​In January 2021, Sen. Ron Wyden (D-OR) released an unclassified memo from the Defense Intelligence Agency revealing it was purchasing, retaining, and using Americans’ location data. This flies in the face of Carpenter v. United States, a Supreme Court opinion requiring a warrant to examine Americans’ location history. Sen. Wyden next pressed the Department of Defense to identify which other agencies within the Department are buying Americans’ personal data, including location data and web browsing records.
 
The government answered with a “Controlled Unclassified Information” (CUI) response. Sen. Wyden took to the floor to call this “a made-up designation with no basis in law” to “keep this unclassified information from the American public.” A letter from Sen. Wyden to Defense Secretary Lloyd Austin asking him to clarify this extra-legal restriction resulted in a response letter from an underling declining to approve the release of the unclassified information.
 
Now Sen. Wyden has hit on a strategy that is sure to get the attention of the intelligence community. Sen. Wyden says that he has, with “reluctance,” held up the promotion of Lt. Gen. Timothy Haugh to the grade of general to serve as Director of the National Security Agency and Commander of the U.S. Cyber Command. Sen. Wyden will keep this hold in place until the government provides “yes” or “no” answers as to whether the NSA is buying Americans’ location data and web browsing records.
 
“The American people have a right to know whether the NSA is conducting warrantless domestic surveillance of Americans in a manner that circumvents the Fourth Amendment to the Constitution,” Sen. Wyden said.
 
We are grateful to the men and woman who work hard to keep us safe. But the time has come for champions of civil liberties to respond to hardball tactics with some of our own. If the intelligence community and its enablers on the Hill continue to act with disrespect, what is happening to Lt. Gen. Haugh could be done across the entire alphabet soup of federal intelligence agencies.

​Gene Schaerr, PPSA general counsel, in testimony before a House subcommittee on Friday, urged Congress to assert its prerogative to interpret Americans’ privacy and Fourth Amendment rights against the federal government’s lawless surveillance.
 
Schaerr said the reauthorization of a major surveillance law this year is a priceless opportunity for Congress to enact many long-needed surveillance reforms. There is, Schaerr told the Members of the House Judiciary Subcommittee on Crime and Government Surveillance, no reason for Congress to defer on such a vital, national concern to the judiciary.
 
Congress also needs to assert its authority with executive branch agencies, he said. For decades, when Congress reforms a surveillance law, federal agencies simply move on to other legal authorities or theories to develop new ways to violate Americans’ privacy in “a game of surveillance whack-a-mole.”
 
Schaerr said:
 
“As the People’s agents, you can stop this game of surveillance whack-a-mole. You can do that by asserting your constitutional authority against an executive branch that, under both parties, is too often overbearing – and against a judicial branch that too often gives the executive an undeserved benefit of the doubt. Please don’t let this once-in-a-generation opportunity slip away.”   
 
Schaerr was joined by other civil liberties experts who described the breadth of surveillance abuse by the federal government.
 
Liza Goitein of the Brennan Center for Justice at NYU Law School said that FISA’s Section 702 – crafted by Congress to enable foreign surveillance – has instead become a “rich source of warrantless access to Americans’ communications.”
 
She described a strange loophole in the law that allows our most sensitive and personal information to be sold to the government. The law prevents social media companies from selling Americans’ personal data to the government, but it does not preclude those same companies from selling Americans’ data to third-party data brokers – who in turn sell this personal information to the government.
 
Federal agencies assert that no warrant is required when they freely delve into such purchased digital communications, location histories, and browsing records. Goitein called this nothing less than the “laundering” of Americans’ personal information by federal agencies looking to get around the law. 
 
“We’re a nation of chumps,” said famed legal scholar and commentator Jonathan Turley of the George Washington University Law School, for accepting “massive violations” of our privacy rights. He dismissed the FBI’s recent boasts that it had reduced the number of improper queries into Americans’ private information, likening that boast to “a bank robber saying we’re hitting smaller banks.” 
 
