Baker heads the Justice Department's Office of Intelligence Policy and Review (OIPR), which is responsible for preparing and filing all applications for domestic surveillance under the Foreign Intelligence Surveillance Act (FISA). This is the edited transcript of an interview conducted on March 2, 2007.
What's the basic mission of your office, and how has it changed since 9/11?
The basic mission of the office is to provide legal advice to the attorney general and other senior leadership of the Department of Justice as well as to the intelligence community, including the FBI, CIA, NSA [National Security Agency] and so on.
The lion's share of our work on a day-to-day basis is preparing and filing applications to conduct electronic surveillance for physical search, in particular with the Foreign Intelligence Surveillance Court [FISC], the FISA court. ... In order to accomplish that, we have about 125, 130 people in the office, about 85 or 90 attorneys who do that work. They handle a variety of things in addition to preparing the FISA applications -- policy work, oversight, doing some litigation when a FISA target is prosecuted in a criminal case. ...
When I first got to the office as a line attorney in 1996, ... I think I was the sixth or the seventh attorney that was there working on FISA applications at that time. So obviously going from six or seven to 85 or 90 represents a huge growth over the past -- well, that's 11 years now. Right before 9/11, I'd have to check on the numbers, but I would say we had on the order of 20 or 25 people in the office at that time doing this kind of work.
Does that reflect a tremendous growth in the number of orders that your office is seeking from the FISA court?
It certainly reflects that. It reflects a growth in all of the work that I just mentioned, all the policy operations, litigation types of things that we do. But absolutely it reflects a growth in the FISA applications. They've grown from about -- going from memory now -- but about 750 or so in the early to mid-90s to over 2,000 in 2005, the last public number that we reported. We report the number of FISA applications every year, and we'll report the number for 2006 in a month or so.
Editor's Note: According According the OIPR's report to Congress (PDF file), dated April 27, 2007 there were 2,181 FISA application made in 2006, 2,176 of which were approved.
Somewhere between double and triple the numbers before 9/11.
Yes. That's exactly right.
Why is the FISA court and the FISA process so important?
FISA and the FISA court and the process is so important because the intention of Congress in enacting the FISA statute was to do two things simultaneously: It was to protect the security of Americans, to keep them safe from the threats posed by hostile foreign powers and their agents; and it was also intended to protect the privacy of Americans, to protect them from intrusions into their privacy as well as to protect them from abuses of national security authorities that had taken place prior to the enactment of FISA. Congress was quite plain that that was the purpose of enacting the statute.
So what we do every day, really to my mind -- and I've said this to our folks -- is we're enacting and we're implementing this very important statute to achieve those two goals at the same time. That can be a very difficult job on a day-to-day basis. It's a lot of pressure. It's a very detailed statute, very intricate and yet extremely flexible. People, I think, don't really appreciate how flexible it is. At the same time it does impose a process that we have to comply with, and we enforce the laws enacted by Congress.
So your office is really the front line of trying to reconcile and balance national security needs and civil liberties in privacy.
We're certainly trying to do that at all times, yes. Everybody through the system, from the FBI, the other intelligence agencies, they're all confronting those things as well. ...
Very little is said or known about the FISA court or the FISA judges, but at least one judge has made a few speeches here and there, a couple of times, Judge [Royce] Lamberth. He has referred to the process in terms of the court seeing itself as the last line of defense for civil liberties in the national security area. Is that a fair characterization from your standpoint?
Well, we can't start the collection until the FISA court says OK. In that sense, nothing happens until the FISA court signs off on the order, so certainly they are the last decision makers in that regard. ...
But this is a critical component of the checks and balances in our system in an area where secrecy is critical.
Secrecy absolutely is critical, because we're dealing with very sensitive sources and methods, very sensitive cases and so on. So yes, the American people need to have confidence that everybody in the system -- the FISA court judges, the people at OIPR [Office of Intelligence Policy and Review], the people in the agencies that are requesting these surveillances -- that we know what we're dealing with, because we're dealing with both their security and their civil liberties at the same time and making sure on a day-to-day basis that we reconcile those and that we get the balance correct every time. That's the pressure: to make sure that we're not tipping too far one way or the other. And that's the challenge. ...
