Congress extends controversial warrantless surveillance law for two years

Laboring into the early hours of Saturday morning, Congress reauthorized for two years a surveillance program that U.S. spy agencies regard as one of their most valuable tools and that critics on the left and the right say intrudes on Americans’ privacy.

The 60-34 vote in the Senate came a week after the House renewed Section 702 of the Foreign Intelligence Surveillance Act, which enables U.S. intelligence agencies to gather without a warrant the digital communications of foreigners overseas - including when they text or email people inside the United States. The measure now goes to President Biden’s desk for a signature.

“Allowing FISA to expire would have been dangerous,” said Senate Majority Leader Charles E. Schumer (D-N.Y.). “It’s an important part of our national security tool kit.”

The law technically expired Friday midnight, but a federal court this month granted the government a one-year extension to continue intelligence collection.

Adding to the drama, two major internet firms had threatened to stop complying with government surveillance orders under the law if Congress let it lapse, according to several U.S. officials. The companies, the officials said, argued that lack of an underlying law would introduce uncertainty around compliance.

The House approval last week came despite former president Donald Trump’s entreaty on social media to “KILL” the bill. In a concession to win over some congressional opponents, the extension is good for only two years.

First passed in 2008 and reauthorized several times since, the law enables the National Security Agency to collect without a warrant from U.S. tech companies the communications of non-Americans located overseas for foreign intelligence purposes. Communications to or from foreign targets deemed relevant to FBI national security investigations are shared with the bureau. That’s only about 3 percent of the foreign targets, according to the government. But the law is controversial because some of those communications may involve exchanges with Americans, which the FBI may view without a warrant.


Privacy hawks in both parties have pushed for years for a warrant requirement, but fell just short last week when their bid to end warrantless searches on 702-gathered communications failed in a dramatic 212-212 tie vote. They tried again on Friday evening with a bipartisan amendment introduced by Sen. Dick Durbin (D-Ill.), but that too was defeated, though only by a handful of votes.

“I’m disappointed that my narrow amendment to protect Americans while preserving Section 702 as a foreign intelligence collection tool was not agreed to,” Durbin said afterward in a statement. “If the government wants to spy on my private communications or the private communications of any American, they should be required to get approval from a judge, just as our Founding Fathers intended in writing the Constitution.”

Five other amendments from privacy-minded lawmakers also were defeated.

U.S. security officials for years have extolled the benefits of the law, with White House officials saying that the intelligence collected through the program accounts for more than 60 percent of the president’s daily briefing. FBI Director Christopher A. Wray recently disclosed that it helped the bureau discover that Chinese hackers had breached the network of a U.S. transportation hub, and that it had helped thwart a terrorist plot last year in the United States involving a potential attack on a critical infrastructure site.

“Failure to reauthorize 702 - or gutting it with some kind of new warrant requirement - would be dangerous and put American lives at risk,” Wray told Congress this month.

The law has been the subject of controversy for years. Privacy advocates have criticized the absence of a warrant requirement for the FBI to query its Section 702 database for communications of U.S. persons. Sen. Ron Wyden (D-Ore.) has dubbed that practice the “backdoor search loophole.”

“This bill represents the biggest expansion of surveillance in 15 years since Section 702 was originally created and a shameful Congress would be expanding surveillance at a time when reforms are needed,” said Jake Laperruque, deputy director of the Center for Democracy and Technology’s Security and Surveillance Project.

The Foreign Intelligence Surveillance Court (FISC), which provides judicial oversight of FISA, found in 2022 that the FBI had misused the authority more than 278,000 times between 2020 and early 2021, including against donors to a congressional candidate, Jan. 6 riot suspects and people protesting the police killing of George Floyd. The FBI, the court noted, conducted such queries “without a specific factual basis to believe” they were likely to yield “foreign intelligence information or evidence of a crime.”

The FBI has tightened its procedures in an attempt to ensure such lapses don’t recur. For instance, FBI analysts using the Section 702 database are required to write, in their own words, why they think their search will return foreign intelligence information or evidence of a crime, and an attorney must approve any “batch” searches involving large numbers of people.

One controversial new provision in the legislation updates the law’s language in a way that privacy advocates say greatly expands the potential privacy intrusion but that U.S. officials say is necessary to keep up with changes in technology. One of the failed amendments would have eliminated that provision.

At issue is the definition of who or what types of businesses, upon receipt of a directive, would be required to provide the U.S. government access to data. The original law referred to any “electronic communication service provider,” which has in practice meant telecommunications firms and companies that facilitate phone calls, emails, text messages and other digital communications.

The amended law expands the scope to “any other service provider” with access to communications equipment used to transmit or store communications - a reference to cloud data storage centers, according to current and former U.S. officials familiar with the matter. Some of these data centers may service foreign companies and governments that cannot be easily served with a directive if they have no presence in the United States or are just unwilling to comply, former officials said, speaking on the condition of anonymity to discuss sensitive intelligence gathering.

“This provision would allow the government to force almost any business in this country to assist with Section 702 collection by giving the NSA access to its phones, computers, and WiFi routers,” said Elizabeth Goitein, senior director of the Brennan Center for Justice’s Liberty and National Security Program. “The NSA would be on the honor system to extract and remove only foreign targets’ communications. This is a truly Orwellian power that no democracy should allow its government to have.”

Jim Himes (D-Conn.), the ranking member on the House Intelligence Committee and co-author of the provision, said it was a “technical amendment that’s narrowly tailored.”

“People need to remember that this is a collection authority that is only available on foreign targets and it’s not going to be served to janitors or Starbucks baristas,” Himes said. “That’s hyperbolic nonsense.”

Attorney General Merrick Garland in a letter to Senate leaders Thursday noted that the amendment came in response to the Foreign Intelligence Surveillance Court’s “identification of a need for a legislative fix.” The court two years ago ruled that a particular provider that the government wanted to serve with a directive fell outside the scope of the law.

“If the government believes that the scope of Section 702 directives should be broadened as a matter of national security policy, its recourse is with Congress,” FISC Judge Rudolph Contreras wrote in a 2022 opinion. An appeals court in 2023 upheld the decision.


In a statement Saturday after the law was reauthorized, Garland called it “indispensable” to the department’s work to protect Americans from “terrorist, nation-state, cyber, and other threats.” He said it also codifies “important reforms … to ensure the protection of Americans’ privacy and civil liberties.”

Liz Goodwin contributed to this report.