The FISA Section 702 Debate Intensifies

George Croner
Monday, May 15, 2023, 11:09 AM
Let’s take a closer look at incidental collection, FBI querying, and the Fourth Amendment as we head into a potential 702 sunset.

Published by The Lawfare Institute
in Cooperation With
Brookings

In 2008, Congress amended the Foreign Intelligence Surveillance Act (FISA) by adding Section 702, allowing the U.S. government to acquire critically important intelligence from foreign targets using U.S. telecommunications services. As Director of the National Security Agency (NSA) Gen. Paul Nakasone explained at a public forum sponsored by the Privacy and Civil Liberties Oversight Board (PCLOB) earlier this year, “FISA Section 702 is irreplaceable” and “plays an outsized role in protecting the nation” by “providing some of the U.S. government’s most valuable intelligence on our most challenging targets.” However, Section 702 is not a permanent surveillance authority; it requires periodic reauthorization by Congress and is currently scheduled to expire on Dec. 31, 2023. The most important foreign intelligence “reform” question of this year is what this indispensable authority will look like by the end of the 2023 congressional reauthorization debate.

Section 702 has had its critics since its inception. On the day Section 702 became law in 2008, the American Civil Liberties Union and fellow privacy and civil liberties activists sued unsuccessfully to have it declared unconstitutional. Since its passage, and continuing through its two prior reauthorizations in 2012 and 2017, Section 702’s critics have insisted that it permits the government, and most particularly the FBI, to spy on Americans. 

This is, most assuredly, a very critical year for Section 702. What gives Section 702’s adversaries added confidence is the prospect of having their usual consortium of conservative libertarians and civil liberties advocates now joined by those in the House of Representatives who have expressed concerns regarding the “weaponization” of the federal government and for whom the FBI is the ultimate avatar of that “weaponization.” Emphasizing the FBI’s checkered record of compliance with the procedures governing the retention and use of information acquired through Section 702 surveillance, opponents have renewed their long-standing claim that Section 702 is “unconstitutional” and “creates a massive end run around the Fourth Amendment’s warrant requirement.” As the renewal debate intensifies, the allegations that critics are making about the application of the Fourth Amendment to the Section 702 program and, more particularly, to the program’s elements of “incidental collection” of U.S. person communications and the querying of Section 702 collection using U.S. person identifiers warrant a closer look.

Section 702 and the Fourth Amendment

Analysis of the constitutionality of the Section 702 program poses some uniquely challenging questions precisely because, as PCLOB recognized in its comprehensive examination of Section 702 in 2014, it is a complex surveillance program, “one that entails many separate decisions to monitor large numbers of individuals, resulting in the annual collection of hundreds of millions of communications.” Moreover, the analysis is further snarled because the only constitutional interests at stake do not involve those actually targeted for surveillance—as non-U.S. persons located outside the United States, they lack any Fourth Amendment rights. Rather, the constitutional issue arises for those U.S. persons who, although not targeted, have their communications incidentally acquired as a result of communicating with foreign targets.

The text of Section 702 opens by authorizing the attorney general and the director of national intelligence (DNI) to obtain foreign intelligence information by acquiring the communications of non-U.S. persons reasonably believed to be located outside the U.S. That statutory authorization is followed immediately by a series of “Limitations” all of which are directed to the purpose of ensuring that U.S. person communications are not targeted for Section 702 collection. Nonetheless, Congress recognizes that “it is simply not possible to collect intelligence on the communications of a party of interest without also collecting information about the people with whom, and about whom, that party communicates, including in some cases, non-targeted U.S. persons.” Congress acted to protect the privacy rights of those “non-targeted U.S. persons” by requiring that the attorney general adopt procedures that minimize “the acquisition and retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons,” which the Foreign Intelligence Surveillance Court (FISC) must then review and approve as being consistent with the requirements of the Fourth Amendment. These minimization procedures, along with targeting and querying procedures (the latter representing a requirement Congress added as part of its 2017 reauthorization of Section 702), and the Acquisition Guidelines developed by the attorney general in consultation with the DNI, comprise the statutory architecture that Congress created to serve as a proxy for the law enforcement warrant and protect the Fourth Amendment rights of those “non-targeted U.S. persons” whose communications are incidentally collected during the course of lawfully authorized Section 702 acquisitions.

