A key intelligence law expires in April and the path for reauthorization is unclear

The reauthorization of U.S. surveillance laws is not on the list of issues most Americans discuss at the dinner table every night. The exposure of U.S. government activities through the 2013 Snowden disclosures was probably the last time intelligence community surveillance powers and their impact on the privacy of American citizens was a topic of discussion in the national mainstream.  

But one of the most critical intelligence surveillance authorities—one that has saved lives—is set to expire this year unless it is reauthorized by Congress. The authority at issue, known as Section 702 of the Foreign Intelligence Surveillance Act (FISA), was last reauthorized by Congress in 2024 but given a sunset date of April 20, 2026.  

As described in the 2023 Privacy and Civil Liberties Oversight Board report on FISA Section 702:  

From an operational standpoint, the Section 702 program enables the U.S. government to identify individual threat actors and their networks; find elusive targets; and obtain a uniquely refined and detailed view of their individual targets. Additionally, Section 702 capabilities provide information to facilitate other intelligence collection, while protecting sensitive sources and methods. Information obtained through FISA Section 702 collection has enabled the government to discern both the large scale strategies and small scale decision-making of terrorist organizations and other foreign adversaries. 

FISA Section 702 authorizes the U.S. government to conduct warrantless electronic surveillance targeting non-U.S. persons reasonably believed to be located outside the United States for the purpose of collecting foreign intelligence information using the compelled assistance of U.S. electronic communication service providers (ECSPs)—think major U.S. tech companies and telecommunications providers. The government is prohibited from targeting U.S. persons, which the law defines as a “United States citizen or alien admitted for permanent residence in the United States, and any corporation, partnership, or other organization organized under the laws of the United States.” 

Section 702 acquisitions are authorized through certifications executed jointly by the attorney general and the director of national intelligence (DNI) and submitted (no less than annually) to the Foreign Intelligence Surveillance Court (FISC), along with targeting, minimization, and querying procedures. The FISC reviews the certifications to determine whether all the statutory requirements are satisfied, such as the inclusion of targeting procedures “reasonably designed” to ensure that 702 acquisition is “limited to targeting persons reasonably believed to be located outside the United States” and to “prevent the intentional acquisition of wholly domestic communications.” Following FISC approval of certifications, the attorney general and DNI send written directives to ECSPs compelling their assistance in 702 acquisition of foreign intelligence information, such as information about counterterrorism. The president has self-imposed restrictions through Executive Order 14086, which applies to Section 702 collection as well as any other signals intelligence. 

Section 702 surveillance differs from traditional FISA surveillance in some significant ways. Under 702, FISC judges are not provided with information about particular persons who will be targeted. Moreover, unlike traditional FISA, there is no requirement that 702 targets be “foreign powers” or “agents of foreign powers,” two terms defined in FISA. Under traditional FISA, however, where U.S. persons can be the targets of surveillance, FISC judges review applications and issue orders making individualized probable cause findings that a specified target “is a foreign power or an agent of a foreign power” and that “each of the facilities or places at which the electronic surveillance is directed”—such as a telephone number or email address—“is being used, or is about to be used, by a foreign power or an agent of a foreign power.” 

Even though the government is not permitted to intentionally target a U.S. person under Section 702, nor to intentionally target a person for the purpose of acquiring the communications of a U.S. person, U.S. person data is not completely excluded from 702 collection. If a U.S. person is in communication with a 702 target, the contents of those communications can be collected and stored. This is known as incidental collection.  

As I’ve written before, one of the most controversial aspects of Section 702 concerns the ability of the government, including the FBI, National Security Agency (NSA), CIA, and National Counterterrorism Center (NCTC), to query databases containing 702 information with terms related to or likely to identify U.S. persons (such as “names or unique titles; government-associated personal or corporate identification numbers; street addresses; and telephone numbers”) without obtaining additional approval from a court. 

Over the years, privacy and civil liberties advocates have argued that U.S. person queries are actually “backdoor searches” that should require a warrant under the Fourth Amendment. The constitutional issue arises because, while U.S. persons cannot be targeted for 702 surveillance, their communications can nevertheless be incidentally collected and subsequently queried later in time. While the prevailing view is that the Fourth Amendment does not apply to non-U.S. persons outside the U.S. who are targeted for surveillance, querying 702 databases with terms related to or likely to identify U.S. persons may constitute a separate Fourth Amendment search that requires a warrant or an exception to the warrant requirement.

The argument that U.S. person queries “must be performed pursuant to a warrant or an exception to the warrant requirement” found support in a 2nd Circuit opinion in 2019, and the December 2024 ruling by a U.S. District Court judge in the Eastern District of New York taking that case on remand. The FISC has rejected this argument. 

In his first term, President Trump gave conflicting signals about whether Section 702 should be allowed to lapse but ultimately did not block its short-term reauthorization. The Biden administration actively championed reauthorization, though subject to a sunset, while it opposed an amendment that would have required the government to obtain a warrant before conducting U.S. person queries with exceptions for “imminent threats to life or bodily harm, consent searches, or known cybersecurity threat signatures.”  

Congress reauthorized the authority in 2024 through the Reforming Intelligence and Securing America Act (RISAA). Notably, the amendment requiring a warrant for U.S. person queries was narrowly defeated in the House of Representatives. RISAA did, however, limit U.S. person queries by prohibiting queries “solely designed to find and extract evidence of criminal activity,” with exceptions for “mitigating or eliminating a threat to life or serious bodily harm” or when necessary to comply with certain litigation and discovery obligations.  

