FISA Amendments Act – FISA 702
In the course of the proceedings before the European Court of Justice Schrems2 and even before that, the question of actual compliance with European standards was raised. This is essential in addition to the EU standard contract clauses. In the context of this blog series I will go into the various critical US laws and judgements.
FISA Amendments Act
The FISA Amendments Act, as amended in 2008, deals with the procedure for obtaining communications from certain persons outside the United States. This is precisely the work in the intelligence community that is going on in the U.S. through the desk of the Attorney General and the Director of National Intelligence. The content of the law is that, upon request, digital attacks on persons can also be carried out abroad, data such as emails can be intercepted and evaluated by the intelligence services.
Impact on Microsoft Azure and Microsoft 365
In the context of the FISA Amendments Act, Microsoft must now explain how it protects the customer data of citizens in the EU within the scope of this Act and what procedures are specifically provided for and adhered to in order to maintain the protection of personal data at the level of the EU.
In my opinion, this could be possible in an extensive examination, it depends on the clearly defined standard, because in Germany and the EU there are secret service investigations that apply to domestic and foreign persons. This is done, for example, by GCHQ (Gorernment Communications Headquaters) the British secret service, which uses the same methods. A comprehensive legal opinion has to be drawn up on this. My last legal opinions in cooperation with US attorneys amounted to 50-85 pages.
This statement is currently missing from Microsoft.
H.R.6304 – FISA Amendments Act of 2008
Congress 110 / https://www.congress.gov/bill/110th-congress/house-bill/6304 / called up on 29.08.2020
Public Law No: 110-261 (07/10/2008)
(This measure has not been amended since it was introduced. The summary has been expanded because action occurred on the measure.)
Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008 or FISA Amendments Act of 2008 – Title I: Foreign Intelligence Surveillance – (Sec. 101) Amends the Foreign Intelligence Surveillance Act of 1978 (FISA) to add a new title concerning additional procedures for acquiring the communications of certain persons outside the United States.
Authorizes the Attorney General (AG) and Director of National Intelligence (DNI) to jointly authorize, for periods up to one year, the targeting (electronic surveillance) of persons located outside the United States in order to acquire foreign intelligence information, under specified limitations, including: (1) prohibiting an acquisition intentionally targeting a person reasonably believed to be outside the United States in order to acquire the communications of a specific person reasonably believed to be inside the United States; and (2) requiring the targeting to be conducted in a manner consistent with the fourth amendment to the Constitution. Requires: (1) certain targeting and minimization procedures to be followed; (2) the AG to adopt guidelines to ensure that such limitations and procedures are followed; (3) the AG to submit such guidelines to the congressional intelligence and judiciary committees and the Foreign Intelligence Surveillance Court (Court) for review; and (4) prior to such targeting, a certification by the AG and DNI as to the necessity of such targeting and that appropriate procedures and limitations will be followed. Allows the AG and DNI, if immediate targeting is determined to be required due to an emergency situation, to commence such targeting, but to submit the certification within seven days of such determination. Requires all certifications to be submitted to the Court for review.
Authorizes the AG and DNI to direct an electronic communication service provider to: (1) immediately provide the government with all information, facilities, and assistance necessary to accomplish an acquisition; and (2) maintain under security procedures any records concerning such acquisition. Outlines legal procedures with respect to directive challenges, standards for review, enforcement, and appeals. Provides for: (1) judicial review of certifications and targeting and minimization procedures; and (2) review of Court rulings by the Foreign Intelligence Surveillance Court of Review (with certiorari to the Supreme Court). Outlines conditions under which the AG and DNI may, through the Court: (1) replace a targeting acquisition already in effect before the enactment of this Act with an acquisition authorized under this Act; or (2) reauthorize a current acquisition under the procedures and guidelines of this Act. Requires Court maintenance and security of records and proceedings with respect to acquisition applications, orders, appeals, and determinations.
Requires the AG and DNI, at least every six months, to: (1) assess compliance with required targeting and minimization procedures and related guidelines; and (2) submit assessment results to the Court and the intelligence and judiciary committees. Authorizes inspectors general of the Department of Justice (DOJ) and elements of the intelligence community (IC) authorized to acquire foreign intelligence information to review their agency or element’s compliance with such procedures and guidelines and provide review results to the AG, the DNI, and the intelligence and judiciary committees. Requires the head of any IC element conducting an acquisition of foreign intelligence information to annually review such acquisitions and report review results to the Court, the AG, the DNI, and the intelligence and judiciary committees.
