Reforming 702: An Overview

This post is part of a running blog series on Section 702 ahead of its reauthorization deadline in December 2023. In this series, EPIC will dive deeper into Section 702 and the need for significant reform. For the other parts of this series, click here. 

What is Section 702?

In the wake of the Church Committee’s revelations of widespread abuses by intelligence agencies, Congress enacted the Foreign Intelligence Surveillance Act of 1978 (FISA) to authorize and regulate electronic surveillance for foreign intelligence purposes. In 2008, following public outcry over an expansive and secretive post-9/11 surveillance program targeting international communications from within the United States, Congress passed the FISA Amendments Act of 2008, thus preserving part of this program. Section 702 of the FISA Amendments Act authorizes surveillance programs targeting non-U.S. persons reasonably believed to be outside the United States to acquire “foreign intelligence information” with the compelled cooperation of U.S. service providers.[1]

Unlike traditional FISA surveillance, programs authorized under Section 702 do not involve Foreign Intelligence Surveillance Court (FISC) oversight of individual surveillance orders. Instead, the Attorney General and the Director of National Intelligence jointly authorize these programs and submit an annual “certification” to the FISC attesting that “a significant purpose of the acquisition is to obtain foreign intelligence information” and that acquisition will comply with certain statutory limitations, such as those limiting targeting to non-U.S. persons outside the United States. The government need not show “probable cause,” establish that a target is an agent of a foreign power or engaged in criminal activity, or identify the specific places or facilities that will be monitored.

Along with this certification, the government provides the FISC with copies of its targeting procedures and minimization procedures. Targeting procedures detail how the government determines: 1) whether a given target is a non-U.S. person; 2) whether the target is believed to be outside the United States; 3) whether the target has foreign intelligence value; and 4) whether targeting this person will produce foreign intelligence information. Minimization procedures explain how agencies use, retain, and disseminate the data obtained through Section 702 programs.

If the FISC approves these procedures, the government is authorized to compel the cooperation of U.S. service providers (e.g., AT&T and Verizon) in acquiring communications associated with certain “selectors” (such as phone numbers, email addresses, IP addresses, etc.) that are believed to be associated with those non-U.S. person targets. The National Security Agency (NSA) has operated two programs to acquire communications under Section 702—“downstream” (previously called PRISM) and “upstream.”[2] Through downstream, the U.S. government sends directives to U.S.-based communications platform operators to acquire the communications to or from that selector. Meanwhile, through upstream, the government compels the assistance of providers that control the Internet “backbone” within the United States over which telephone and Internet communications transit.

Why Does Section 702 Need Reform?

Since its controversial inception, Section 702 has created a gap in the traditional FISA framework that allows the government to collect Americans’ information without adequate judicial process, and this gap has grown more alarming as the government has increasingly leveraged the information collected on Americans.

While Section 702 is a foreign intelligence surveillance authority, the government has conceded that it also collects a significant amount of U.S. persons’ communications under Section 702 surveillance programs. Section 702 limits targeting to non-U.S. persons reasonably believed to be outside the United States, and the statute expressly prohibits “reverse targeting”—meaning the government may not target a non-U.S. person outside the United States if the real purpose is to target a particular person believed to be in the United States. However, the “incidental” collection of Americans’ communications is a feature of the government’s methods of acquiring communications under Section 702.

The Intelligence Community has yet to release statistics on the number of Americans whose communications are collected under 702 programs, despite prior commitments to do so.[3] A 2011 FISC opinion revealed that the NSA was collecting “more than two hundred fifty million Internet communications each year” under Section 702.[4] Since 2013, the number of targets of section 702 surveillance has increased at least threefold to over 230,000 in 2021, suggesting that current collection far exceeds the FISC’s estimate.[5] Given the sheer volume of communications collected by the NSA, the number of Americans’ communications swept up in these programs is potentially quite high.

