������Ƶ

Congress has until December 31 to renew the FISA Amendments
Act or it will expire, and with it, the highly controversial, large-scale
surveillance authorities under Section 702. As Congress debates whether to
renew Section 702, it must consider needed reforms so that surveillance will be
narrowly tailored to the law’s stated purpose – stopping both terrorism and
espionage – and so that millions of Americans’ communications will no longer be
swept up in its net.

The Open Technology Institute’s Section 702 reform priorities
include:

Limit the Scope of
Collection Under Section 702: Currently, the NSA engages in large-scale
surveillance of Americans’ communications under Section 702. This overbroad
surveillance is possible due to the breadth of the definition for “foreign
intelligence information,” collection of which must be a significant purpose of
the surveillance. Additionally, the scope of surveillance under Section 702 is
overbroad because of the NSA’s “upstream” surveillance program and “about”
collection.

• Narrowly Tailor
  the Definition of Foreign Intelligence Information: When Section 702 became
  law in 2008, it was sold to Congress and the public as authorizing surveillance
  that was necessary to stop terrorist threats and espionage. To this day, the
  Office of Director of National Intelligence argues for reauthorization of
  Section 702 its necessity to national security,
  even calling it the of the intelligence community’s
  surveillance authorities. Yet, Section 702 permits surveillance that goes well
  beyond protecting national security. The definition for foreign intelligence
  information also permits surveillance that is merely . The “foreign affairs” provision of the definition of  foreign intelligence information is not
  necessary to national security, and allows the NSA to sweep up the
  communications of political or human rights activists, journalists, students,
  and business people working abroad, and it should be struck from the authorized
  purposes for surveillance under Section 702. 

• End “Upstream”
  Surveillance: Upstream surveillance is the term for the NSA’s practice of
  wiretapping the internet backbone – the underseas fiber optic cables across
  which about – and
  scanning the data for communications to,from, or about their target, though at
  the end of April the NSA stopped “about” collection. This practice is , as it subjects
  everyone’s communications to automated scans by the NSA. When Congress debated
  the passage of Section 702, it never considered whether the NSA should have
  such broad authority to intercept internet communications and nothing in the
  statute suggests this type of surveillance is appropriate. Congress should reform Section 702 to make clear that “upstream”
  surveillance is not authorized.

• Prohibit “������Ƶ”
  Collection: Short of eliminating “upstream” surveillance altogether,
  Congress should prohibit “about” collection. As part of its “upstream”
  surveillance, the NSA scans the contents of all of the communications that
  transit the internet backbone for communications that merely reference, or are
  “about”, the target. Compliance issues with upstream surveillance date back to
  2011 when the FISC shut it down until the NSA could remedy the problems. This
  April, the that, as a result of
  still-persistent compliance issues, it would stop the practice of “about”
  collection and delete its stores of US person communications that were obtained
  via that form of surveillance. It claimed that the threat to Americans’ privacy
  outweighed any value from the collection. Considering
  the harmful impact “about” collection has on Americans’ privacy, it is
  indefensible to allow space for the NSA to restart this practice. Congress
  should pass a reform bill that includes a prohibition against “about”
  collection.

Enhance
Post-Collection Protections for Americans’ Communications that are Swept Up
Under Section 702: While narrowing the scope of surveillance under
Section 702 is critically important, it will still result in a large quantity
of incidental collection of Americans’ communications. For this reason,
enhancing the protections for that information once it is in the intelligence
community’s databases is also essential. This happens through limiting the
purposes for which the information can be used, and ensuring that if the FBI
searches the information using a US person identifier, they have a warrant
authorizing that search.

• Establish Limits
  on Use of Communications Collected Under Section 702: DOJ asserts that the
  FBI has the authority to use Americans’ communications collected under Section
  702 for investigations and prosecutions into any crime whatsoever since they
  were lawfully obtained. In response to public outcry following the Snowden
  revelations, DOJ issued that offered one
  additional protection: it may only use communications collected pursuant to
  Section 702 in proceedings, such as prosecutions, with the approval of the
  Attorney General. This limitation is wholly insufficient. The intelligence
  community justifies the collection of large quantities of Americans’
  communications under Section 702 by arguing that it is reasonable since the
  surveillance is targeting foreign intelligence information. Congress should ensure that information
  collected under Section 702, which is obtained pursuant to a standard that
  falls far short of the probable cause standard required in criminal
  investigations, can only be for the purpose for which it was collected: foreign
  intelligence investigations.

