COULD A COMMUNICATION SERVICE PROVIDER BE HELD LIABLE FOR IMPLEMENTING AN INVALID FISA ORDER?

March 26, 2020
COULD A COMMUNICATION SERVICE PROVIDER BE HELD
LIABLE FOR IMPLEMENTING AN INVALID FISA ORDER?

Congress is debating whether to renew certain provisions of the Foreign Intelligence Surveillance Act (“FISA”) and whether the renewal authority should include reforms designed to limit FISA investigations. The controversy was sparked by a Department of Justice inspector general report, which revealed that the DOJ and FBI had abused the FISA process during their investigation of Russian involvement in the 2016 presidential election. Specifically, the report found the law enforcement agencies had made “significant errors and omissions” when applying for FISA orders to wiretap an advisor to President Trump’s election campaign. The malfeasance had wrongly induced the FISA court to issue orders for electronic surveillance that lacked the requisite probable cause.

In an investigation when law enforcement agents serve an invalid surveillance order on a communication service provider (CSP), what are the consequences? Can a CSP be penalized for conducting unauthorized surveillance?

When a CSP is served with a surveillance order, whether the order is served under the FISA statute (for foreign intelligence investigations) or the Wiretap Act (in criminal probes), the provider should have someone with appropriate expertise review the order for validity. If the order is invalid on its face, the network owner should notify the case agent and ask for the defect to be cured. The agent may need to have the order revised and reauthorized by the presiding judge. A good understanding of the surveillance statutes and related case law may be needed to persuade the agent that the legal re-write is needed. Otherwise the situation may become confrontational.

Validating the surveillance order is important for two reasons. If a CSP disregards this step and participates in unauthorized surveillance, it could suffer criminal penalties. In addition, the CSP could be sued by the aggrieved subscriber.

Now consider a tougher question. Say the CSP properly reviews a surveillance order and determines it is facially valid but later learns the order was defective. Maybe the law enforcement agency omitted key facts when applying for the surveillance approval. Or maybe the judge lacked jurisdiction to issue the order. A CSP is not required to investigate the entire judicial process. As long as the CSP finds the order is facially valid, it will be immune from prosecution by the government and lawsuits from subscribers. “Statutory immunity” protects CSPs from due process failures beyond their control. Consequently, if an order that appears facially valid turns out to be the product of a misrepresentation by a law enforcement agent, or a jurisdictional overreach by a judge, the CSP is off the hook.

Does statutory immunity protect a CSP when responding to court orders and subpoenas for stored records? Yes. As long as the service provider reviews the due process for validity and confirms it is facially valid, it may disclose the requested subscriber records to the law enforcement agent without fear of liability. At the trial stage of the proceeding, if defense counsel shows that the court or law enforcement agent lacked authority to issue the legal instrument, the agency may be penalized but the service provider would not.

In sum, CSPs bear a responsibility to validate documents demanding assistance to law enforcement, and they should be prepared to serve that role. But the burden is a reasonable one. It keeps industry from getting blamed for improper government actions like the surveillance in the FISA/Russia scandal.

Copyright © Subsentio, Inc. 2026 All Rights Reserved. No part of this website may be reproduced without Subsentio’s express consent.