This post was written by EFF legal intern Danya Hajjaji.

Law enforcement should be required to obtain a warrant to search data contained in abandoned cell phones, EFF and others explained in a friend-of-the-court brief to the Ninth Circuit Court of Appeals.

The case, United States v. Hunt, involves law enforcement’s seizure and search of an iPhone the defendant left behind after being shot and taken to the hospital. The district court held that the iPhone’s physical abandonment meant that the defendant also abandoned the data stored on the phone. In support of the defendant’s appeal, we urged the Ninth Circuit to reverse the district court’s ruling and hold that the Fourth Amendment’s abandonment exception does not apply to cell phones: as it must in other circumstances, law enforcement should generally have to obtain a warrant before it searches someone’s cell phone.

Cell phones differ significantly from other physical property. They are pocket-sized troves of highly sensitive information with immense storage capacity. Today’s phone carries and collects vast and varied data that encapsulates a user’s daily life and innermost thoughts.

Courts—including the US Supreme Court—have recognized that cell phones contain the “sum of an individual’s private life.” And, because of this recognition, law enforcement must generally obtain a warrant before it can search someone’s phone.

While people routinely carry cell phones, they also often lose them. That should not mean losing the data contained on the phones.

While the Fourth Amendment’s ”abandonment doctrine” permits law enforcement to conduct a warrantless seizure or search of an abandoned item, EFF’s brief explains that this precedent does not mechanically apply to cell phones. As the Supreme Court has recognized multiple times, the rote application of case law from prior eras with less invasive and revealing technologies threatens our Fourth Amendment protections.

Our brief goes on to explain that a cell phone owner rarely (if ever) intentionally relinquishes their expectation of privacy and possessory interests in data on their cell phones, as they must for the abandonment doctrine to apply. The realities of the modern cell phone seldom infer a purpose to discard the wealth of data they contain. Cell phone data is not usually confined to the phone itself, and is instead stored in the “cloud” and accessible across multiple devices (such as laptops, tablets, and smartwatches).

We hope the Ninth Circuit recognizes that expanding the abandonment doctrine in the manner envisioned by the district court in Hunt would make today’s cell phone an accessory to the erosion of Fourth Amendment rights.

The Canadian House of Commons is currently considering Bill C-26, which would make sweeping amendments to the country’s Telecommunications Act that would expand its Minister of Industry’s power over telecommunication service providers. It’s designed to accomplish a laudable and challenging goal: ensure that government and industry partners efficiently and effectively work together to strengthen Canada’s network security in the face of repeated hacking attacks.

C-26 is not identical to US national security laws. But without adequate safeguards, it could open the door to similar practices and orders.

As researchers and civil society organizations have noted, however, the legislation contains vague and overbroad language that may invite abuse and pressure on ISPs to do the government’s bidding at the expense of Canadian privacy rights. It would vest substantial authority in Canadian executive branch officials to (in the words of C-26’s summary) “direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system.” That could include ordering telecommunications companies to install backdoors inside encrypted elements in Canada’s networks. Safeguards to protect privacy and civil rights are few; C-26’s only express limit is that Canadian officials cannot order service providers to intercept private or radio-based telephone communications.

Unfortunately, we in the United States know all too well what can happen when government officials assert broad discretionary power over telecommunications networks. For over 20 years, the U.S. government has deputized internet service providers and systems to surveil Americans and their correspondents, without meaningful judicial oversight. These legal authorities and details of the surveillance have varied, but, in essence, national security law has allowed the U.S. government to vacuum up digital communications so long as the surveillance is directed at foreigners currently located outside the United States and doesn’t intentionally target Americans. Once collected, the FBI can search through this massive database of information by “querying” the communications of specific individuals. In 2021 alone, the FBI conducted up to 3.4 million warrantless searches to find Americans’ communications.

Congress has attempted to add in additional safeguards over the years, to little avail. In 2023, for example, the Federal Bureau of Investigation (FBI) released internal documents used to guide agency personnel on how to search the massive databases of information they collect. Despite reassurances from the intelligence community about its “culture of compliance,” these documents reflect little interest in protecting privacy or civil liberties. At the same time, the NSA and domestic law enforcement authorities have been seeking to undermine the encryption tools and processes on which we all rely to protect our privacy and security.

