Data Privacy And The Contested Extension Of FISA, Section 702

It’s official: the executive branch has signed into law the bill that reauthorizes the warrantless surveillance power of the government, gravely impacting the civil liberties of every American citizen.

I watched the events unfold as the House ultimately rejected the amendment known as The Reforming Intelligence and Securing America Act (H.R. 7888)—which would have added provisions to include stricter rules when searching for information about U.S. citizens, to prohibit political appointees’ involvement, and to require mandatory audits–under Section 702 of the Foreign Intelligence Surveillance Act, which was slated to expire on April 19. Then days later, the Senate defeated the amendments that would have put constraints on the “spying powers” that were deemed “too broad.” This section allows the NSA to collect foreign intelligence information, including data on foreign targets outside the United States. Many say it still permits the incidental collection of data of U.S. citizens without a warrant.

As per Senator Ron Wyden: “If you have access to any communications, the government can force you to help it spy. That means anybody with access to a server, a wire, a cable box, a Wi-Fi router, a phone or a computer. … If this provision is enacted, the government can deputize any of these people against their will and force them, in effect, to become what amounts to an agent for Big Brother.”

The Biden Administration signed the bill into law, extending Section 702 for another two years.

Elizabeth Goitein, co-director of the Liberty and National Security Program at the nonpartisan Brennan Center for Justice law and policy institute, said this in defeat of the amendments:

The Pivotal Moment: Snowden Exposes Wide Sweeping Collection of Americans’ Data

In 2013, when whistleblower, Edward Snowden exposed PRISM, the NSA surveillance program, new information began to surface. Are Google, Facebook and other Big Tech companies giving the federal government unrestricted access to people's data? At the time, I wrote about this stunning set of events: “The NSA, Privacy and the Blatant Realization that Nothing You Do is Private.” I observed that while Facebook faced significant challenges as the FTC and Canada’s privacy commissioner imposed mandates for more transparent user privacy disclosures and guidelines, the company had simply followed the lead of publishers, ad networks, and direct marketers, who had already been collecting online user information such as search behavior, clicks, purchases, site visits, and content consumption for many years:

“Time marches on and we’ve seen ad evolution in retargeting capability, dynamic ads that flex with your online footprint, geography, profile and emails you write, pages you ‘like’ etc...And the industry will continue to evolve because there are huge profits to be made.”

To this day, data that Big Tech collects is incredibly valuable to the government.

On September 2, 2020, the NSA surveillance program was ruled unlawful. The ruling made clear that the NSA’s bulk collection of Americans’ phone records, emails, and communications violated the Constitution, particularly, the Fourth Amendment, which decrees Americans should be free from “unreasonable searches and seizures,” which the ACLU deemed extended to wiretapping and electronic surveillance.

Snowden disclosed numerous global surveillance programs, many run by the NSA and the Five Eyes Intelligence Alliance with the cooperation of telecommunication companies and European governments. His leaks revealed that the U.S. government had been conducting extensive surveillance of not only potential foreign threats but also American citizens, often without warrants.

Robert Scheer, author of They Know Everything About You, had written: “When Snowden decided to risk his life to bring us a view into the inner workings of the beast, it blew a huge hole in the casual mass denial, revealing to even the least skeptical that privately mined data was quite accessible to those with a potentially far greater power to violate our rights and freedom.”

One of the most significant legal responses following the PRISM revelations was the USA Freedom Act of 2015. This act ended the bulk collection of telephone metadata by the NSA under Section 215 of the Patriot Act and introduced transparency measures and reforms intended to increase oversight of surveillance activities. Despite reforms, challenges remained.

The vote to reauthorize FISA came the same week when news broke of Google employee protests against “Project Nimbus,” a cloud contract with the Israeli government that leverages the company’s technologies to increase Israel’s surveillance power. Other reports of Israel’s use of Google Photo (an open-source library) to target Hamas compounded the issue. This is how Silicon Valley came to be, a sector heavily funded by the U.S. intelligence.