Because Section 702 surveillance programs collect U.S. person information, agencies must submit minimization procedures to the FISC for approval. While there is no uniform set of minimization procedures, Section 702 states that any agency’s procedures must be “reasonably designed” to minimize the acquisition and retention of U.S. person information. In practice, these minimization procedures are quite permissive; in general, they permit the government to amass huge amounts of communications and retain them for years, even absent a determination that they constitute foreign intelligence information.[6] Further, agencies regularly violate these minimal minimization procedures—including by improperly searching Section 702 databases, retaining information acquired in violation of Section 702, or not deleting information as required.[7]

Another of the most controversial aspects of Section 702 is the Federal Bureau of Investigation’s (FBI) warrantless searching of communications acquired using Section 702 to pursue routine criminal investigation of U.S. persons—often referred to as “backdoor searches.” The NSA, Central Intelligence Agency (CIA), National Counterterrorism Center (NCTC), and FBI may all “query” Section 702 databases, meaning searching the data using a specific term or terms to retrieve relevant contents or metadata. However, the frequency with which the FBI searches Section 702 databases dwarfs that of any other agency. [8] Further, the FBI’s domestic law enforcement role raises concerns of foreign intelligence surveillance weaponization against Americans. Since the last reauthorization of Section 702 in 2018, these concerns have been further substantiated with concrete examples of FBI misuse. According to recently released FISC opinions, FBI agents have searched Section 702 databases in improper ways, including searching for victims of crimes, community and religious leaders, and family members.[9]

The scope and nature of the FBI’s querying underscores another important point of controversy relating to Section 702 surveillance activities—the extent to which a program initially billed as a counterterrorism tool has morphed into a tool for domestic surveillance. However, there is little transparency surrounding the role that Section 702 plays in contexts like cybersecurity, and therefore not enough public information to corroborate whether Section 702 is necessary to accomplish these goals, and whether special safeguards are necessary in the cyber context. These new contexts may also raise significant privacy and civil liberties concerns. This is especially true of cybersecurity, given the scale of the FBI’s querying.

These developments come amid a broader debate over the growth of government surveillance, including the government’s purchasing of massive amounts of information from data brokers and the increasing use of novel and invasive surveillance techniques. Congress must enact serious reforms to Section 702 or let it sunset, as they did in 2020 with Section 215 of the PATRIOT Act, another post-9/11 surveillance authority.

---

[1] See 50 U.S.C. § 1881a.

[2] Priv. & Civ. Liberties Oversight Bd., Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act 7 (2014), https://documents.pclob.gov/prod/‌Documents/‌OversightReport/823399ae-92ea-447a-ab60-0da28b555437/702-Report-2.pdf.

[3] Dustin Volz, NSA Backtracks on Sharing Number of Americans Caught in Warrant-less Spying, Reuters (June 9, 2017), https://www.reuters.com/article/us-usa-intelligence/nsa-backtracks-on-sharing-number-of-americans-caught-in-warrant-less-spying-idUSKBN19031B.

[4] Mem. Op, [Redacted], No. [redacted], at 29 (FISC Oct. 3, 2011), https://www.dni.gov/files/documents/0716/October-2011-Bates-Opinion-and%20Order-20140716.pdf.

[5] Office of the Dir. of Nat’l Intel., Annual Statistical Transparency Report Regarding the Intelligence Community’s Use of National Security Surveillance Authorities: Calendar Year 2021 17 (Apr. 2022) [hereinafter ODNI CY2021 Transparency Report], https://www.dni.gov/files/CLPT/documents/2022_ASTR_for_CY2020_FINAL.pdf.

[6] Comments of the Electronic Privacy Information Center to the Privacy and Civil Liberties Oversight Board, Notice of the PCLOB Oversight Project Examining Section 702 of the Foreign Intelligence Surveillance Act (FISA) 18–22 (Nov. 4, 2022), https://epic.org/documents/epic-comments-pclob-investigation-of-section-702-surveillance/.

[7] Id.

[8] ODNI CY2021 Transparency Report, supra note 5, at 20–21.

[9] See Mem. Op. & Order, In re Section 702 2020 Certification, at 39–40 (FISC Nov. 18, 2020), https://repository.library.georgetown.edu/bitstream/handle/10822/1061209/gid_c_00289.pdf?sequence=1&isAllowed=y; Mem. Op. & Order, In re Section 702 2019 Certification, at 66 (FISC Dec. 6, 2019), https://www.intelligence.gov/assets/documents/702%20Documents/declassified/2019_702_Cert_FISC_Opinion_06Dec19_OCR.pdf; Mem. Op. & Order, In re Section 702 2018 Certification, at 71 (FISC Oct. 18, 2018), https://www.intelligence.gov/assets/documents/702%20Documents/declassified/2018_Cert_FISC_Opin_18Oct18.pdf.