C-26 is not identical to U.S. national security laws. But without adequate safeguards, it could open the door to similar practices and orders. What is worse, some of those orders could be secret, at the government’s discretion. In the U.S., that kind of secrecy has made it impossible for Americans to challenge mass surveillance in court. We’ve also seen companies presented with gag orders in connection with “national security letters” compelling them to hand over information. C-26 does allow for judicial review of non-secret orders, e.g. an order requiring an ISP to cut off an account-holder or website, if the subject of those orders believes they are unreasonable or ungrounded. But that review may include secret evidence that is kept from applicants and their counsel.

Canadian courts will decide whether a law authorizing secret orders and evidence is consistent with Canada’s legal tradition. But either way, the U.S. experience offers a cautionary tale of what can happen when a government grants itself broad powers to monitor and direct telecommunications networks, absent corresponding protections for human rights. In effect, the U.S. government has created, in the name of national security, a broad exception to the Constitution that allows the government to spy on all Americans and denies them any viable means of challenging that spying. We hope Canadians will refuse to allow their government to do the same in the name of “cybersecurity.”

The government violates the privacy rights of individuals on pretrial release when it continuously tracks, retains, and shares their location, EFF explained in a friend-of-the-court brief filed in the Ninth Circuit Court of Appeals.

In the case, Simon v. San Francisco, individuals on pretrial release are challenging the City and County of San Francisco’s electronic ankle monitoring program. The lower court ruled the program likely violates the California and federal constitutions. We—along with Professor Kate Weisburd and the Cato Institute—urge the Ninth Circuit to do the same.

Under the program, the San Francisco County Sheriff collects and indefinitely retains geolocation data from people on pretrial release and turns it over to other law enforcement entities without suspicion or a warrant. The Sheriff shares both comprehensive geolocation data collected from individuals and the results of invasive reverse location searches of all program participants’ location data to determine whether an individual on pretrial release was near a specified location at a specified time.

Electronic monitoring transforms individuals’ homes, workplaces, and neighborhoods into digital prisons, in which devices physically attached to people follow their every movement. All location data can reveal sensitive, private information about individuals, such as whether they were at an office, union hall, or house of worship. This is especially true for the GPS data at issue in Simon, given its high degree of accuracy and precision. Both federal and state courts recognize that location data is sensitive, revealing information in which one has a reasonable expectation of privacy. And, as EFF’s brief explains, the Simon plaintiffs do not relinquish this reasonable expectation of privacy in their location information merely because they are on pretrial release—to the contrary, their privacy interests remain substantial.

Moreover, as EFF explains in its brief, this electronic monitoring is not only invasive, but ineffective and (contrary to its portrayal as a detention alternative) an expansion of government surveillance. Studies have not found significant relationships between electronic monitoring of individuals on pretrial release and their court appearance rates or  likelihood of arrest. Nor do studies show that law enforcement is employing electronic monitoring with individuals they would otherwise put in jail. To the contrary, studies indicate that law enforcement is using electronic monitoring to surveil and constrain the liberty of those who wouldn’t otherwise be detained.

We hope the Ninth Circuit affirms the trial court and recognizes the rights of individuals on pretrial release against invasive electronic monitoring.

Montana’s TikTok ban violates the First Amendment, EFF and others told the Ninth Circuit Court of Appeals in a friend-of-the-court brief and urged the court to affirm a trial court’s holding from December 2023 to that effect.

Montana’s ban (which EFF and others opposed) prohibits TikTok from operating anywhere within the state and imposes financial penalties on TikTok or any mobile application store that allows users to access TikTok. The district court recognized that Montana’s law “bans TikTok outright and, in doing so, it limits constitutionally protected First Amendment speech,” and blocked Montana’s ban from going into effect. Last year, EFF—along with the ACLU, Freedom of the Press Foundation, Reason Foundation, and the Center for Democracy and Technology—filed a friend-of-the-court brief in support of TikTok and Montana TikTok users’ challenge to this law at the trial court level.

