The intelligence community says FISA Section 702 is key to surveilling terrorists. In reality, with the help of the tech industry, the American government is spying on a lot more than its enemies.
A
European Union diplomat sent an email to a group of Haitian civil society
leaders last February, backing a Haitian-led opposition group in the aftermath
of the former president’s assassination in 2021. It was supposed to be a
private exchange; the EU was walking a delicate path, promoting democracy while
pledging to stay out of Haiti’s affairs.
But
there was another party eavesdropping: the U.S. government.
The
Europeans were pledging $3.2 million in EU funding to support the Haitian
national police, according to a summary of the correspondence that surfaced in
documents leaked last year by Jack Teixeira, a U.S. air national guardsman.
“The
communication was sent to the email address used by the recipient organization
and was intended for the stated recipient only — not for third parties,” a
spokesperson for the EU’s diplomatic service said.
It’s
impossible to know exactly how the U.S. government obtained these
communications, but it’s almost certainly because of the country’s immense
technological prowess. The Haitians were using Gmail and American companies are
legally required to comply with U.S. surveillance orders. In addition, a
tremendous amount of web traffic flows through the United States en route to
other countries and the domestic telecommunication industry must allow the
government to collect foreign intelligence information from their networks.
Now, the
part of the Foreign Intelligence Surveillance Act that allows for some of this
spying, Section 702, is in the crosshairs on Capitol Hill. If Congress doesn’t
act by April, the authority will lapse. An unusual alliance of liberal
Democrats such as Sen. Ron Wyden and Rep. Jerry Nadler along with conservative
Republicans like Sen. Mike Lee and Rep. Jim Jordan, is hoping to revise the law
to better protect Americans from being swept up in this surveillance. The Biden
administration and members of Congress of both parties with more hawkish
national security views are encouraging Congress to renew it as is and without
delay.
The
intelligence community says what is currently allowed by FISA Section 702 is
key to catching terrorists, cybercriminals and foreign spies. Less discussed,
however, is that the government is not just surveilling its enemies. Just as
often, the United States spies on foreign leaders and diplomats, foreign civil
society groups, international organizations and its own allies.
And
because everyone from terrorists to world leaders uses U.S. tech platforms such
as Google, Apple, Microsoft, Meta and Amazon, the Section 702 surveillance
authority gives the U.S. an enormous intelligence advantage over other nations.
The U.S. had approximately 250,000 targets under Section 702 surveillance
worldwide in 2022, according to data released by the U.S. Office of the
Director of National Intelligence — although the real number could be much
higher as a target can be an organization or group and all its members.
The
stalemate in Congress is largely over whether the U.S. should be able to search
its vast database of intelligence collected on foreign targets for the names of
American citizens, residents and corporations. Americans can’t be targeted
under the law, but sometimes their communications are swept up when
communicating with foreign targets.
This
debate is only happening in part because of a trillion-dollar tech sector that
is sometimes in uneasy tension with its national security obligations.
FISA
Section 702 is “bad for our tech companies,” Rep. Thomas Massie (R-Ky.) said.
“It’s bad for business to have spyware inside of every product that is sold
from the United States that goes overseas.”
Max
Schrems, an Austrian privacy activist and lawyer who has spearheaded numerous
European legal challenges against American tech companies over their data
transfers from Europe to the U.S., agreed. “It could in the long run be a
problem to have your leading industry also be a tool for espionage.”
After
all, few people would trust Switzerland if they lost all their property rights
in their gold deposits the moment they landed in Zurich or Geneva safety
deposit boxes, Schrems said, drawing a parallel to data rights in the U.S. But
that is essentially the situation when it comes to the relationship between
America’s tech companies and its intelligence agencies.
The
documents leaked by Teixeira, which included the EU’s emails to the Haitian
civil society group, provide a rare window into how FISA works in practice — in
particular how deeply U.S. national power is tied up in American technology
dominance and the kinds of targets that the U.S. selects for surveillance.
The
documents also showed that through FISA, the U.S. had deep visibility into the
communications of the International Atomic Energy Agency, an intergovernmental
nuclear watchdog based in Vienna. It was eavesdropping on top leaders in
Nigeria, Nicaragua and Colombia. It was listening to chatter among top leaders
in Israel’s intelligence agency. And it obtained deep insights into
conversations happening at the highest levels of the Ukrainian government.
All
countries spy — including the closest U.S. allies and partners — usually by
tapping internet and phone cables or hacking into computers and devices by
exploiting bugs in their software.
But the
U.S.’s homegrown technology industry gives it a huge leg up. Data from Facebook
accounts and Gmail inboxes are stored in the U.S. and video calls on Zoom or
Microsoft Teams flow across U.S. servers and fiber optic cables. Billions of
people use those products and tools — including foreign leaders from both
allied and adversarial countries, as well as their subordinates, associates,
families and neighbors. All could be targets under the U.S.’s broad definition
of what amounts to value for foreign intelligence purposes.
American
spy agencies can show up to any of those companies with FISA orders, and the
companies are generally required to cooperate and turn over all relevant data.
And because American technology companies in many cases rely on the data their
users generate, their communications also are vulnerable to being intercepted
by U.S. intelligence agencies.
That’s
why U.S. officials are so concerned about Chinese telecommunications companies
installing their equipment around the world, or Chinese-owned apps like TikTok
proliferating on Americans’ and many others’ phones. The global competition
between world powers is increasingly tied up in questions about who controls
data centers, tech platforms and telecommunications equipment, and the U.S. is
worried about its decades-long advantage eroding.
Another
worry about American surveillance is that, in sharp contrast with search
warrants and subpoenas, which are eventually made public, U.S. tech companies
are not permitted to tell account holders they are being monitored. More than
145,000 Meta users, 100,000 Google account holders and 20,000 Microsoft account
holders were impacted by FISA requests for content from their accounts in the
final six months of 2022, which is the most recent data available. Apple
received about 34,000 content requests in the first six months of 2022, which
was the last time it self-reported data.
Former
intelligence officials say that the United States is not wantonly doing dragnet
surveillance against the entire world — that Section 702 is a limited, targeted
program.
“I don’t
think it’s fair to draw the conclusion that the targets are anyone in the
general population who just might happen to have some possible foreign
intelligence value. Instead, it’s far more targeted,” said Glenn Gerstell,
former general counsel at the National Security Agency and now a senior adviser
at the Center for Strategic and International Studies. “If the impression that
one gets is 702 is all about targeting civil society, for example, that’s just
counterfactual.”
Still,
since 2011, Schrems has waged legal battles over transfers of European data to
the U.S., in which he has alleged EU residents are subject to warrantless and
suspicionless surveillance by American national security officials. The issue
has metastasized into a legal controversy that threatens the ability of U.S.
tech companies to do business in Europe.
“There’s
shockingly little transparency into how it is used against foreign targets,”
said Elizabeth Goitein, senior director of the Brennan Center for Justice, a
policy institute that is pushing for changes to the law. “Foreign intelligence
is defined in such a way that it can mean next to anything,” she said.
In
Congress, lawmakers are more worried about what all this intelligence means for
Americans’ privacy.
“We on
the Judiciary Committee are not trying to preserve the rights of foreigners,”
Rep. Darrell Issa (R-Calif.) said. “Our obligation is to protect the
constitutional rights of U.S. persons.”
***Byron
Tau is a reporter at NOTUS. John T. Seward, a NOTUS reporter and an Allbritton
Journalism Institute fellow, contributed reporting.
https://www.notus.org/technology/big-tech-fisa-702-american-spying-superpower