Many members on both sides of the aisle echoed the concerns raised by Schaerr and other witnesses during the testimony. Commentary from the committee indicates that Congress is receptive to privacy-oriented reforms.
 
Gene Schaerr cautioned that Congress should pursue such a strategy of inserting strong reforms and guardrails into Section 702, rather than simply allowing this authority to lapse when it expires in December. Drawing on his experience as a White House counsel, Schaerr said the “executive branch loves a vacuum.” Without the statutory limits and reporting requirements of Section 702, the FBI and other government agencies would turn to other programs, such as purchased data and an executive order known as 12333, that operate in the shadows.
 
Despite this parade of horribles, the hearing had a cheerful moment when it was interrupted by the announcement of a major reform coalition victory. The Davidson-Jacobs Amendment passed the House by a voice vote during a recess in the hearing, an announcement that drew cheers from witnesses and House Members alike. This measure would require agencies within the Department of Defense to get a probable cause warrant, court order, or subpoena to purchase personal information that in other circumstances would require such a warrant.
 
Schaerr was optimistic that further reforms will come. He said:
 
“Revulsion at unwarranted government surveillance runs deep in our DNA as a nation; indeed, it was one of the main factors that led to our revolt against British rule and, later, to our Bill of Rights. And today, based on a host of discussions with many civil liberties and other advocacy groups, I’m confident you will find wide support across the ideological spectrum for a broad surveillance reform bill that goes well beyond Section 702.”

In today’s House Committee Judiciary hearing with FBI Director Christopher Wray, Rep. Pramila Jayapal (D-WA) expertly revealed the extent to which the FBI is unwilling to publicly discuss its use of commercially available information (go to 1:10:50 mark).
 
Rep. Jayapal asked the director about his claim before the Senate Intelligence Committee in March that the FBI had previously purchased Americans’ location data information from internet advertisers but had stopped the practice. Why, then, Jayapal asked, did a report from the Office of the Director of National Intelligence (ODNI) reveal that the government continues to purchase Americans’ personal data scraped from apps and sold to the government by third-party data brokers?
 
The report was surprising for its frankness. An ODNI panel admitted that such data can be used to “facilitate blackmail, stalking, harassment, and public shaming.”
 
Rep. Jayapal asked how the FBI uses such data. Director Wray responded that this is too complex to cover in a short exchange. He said there are so many precise definitions that he had best send “subject matter experts” from the FBI to give Rep. Jayapal a briefing, presumably behind closed doors and under classified rules that would prevent public discussion.
 
Rep. Jayapal then went on to note that more than historic location data is at stake. Purchased data, she said, include biometric data, medical and mental health records, personal communications, and internet search histories and activities. She asked Director Wray: Does the FBI have a written policy on how it uses such commercially available information?
 
Director Wray did not seem sure. He replied that he would be happy to provide a private briefing.
 
Rep. Jayapal next asked if there is an FBI policy for using purchased information against Americans in criminal cases.
 
Once again, Director Wray punted.
 
After Rep. Jayapal was finished, House Judiciary Chair Jim Jordan (R-OH), said that her remarks were “well said,” and promised a bipartisan approach on the issue. Speaking for Republicans, Chairman Jordan told Rep. Jayapal, chair of the progressive caucus, “you have friends over here who want to help you with that.”
 
We suggest that a bipartisan next step could be an open hearing with the FBI’s experts on how much purchased information is obtained and how it is used.

​When the Senate Judiciary Committee announced it was holding a hearing this morning on Section 702 of the Foreign Intelligence Surveillance Act with five men representing the Office of the Director of National Intelligence, the NSA, CIA, FBI, and the Department of Justice, many assumed it would amount to a bit of surveillance state agitprop.
 