As the brief explains, Montana’s TikTok ban is a prior restraint on speech that prohibits Montana TikTok users—and TikTok itself—from posting on the platform. The law also prohibits TikTok’s ability to make decisions about curating its platform.

Prior restraints such as Montana’s ban are presumptively unconstitutional. For a court to uphold a prior restraint, the First Amendment requires it to satisfy the most exacting scrutiny. The prior restraint must be necessary to further an urgent interest of the highest magnitude, and the narrowest possible way for the government to accomplish its precise interest. Montana’s TikTok ban fails to meet this demanding standard.

Even if the ban is not a prior restraint, the brief illustrates that it would still violate the First Amendment. Montana’s law is a “total ban” on speech: it completely forecloses TikTok users’ speech with respect to the entire medium of expression that is TikTok. As a result, Montana’s ban is subject to an exacting tailoring requirement: it must target and eliminate “no more than the exact source of the ‘evil’ it seeks to remedy.” Montana’s law is undeniably overbroad and fails to satisfy this scrutiny.

This appeal is happening in the immediate aftermath of President Biden signing into law federal legislation that effectively bans TikTok in its current form, by requiring TikTok to divest of any Chinese ownership within 270 days. This federal law raises many of the same First Amendment concerns as Montana’s.

It’s important that the Ninth Circuit take this opportunity to make clear that the First Amendment requires the government to satisfy a very demanding standard before it can impose these types of extreme restrictions on Americans’ speech.

A bombshell report from WIRED reveals that two days after the U.S. Congress renewed and expanded the mass-surveillance authority Section 702 of the Foreign Intelligence Surveillance Act, the deputy director of the Federal Bureau of Investigation (FBI), Paul Abbate, sent an email imploring agents to “use” Section 702 to search the communications of Americans collected under this authority “to demonstrate why tools like this are essential” to the FBI’s mission.

In other words, an agency that has repeatedly abused this exact authority—with 3.4 million warrantless searches of Americans’ communications in 2021 alone, thinks that the answer to its misuse of mass surveillance of Americans is to do more of it, not less. And it signals that the FBI believes it should do more surveillance–not because of any pressing national security threat—but because the FBI has an image problem.

The American people should feel a fiery volcano of white hot rage over this revelation. During the recent fight over Section 702’s reauthorization, we all had to listen to the FBI and the rest of the Intelligence Community downplay their huge number of Section 702 abuses (but, never fear, they were fixed by drop-down menus!). The government also trotted out every monster of the week in incorrect arguments seeking to undermine the bipartisan push for crucial reforms. Ultimately, after fighting to a draw in the House, Congress bent to the government’s will: it not only failed to reform Section 702, but gave the government authority to use Section 702 in more cases.

Now, immediately after extracting this expanded power and fighting off sensible reforms, the FBI’s leadership is urging the agency to “continue to look for ways” to make more use of this controversial authority to surveil Americans, albeit with the fig leaf that it must be “legal.” And not because of an identifiable, pressing threat to national security, but to “demonstrate” the importance of domestic law enforcement accessing the pool of data collected via mass surveillance. This is an insult to everyone who cares about accountability, civil liberties, and our ability to have a private conversation online. It also raises the question of whether the FBI is interested in keeping us safe or in merely justifying its own increased powers. 

Section 702 allows the government to conduct surveillance inside the United States by vacuuming up digital communications so long as the surveillance is directed at foreigners currently located outside the United States. Section 702 prohibits the government from intentionally targeting Americans. But, because we live in a globalized world where Americans constantly communicate with people (and services) outside the United States, the government routinely acquires millions of innocent Americans' communications “incidentally” under Section 702 surveillance. Not only does the government acquire these communications without a probable cause warrant, so long as the government can make out some connection to FISA’s very broad definition of “foreign intelligence,” the government can then conduct warrantless “backdoor searches” of individual Americans’ incidentally collected communications. 702 creates an end run around the Constitution for the FBI and, with the Abbate memo, they are being urged to use it as much as they can.