Challengers to the constitutionality of Section 702 almost always speak in terms of the surveillance as “warrantless” and lacking “particularity”—terms found in the Fourth Amendment but specific to the amendment’s historic role in regulating searches and seizures related to law enforcement. Critics note that, outside of the law enforcement context, Title I of FISA also requires a court order, which those critics analogize to a law enforcement warrant, but FISA Title I is geographically focused on surveillance conducted in the U.S. where the target of the surveillance is either an identifiable U.S. person or a person located in the territorial United States. 

Conversely, by definition, Section 702 is focused on surveillance of non-U.S. persons outside the U.S., and the certification used to initiate a Section 702 acquisition is not required to identify any particular target or to disclose the specific facilities or places at which an acquisition will be directed or conducted. In describing Section 702 as “warrantless,” however, the Fourth Amendment violation that critics allege—the one lying at the heart of this reauthorization debate—actually arises after Section 702’s lawful acquisition of both communications acquired by targeting foreign persons reasonably believed to be located outside the U.S. and the communications of those U.S. persons acquired as incidental to that targeted collection. The salient constitutional inquiry has evolved to focus on whether a warrant is required not when the surveillance is initiated, knowing that U.S. person communications will be acquired as an inevitable byproduct, but, instead, prior to retrieving communications from the Section 702 database using a U.S. person identifier through a process known as querying.

The communications of foreign targets are acquired by issuing Section 702 “directives” requiring third-party electronic communication service providers to furnish the government with those communications identified by “selectors” (for example, telephone numbers and email addresses) tasked to those providers. Section 702 prohibits the acquisition of any communication using any selector associated with a U.S. person. Communications acquired through Section 702 acquisitions are stored in a database maintained by the NSA, which is the lead agency implementing the Section 702 program. That database represents a sort of primordial “stew” until accessed by querying, which the FBI’s Querying Procedures (approved by the FISC) describes as “the use of one or more terms to retrieve the unminimized contents … of Section 702-acquired information that is located in an FBI system.” In other words, the identity of a communicant and the content of any particular communication in the Section 702 database, including the incidentally collected communications of U.S. persons, are unknown until a query is initiated.

Query terms can include a “United States person query term,” which is a term “reasonably likely to identify one or more specific U.S. persons.” It is the use of a U.S. person identifier or query term to retrieve information from the Section 702 database that opponents insist constitutes a separate Fourth Amendment search—notwithstanding that the database contains only communications that have already been lawfully acquired by the government pursuant to FISC-approved surveillance. Some commentators and one federal court of appeals decision contend that, since a communication remains anonymous in the Section 702 database until retrieved pursuant to a query, retrieval using a U.S. person querying term represents a separate Fourth Amendment event. One critic has gone so far as to argue that every query initiated using a U.S. person identifier, whether configured to retrieve foreign intelligence information or evidence of a crime, requires a court order, specifically, a Title I FISC order where foreign intelligence is extracted or a probable cause warrant from a federal magistrate judge where the query seeks evidence of a crime. Notably, however, this is not the consensus legal view and, significantly, represents a viewpoint rejected by the FISC itself, which declined to find that the “querying of information lawfully acquired under Section 702 be considered a distinct Fourth Amendment event requiring a reasonableness determination independent of the other circumstances of acquisition.”

Despite these critiques, there is logic to the FISC’s conclusion about querying. While few courts have addressed the question of Section 702 querying, one has directly analyzed the issue and concluded that “subsequent querying of a §702 collection, even if U.S. person identifiers are used, is not a separate search and does not make a §702 search unreasonable under the Fourth Amendment.” This viewpoint was reinforced in comments made during the debate accompanying Congress’s decision to add querying procedures to Section 702 as part of the 2017 reauthorization:

This [F(2)] order requirement does not reflect the [House Permanent Select Committee on Intelligence’s] belief or intent that law enforcement access to lawfully acquired information constitutes a separate search under the Fourth Amendment. The Fourth Amendment, as interpreted by numerous Federal courts, does not require the FBI to obtain a separate order from the FISC to review lawfully acquired 702 information. 

