Bipartisan bill aims to have wide impact on federal surveillance efforts

Jason Macuray
This year’s first major legislation to extend expiring U.S. government surveillance authorities is a bipartisan effort that would include some of the most substantial curbs in years on those tools and other intelligence powers.

This year’s first major legislation to extend expiring U.S. government surveillance authorities is a bipartisan effort that would include some of the most substantial curbs in years on those tools and other intelligence powers.

A group of House and Senate lawmakers introduced the measure on Tuesday to renew Section 702 of the Foreign Intelligence Act, which allows the National Security Agency to hoover up the content of calls, emails and other electronic information of overseas targets from U.S. technology providers. However, the program also collects the personal data of an unknown number of Americans.

The bill also incorporates previously introduced legislation to close certain loopholes that allow data brokers to sell consumer data to law enforcement and federal agencies, and it proposes new restrictions on surveillance activity authorized under presidential Executive Order 12333, a Reagan-era directive that set guardrails for some kinds of U.S. intelligence gathering.

The congressional privacy hawks and civil libertarians behind the bill have long called for changes to Section 702 and believe that, by being the first out of the gate, they can seize on momentum created by a string of recent disclosures that the FBI has abused the authority to conduct wrongful searches of U.S. data.

Speaking at a Capitol Hill unveiling of the measure, Sen. Mike Lee (R-UT) argued it is necessary to counter what he views as “an excessively increasingly cavalier approach taken by the FBI, in connection with its use of these foreign intelligence authorities, and especially the way they approach our privacy.”

The timing is “definitely on purpose,” according to a congressional aide, who was granted anonymity to discuss the bill because they weren’t authorized to disclose private conversations.

“This is the big tent reform bill that has been thought out and is comprehensive, so being first shows that this is the consensus. Reform is the consensus,” the aide said.

Most notably, the bill, dubbed the Government Surveillance Reform Act of 2023, would require the FBI to obtain a warrant before searching the NSA’s data trove for information related to Americans. Such a mandate has been vehemently opposed by the Biden administration, which argues it would hamstring a vital intelligence tool.

“[W]ith everything going on in the world, imagine if a foreign terrorist overseas directs an operative to carry out an attack in our own backyard, but we’re not able to disrupt it because the FBI’s authorities have been so watered down,” FBI Director Christopher Wray told the Senate Homeland Security Committee last week.

The new bill includes exceptions to protect national security, including life-and-death emergencies and protecting individuals or U.S. companies from digital attacks.

In a call with reporters before the bill’s release, a senior Biden administration official derided the proposed mandate for searches.

“There are some red lines for us and one of those red lines is the operationally unworkable and fundamentally inept requirement to go to a court before accessing already lawfully collected information,” the official, who spoke on the condition of anonymity, said.

Limits on warrantless surveillance

The measure — which has already been endorsed by a raft of privacy groups, including the ACLU — would extend Section 702 another four years in exchange for several additional revisions.

It would prohibit the monitoring of foreign individuals outside the U.S. as pretext to surveil U.S. persons within the country, a practice known as “reverse targeting.” And it would codify NSA’s ban on the “Abouts” collection — the gathering of digital communications that contain incidental mentions of foreign surveillance targets.

Together, the provisions are aimed at “curbing mass warrantless surveillance of Americans’ data,” the aide said.

To that end, the legislation attempts to bring the same oversight that governs surveillance activities performs under FISA to Executive Order 12333, including requiring the government to get court approval before reviewing Americans’ data collected under the directive.

A second congressional aide said the various proposals — including one that sailed out of the hyperpartisan House Judiciary Committee — were packaged together because “you won’t know the appetite until you put out there what reforms you actually want to see.”

The second aide said that this year, “it does appear, the appetite might be there.”

That sentiment was echoed by Rep. Zoe Lofgren (D-CA), a longtime surveillance critic, echoed that sentiment during today’s press conference.

“This effort, after so many years, I think finally has a chance to become enacted into law,” she said. “This is the best chance that we have had in many, many, many years to make sure that the Fourth Amendment, which protects Americans, is actually adhered to by the federal government.”

The senior administration official, who stressed they had not seen the legislative text, derided the bill’s other prongs, arguing closing data brokers loopholes “would place our government at a decided disadvantage in relation to the private sector and hostile foreign governments in simply acquiring commercially available information.”

FISA Section 702 is “hard. It’s important. It’s complicated. We think it’s enough to try to bite that off and the remaining seven weeks of the year to try to tack on legislating in the the really important fraught complicated areas, like commercially available information or others is adding to an already very, very challenging task in a way that doesn’t make sense, and frankly, doesn’t do justice to the nuance of those issues.”

Sen. Ron Wyden (D-OR), one of the chamber’s top privacy advocates, shrugged off the White House’s criticism.

“I’ve heard of some interesting ways to measure your position on a piece of legislation but announcing you haven’t read it is a little bit unusual at the get go,” he said at the press conference. “We’re going to have an open door policy … So when the White House or whoever is making this announcement for them has a chance to read our bill we’ll be interested in sitting down with them.”

The bill signals what could be a frenzied couple of weeks before the calendar deadline, as members of the House Intelligence and Judiciary committees prepare to unveil their own renewal legislation.

Rep. Andy Biggs (R-AZ), one of the FISA’s most strident critics, noted the two panels have been working together for months and “there’s a lot of overlap between this bill and the product coming out.”

The federal government runs out of money in less than two weeks, meaning that even if lawmakers find a way to avert a shutdown, any bill likely won’t be taken up until the end of the month or in December.

The bill’s backers cautioned congressional leadership against hitching any renewal to a government funding bill or other must-pass piece of legislation.

“Look, the clock’s ticking on 702 is set to expire and it’s time for a trade. We will vote to reauthorize but only with rules that make Uncle Sam get a warrant before entering our digital domain,” according to Lee.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication’s cybersecurity newsletter.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Mortgage giant Mr. Cooper using alternative payment options after cyberattack

Next Post

Japan Aviation Electronics says servers accessed during cyberattack

Related Posts

Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks

Cybersecurity researchers have found that it's possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining. "Misconfigurations such as improperly set up authentication mechanisms expose the '/script' endpoint to attackers," Trend Micro's Shubham Singh and Sunil Bharti said in a technical write-up
Read More