The recent reauthorization of Section 702 also expanded this mass surveillance authority still further, expanding in turn the FBI’s ability to exploit it. To start, it substantially increased the scope of entities who the government could require to turn over Americans’ data in mass under Section 702. This provision is written so broadly that it potentially reaches any person or company with “access” to “equipment” on which electronic communications travel or are stored, regardless of whether they are a direct provider, which could include landlords, maintenance people, and many others who routinely have access to your communications.

The reauthorization of Section 702 also expanded FISA’s already very broad definition of “foreign intelligence” to include counternarcotics: an unacceptable expansion of a national security authority to ordinary crime. Further, it allows the government to use Section 702 powers to vet hopeful immigrants and asylum seekers—a particularly dangerous authority which opens up this or future administrations to deny entry to individuals based on their private communications about politics, religion, sexuality, or gender identity.

Americans who care about privacy in the United States are essentially fighting a political battle in which the other side gets to make up the rules, the terrain…and even rewrite the laws of gravity if they want to. Politicians can tell us they want to keep people in the U.S. safe without doing anything to prevent that power from being abused, even if they know it will be. It’s about optics, politics, and security theater; not realistic and balanced claims of safety and privacy. The Abbate memo signals that the FBI is going to work hard to create better optics for itself so that it can continue spying in the future.   

Over the last month, lawmakers moved swiftly to pass legislation that would effectively ban TikTok in the United States, eventually including it in a foreign aid package that was signed by President Biden. The impact of this legislation isn’t entirely clear yet, but what is clear: whether TikTok is banned or sold to new owners, millions of people in the U.S. will no longer be able to get information and communicate with each other as they presently do. 

What Happens Next?

At the moment, TikTok isn’t “banned.” The law gives ByteDance 270 days to divest TikTok before the ban would take effect, which would be on January 19th, 2025. In the meantime, we expect courts to determine that the bill is unconstitutional. Though there is no lawsuit yet, one on behalf of TikTok itself is imminent.

There are three possible outcomes. If the law is struck down, as it should be, nothing will change. If ByteDance divests TikTok by selling it, then the platform would still likely be usable. However, there’s no telling whether the app’s new owners would change its functionality, its algorithms, or other aspects of the company. As we’ve seen with other platforms, a change in ownership can result in significant changes that could impact its audience in unexpected ways. In fact, that’s one of the given reasons to force the sale: so TikTok will serve different content to users, specifically when it comes to Chinese propaganda and misinformation. This is despite the fact that it has been well-established law for almost 60 years that U.S. people have a First Amendment right to receive foreign propaganda. 

Lastly, if ByteDance refuses to sell, users in the U.S. will likely see it disappear from app stores sometime between now and that January 19, 2025 deadline. 

How Will the Ban Be Implemented? 

The law limits liability to intermediaries—entities that “provide services to distribute, maintain, or update” TikTok by means of a marketplace, or that provide internet hosting services to enable the app’s distribution, maintenance, or updating. The law also makes intermediaries responsible for its implementation. 

The law explicitly denies to the Attorney General the authority to enforce it against an individual user of a foreign adversary controlled application, so users themselves cannot be held liable for continuing to use the application, if they can access it. 

Will I Be Able to Download or Use TikTok If ByteDance Doesn’t Sell? 

It’s possible some U.S. users will find routes around the ban. But the vast majority will probably not, significantly shifting the platform's user base and content. If ByteDance itself assists in the distribution of the app, it could also be found liable, so even if U.S. users continue to use the platform, the company’s ability to moderate and operate the app in the U.S. would likely be impacted. Bottom line: for a period of time after January 19, it’s possible that the app would be usable, but it’s unlikely to be the same platform—or even a very functional one in the U.S.—for very long.

Until now, the United States has championed the free flow of information around the world as a fundamental democratic principle and called out other nations when they have shut down internet access or banned social media apps and other online communications tools. In doing so, the U.S. has deemed restrictions on the free flow of information to be undemocratic.  Enacting this legislation has undermined this long standing, democratic principle. It has also undermined the U.S. government’s moral authority to call out other nations for when they shut down internet access or ban social media apps and other online communications tools. 