Though not required by the Constitution, this compromise is meant to provide additional protections for U.S. person information that is incidentally collected under section 702.

Often unacknowledged by Section 702 critics is the fact that, even accepting the premise that querying the Section 702 database using a U.S. person query term triggers its own Fourth Amendment analysis, this still does not mandate that a “warrant” must be secured before initiating the query. Courts, instead, have recognized that the appropriate consideration in evaluating an electronic surveillance is the programmatic purpose served by that surveillance, whether that purpose serves a legitimate objective beyond routine law enforcement and whether that purpose would be “frustrated” by insisting upon a warrant. Thus, the foreign intelligence focus of Section 702 surveillance triggers an entirely different “reasonableness” assessment under the Fourth Amendment than that used either for law enforcement purposes or to determine whether a U.S. person can be targeted as an “agent of a foreign power” under FISA Title I. This analysis recognizes both the existence of a foreign intelligence exception that exempts the query from the law enforcement-based warrant requirement and that the application of court-approved minimization and querying procedures serves to make the query’s intrusion into individual privacy interests “reasonable” when balanced against the government’s interest in national security—an interest repeatedly recognized by the courts as being of the “highest order.” Summarizing, then, the Fourth Amendment does not require a court order before initiating a query of the Section 702 database using a U.S. person identifier that is reasonably designed to retrieve foreign intelligence information. 

FBI Queries and the “Back Door” Search

Unlike the NSA, the FBI’s Querying Procedures also permit queries of the Section 702 database designed to find evidence of crime. Congress’s definition of “minimization procedures” contained in FISA since it became law in 1978 provides that FISA-derived information can be retained and disseminated for law enforcement purposes. Nonetheless, it is the FBI’s use of U.S. person identifiers to query the Section 702 database, what critics label the “back door” search, that triggers reactions charging that Section 702 is “an invasive and unconstitutional law that cannot continue to exist in its current form.”

The FBI accesses only that part of the Section 702 database containing communications generated by the particular targets that the FBI has nominated for collection—3.2 percent of the total database, according to the most recent Statistical Transparency Report issued by the Office of the Director of National Intelligence (ODNI), representing roughly 8,000 of the 246,073 Section 702 targets in 2022. Notably, the FBI nominates for collection only those targets associated with open, fully predicated national security investigations—the most serious class of investigation in the FBI’s investigative hierarchy.

In 2017, Congress added the requirement that agencies having access to the Section 702 database develop and use “querying procedures” to govern the act of querying that database to retrieve information. While asserting that the Fourth Amendment did not require such procedures, Congress implemented the querying procedures requirement as “a compromise [that] is meant to provide additional protections for U.S. person information that is incidentally collected under section 702.”

As a result of this “compromise,” the querying requirements now found in Section 702 contain specific provisions directed to the querying activities of the FBI. Those procedures include a requirement (the F(2) requirement) that, “in connection with a predicated criminal investigation opened by the FBI unrelated to the national security of the United States,” the FBI may not access the content of communications in the Section 702 database using a U.S. person query term that is not designed to find and extract foreign intelligence information without first procuring an order from the FISC demonstrating probable cause that the U.S. person query term will produce evidence of criminal activity, contraband or the fruits or instrumentalities of crime, or property designed for use or intended for use in committing a crime.

Simultaneously with its enactment of the F(2) requirement, Congress furnished statutory guidance on the practical application of this new F(2) querying requirement by adding a “rule of construction” that permits the FBI to review, without a court order, the results of any query that was “reasonably designed to find and extract foreign intelligence information, regardless of whether such foreign intelligence information could also be considered evidence of a crime” and to “access the results of queries conducted when evaluating whether to open an assessment or predicated investigation relating to the national security of the United States.”

