Yet another deadline: Congress faces 702 reauthorization

Congress faces a looming deadline to reauthorize a key spying authority that permits collection of communications data on people outside the U.S. for intelligence purposes.

The authority, contained in Section 702 of the Foreign Intelligence Surveillance Act, expires at the end of the year. Many privacy advocates on both sides of the aisle want to eliminate or seriously redefine the authority, citing concerns that too many Americans are getting caught up in collections.

Rep. Adam Schiff (D-Calif.), the ranking Democrat on the House Permanent Select Committee on Intelligence, says he's confident that 702 will be reauthorized before it expires.

"The only question is what form reauthorization will take," Schiff said at the Intelligence and National Security Summit in Washington D.C. on Sept. 7. "I hope I'm not being overly optimistic," he added.

The split in Congress doesn't break along party lines, Schiff explained. There are institutional pressures on members of different committees with skin in the game, with members of the House and Senate judiciary committees more focused on expanding privacy protections, while intel overseers are focused more on how the 702 authorities are used.

"Where you stand depends on where you sit," Schiff said. "It's not that we don't appreciate civil liberties and civil rights issues – we certainly do," he added, noting that Judiciary members also appreciate the national security implications of ending or curtailing the 702 authorities.

Schiff said that he while there were "problems with execution" in the program, he hadn't seen any "intentional abuses," and was comfortable with the level of oversight supplied to the program by the FISA courts, the committees in Congress and the intelligence community's internal watchdogs.

He also worried about the downstream impact of proposed reforms, such as requiring judicial approval for every search of a 702 database for a U.S. person, on a law enforcement model. Schiff asked what happens if a "U.S. person is a victim not a perp," or if a database entry selected for a query is an address or a place and not a person.

Tom Bossert, the top homeland security advisor to President Donald Trump, also warned of the consequences of not reauthorizing 702.

"The terrorist threat is not going to sunset, so the [FISA] authorities shouldn't either," Bossert said at the same security conference on Sept. 6. He said the Trump administration will ask Congress for a clean reauthorization for all provisions of the act before it expires at the end of the year.

Bossert said some of the objections to 702 collection will seem archaic in light of technological progress.

"Think about how increasingly odd it will sound to our grandchildren that we have to have a conversation about where our data is stored," said Bossert.

However, civil liberty organizations and some lawmakers have long argued that the provision can and does regularly sweep up millions of communications of American citizens while allowing for "backdoor" searches that can violate the Fourth Amendment. In April, the National Security Agency announced it would no longer use Section 702 to justify mass collection of email and metadata from foreign targets that pass through parts of the Internet owned by American companies. The agency acknowledged it could not comply with procedures to protect the constitutional privacy rights of American citizens.

Bossert also said countries that rely on state-sponsored hackers to conduct attacks or espionage on the United States must be met with "real-world" consequences, not cyber retaliation. Rather than fighting fire with fire, he argued that responding to a hostile nation's cyberattack with the U.S. government's own arsenal of cyber weapons would simply encourage a technological arms race.

"There's no reason to think a cyberattack will have an effect on a cyber adversary," said Bossert, who did not elaborate on what those "real world" punishments would entail.