There are a few reasons legislators have given to ban TikTok. One is to change the type of content on the app—a clear First Amendment violation. The second is to protect data privacy. Our lawmakers should work to protect data privacy, but this was the wrong approach. They should prevent any company—regardless of where it is based—from collecting massive amounts of our detailed personal data, which is then made available to data brokers, U.S. government agencies, and even foreign adversaries. They should solve the real problem of out-of-control privacy invasions by enacting comprehensive consumer data privacy legislation. Instead, as happens far too often, our government’s actions are vastly overreaching while also deeply underserving the public. 

One week after it was passed by the U.S. House of Representatives, the Senate has passed what Senator Ron Wyden has called, “one of the most dramatic and terrifying expansions of government surveillance authority in history.” President Biden then rushed to sign it into law.  

The perhaps ironically named “Reforming Intelligence and Securing America Act (RISAA)” does everything BUT reform Section 702 of the Foreign Intelligence Surveillance Act (FISA). RISAA not only reauthorizes this mass surveillance program, it greatly expands the government’s authority by allowing it to compel a much larger group of people and providers into assisting with this surveillance. The bill’s only significant “compromise” is a limited, two-year extension of this mass surveillance. But overall, RISAA is a travesty for Americans who deserve basic constitutional rights and privacy whether they are communicating with people and services inside or outside of the US.

Section 702 allows the government to conduct surveillance of foreigners abroad from inside the United States. It operates, in part, through the cooperation of large telecommunications service providers: massive amounts of traffic on the Internet backbone are accessed and those communications on the government’s secret list are copied. And that’s just one part of the massive, expensive program. 

While Section 702 prohibits the NSA and FBI from intentionally targeting Americans with this mass surveillance, these agencies routinely acquire a huge amount of innocent Americans' communications “incidentally.” The government can then conduct backdoor, warrantless searches of these “incidentally collected” communications.

The government cannot even follow the very lenient rules about what it does with the massive amount of information it gathers under Section 702, repeatedly abusing this authority by searching its databases for Americans’ communications. In 2021 alone, the FBI reported conducting up to 3.4 million warrantless searches of Section 702 data using Americans’ identifiers. Given this history of abuse, it is difficult to understand how Congress could decide to expand the government’s power under Section 702 rather than rein it in.

One of RISAA’s most egregious expansions is its large but ill-defined increase of the range of entities that have to turn over information to the NSA and FBI. This provision allegedly “responds” to a 2023 decision by the FISC Court of Review, which rejected the government’s argument that an unknown company was subject to Section 702 for some circumstances. While the New York Times reports that the unknown company from this FISC opinion was a data center, this new provision is written so expansively that it potentially reaches any person or company with “access” to “equipment” on which electronic communications travel or are stored, regardless of whether they are a direct provider. This could potentially include landlords, maintenance people, and many others who routinely have access to your communications on the interconnected internet.

This is to say nothing of RISAA’s other substantial expansions. RISAA changes FISA’s definition of “foreign intelligence” to include “counternarcotics”: this will allow the government to use FISA to collect information relating to not only the “international production, distribution, or financing of illicit synthetic drugs, opioids, cocaine, or other drugs driving overdose deaths,” but also to any of their precursors. While surveillance under FISA has (contrary to what most Americans believe) never been limited exclusively to terrorism and counterespionage, RISAA’s expansion of FISA to ordinary crime is unacceptable.

RISAA also allows the government to use Section 702 to vet immigrants and those seeking asylum. According to a FISC opinion released in 2023, the FISC repeatedly denied government attempts to obtain some version of this authority, before finally approving it for the first time in 2023. By formally lowering Section 702’s protections for immigrants and asylum seekers, RISAA exacerbates the risk that government officials could discriminate against members of these populations on the basis of their sexuality, gender identity, religion, or political beliefs.