The FBI’s querying practices, then, are governed by the same legal principles discussed earlier: Where a U.S. person query term is used in a query designed to retrieve foreign intelligence information, or to assess whether to open an investigation related to national security, no court order is required and the query is evaluated under the “reasonableness” standard that applies court-approved querying and minimization procedures serving to make the query’s intrusion into individual privacy interests “reasonable” when balanced against the government’s interest in national security. This approach also serves to accommodate the government’s need for time-sensitive flexibility in serving its paramount interest in protecting national security when requiring a court order prior to initiating any U.S. person query would, as a practical matter, eliminate the use of U.S. person query terms in those very situations where that flexibility and dispatch are of particular importance. Alternatively, however, when the FBI uses a U.S. person query term to access the Section 702 database in connection with a predicated criminal investigation not related to national security, it must first secure an F(2) court order from the FISC.

In truth, the FBI has struggled to comply with the querying mandate in general and with its own querying procedures, and those struggles have been documented publicly both in FISC opinions and in regular compliance and transparency reports describing the FBI’s querying practices. Section 702 critics have noticed. A recently released document signed by 15 Section 702 adversaries insists that it has become clear the FBI has engaged in “widespread violations” of the querying rules. Another recent article labeled Section 702 as “a go-to domestic spying tool for the FBI.”

While the F(2) querying requirement added by Congress in 2017 theoretically addresses the back door search issue, the statistics and public disclosures addressing the FBI’s querying performance indicate otherwise. In practice, the FBI has yet to seek an order under the F(2) querying requirement and, in April, the DNI reported that there had been five “identified instances” in 2021 and an additional “incident” in 2022 where a FISC order “was required pursuant to Section 702(F)(2) but not obtained” prior to reviewing the results of a U.S. person query. Moreover, these reports of FBI compliance deficiencies have been accompanied by other disclosures demonstrating that the FBI queries the Section 702 database using U.S. person query terms at a rate significantly greater than the cumulative querying totals for the NSA, the CIA, and the National Counterterrorism Center (NCTC)—the only other agencies having access to that database. In 2021, for example, while the NSA, the CIA, and the NCTC collectively queried that database 12,748 times for content and noncontent information, FBI queries of the smaller fraction of the Section 702 database to which it has access were estimated as “fewer than 3,394,053.” While the methodology and parameters used to produce these FBI querying statistics are somewhat arcane, it was apparent that, by any standard of measurement, the FBI’s querying of unminimized Section 702 content dwarfs the cumulative querying totals of the NSA, the CIA, and the NCTC.

As reflected in the recently released 2023 Annual Statistical Transparency Report, the disparity in the frequency with which the FBI queries the Section 702 database, as compared to the NSA, the CIA, and the NCTC, has continued, but a change in the FBI’s counting methodology and other “compliance-related” changes to FBI systems have produced a significant numerical decline in the FBI’s reported use of U.S. person queries. Using this new “de-duplicated” counting methodology, the FBI now counts “the number of unique U.S. person terms its personnel have used to query within the agency’s repositories of unminimized Section 702-acquired information.” The FBI measures its querying activities over a different 12-month cycle than the other agencies (December 1-November 30, as opposed to the calendar year) and the de-duplicated counting methodology produced the following adjusted numbers for the FBI’s “estimated number of U.S. person queries of unminimized Section 702-acquired contents and noncontents.”

Source: https://www.dni.gov/index.php/newsroom/reports-publications/reports-publications-2023/item/2376-statistical-transparency-report-regarding-national-security-authorities-calendar-year-2022?utm_campaign=wp_the_cybersecurity_202&utm_medium=email&utm_source=newsletter&wpisrc=nl_cybersecurity202

As depicted in the table, the FBI’s de-duplicated total of 119,383 queries still substantially exceeds the 8,340 total U.S. person queries of the Section 702 database made by the NSA, the CIA, and the NCTC in 2022. However, the newly released FBI total represents a decline of over 95 percent in the number of U.S. person queries used by the FBI as compared to the prior year. This sizable reduction comes at a time when the FBI has been accused of “widespread violations” of the Section 702 querying standards, and those alleged violations represent a major focus of critics in the debate over the reauthorization of Section 702.

