Cite as 551 F.3d 1004 (Foreign Int.Surv.Ct.Rev. 2008)
Under the new statute, the Director of National Intelligence (DNI) and the Attorney General (AG) were permitted to authorize, for periods of up to one year, “the acquisition of foreign intelligence information concerning persons reasonably believed to be outside the United States” if they determined that the acquisition met five specified criteria. Id. These criteria included (i) that reasonable procedures were in place to ensure that the targeted person was reasonably believed to be located outside the United States; (ii) that the acquisitions did not constitute electronic surveillance;[1] (iii) that the surveillance would involve the assistance of a communications service provider; (iv) that a significant purpose of the surveillance was to obtain foreign intelligence information; and (v) that minimization procedures in place met the requirements of 50 U.S.G. § 1801(h). Id. § 1805b(a)(1)–(5). Except in limited circumstances (not relevant here), this multi-part determination was required to be made in the form of a written certification “supported as appropriate by affidavit of appropriate officials in the national security field.” Id. § 1805b(a). Pursuant to this authorization, the DNI and the AG were allowed to issue directives to “person[s]”—a term that includes agents of communications service providers—delineating the assistance needed to acquire the information. Id. § 1805b(e); see id. § 1805b(a)(3).
The PAA was a stopgap measure. By its terms, it sunset on February 16, 2008. Following a lengthy interregnum, the lapsed provisions were repealed on July 10, 2008, through the instrumentality of the FISA Amendments Act of 2008, Pub.L. No. 110–261, § 403, 122 Stat. 2436, 2473 (2008). But because the certifications and directives involved in the instant case were issued during the short shelf life of the PAA, they remained in effect. See FISA Amendments Act of 2008 § 404(a)(1). We therefore assess the validity of the actions at issue here through the prism of the PAA.
[redacted text]
II. BACKGROUND
Beginning in [redacted text] 2007, the government issued directives to the petitioner commanding it to assist in warrantless surveillance of certain customers [redacted text and footnote[2]]. These directives were issued pursuant to certifications that purported to contain all the information required by the PAA.[3]
The certifications require certain protections above and beyond those specified by the PAA. For example, they require the AG and the National Security Agency (NSA) to follow the procedures set out under Executive Order 12333 § 2.5, 46 Fed.Reg. 59,941, 59,951 (Dec. 4, 1981),[4] before any surveillance is undertaken. Moreover, affidavits supporting the certifications spell out additional safeguards to be employed in effecting the acquisitions. This last set of classified procedures has not been included in the information transmitted to the petitioner. In essence, as
- ↑ The PAA specifically stated, however, that “[n]othing in the definition of electronic surveillance … shall be construed to encompass surveillance directed at a person reasonably believed to be located outside of the United States.” 50 U.S.C. § 1805a.
- ↑ [redacted text]
- ↑ The original certifications were amended, and we refer throughout to the amended certifications and the directives issued in pursuance thereof.
- ↑ Executive Order 12333 was amended in 2003, 2004, and 2008 through Executive Orders 13284, 13355, and 13470, respectively. Those amendments did not materially alter the provision relevant here.