The FISA Reform and Reauthorization Act: A Wolf in Sheep’s Clothing
Elizabeth Goitein, Jake Laperruque, Chris Baumohl / Dec 12, 2023This week, Congress is set to vote on two different visions for the future of American surveillance. The House Judiciary Committee’s Protect Liberty and End Warrantless Surveillance Act (H.R. 6570) — which the groups we work for have endorsed and which passed out of committee by an overwhelmingly bipartisan 35-2 vote — would enact real, meaningful reform that protects us all from a growing ecosystem of warrantless surveillance practices.
Then there is the alternative. The House Permanent Select Committee on Intelligence (HPSCI) has its own bill, the FISA Reform and Reauthorization Act (H.R. 6611). Despite its name, the FISA Reform and Reauthorization Act is not a reform bill. It is an anti-reform bill in disguise. Not only does it fail to rein in warrantless surveillance of Americans under Section 702; it would actually expand surveillance in critical respects, effectively rewarding the FBI for years of misconduct—including improper “backdoor searches” of protesters, campaign donors, lawmakers, and journalists—and thus encouraging even more flagrant abuse in the future.
A Massive Expansion of Section 702
As noted by FISA Court amicus Marc Zwillinger, HPSCI’s bill would vastly expand the number and types of U.S. businesses who must assist the government in conducting Section 702 surveillance by expanding the definition of “electronic communication service provider” to include entities that do not even have access to communications. It is extremely rare for a FISA amicus to take to the airwaves in this manner, but Zwillinger felt compelled to issue an urgent warning. Per Zwillinger’s post, this new expanded definition:
“[w]ould vastly widen the scope of businesses, entities, and their affiliates who are eligible to be compelled to assist 702 surveillance. [The new definition] would appear to cover data centers, colocation providers, business landlords, shared workspaces, or even hotels where guests connect to the Internet. And the addition of the term “custodian” in (4) above could be understood to sweep in any third party involved in providing equipment, storage, or even cleaning services to such entities.
[...] The expanded definition would also effectively restore the broad assistance provision of Section 702’s predecessor, the Protect America Act, which Congress specifically rejected when it originally enacted Section 702 as part of the FISA Amendments Act. The new definition, when combined with NSA’s ability to conduct “upstream collection,” could give the government warrantless access to any communication system in America through which any one-side-foreign communication could be found.”
Section 504, by its plain terms, empowers the government to draft a dizzying range of US businesses into service. Establishments that merely offer Wi-Fi to its customers—such as hotels, libraries, even coffee shops—could be turned into surrogate spies and forced to give the government access to customers’ communications. The companies subject to this expanded definition may struggle against foreign competitors (that do not even access user data) if they’re forced to alter their systems to pull in and turn over customer records, a blow to America’s effort to maintain a strong global position in the tech sector.
Using Section 702 to Supercharge Suspicionless Surveillance of Immigrants
As if that expansion wasn’t enough, HPSCI’s bill also expands surveillance of immigrants by allowing dragnet suspicionless searches of Section 702 data for the communications of all people seeking to travel to the US, whether on student or work visas or as tourists and business travelers. People in no way suspected of wrongdoing should be able to vacation, study, or work in the US without exposing their private emails and text messages to government scrutiny. There are already plenty of vetting mechanisms in place to ensure that travelers to the US don’t pose a threat to national security. This is a needless expansion of surveillance of immigrants, selling out many of the same communities advocating for reform of government surveillance practices.
HPSCI’s Sham “Reforms”
Consistent with the other parts of the bill that resemble a wishlist for intelligence agencies, the HPSCI bill’s ostensible reforms to Section 702—in particular, those that supposedly respond to the persistent abuse of warrantless backdoor searches for Americans’ communications—virtually ensure that the abuses will continue.
The bill’s primary “reform” is a prohibition on “evidence-of-a-crime only” queries. The FBI categorizes all queries that have any foreign intelligence purpose whatsoever as “foreign intelligence” queries, even if the main purpose is to seek evidence of a crime. “Evidence-of-a-crime only” queries are thus vanishingly rare. In 2022, there were only 16 instances in which the FBI accessed Section 702 data as a result of “evidence-of-a-crime only” queries, and only two of these would have been prohibited by the bill (since 14 were related to litigation obligations, which the bill exempts).
Needless to say, this would have done nothing to prevent the most egregious abuses that have occurred. Queries for communications of Black Lives Matter protesters and tens of thousands of others involved in “civil unrest,” over 19,000 donors to a congressional campaign, members of Congress, and a local political party were all labeled “foreign intelligence” queries. And because the prohibition does not apply to the NSA or CIA, it obviously would not prevent known abuses like NSA agents’ queries for online dating prospects and potential tenants.
Other than this meaningless prohibition, Title I of the bill— misleadingly titled “Restriction of FBI Queries—would largely just codify the status quo. Its provisions mirror longstanding restrictions on the types of Section 702 data the FBI obtains from the NSA; prohibitions on discrimination that already exist in the Constitution; and changes the FBI made in 2021 and 2022 to its training, approval, data access, and accountability procedures.
But the status quo is unacceptable. Even with all of the above policies in place—including the recent changes in FBI procedures—agents are still committing several hundred violations every month, adding up to thousands of violations a year. These violations continue to include shocking abuses, such as searches for the communications of a US senator, a state senator, and a state court judge who reported a local police chief for civil rights violations.
***
Despite the well-documented pattern of abuse of Section 702 and significant bipartisan support for meaningful surveillance reform, the HPSCI bill seeks to reauthorize Section 702 until 2031 — entrenching and expanding this already sweeping and controversial surveillance program for nearly a decade without enacting any real reforms. In doing so, it effectively rewards intelligence agencies for bad behavior. We’ve had more than two decades of massive warrantless government surveillance programs run amok; we can’t afford another decade.