It bears mentioning that these “widespread violations” of the Section 702 querying standards, when reduced to specifics by critics, are always drawn from disclosures appearing in documents produced as part of the comprehensive oversight and compliance program that already identifies Section 702 as probably the most regulated national security authority operated by the government. For example, among the specific compliance incidents cited in a recent report issued by the Brennan Center, all incidents were extracted from the 2018, 2019, and 2020 opinions and orders issued by the FISC in connection with its required review of the Section 702 certifications in those years, or the 24th Joint Assessment of Compliance with Section 702 Procedures and Guidelines—a semiannual undertaking that Congress also requires as part of the Section 702 compliance regimen. Notably, the disclosures in these FISC opinions and the joint assessment repeatedly describe the identified violations as unintentional and principally traceable to misunderstandings and misapplications of the FBI’s querying procedures and the technical systems used with those procedures. Section 702 opponents, however, point to this history of “widespread violations” as reflective of an endemic culture of noncompliance; and, admittedly, identifying and disclosing compliance violations means little in the absence of discernible progress in remedying those violations and improving the FBI’s compliance record.

Will Congress Believe That the FBI Can Improve Its Compliance Record?

An overriding question in the current reauthorization debate is whether the available evidence supports a rational belief that the FBI is dedicated to improving its compliance record and is implementing actions that will actually produce that improvement. In recent months, the government announced a series of new remediation efforts directed at improving the FBI’s Section 702 compliance record, including an undertaking by the Justice Department’s National Security Division and the ODNI to develop further guidance on the query standard. This includes “multiple examples of the application of the guidance to particular factual scenarios.” According to the government, this new guidance was first shared with the FBI in November 2021 and has been combined with a number of other measures, including a significant reconfiguration of the FBI’s technical systems handling Section 702 information to ensure that Section 702-derived content is not improperly previewed. The FBI also instituted additional training of personnel emphasizing the F(2) requirement for a court order where queries of Section 702 data are initiated in connection with predicated investigations that do not involve national security.

The DNI’s recently issued 2023 Statistical Transparency Report arguably supports the view that the publicized remediation efforts directed at improving the FBI’s Section 702 compliance record have produced measurable improvements. As the report explains, the bulk of the FBI’s compliance-related changes were implemented in the second half of 2021, so 2022 represents the first year in which the full impact of those remediation efforts is reflected, and the statistics show a sizable decrease in the FBI’s use of U.S. person queries. Moreover, while the FBI has an admittedly checkered record of past compliance, the FISC noted some evidence of positive returns in an April 2022 Section 702 opinion soon to be released by ODNI: “[T]he Court is encouraged by the amendments to the FBI’s querying procedures and the substantial efforts to improve FBI querying practices, including heightened documentation requirements, several system changes, and enhanced guidance, training, and oversight measures. There are preliminary indications that some of these measures are having the desired effect.”

Statistics, Reform, and Perspectives in the Reauthorization Debate

Dedicated adherence to Section 702’s procedures and guidelines is fundamental to public confidence in the Section 702 program. It remains to be seen what effect this recomputation and corresponding reduction in the number of FBI queries using U.S. person identifiers, coupled with the additional measures that the FISC has found to be “having the desired effect,” will have on Congress. Before deciding whether to reauthorize Section 702, Congress will have not only the information now furnished in the DNI’s new report but also a report from the PCLOB addressed to “ensuring that privacy and civil liberties are protected in the course of the Executive Branch’s use of its Section 702 authorities, and to ensuring that Congress and the public are able appropriately to assess and consider the program’s value, and efficacy in protecting the nation’s security and producing useful intelligence.” The PCLOB report is expected later this year.

A significant part of the continuing reauthorization debate over Section 702 will be driven by numbers, such as the number of foreign targets, the number of U.S. person communications “incidentally” collected in conjunction with targeting non-U.S. persons reasonably believed to be located outside the U.S., the number of queries of the Section 702 database using U.S. person identifiers, and the number of times the FBI seeks, or fails to seek, an F(2) order from the FISC while querying the Section 702 database. 

