In mid-December 2023, only weeks before the sunset of its statutory authority, Congress tucked an extension of Section 702 of the Foreign Intelligence Surveillance Act (FISA) into the National Defense Authorization Act giving lawmakers until April 2024 to resolve their deep divisions over the future of America’s most important foreign intelligence collection program.
Four separate bills, two in the House and two in the Senate, have been introduced addressing the fate of Section 702. All of the bills would extend Section 702 collection authority, but the timing, terms, and conditions of those renewals vary dramatically, and the likelihood of congressional consensus remains uncertain.
The practices used to query the database of Section 702-acquired communications, particularly the practices of the FBI, are among the most important and most contentious issues affecting Section 702’s reauthorization. I have written previously (here and here) describing how the Section 702 collection program works. Foreign intelligence information is extracted by “querying” the database of Section 702-acquired communications. Querying is the process of using one or more search terms to find and retrieve that foreign intelligence information from the vast collection of communications stored in that database. Query terms can include a “United States person query term” which is a term “reasonably likely to identify one or more specific U.S. persons.” The Foreign Intelligence Surveillance Court (FISC) is required to approve as consistent with the Fourth Amendment the querying procedures used by each agency (NSA, CIA, FBI, and the NCTC) having access to Section 702-acquired information, and all four of those agencies’ querying procedures were approved in the FISC’s most recent Section 702 Opinion and Order issued in April 2023.
With the debate now moving into 2024, what follows is a discussion of the provisions representing some of the critical distinctions between the competing pieces of Section 702 legislation—and how those distinctions impact the flexibility and utility of Section 702 as an intelligence tool.
While two of the bills, the Government Surveillance and Reform Act of 2023 (GSRA) introduced in the Senate and sponsored there principally by Senators Ron Wyden and Mike Lee and the Protect Liberty and End Warrantless Surveillance Act of 2023 (PLEWS) voted out of the Jim Jordan-chaired House Judiciary Committee, address government surveillance issues extending well beyond FISA and the reauthorization of Section 702, this article focuses on the more significant provisions in those bills and on the legislative proposals issued by the two congressional intelligence committees that set the terms and conditions for a renewal of Section 702 collection. A summary of the principal provisions included in each of the four bills is included at the end of this article.
U.S. person queries
The most notable difference between the competing pieces of legislation lies in their approaches toward the use of U.S. person (USP) queries in searching the database of Section 702-acquired communications. It is these approaches that go to the heart of the current reauthorization controversy. Both the GSRA and the PLEWS prohibit the government from conducting USP queries without a probable cause warrant. Neither of the congressional intelligence committee proposals—the FISA Reform and Reauthorization of 2023 passed by the Senate Intelligence Committee nor the House version which bears the same title—includes a warrant requirement. Instead, they impose a series of compliance-oriented reforms mandating new training, documentation, and accountability procedures designed to ameliorate the well-documented failings in the FBI’s use of USP queries without impairing the utility and flexibility of the querying process. Notably, since the GSRA and the PLEWS separately forbid the FBI’s use of USP queries solely to find evidence of crime, their insistence on a warrant effectively applies only to USP queries made to retrieve foreign intelligence information—which is the raison d’être of the Section 702 collection program.
The warrant requirement proposed by the GSRA and PLEWS legislation spurns the findings of the President’s Intelligence Advisory Board (PIAB) that “U.S. person queries are necessary in order to identify foreign threats to the homeland” and imprudent restrictions will render the government “far less capable of identifying potentially harmful links between foreign threats and U.S. persons.” As the government has argued, the imposition of a warrant requirement as a prerequisite to using a USP query completely frustrates one the most significant intelligence attributes of Section 702 collection: the ability to access the database quickly and efficiently at the earliest investigative stages to evaluate the nature of the threat or emergency and ascertain whether the subject of the query is a victim or a participant. Expressed more bluntly by Jamil Jaffer and former Attorney General Michael Mukasey in The Wall Street Journal, the GSRA’s [and the PLEWS which has a warrant requirement mirroring the GSRA’s] proposed restrictions on querying the Section 702 database are “nonsensical and unduly burdensome.”
