But there was another party eavesdropping: the U.S. government.

The Europeans were pledging $3.2 million in EU funding to support the Haitian national police, according to a summary of the correspondence that surfaced in documents leaked last year by Jack Teixeira, a U.S. air national guardsman.

“The communication was sent to the email address used by the recipient organization and was intended for the stated recipient only — not for third parties,” a spokesperson for the EU’s diplomatic service said.

It’s impossible to know exactly how the U.S. government obtained these communications, but it’s almost certainly because of the country’s immense technological prowess. The Haitians were using Gmail and American companies are legally required to comply with U.S. surveillance orders. In addition, a tremendous amount of web traffic flows through the United States en route to other countries and the domestic telecommunication industry must allow the government to collect foreign intelligence information from their networks.

Now, the part of the Foreign Intelligence Surveillance Act that allows for some of this spying, Section 702, is in the crosshairs on Capitol Hill. If Congress doesn’t act by April, the authority will lapse. An unusual alliance of liberal Democrats such as Sen. Ron Wyden and Rep. Jerry Nadler along with conservative Republicans like Sen. Mike Lee and Rep. Jim Jordan, is hoping to revise the law to better protect Americans from being swept up in this surveillance. The Biden administration and members of Congress of both parties with more hawkish national security views are encouraging Congress to renew it as is and without delay.

The intelligence community says what is currently allowed by FISA Section 702 is key to catching terrorists, cybercriminals and foreign spies. Less discussed, however, is that the government is not just surveilling its enemies. Just as often, the United States spies on foreign leaders and diplomats, foreign civil society groups, international organizations and its own allies.

And because everyone from terrorists to world leaders uses U.S. tech platforms such as Google, Apple, Microsoft, Meta and Amazon, the Section 702 surveillance authority gives the U.S. an enormous intelligence advantage over other nations. The U.S. had approximately 250,000 targets under Section 702 surveillance worldwide in 2022, according to data released by the U.S. Office of the Director of National Intelligence — although the real number could be much higher as a target can be an organization or group and all its members.

The stalemate in Congress is largely over whether the U.S. should be able to search its vast database of intelligence collected on foreign targets for the names of American citizens, residents and corporations. Americans can’t be targeted under the law, but sometimes their communications are swept up when communicating with foreign targets.

This debate is only happening in part because of a trillion-dollar tech sector that is sometimes in uneasy tension with its national security obligations.

FISA Section 702 is “bad for our tech companies,” Rep. Thomas Massie (R-Ky.) said. “It’s bad for business to have spyware inside of every product that is sold from the United States that goes overseas.”

Max Schrems, an Austrian privacy activist and lawyer who has spearheaded numerous European legal challenges against American tech companies over their data transfers from Europe to the U.S., agreed. “It could in the long run be a problem to have your leading industry also be a tool for espionage.”

After all, few people would trust Switzerland if they lost all their property rights in their gold deposits the moment they landed in Zurich or Geneva safety deposit boxes, Schrems said, drawing a parallel to data rights in the U.S. But that is essentially the situation when it comes to the relationship between America’s tech companies and its intelligence agencies.

The documents leaked by Teixeira, which included the EU’s emails to the Haitian civil society group, provide a rare window into how FISA works in practice — in particular how deeply U.S. national power is tied up in American technology dominance and the kinds of targets that the U.S. selects for surveillance.

The documents also showed that through FISA, the U.S. had deep visibility into the communications of the International Atomic Energy Agency, an intergovernmental nuclear watchdog based in Vienna. It was eavesdropping on top leaders in Nigeria, Nicaragua and Colombia. It was listening to chatter among top leaders in Israel’s intelligence agency. And it obtained deep insights into conversations happening at the highest levels of the Ukrainian government.

All countries spy — including the closest U.S. allies and partners — usually by tapping internet and phone cables or hacking into computers and devices by exploiting bugs in their software.

But the U.S.’s homegrown technology industry gives it a huge leg up. Data from Facebook accounts and Gmail inboxes are stored in the U.S. and video calls on Zoom or Microsoft Teams flow across U.S. servers and fiber optic cables. Billions of people use those products and tools — including foreign leaders from both allied and adversarial countries, as well as their subordinates, associates, families and neighbors. All could be targets under the U.S.’s broad definition of what amounts to value for foreign intelligence purposes.

American spy agencies can show up to any of those companies with FISA orders, and the companies are generally required to cooperate and turn over all relevant data. And because American technology companies in many cases rely on the data their users generate, their communications also are vulnerable to being intercepted by U.S. intelligence agencies.

That’s why U.S. officials are so concerned about Chinese telecommunications companies installing their equipment around the world, or Chinese-owned apps like TikTok proliferating on Americans’ and many others’ phones. The global competition between world powers is increasingly tied up in questions about who controls data centers, tech platforms and telecommunications equipment, and the U.S. is worried about its decades-long advantage eroding.

Another worry about American surveillance is that, in sharp contrast with search warrants and subpoenas, which are eventually made public, U.S. tech companies are not permitted to tell account holders they are being monitored. More than 145,000 Meta users, 100,000 Google account holders and 20,000 Microsoft account holders were impacted by FISA requests for content from their accounts in the final six months of 2022, which is the most recent data available. Apple received about 34,000 content requests in the first six months of 2022, which was the last time it self-reported data.

Former intelligence officials say that the United States is not wantonly doing dragnet surveillance against the entire world — that Section 702 is a limited, targeted program.

“I don’t think it’s fair to draw the conclusion that the targets are anyone in the general population who just might happen to have some possible foreign intelligence value. Instead, it’s far more targeted,” said Glenn Gerstell, former general counsel at the National Security Agency and now a senior adviser at the Center for Strategic and International Studies. “If the impression that one gets is 702 is all about targeting civil society, for example, that’s just counterfactual.”

Still, since 2011, Schrems has waged legal battles over transfers of European data to the U.S., in which he has alleged EU residents are subject to warrantless and suspicionless surveillance by American national security officials. The issue has metastasized into a legal controversy that threatens the ability of U.S. tech companies to do business in Europe.

“There’s shockingly little transparency into how it is used against foreign targets,” said Elizabeth Goitein, senior director of the Brennan Center for Justice, a policy institute that is pushing for changes to the law. “Foreign intelligence is defined in such a way that it can mean next to anything,” she said.

In Congress, lawmakers are more worried about what all this intelligence means for Americans’ privacy.

“We on the Judiciary Committee are not trying to preserve the rights of foreigners,” Rep. Darrell Issa (R-Calif.) said. “Our obligation is to protect the constitutional rights of U.S. persons.”

***Byron Tau is a reporter at NOTUS. John T. Seward, a NOTUS reporter and an Allbritton Journalism Institute fellow, contributed reporting.

https://www.notus.org/technology/big-tech-fisa-702-american-spying-superpower