What would you do if you had to vote in Congress on a crucial national security program, when you also knew that the FBI had systematically ignored privacy safeguards in the program for years? That was the choice that Congress faced in April, when it ultimately decided to reauthorize Section 702 of the Foreign Intelligence Surveillance Act, known as FISA.
Section 702 originally became law in 2008, when a great deal of previously "foreign" surveillance had shifted to the United States. In the old days, the National Security Agency carried out its communications surveillance overseas, such as keeping an eye on China or the Soviet Union. By 2008, however, the most important national security surveillance was often obtained within the U.S., such as when emails came through the United States as part of internet traffic.
Section 702 addressed this mix of foreign and domestic data gathering. Under court-approved procedures, it allows the government to gather communications, but only where the target of the surveillance is a foreign person who is outside of the U.S. Although no court approval is needed when the NSA intercepts communications overseas, Section 702 requires court-approved safeguards when the information gathering occurs in the U.S.
Privacy violations
NSA surveillance triggered headlines in 2013 when the revelations by former agency contractor Edward Snowden showed that the amount and type of government surveillance had grown far beyond what even experts realized after the terrorist attacks of Sept. 11, 2001. I was honored to be named by President Barack Obama to a special Review Group on Intelligence and Communications Technologies in 2013 to propose surveillance reforms. Our report was one of the sources for the USA Freedom Act of 2015, the biggest set of privacy reforms for surveillance since FISA was created in 1978.
Even after these reforms, however, two types of problems cast doubt on how the FBI in particular was using its FISA authorities. First, the FBI was not following the procedures required by the courts for accessing information about Americans in the Section 702 databases. As a result, the FBI conducted over 3 million searches of Americans' email and other records in 2021. After a public furor and changed policies, that number dropped to 119,383 in 2022.
Second, during the 2016 campaign, the FBI began an investigation into whether people associated with the Trump campaign were coordinating activities with the government of Russia, as part of what became known as the Crossfire Hurricane investigation. Although the Department of Justice Inspector General Michael Horowitz found "no evidence that the FBI consulted" with any political officials in opening its investigation, he found significant violations in FISA applications. These included submitting legal documents to judges with allegations that the FBI knew were incorrect. Horowitz also found that the incident highlighted the weakness of existing rules against a politically motivated investigation.
Renewal debate
The FISA 702 authority was set to expire at the end of 2023, but Congress extended the authority until April 19, 2024. Perhaps the biggest controversy was whether access to Americans' data in the 702 databases should be available only with a warrant issued by a judge, upon showing probable cause. Privacy advocates argued that such a warrant requirement would protect Americans' constitutional rights, while the government said the requirement would be unworkable in practice.
The Privacy and Civil Liberties Oversight Board, an independent executive branch agency that makes nonbinding recommendations about privacy and civil liberties aspects of national security, split 3-2 in favor of requiring such a warrant.
In the House of Representatives, the motion to require a warrant resulted in a tie vote, falling short of the simple majority it needed to pass. The House eventually did reauthorize the FISA 702 program, by a vote of 273-14, but only for two years rather than the longer period sought by the administration. Soon after, as the deadline approached, the Senate approved the same law, 60-34.
Although the warrant requirement did not pass, the law included reforms that supporters said would address the flaws in the FBI's previous actions. House Speaker Mike Johnson published a list of 56 key reforms to make FISA more protective of privacy. Some of the reforms created new safeguards to limit the FBI's ability to query the 702 databases about Americans. Others created new rules to trigger congressional and senior administration scrutiny for sensitive investigations such as those affecting political officials.
Renewal fight, Round 2
Privacy advocates, however, have been far from satisfied with the new amendments to FISA. For instance, the Electronic Privacy Information Center, the Brennan Center for Justice and FreedomWorks issued a paper stating: "Making 56 ineffective tweaks to a fundamentally broken law is not reforming it."
These sharply conflicting viewpoints put members of Congress into a difficult spot. Many felt that the FBI deserved stricter measures to hold it accountable for its serious legal violations. I share that concern. On the other hand, I have had the opportunity during the presidential review group process to learn how Section 702 is used to protect the national security of our country. In a statistic I find credible, 60% of the president's daily intelligence briefings in 2023 contained Section 702 information reported by the NSA.
The result, for now, is that Section 702 is due to expire in April 2026. Congress will once again confront a genuinely difficult challenge: how to protect U.S. national security while also upholding Americans' privacy and the rule of law.