There have been suggestions that the tension surrounding the use of court orders with USP queries can be managed by conditioning the issuance of an order authorizing a USP query on a showing of less than probable cause. Indeed, the Privacy and Civil Liberties Oversight Board (PCLOB) issued a report on Section 702 in September 2023 recommending that Congress impose a court order mandate but predicate the issuance of an order on a showing that the query be reasonably likely to return foreign intelligence information. In practice, however, regardless of the legal standard applied, the debilitating effect of requiring a court order whenever a USP query term is used to find and extract foreign intelligence from the Section 702 database is starkly demonstrated by these numbers: in 2022, the FISC issued a total of 337 probable cause orders authorizing FISA Title I surveillance, while the NSA, CIA, FBI, and the NCTC ran more than 127,000 queries of the 702 database using USP query terms designed to find and extract foreign intelligence. Requiring the government to seek a court order for these 127,000 queries, regardless of the legal standard applied, would overwhelm the 11 members of the FISC and cripple the intelligence community’s ability to provide crucial intelligence to policy makers on a timely basis—a practical reality of which supporters of the GSRA and the PLEWS bills are assuredly aware.
The PCLOB Report presents its proposal as a policy recommendation precisely because, as the PCLOB’s chair has acknowledged, no court has ruled that querying as used in Section 702 is an event requiring a separate Fourth Amendment analysis. Indeed, the FISC, the court that addresses Section 702 issues with a regularity dwarfing all other federal courts combined, has rejected this argument on four separate occasions, most recently in its April 2023 opinion when it stated that it would “respectfully adhere to the view” that Fourth Amendment objectives are properly served “by examining the reasonableness of such procedures as a whole” rather than isolating the querying process for separate Fourth Amendment inquiry. To be clear, there is no constitutional requirement for the warrant mandate that the GSRA and the PLEWS demand. These two bills want to eliminate this critical intelligence capability without any articulated or apparent appreciation for the intelligence costs and consequences associated with such a “nonsensical” measure.
In contrast to the GSRA and PLEWS legislation, the bills introduced by the congressional intelligence committees take the more responsible approach of eliminating the FBI’s authority to conduct evidence of crime queries while adopting a compliance-based approach to foreign intelligence querying that mandates new training, documentation, and accountability requirements. For example, the House Intelligence Committee’s bill (“HPSCI bill”) codifies recent FBI policy changes that have curbed noncompliant USP queries and mandates that the Justice Department audit those FBI queries. The HPSCI bill also requires FBI supervisory or attorney approval for all USP queries while introducing personnel restrictions that serve to “reduce FBI personnel authorized to approve U.S. person queries by over 90 percent.” Similarly, the proposal from the Senate Intelligence Committee (“SSCI bill”) addresses FBI querying issues by imposing both additional compliance requirements and augmented reporting mandates.
As negotiations over Section 702’s reauthorization resume, the consortium of Section 702 privacy and civil liberties critics, and their allies in Congress, will be loath to surrender the demand for a court order for USP queries found in the GSRA and PLEWS bills. For years, these critics have fundraised using apocryphal allegations that the FBI exploits its querying authority as a domestic surveillance tool to spy on Americans while suggesting that the reauthorization of Section 702 represents “an existential fight over the U.S. government’s ability to spy on its own citizens.” I addressed the falsity of those accusations here, but these critics sense a unique opportunity to capitalize on the unusual political alignments in Congress to neuter Section 702 by imposing the warrant requirement they have long sought.
The better choice for preserving the indispensable utility of Section 702 as an intelligence tool lies in the paths chosen by the two intelligence committees. Coupling compliance reforms that already have been acknowledged by the FISC as producing improvements in FBI querying activities with reinforced accountability standards and reporting requirements is a resolution far preferable to saddling Section 702 with a warrant requirement that is practically unworkable, constitutionally unnecessary, and serves only to cripple the utility of an essential contributor to the nation’s security.
