corporations, or foreign powers. The worry was that a group like Al Qaeda could reasonably believed to be located abroad, but Al Qaeda related communications could take place wholly within the U.S., and the PAA's broad definitions would allow for such communications to be collected without the probable cause determinations and warrant requirements of traditional FISA. While the government strenuously denied that the PAA would be interpreted to allow such surveillance in practice, the PAA was allowed to sunset in 2008, and was replaced by the FISA Amendments Act of 2008 (FAA) (amending 50 U.S.C. § 1801 et seq.).
The analogous certification matter in 2008, under the FAA, is described in NS-DC-0072
in this Clearinghouse. Edward Mroczkowski - 04/06/2015