Foreign Intelligence Surveillance Act (FISA) – Comprehensive Guide for CIPP/US Exam Preparation
1. Why FISA Is Important
The Foreign Intelligence Surveillance Act (FISA) is one of the most significant U.S. laws governing the intersection of national security, government surveillance, and individual privacy rights. Understanding FISA is essential for any privacy professional because it:
• Establishes the legal framework for how the U.S. government may conduct electronic surveillance and collect foreign intelligence information within the United States.
• Creates a specialized court — the Foreign Intelligence Surveillance Court (FISC) — that operates largely in secret and authorizes surveillance activities.
• Balances national security interests against the constitutional protections of the Fourth Amendment (protection against unreasonable searches and seizures).
• Directly impacts the private sector, particularly telecommunications companies, internet service providers, and technology companies that may be compelled to assist with government surveillance.
• Has been at the center of major public debates about privacy, especially after the Edward Snowden revelations in 2013.
For the CIPP/US exam, FISA is a core topic under the domain of Government and Court Access to Private-Sector Information. You must understand its provisions, amendments, and how it interacts with other laws and constitutional principles.
2. What Is FISA?
FISA was enacted in 1978 in response to revelations of widespread domestic surveillance abuses by U.S. intelligence agencies during the 1960s and 1970s, as documented by the Church Committee (a Senate committee that investigated intelligence community abuses).
FISA provides procedures for the physical and electronic surveillance and collection of foreign intelligence information between foreign powers and agents of foreign powers, which may include American citizens and permanent residents suspected of espionage or terrorism.
Key Definitions:
• Foreign Intelligence Information: Information relating to the ability of the United States to protect against actual or potential attacks, sabotage, international terrorism, or clandestine intelligence activities by foreign powers or their agents.
• Foreign Power: A foreign government, a faction of a foreign nation, an entity openly acknowledged by a foreign government to be directed or controlled by that government, a group engaged in international terrorism, or a foreign-based political organization.
• Agent of a Foreign Power: Any person (including U.S. persons) who acts in the United States as an officer or employee of a foreign power, or who engages in clandestine intelligence gathering, terrorism, or sabotage on behalf of a foreign power.
• U.S. Person: A citizen of the United States, a permanent resident alien, an unincorporated association with a substantial number of U.S. members, or a corporation incorporated in the United States.
3. How FISA Works
A. The Foreign Intelligence Surveillance Court (FISC)
FISA established the Foreign Intelligence Surveillance Court (FISC), sometimes informally called the "FISA Court." Key features include:
• Composed of 11 federal district court judges appointed by the Chief Justice of the United States.
• Proceedings are ex parte (only the government appears before the court; there is no adversarial process in most cases) and conducted in secret.
• The court reviews government applications for surveillance orders targeting foreign powers or their agents.
• A Foreign Intelligence Surveillance Court of Review (FISCR) exists to hear appeals from FISC decisions. It consists of three judges also designated by the Chief Justice.
• After the USA FREEDOM Act (2015), the FISC can appoint amici curiae (friends of the court) to provide independent perspectives on novel or significant legal questions.
B. The FISA Application Process
To obtain a FISA order, the government must:
1. A federal officer submits an application to the FISC.
2. The application must be approved by the Attorney General.
3. The application must demonstrate that a significant purpose of the surveillance is to obtain foreign intelligence information. (Note: Originally the standard was "the purpose," meaning the primary purpose. The USA PATRIOT Act of 2001 changed this to "a significant purpose," making it easier for the government to obtain FISA orders even when criminal investigation is also involved.)
4. There must be probable cause to believe that the target is a foreign power or an agent of a foreign power.
5. The application must describe the minimization procedures — specific procedures designed to minimize the acquisition, retention, and dissemination of information about U.S. persons that is not relevant to foreign intelligence purposes.
C. Types of Surveillance and Collection Authorized Under FISA
FISA authorizes several types of intelligence-gathering activities:
• Electronic Surveillance (Title I): Wiretapping and monitoring of communications where at least one party is in the United States.
• Physical Searches (Title III): Secret physical searches of premises, property, or personal effects. Added by amendments in 1994.