Remember, there was a regime before FISA, and in that era presidents, going back to the beginning of electronic communications, authorized the collection of certain types of information without a warrant for national security purposes. It was a variety of controversies that came to a head in the 1970s that led Congress and the various administrations -- the Ford administration and the Carter administration -- to start the process of trying to change the regime under which that authority would be implemented.
That's when they came up with the statute that has standards for who can be a target. It has standards for what information can be collected and how it's going to be handled once it is collected, and then it interposes the FISA court between the collecting agencies and the thing that they want to try to obtain. So if you would describe that as checks and balances, that's another way to say it, but it's everybody working to try to find the right balance between security and civil liberties. ...
Talk to me a little bit about the way it works. ... People have referred to the FISA court as a rubber stamp. There are thousands of applications, and only a few have been rejected. ... What's the process in dealing with the FISA court?
I think folks don't really understand the process. They don't understand the give-and-take. Judge Lamberth has commented publicly about this in the past, but basically we receive requests from the intelligence agencies to conduct a particular surveillance, let's say, and so we work on the applications with them. We get it in shape; we get it to a point where it meets the requirements of the statute. At that point, it's signed by a high-ranking official in the executive branch, such as the director of the FBI, the secretary of defense, and then it's signed by the attorney general.
After it's signed by the attorney general it's filed with the FISA court, and then we have interactive process with the FISA court. So if they have questions -- they don't understand something about the application, they have a concern about the application some way, they don't think the facts are sufficient on a particular point or a particular element of the statute -- they'll ask us about it, and they'll say, "Well, do you have any more information on this one point?" We'll say: "We don't know, Judge. We'll go back and find out." We'll go back to the FBI field office, let's say, and ask them. They'll say, "Well, actually we do have some additional information." So we'll file a supplemental document, submit that to the court, and then the court might be satisfied, and then the matter is resolved; the application is approved.
So could the court, when it first got the application, just have received it, have the question, decided it was insufficient, denied it or issued some kind of order? I guess they could have in that kind of a scenario, but that's not how the process works. The process is more interactive than that, because it is what we call in the law an ex parte relationship. There's only one party appearing before the court. It's the United States, and so there's a robust back-and-forth. Remember, we're filing 2,000 applications a year.
A robust back-and-forth?
A robust back-and-forth every day. ...
And then negotiations back and forth on how an order might be put?
I wouldn't characterize it as negotiation. I don't think that's correct. But I would say there's back-and-forth, where the court will say they have a concern about a particular. ...
Do you wind up modifying many of the applications?
Yeah, we modify many of the applications. We will change them, resubmit them. Sometimes we are not able to work something out, so on occasion the court will flat-out deny an application or the court will modify the application. In other words, whatever we've come up with has not still satisfied the court, and so the court will do a modification. I think a couple of years ago -- again, going from memory here -- there was one year, let's say two years ago, where they modified 79 applications in the course of the year. So you have that.
In addition, with respect to the idea that the court is a rubber stamp, you have the one case that resulted in an appeal by the United States to the FISA Court of Review, the FISA appellate court, and that was from a decision by the FISA court where the court did not go along with some changes we wanted to make having to do with the wall [between intelligence and law enforcement]. So the court wrote an opinion that all seven members of the court at that time signed and rejecting in part what the government wanted to do. They published that opinion, and it resulted in the government taking the appeal. So there's an example [of] when the court took something seriously and thought that the government's approach was not correct. It issued an order and refused to go along with what we wanted to do.
... What does the FISA court look like?
The FISA court consists of 11 sitting federal district court judges. They are appointed by the chief justice of the United States for terms of up to seven years. They hear cases in Washington. Currently the court is in the Department of Justice building. ...
What is the courtroom like?
It looks like a conference room. It's a secure room. It's inside a secure area, if you will, that meets the requirements of the director of national intelligence for security of such locations. ...
It's got a big table in the middle of it, and we come in and appear. We bring in an FBI agent, and the agent is sworn. The court hears the particular matter, asks whatever questions the court wants to ask of the attorney, one of our attorneys or the FBI agent, and then rules on the application, signs it. The court has a clerk. It's just like a regular court in that sense.