Faced with massive pushback from EFF and other civil liberties advocates, some members of Congress, like Senator Ron Wyden, raised the alarm. We were able to squeeze out a couple of small concessions. One was a shorter reauthorization period for Section 702, meaning that the law will be up for review in just two more years. Also, in a letter to Congress, the Department of Justice claimed it would only interpret the new provision to apply to the type of unidentified businesses at issue in the 2023 FISC opinion. But a pinky promise from the current Department of Justice is not enforceable and easily disregarded by a future administration. There is some possible hope here, because Senator Mark Warner promised to return to the provision in a later defense authorization bill, but this whole debacle just demonstrates how Congress gives the NSA and FBI nearly free rein when it comes to protecting Americans – any limitation that actually protects us (and here the FISA Court actually did some protecting) is just swept away.

RISAA’s passage is a shocking reversal—EFF and our allies had worked hard to put together a coalition aimed at enacting a warrant requirement for Americans and some other critical reforms, but the NSA, FBI and their apologists just rolled Congress with scary-sounding (and incorrect) stories that a lapse in the spying was imminent. It was a clear dereliction of Congress’s duty to oversee the intelligence community in order to protect all of the rest of us from its long history of abuse.

After over 20 years of doing it, we know that rolling back any surveillance authority, especially one as deeply entrenched as Section 702, is an uphill fight. But we aren’t going anywhere. We had more Congressional support this time than we’ve had in the past, and we’ll be working to build that over the next two years.

Too many members of Congress (and the Administrations of both parties) don’t see any downside to violating your privacy and your constitutional rights in the name of national security. That needs to change.

Yesterday, the House of Representatives voted against considering a largely bad bill that would have unacceptably expanded the tentacles of Section 702 of the Foreign Intelligence Surveillance Act, along with reauthorizing it and introducing some minor fixes. Section 702 is Big Brother’s favorite mass surveillance law that EFF has been fighting since it was first passed in 2008. The law is currently set to expire on April 19. 

Yesterday’s decision not to decide is good news, at least temporarily. Once again, a bipartisan coalition of law makers—led by Rep. Jim Jordan and Rep. Jerrold Nadler—has staved off the worst outcome of expanding 702 mass surveillance in the guise of “reforming” it. But the fight continues and we need all Americans to make their voices heard. 

Use this handy tool to tell your elected officials: No reauthorization of 702 without drastic reform:

Take action

TELL congress: 702 Needs serious reforms

Yesterday’s vote means the House also will not consider amendments to Section 702 surveillance introduced by members of the House Judiciary Committee (HJC) and House Permanent Select Committee on Intelligence (HPSCI). As we discuss below, while the HJC amendments would contain necessary, minimum protections against Section 702’s warrantless surveillance, the HPSCI amendments would impose no meaningful safeguards upon Section 702 and would instead increase the threats Section 702 poses to Americans’ civil liberties.

Section 702 expressly authorizes the government to collect foreign communications inside the U.S. for a wide range of purposes, under the umbrellas of national security and intelligence gathering. While that may sound benign for Americans, foreign communications include a massive amount of Americans’ communications with people (or services) outside the United States. Under the government’s view, intelligence agencies and even domestic law enforcement should have backdoor, warrantless access to these “incidentally collected” communications, instead of having to show a judge there is a reason to query Section 702 databases for a specific American's communications.

Many amendments to Section 702 have recently been introduced. In general, amendments from members of the HJC aim at actual reform (although we would go further in many instances). In contrast, members of HPSCI have proposed bad amendments that would expand Section 702 and undermine necessary oversight. Here is our analysis of both HJC’s decent reform amendments and HPSCI’s bad amendments, as well as the problems the latter might create if they return.

House Judiciary Committee’s Amendments Would Impose Needed Reforms

The most important amendment HJC members have introduced would require the government to obtain court approval before querying Section 702 databases for Americans’ communications, with exceptions for exigency, consent, and certain queries involving malware. As we recently wrote regarding a different Section 702 bill, because Section 702’s warrantless surveillance lacks the safeguards of probable cause and particularity, it is essential to require the government to convince a judge that there is a justification before the “separate Fourth Amendment event” of querying for Americans’ communications. This is a necessary, minimum protection and any attempts to renew Section 702 going forward should contain this provision.

