Opinion: I was a counterintelligence privacy officer. Section 702 is not violating Americans’ rights
Editor’s Note: Andrew Borene is executive director at Flashpoint, an international threat intelligence and data firm. He is a former senior US intelligence officer, a licensed attorney and a certified information systems security professional. The views expressed in this commentary are his own. Read more opinion at CNN.
The United States Congress, in a commendable display of bipartisanship and bicameral action after prolonged debate, took decisive steps to fortify the nation’s strategic defense in the 11th hour by passing the Reforming Intelligence and Securing America Act (RISAA) to reauthorize necessary provisions under the Foreign Intelligence Surveillance Act (FISA). Now we must thoughtfully make these needed authorities permanent to help prevent future lapses that endanger national security.
No nation, regardless of its relative power, has ever been immune to the surprise resulting from deception by committed foreign adversaries. Yet, in a year marked by ongoing wars involving nuclear powers, unprecedented cyber extortion and rising terrorist threats worldwide, the United States government faced the potential expiration of one of its most crucial intelligence authorities.
The agility of national security investigations, particularly in scenarios demanding rapid response like real-time cyber threats, was nearly rendered useless by bureaucratic delays.
As cyber, physical, fraud and insider threats converge, the national intelligence teams monitoring these wicked problems are evolving along with the digital communications landscape. They simply require support from legislators that meets modern needs.
We live in a time of new geopolitical instabilities and strategic uncertainties. The broad threat landscape is becoming more dynamic and complex. The past year alone has shown us that neither state-funded terrorism targeting civilians, nor proxy warfare on commercial shipping, nor even regional wars are strangers to the modern world order. We see great power competition escalating tensions across both the Atlantic and the Pacific. We also have observed the efforts of malign foreign actors in Russia, China and Iran to amplify social divisions and escalate hostility between Americans at home.
In cyberspace, we see an increasing set of vulnerabilities to American and allied critical infrastructure in supply chains, attacks that may come from malicious code developed by nation states at machine-enabled speeds or from the unabated use of ransomware and cyber extortion by transnational criminal groups. Generative AI tools could make it harder than ever for our agencies to detect and patch even our known vulnerabilities before they are exploited. Surveillance authorities need to be as nimble as our foes.
A need to ‘rein in’ the FBI?
Congressional passage of a renewal of Section 702, a critical FISA authority since 2008, on April 19 was crucial to empower uninterrupted intelligence on a broad spectrum of foreign threats to the nation including espionage, sabotage, terrorism and subversion. Unfortunately, the debate over reforming 702 got framed as trying to “rein in” the FBI amid what was claimed to be FISA “abuse” from a “politicized” bureau.
But the longstanding Section 702 law is simply not some new, broad domestic surveillance power of the FBI.
When FISA was originally engineered in 1978 to set the groundwork for surveilling foreign agents on US soil with judicial oversight, it was crafted with a bipartisan intent to reconcile the need for robust intelligence capabilities with the protection of privacy rights. Section 702, a crucial digital tool that only allows targeting of non-US persons believed to be outside of the United States in certain intelligence collection operations, was originally designed to adapt antiquated FISA laws to meet changes resulting from the technology used in international communications. These technologies change, and Section 702 needs to keep pace to stay ahead of threats.
This year’s renewal, however, faced significant, complicated political resistance from small minorities of House legislators on both the Democratic and the Republican sides who made some wild claims that Section 702 created “mass warrantless surveillance” and “backdoor spying” on Americans. Highly vocal critics from some activist groups have been making similar misleading and inaccurate claims about the statute over the past 15 years that it has been used effectively by agencies including the FBI, CIA, National Security Agency and the National Counterterrorism Center to combat diverse threats to national security.
Contrary to what some of the FBI’s loudest critics suggest, any searches or queries of US persons’ information under Section 702 are designed to be governed by strict rules and procedures designed to protect Americans’ privacy and civil liberties. The bipartisan agreement underlying 702’s premise was always that new authorities were necessary to account for changes in modern communications.
RISAA included narrow updated language to define an electronic communication service provider who may be compelled to assist a national security investigation. The Justice Department emphasized in a memo to lawmakers that this “does not expand the scope of who can be targeted under” Section 702, and told Senate committee leaders that the number of additional technology companies brought in under the new definition is “extremely small.” Furthermore, DOJ promised Congress an update on applications of the updated definition every six months.
Global digital telecommunications are never going to regress into the simplicity of analog technologies. Because we can only expect to see ever-larger digital datasets moving at higher velocities with increased storage capacities, we should encourage Congress to make longer-lasting laws for federal surveillance of foreign threats in the digital world as it is, rather than temporary stopgaps with forced sunsets. This is a logical modernization of a critical, specific authority to enable our federal government’s sworn public servants to hunt for foreign threats to national interests while upholding the cherished American values of privacy and liberty.
