OPINION — “It is no exaggeration to state that signals intelligence, made possible by Section 702 information, is likely to inform every substantial national security decision our leaders make, now and in the future.”
That’s a quote from a report by the President’s Intelligence Advisory Board (PIAB) released July 31 by the White House.
The public needs to focus on Section 702 because its legal authority sunsets on December 31 of this year, making its re-authorization another must-pass piece of legislation for Congress to act on when it returns in September.
At the same time, there are bipartisan demands in both the House and Senate for changes in Section 702’s operation, before any final votes can be expected.
The PIAB report said Section 702 information “underpins a significant portion of the intelligence production that the government uses to inform decision-makers on topics such as international terrorist networks and activities, adversary efforts to procure advanced military technologies, and national security threats to the United States and its allies posed by the People’s Republic of China and Russia.”
The PIAB Board also concluded that Section 702 is essential to protect the United States from “cyberattacks (including potentially catastrophic attacks on critical infrastructure), influence by foreign actors on our democracy, illegal export of critical technology, and importation of deadly fentanyl and other substances that are killing so many Americans. Section 702 will also be critical to meeting emerging threats whose full impact has yet to materialize.”
NSA Director Gen. Paul Nakasone, during an August 10 session at the Center for Strategic and International Studies, described Section 702 as “perhaps our most important authority, that we utilize day in and day out. It provides us an agility to do so much of what we need to do to provide insights to policymakers and warning to our military commanders.”
Nakasone then pointed out two instances where Section702 played a role that had not been highly publicized before.
It’s not just for the President anymore. Cipher Brief Subscriber+Members have access to their own Open Source Daily Brief, keeping you up to date on global events impacting national security. It pays to be a Subscriber+Member.
One example was the May 2021 Colonial Pipeline hack, where operations were shut down for five days as a result of a cyber ransomware attack. Nakasone said Section 702 collections were “essential for us to understand how we need to react and be able to utilize a series of actions as Colonial Pipeline was taking place.” Section 702 data also allowed the government to recover a majority of the $4.4 million ransom paid to the hackers.
Nakasone also said that Section 702 collection provided “information on Chinese precursor chemicals that are being utilized to synthesize into fentanyl,” adding, “It allows us to be able to block some of the international shipments of these chemicals into the United States, saving lives.”
Nakasone also pointed out benefits for the FBI. “Being able to provide [Section 702 collected] intelligence [to the FBI] that allows them to do their counterintelligence mission; that allows them to be able to address cybersecurity issues, is essential for us.”
“And so, for me,” Nakasone concluded, “you know, it’s hard to imagine anything right now that’s more important than being able to ensure that 702 gets reauthorized.”
What exactly is Section 702?
Section 702 of the Foreign Intelligence Surveillance Act (FISA) is a 2008 law that authorized the U.S. intelligence community (IC) to collect communications of targeted, foreign persons who are located outside the United States and expected to possess, receive, or likely to communicate foreign intelligence information necessary for security of the U.S.
It is a big program. The Office of the Director of National Intelligence reported this past April, that there were 246,073 foreign targets covered under Section 702 in 2022.
To gather that intelligence, the government can use Section 702, under guidance from the Foreign Intelligence Surveillance Court, to compel U.S. telecommunications and Internet providers, along with other such companies, to produce such things as e-mails, phone call content, audio and video chats, photographs, and text messages sent or received by targeted individuals when requested by the government. The government cannot, however, use Section 702 to target U.S. citizens or people located inside the United States, unless that person is communicating with a foreign national who has been targeted under the program.
That explains why the focus of much of the Section 702 debate is on what’s called “incidental collection of U.S. person information,” as when collected information might include two foreigners talking about a U.S. person or entity; or the collected item involves a call or message either from a foreign target to a U.S. person or vice versa.
The incidental collection of information about a U.S. person or entity may not be intentional, but it is likely unavoidable, which raises questions over what the NSA does with that information and who has access to it.
Section 702 also permits storage of collected information for possible subsequent review and query. Under current practice, four intelligence agencies have access to Section 702-acquired information: NSA, CIA, the National Counterterrorism Center (NCTC), and the FBI. Of the four, the FBI is the only agency authorized to query Section 702 data for evidence of crimes unrelated to foreign intelligence.
The Cipher Brief Threat Conference is taking place October 7-10 in Sea Island, Georgia. Join the conversation as experts discuss the impact Section 702 has on U.S. national security. Space is limited. Apply today for your seat at the table.
Appendix V to the PIAB report describes the FBI query of Section 702 data as follows:
“The FBI agent enters that he or she is seeking communications to and from the e-mail address of a named foreign intelligence officer who is known to be in touch with U.S. citizens. The agent will then be prompted to fill out a form indicating the query contains a U.S. person search term before the query is run through Section 702 data. Once this indication is made, the query is run.
If the U.S. person query returns no results, no further action is taken in the system. If the U.S. person query returns results, the system prompts the agent to identify the purpose and justification for the query prior to accessing any Section 702 collection that is retrieved.
Initial review of such incidentally-collected information may show a threat to the U.S. person mentioned, or it might indicate the U.S. person is a potential accomplice in some criminal activity. In the first case, the government would seek to warn and protect the U.S. person. In the latter case, the government would attempt to prevent any nefarious or criminal activity from being carried out by that U.S. person.”
The FBI involvement with Section 702 was to ensure that there is no “wall” between law enforcement and foreign intelligence collections as existed before the 9/11 terrorist attacks, where the dots known to CIA and FBI were not connected. Failure to review Section 702 information happened again after the Fort Hood shootings of November 5, 2009, when 39-year-old Army psychiatrist Major Nidal Malik Hasan killed 13 people and injured 32 more.
In the following years, the FBI became ‘over-active’ in searching Section 702 records.
A Foreign Intelligence Surveillance Court investigation, results of which were made public on May 19, found “that the FBI’s failure to properly apply its querying standard [in searching 702 intelligence]…was more pervasive than was previously believed.”
Among the examples disclosed were 122 queries of Section 702 archives using telephone numbers collected through legal process in a predicated domestic terrorism investigation, another 467 queries were made on cleared defense contractors. In neither situation, according to the FISA Court investigation, were the queried records “reasonably likely to return foreign intelligence information or evidence of a crime” because there was no specific information indicating that the named U.S. individuals or companies were being targeted by foreign adversaries.
More concerning, on June 11, 2021, the FBI queried Section 702-acquired information using the name of a U.S. citizen believed to have been present at the breaching of the Capitol, without first obtaining a required FISA Court order. However, the retrieved information was not used for any analytical, investigative or evidentiary purpose.
In March 2022, the FBI said it had, among other changes, enhanced its query standards, according to the FISA Court report, to require that person conducting the query “must have the purpose of retrieving foreign intelligence information or evidence of a crime;…must have a specific factual basis to believe that it is reasonably likely to retrieve foreign intelligence information or evidence of a crime; and the query must be reasonably tailored to retrieve foreign intelligence information or evidence of a crime without unnecessarily retrieving other information.”
The PIAB last month, had a tougher recommendation. It proposed among other things, that the Attorney General limit the FBI’s authority to use Section 702 data for evidence only for use in national security-related crimes.
Other possible changes will likely emerge during the congressional re-authorization process, but as imperfect as it is, the PIAB members found it necessary to say in their report, “If Congress fails to reauthorize Section 702, history may judge the lapse of Section 702 authorities as one of the worst intelligence failures of our time.”
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to [email protected] for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