Instead, senators from across the aisle grilled these intelligence community deputy directors and general counsel like so many hot dogs. The intelligence community representatives came lined up with talking points about a new “culture of compliance” in the intelligence community, only to be upended. Compliance with what? The law? The Constitution? No, the answer consistently was compliance with updated, byzantine internal regulations that this time – they swear! – will finally protect the constitutional rights of the American people.
 
Sen. Mike Lee (R-UT) burst out like a rodeo bull to lecture the panelists that the government has shown “shocking disregard for Americans’ constitutional rights and civil liberties,” from illegal surveillance of political donors, protestors, and even a sitting Member of Congress. He expressed frustration from years of hearing from FBI directors and attorneys general under three presidents say, “just trust us, don’t worry, we’ve got good people … and lots and lots of procedural safeguards in place.” Sen. Lee ridiculed the FBI’s boast that it has vastly reduced the hundreds of thousands of spying incidents without a probable cause warrant. (Go to 1:37:51 mark)
 
Sen. Lee said:
 
“The number should not just be going down. That number should be zero. Every ‘non-complaint’ search violates an American’s constitutional rights.” 
 
Sen. Jon Ossoff (D-GA), who sits on both the Judiciary and Intelligence committees, was cool and unflappable as he brushed aside Assistant Attorney General Matt Olsen’s attempts to bat away his questions (go to 1:58:35). Sen. Ossoff drilled down on the need for a probable cause warrant in using “U.S. person communications” – when the FBI is looking at domestic crimes in the Section 702 database.
 
“Section 702 is a foreign intelligence tool, it is not a law enforcement tool,” Olsen said.
 
“So why is it used for domestic law enforcement purposes?” Sen. Ossoff asked.
 
Olsen replied that such “crime only” searches are “exceedingly” rare.
 
“If it is as rare as you state,” Sen. Ossoff said, “why not go get a warrant?”
 
Olsen then told a story of an agent looking into Section 702 information on national security grounds only to find evidence of domestic child abuse. Sen. Ossoff recognized this as an attempt at obfuscation.
 
“We’re talking about seeking evidence of a crime only, we’re not talking about encountering evidence of other crimes in the course of querying foreign intelligence information,” Sen. Ossoff said. “We’re talking about U.S. person queries whose sole purpose is investigating domestic crime. Why should that not require a warrant?”
 
Olsen’s reply was a legal tautology. Section 702 data, he said, is “lawfully collected information that is in the FBI’s holdings.”
 
“I don’t think you’ve made the case,” Sen. Ossoff said, again noting the FBI uses Section 702 for many purely domestic crimes.
 
In his calm but persistent questioning, Sen. Ossoff revealed the deeper issue of how the FBI gets around the law by using a foreign surveillance authority to set up backdoor searches to target Americans in domestic cases.
 
Sen. Dick Durbin (R-Il), committee chairman, had set the tone by asking why improper searches of Americans’ communications were conducted some 278,000 times in a recent one-year period. Chairman Durbin noted that 19,000 searches of a federal candidate’s donors were queried when, in fact, only 8 targeted donors showed a connection to foreign intelligence.
 
Sen. Lindsey Graham asked how we can be sure FBI agents using Section 702 are “not being lazy, not getting around the law?” Olsen replied that one person in the Department of Justice was fired for misusing Section 702 and that the FBI now has a “three-strikes” policy regarding 702 violation. That seemed to win little gratitude from senators.
 
Overall, the tone of this hearing was frank, harsh, and unrelenting.
 
These five men may have started their day believing that their assurances, and 11th hour proposals to further reform the government’s internal processes, would ensure smooth sailing. Afterwards, these intelligence community representatives should return to the leaders of their respective agencies and tell them: “We’ve either got to accept serious reform of Section 702 or wave it goodbye.”

​A House subcommittee hearing today demonstrated widespread, bipartisan recognition of the need to reform Section 702 of the Foreign Intelligence Surveillance Act (FISA).
 