Other significant distinctions in the Section 702 bills
Both the GSRA and the PLEWS bills repeal the current statutory language that allows NSA to resume “abouts” collection in certain limited circumstances. “Abouts” collection arises in the “upstream” portion of Section 702 surveillance and refers to communications in which an individual is referenced but did not send or receive the communication. Only NSA conducts “upstream” collection, and NSA terminated “abouts” collection in 2017. Congress codified that termination in the FISA Amendments Reauthorization Act of 2017, which added that the government “may not intentionally acquire communications that contain a reference to, but are not to or from” an authorized target. However, the Act permits the resumption of “abouts” collection pursuant to a specific set of authorizations by the Attorney General, the Director of National Intelligence (DNI), and the FISC, with “written notice” to Congress.This permission has never been invoked.
Consequently, the proposed permanent ban on “abouts” collection contained within the GSRA and PLEWS bills seems superfluous and a bit myopic. When NSA ceased “abouts” collection in 2017, it cited “mission needs, current technological constraints, United States person privacy interests, and certain difficulties in implementation” as the reasons for its decision. Technological developments certainly make it plausible that both U.S. person privacy interests and implementation concerns might be resolved in a way that permits resuming “abouts” collection in a manner that adequately protects those U.S. person privacy interests. Given the impact on collection capabilities produced by the constant evolution in technology, permanently banning a collection activity of demonstrated intelligence value, when that capability might one day be employed in a manner consistent with both intelligence needs and U.S. person privacy interests, seems short-sighted.
“Reverse targeting” changes
Both the GSRA and PLEWS bills propose modifying the language in Section 702 that prevents the government from targeting a foreigner as pretext for acquiring the communications of a particular USP. Currently, the government may not “intentionally target a person reasonably believed to be located outside the United States if the purpose of such acquisition is to target a particular, known person reasonably believed to be in the United States.” This restriction stems from long-standing prohibitions on pretextual targeting that predate the passage of Section 702. As a practical matter, compliance with the reverse targeting prohibition has not been an issue in prior reauthorizations of Section 702—most likely because, as a matter of intelligence tradecraft, reverse targeting makes little sense since intelligence officers interested in a person in the United States will have a natural inclination to seek a court order providing access to all that target’s communications rather than the limited subset that might be acquired through reverse targeting. The semiannual compliance assessments for Section 702 required by FISA have noted “the extreme rarity of reverse targeting incidents,” but the GSRA and PLEWS bills seek to change the restrictive statutory language from barring targeting where the “purpose” is to target a particular known person in the United States to where a “significant purpose” is to target a particular known person in the United States.
The proposed change is alarmingly misguided because a fundamental reason for Section 702 is to facilitate the ability to ascertain whether foreign terrorists or intelligence services are communicating and plotting with persons in the United States. In such circumstances, a valuable and admittedly significant purpose of Section 702 collection includes acquiring communications between foreign targets and those persons in the United States with whom these foreign targets are communicating. Recognizing the importance of this collection, Congress, in passing Section 702, rejected precisely the “significant purpose” language now being exhumed and repackaged in the GSRA and PLEWS bills. Importantly, this language is not limited to protecting communications to USPs; instead, the change would also prohibit surveillance where a significant purpose is to obtain the communications of foreign actors in which they identify their U.S. accomplices. Consequently, if this change becomes law, Section 702 could no longer be used to target Russian and Chinese intelligence actors overseas to see if they are talking to their contacts in the United States. Approving the language modification proposed in the GSRA and PLEWS bills would needlessly and dangerously close an invaluable window that Section 702 provides to protect the nation against a panoply of dangers including terrorism, espionage, nuclear proliferation, and cyberattacks.
Revising the definition of “electronic communication service provider”
The HPSCI bill (and only the HPSCI bill) proposes to expand the definition of “electronic communication service provider” (ECSP) to include “any service provider who has access to wire or electronic communications either as such communications are transmitted or as such communications are stored or equipment that is being or may be used to transmit or store such communications.” Simultaneously, the definition adds “custodian” to those falling within the statute’s ambit.
