Authorization request must include a description of the technical risks of individual measures

Recent reforms of intelligence and national security legislation have thickened the catalogue of requirements regarding the ex ante authorization process for various modes of intelligence collection. In the Netherlands, the written authorization process for bulk hacking requires a description of the technical risks that it may pose. In addition, Dutch intelligence services must also “keep a record of the technical risks that are associated with the use of that investigatory power, in any case where they deviate from the description in the authorization request.”

The latter is particularly important because this record can then be scrutinized by the ex post intelligence oversight process.

Type of automated processing accounted for in warrants

Warrants for foreign-foreign intelligence must include the type of automated processing that can be implemented, specifying its purpose. Stating exactly how a bulk dataset is processed and exploited may enable reviewers to better assess the privacy intrusions that are generated by the respective operation. The level of privacy intrusions and the effects on other fundamental rights may differ based on what kind of examination is performed, and for what aim. In France, however, such applications for the exploitation of bulk metadata are authorized by the French prime minister and not independently reviewed by an oversight body.t

Specific requirements to make the “intelligence case” in a bulk SIGINT application

The CSE Act (Section 34 (2) (b)) requires the Canadian foreign intelligence service (CSE) to independently demonstrate in their application why the information to be acquired in bulk (in Canadian terms: unselected information) “could not reasonably be acquired by other means” – that is, to demonstrate why less intrusive collection methods are insufficient. Codifying such a specification in law (as opposed to an executive decree) is prima facie a much stronger safeguard, because governments cannot change it at will. Naturally, lawmakers are not immune to adopting underwhelming provisions, which, once adopted, are also harder to change. Another advantage with codified provisions is that the public can have more trust in the rigorousness of the proportionality check, and the authorization body has a firm right to a more detailed explanation by the services. In Switzerland, similarly, the law explicitly demands that warrants for bulk surveillance must contain an explanation of necessity.



Warrants for test and practice purposes

Probing the suitability of telecommunications networks for bulk surveillance activities, for example to determine suitable search terms, is an important SIGINT activity. Such feasibility and effectiveness tests often already imply large-scale data interception. New Zealand has included a rule in its intelligence law that improves the protection of fundamental rights during said aptitude examinations. According to “Part 4 Authorizations – Subpart 3 – Practice Warrants – Section 91 – Application for issue of Practice Warrant,” the Intelligence and Security Act 2017 establishes a detailed approval process with the participation of the Chief Commissioner of Intelligence Warrants and the Inspector General. “A testing warrant authorises an intelligence and security agency to carry out an otherwise unlawful activity that is necessary to test, maintain, or develop the capability of the agency in relation to the performance of its statutory functions.”

Predefining specific fiber optic cables to be intercepted

The explanatory memorandum of the Dutch government noted that warrants should typically specify what (fiber) cables are to be intercepted. Stipulating the concrete technical infrastructure that is to be intercepted can be an important restriction. In the United States, orders issued for intelligence surveillance under the Foreign Intelligence Surveillance Act (FISA) must specify the device, account, or “facility” (50 U.S. Code 1805(a)) for which surveillance is to be applied. Naming a specific cable could qualify as a facility in that sense. This can be an important aspect for assessing the proportionality of the operation in question, because fewer people might be affected if a specific access point for intercepting a certain communication stream is assigned.



Restriction on the number of agencies allowed to use the data

According to the French foreign intelligence law, only the services named in the warrant are allowed to process the collected data. This specification is a protection against subsequent interagency data-sharing. Furthermore, the provision determines that the purpose stated in the warrant may not be changed, and the data may not be used for other purposes. This rule limits the unforeseen spillovers of collected data from one intelligence service to another. Other agencies that may develop an interest in the collected data are prevented from performing unwarranted “searches on top of searches” with such a requirement.


Application Process

With a warrant, the intelligence service (or, as the case may be, the ministry performing executive control over a particular intelligence service) submits an application for authorization to collect data in bulk. Warrants need to describe and delimit bulk SIGINT measures based on specific criteria regarding both the form and content of the warrants that are set out in law. Warrants are a core element of accountability in intelligence governance, although they have to provide details and particularity in order to constitute an effective safeguard against overly intrusive surveillance authorities. In the SIGINT world, warrants might therefore be tied to classes of individuals or activities rather than specific persons.

Although terminology is tricky and warrants for untargeted collection or bulk surveillance are not a feature of some legal systems, they are included here as a useful comparative category. Warrants can be a powerful tool to specify the minimization rules, the authorization requirements, and the purpose limitations of a measure. The more specificity a bulk warrant can provide, the better its protective function. Warrants may also be used to exclude certain data categories from collection and limit the use of the data collected.

It is important to note that many such limits and conditions could appear in a law governing intelligence surveillance. The major advantage of warrants, though, is the active involvement of an independent judicial authorization body before the collection begins (see phase 3), which allows for case-by-case controls. Ideally, a clear legal mandate is combined with obligatory, independent, ex-ante controls of all applications for bulk data collection.