Both the Chairman and Ranking Member of the full House Judiciary Committee – Rep. Jim Jordan (R-OH) and Rep. Jerry Nadler (D-NY) – called for their committee colleagues to lead bipartisan reforms to prevent further, significant abuses of this authority. Jordan, looking over his shoulder to Rep. Nadler, highlighted “the fact that we can get bipartisan on protecting civil liberties.”
 
Subcommittee chairman Andy Biggs (R-AZ) had earlier opened the hearing by saying Section 702 reform requires a “rare bipartisan effort.” Rep. Jerry Nadler (D-NY) agreed bipartisan action is needed. He complained about the government “keeping us in the dark” on the numbers of warrantlessly collected data of Americans. The result of this secrecy, he said, is the backdoor surveillance of Americans that “is neither hypothetical nor rare.”
 
Sharon Bradford Franklin, chair of the independent watchdog of the independent agency that protects civil liberties in government counterterrorism programs, spelled out three specific reforms. Even the title of the hearing, “Fixing FISA: How a Law Designed to Protect Americans Has Been Weaponized Against Them,” was telling. It set the tenor of skeptical and substantive questions from representatives from both parties.
 
By the end, it was clear that the push for Section 702 reform is strong and accelerating.
 
Franklin, Chair of the Private and Civil Liberties Oversight Board (PCLOB), noted that Section 702 – because it aims to collect the data of foreigners presumed to be located abroad – does not need to observe the Fourth Amendment requirement for a probable cause warrant. Nevertheless, Americans’ communications get “incidentally” caught up in this surveillance.
 
“The term incidental makes it sound like a small amount, but we don’t actually know the scope of this collection,” Franklin said. “The government argues it is not feasible to calculate a meaningful number.”
 
“They won’t tell us,” Chairman Jordan said sharply. “No idea how many Americans are pulled into incidental collection – the FBI won’t tell us.” He later fired a warning shot, “How about we put the FBI out of this business altogether?”
 
There was widespread recognition among committee members that the FBI is withholding any suggestion of the magnitude of incidental collection. This was a perfect set-up for Franklin to make the first of her three recommendations.

• “I believe an estimate that involves some margin of error can still be meaningful and helpful to Congress as you assess what safeguards are needed under Section 702.”

 
Franklin then turned to how Section 702 – an authority designed by Congress to permit the surveillance of foreigners – has become a method by which the government can warrantlessly surveil Americans.
 
“No judge ever reviews analysts’ targeting procedures,” she said, because they target foreigners who do not enjoy U.S. constitutional protections. Thus, she said, there is no judicial review on the front-end of the process. Nor, because the authority is ostensibly about foreigners, is there a warrant “requirement at the backend to establish probable cause or obtain permission from a federal judge,” even when Americans become the target of 702 surveillance.
 
This is what, Franklin said, privacy advocates mean by Section 702 enabling “backdoor searches.” She noted the FBI has recently released a set of reforms and improvements to its FISA process. These include changing default settings in the FBI’s query system so agents must affirmatively opt in to have their queries run through 702 data and establishing special approvals for sensitive queries such as those involving elected officials, members of the media, academia, and religious leaders.
 
“These reforms are welcome,” Franklin said, “but I do not believe these changes are sufficient to address the privacy threats posed by these warrantless searches seeking information about specific Americans.”

• “I urge you to incorporate a requirement for FISA Court review of U.S. person query terms, to ensure protection of Americans’ Fourth Amendment rights.”

 
Third and finally, Franklin addressed the issue of “abouts” information – collecting references from third parties about an American. In 2018, Congress suspended the collection of “abouts” data, but the current law allows the government to restart the practice at will. This is dangerous, she said, because it allows the government to “acquire communications extensively between people about whom the government had no prior suspicion, or even knowledge of their existence, based entirely on what is contained within the contents of their communications.”

• Franklin told Congress it should eliminate any ability for the government to return to “abouts” data collection because it contains such “unique privacy risks.”

 
Franklin’s testimony was a good summation of the issues at stake in Section 702, as well as her recommendations.
 
