Skip to Content

Government Surveillance

With the Passage of RISAA, FISA 702 Reform Has Been Delayed But Not Denied

In April, the nearly two-year long debate over reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (“FISA 702”) concluded with an extension of the warrantless surveillance authority, but without meaningful reforms to protect civil liberties. In fact, although supporters of the new law — the Reforming Intelligence and Securing America Act, H.R. 7888, (“RISAA”) — claimed it contained meaningful reforms, the bill largely preserved a problematic status quo and actually expanded surveillance in an alarming manner. But while efforts to close loopholes involving searches of FISA 702 data and the purchase of data from data brokers came up short, the debate nonetheless laid the foundation for reform in the near future: the new law sunsets in April 2026, and the problematic expansion in surveillance is set to be re-examined within the next month.

Requiring Warrants To Query FISA 702 Data for Americans’ Communications

The FISA 702 debate focused largely on U.S. person queries. While FISA 702 surveillance must be directed at foreigners abroad, it frequently pulls in Americans’ communications with those foreign targets. Intelligence agencies then deliberately search for the communications of U.S. persons within FISA 702 data, or “query” it, without court approval. The lack of independent court authorization for US person queries has led to systematic abuse, including improper queries of peaceful protesters, lawmakers, journalists, and a batch of 19,000 political donors. Requiring a warrant for U.S. person queries would curtail or stop the abuse and misuse of FISA 702 surveillance with respect to U.S. persons. 

The warrant requirement was considered as an amendment in the House of Representatives, but failed by the narrowest of margins: a dramatic 212-212 tie vote. When the bill moved to the Senate[1], FISA 702 was set to lapse entirely in a matter of hours, unless reauthorized. The administration and Congressional leadership insisted that Senators oppose all amendments to avoid that outcome. The amendment that would have imposed the warrant rule failed by a 42-50 vote; while this was a slightly larger margin than the House vote, there is strong evidence that many of the “no” votes were based on a desire to avoid the impending lapse, rather than substantive opposition, signaling potential support for this critical policy in the future[2]

And Congress will have the opportunity to revisit the issue soon:  To get the bill through Congress, House leadership had to give FISA 702 a short, 2-year sunset[3].  When Congress does revisit the issue, it’s highly unlikely the measures adopted in RISAA will have halted the abuse of U.S. person queries. Those measures largely codified FBI internal guidelines, which have proven insufficient. As CDT previously noted, the FBI still conducted an estimated 4,000 improper U.S. person queries (an average of over 10 every day) even after these rules were put in place, including queries of a U.S. Senator, a state senator, and even a judge who contacted the FBI to report civil rights violations by local police. The fundamental cause of this ongoing misuse of queries is lack of independent oversight and approval. By attempting to treat the symptoms while ignoring the root of the malady, RISAA is doomed to fail. 

The defeat of a warrant requirement for U.S. person queries by such narrow margins was a painful loss for civil rights and civil liberties. However, the dramatic growth in support over the last 10 years[5] for a warrant requirement, combined with the (unfortunate) ongoing potential for abuse, means the effort to impose a warrant rule may have been delayed, but it hasn’t been defeated. 

A Major Step Towards Closing the Data Broker Loophole

Another key privacy issue in the reauthorization debate was closing the data broker loophole, a pernicious practice by which government entities buy sensitive personal data that should require a warrant (or court approval pursuant to other legal standards) to obtain. The data broker loophole is intertwined with FISA 702 because data purchases would otherwise circumvent desired safeguards (such as a warrant rule). Intelligence agencies are already exploiting this loophole for activities such as bulk collection of Internet metadata, a type of collection Congress sought to ban in 2015. In addition to ensuring that hard won FISA reforms are not simply reduced to “surveillance whack-a-mole,” closing the data broker loophole is important in the law enforcement context where state and local police, as well as federal law enforcement agencies like the FBI, purchase data to bypass court approval that often would be required for compelling the disclosure of such data. 