So if you're doing 2,000 a year, you must be doing on average about 10 a day.
It's pretty busy. It's really quite busy. One judge rules on one application at a time, so they don't sit in a group or a panel of two or three or 11. It's one judge, one application, one time. They do have meetings where they come and hear issues of common concern to the court and talk about other administrative things, so they do get together as a group, but when they're ruling on an application, it's one judge, one application.
Now, this was the law written in 1978, the Foreign Intelligence Surveillance Act. Enormous changes have occurred in the world of communications. ... Has the FISA law, has the FISA court kept up with the times? Can it work in the 21st century?
In my opinion FISA works. It worked in the 20th century; it works today. Congress said when it enacted FISA, in the legislative history it said that no means of collection are barred by the statute. In other words, they wrote the statute to have the flexibility to allow us to collect any type of communications or information that meets the requirements of the statute. There's no type of collection that's prohibited by the statute. That's point number one.
I also think that FISA works in the 21st century because, as you know, the government recently filed applications with the FISA court regarding the terrorist surveillance program.
The president's [warrantless wiretapping] program.
Yes. So the FISA court approved those, and we think that the approval gives us the necessary speed and agility that we need today to fight the war on terror. ...
The third thing is FISA works because the information that you collect from FISA can be disseminated widely within the intelligence community, assuming that it meets the requirements of the statute and it can be used as evidence in a criminal case. So there is a certainty with respect to the legitimacy of the information that's collected with respect to FISA. ...
Let me just break that down for a moment. We've talked to a lot of people in the intelligence community, and some of them will say, "FISA moves too slow; it's too cumbersome." You deal with it day in and day out. Does it move too slow?
... We respond to the needs and the requirements of the intelligence community on a day-to-day basis, and part of the challenge is to make sure that we have a robust interaction with the intelligence community so that we can prioritize our work effectively and efficiently according to what they need. Urgent cases, emergency cases, cases that meet the requirements of the statute go through the system extremely quickly.
Sometimes when folks are concerned about what's happening with the statute that's moving too slowly, that may be because they're viewing it from the perspective of their particular case, and their particular case may not be the higher-priority case for the intelligence community. We adjust our resources accordingly.
You say emergency cases can be handled rapidly. How fast is fast?
There's a provision under FISA that allows the attorney general to approve an emergency surveillance or search without a court order for periods of up to 72 hours. The agencies know about this. We work with them on this all the time, and when they assess that they need to resort to that provision, they contact us right away.
But can you get approval ... in a matter of hours? In a matter of minutes?
When necessary, we can get it as promptly as we need to get it.
What does that mean?
We've done it in a matter of a day; we've done it in a matter of hours; we've done it in a matter of minutes. But the trick is that you get the authorization when the agency is ready to start the collection, and so we try to have those trains cross the finish line at the same time.
So some agent or some agency may say, "We need to do a wiretap here," but it takes them some time to actually get the technical means in place, and you're using the time to get the clearance from the court?
... We're using that time to make our legal assessments. The agency will independently determine that it needs to use the FISA emergency provisions, so they will then contact our office. We will then start a dialogue with them to make sure that all the criteria and requirements of the statute are met.
While the legal folks are working, at the same time the technical folks are working to get the pieces that they need to put into place ready. So the idea is when the technical folks are ready, we will have already resolved all of our legal questions. ... When they're ready, then they make the official call and say: "Yes, we're now ready to do the surveillance. Will you please seek the attorney general's approval?" And at that point in time we go to the attorney general.
All this can be done orally. There's no need for any paperwork. Usually there is some kind of paperwork -- there's a memo or an e-mail that we're working off of or something like that -- but it can be done orally, and then we'll call the attorney general, tell him what the situation is, and he'll approve it or not, and we go from there, and they can start the collection immediately.
So you're saying FISA can move very rapidly.
Very rapidly. Extremely rapidly. I just want to explain that the reason we do it that way is because we're under a 72-hour clock, and we don't want to start the clock running sooner than we need to. It is challenging to finish these applications within 72 hours, so we don't want to start the clock one minute sooner than we need to. It's just a very practical decision. ...