Rep. Laurel Lee (R-FL) noted the call to require amici – legal experts in civil liberties – to advise the secret FISA court whenever it considers surveillance requests from the government that involve Americans’ fundamental freedoms in politics, religion, and journalism.
 
Department of Justice Inspector General Michael Horowitz seemed to agree. He responded that in the secret hearings, “agents never face a challenge or a cross examination” unlike an ordinary criminal trial. Facing cross-examination by a privacy advocate, Inspector Horowitz said, “focuses the mind.”
 
The lasting impact of the hearing will likely be Franklin’s three recommendations – to get the government to produce an estimate of incidental collection of Americans communications, to involve FISA court review of the query terms for Americans, and to remove the ability of the government to return to the collection of “abouts” information.

Watch the full hearing: 

​In today’s public hearing before the U.S Senate Select Committee on Intelligence, Sen. Mike Rounds (R-SD) asked FBI Director Christopher Wray about the need to reauthorize Section 702 authority of the Foreign Intelligence Surveillance Act.
 
This question was asked in the shadow of a Wall Street Journal story last year reporting that the FBI had conducted up to 3.4 million U.S. person queries in 2021, or warrantless searches of Americans’ personal data from the 702 database.
 
At the time, the FBI cautioned on background that the number was inflated by the inclusion of Americans’ data in an effort to protect these potential victims from cyberattacks from China, Russia, and other hostile countries. In today’s session, Director Wray said the FBI is “surgical and judicious” in its searches, making big strides in its database systems and training to minimize such intrusions.
 
Director Wray further asserted that in 2022, the Bureau had achieved a 93 percent reduction in such U.S. person queries. This apparently includes the elimination of those cases that fall in the cyber category. Shortly after, Charlie Savage of The New York Times reported that a senior FBI official clarified that the actual number was shy of 204,090.
 
In other words, the FBI director today admitted that the Bureau had compromised the Fourth Amendment rights of Americans about 204,000 times in just one year, or about 559 times per day. To put this in comparative terms, Sen. Rounds might want to consider that this number equals the total population of South Dakota’s largest city – Sioux Falls – plus the small city of Aberdeen.

​In February, we quoted CATO Institute senior fellow Julian Sanchez that the evidence presented by special counsel John Durham against lawyer Michael Sussman shows an interesting trail that leads from academic researchers, to private cybersecurity companies and security experts, to government snoopers.
 
Sanchez said: “A question worth asking is: Who has access to large pools of telecommunications metadata, such as DNS records, and under what circumstances can those be shared with the government?”
 
Sanchez’s prescient questions received partial answers today from Sen. Ron Wyden. The Oregon senator released a letter he sent to the Federal Trade Commission asking the agency to investigate Neustar, a company that links Domain Name System (DNS) services of websites to specific IP addresses and the people who use them.
 
Such companies, Sen. Wyden wrote, “receive extremely sensitive information from their users, which many Americans would want to remain private from third parties, including government agencies acting without a court order.” Some websites cited by the senator that consumers may visit but would not want known are the National Suicide Prevention Hotline, the National Domestic Violence Lifeline, and the Abortion Finder service.
 
Sen. Wyden wrote that Neustar, under former executive Rodney Joffe, sold data for millions of dollars to Georgia Tech, but not for purely academic research. Emails obtained by Sen. Wyden purportedly show that the FBI and DOJ “asked the researchers to run specific queries and that the researchers wrote affidavits and reports for the government describing their findings.”
 
Because Neustar obtained data from an acquired company – and that company explicitly promised to never sell users data to third-parties – Neustar violated that promise. Sen. Wyden says it is FTC policy that privacy promises to consumers must be honored when a company and its data change ownership.
 
“Senator Wyden provides sufficient reason for the FTC to open an investigation,” said Gene Schaerr, general counsel of Project for Privacy & Surveillance Accountability (PPSA). “But there is more reason for the judiciary committees of both houses of Congress to hold in-depth hearings. There are abundant signs that this story is just one example of a much bigger privacy crisis.”
 
