Introduction
President Biden recently signed into law a bill that reauthorizes Section 702 of the Foreign Intelligence Surveillance Act (FISA) while incorporating reforms to enhance the protection of privacy and civil liberties for Americans.
This legislation has been a focal point for policy and privacy professionals in recent months, sparking discussions about potential amendments to this crucial aspect of U.S. surveillance law. FISA Section 702 permits limited warrantless surveillance of specific communications and necessitates regular congressional renewal.
The bill passed with a 60-34 votes in the chamber, endorsing the renewal of Section 702, which grants the U.S. government the authority to collect digital communications from foreigners outside the nation’s borders.
Notably, the legislation includes provisions aimed at preventing the misuse of this surveillance authority.
Despite its primary focus on foreign targets, Section 702 also captures the communications of American citizens. Moreover, it empowers the FBI to search through collected data without obtaining a warrant, leveraging identifiers like email addresses.
FISA Section 702
Section 702 of the Foreign Intelligence Surveillance Act (FISA) was initially enacted in 2008 following a post-9/11 examination that highlighted the shortcomings of the strict division between foreign and domestic intelligence, which contributed to the inability of national security agencies to thwart the attack.
Section 702 invests the National Security Agency (NSA) with the authority to intercept communications from non-U.S. individuals located outside the United States for the purpose of foreign intelligence gathering.
These intercepted communications can be stored for approximately five years, enabling the intelligence community to conduct specific queries on the collected data.
Traditionally, electronic surveillance under FISA requires the government to petition the Foreign Intelligence Surveillance Court (FISC) for an order approving surveillance against authorized targets to gather foreign intelligence. This process typically entails providing information about the target’s identity, reasons for suspicion, and demonstrating that the targeted facilities are linked to foreign powers.
However, Section 702 presents an alternative approach for acquiring foreign intelligence when the target is a non-U.S. person believed to be outside the United States.
Under Section 702, the Attorney General (AG) and the Director of National Intelligence (DNI) can jointly certify to the FISC, outlining targeting, minimization, and querying procedures.
If the FISC deems the certification satisfactory, the AG and DNI may authorize the collection of foreign intelligence information for up to one year, subject to court-approved procedures.
Unlike traditional FISA procedures, Section 702 does not necessitate probable-cause determinations for individual targets; instead, it permits broad authorization of government surveillance for a specified duration.
Moreover, Section 702 mandates the approval of querying procedures by the FISC, regulating the government’s access to and search of information collected under this provision.
Additionally, if the Federal Bureau of Investigation (FBI) seeks to access communication contents retrieved through Section 702 queries using U.S.-person terms for a non-national security-related criminal investigation, it typically requires a FISC order for such access.
Key Concerns Being Raised
Section 702 enables the U.S. government to conduct surveillance of foreign individuals located abroad from within the United States. This surveillance mechanism involves collaboration with major telecommunications service providers, through which significant volumes of Internet traffic are accessed, and communications identified by the government’s undisclosed criteria are intercepted. This constitutes just a fraction of the extensive and costly program. Despite Section 702’s prohibition against deliberately targeting Americans in mass surveillance activities, both the NSA and FBI routinely gather a vast quantity of innocent Americans’ communications “incidentally.”
Subsequently, the government retains the ability to conduct warrantless, backdoor searches on these communications collected “incidentally.”
Moreover, the government has repeatedly flouted the relatively lenient regulations governing the handling of the immense volume of data amassed under Section 702, frequently abusing its authority by combing through its databases for communications involving Americans.
In a troubling revelation from 2021, the FBI disclosed conducting as many as 3.4 million warrantless searches of Section 702 data using American identifiers. Given this history of misuse, it is perplexing why Congress would opt to expand rather than restrain the government’s authority under Section 702.
One particularly egregious aspect of the expansion under the Reauthorization of the Intelligence Surveillance Act (RISAA) is the broad and vaguely defined extension of entities required to furnish information to the NSA and FBI.
This provision purportedly responds to a 2023 ruling by the Foreign Intelligence Surveillance Court of Review, which rejected the government’s assertion that an unidentified company was subject to Section 702 under certain circumstances.
While the New York Times suggests that the undisclosed company from this FISC opinion was a data center, the new provision is drafted expansively enough to potentially encompass any individual or entity with access to equipment facilitating the transmission or storage of electronic communications, regardless of their direct involvement as a service provider.
This broad interpretation could encompass individuals such as landlords, maintenance personnel, and others who routinely interact with communications on the interconnected internet.
Furthermore, RISAA broadens FISA’s definition of “foreign intelligence” to encompass “counternarcotics,” allowing the government to employ FISA for collecting information not only on the international production, distribution, or financing of illicit drugs but also on their precursors.
While FISA surveillance has historically extended beyond terrorism and counterespionage, RISAA’s inclusion of ordinary crime within FISA’s purview is deemed unacceptable by critics.
The RISAA introduces provisions allowing the government to utilize Section 702 for screening immigrants and asylum seekers. Notably, a Foreign Intelligence Surveillance Court (FISC) opinion from 2023 revealed the FISC’s repeated rejection of government attempts to acquire this authority, eventually granting it for the first time in 2023.
By formalizing the reduction of Section 702’s protections for immigrants and asylum seekers, RISAA heightens the risk of potential discrimination by government officials based on factors such as sexuality, gender identity, religion, or political beliefs.
Way Ahead and Conclusion
Nevertheless, this episode underscores how Congress often grants considerable leeway to the NSA and FBI, with any meaningful limitations that protect citizens swiftly brushed aside, despite the FISA Court’s efforts to safeguard rights.
Author:
Kosha Doshi
Legal Intern Data Privacy and Digital Law at EU Digital Partners
Kosha is a co-author of “Facial Recognition at CrossRoads: Policy Perspectives on Disruption and Innovation” at Closing the Gap 2023 | Emerging and Disruptive Technologies: Regional Perspectives Conference in the Hague, Netherlands.
