A contentious piece of U.S. law giving the National Security Agency broad authority to spy on people overseas expires at the end of the year. Expect heated debate about the scope of U.S. surveillance law leading up to Dec. 31.
One major issue to watch involves the way the surveillance treats communications from U.S. residents. Critics say U.S. emails, texts, and chat logs -- potentially millions of them -- are caught up in surveillance authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA).
U.S. residents who communicate with foreign targets of the NSA surveillance have their data swept up in what the NSA calls "incidental" collection. The FBI can then search those communications, but it's unclear how often that happens.
A primer on Section 702:
What is Section 702 surveillance?
Section 702 of FISA is the authorization the NSA needs to run programs like Prism and Upstream, revealed in 2013 by former agency contractor Edward Snowden. The U.S. intelligence community has called Section 702 surveillance its "most important tool" in its fight against terrorism, noted Representative Bob Goodlatte, a Virginia Republican, during a March 1 congressional hearing.
Section 702 surveillance is "critical" in the U.S. government’s fight against terrorism, added April Doss, a lawyer at the NSA for 13 years.
At the agency, "I had the opportunity to witness firsthand the critical importance of robust intelligence information in supporting U.S. troops and in detecting terrorist plans and intentions that threatened the safety of the U.S. and its allies," she said in testimony March 1.
In the Prism program, the NSA and FBI allegedly gained access to the servers of Google, Facebook, Microsoft, Yahoo, and other internet companies as a way to collect audio, video, emails, and other content.
Upstream collection allegedly involved the NSA intercepting telephone and internet traffic by tapping internet cables and switches.
The surveillance approval process
Under 702, FISA allows the U.S. attorney general and the director of national intelligence to authorize "the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information." The U.S.Foreign Intelligence Surveillance Court reviews the targeting and minimization procedures adopted by the government and determines whether they comport with the statutory restrictions and the Fourth Amendment to the U.S. Constitution.
The Office of the Director of National Intelligence (ODNI) says it conducts its surveillance with the "knowledge of the service provider," although several internet companies have denied cooperating with the NSA.
Doss and other defenders of Section 702 surveillance say that it's targeted, not so-called "bulk" surveillance. But the descriptions of both Prism and Upstream from the Snowden leaks and subsequent government descriptions suggest the surveillance is widespread. The intelligence community has long argued the legal definition of "bulk" surveillance is very specific.
The NSA also collected U.S. telephone records for several years under a separate program. The NSA and the FBI pointed to a different provision of FISA, Section 501, as authorization for the controversial metadata collection program. Congress curtailed the phone metadata collection program in the USA Freedom Act, passed in mid-2015.
Prospects for extending Section 702
Congress is certain to extend the surveillance authority in some form, even though many tech companies and privacy groups are pushing lawmakers to rein in the NSA’s surveillance programs, both in the U.S. and abroad.
Most lawmakers see value in extending Section 702, although many Democrats and some Republicans have talked about ending or limiting the ability of the FBI and other intelligence agencies to search for U.S. communications swept up in the surveillance.
Given that Section 702 is one of the main authorizations for the NSA to conduct foreign surveillance, not even the most ardent privacy advocates believe Congress will let the provision expire.
Backdoor searches of U.S. communications
Section 702 prohibits the NSA from targeting people inside the U.S., but the agency, in "incidental" collection, gathers information from U.S. residents who are communicating with the agency’s overseas targets.
The law then allows the FBI and other intelligence agencies to search those U.S. communications for evidence of crimes, including crimes not connected to terrorism. Many digital rights groups, along with some lawmakers, want to end this so-called backdoor search of Section 702 records.
This collection of U.S. communications without a warrant is, "in a word, wrong," Representative John Conyers Jr., a Michigan Democrat, said during the March 1 hearing.
Details about the incidental collection are fuzzy. Going back to 2011, lawmakers have repeatedly asked for numbers of U.S. residents affected but have received no details from the ODNI.
Expansive collection of foreign communications
In addition to the incidental collection of U.S. residents' communications, privacy advocates complain about an expansive surveillance of foreigners allowed under Section 702.
The provision allows the NSA to collect foreign intelligence information from "anyone" outside the U.S. not just suspected agents of foreign powers, said Greg Nojeim, senior counsel at the Center for Democracy and Technology. "Intelligence information" is also defined broadly, he said.
"Once you remove that, it's open season on many foreigners who pose no threat to U.S. national security," he added.
House members, in their March 1 hearing, talked little about the impact on people outside the U.S. At this point, it seems unlikely that U.S. lawmakers will limit the provision’s foreign data collection.
Privacy advocates have an ace up their sleeves, however. Several privacy groups have encouraged the European Union to get involved in the debate and threaten to revoke Privacy Shield, the cross-Atlantic agreement that allows U.S. companies to handle EU residents' data, unless significant changes are made to 702.
The European Commission "has made it clear that it takes seriously its obligations to review the Privacy Shield Agreement," said Nathan White, senior legislative manager at Access Now, a digital rights group.
EU nations understand surveillance is can be necessary, but "surveillance must respect human rights," White added. "Surveillance doesn’t trump human rights responsibilities."
Recent surveillance controversies
The U.S. intelligence community’s surveillance programs have stirred up new controversies in recent weeks. In early March, President Donald Trump, in a series of tweets, accused former President Barack Obama of wiretapping Trump Tower in New York City during the last presidential campaign.
While Trump has provided no evidence of the bombshell charge, it appears that the NSA intercepted some of his campaign staffers' communications when they talked to foreign surveillance targets. That type of surveillance would likely be authorized by Section 702.
A few days later, WikiLeaks published more than 8,700 documents that it says came from the CIA. The documents describe the spy agency's efforts to compromise iPhone, Android devices, smart TVs, automobile software, and major operating systems.
The CIA, however, runs separate surveillance programs from the NSA. CIA surveillance is supposed to be focused on specific foreign targets, as opposed to the widespread surveillance that the NSA does under the authority of Section 702. The CIA says it is "legally prohibited from conducting electronic surveillance targeting individuals here at home, including our fellow Americans."
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.