The fight over renewing, reforming, or sunsetting the mass surveillance power of Section 702 has been put on ice until spring.
The legislative authority for Section 702 was set to expire December 31, 2023, though language was added to the National Defense Authorization Act (NDAA) to extend the legislative authority of Section 702 through April 2024. It is disappointing that, despite all of the reported abuses of the Section 702 program, Congress chose to pass a reauthorization bill instead of making the necessary effort to include critical reforms. As advocates for reform, including EFF, said in a letter to Congress in late November, bypassing the discussion around reform by slipping an extension of the law into the defense authorization bill during the conference demonstrates a blatant disregard for the civil liberties and civil rights of the American people.
Buried in the House Intelligence Committee’s Section 702 “reform” bill is the biggest expansion of surveillance inside the United States since the Patriot Act.
Through a seemingly innocuous change to the definition of “electronic service communications provider,” the bill vastly expands the universe of U.S. businesses that can be conscripted to aid the government in conducting surveillance.
Under current law, the government can compel companies that have direct access to communications, such as phone, email, and text messaging service providers, to assist in Section 702 surveillance by turning over the communications of Section 702 targets.
Under Section 504 of the House Intelligence Committee’s bill, any entity with access to *equipment* on which communications may be transmitted or stored, such as an ordinary router, is fair game. What does that mean in practice? It’s simple…
Hotels, libraries, coffee shops, and other places that offer wifi to their customers could be forced to serve as surrogate spies. They could be required to configure their systems to ensure that they can provide the government access to entire streams of communications.
Even a repair person who comes to fix the wifi in your home would meet the revised definition: that person is an “employee” of a “service provider” who has “access” to “equipment” (your router) on which communications are transmitted.
The bill’s sponsors deny that Section 504 is intended to sweep so broadly. What *is* the provision intended to do, and how is the government planning to use it? Sorry, that’s classified.
At the end of the day, though, the government’s claimed intent matters little. What matters is what the provision, on its face, actually allows—because as we all know by now, the government will interpret and apply the law as broadly as it can get away with.
This isn’t a minor or theoretical concern. One of the FISA Court amici posted a blog to warn Americans about this provision. I can’t overstate how unusual it is for FISA Court amici to take to the airwaves in this manner. We’d be foolish to ignore it.
If you don’t want to worry that the NSA is tapping into communications at the hotel where you’re staying, tell your House representative to vote NO on the House intelligence bill this week. More on the many flaws with that bill here: https://www.brennancenter.org/our-work/research-reports/fisa-reform-and-reauthorization-act-biggest-expansion-government.