Another important amendment would prohibit the NSA from resuming “abouts” collection. Through abouts collection, the NSA collected communications that were neither to nor from a specific surveillance target but merely mentioned the target. While the NSA voluntarily ceased abouts collection following Foreign Intelligence Surveillance Court (FISC) rulings that called into question the surveillance’s lawfulness, the NSA left the door open to resume abouts collection if it felt it could “work that technical solution in a way that generates greater reliability.” Under current law, the NSA need only notify Congress when it resumes collection. This amendment would instead require the NSA to obtain Congress’s express approval before it can resume abouts collection, which―given this surveillance's past abuses—would be notable.

The other HJC amendment Congress should accept would require the FBI to give a quarterly report to Congress of the number of queries it has conducted of Americans’ communications in its Section 702 databases and would also allow high-ranking members of Congress to attend proceedings of the notoriously secretive FISC. More congressional oversight of FBI queries of Americans’ communications and FISC proceedings would be good. That said, even if Congress passes this amendment (which it should), both Congress and the American public deserve much greater transparency about Section 702 surveillance.  

House Permanent Select Committee on Intelligence’s Amendments Would Expand Section 702

Instead of much-needed reforms, the HPSCI amendments expand Section 702 surveillance.

One HPSCI amendment would add “counternarcotics” to FISA’s definition of “foreign intelligence information,” expanding the scope of mass surveillance even further from the antiterrorism goals that most Americans associate with FISA. In truth, FISA’s definition of “foreign intelligence information” already goes beyond terrorism. But this counternarcotics amendment would further expand “foreign intelligence information” to allow FISA to be used to collect information relating to not only the “international production, distribution, or financing of illicit synthetic drugs, opioids, cocaine, or other drugs driving overdose deaths” but also to any of their precursors. Given the massive amount of Americans’ communications the government already collects under Section 702 and the government’s history of abusing Americans’ civil liberties through searching these communications, the expanded collection this amendment would permit is unacceptable.

Another amendment would authorize using Section 702 to vet immigrants and those seeking asylum. According to a FISC opinion released last year, the government has sought some version of this authority for years, and the FISC repeatedly denied it—finally approving it for the first time in 2023. The FISC opinion is very redacted, which makes it impossible to know either the current scope of immigration and visa-related surveillance under Section 702 or what the intelligence agencies have sought in the past. But regardless, it’s deeply concerning that HPSCI is trying to formally lower Section 702 protections for immigrants and asylum seekers. We’ve already seen the government revoke people’s visas based upon their political opinions—this amendment would put this kind of thing on steroids.

The last HPSCI amendment tries to make more companies subject to Section 702’s required turnover of customer information in more instances. In 2023, the FISC Court of Review rejected the government’s argument that an unknown company was subject to Section 702 for some circumstances. While we don’t know the details of the secret proceedings because the FISC Court of Review opinion is heavily redacted, this is an ominous attempt to increase the scope of providers subject to 702. With this amendment, HPSCI is attempting to legislatively overrule a court already famously friendly to the government. HPSCI Chair Mike Turner acknowledged as much in a House Rules Committee hearing earlier this week, stating that this amendment “responds” to the FISC Court of Review’s decision.

What’s Next 

This hearing was unlikely to be the last time Congress considers Section 702 before April 19—we expect another attempt to renew this surveillance authority in the coming days. We’ve been very clear: Section 702 must not be renewed without essential reforms that protect privacy, improve transparency, and keep the program within the confines of the law. 

Take action

TELL congress: 702 Needs serious reforms

With Section 702 of the Foreign Intelligence Surveillance Act set to expire later this month, the White House recently released a memo objecting to the SAFE Act—legislation introduced by Senators Dick Durbin and Mike Lee that would reauthorize Section 702 with some reforms. The White House is wrong. SAFE is a bipartisan bill that may be our most realistic chance of reforming a dangerous NSA mass surveillance program that even the federal government’s privacy watchdog and the White House itself have acknowledged needs reform.

As we’ve written, the SAFE Act does not go nearly far enough in protecting us from the warrantless surveillance the government now conducts under Section 702. But, with surveillance hawks in the government pushing for a reauthorization of their favorite national security law without any meaningful reforms, the SAFE Act might be privacy and civil liberties advocates’ best hope for imposing some checks upon Section 702.