The point is, there's been no loss of foreign intelligence information. That's the key thing. ... The American people have not been put at any risk because of this process going on. The collection was not ready until it was ready, and once it was ready, we went and got the attorney general's approval. I'm not saying that we can always do it in one minute, but we can do it pretty quick, and we know how to do it, and we've done it many, many times. ...
... At the time the FISA law was written, the nature of communications was such that a foreign communication and a domestic communication were much easier to separate than they are today. ... Can the FISA law be applied in a way that works for modern Internet communications?
The Congress in 1978, when they enacted the statute, said quite explicitly that no means of collection were barred by the statute, so in other words, they didn't want to prohibit us from collecting any type of electron that was floating around anywhere. They wanted to enable the government to collect all that information.
What they wanted to do was to subject that collection to the statutory regime, and so that's why they wrote the definitions of electronic surveillance and the other parts of the statute that they did. So when we're having this debate -- and I've heard these comments before -- I just want the American people to be reassured that there's not some pot of electrons out there floating around that we can't somehow get at technically because of the regime that FISA sets up. There may be other limitations on what we're able to do. ...
You've described a process that is agile, flexible, fast and capable of dealing with the modern communications challenge. Gen. [Michael] Hayden, former head of the NSA, said they had to do the [warrantless wiretapping] program independently because he needed speed and agility. How do you reconcile that?
Well, as the attorney general has said, we now have taken the terrorist surveillance program under FISA, so there's a FISA order now that has replaced the president's authorization. The assessment of the executive branch, the intelligence agencies, the Justice Department is that the new system provides us with the speed and agility that we need just as Gen. Hayden was describing.
However, the attorney general has also said that it took us some time to get there and that we'd been working on this now for a couple of years, even before there was the disclosure in the press about the program. The applications that we filed are innovative. They're also complex. It took us a while to figure out how we were going to do this type of collection under the existing FISA statute without having it amended, and so it was a challenge; it took us time. We had five years of experience with dealing with Al Qaeda. We had five years of building up the law before the FISA court, building up precedents, getting to where we needed to be to be able to file this application, have the court consider it and then have them approve it.
Then if it could be done now, couldn't it have been done at the beginning?
The answer, I think, is that it's being done now and that it took us a while to get to this point. ...
After 9/11, was the court ever approached by you or by the executive branch and asked whether or not this kind of program could have been put under the court?
I don't want to go into the specifics of what exactly we talked about with the court and when. Suffice it to say that it was a lengthy process of debate and discussion within the executive branch and then discussion with the FISA court to get to the point where the court believed that it could approve and did approve the order in January of 2007.
But if we take that lengthy process and we take your description and others' that it was two years, that takes us back to 2005. That doesn't take us back to 2001. My question was whether or not there was an approach made or the court was asked, as opposed to being informed, whether or not this program could have been done under the FISA statute and under the FISA process.
Well, I guess that I understand your question. The best answer I can give you, I think, is that the FISA court was asked to consider this when we filed the application. That was later in 2006, so the court really had nothing formally before it until it had a formal application signed by appropriate executive branch officials. ...
Now you're the point man, the connection between the executive branch, the Justice Department and the FISA court. Was your advice sought on the question of whether or not this could be done under FISA back in 2001/2002?
I don't want to talk about what advice I gave particularly. I'm a lawyer for the government, and there are rules about what I can disclose with respect to giving advice to my clients. But obviously, since the application went to the FISA court, I was involved in the process. I don't really want to describe the details of the advice, describe in detail the advice I gave to anybody inside the administration. ...
Let me just understand a couple points of law. Foreign communications -- communications between one foreign party and another foreign party -- have been monitored by the National Security Agency, signals intelligence, for years. ... There's now a huge volume of foreign-to-foreign communication that actually flows through switching points in the United States. ... Does the FISA law reach that? Does it require a warrant, or is that outside the jurisdiction of FISA?
Well, first of all, I don't believe that it's appropriate for me to comment on any particular type of collection technique, so I'm not going to comment one way or the other on what we can do or can't do with respect to the type of collection that you're discussing. ...