Schaerr noted that intelligence and law enforcement agencies, from the Internal Revenue Service to the Drug Enforcement Administration, Customs and Border Protection, as well as the FBI, assert they can lawfully avoid the constitutional requirement for probable cause warrants by simply buying Americans’ personal information from commercial data brokers.
 
“Data from apps most Americans routinely use are open to warrantless examination by the government,” Schaerr said. “The Founders did not write the warrant requirement of the Fourth Amendment with a sub-clause, ‘unless you open your wallet.’ These practices are explicitly against the spirit and letter of the U.S. Constitution. Americans deserve to know how many agencies are buying data, how many companies are selling it, and what is being done with it.”

​In a hearing over the summer, the House Judiciary Committee took a hard look at the way in which private data brokers freely sell Americans most personal information to a host of government law enforcement and intelligence agencies.
 
Chairman Jerry Nadler said that digital tracking is “so precise that officers can track individuals within specific homes and businesses … tracking your location over time, within inches, without any due process whatsoever.
 
“The end result is that, just by going about your daily life, your data may be swept up in and make you the subject of a criminal investigation … If law enforcement and intelligence agencies remain unrestrained in their ability to purchase this data, our right to privacy will be at best illusory.”
 
Ranking Member Jim Jordan said that the government continues to transform guardrails meant to protect privacy into loopholes to allow the government to do whatever it wants. Jordan said, “this is wrong and it’s un-American.”
 
Representatives of both parties expressed dismay about how freely federal agencies utilize and abuse surveillance powers in defiance of the Fourth Amendment. Rep. Zoe Lofgren detailed the many ways the U.S. Immigration and Customs Enforcement agency tracks Americans’ daily movements and extracts personal information from utility records. Rep. Andy Biggs spoke of the uses to which the government can employ geolocation tracking against Americans.
 
In short, the House Judiciary Committee did an excellent job of teeing up the issue. Now it is time to swing the club for a legislative solution.
 
On Wednesday, PPSA joined with Americans for Prosperity, Demand Progress, the Due Process Institute and Free Press Action to call on the committee to take bipartisan action and mark up the Fourth Amendment Is Not for Sale Act.

The House Intelligence Committee recently held an open hearing on commercial cyber surveillance, also known as “mercenary spyware.”
 
The hearing focused on new threats posed specifically by privately made, foreign-developed spyware that are bringing capabilities long associated with top-tier nation states to smaller countries and the private sector. PPSA has previously reported on one such foreign spyware, in particular the spreading “zero-click” Israeli-developed Pegasus.
 
Pegasus can transmit itself seamlessly into a smartphone without a single click or action from the victim. From there, it can watch you through your camera, listen to you through your microphone, copy your messages, record your calls, extract all your images, and follow your movements. In just a few years, Pegasus has been acquired by dozens of countries and entities, from Saudi Arabia to Mexican cartels, and has already been used to deadly effect against dissidents and journalists. It represents the most sophisticated and widely available form of spyware yet developed.
 
Among the hearing’s testimonials was John Scott-Railton, a senior researcher at The Citizen Lab of the University of Toronto's Munk School of Global Affairs & Public Policy. His testimony provided a stark picture to Congress:

• Mercenary spyware is a growing sector doing a robust global business.
  
  
• As a result, the number of states capable of sophisticated cyber warfare has expanded into the dozens.
  ​
• The United States is not immune from this threat. Dozens of U.S. officials have been compromised. Mercenary spyware has also been found in critical offices of major allies, including the office of the UK Prime Minister.