Christine Bannan, U.S. public policy manager at Proton, a privacy tech company that provides end-to-end encryption services, reacted to this news:

"The ease with which governments can access data through companies like Google highlights a critical need for surveillance reform. Today, governments can weaponize consumer technologies without real accountability. We firmly believe privacy is a universal fundamental right that must be protected and respected, and end-to-end encryption, like that utilized in Proton Drive, is the most effective way to prevent personal data like photos being utilized without the user’s consent."

Meredith Whitaker, CEO of Signal and who founded Google’s Open Research Group, said this on X/Twitter:

“Those fighting to reduce Big Tech’s concentration need to recognize that the integration of Big Tech infra[structure] into gov – via Military contracts, gov’t surveillance, etc —- is contrary to their aims. The more gov is dependent on Big Tech, the harder it will be to check their size/power… which makes it odd to see little/no pushback from most of this camp re the AI defense goldrush/NDAA tech allocations, the 702 surveillance abuse into law…”

Bannon, who specializes in consumer privacy, antitrust, and technology law, remarked on the rapid data collection and aggregation today, especially with the rise of large language model organization developing solutions to improve understanding about people and organizations. From her perspective, progress will enable more bad behavior;

"The rapid advancement of AI and LLMs brings major productivity benefits but also significant privacy concerns. LLMs will be used by governments to sort through large data sets for intelligence, making it easier to conduct mass surveillance. Conversely, LLMs bring enormous benefits, for productivity, research and so much more, but we must not be naive about the risks as we were with the social media revolution. We need to build systems that understand the difference between what is public, and what is private training on synthetic, anonymous data and keeping PII isolated and protected from being used for anything other than the user’s intended purpose. Further still, end-to-end encryption prevents user data from being scraped by AI models and abused by governments.”

Without the need for legal warrants, Bannan calls on technology organizations to minimize risks to their customers:

“It’s vital that companies and lawmakers put in place rules and systems now that ensure the required data is collected ethically, is stored securely, and protected from intrusive governments and companies. And it's imperative that the products that use LLMs are designed in such a way that they don’t intrude on users' privacy. We can’t allow this new technology to become yet another tool for surveillance capitalism. The U.S. government will not only continue to expect U.S. tech companies to comply but is also looking to expand the scope of companies subject to surveillance requests with the latest reauthorization of FISA.”

Despite the reauthorization, Proton remains firm that the company will continue to protect users from U.S. government’s surveillance:

"Proton is well-equipped to maintain user privacy, regardless of the U.S. reauthorization of Section 702. Being based in Switzerland means we adhere to strict Swiss privacy laws, which protect our users from U.S. surveillance demands. Furthermore, our end-to-end encryption means that we cannot decrypt and hand over user data under any circumstances.”

For Elizabeth Gottein and the Brennan Center for Justice, in the 10 years since PRISM, things largely remain unchanged. But she hopes that the fight will continue:

“The provision effectively grants the NSA access to the communications equipment of almost any U.S. Business, plus huge numbers of organizations and individuals. It’s a gift to any president who may wish to spy on political enemies, journalists, ideological opponents etc.… but with ‘one of the most dramatic and terrifying expansions of government surveillance authority in history’ as @RonWyden aply described it. It is nothing short of mind-boggling that 58 senators voted to keep this Orwellian power in the bill.”

As the dust settles on the reauthorization of FISA Section 702, the implications for civil liberties are stark and unsettling. Despite vocal opposition and a decade of warnings from privacy advocates and legal experts, the U.S. government maintains extensive surveillance powers that encroach on the privacy of both American citizens and global netizens. The defeated amendments, which aimed to inject a semblance of oversight and accountability into the surveillance framework, signal a troubling continuity in policy that prioritizes national security over fundamental privacy rights.

The resistance to reform showcases not only the entrenchment of surveillance powers but also highlights the intricate and opaque relationship between government agencies and technology giants. As companies continue to harvest vast amounts of data, their integration with government initiatives becomes a formidable tool for surveillance, raising ethical and legal concerns about the reach of government oversight and the erosion of privacy.