With respect to the FISA statute itself, what does the law say? The law is focused on protecting Americans, and that can be a citizen or a permanent resident alien here or a corporation. ... The law is focused on protecting Americans in the United States from having their communications or their privacy intruded upon. ... So if you're talking about a call from one city overseas to another city overseas, provided that there's not an American on the phone there, the statute is not intended to try to cover that kind of collection. ...
Now, another thing that's come up is call data records, the to-and-from information: who called whom, how long did they talk, what kind of networks there are that you can get through addressing information. The same goes for the Internet. ... Is that protected constitutionally by the Fourth Amendment, or does the government have means of legally obtaining these call data records without any approach to FISA?
First of all, analyzing the calling pattern, the telephone calls that a particular person makes, has been a standard law enforcement technique for many, many years. Obtaining those kinds of records through whatever means, through getting the actual billing records from the phone company or doing something called a pen register, which records the dialing data as it's being transmitted over the phone, that's been a standard thing that's been done in criminal cases for years and years and years. ...
There are a variety of different provisions of federal law that deal with that kind of information, those kinds of communications. The Supreme Court has said that the dialing records, the information about your phone calls, who you're calling and what date and time a telephone call takes place -- separated from what's actually being said -- is not protected by the Fourth Amendment. It is protected, however, by a variety of statutes, including FISA, which does cover the collection of that kind of dialing information. But there are other parts of federal law that cover it as well. ...
So if a calling record is relevant to an investigation of terrorism, that kind of record can be obtained by the government, by the FBI, by the NSA, by a variety of agencies through legal means, either FISA or otherwise. Is that right?
Yes, that's right. There's a variety of different legal means that allow the government to collect the dialing data. It depends on whether you're going to collect it in real time [or] whether you're going to get a billing record. [Those are] different thresholds you have to meet. As you said, the basic threshold that's the common thread through these different provisions is relevance, so it's a different standard from a warrant. A warrant is based on probable cause. Relevance is something less than that, but that is the showing that the government has to make.
And that has nothing to do with the kind of thing that was covered by the president's terrorist surveillance program; it's a separate kind of collection. Is that right?
I'm not going to talk about the specifics of the terrorist surveillance program. The president has said that it involves the collection of communications that have one end outside the United States and where there's probable cause to believe that one of the communicants is a member agent of Al Qaeda or an affiliated group. Beyond that I'm not going to comment on the actual collection under the terrorist surveillance program.
Let me ask you about what constitutes collection. There are disputes, and indeed in doing our reporting, we've had people say collection occurs at the moment that a wiretap is placed on, and other people say no, it's not until some human being listens to, reads, tries to analyze the communication. What does the FISA law say?
The FISA law talks in terms of acquisition of communications, and it differs. When you acquire something differs depending upon what it is that you're acquiring. So if you're acquiring something off of a telephone wire, a normal telephone call, acquisition occurs at one point in time. If you're acquiring something from a microphone in a room, that's slightly different. And so the law in the FISA world and the rulings of the FISA court and the filings of the government have had to adjust over time to different types of collection that we're doing, different types of acquisition. So we have, within the FISA law, developed a variety of methods to address the changes in modern communications and dealing with this exact question of when something is acquired. …
... What do you do in a case where you need to single out somebody's communication apart from everybody else's? What do you do to protect the privacy of Americans who are innocent and who are not relevant to the investigation?
... Every FISA application has to have minimization procedures. Those minimization procedures require us to reduce the amount of irrelevant [information], meaning substantively irrelevant or irrelevant because it has to do with some other person who we're not interested in. Every application has to have with it these procedures, and they require us to reduce the amount of irrelevant information that we acquire, the amount of irrelevant information that we retain and the amount of irrelevant information that we disseminate, so those three different stages of minimization. ...
So what you're saying is that with modern communications, it's almost inevitable that you're going to collect, in the sense of initially acquire, communications of innocent people, of Americans who are not suspected of terrorism, but then you have to have built into the process some way of sealing them off, getting rid of them, letting them flow back into the ether.
You have to do something. That's a fair assessment. You have to do something to protect the privacy of these irrelevant communications. And it's not just modern technology. This goes back -- you know, if you think of a telephone, you're doing a surveillance of a standard telephone, again, at a residence. Well, the person, the target may be there, and he may be the spy that you're worried about or the terrorist, but you know the wife will use the phone; the other family members will use the phone; somebody might be over at the house using the phone. And all that other stuff is going to be irrelevant, too. So we've always had to have these procedures to protect the privacy of these innocent people.
