Is the Sun Setting on US Privacy Protections?

Machine Fingerprint

US Congress is currently considering a bill put forward by Republican Senator Tom Cotton that seeks to make Section 702 of the Foreign Intelligence Surveillance Act (FISA) permanent. The provision is what is known as a “sunset” clause, meaning that it expires after a certain period of time unless further legislative action is taken . Requiring the provision to be reconsidered every few years forces lawmakers to periodically review the necessity, effectiveness, and adverse impacts of the law. Section 702 permits the National Security Agency to collect and surveil the digital communications of foreign nationals (i.e., non-US citizens) who are located outside the US. Under the law, the Attorney General and the Director of National Intelligence may jointly authorize the targeting of persons in order to acquire foreign intelligence information without having to obtain a warrant.

Section 702 and the related provisions were passed in 2008 as the FISA Amendments Act (FAA), and codified within FISA as Title VII. Title VII was subsequently reauthorized by Congress in 2012 and will expire on December 31 of this year unless Congress reauthorizes it again or passes the bill to permanently embed it in FISA. When FISA was originally introduced in 1978, limited technology meant that the activities and communications of foreign nationals could not as easily be surveilled, thus leaving them outside the practical reach of the US intelligence community. However, with the expansion of the internet and prevalence of digital communications, foreign communications became more accessible. Prior to the passing of FAA, provisions meant to protect the privacy of US citizens and persons located in the US had to be met before FISA surveillance could be conducted on foreign nationals abroad, meaning that probable cause had to be established. FAA enabled surveillance to be authorized on foreign nationals much more easily, therefore allowing access to communications of targeted persons through US-based internet service providers without probable cause.

While US citizens are not directly subject to the relaxed standards of such FISA orders, there has been significant concern that the information of US citizens may be incidentally collected if they have had any communications with targeted persons. Although there are some safeguards in place that are intended to prevent this possibility, the law still risks allowing the intelligence community to sidestep US privacy protections should communications with US citizens be captured. Despite the fact that US citizens cannot be directly targeted, there is nothing to prevent the use of backdoor tactics, since “National security officials may use search terms or identifiers associated with Americans, such as an email address, to query the information lawfully acquired using Section 702 authority.”

Proponents of the bill have lauded the provision, arguing that it has resulted in the collection of critical intelligence and is necessary for the effective protection of national security. Supporters have also maintained that the provision contains the appropriate precautions to ensure that the privacy of US citizens and those located in the US are not affected. Contrary to the bill’s proponents, advocates for strong privacy protections are troubled by the latitude afforded to the US intelligence community and fear that the bill lacks acceptable mechanisms for oversight and transparency, potentially enabling privacy protections to be grossly undermined. A number of tech companies — including Facebook, Google, Amazon, and Microsoft — have publicly decried Section 702, calling for substantial reforms to the law before letting it be reauthorized, let alone making it permanent.

The Senate Intelligence Committee held a hearing on the bill on June 7 and the issue is sure to be the subject of continued contentious debate.

This blog post was written by a CCLA summer student. Views expressed do not necessarily reflect the view of the CCLA.