The Fourth Amendment Is Not For Sale Act, which the House adopted on a 219-199 vote just two days after it voted on FISA, would close this loophole[5]. Unfortunately, after it passed in the House, the bill was voted down in the Senate as one of the amendments to FISA 702 legislation. But as with the vote on the warrant rule, procedural concerns may have doomed this amendment, and on the merits it has strong and growing support that augurs well for the future.

An Expansion of Surveillance When It Needs To Be Reigned In

While key reform amendments narrowly failed, Congress actually approved an amendment to expand surveillance by broadening the scope of the entities that can be subject to FISA 702 directives[6]. As CDT and FISA Court amicus Marc Zwillinger have highlighted, the measure broadens the definition of “Electronic Communication Service Provider” in a manner that loops in a huge array of entities, including business landlords. The government can issue directives compelling these landlords to incorporate surveillance infrastructure into office buildings that house media organizations, political campaigns, nonprofits, advocacy groups, law firms, or other sensitive entities. As if to concede the breadth of the new language, the Department of Justice issued a letter stating it would only apply this new provision narrowly. But, as Senator Wyden (D-OR) aptly noted, this promise is not binding even on the current administration, and certainly has no impact on how future administrations use (or misuse) this daunting new power. 

However the dramatic scope of this expansion of FISA Section 702 surveillance may be short-lived: Even while urging Senators to support the bill and not delay its passage by amending this provision, Sen. Mark Warner (D-VA) conceded it was drafted poorly. He made a commitment to amending it in the Intelligence Authorization Act, annual legislation typically considered in June. We hope that Sen. Warner will work with civil liberties groups and other stakeholders to refine this new definition to prevent overbroad applications and potential abuse. 


Congress’ consideration of FISA 702 this year demonstrated an unfulfilled appetite for reform, left unaddressed more due to procedural maneuvers and hurdles than substantive rejection. While RISAA has made FISA 702 worse for civil rights and civil liberties than it was at the start of the year, those problems might be mitigated in the coming weeks. In addition, Congress came closer to closing the backdoor search and data broker loopholes than ever before. It will have a strong opportunity to close these loopholes as soon as April 2026, when FISA 702 is set to  sunset once again.


[1]  The Senate considered an amendment that would trigger a warrant requirement for accessing query results rather than for initially running a query. This would substantially reduce the burden on the FISA Court of making a probable cause determination for U.S. person queries because only 1.58% of the U.S. person queries made in 2022 returned any data at all, according to the Privacy and Civil Liberties Board comprehensive 2023 report on FISA 702.

[2]  Specifically, 33 Senators who opposed a separate uncontroversial amendment to expand the role of the FISA Court amici had previously supported the same measure just a few years prior and offered no substantive reason for their reversal.

[3] Previous FISA 702 sunsets were four or six years long.

[4]  The practice of U.S. person queries was confirmed and became a top tier surveillance reform issue amid the Snowden disclosures and accompanying public debate. A warrant requirement for U.S. person queries was included in the initial version of the USA FREEDOM Act in 2013, but excluded from the version that was later voted on and enacted into law in 2015. In 2018, FISA 702 reform legislation — which included a warrant requirement — received a vote on the House floor that failed by a 183-233 margin (the Senate did not vote on this legislation). Thus the last decade has seen a steady positive trend both in how much Congress is willing to engage on a warrant rule, and how much support it garners.

[5]  An amendment incorporated into the bill before the final vote excluded generally available social media data from the bill’s protections. CDT and others (including the bill’s sponsors) had previously lauded the bill’s prohibition on law enforcement use of facial recognition systems like Clearview AI that are built on improperly scraping social media sites en masse. CDT believes that future iterations of the bill should maintain this prohibition.

[6]  The House adopted the expansion measure by a 236-186 vote. The Senate then considered an amendment to strip it from the bill, but this counter-proposal failed 34-58.