But the larger the volume of traffic, the more you have terrorists traveling around trying to hide themselves among ordinary people and look ordinary, the more you're going to necessarily bump into this problem of collecting information on people who are not relevant to the investigation. Is that right? ...
The issue is that -- without regard to what technique you're using -- the more you collect, the more you collect irrelevant information, and the more that you know going in that you're going to collect irrelevant information, the more you have to have thought that out and have adequate procedures in place to deal with that that will satisfy the court, because the court is going to look at these and say whether or not they think it's adequate. So you have to have in place these procedures that are well thought-out. ...
What's the heart of the difference between going through the FISA process and doing that National Security Agency eavesdropping program the way the president ordered?
Let me try to answer your question in this way. When people talk about modernizing FISA and the need to modernize FISA, when you step back and think about it for a moment, what's really going on is an effort to try to change the definition of electronic surveillance under FISA. ...
The way FISA is constructed now, certain things, if they fall within the definition of electronic surveillance, have to be approved by the FISA court before you can start collection. If you change the definition of electronic surveillance so that you carve out certain types of communication, then somebody else other than the FISA court could approve that. It could be the president; it could be the attorney general; could be somebody down at the FBI field office or at the NSA -- wherever the determination is made that this is the appropriate official to do that. So what you're really talking about when you talk about modernization of FISA, at the end of the day, you're really talking about who's going to approve a particular type of collection on a particular type of communication stream. ...
[Now that the terrorist surveillance program is under the FISA court,] is it subject to periodic repeated review?
Yes. Every FISA application has an expiration date, and you have to come back to the court if you want to continue your collection. So usually it's 90 days; in certain circumstances it can be up to a year if you're not targeting Americans.
Does that review not only include a review of whether or not it's actually working on the targeting but whether or not this minimization for the protection of Americans is working effectively?
Well, the court certainly assesses whether minimization is working at every renewal. It also can assess whether minimization is working at any time during the surveillance itself. ...
To your knowledge, did the National Security Agency follow the same standards as the FISA court would have followed? The attorney general and Gen. Hayden, the former director of NSA, have said several times that "reasonable suspicion" would be adequate to target somebody. The language of the law says "probable cause." Gen. Hayden has talked about a softer, more flexible standard. Does that mean the standards were different, or were they essentially the same?
We've said publicly that the standard "reasonable grounds to believe" is in essence "probable cause." It's the same thing said slightly differently, but it's the same standard. And keep in mind you're talking about two different things here. There's a standard for collection. There's a standard for initiating the collection. Then there are different rules that apply with respect to minimization and what you do with communications once collected that you decide are irrelevant. So you've got two things going on at the same time, and you need flexibility with respect to both of those provisions. ...
People have said they think FISA needs to be updated, modernized, changed. What do you think?
... I submit that FISA works today. I believe that it's been effective in protecting the American people from threats from foreign powers, from hostile terrorist groups, from hostile foreign governments, and at the same time it's been effective in protecting the American people's privacy. ...
I think it's important to remember, for example, that the Fourth Amendment, one of the cornerstones of our liberty and of our Constitution, was written by people who had never seen a light bulb. So obviously lots of things have changed since the 18th century, and I don't believe the people are seriously debating whether the Fourth Amendment needs to be changed today. ...
Somebody we talked to, a former official in the administration, [may] even have been a former lawyer, said that the FISA standards could not be applied to the kind of sophisticated collection we need to engage in with modern communications.
Well, the standard under FISA you have to meet in order to start collection is probable cause and --
That somebody is a foreign agent?
That the target is an agent of a foreign power or a foreign power and that the target is using or about to use the facilities, the things or the places where you're going to direct the surveillance. So you have to have probable cause on those two points. ...
As the Supreme Court has made clear, the probable cause standard really is pretty flexible. It's not something that can be reduced to a mathematical percentage. ... What it is, is a fair probability based on the totality of the circumstances of the case. ... So at the end of the day, I would submit that it really is a pretty flexible standard to work with. ...