The second half of the NSA Inspector General's report on STELLWARWIND identifies the legal obstacles NSA faced in regularizing and legitimizing a program that was born and reared in secrecy, around and outside of the established Foreign Intelligence Surveillance Court framework.
The report confirms that Acting Attorney General James Comey objected in March of 2004 to the bulk collection of internet data, and that the collection of said data did not continue until additional filtering and minimization mechanisms were put into place to satisfy Comey's concerns. This included more specific information on the "data links and the number of people who could access the data." For the first time, then, the directive came from the FISA court itself, and not from the attorney general.
Three months later, the collection of internet metadata continued. When the New York Times revealed the existence of part of the program in 2005, at least one company requested a more solid legal foundation for the requests his company was getting. This led to a panic at NSA, and a search at the Justice Department for a better way to conduct the program.
As I've reported, some in the DOJ wanted to go to Congress and ask them to revise FISA at this point, but the White House and NSA did not think that would be necessary. The NSA, Justice Department, and FISA court decided that the business records provision of the PATRIOT Act was sufficient for the metadata directives, and the companies were apparently satisfied. BUT — the FISA court insisted on procedures that did not track with the technology was using at the time.
This led to a garbage-in, garbage-out problem: Getting a FISA order for each target (domestic and international) that was acquired through STELLARWIND was difficult.
The Justice Department asked FISA whether it could declare that the mechanisms that transited through the U.S. and were used by international terrorists could be designated as "facilities" that the NSA could collect content from. FISA said, well, yes, for foreign targets. That is, the NSA could now intercept phone calls and emails from the specific cable or gateway that was used by the bad guys to communicate.
That way, they wouldn't have to bombard the FISA court with new emails and telephone numbers that the international targets were using. FISA said this was fine — but that domestic targets still required a separate order.
Under the new FISA rules, the amount of email and telephone content intercepted by NSA from international targets using the STELLARWIND procedures decreased by 73 percent after. Because so few domestic phone calls and emails were being monitored, the FBI took over more and more of the duties, and eventually, in 2009, took over ALL of the domestic content interception. That means that the FBI, not NSA, now seeks a FISA order to collect on the domestic end of an international call or email if warranted.
The difficulties faced by NSA during this period — from roughly the middle of 2006 onward, forced them to beg Congress to act, which it did, passing the Protect Americans Act in 2007 and then the FISA Amendments Act of 2008.
The NSA was rewarded for its patience: Now it can conduct significant metadata analysis of a LOT more types of data and can collect for purposes unrelated to terrorism, like counter-intelligence, counter-espionage, and counter-narcotics.