 
Railton testified (see the 18:50 mark), “Your phone can be on your bedside table at two in the morning. One minute, your phone is clean. The next minute, the data is silently streaming to an adversary a continent away. You see nothing.” He added it was “capabilities available only to a handful of nation-states … It is too late,” he said, “to put the tech back into the bottle, and so we must take strong action now…”
 
Another witness was Carine Kanimba, an American citizen born in Rwanda. Her testimony (29:05) details the story of her stepfather, Paul Rusesabagina, portrayed by Don Cheadle in Hotel Rwanda. Rusesabagina was the manager of the Hôtel des Mille Collines in Kigali during the Rwandan genocide. He used the hotel to save more than a thousand refugees. Later, he and his family fled to the United States. Rusesabagina became a public speaker and was critical of the human rights violations of the Rwandan government and of the Rwandan President Paul Kagame. In August 2020, Kanimba’s stepfather was surveilled in the United States by the Rwandan government and lured from the family home in Texas. Rusesabagina was kidnapped in Dubai, transferred to Kigali, tortured, tried, and sentenced to 25 years in prison. Kanimba became a vocal and effective activist about the abduction of her stepfather.
 
In February 2021, Carine Kanimba was notified (33:11) by forensics experts that her smartphone had been infected by Pegasus.
 
“I was mortified, and I am terrified,” she said. The forensics report showed “the spyware was triggered as I walked in with my mom into a meeting with the Belgian Minister of Foreign Affairs. It was active during the calls with the U.S. Presidential Envoy for Hostage Affairs team and the U.S. State department, as well as U.S. human rights groups.”
 
Not only was Kanimba’s phone infected, but so was the phone of her cousin with whom she lives.
 
“I am frightened by what the Rwandan government will do to me and my family next,” she said. “It keeps me awake that they knew everything I was doing. Where I was, who I was speaking with, my private thoughts and actions, at any moment they wanted. Unless there are consequences for countries and their enablers which abuse this technology, none of us are safe.”
 
The threat by mercenary spyware companies and malware is too serious to ignore.
 
“It has taken us too long to have this conversation,” concluded Railton. His testimony included several suggestions for Congress (22:15):

• Add all unaccountable players within the spyware industry to a U.S. Department of Commerce blacklist.

 

• Expand the ability to hold problem companies accountable and direct the intelligence community to counter and disrupt them if necessary.

 

• Finally, the US should apply diplomatic pressure to countries that foster these companies and enable spyware operations.

Video starts at Sen. Mike Lee's questioning of FBI Director Wray (1:02:00 mark).

​At a Senate Judiciary Committee hearing yesterday, Sen. Mike Lee (R-UT) neatly summarized the FBI’s spotty observance of Section 702 of the Foreign Intelligence Surveillance Act (FISA), up for reauthorization next year, in his questioning of FBI Director Christopher Wray. Sen. Lee’s questions follow up on the revelation that the FBI used U.S. person information in FISA queries some 3.4 million times in a recent one-year period.
 
Sen. Lee said:
 
“As you know, Director Wray, Section 702 authorizes the collection of electronic communications. Not just the metadata but the content of the communications themselves, including communications of non-U.S. persons outside the United States. But, as you know, this inevitably leads to the incidental collection of communications that involve or include U.S. persons, including U.S. citizens.”
 
The Utah senator reminded Director Wray that the 2018 reauthorization of Section 702 required the FBI to obtain an order from the Foreign Intelligence Surveillance Court to authorize querying the database for communications involving U.S. persons and citizens in criminal investigations not involving national security. Why then, Sen. Lee asked, did a recently released transparency report estimate that the FBI did not obtain a single order under section 702 from the Foreign Intelligence Surveillance Court in 2021?
 
The FBI itself, after all, identified at least four instances in which the electronic communications of U.S. persons “were unlawfully searched without the required order from the Court?” Sen. Lee asked: “Can you tell me how you found those four instances and how you can be certain that there are not more than four instances in which someone did a backdoor search of U.S. persons’ communications?”
 
The FBI Director said he could not recall the “various oversight mechanisms we have.” He noted that the FBI set up a new office of internal audit focused on FISA compliance.
 