Not ‘dangerous’ but protective
From my own lenses as a lawyer, an intelligence officer on counterterrorism and counterintelligence issues, and most importantly an American citizen concerned for my own privacy rights, I appreciate the nuance and excellent statutory design of Section 702 to be a specific, limited power of federal government in accordance with the foreign affairs responsibilities of our country’s elected president.
In public service, I was the civil liberties, privacy and transparency officer at the National Counterintelligence and Security Center. During that time, I witnessed firsthand the exceptional commitments to protecting privacy by constitutionally sworn federal officers from 18 different federal agencies, which included the FBI. I also had an opportunity to work closely with intelligence community enterprise leaders to implement principles of “privacy by design” that help to ensure all counterintelligence programs and associated data-retention efforts are built from their very foundations with American civil liberties in mind. I know that my colleagues throughout the community also built and implemented those same principles to protect Americans in all of the national intelligence efforts covering foreign threats.
My personal experiences in that oversight role with the trusted American women and men at the very heart of professional counterintelligence, counterterrorism and cybersecurity all stand in stark contrast to some ludicrous claims from external critics who simply have not been in the rooms where things happen. What I have seen stands in stark contrast to wild claims of Section 702 modernization being “one of the most dramatic and terrifying expansions of government surveillance authority in history,” because the authority actually empowers the active defense and collaborative protection of American lives, businesses, research and interests against hostile foreign actors.
FISA and RISAA authorities are not “dangerous” to Americans; they are protective. Defensive insights gained by the US government through Section 702 authorities can be shared in public-private partnerships to dramatically empower private entities under foreign cyber threats.
The original FISA law was developed half a century in the past, at a time before computers were widespread, when the actual physical process of surveillance required placing “taps” to intercept analog telephone lines and exchanges. In the years after 9/11, it became obvious that FISA had to be modernized. The periodic renewal of Section 702 authorities has been critical in allowing the government to access data from internet and phone providers involving foreign parties.
But every expiration threat and 11th-hour renewal stems from a perennially false debate that claims an imbalance between national security and individual privacy rights.
The watchdogs are being watched
Comprehensive information was disclosed in the Office of the Director of National Intelligence’s annual statistical transparency report about national security surveillance released last month. ODNI reported that FBI Section 702 inquiries on US persons — defined by FISA as US citizens or legal residents, an “unincorporated association with a substantial number” of US citizen or residents, or a corporation legally formed in the US — actually declined in 2023 by more than half, indicating in measurable terms that internal reform and training at the FBI is working.
Section 702 is not just rigorously overseen in house, but in all three branches of constitutional government. Congress can review it at any time, just as it did this past year. In the executive branch, the attorney general is required to approve the procedures for targeting, minimizing and querying data, which are then annually reviewed by the Foreign Intelligence Surveillance Court to ensure compliance with both the FISA statute and the Fourth Amendment.
Furthermore, each individual agency within the intelligence community is directed to follow stringent internal oversight protocols to maintain adherence to these procedures. Any compliance issues surfaced by thorough ODNI or Department of Justice reviews are required to be promptly addressed and transparently reported to both the FISC and to Congress. It is under the oversight of both the attorney general and the director of national intelligence that Section 702 facilitates the targeted collection of specific foreign intelligence information, such as details pertaining to international terrorism, cyber threats or weapons of mass destruction.
In fact, it was precisely through the FBI’s self-disclosure of a limited number of non-compliant activities that some important discussions about Section 702 were brought to light for the American public. That self-disclosure and the resulting important dialogue about the scope of those missteps led to internal reforms and new training that addressed previous shortcomings. The focus on transparent government disclosures of noncompliance support that the law’s checks and balances are working as designed — to empower processes of judicial review and of appropriately informed public debate to drive constant improvement.
These types of public accountability and efficient privacy protections are why I personally joined a uniquely bipartisan group of 44 former national security officials who had served in Republican and Democratic administrations and on Capitol Hill to encourage the extension of Section 702 without expansive new restrictions on the government. With a broad view of global surveillance practices, I have seen how the American model for disclosing occasional, and inevitable, periodic intelligence missteps and repairing bad laws is unmatched.
The Section 702 authority should be made permanent before the next reauthorization in 2026. Under Article I of the U.S. Constitution, if Congress wants to modify any federal statute it can be introduced at any time. The House of Representatives doesn’t need sunset provisions to reopen debate while risking the possibility that the government’s intelligence agencies will be temporarily blinded. Congress can engage broader sets of stakeholders in understanding novel technologies that may pose future collection challenges and how those technologies can protect civil liberties with high-fidelity and auditable digital tools.
We should not leave this extremely important work only to lawyers, legislators and political activists with their own agendas. As we move forward, we must ask Congress to adapt and refine technology-informed approaches to the laws relating to digital security and privacy, ensuring that our defenses remain robust and our American commitment to individual rights unwavering.
For more CNN news and newsletters create an account at CNN.com