One number of considerable interest to Section 702 opponents and to some in Congress is the total number of Americans whose communications are incidentally collected in connection with Section 702 acquisitions. According to recent media reports, a Princeton professor has developed a program that can calculate that figure—a number that the government has repeatedly insisted is “impractical” or “infeasible” to produce. Whether the novel approach can be implemented at scale to generate a number that is accurate and meaningful is unknown, but not everyone sees it as furnishing the missing link in the Section 702 debate. Glenn Gerstell, a former NSA general counsel, for example, has observed that the focus on the number of incidentally collected U.S. person communications distracts from the “real question,” which “should be what are we going to do with the fact that we’ve got these Americans’ communications. Who’s looking at it, who sees it, and what’s the context?” 

But others consider the “key question” in any debate addressing the reauthorization of Section 702 to be: “How many law-abiding Americans are having their communications swept in all that collection?” In its 2014 report on the Section 702 program, when there were less than 100,000 Section 702 targets, the PCLOB noted that “even if U.S. persons’ communications make up only a small percentage [of total collection], the absolute number of their communications acquired could be considerable.” With over 246,000 foreign targets in 2022, it is highly likely that the scope of Section 702’s incidental collection of U.S. person communications has increased significantly since that PCLOB observation less than a decade ago. Considering that technological advancements may offer, or soon offer, methodologies that produce an actual number, or some informed numerical range, for measuring the scope of this incidental collection, the call for disclosure of this metric will escalate and Congress may be unwilling to renew Section 702 without production, or at least a definitive timetable for production, of the “incidental” collection data. Executive branch representatives advocating for the renewal of Section 702 will certainly be pressed on this issue in both open and closed hearings as the reauthorization debate continues.

As noted previously, the identity and content of any particular communication in the Section 702 database, including the incidentally collected communications of U.S. persons, is unknown until a query is initiated retrieving that communication from the database. From a privacy perspective, then, it is the use of U.S. person querying terms to extract communications otherwise anonymously residing in that database that represents the salient intersection where privacy interests collide with national security concerns in the Section 702 surveillance process—and, as discussed earlier, none of the other three agencies with access to Section 702-acquired communications uses U.S. person identifiers to query the database at a level remotely approaching that of the FBI.

The 2022 DNI report shows that the FBI queried that part of the Section 702 database to which it has access using U.S. person query terms approximately 1.3 million times in 2020 and 3.4 million times in 2021. In the 2023 report, however, the FBI applied a new “de-duplicated counting methodology,” which produced a reduction in those U.S. person querying numbers to 852,894 in 2020 and 2,964,643 in 2021. Then, citing the effect of a series of “compliance-related changes” implemented throughout 2021 and into early 2022, the FBI reported that its use of U.S. person query terms in 2022 had declined to 119,383.

Section 702 opponents will almost certainly greet these new FBI querying numbers with skepticism. Questions also have been raised about the efficacy of this still significant volume of FBI querying activity. Because, as noted in the 2023 report, the FBI is the only agency with access to the Section 702 database having both foreign intelligence and law enforcement responsibilities, those questions are often framed in a way that seeks to measure the “value” of FBI querying using criminal law enforcement jargon that does not correlate to the foreign intelligence and national security purposes precipitating the initiation of many queries. Foreign intelligence collection and law enforcement are different disciplines, although the pursuit of foreign intelligence information and the prospect that such information will include data that is relevant both to intelligence needs and to the exposure of criminal activity is not a zero-sum game. An increase in the law enforcement value of particular information acquired after an electronic surveillance is initiated to acquire foreign intelligence or counterintelligence does not necessarily reflect a corresponding diminution in intelligence value such that querying those acquired communications morphs from intelligence collection predominantly to the assembling of prosecutorial evidence. While the objectives of these two disciplines are parallel, they also intersect, particularly where foreign intelligence crimes are involved. As courts have observed, a surveillance with a foreign intelligence purpose often will have some ancillary criminal law objective. The more appropriate consideration in evaluating that surveillance, however, is the programmatic purpose of the surveillance and whether that purpose involves some legitimate objective beyond ordinary crime control. 