The HPSCI has offered little to explain what prompts the revision beyond accounting for “technological changes” in transmitting and storing certain wire and electronic communications. This narrow legislative intent is likely prompted by a Foreign Intelligence Surveillance Court of Review (FISCR) decision inviting an update “by the branches of government whose competence and constitutional authority extend to statutory revision” to that part of the ECSP definition that had been written in 1986. The HPSCI ECSP amendment appears to do no more than provide that update.
Whatever the HPSCI’s intentions, however, Section 702 critics have responded by vociferously labeling the ECSP change a “Trojan horse” that “sneaks in a stunning expansion of FISA 702 surveillance powers.” While this mimics the hyperbole of labeling Section 702 a “domestic surveillance tool,” it plays into the hands of all those who proselytize about surveillance by the “deep state.” Unless the government can bring added transparency to Congress and the public on the need for this ECSP definitional change, this particular provision may not survive the reauthorization process.
Additional FISC supervision of Section 702 directives
Once the FISC approves a Section 702 acquisition, the Attorney General and the DNI may direct an ECSP to provide the information, facilities, and technical assistance necessary to accomplish the acquisition. In return, the ECSP is compensated for its services at prevailing commercial rates and afforded immunity from any legal liability predicated on the assistance provided. An ECSP may challenge a directive by petitioning the FISC.
Section 106 of the GSRA requires the government to demonstrate to the FISC that the ECSP’s requested technical assistance is “necessary, narrowly tailored to the surveillance at issue, and would not pose an undue burden on the [ECSP] or its customers.” This standard will require the FISC to immerse itself in the details of modern communications technology to assure that the assistance sought by the government from the ECSP is, in fact, “necessary, narrowly tailored to the surveillance at issue, and does not pose an undue burden to the ECSP and its customers.” The delay and expense precipitated by this mandate will only serve to further burden the FISC and impair the flexibility and timeliness that is essential to Section 702’s value as an intelligence tool. There is no documented need for this “reform.”
Restrictions on use of Section 702-acquired information
The PLEWS bill assembled by the House Judiciary Committee inexplicably circumscribes the use in criminal, civil, or administrative proceedings of Section 702-acquired information retrieved from the Section 702 database that is of or about a USP. The communications in the Section 702 database are lawfully acquired pursuant to FISC-approved certifications so there is no logical reason to restrict the use of information extracted from that database pursuant to lawful queries. Nonetheless, the PLEWS bill limits the use of Section 702-acquired information to seven categories of crimes (terrorism, actions necessitating counterintelligence, proliferation of weapons of mass destruction, a cyber security attack from a foreign country, an attack against U.S. armed forces, incapacitation of critical infrastructure, and international narcotics trafficking) while inexplicably ignoring other serious crimes with international or national security implications like export control violations and human trafficking. There is no logical basis for restricting the use of lawfully acquired Section 702 communications to only those proceedings involving the limited set of crimes identified in the PLEWS bill.
A “back door” repeal of Section 702?
The House Judiciary Bill is deeply flawed legislation on multiple levels —a bill that HPSCI member Rep. Brian Fitzpatrick has said “essentially abolishes” the Section 702 authority. Benjamin Wittes of the Brookings Institution agrees, writing that “[t]he House Judiciary Committee’s reauthorization would be reauthorization in name only. It’s a repeal of one of the nation’s key intelligence authorities.” As Wittes observes, “[t]he Judiciary Committee bill would be a disaster for the effectiveness of the intelligence community’s effectiveness on everything from counterterrorism to counterespionage against major near-peer adversaries like Russia and China.” Section 21(d) of the bill purports to list all of the authorities in FISA that constitute the “exclusive means by which any information, records, data, or tangible things are acquired for foreign intelligence purposes from a person or entity located in the United States.” Conspicuously absent from the list of referenced statutory FISA authorities is Section 702. Whether this is a drafting error resulting from last minute efforts to push the Judiciary bill to the House floor or indicative of the broader impediments the bill purposefully poses to the effectiveness of Section 702, it represents a paradigm of the Judiciary bill’s failings as a reasonable and responsible effort to “reform” Section 702.