Provides Court jurisdiction for approving the targeting of a U.S. person located outside the United States when the acquisition of information is conducted inside the United States. Requires an application for such acquisition to be made by a federal officer (and approved by the AG), and to contain certain requirements, including that the target is believed to be a foreign power or agent, officer, or employee of a foreign power. Provides for judicial review of a Court order approving such an acquisition. Makes approval orders effective for 90 days, with authorized 90-day renewals. Allows the AG to authorize an emergency acquisition of such a target under certain circumstances, including: (1) determining that an emergency exists; (2) informing a Court judge of such determination; and (3) applying within seven days for a Court order authorizing such surveillance. Provides similar Court jurisdiction and outlines similar procedures for the acquisition (and emergency acquisition) by an IC element of a physical search.
Authorizes the: (1) joint applications and concurrent approvals of requests for acquisitions proposed to be conducted both inside and outside the United States; and (2) concurrent authorizations of electronic surveillance and physical searches.
Directs the AG to report semiannually to the intelligence and judiciary committees concerning the implementation of acquisition requirements.
(Sec. 102) States that, other than by express statutory authorization, FISA and the procedures of chapters 119 (Wire and Electronic Communications Interception and Interception of Oral Communications), 121 (Stored Wire and Electronic Communications and Transactional Records Access), and 206 (Pen Registers and Trap and Trace Devices) of the federal criminal code shall be the exclusive means by which electronic surveillance and the interception of domestic wire, oral, or electronic communications may be conducted.
(Sec. 103) Requires the AG to submit semiannually to the intelligence committees copies of any orders of the Court or the Foreign Intelligence Surveillance Court of Review that include significant construction or interpretation of FISA, including any such orders issued during the five-year period before the enactment of this Act. Allows for the redaction of submitted materials for the protection of national security.
(Sec. 104) Revises provisions concerning the application for, and issuance of, Court orders, including provisions concerning paperwork requirements and government officials who may authorize FISA actions.
(Sec. 105) Allows the AG to authorize the emergency employment of electronic surveillance if the AG, among other things: (1) determines that an emergency exists; (2) informs a Court judge of such determination; and (3) applies for a Court order authorizing such surveillance.
(Sec. 107) Provides similar revisions and outlines similar procedures as in sections 104 and 105 above for the emergency employment of physical searches.
(Sec. 108) Requires the AG, after authorizing the installation and use of a pen register or trap and trace device on an emergency basis, to apply to the Court for an authorization order within seven days (current law requires 48 hours) after the emergency installation and use.
(Sec. 109) Authorizes the Court to sit en banc when: (1) necessary to secure or maintain uniformity of Court decisions; or (2) the proceeding involves a question of exceptional importance.
(Sec. 110) Authorizes the acquisition of foreign intelligence information from an entity not substantially composed of U.S. persons that is engaged in the international proliferation of weapons of mass destruction, or in activities in preparation therefor on behalf of a foreign power.
Title II: Protections for Electronic Communication Service Providers – (Sec. 201) Prohibits any federal or civil action against any person (including an electronic communication service provider or a landlord or custodian) providing surveillance assistance to an IC element if the AG certifies that such assistance was: (1) provided pursuant to an order or directive under FISA; (2) in connection with an intelligence activity authorized by the President during the period beginning on September 11, 2001, and ending on January 17, 2007, and designed to detect or prevent a terrorist attack against the United States; (3) the subject of a written request from the AG or IC element head to the provider indicating that the activity was authorized by the President and determined to be lawful; or (4) not provided. Allows for the judicial review of such certifications. Limits certification disclosure for national security purposes. Prohibits state law preemption of the protections afforded assistance providers under this section. Requires semiannual reports from the AG to the intelligence and judiciary committees on the implementation of this title.
Title III: Review of Previous Actions – (Sec. 301) Directs the inspectors general of DOJ, the Office of the DNI, the National Security Agency (NSA), the Department of Defense (DOD), and any other IC element that participated in the President’s Surveillance Program (a program authorized by the President during the period beginning on September 11, 2001, and ending on January 17, 2007, and including the program commonly known as the Terrorist Surveillance Program) to: (1) conduct a review of, among other things, the establishment, implementation, product, and use of the product of the Program; and (2) provide an interim and final review report to the intelligence and judiciary committees. Allows for, in conjunction with such reviews, expedited security clearances and the hiring of necessary additional personnel.
Title IV: Other Provisions – (Sec. 401) Provides severability protections for this Act and its amendments.
(Sec. 403) Repeals FISA provisions made inconsistent by provisions of this Act.
(Sec. 404) Outlines transition procedures”