Even with the reported reduction in the FBI’s querying of the Section 702 database and the advertised reforms offered as evidence of improvements in FBI querying practices, the “efficacy” of FBI querying is sure to be scrutinized by Congress. In doing so, a broader lens that examines that efficacy from a vantage that captures the FBI’s dual foreign intelligence and law enforcement missions is necessary to avoid the cramped perspective that may be produced by a viewpoint applying only law enforcement metrics.  

The (Im)Practical Implications of Requiring a Probable-Cause Court Order

Section 702 opponents insist that “the only way to fully protect Americans’ Fourth Amendment rights and prevent abuses is to require the government to obtain a probable-cause court order before performing U.S. person queries.” Opponents propose requiring a warrant from a magistrate judge in a law enforcement investigation or a Title I FISA order from the FISC in what they call foreign intelligence “investigations.” As the FISC has held, there is no constitutional requirement for a court order prior to initiating a query of the Section 702 database using a U.S. person query term reasonably designed to find and extract foreign intelligence information—and Congress already has provided the F(2) order mandate for those circumstances where the FBI queries that database in connection with a predicated criminal investigation not related to national security using a U.S. person query term that is not designed to find and extract foreign intelligence information.

A mandate requiring a court order prior to undertaking any query using a U.S. person identifier in the name of Section 702 “reform” would, as a practical matter, eliminate the use of U.S. person query terms in those situations requiring the flexibility and dispatch that are of particular importance to the timely production of foreign intelligence for U.S. policymakers. As a historical note, the delay precipitated by an earlier requirement for FISC approval prior to targeting foreign telephone numbers and email addresses produced the “intelligence gap” leading to the passage of Section 702 as part of the FISA Amendments Act of 2008. A “reform” requiring a court order before querying the Section 702 database using a U.S. person identifier would have similar repercussions today, as starkly demonstrated by these numbers: In 2022, the FISC issued a total of 337 orders authorizing FISA Title I surveillance while the NSA, the CIA and the NCTC (completely setting aside the FBI for the moment)  queried the Section 702 database 8,340 times using U.S. person query terms designed to find and extract foreign intelligence. Requiring the government to seek a FISA Title I court order prior to initiating any of these 8,340 queries, as Section 702 critics have demanded, would overwhelm the 11 current members of the FISC and cripple the intelligence community’s ability to provide crucial intelligence to policymakers on a timely basis—a practical reality of which Section 702 opponents are assuredly aware.

The Road Ahead on Section 702

In its 2014 report, the PCLOB recognized that “[t]he Section 702 program is extremely complex, involving multiple agencies, collecting multiple types of information, for multiple purposes.” That complexity has only increased in subsequent years. But complexity alone does not furnish justification or excuse for practices that violate the program’s own compliance and regulatory rules and intrude on the privacy rights and civil liberties of Americans.

As the Section 702 reauthorization debate continues to unfold, this concern for privacy rights and civil liberties must be complemented by the recognition that Section 702 should not be permitted to lapse: The foreign intelligence value of the program is simply indispensable and irreplaceable. Travis LeBlanc, a current PCLOB member, while calling for reforms to improve the protection of U.S. person privacy interests, described the program as having “significant and immense value,” acknowledging that Section 702 has “saved lives” and that the “country is safer with it than without it.”

With both of these perspectives in mind, Congress must approach the renewal of Section 702 prudently. If legislative revisions of Section 702 are forthcoming, it is essential that they be tailored to complement those changes that the FISC already has found “encouraging” and “having the desired effect.” Achieving the proper balance that preserves the immense national security value of this surveillance authority while protecting the privacy and civil liberties of American citizens is a delicate exercise requiring considerable legislative circumspection.


George Croner is a former principal litigation counsel at the National Security Agency. He is a senior fellow at the Foreign Policy Research Institute, and a member of the Advisory Council at the Center for Ethics and the Rule of Law (CERL) at the University of Pennsylvania Law School.

Subscribe to Lawfare