Each year, the U.S. government conducts thousands of warrantless searches of Americans’ emails, text messages, and phone calls under Section 702 of the Foreign Intelligence Surveillance Act (FISA). Enacted in 2008, the law was intended to facilitate surveillance of suspected foreign terrorists by making it easier for the government to collect the communications of non-U.S. persons located abroad. While it accomplished that goal, it also provided the government with a rich source of warrantless access to Americans’ communications, causing the authority to become deeply controversial.  

In the coming days, Congress will vote on reauthorization of Section 702. Opponents of reform claim that changes made to the law during the 2024 reauthorization process have sufficiently addressed concerns with Section 702. In fact, developments since 2024—including new case law, continued compliance challenges, weakened oversight, and an administration intent on maximizing its access to U.S. persons’ data—only heighten the need for reforms. Congress should not reauthorize Section 702 without protecting Americans from warrantless government access to their private communications and sensitive data. 

Background on Section 702

Section 702 authorizes the U.S. government to target any non-U.S. person overseas that it reasonably believes will possess, receive, or communicate foreign intelligence—broadly defined to include “information related to . . . the conduct of the foreign affairs of the United States”—and collect all of their communications without obtaining an individualized court order.  

The central premise of the warrantless surveillance authorized by Section 702 is that it targets foreigners, not Americans. But because Americans communicate with foreigners, surveillance under Section 702 inevitably sweeps in Americans’ phone calls, emails, and text messages, too. And because foreign targets need not be suspected of any malign activity, Americans’ communications with them can be entirely innocent. As the Privacy and Civil Liberties Oversight Board (PCLOB) observed in its 2023 report, “ordinary Americans may be in contact with Section 702 targets for business or personal reasons even if the Americans have no connection to, or reason to suspect, any wrongdoing by their foreign contacts and even when the government has no reason to believe the target has violated any U.S. law or engaged in any wrongdoing.” 

If the government’s intent were to collect those Americans’ private communications, it would have to obtain a warrant for a criminal investigation or a FISA Title I order for a foreign intelligence investigation. Accordingly, to prevent Section 702 from being used to get around the Fourth Amendment and FISA, Congress required from the outset that the government “minimize” the retention and use of Americans’ communications that are swept up in the surveillance, and certify to the FISA Court on an annual basis that it is not using Section 702 to target Americans for surveillance. 

Despite these nominal protections, every agency with access to raw Section 702 data routinely searches through that data to find Americans’ phone calls, text messages, and emails. The FBI, CIA, NSA, and National Counterterrorism Center conduct thousands of these warrantless “backdoor searches,” which the government calls “U.S. person queries,” each year. Government officials have acknowledged that FBI agents generally conduct these searches at the very earliest stages of an investigation, when they may have little information about the potential threat they are investigating, let alone probable cause to suspect the subject of the search.  

Worse still, these agencies, and the FBI in particular, have a track record of violating the modest statutory and court-ordered limits placed on these searches. Abuses in recent years have included baseless or improper searches for protesters across the political spectrum; members of Congress; a congressional chief of staff; a state court judge who contacted the FBI to report civil rights violations by a local police chief; multiple U.S. government officials, journalists, and political commentators; and 19,000 donors to a political campaign. NSA agents have conducted backdoor searches directed at women on dating apps and a rental property tenant. In short, the government’s warrantless access to Americans’ communications under Section 702 has resulted in pervasive abuse, threatening Americans’ privacy, civil liberties, and even personal safety. 

Background on third-party data brokers 

In recent years, the periodic debate over reauthorization of Section 702 has expanded to address another source of warrantless access to Americans’ sensitive information: the government’s purchase of such information from third-party commercial data brokers. By gathering up the trail of data Americans leave behind in daily digital life, data brokers can compile and sell large volumes of highly revealing information, including geolocation data, communications metadata, and internet browsing history. The government has been an eager customer for this sort of data. 

In some cases, this practice—like backdoor searches—circumvents Fourth Amendment protections. In 2018, the Supreme Court held that the government needs a warrant to obtain cell phone location records because they can paint a detailed picture of Americans’ private lives. Government lawyers, however, interpret this ruling to apply only when the government compels a company to disclose the records, not when a company willingly sells the information. Federal agencies are thus buying up massive databases of Americans’ cell phone location information without any legal process whatsoever. 

 The use of data brokers also circumvents statutory privacy protections. For instance, the Electronic Communications Privacy Act prohibits phone and internet companies from selling sensitive customer data to government agencies. But the law does not address digital data brokers because they barely existed in 1986, when the law was passed. Companies that are barred from selling data to the government can thus sell to data brokers instead, and those brokers can sell the same data to the government. The data is effectively laundered through a middleman. 

