Skip to content
Search

Latest Stories

cipherbrief

Welcome! Log in to stay connected and make the most of your experience.

Input clean

An FBI Perspective on FISA Section 702

I spent twenty years at the FBI supporting investigations into cybercrime, tracking ransomware gangs, and watching foreign adversaries tear through American networks. I've sat across the table from hospital administrators trying to figure out how to care for patients when their systems are locked. I've talked to small business owners who lost everything to a cyber operation traced back to a state-sponsored group operating with near-impunity abroad.

What I can tell you, from that vantage point, is that allowing Section 702 to lapse would create intelligence gaps that our adversaries are already positioned to exploit.


Section 702 is a vital tool. A nimble authority that provides for collection against foreign-based, non-U.S. person threat actors intent on harming Americans. The threats this authority was built to address have not slowed down while Congress deliberates. Iranian-nexus actors are actively probing U.S. critical infrastructure, Chinese operators remain embedded in telecommunications networks, and ransomware groups – some operating with the direct support or tolerance of foreign governments – are targeting hospitals, water systems, and school districts across the country.

The actors dominating today's headlines each represent a different dimension of why 702 matters to the FBI as an investigative and intelligence collection tool.

Iran has demonstrated both the intent and the capability to conduct attacks on US soil. Beyond cyber operations against critical infrastructure – including recent attacks against operational technology in water treatment plants – Iran has sought to assassinate American citizens, including senior government officials, and to silence dissidents operating on US soil. Many of these plots are planned from abroad, coordinated through the internet, and would be invisible to investigators without 702. It is the tool that lets us connect the dots before an attack is executed rather than after.

China is playing a longer game. The campaign to pre-position access inside US critical infrastructure – power grids, water systems, transportation hubs, communications networks – is patient and methodical, designed to be activated at a moment of Beijing's choosing, including in the event of a conflict over Taiwan. In the FBI's own experience, 702 has been the difference between detecting that access early and discovering it only after the damage is done. When Chinese hackers compromised a major US transportation hub, it was 702-derived intelligence and US person queries that allowed the FBI to pinpoint exactly which network infrastructure had been hit, alert operators to the specific vulnerability, and help close the backdoor.

Ransomware, which defined much of my work at FBI, has evolved from a criminal problem into a national security one. Many of the groups responsible for attacks on hospitals and pipelines operate under the protection or direction of state sponsors who understand that ransomware destabilizes the same infrastructure a military adversary would want to disable. Over the past decade, malicious cyber actors have accounted for more than half of the FBI's Section 702 targets. The authority is central to how the FBI does cyber work: identifying victims, warning them before attacks begin, and helping them close backdoors before the next wave hits.

If Section 702 authority expires, active collection against foreign targets stops. Leads go cold. Investigations that depend on 702-derived intelligence hit a wall at exactly the moment continuity is critical. Adversaries don't pause. Every day the authority lapses is a day they move more freely through networks they have already compromised.

On compliance, the record deserves an honest accounting. The FBI's pre-reform querying practices were unacceptable. Director Wray said so plainly, and he was right. But beginning in 2021, there was a genuine institutional reckoning: foundational reforms to training, supervision, and accountability that produced documented, court-verified improvement. The same court that documented FBI’s violations in the first place – the Foreign Intelligence Surveillance Court (FISC) – concluded the reforms are having the desired effect.

The same rigor that produced those improvements is exactly why this reauthorization debate deserves to be evaluated on its own merits. The concern about government acquisition of commercially available data is legitimate, but it is a separate question from 702. Conflating the two risks taking down a well-functioning authority over a fight that belongs elsewhere in statute.

From two decades working to counter these threats, I know what it costs to arrive after the damage is done. The good news is that Congress doesn't have to make that choice. The oversight architecture is working. The reforms are documented. The threats are real and they are not waiting. Reauthorize 702, address commercial data on its own track, and keep the investigative capability that makes the FBI's cyber and national security work possible.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Related Articles

AI Agents Need Accountability That Travels With Them

Most enterprise AI agents today are still being deployed in controlled environments. They sit inside a platform, perform a defined task and operate [...] More

Congress Questions Pentagon Spending—and the Future of Trump’s Battleship

“I’m deeply concerned that the Presidential proposal for $350 billion mandatory funding [to be carried in a reconciliation bill and not an [...] More

CIA

DNI Day Two: Building the Intelligence Community for 2045

Author's NoteIn our first paper, DNI Day One: Three Strategic Decisions for National Security Evolution, we identified three challenges confronting [...] More

Why One Former CIA Executive Never Stopped Playing

When I was three years old, I fell in love with the violin thanks to an unlikely duet between Itzhak Perlman and a grumpy green Muppet. Watching [...] More

Cuba’s New Spy Array Raises Concerns for U.S. Security

BLUFF — On 18 June, Center for Strategic and International Studies (CSIS) researchers released a new study that says Cuba has completed construction [...] More

US-POLITICS-OBAMA-INTELLIGENCE

DNI Day One: Three Strategic Decisions for National Security Evolution

Authors’ Note:This paper is intended to frame a discussion, not settle one.Too often, debates about intelligence reform begin with organizational [...] More

{{}}