• Pen Register and Trap-and-Trace Devices (Title IV): Collection of dialing, routing, addressing, and signaling information (metadata, not content). Added in 1998.
• Business Records / Tangible Things (Section 215): Court orders compelling the production of business records, documents, and other tangible things. This was the provision used to justify the NSA's bulk telephony metadata collection program revealed by Snowden. This authority was significantly reformed by the USA FREEDOM Act and has since expired (as of March 2020).
• Section 702 (added by the FISA Amendments Act of 2008): Authorizes the targeting of non-U.S. persons reasonably believed to be located outside the United States to acquire foreign intelligence information, with the compelled assistance of electronic communication service providers. This is one of the most significant and debated provisions.
D. Key Amendments and Related Legislation
i. USA PATRIOT Act (2001)
• Changed the standard from "the purpose" to "a significant purpose" of the surveillance being to gather foreign intelligence.
• Expanded the definition of "agent of a foreign power" to include "lone wolf" terrorists (individuals engaged in international terrorism who are not necessarily connected to an identified foreign power). This was added under the Intelligence Reform and Terrorism Prevention Act of 2004 but is conceptually tied to post-9/11 reforms.
• Expanded Section 215 to allow the FBI to seek court orders for "any tangible things" rather than just specific types of business records.
• Created "roving wiretaps" under FISA, allowing surveillance of a target across multiple devices or facilities without specifying each one.
ii. FISA Amendments Act of 2008 (FAA)
• Added Section 702, which permits the government to target non-U.S. persons outside the United States for intelligence collection without individualized FISA Court orders for each target.
• Requires the FISC to approve annual certifications that describe categories of foreign intelligence to be collected and the targeting and minimization procedures.
• Provides immunity from civil liability to electronic communication service providers that cooperate with government directives issued under Section 702.
• Prohibits the intentional targeting of U.S. persons or persons known to be in the United States ("reverse targeting" prohibition).
iii. USA FREEDOM Act (2015)
• Enacted in response to the Snowden revelations about bulk metadata collection.
• Ended the bulk collection of telephony metadata under Section 215. Instead, the government must use a specific selection term (e.g., a phone number associated with a suspected foreign agent) to query records held by telecommunications providers.
• Required greater transparency: the government must declassify significant FISC opinions, and companies may publish transparency reports about the number of FISA orders received.
• Established the role of amicus curiae in FISC proceedings to provide an independent voice on significant legal questions.
• Created the FISC public advocate concept to represent privacy and civil liberties interests.
iv. Section 702 Reauthorization
• Section 702 has been reauthorized multiple times, most recently in April 2024 (for two years). Each reauthorization debate has involved significant discussion about privacy safeguards, especially regarding "incidental collection" of U.S. persons' communications and whether a warrant should be required to query collected data for information about U.S. persons (the so-called "backdoor search" issue).
E. Minimization Procedures
A critical concept in FISA is minimization. These are specific, legally required procedures designed to:
• Minimize the acquisition of information about U.S. persons that is not necessary for foreign intelligence purposes.
• Minimize the retention of such information.
• Minimize the dissemination of such information.
Minimization procedures must be approved by the FISC and reviewed by Congress. They are essential privacy safeguards embedded within FISA.
F. The Role of the Private Sector
FISA directly impacts private-sector companies, particularly:
• Telecommunications providers and electronic communication service providers can be compelled to assist with surveillance under FISA orders and Section 702 directives.
• Companies that comply with lawful FISA orders or Section 702 directives are generally granted legal immunity from civil suits.
• Companies may receive FISA orders or directives that they are legally obligated to comply with, and these orders typically come with non-disclosure (secrecy) requirements.
• The USA FREEDOM Act allows companies to publish transparency reports with aggregate data about the number of FISA orders or national security letters received, though reporting is permitted only in broad ranges.
G. Constitutional Considerations
• FISA surveillance must be consistent with the Fourth Amendment. The probable cause standard under FISA differs from the traditional criminal law standard — the government must show probable cause that the target is a foreign power or agent of a foreign power, not probable cause that a crime has been committed.
