Since the attacks by Hamas militants on Israel on Oct. 7, U.S. intelligence officials say the war abroad has “sharpened the focus of potential attacks” in the U.S. and are reminding Congress that it is running out of time to reauthorize a key provision of the Foreign Intelligence Surveillance Act (FISA).
Section 702 of the act, which allows the government to collect the communications of certain foreigners abroad without a warrant, including text messages, emails and phone calls, expires on Dec. 31.
The government has been pressing for its renewal over the objections of a number of Republicans and Democrats who distrust the provision for different reasons. FBI Director Chris Wray said in a hearing on worldwide threats earlier this month that 702 is a critical tool to protect the homeland from hostile foreign threats.
“Loss of this vital provision, or its reauthorization in a narrowed form, would raise profound risks,” said Wray. “For the FBI in particular, either outcome could mean substantially impairing, or in some cases entirely eliminating, our ability to find and disrupt many of the most serious security threats.”
In the GOP-led House, Speaker Mike Johnson of Louisiana and House Judiciary Chairman Jim Jordan of Ohio have both been vocal critics of Section 702. In 2022, they wrote to Wray to call for reforms to address concerns they had about FBI oversight of the program and their fear that the FBI has disregarded Americans’ constitutional rights in the course of using the authority.
Republicans and Democrats alike are concerned about the conversations of Americans swept up under Section 702. In collecting communications of foreigners outside the U.S., the information of Americans who are in contact with these foreigners may also be gathered.
Intelligence agencies cannot target Americans without a warrant because it would violate the Fourth Amendment.
Court review of intelligence collection, reports to Congress, and reviews by intelligence community inspectors general are all mechanisms intended to prevent 702 misuse, but critics point to past FBI failures.
In 2018, the Foreign Intelligence Surveillance Court (FISC) reported that the FBI had conducted thousands of queries for Americans’ data without proper justification.
In response, the FBI implemented remedial measures, including changing its query procedures and conducting internal audits. It also mandated harsher consequences for unauthorized queries by FBI employees.
The FISC acknowledged it was encouraged by the FBI’s reforms and concluded these efforts were consistent with the requirements of the 702 statute and the Fourth Amendment.
“It’s going to be constant learning and adapting to ensure that there’s a protection of American civil liberties,” said Josh Skule, former FBI executive assistant director of intelligence and now, the current president of Bow Wave LLC, a national security services company.
In April, the Office of the Director of National Intelligence released data showing that FBI searches of U.S. citizens’ electronic data under the warrantless surveillance program plunged significantly in 2022, after the FBI’s reforms were implemented. Searches dropped from more than 3.4 million in 2021, to just over 204,000 in 2022, a decline of nearly 94%.
FISA Section 702 origins
Section 702 was enacted by Congress in 2008 to update the 1978 Foreign Intelligence Surveillance Act, to address the advent of email and cell phones. Terrorists, the DNI points out, including those responsible for the 9/11 attacks, had email accounts serviced by U.S. providers, which meant that prior to 702, the government had to meet a probable-cause standard to obtain these communications.
The provision gives the government the authority to collect this information foreigners abroad without a warrant and authorizes targeted surveillance of non-U.S. persons believed to be outside of the U.S.
Jill Sanborn, strategic advisor and national security expert who served as the FBI’s executive assistant director for national security, said national security measures would look vastly different without this tool.
“I remember the world without 702,” Sanborn said. “If we don’t have this tool, the ability to protect the American people will decrease exponentially because we will not have a collection authority that allows intelligence officials to get ahead of the various foreign intelligence threats transiting the U.S. telecommunication infrastructure.”
Section 702 has contributed intelligence to high-priority missions, including the operation against al Qaeda leader Ayman al-Zawahiri in 2022, which disrupted planned terrorist attacks by al-Qaeda at home and abroad, according to the intelligence community.
And the statute also led to the takedown of Chinese hackers attempting to access U.S. critical infrastructure and uncovered plots by Iranian adversaries to kidnap and assassinate U.S. citizens and government officials.
Skule said only a handful of successful 702 examples are unclassified, but they demonstrate how vital the provision is in thwarting national security, cyber and counterintelligence threats.
“Look at Colonial Pipeline — are we ok with gas pumps on the East Coast shutting down repeatedly?” Skule said. “We don’t get to the investigative background on cases like that without 702.”
Sanborn agreed, saying the ability to connect dots and have an intelligence picture to help fend off or respond to intrusions like the Colonial Pipeline cyber attack would be nearly nonexistent without 702.
“Most people don’t realize that 702 doesn’t just help thwart terrorism and threats of violence, but it also allows intelligence agencies like the FBI to alert companies that their systems may have been compromised by a foreign adversary,” Sanborn said.
Some in Congress want more changes to 702
By the time Congress returns from its Thanksgiving recess, it will have about a month to act before the provision expires. Some lawmakers are calling for more changes to 702. A bipartisan group of senators and House members introduced a bill earlier this month that would reauthorize the provision for four years with significant changes, including requiring a warrant — with limited exceptions.
The exceptions include imminent threats, defensive cybersecurity purposes and locating and rescuing hostages.
“Our bill continues to give government agencies broad authority to collect information on threats at home and abroad, including the ability to act quickly in emergencies and settle up with the court later,” Democratic Sen. Ron Wyden of Oregon, one of the bill’s cosponsors, said in a statement. “But it creates much stronger protections for the privacy of law-abiding Americans, and restores the warrant protections that are at the heart of the Fourth Amendment.”
The lawmakers say the bill has the backing of dozens of civil society organizations, including the American Civil Liberties Union, which has supported allowing the law to expire without significant reforms and which sued unsuccessfully in 2013 to have the 702 provision declared unconstitutional.
“This legislation would address the countless abuses of Section 702 we have seen from the government, and it would ensure the protection of Americans’ Fourth Amendment rights,” Kia Hamadanchy, senior policy counsel at ACLU, said in a statement after the bill’s release.
At the worldwide threats hearing, Wray expressed concern about this approach. Requiring warrants would lead to a “de facto ban” of 702 authorities, he said, with query applications either failing to meet court approval or taking too much time to be approved.
A nation without Section 702
Despite the controversy, 702 reauthorization remains a top priority for government officials.
The President’s Intelligence Advisory Board (PIAB) assessed 702’s effectiveness and provided a set of recommendations for the president’s consideration.
The Board said that allowing Section 702 to lapse could lead to “one of the worst intelligence failures of our time” and also recommended measures to help restore trust in the tool, rather than eliminating it.
“No one is saying we shouldn’t have reforms or not fix things that need improvement,” Sanborn said. “What it comes down to is this: can the United States afford a self-inflicted intelligence failure? Because if Congress lets 702 lapse and it results in an attack or a significant foreign cyber intrusion on our soil, it will be self-inflicted.”