In what was considered a very controversial change, however, RISAA also broadened the definition of ECSP, permitting the government to “compel the assistance of a wide range of additional entities and persons in conducting surveillance under FISA 702.” Marc Zwillinger, Steve Lane, and Jacob Sommer explained at the time that this broadened definition enables the expansion of warrantless 702 surveillance “into a variety of new contexts where there is a particularly high likelihood that the communications of U.S. citizens and other persons in the U.S. will be ‘inadvertently’ acquired by the government.”  

The change was prompted by the government’s inability to compel the assistance of an unnamed service provider for 702 acquisition. In two heavily redacted opinions, the FISC and the Foreign Intelligence Surveillane Court of Review (FISC-R) determined that when providing a particular service, the entity did not fall within the statutory definition of ECSP. But instead of just addressing the service at issue in the court opinions, Congress wrote a much broader definition. Sen. Mark Warner (D-Va.), then chairman of the Senate Select Committee on Intelligence, promised to fix the issue through a different legislative vehicle. The later effort to narrow the ECSP definition failed: Language amending the definition of ECSP was stripped from the final version of the 2024 National Defense Authorization Act.  

This time around, the reauthorization process confronts some of the same risks and controversial issues as in times past, but also presents different and more difficult political challenges for both Republicans and Democrats. 

If Congress ultimately lets the authority lapse for a significant time or indefinitely, former intelligence officials have previously warned that the U.S. would be placing itself at “the brink of a self-inflicted national security calamity.” Right now, Republicans control the House, Senate, and White House, so the party would bear primary responsibility for such a “calamity.” Matters are further complicated by the fact that the second Trump administration’s position on 702 reauthorization is unknown.  

Democrats who voted for reauthorization during the Biden administration also have a more difficult decision this time. FISA Section 702 is a critical national security tool, but it is also one that can be abused. In the past, the misuse of the authority, which included the FBI’s querying the names of suspects from the Jan. 6, 2021, insurrection and people protesting the killing of George Floyd, had more to do with confusion and incompetence than malice.  

Proponents of reauthorization will point to a March 2025 opinion from the FISC indicating that instances of misuse or noncompliance with querying standards are diminishing. An October 2025 report from the Department of Justice (DOJ) inspector general also indicates that “the FBI is no longer engaging in the widespread noncompliant querying of U.S. persons that was pervasive just a few years ago.” Both the FISC opinion and the inspector general report credit the reforms enacted in 2024 through RISAA with at least some of the FBI’s improvement.  

Nevertheless, Democrats who previously supported reauthorization will have a host of concerns this go-round. Reauthorizing a powerful surveillance authority, however critical, is a weighty decision given the current president’s propensity to use the Department of Justice and its investigative and prosecutorial tools against his perceived political enemies or people of “integrity” who simply “ge[t] in Trump’s way,” not to mention the president’s proclivity to undermine or flout the authority of courts. Republicans should be concerned about these issues too.  

Fairly or not, both sides of the aisle have, at one time or another, raised concerns about the weaponization of the Department of Justice and FBI and misuse of FISA authorities. Republican concerns about FISA are rooted in the FBI’s investigation into Russian interference in the 2016 presidential election and the use of traditional FISA authorities to surveil Carter Page, a 2016 Trump campaign adviser. There were significant errors made in the Page matter, but they did not involve Section 702. Still, the mistrust of the FBI and its use of FISA authorities spilled over into the last round of FISA Section 702 reauthorization during the Biden administration. 

FISA Section 702 reauthorization nevertheless presents an opportunity for Democrats and Republicans alike. It forces Congress to focus on examining whether government surveillance powers adequately protect privacy and civil liberties (no matter who sits in the White House, or heads the DOJ and FBI), all while ensuring that these authorities enable legitimate intelligence efforts. The reauthorization process is a tool for performing oversight of the executive branch and improving the law’s ability to keep pace with technology, whether that involves baking in better privacy protections or, when appropriate, enabling more efficient access to or analysis of foreign intelligence information by the government.  

As of this writing, Congress has held two hearings, one in the House and one in the Senate, on FISA Section 702 reauthorization. These reauthorization moments have proven to be valuable, requiring Congress to play an active and public oversight role over one of the intelligence community’s aggressive and important tools, and incentivizing the intelligence community to self-regulate and honor the rules. 

Moreover, the upcoming expiration of Section 702 provides Congress with an opportunity to focus on surveillance reform more broadly. During the last Section 702 reauthorization process, bipartisan legislation that included reforms to the Electronic Communications Privacy Act (ECPA) in addition to FISA was introduced in both the House and Senate. ECPA is the foundational privacy statute that governs law enforcement access to electronic communications and data. Originally enacted in 1986, ECPA’s drafters were writing privacy legislation for the early days of commercial email services when users “dialed-up” and downloaded email from servers to their personal computers. In the mid-’80s, prior to the advent of smartphones, the world wide web, and ubiquitous cloud storage, ECPA was a forward-looking law. But this year the law will turn 40, and the march of time and technology have revealed an increasing erosion in the efficacy of its privacy protections.   

The reauthorization of government surveillance authorities may not be the most pressing issue before a busy Congress, but the April expiration of FISA Section 702 is Congress’ astute self-imposed forcing function, requiring that attention be paid to oversight of the authority. Congress should thus give meaningful consideration to the national security and privacy and civil liberties issues at stake.