• The First Amendment is also relevant: FISA prohibits targeting a U.S. person solely on the basis of activities protected by the First Amendment (e.g., political speech, religious practice).
• There are ongoing debates about whether Section 702 collection violates the Fourth Amendment rights of U.S. persons whose communications are incidentally collected.
4. Key Concepts Summary Table
• Year Enacted: 1978
• Court: FISC (11 judges, appointed by Chief Justice)
• Standard for Surveillance: Probable cause that target is foreign power or agent of foreign power; surveillance must have a "significant purpose" of collecting foreign intelligence
• Section 215: Business records/tangible things (bulk collection ended by USA FREEDOM Act; authority expired 2020)
• Section 702: Targeting non-U.S. persons abroad; compelled provider assistance; incidental collection of U.S. person data
• Minimization: Required procedures to limit collection, retention, and dissemination of U.S. person information
• Provider Obligations: Must comply with FISA orders/directives; receive legal immunity; subject to secrecy requirements
• Transparency: USA FREEDOM Act enabled transparency reports and FISC opinion declassification
5. Exam Tips: Answering Questions on FISA
Tip 1: Know the Timeline and Key Amendments
Many exam questions test whether you know which law changed what. Remember: FISA (1978) → USA PATRIOT Act (2001, "significant purpose" standard) → FISA Amendments Act (2008, Section 702) → USA FREEDOM Act (2015, ended bulk collection, transparency). Create a mental timeline.
Tip 2: Distinguish Between Section 215 and Section 702
These are frequently tested. Section 215 was about business records and tangible things (domestic metadata). Section 702 is about targeting non-U.S. persons abroad with the help of service providers. They are different authorities with different rules.
Tip 3: Understand the FISC Structure
Know that FISC has 11 judges appointed by the Chief Justice, that proceedings are ex parte and secret, and that the USA FREEDOM Act introduced amici curiae. Questions may test these specific details.
Tip 4: Focus on the "Significant Purpose" Test
Before the PATRIOT Act, surveillance under FISA required that the purpose (primary purpose) was to collect foreign intelligence. The PATRIOT Act lowered this to a significant purpose. This is a frequently tested distinction.
Tip 5: Remember Minimization Procedures
Minimization is a core privacy protection within FISA. If a question asks about safeguards for U.S. persons under FISA, minimization procedures are almost always part of the correct answer.
Tip 6: Know the Private-Sector Implications
The CIPP/US exam focuses on privacy for the private sector. Key testable points include: companies can be compelled to assist, they receive legal immunity for compliance, orders come with secrecy requirements, and the USA FREEDOM Act allows limited transparency reporting.
Tip 7: Watch for "Reverse Targeting" Questions
Section 702 prohibits intentionally targeting a non-U.S. person abroad as a pretext for actually surveilling a U.S. person. This is called reverse targeting, and it is explicitly prohibited.
Tip 8: Understand the Lone Wolf Provision
The "lone wolf" amendment allows FISA surveillance of a non-U.S. person engaged in international terrorism even without a connection to an identified foreign power. This is a narrow but testable exception.
Tip 9: Read Questions Carefully for Specificity
FISA questions often include subtle qualifiers. Pay attention to whether the question asks about U.S. persons vs. non-U.S. persons, domestic vs. foreign targets, content vs. metadata, and pre-2015 vs. post-2015 rules.
Tip 10: Connect FISA to Broader Privacy Themes
FISA sits within the broader context of government access to private-sector data. Be prepared to connect FISA concepts with related topics such as National Security Letters (NSLs), Executive Order 12333, the Third-Party Doctrine, and the Fourth Amendment. Understanding how these fit together will help you answer scenario-based questions.
Tip 11: Practice Elimination on Multiple-Choice Questions
If you encounter a question about which law ended bulk metadata collection, immediately eliminate FISA (1978) and the PATRIOT Act (2001) — the answer is the USA FREEDOM Act (2015). Use your knowledge of the timeline to quickly eliminate wrong answers.
Tip 12: Remember Key Numbers
11 judges on the FISC, 3 judges on the FISCR, appointed by the Chief Justice of the United States. These specific numbers are easy to test in a multiple-choice format.