While Congress has extended Section 702’s sunset until April 19, 2024, prudence suggests that the administration and Section 702 supporters in Congress will attempt to finalize reauthorization well in advance of that next deadline. For the reasons noted, the bills advanced by the congressional intelligence committees offer the most promising proposals for a reauthorization that preserves the agility of the Section 702 program as an intelligence collection tool while adding the compliance, accountability, and reporting measures needed to protect the privacy and civil liberties of Americans.
Opponents of Section 702, however, see a singular opportunity to have their long-time agenda for Section 702 “reform” enacted regardless of the deleterious impact those reforms would have on the national security value of this intelligence program. With the privacy and civil liberties lobby that has historically opposed Section 702 now complemented by a conservative political faction that views the FBI as the principal instrument of a “weaponized” national security and justice system, Section 702’s viability is in greater danger than at any time since it was first passed into law in 2008.
The privacy and civil liberties advocates for whom opposition to Section 702 serves as a major fundraising tool have pilloried the Section 702 bills introduced by the congressional intelligence committees while describing the GSRA as the “(Almost) North Star” and the PLEWS legislation as “The Good” in assessing the value of the pending legislative proposals. Unsurprisingly, the commentaries offered by long-time Section 702 opponents in support of the GSRA and the PLEWS bills are devoid of any analysis or discussion of how the Section 702 restrictions they favor in those bills impact the value and utility of Section 702 as an intelligence tool. Any prudent assessment of these competing legislative proposals, however, cannot ignore that nearly 60% of the information appearing in the President’s Daily Brief is derived, at least in part, from lawfully acquired Section 702 information obtained by targeting foreigners located outside of the United States. Moreover, in the first half of 2023, 97% of the FBI’s raw technical reporting on malicious cyber actors, and 92% of FBI reporting on emerging technologies, such as artificial intelligence, came from Section 702 acquisitions. These contributions complement Section 702’s irreplaceable role in combatting terrorism, arms proliferation, and counterespionage against Russia, China, North Korea, and Iran. Notably, the supporters of the GSRA and PLEWS bills repeatedly tout the virtues of these legislative proposals in terms that ignore any acknowledgement of the national security deficits produced by the ill-considered restrictions advanced in those bills.
Logic, reason, and responsibility demand a legislative resolution that protects the rights of USPs through reasonable compliance, accountability, and reporting requirements while preserving the singular flexibility and agility that Section 702 affords as an intelligence tool. The bills introduced by the congressional intelligence committees offer the surest path to achieving this objective.
SUMMARY OF SIGNIFICANT FEATURES OF FISA SECTION 702 BILLS
|GSRA of 2023
|House Judiciary Bill
|Court Order for USP Queries
|Yes – Section 101 contains a general prohibition on USP queries except for (1) “concurrent authorization” (subject of query already is covered by a FISA Title I order or warrant issued pursuant to FRCrP), (2) consent, (3) emergency situations, and (4) certain “defensive cybersecurity queries.”
|Yes – Section 2 contains provisions mirroring those in the GSRA generally prohibiting USP queries with certain limited exceptions.
|Prohibition of Queries for Evidence of Crime
|Yes – Sections 101 and 108 permit only queries reasonably likely to retrieve foreign intelligence. Exceptions are provided for, inter alia, consent and emergencies involving threat to life or risk of serious bodily harm.
|Yes – Section 102 excepting queries (1) reasonably believed to assist in mitigating or eliminating a threat to life or serious bodily harm or (2) necessary to preserve evidence in litigation or fulfill discovery obligations.
|Yes – Section 101 revokes FBI authority to conduct queries unrelated to national security excepting queries (1) reasonably believed to assist in mitigating or eliminating a threat to life or serious bodily harm, or (2) necessary to preserve evidence in litigation or fulfill discovery obligations.