The 2024 Section 702 reauthorization 

When Section 702 came up for reauthorization in 2023-2024, bipartisan sponsors introduced bills to address the harms stemming from both backdoor searches under Section 702 and data purchases. While they varied in their details, all of these bills included a warrant requirement for backdoor searches and limited law enforcement and intelligence agencies’ ability to purchase Americans’ sensitive data. 

Under the warrant requirement proposal, the government would need to obtain a warrant or FISA Title I order to access U.S. persons’ communications collected under Section 702. The proposal includes exceptions designed to accommodate legitimate security needs: No court order would be required in an emergency; if the subject of the search provided consent (e.g., where the purpose of the search is to identify potential victims); or where the search is designed to identify the targets of a cyberattack. The court order requirement would apply only when the government seeks to access the contents of a communication, meaning the government would be permitted to see whether the information for a particular U.S. person actually appears within the Section 702-collected data before applying for a court order. 

The 2024 reform bills also included language to close the data broker loophole by limiting law enforcement and intelligence agencies’ ability to purchase certain categories of sensitive information—such as geolocation information and communications metadata—while preserving agencies’ ability to obtain the information using a warrant, court order, or subpoena, as provided by law. 

Instead of advancing one of the reform bills, Congress passed the Reforming Intelligence and Securing America Act (RISAA). The bill was drafted by longtime opponents of Section 702 reform when it became clear that lawmakers would not pass a straight reauthorization. Most of the bill’s reforms relating to backdoors searches—for instance, requiring FBI agents to “opt in” to receiving Section 702 data in response to queries of federated databases, rather than “opting out”—merely codified internal agency procedures that had already proven insufficient to curb abuse. Most importantly, it did not include a warrant requirement for backdoor searches and did nothing to address data purchases. 

The Reforming Intelligence and Securing America Act failed to solve the problem and is being systemically violated

As another Section 702 reauthorization vote approaches, opponents of reform are claiming that RISAA solved the backdoor search problem. They cite a reduction in the reported number of these searches conducted by the FBI, as well as improved compliance with internal agency procedures. In fact, the number of backdoor searches and the overall compliance rate since RISAA are unknown because the FBI has failed to track, and DOJ has failed to audit, any U.S. person queries conducted using “filtering” tools—itself a systemic violation of RISAA’s requirements. 

In August 2024, Department of Justice overseers discovered that the FBI had been quietly using a querying tool known as an “advanced filter function.” Although the functionality enabled users to search for U.S. persons’ communications—prompting DOJ to conclude that searches using the tool constituted queries—the FBI inexplicably did not consider these searches to be queries. As a result, the government has acknowledged that FBI agents likely did not follow any of RISAA’s procedural requirements for searches of Americans’ communications when using the tool, such as tracking U.S. person queries, recording their reasons for performing them, or obtaining the required attorney or supervisory approvals. Nor did DOJ conduct the statutorily required audit. DOJ took months to shut down use of the tool and did so at an unknown date in “early 2025.”  

In March 2026, however, the FISA Court concluded that the issue reportedly fixed in 2025 remains unresolved—and extends beyond the FBI. Although the opinion itself is classified, The New York Times reported that the use of “filtering” tools to perform queries of Americans’ information is an issue “across the intelligence community.” Moreover, while the FBI discontinued use of the particular querying tool discovered in August 2024, the Bureau is reportedly using “another tool” with the same functionality—and this time, under a different administration, the FBI seemingly has DOJ’s blessing.  

Because any U.S. person queries conducted using these filtering tools were not tracked, counted, or audited, data on the number of U.S. person queries and the overall compliance rate for 2024 and 2025 is incomplete. Moreover, use of these tools itself represents a major compliance issue. The systemic violation of RISAA’s requirements enabled by these tools, on its own, makes clear that the law did not solve the FBI’s compliance problems. And because DOJ did not audit these queries, there is simply no way to know the extent or nature of any improper or baseless searches for the communications of U.S. persons that might have occurred since RISAA’s enactment.  

The increased need for reform 

Far from reducing the need for reform, events since RISAA’s passage in spring 2024 have only underscored it.  

In late 2024, a district court struck down backdoor searches the FBI had conducted under Section 702 as unconstitutional. The ruling followed a 2019 opinion by a three-judge panel of the Second Circuit Court of Appeals, which had unanimously rejected the longstanding position of the FISA Court that backdoor searches do not constitute separate Fourth Amendment events from the initial warrantless collection. The Fourth Amendment demands that the government either obtain a warrant or cite an applicable exception to the warrant requirement in order to conduct a search. The district court, applying this test, found that the searches in that case did not qualify for any exception and thus violated the Fourth Amendment. Although that decision applies only to the searches at issue in the case, it confirms what advocates have long argued: Backdoor searches are constitutionally unsound.   

