FISA Section 702 Reauthorized for Two Years
The Senate’s passage of H.R. 7888 came as some providers threatened to stop cooperating in the event of a lapse.
Published by The Lawfare Institute
in Cooperation With
The late April reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA) closed a tumultuous debate over the future of the controversial surveillance provision. In the wee hours of April 20, just after the authority had technically lapsed, the Senate voted 60-34 to approve the Reforming Intelligence and Securing America Act (H.R. 7888), which the president then “swiftly” signed into law. The House had passed the bill earlier that same week. Senators mirrored their House counterparts in rejecting an amendment that would have added a warrant requirement for U.S. person queries under Section 702. Although Congress will revisit Section 702 in two years, Senate leaders may take a closer look at a controversial provision in the proposal that expanded the definition of an “electronic communication service provider” (ECSP) in the coming months.
The immediate lead-up to the Senate vote featured confusion and heated discussion around a provision that expanded the types of carriers whose assistance the government can compel in carrying out Section 702 surveillance. H.R. 7888 defined a covered electronic communication service provider as “any other service provider who has access to equipment that is being or may be used to transmit or store wire or electronic communications.”
Privacy experts and civil libertarians followed this change with alarm when it appeared in a bill from the House Select Permanent Committee on Intelligence in December 2023. Tweaks to the final language—intended to exclude from this definition establishments like restaurants, hotels, dwellings, and libraries—did not satisfy their concerns that a broad reading of the new definition would allow the government to sweep up domestic communications held by a wide variety of U.S. businesses.
Lawmakers were tight-lipped about the rationale for change, stoking these suspicions. In mid-April, the New York Times reported the government sought the updated definition after losing a previous legal dispute over whether it could secure the cooperation of a cloud computing data center under Section 702. The Foreign Intelligence Surveillance Court (FISC), discussing the case in a partially redacted opinion from 2022, invited Congress to consider updating the definition.
The House ultimately approved the updated definition in an amendment to H.R. 7888. But the ECSP firestorm merely accompanied the bill on its journey to the upper chamber. Sen. Ron Wyden (D-Ill.) called the new provisions one of “the most dramatic and terrifying expansions of government surveillance authority in history.”
The Biden administration strongly pushed back against concerns of ubiquitous surveillance. On April 17, three days before the Senate vote, the Justice Department reiterated that the change was a “technical modification” made “in consequence of internet technology changing in the 15 years since FISA 702 was passed.” The department also assessed it would be unlawful “to use the modified definition of ECSP to target any entity inside the United States” or “to target the communications of any person inside the United States.” These attestations matched a Justice Department fact sheet sent to Senate offices, as reported by Politico.
The Senate’s consideration of H.R. 7888 then took on greater urgency after reports emerged that some carriers had threatened to stop complying with Section 702 orders if the authority lapsed. Because the Justice Department obtains court approval to conduct surveillance under Section 702 on an annual basis, there was some thought that the government could legally continue the collection even if Congress did not reauthorize the program by the statutory expiration date of April 19.
In early April, the Justice Department noted that just-approved certifications from the FISC would ordinarily provide the legal basis for compelling firms to cooperate into 2025. Nevertheless, in the same letter, the Justice Department predicted that some providers would “stop or reduce cooperation with the legal process they receive” absent congressional action.
This dynamic previously played out when FISA authorities in the Protect America Act temporarily lapsed in 2008. Then-Attorney General Michael Mukasey and then-Director of National Intelligence Mike McConnell, with some apparent frustration, described at the time how the ensuing legal uncertainty prompted some firms to cease cooperation, while other firms “expressed deep misgivings” about continuing to cooperate. The prospect of this history repeating itself in 2024—and creating a similar gap in intelligence collection—added pressure for the Senate to quickly pass the bill.
The Senate’s cross-cutting ideological divides made early vote predictions tricky. On one side of the debate were Senate Intelligence Committee Chairman Mark Warner and Vice Chairman Marco Rubio. In November, they proposed a bill to reform U.S. person queries without requiring a warrant, aligning them with the many national security professionals who believed such a requirement would effectively dismantle one of the intelligence community’s most critical intelligence tools. This view ultimately carried the day with the majority of senators.
The Warner and Rubio bill’s approach was similar to H.R. 7888. Both bills reformed aspects of the traditional FISA application process and revoked the FBI’s ability to conduct “evidence of a crime” queries under Section 702. Both bills also codified FBI remedial measures that, on their own, have ushered in nearly universal compliance with Section 702 querying requirements.
The 34 no votes reflected bipartisan skepticism toward the surveillance authority. Democratic Sens. Wyden and Dick Durbin (D-Ill.) had partnered with Republicans, including Sen. Mike Lee (R-Utah), to introduce bills in the upper chamber that would have imposed significant restrictions on some aspects of Section 702. One proposal from various members of this coalition would have required a probable cause warrant requirement whenever the government wanted to run a U.S. person query, with exceptions carved out for consent, exigent circumstances, and when the purpose of the query was related to identifying victims of foreign cyber operations. A subsequent proposal—floated as a compromise—would have required a probable cause warrant requirement only to access the result of a U.S. person query. These bills also contained limitations on the government’s ability to purchase commercially available U.S. person information.
Negotiations around the ECSP definition and warrant provisions made it more difficult for the Senate to move through its standard procedural steps quickly. In the end, lawmakers rejected amendments that would have added a warrant requirement and limited the government’s ability to purchase commercial data. The fact that the Senate did not make changes to the House’s version of H.R. 7888 meant it could go directly to the White House for the president’s signature after Senate passage. Even though passage occurred after the statutory expiration date, there has been no public reporting indicating that the short lapse led to a gap in 702 collection.
The reauthorization of Section 702 through H.R. 7888 represents a major win for national security hawks and the Biden administration. But any enthusiasm may be short lived. To secure House passage, House Speaker Mike Johnson (R-La.) agreed to shorten the original five-year reauthorization window to two years. This concession means the upcoming elections in November will do much to foreshadow the FISA debates that will again return to Capitol Hill in 2026.