• Close the
  Backdoor Search Loophole: Currently, FBI agents routinely use US person
  identifiers to search the database containing information collected pursuant to
  Section 702 to further that
  are wholly unrelated to national security. DOJ has testified before the FISC
  that it engages in these US person queries so regularly that it would be too
  burdensome to so much as require agents to record a justification for each.
  Indeed, the DOJ attorney analogized how the FBI engages in these warrantless
  backdoor searches to how everyday Americans do . Backdoor searches are so
  controversial that votes to prohibit them have overwhelmingly passed the House
  of Representatives in and . Now that Congress must either pass a
  reform and reauthorization bill or let Section 702 expire, it should ensure
  that this loophole is closed permanently. Congress
  should require that FBI agents obtain a warrant before running a US person
  query in a database containing Section 702 information, and that queries be
  limited to those involving investigations that are aligned with the purpose for
  the collection. 

Increase
Transparency for the Government and Companies: While the USA FREEDOM
Act made many meaningful improvements to government and third party
transparency surrounding national security processes, more should still be
done.

• Increase
  Government Transparency: In 2011, first asked the intelligence
  community for an estimate of the number of Americans’ communications that are
  incidentally swept up in surveillance under Section 702. Since then, the has joined in those calls,
  and members of the have written to the
  Office of the Director of National Intelligence demanding that same information. This
  number, which may well be in the millions, is necessary to gauge the scale of
  impact that Section 702 surveillance has on Americans’ privacy. Despite
  numerous requests from civil society and members of Congress over the last six
  years, the intelligence community has not come forth with an estimate.
  Additionally, while the NSA and the CIA are required to report on the number of
  US person queries it makes in databases containing Section 702 information, the
  FBI is exempt for this requirement. The made 30,355 of these queries for non-contents and 5,288 queries for
  contents in 2016 alone. Considering the DOJ testified before the FISC that the
  FBI makes these queries so frequently it’s akin to doing a , reporting on the number of
  times they are conducted is essential to effective oversight. Congress must increase transparency
  around Section 702 surveillance by requiring annual estimates of the number of
  Americans whose communications have been incidentally swept up, and by removing
  FBI exemptions from reporting requirements. 

• Allow for More
  Robust Third Party Reporting: The USA FREEDOM Act established a framework
  for companies that receive various types of national security processes, like
  NSLs, Pen Register and 215 orders, and Section 702 directives, to report in
  large bands (ex. 0-999) the number of processes they received, and the number
  of customer selectors that were targeted. The law does not allow companies to
  report on the source of authority, such that a company could not say how many
  selectors were targeted solely under Section 702. Additionally, the bands in
  which companies may report do not allow enough granularity to assure users that
  their information is adequately protected. Finally, there is still debate as to
  whether the law currently allows a company that has not received a particular
  type of national security process to state as much on their semi-annual
  transparency report. Congress should
  amend reporting provisions to allow for third parties that receive national
  security processes to report, with granularity, the number of processes they
  receive, including zero if they have not received any, and the source of
  authority that was the basis for each demand.

In addition to these critical reforms, Congress
should consider other important reforms to Section 702, such as shortening
retention limits and removing the exception to those limits for encrypted
information; further reforming the FISC by strengthening the role of the
appointed amici so that they can raise concerns beyond issues about which the
FISC judges inquire, and empowering the amici to appeal adverse decisions by
the FISC judges to the FISA Court of Review; clarifying the notice requirement
to ensure that defendants are told if any information that was used in their
investigation came from Section 702 surveillance; and clearing the path for
litigation on the constitutionality of Section 702 surveillance by addressing the
standing requirement and limiting the executive branch’s ability to exercise
the state secrets privilege.