Congress Again Fails to Limit Scope of Spy Powers in New Defense Bill

The US Senate passed the National Defense Authorization Act (NDAA) on Wednesday after congressional leaders earlier this month stripped the bill of provisions designed to safeguard against excessive government surveillance. The “must-pass” legislation now heads to President Joe Biden for his expected signature.

The Senate’s 85–14 vote cements a major expansion of a controversial US surveillance program, Section 702 of the Foreign Intelligence Surveillance Act (FISA). Biden’s signature will ensure that the Trump administration opens with the newfound power to force a vast range of companies to help US spies wiretap calls between Americans and foreigners abroad.

Despite concerns about unprecedented spy powers falling into the hands of controversial figures such as Kash Patel, who has vowed to investigate Donald Trump’s political enemies if confirmed to lead the FBI, Democrats in the end made little effort to rein in the program.

The Senate Intelligence Committee first approved changes to the 702 program this summer with an amendment aimed at clarifying newly added language that experts had cast as dangerously vague. The vague text was introduced into the law by Congress in April, with Democrats in the Senate promising to correct the issue later this year. Ultimately, those efforts proved to be in vain.

Legal experts began issuing warnings last winter over Congress’s efforts to expand FISA to cover a vast range of new businesses not originally subject to Section 702’s wiretap directives. While reauthorizing the program in April, Congress changed the definition of what the government considers an “electronic communications service provider,” a term applied to companies that can be compelled to install wiretaps on the government’s behalf.

Traditionally, “electronic communications service providers” refers to phone and email providers, such as AT&T and Google. But as a result of Congress redefining the term, the new limits of the government’s wiretap powers are unclear.

It is widely assumed that the changes were intended to help the National Security Agency (NSA) target communications stored on servers at US data centers. Due to the classified nature of the 702 program, however, the updated text purposefully avoids specifying which types of new businesses will be subject to government demands.

Marc Zwillinger, one of the few private attorneys to testify before the nation’s secret surveillance court, wrote in April that the changes to the 702 statute mean that “any US business could have its communications [wiretapped] by a landlord with access to office wiring, or the data centers where their computers reside,” thus expanding the 702 program “into a variety of new contexts where there is a particularly high likelihood that the communications of US citizens and other persons in the US will be ‘inadvertently’ acquired by the government.”

Despite such warnings, Senate Democrats rushed to reauthorize the 702 program in April with the nebulous language attached. In a floor speech urging his colleagues to temporarily disregard the concerns, Mark Warner, chair of the Senate Intelligence Committee, vowed to amend the law again before the end of year. As of Wednesday it was clear he could no longer keep that pledge.

Text approved in June by Warner’s committee aimed to clarify the scope of the 702 program but was excised from the text of the NDAA earlier this month, reportedly at the urging of Ohio Republican Mike Turner, chair of the House Intelligence Committee, among others. WIRED reported in March that Turner had defended the 702 program during a closed briefing on Capitol Hill, using images of anti-war protesters at US universities to suggest that the spy powers were needed to ferret out potential ties between American students and Hamas. (No such ties have been reported.)

Wiretap orders issued under the 702 program permit the government to secretly eavesdrop on the calls and messages of foreigners, who generally lack any right to privacy under US law. The wiretaps, however, also routinely capture Americans in private conversation, despite constitutional limits that typically forbid such surveillance without a judge’s consent.

Notably, wiretap orders executed under Section 702 are never reviewed by a federal judge. Calls, texts, and emails collected under the program may be stored by the government for up to five years and will be accessed in some cases by the FBI. The bureau maintains its own Section 702 database, which is regularly used to develop leads in cases unrelated to why the wiretaps were originally collected.

An aide to Warner tells WIRED that the senator acknowledges that the changes to Section 702 this year are “overly broad,” adding that he’s aware the language must be “further narrowed.” Warner remains committed to fixing the law, said the aide, “whether it’s in this Congress or the next.”

The botched effort to check the government’s surveillance powers comes as the US national security establishment braces for what’s likely to be one of its most significant shakeups in decades. FBI director Chris Wray announced plans last week to voluntarily step down at the conclusion of Biden’s term, potentially clearing the way for a Republican-controlled Congress to fast-track Patel’s confirmation.

Patel has falsely accused Biden of rigging the 2020 presidential election and has vowed to bring cases “criminally or civilly” against members of the press. Trump has likewise pledged to investigate major news outlets that he has vaguely accused of “threatening treason.” Last week, Senate Republicans kneecapped an attempt by Democratic lawmakers to pass bipartisan legislation that would have shielded US journalists from government spying—likely a reaction to Trump issuing an command on Truth Social to “kill” the bill.

Privacy advocates on both sides of the aisle made failed attempts over the past year to limit the FBI’s access to Americans’ communications without a warrant. The calls for reform followed revelations that the 702 program had been inadvertently abused by FBI employees to conduct searches for the private messages of former and current federal officials, political commentators, and journalists. Other searches unlawfully performed at the FBI targeted a US senator, a state senator, and a state court judge.

According to the Privacy and Civil Liberties Oversight Board, US intelligence analysts have also abused the program to investigate potential sexual partners and potential tenants.

While the 702 program purportedly exists to exclusively further the government’s counterintelligence goals, surveillance experts say its scope likely extends far beyond terrorism and cyber threats, encompassing activities described as falling under the broad scope of US “foreign affairs.” Foreign journalists, government officials, and citizens of friendly nations never accused of a crime are just as likely to be deemed legitimate targets as foreign criminals and members of known terrorist organizations.

A separate amendment excised by congressional leaders from the NDAA, known as as the “Fourth Amendment Is Not For Sale Act,” was passed by the House of Representatives in April. Introduced initially as a standalone bill, the amendment would have banned the federal government from purchasing Americans’ location data without a warrant.

As WIRED has previously reported, US intelligence agencies have acknowledged purchasing large quantities of commercial data on US citizens, including information for which police normally require a warrant.

In a declassified report published last year, the Office of the Director of National Intelligence confirmed that the ocean of personal data being bought up by the government was highly sensitive, and that, in the wrong hands, it could be used to “facilitate blackmail” and other serious crimes.