|Yes – Section 2 permits only those queries reasonably likely to retrieve foreign intelligence information.
|Repeal on Abouts Collection
|Yes –- Section 103.
|Yes – Section 4.
|Modification of Reverse Targeting Language
|Yes – Section 104 extends prohibition on “intentional” reverse targeting to include acquisition where a “significant purpose” is to reverse target.
|Yes – Section 23 prohibits targeting where a “significant purpose” of the acquisition is to acquire the information of one or more USPs reasonably believed to be located in the United States.
|Modifies Limitation found in §702(b)(4)
|Yes – Section 107. Revision from sender and all recipients “known” to be in U.S. to “reasonably believed” to be in the U.S. at time of acquisition.
|FISC Supervision of 702 Directives
|Yes – Section 106 mandates FISC review to ensure technical assistance is necessary and narrowly tailored to the surveillance at issue.
|Changes in Section 706 Relating to Use of 702-Derived Information
|Yes – Sections 106 and 210 (including abolition of state secrets privilege in evidentiary matters under FISA §706.
|Yes – Section 3 limits use of Section 702-acquired information in criminal, civil, and administrative proceedings.
|Modifies Definition of ECSP
|Yes. Section 504 broadens definition of ECSP.
|Addresses Requirements Relating to FBI Querying
|Yes – Section 101 requires electronic record documenting, inter alia, that query is reasonably likely to retrieve foreign intelligence information and that query is made pursuant to limited exceptions to the prohibition of USP queries.
|Yes – Section 103 includes requirements relating to (1) training of personnel with access to Section 702-acquired information, (2) requiring affirmative opt-in to systems containing Section 702 information or configuration designed to prevent inadvertent queries, (3) require approval from FBI attorney for batch queries, (4) requiring approval for queries related to sensitive inquiries, and (5) requiring a written statement of the specific factual basis supporting the query.
|Yes – Section 102 provides that, with limited exceptions, FBI personnel must obtain prior legal or supervisory approval before conducting a query using a USP query term. Section 105 includes additional training and prior approval requirements for FBI querying.
|Yes – Section 105 adds restrictions relating to certain queries conducted by the FBI. Section 106 forbids participation by “political appointees” in process of approving FBI queries. Section 108 limits FBI systems to ingesting Section 702 information unless relevant to a targeted person in an existing, open, fully predicated national security investigation. Section 110 bars USP queries in connection with certain prohibited purposes.
|Requires Accountability Procedures for the FBI
|Yes – Section 210 proposes adding §1002 specifying “Accountability Procedures for Violations by Federal Employees.”
|Yes – Section 103.
|Yes – Section 107 requires adoption of certain “minimum” accountability standards. Section 506 specifies “accountability measures for executive leadership of the FBI.”
|Yes – Section 16 includes “Accountability Procedures for Incidents Relating to Queries Conducted by the FBI.”
|Increased Oversight of Activities Involving Members of Congress
|No specific provision addressing activities involving members of Congress.
|Yes – Section 105.
|Yes – Section 103. FBI must notify “appropriate congressional leadership” (defined in the statute) of any query using a term reasonably believed to identify a member of Congress.
|Yes – Section 105 requires additional prior approvals for “sensitive” queries.
|Exception for Consensual USP Queries
|Travel Vetting of Non-USPs
|Yes – Section 107.
|Yes – Section 505.
|Restrictions on Retention of Section 702-Acquired Data
|Yes – Section 105. Five years for “Covered Information” as defined unless exempted by the Attorney General.
|Protection of USP Records Held by Data Brokers
|Yes – Section 508.
|Yes – Section 18.
George W. Croner was the principal litigation counsel in the Office of General Counsel at the National Security Agency (NSA). He is a senior fellow at the Foreign Policy Research Institute (FPRI) in its national security program and a member of CERL’s Advisory Council. You can follow him on Twitter (@GeorgeCroner) and find a list of his publications at FPRI.org.