Internal checks, at their strongest, cannot replace the constitutional safeguard of judicial approval. And internal checks today are much weaker than they were in 2024, as the current administration has gutted the core executive branch oversight mechanisms for Section 702. The Director of the FBI dismantled the Bureau’s Office of Internal Auditing, which was established in 2020 to improve compliance with Section 702. The administration has apparently cowed the DOJ’s Office of the Inspector General into inactivity. And President Trump fired all three Democratic appointees on the five-member PCLOB, undermining its independence and depriving it of the quorum necessary to perform core functions, such as opening new projects or expanding existing ones, obtaining cooperation from agency heads, and issuing reports in the name of the Board.  

Weakened internal oversight also undermines the FISA Court and Congress’s oversight, which relies entirely on cooperation by the executive branch. Because neither Congress nor the FISA Court is able to directly monitor backdoor searches, they are wholly dependent on DOJ and other agencies that receive Section 702 data to conduct rigorous audits and to report those results promptly, fully, and accurately. Congress can trust its own ability to oversee Section 702 only as much as it trusts the entities responsible for reporting abuse. That is sobering, given that dozens of courts across the country have admonished this administration for providing inaccurate, incomplete, or misleading information in a variety of cases.  

In addition, RISAA itself created a new and urgent need for reform through a provision that vastly expanded the government’s Section 702 surveillance authority. The government conducts Section 702 surveillance with the compelled assistance of electronic communications service providers (ECSPs)—such as telecommunications carriers and internet service providers—generally by requiring them to turn over the communications of targets identified by the government. RISAA included a provision that was intended to expand the ECSP definition to include one particular type of company—reportedly, a data center for cloud computing. But the type of company was (and remains) classified, so the provision was deliberately written in broad language to obscure the type of company at issue. 

The unintended consequence of this intentional overbreadth is that the provision gives the NSA access to the communications equipment of almost every U.S. business or organization, creating enormous potential for abuse. The then-chairman of the U.S. Senate Select Committee on Intelligence promised to fix the provision in future legislation, but Congress has yet to vote on that fix—leaving the dangerously overbroad provision in effect. While the Biden administration committed to applying the definition only to the type of provider the change was intended to cover, that commitment does not bind the current administration. Such a breathtaking expansion of Section 702 surveillance authority in an environment of weakened oversight and accountability makes reforms to protect U.S. persons even more imperative. 

The heightened threat to privacy and civil liberties is not unique to Section 702. The current administration has made no secret of its aim to amass data on Americans and share it widely within the intelligence community. This includes surveilling protestors and those perceived to be opposed to the administration’s agenda. Purchased data is a ripe tool for furthering that goal. Indeed, both the FBI and ICE have reportedly resumed purchasing commercial location data after halting the practice in 2023 and 2024, respectively. In recent months, ICE reportedly purchased access to a database with commercial location data acquired from hundreds of millions of phones that allows agents to track phones within a designated area. 

The Department of Defense’s public demands that artificial intelligence companies allow use of their tools on purchased data make clear that the administration is either currently using AI in connection with purchased data or intends to do so. Use of AI to harvest and analyze purchased data would allow the government to piece together Americans’ movements, associations, and habits at an unprecedented scale to create a comprehensive picture of their private lives. This looming dystopian threat makes the need to limit government data purchases even more critical.  

Conclusion 

Since 2024, the need to protect Americans from warrantless government surveillance has only intensified. The reauthorization of Section 702 presents Congress with a choice: facilitate continued warrantless access to Americans’ private communications and sensitive data or enact much needed protections for Americans’ privacy.  

Elizabeth (Liza) Goitein is senior director of the Brennan Center’s Liberty and National Security Program. Before coming to the Brennan Center, Ms. Goitein served as counsel to Senator Feingold, Chairman of the Constitution Subcommittee of the Senate Judiciary Committee. Previously, Ms. Goitein was a trial attorney in the Federal Programs Branch of the Civil Division of the Department of Justice. Her full bio can be found here.

Hannah James is counsel in the Brennan Center’s Liberty and National Security Program, where she focuses on presidential emergency powers and government surveillance. Prior to joining the Brennan Center, she served as a legal fellow with the Center for Justice and Accountability. Her full bio can be found here. 

Image: Yingyaipumi / stock.adobe.com