Section 702 is a serious threat to the privacy of those in the United States. It authorizes the collection of overseas communications for national security purposes, and, in a globalized world, this allows the government to collect a massive amount of Americans’ communications. As Section 702 is currently written, intelligence agencies and domestic law enforcement have backdoor, warrantless access to millions of communications from people with clear constitutional rights.

The White House objects to the SAFE Act’s two major reforms. The first requires the government to obtain court approval before accessing the content of communications for people in the United States which have been hoovered up and stored in Section 702 databases—just like police have to do to read your letters or emails. The SAFE Act’s second reform closes the “data broker loophole” by largely prohibiting the government from purchasing personal data they would otherwise need a warrant to collect. While the White House memo is just the latest attempt to scare lawmakers into reauthorizing Section 702, it omits important context and distorts the key SAFE Act amendments’ effects

The government has repeatedly abused Section 702 by searching its databases for Americans’ communications. Every time, the government claims it has learned from its mistakes and won’t repeat them, only for another abuse to come to light years later. The government asks you to trust it with the enormously powerful surveillance tool that is Section 702—but it has proven unworthy of that trust.

The Government Should Get Judicial Approval Before Accessing Americans’ Communications

Requiring the government to obtain judicial approval before it can access the communications of Americans and those in the United States is a necessary, minimum protection against Section 702’s warrantless surveillance. Because Section 702 does not require safeguards of particularity and probable cause when the government initially collects communications, it is essential to require the government to at least convince a judge that there is a justification before the “separate Fourth Amendment event” of the government accessing the communications of Americans it has collected.

The White House’s memo claims that the government shouldn’t need to get court approval to access communications of Americans that were “lawfully obtained” under Section 702. But this ignores the fundamental differences between Section 702 and other surveillance. Intelligence agencies and law enforcement don’t get to play “finders keepers” with our communications just because they have a pre-existing program that warrantlessly vacuums them all up.

The SAFE Act has exceptions from its general requirement of court approval for emergencies, consent, and—for malicious software—“defensive cybersecurity queries.” While the White House memo claims these are “dangerously narrow,” exigency and consent are longstanding, well-developed exceptions to the Fourth Amendment’s warrant requirement. And the SAFE Act gives the government even more leeway than the Fourth Amendment ordinarily does in also excluding “defensive cybersecurity queries” from its requirement of judicial approval.

The Government Shouldn’t Be Able to Buy What It Would Otherwise Need a Warrant to Collect

The SAFE Act properly imposes broad restrictions upon the government’s ability to purchase data—because way too much of our data is available for the government to purchase. Both the FBI and NSA have acknowledged knowingly buying data on Americans. As we’ve written many times, the commercially available information that the government purchases can be very revealing about our most intimate, private communications and associations. The Director of National Intelligence’s own report on government purchases of commercially available information recognizes this data can be “misused to pry into private lives, ruin reputations, and cause emotional distress and threaten the safety of individuals.” This report also recognizes that this data can “disclose, for example, the detailed movements and associations of individuals and groups, revealing political, religious, travel, and speech activities.”

The SAFE Act would go a significant way towards closing the “data broker loophole” that the government has been exploiting. Contrary to the White House’s argument that Section 702 reauthorization is “not the vehicle” for protecting Americans’ data privacy, closing the “data broker loophole” goes hand-in-hand with putting crucial guardrails upon Section 702 surveillance: the necessary reform of requiring court approval for government access to Americans’ communications is undermined if the government is able to warrantlessly collect revealing information about Americans some other way. 

The White House further objects that the SAFE Act does not address data purchases by other countries and nongovernmental entities, but this misses the point. The best way Congress can protect Americans’ data privacy from these entities and others is to pass comprehensive data privacy regulation. But, in the context of Section 702 reauthorization, the government is effectively asking for special surveillance permissions for itself, that its surveillance continue to be subjected to minimal oversight while other other countries’ surveillance practices are regulated. (This has been a pattern as of late.) The Fourth Amendment prohibits intelligence agencies and law enforcement from giving themselves the prerogative to invade our privacy.