Congress should reauthorize Section 702

In July 2023, the President’s Intelligence Advisory Board (PIAB) released a report reviewing Section 702 of the Foreign Intelligence Surveillance Act (FISA) and provided recommendations regarding the law’s reauthorization. Section 702 authorizes “the U.S. government to compel American companies to assist in the targeting of non-U.S. persons located abroad to collect foreign intelligence information.” In some circles, the law is considered controversial, with civil liberties groups, with hyperbole, referring to it as a law enforcement collection “backdoor,” and others calling for a variety of reforms. Section 702’s targeted collection of communications inescapably results in the incidental collection of U.S. citizens’ information. However, Americans can never be the intended target of the government under Section 702.  Authorities leveraged under the auspices of Section 702 can and have been misused and misconstrued, albeit unintentionally. In response, the FBI has enacted remedial measures and safeguards for use of those authorities, which has resulted in 98% post reform compliance. The past evidence of misuse does not take away from the continued operational support Section 702 provides. And given the current era of geopolitical strategic competition, those needs continue to increase in complexity. It is an interconnected, dynamic environment with a more sophisticated and vital need for collaboration between the private and public sector. Reauthorizing Section 702 will aid in the support and protection of these critical industry and government partnerships that, in turn, promote American security and protect our national interests. That is why it is essential that Congress reauthorize Section 702 before it otherwise lapses in December — and do so in a way that preserves the law’s full efficacy.  

Section 702 has proven an operational necessity since its enactment in 2008 and through its multiple reauthorizations by bipartisan, bicameral votes and by Presidents of both political parties. It has disrupted fentanyl trafficking, prevented terrorist attacks in the homeland and abroad, stopped cyberattacks, and provided warning of many other nefarious activities since its enactment. Commander of U.S. Cyber Command and Director of the National Security Agency General Paul Nakasone has referred to it as “irreplaceable.” While discussing reforms of the law emplaced by the FBI, Sen. Mark Warner, Chair of the Senate Select Committee on Intelligence, stated, “We desperately need to get 702 reauthorized. We have not done a good job, the [intelligence community] and the FBI and the administration, in making clear that the 702 we are talking about today is very different than the 702 that was reauthorized back in 2018.” In evaluating the law’s contributions, those in the private sector should take note of how Section 702 data has enabled the defense of critical infrastructure, information networks, borders, and operations. As the law’s December 2023 expiration inches closer, lawmakers must consider how it continues to shape national security and our ability to protect our interests and allies.  

The PIAB report makes clear the importance of Section 702 and what it has represented for national intelligence since its 2008 enactment:  

“The intelligence community used Section 702 information to avert the 2009 attempted New York City subway bombing, the 2010 attempted vehicle bombing at a Portland Christmas tree lighting ceremony … cyberattacks against critical U.S. infrastructure, and the smuggling of fentanyl into the United States.”  

Moreover, the report outlines the successful operationalization of Section 702 information. The Board wrote that significant portions of intelligence production that officials use to inform decision-making regarding international terrorist networks, adversary efforts in producing advanced military weaponry, and security threats posed by the Chinese government and Russia are developed from information captured under Section 702 authority. A chorus of support within the national security community has echoed that sentiment, highlighting the necessity of reauthorizing the law. This advocacy is not limited to the public sector, as private sector security officials continue to highlight Section 702’s importance to their operations. Due to industry’s increasingly significant role in defending our nation’s cybersecurity infrastructure and supporting the development of key emerging technologies, national security efforts have been an inseparable team effort between government and the private sector for decades. Collaboration and information sharing between these sectors is essential to safeguarding the cyber and physical infrastructure that underpin modern society. The renewal of Section 702 is crucial for the Intelligence Community in the protection of both sectors. Section 702 has particular relevance to the defense of cyber programs in the private sector and to protecting critical infrastructure by tracking state-sponsored hackers and cyber threats.   

In a joint letter to congressional leadership penned by Attorney General Merrick Garland and the Director of National Intelligence Avril Haines, Section 702 collection was cited as being responsible for identifying both conventional and cyber threats attributed to China, Russia, Iran and North Korea. In addition to illuminating previously undetected threats, Section 702 collection regularly leads to disruptions of cyberattacks targeted against American critical infrastructure, to include ransomware attacks and other significant threats to network security on both public and private infrastructure. In recent testimony to the Senate Judiciary Committee, Assistant Attorney General for National Security Matthew G. Olsen outlined how Section 702 queries allowed the FBI to attribute a cyberattack against a critical infrastructure company to Chinese hackers, identify the hackers’ techniques and procedures, notify the American company’s network operators, and mitigate the attack. Notably, the U.S. government utilized Section 702 to identify the responsible party for the ransomware attack on Colonial Pipeline in 2021 and to recover most of the bitcoin paid as ransom to restore systems. Section 702 data is critical for identifying attack techniques, network vulnerabilities and malware signatures. This unique data empowers cybersecurity professionals with timely information for a proactive defense against future attempted penetrations. Section 702 also strengthens strategic partnerships through illuminating national security threats to America’s allies, as intelligence officials routinely work with their international counterparts to warn network operators of cyber threats. Continued sharing of Section 702 data is likely to lead to reciprocal threat intelligence from allies and partners, resulting in an enhanced collective defense against novel cyber vectors.  

Reauthorization of Section 702 would bolster the private sector’s abilities to protect against cyber threats and enhance collaboration with intelligence agencies in furtherance of American security. The law has historically proved essential to preventing needless tragedies resulting from malign cyber operations. The unique authorities it provides will undoubtedly do so again in the future. In the modern strategic competition environment, nation-state adversaries will continue employing innovative tools in cyberspace to penetrate American critical infrastructure and other sensitive networks. To provide an adequate defense of both private and public sector infrastructure key to our national security, Section 702 must be renewed — and in a form that maintains, rather than diminishes, the essential value that it provides.  

Letitia A. Long is chairwoman of the Intelligence and National Security Alliance. 

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.