Sen. Mike Lee replied that he understood these authorities are needed to protect the American people.
 
“But when it comes to American citizens, they have a reasonable expectation of privacy. When you have that much ability to collect that much information, record that many conversations of unsuspecting, law-abiding American citizens, there really do have to be procedures in place to make sure that there is probable cause and a probable cause-based warrant in order to search those, because that really is just a backdoor search and a potential end run around the Fourth Amendment.”
 
Senator Lee expressed skepticism that the four known surveillances of Americans did not require a FISC order. And said he would hold Director Wray to his promise to provide more information.

If you are ever a witness before a Congressional committee, the trick to surviving a contentious hearing is to run out the clock with smooth talking. Each committee member only has five minutes to ask questions. An expert witness will often respond to a precise and penetrating question by taking up minutes with a Wikipedia-level recitation of a law or process, wrapped within pleasing-sounding banalities and blandishments.
 
Even within time constrictions in facing a polished witness, Rep. Zoe Lofgren (D-CA), long-time watcher of the watchers, managed to challenge the Department of Justice on Section 702 of the Foreign Intelligence Surveillance Act (FISA) in the recent House Judiciary Committee hearing. Rep. Lofgren refused to be brushed off (29 minutes mark) by the Department of Justice’s top national security official, Assistant Attorney General Matthew G. Olsen, concerning the FBI’s use of Section 702 information – collected to catch foreign terrorists and spies – against Americans.
 
Rep. Lofgren began by noting that FISA Court Judge James E. Boasberg had found that the FBI improperly searched Americans’ personal information collected without a warrant. Some of these were run-of-the-mill criminal investigations involving healthcare fraud, bribery, and other purported crimes unrelated to national security.
 
Rep. Lofgren added that in Dec. 2020 to Nov. 2021, the FBI searched the personal identifiers of known Americans in 702 data some 3.4 million times. This was triple the number from the previous year. As PPSA has reported, that amounts to more than 9,300 searches by the personal identifiers of Americans every day.
 
Rep. Lofgren noted that when Olsen went before the Senate Intelligence Committee for his confirmation, he pledged that “restoring and maintaining trust in the FISA process was a critical priority.” She asked him what he has done since to prevent warrantless, improper, backdoor searches of Americans’ data conducted under Section 702?
 
After taking time to give a topline description of the law, Olsen admitted that the “issues you cite are ones of concern” and promised to improve FBI compliance with training and by upgrading FBI computer systems. “We are looking forward to improving the compliance record of the Department of Justice and the FBI in regard to Section 702,” Olsen said, “and I can assure you it is a priority.”
 
Rep. Lofgren had a sharp reply.
 
“We have had reassurances over the years and yet the performance continues to be poor, and it has been poor under both Republican and Democratic Administrations,” she said. “We have considered imposing a warrant requirement for queries of known Americans … probably a necessity unless we can get some further, definitive control of the warrantless search of Americans in the 702 database.”
 
Rep. Lofgren added that using Section 702 to conduct warrantless searches on Americans is “improper and yet it continues.” Olsen replied that Section 702 permits the creation of a database of non-U.S. persons overseas, and that when the FBI searches, it does so to simply find “connections,” not to target Americans.
 
Rep. Lofgren’s retort was sharp: “That is contrary to the report that we got from ODNI and from the FISA Court.”
 
As Section 702 faces reauthorization next year, civil libertarians should continue to press Rep. Lofgren’s questions and urge Congress to consider an explicit warrant requirement when queries target Americans.

Bob Goodlatte, PPSA Senior Policy Advisor, returns to the House Judiciary Committee, which he once chaired, to explain how the government sidesteps the constitutional requirement for a probable cause warrant by simply buying our personal digital information from private data brokers. He also discusses the need to pass The Fourth Amendment Is Not for Sale Act. You can read his testimony or listen to him testify, beginning at the 14:26 mark.

Watch here: