The Just Security Podcast

FISA Section 702 Reauthorization

May 17, 2023 Just Security Episode 27
The Just Security Podcast
FISA Section 702 Reauthorization
Show Notes Transcript

This year, a key U.S. national security law is set to expire. Section 702 of the Foreign Intelligence Surveillance Act has many moving parts, but the gist is that it allows the government to collect the communications of foreigners who are abroad, to gain foreign intelligence information, including when those people communicate with Americans inside the United States. And it can do that without a warrant. 

In practice, this means that intelligence agencies can order email services, like Google and Yahoo, to hand over copies of the messages of targeted foreigners to intercept the phone calls, texts, and internet communications to or from a foreign target.

In the past, reauthorization by Congress was pretty much routine, and some new modifications and procedural safeguards have been added over the years. But this year could be different. A series of recent government reports and court opinions have shown extensive use of Section 702 as a domestic surveillance tool by the FBI. There have been numerous incidents of FBI agents pushing, and sometimes breaking, legal limits on accessing the data of Americans that is “incidentally” collected as part of a Section 702 search. Politics are also at play. Some members of Congress, including House Judiciary Committee Chairman Jim Jordan, have said they oppose reauthorization. 

To understand how the Biden administration is thinking about the Section 702 reauthorization, Just Security’s Co-Editor-in-Chief Tess Bridgeman sat down with Chris Fonzone and Josh Geltzer. Chris is the General Counsel of the Office of the Director of National Intelligence and Josh is Deputy Assistant to the President and Deputy Homeland Security Advisor at the National Security Council. 

Show Notes:

  • Chris Fonzone
  • Josh Geltzer
  • Just Security’s FISA Section 702 coverage
  • 36:55 NYU’s American Journalism Online Program
  • Music: “The Parade” by “Hey Pluto!” from Uppbeat: (License code: 36B6ODD7Y6ODZ3BX)
  •  Music: “Eyes Closed” by Tobias Voigt from Uppbeat: (License code: XTRHPYM1ELYU8SVA) 

Paras Shah: Welcome to a special episode of the Just Security podcast. I’m your host, Paras Shah. 

This year, a key U.S. national security law is set to expire. Section 702 of the Foreign Intelligence Surveillance Act has many moving parts, but the gist is that it allows the government to collect the communications of foreigners who are abroad, to gain foreign intelligence information, including when those people communicate with Americans inside the United States. And it can do that without a warrant. 

In practice, this means that intelligence agencies can order email services, like Google and Yahoo, to hand over copies of the messages of targeted foreigners to intercept the phone calls, texts, and internet communications to or from a foreign target.

In the past, reauthorization by Congress was pretty much routine, and some new modifications and procedural safeguards have been added over the years. But this year could be different. A series of recent government reports and court opinions have shown extensive use of Section 702 as a domestic surveillance tool by the FBI. There have been numerous incidents of FBI agents pushing, and sometimes breaking, legal limits on accessing the data of Americans that is “incidentally” collected as part of a Section 702 search. Politics are also at play. Some members of Congress, including House Judiciary Committee Chairman Jim Jordan, have said they oppose reauthorization. 

The fight to reauthorize Section 702 impacts the privacy rights of every American and has massive implications for how the U.S. government collects information on foreign targets that it believes have foreign intelligence information, from suspected hackers, to potential war criminals, to terrorists. 

To understand how the Biden administration is thinking about the Section 702 reauthorization, Just Security’s Co-Editor-in-Chief Tess Bridgeman sat down with Chris Fonzone and Josh Geltzer. Chris is the General Counsel of the Office of the Director of National Intelligence and Josh is Deputy Assistant to the President and Deputy Homeland Security Advisor at the National Security Council. 

Here's their conversation. 

Tess Bridgeman: Hello, Chris and Josh, thank you so much for joining us today. I want to jump right in by starting with a high level question. Our listeners might be familiar with traditional Title I FISA collection, which requires a showing of probable cause before a judge, but Section 702 doesn't work that way. Can you give us an overview of the purpose of Section 702, how it works, and what makes it different from other intelligence collection authorities? Maybe Chris, can you get us started?

Chris Fonzone: Sure. Thanks, Tess. Thank you so much for having us on—I'm sure I speak for Josh in saying that. 

I think I can give you a short answer and a longer answer to your question. 

The short answer, the sort of elevator pitch of what 702 is and does, is that it's a statutory authority in which Congress established a court-supervised regime that enables the IC to target non-US persons located outside of the United States who possess or are expected to communicate foreign intelligence information with the assistance of US electronic communications service providers. And when the IC exercises this authority, it has to do so subject to a set of privacy and civil liberties protections that are overseen by all three branches of government. So that's the sort of pithy short summary of what Section 702 does. 

I think to describe it a little bit longer, it's helpful to provide a bit of history and then a bit of how it works. So I think those two things together answer the questions you asked. 

So the history here is that, in 2008, which is when Congress initially enacted 702, it recognized an increasingly relevant phenomenon. And this was obviously in the sort of post 9/11 world when there was a lot of focus on the government connecting the dots of different types of intelligence. And what Congress recognized was that there were non-US persons overseas who were increasingly using US technology service providers, US—I think the term of art in statute—electronic communications service providers. And what Congress recognized is that trying to access those communications using Title I was something that was impossible for the US government to do at scale. 

Title I is, as you alluded to, Tess, in your question, is what people typically call “traditional” FISA, Title I FISA. This is when a US government attorney would go to the Foreign Intelligence Surveillance Court and have to demonstrate probable cause that the person we're trying to collect communications from is an agent of a foreign power. And those types of applications can be dozens or even hundreds of pages long. And there's just—to do that at scale is something that the court and the US government can't process at scale. 

I think what Congress recognized is given the amount of targets outside the United States, who are non-US persons who are using US technology service providers, that that's something that that system didn't make—it wasn't the perfect system for those types of targets.  Because that system was designed for people inside the United States who have Fourth Amendment constitutional rights, whereas people outside the United States typically don't. And the government, in collecting intelligence outside our borders, usually relies on the President's authority, as implemented through Executive Order 12333.

So what Congress did in this situation is actually develop what I think is a pretty elegant solution. They said, “We're not going to have you go to the—Executive branch, you're not going to go to the court for every specific target. Rather, what we're going to do is we're going to create a statutory program, where you go to the court on an annual basis and have the court approve the overall program. And then individual targets, you'll be able to approve within the executive branch.” 

So they created the Section 702 program to do that, and the way the program works, it's actually a pretty elegant and layered way of approving intelligence authority. So the way it works is on an annual basis, the Attorney General and the Director of National Intelligence, my boss, have to submit to the Foreign Intelligence Surveillance Court something that are called certifications. These certifications basically describe categories of foreign intelligence that the IC would be authorized to obtain under Section 702. They submit these certifications every year to the Foreign Intelligence Surveillance Court alongside a set of rules that they will promise to follow when they're collecting intelligence against a certification. So those rules are designed to ensure that Section 702 is used only to target non-US persons located outside the United States. The rules also say that you can't target someone who's inside the United States--or a non-U.S. person to access the intelligence of a US person outside the United States. The rules also safeguard any US person information that's collected while you're targeting non-US persons. Rules for how the information may be queried, rules for how the information may be shared, rules for how long it can be maintained, or retained is the term of art used in intelligence circles. 

So the AG and the DNI submit these certifications and these rules to the Foreign Intelligence Surveillance Court, and every year the court reviews them, and they have to make sure that they comply with the Foreign Intelligence Surveillance Act, FISA, and the Fourth Amendment, and then they have to write a written opinion explaining why they do so. Once the court writes that opinion and approves the certifications, the ball is then in the executive branch's court. And they're allowed to serve directives on US electronic communications service providers, basically saying that they have to cooperate with us in the 702 program. And then what we can do is we can serve individual foreign intelligence targets to those companies who have been served directives. But before we do that, before we can serve them a target – and a target is essentially a selector, a phone number, an email address – an analyst has to record a basis for concluding that that target, that selector. is both from a non-US person located outside the United States, and that the specific person or that specific selector will communicate, possess, or receive foreign intelligence information relevant to a 702 certification. So basically, the court has approved the program, we have to approve selectors with a written basis, and then DOJ ultimately reviews every one of those written descriptions of why we're collecting intelligence. 

In addition to this DOJ review of every targeting termination, ODNI – the Office of the Director of National Intelligence – does overall oversight of the program, as does DOJ. We review US person queries and we evaluate and take remedial action to address incidents of non-compliance. For instance, non-compliance has to be reported to the Foreign Intelligence Surveillance Court with an order, remedial steps as well. And then finally, so you have the courts, you have the executive branch, there's semi-annual compliance reporting and regular briefings to the congressional intelligence judiciary committees on the program, which is how the third branch of government gets involved in overseeing the 702 program. 

So I think that's the background of kind of what 702 is, why we have it and how it works. I don't know, Josh, if there's anything you'd add to that. 

Josh Geltzer: That's a great description. 

Tess: Switching gears a bit, Section 702 is due to sunset at the end of this year. And there has been much debate over its reauthorization and potential reform. From an executive branch perspective, what's important for Congress and the public to understand about Section 702 in the context of this debate? 

Josh: So there are a couple of things we try to set the record straight on in settings like this, and when we're engaged with the Hill and others. One is, fundamentally, we try to make clear the value of this program, because this has become essential to protecting the national security of the country, as both Chris and you, Tess, have indicated. The program's origins are in counterterrorism, and it remains critical to counterterrorism. We've said as a government that locating the world's most wanted terrorist last year, I mean Ayman al-Zawahiri, the global leader of al Qaeda, involved 702 collection and of course that enabled us to remove from him the battlefield, but there's more than counterterrorism to the program at this point.

702 collection is essential to dealing with Russia, including, as the Deputy Attorney General indicated recently in congressional testimony, to identifying just horrific abuses perpetrated by Russia and its aggression in Ukraine. It is a critical authority as we deal with China, the PRC. It is critical to protecting critical infrastructure in the United States from hostile actors. It has become essential to our cyber efforts, including not just as a government protecting cybersecurity, but in doing the work we do in which we try to alert those in the private sector and elsewhere about cyber threats, such as ransomware. So one thing we try to set the record straight on is not just the overall value of the program, but the multitude of ways in which we use collection under 702 to protect the nation, that's one. 

A second thing we tried to set the record straight on simply is what has and has not been part of 702 collection, because there are things that are very divisive on the Hill, like the Carter Page incident that simply had nothing to do with Section 702 – whatever one's views about them, they weren't 702 collection. And it's important to us to make that clear. 

And then I'd say a third point, and it's one that I suspect you'll want to get into further, which is there's a lot of conversation about the type of queries – the type of ways in which information already collected under a 702 authority – is looked through by the government to find what's actually useful in it. And in particular, there's a lot of discussion about so-called US person queries, in which information associated with US persons who cannot be the targets of 702 collection, is used to search through already lawfully collected information under 702. And there's a lot we'd like to say on that and as the conversation continues. But the maybe primary mythbuster here is that, in a sense, the idea that there's information involving those who are not themselves the targets of collection – that is not unique to 702. It's inherent to communication, you're always communicating with someone else. And whether you're using traditional criminal authorities, like Title III, whether you're using other FISA authorities, like the traditional Title I, or whether you're doing it under 702, you're gonna get communications between the intended targets you're collecting against and whoever they are talking with, or emailing with, as the case might be. 

Now, how to manage that information is something we should spend some more time on. But that is not a unique challenge, and not a unique aspect of 702 collection. Chris, anything in the myth camp you want to add?

Chris: I mean, I guess, given my current role, I have a parochial reason to mention this: it does bother me when there's an implication that the government is doing something unlawful in the 702 program, and a lot of the phraseology and terminology people use when they describe the program sort of implies unlawful behavior on behalf of the government. And, I mean, this is a program that Congress has approved, Congress authorized in 2008 and has reauthorized twice since then. It's a program that the FISC has approved every year since Congress initially authorized it. It's a program that has come before other federal courts, other than the FISC, in criminal cases, when the government has used FISA 702 information and informed the defendant about it. And those courts have found the program to be lawful. 

I think reasonable people can disagree about some of the aspects of the program, which I'm sure you're gonna ask us about later on in the podcast. But I think the notion that the government is doing something that is unlawful is just not borne out by the facts. Like, Congress has approved this, the courts have approved it, this is consistent with the executive branch's need to protect the nation's security. So it's a lawful program. And I think that's something that—that the implication that the Intelligence Community is doing something wrong in executing this program—is always something that's bothered me a little bit.

Tess: Thanks to both of you. That's helpful. But I do want to get into this issue a little more, because I think it gets to the heart of some of the most contested issues in this reauthorization debate. So let's talk more about incidental collection and privacy rights. Section 702, of course, could have been designed to only allow collection of foreign to foreign communication. But instead, US person information does get collected and put into a database that can be queried later, alongside information of foreign targets. So if similar collection outside of 702 would require a warrant, what makes the collection of this information without a warrant, and then second, the querying of the 702 database without a warrant, permissible, when you know you're searching for terms that will return information about a US person who was not initially the target of that collection, and who isn't allowed to be a target themselves under Section 702?

Josh: Yeah, these are great questions, and they cut to the heart of some of the most important debates, I think, right now about 702. So, as you indicated, Tess, it is forbidden by statute to target a US person. But in targeting non-US persons located overseas under 702, what comes back from the providers can include communications that they're having with a wide range of interlocutors, and some of those interlocutors can indeed be US persons. Again, this is analogous to other settings in which you target someone for collection under whatever the authority, and you get back what they are communicating with their interlocutors. 

So the question then becomes what to do with that already lawfully collected information, and to Chris's point, the regime as a whole has been upheld by federal judges, both in the FISA court and in the non-FISA context, federal judges sitting outside that context. So it really then becomes a policy and privacy conversation. And what has been urged by commission after commission, often in the wake of something bad that has happened, is that the US government utilizes that which is lawfully in its collection. This is what the Fort Hood Commission said. This is what the 9/11 Commission really was at length to say, which is that if the US government has information that has already been lawfully collected, it's incumbent on the US government to use that information to protect the nation, to protect national security and public safety.  

Tess: If I could interject here and just press you on that. You're talking about really important national security-related investigations. And I don't think anyone would doubt that. But the FBI can still query the Section 702 database, or search the database, in the course of non-national security investigations divorced from the foreign intelligence purpose of the initial collection. So bearing in mind that the foreign intelligence purpose is what makes the collection lawful from a Fourth Amendment perspective at the outset, why should the FBI then be allowed to use information collected under Section 702 for non-national security-related criminal investigations?  

Chris: So I think, just building off what Josh said earlier, that you're asking exactly the right question, Tess, which is, as Josh said, the legal landscape is that if the government has lawfully acquired information—and I think we're operating on premises that 702 is lawful, which Josh and I obviously think it is—if we've lawfully acquired the information, the government can then query or look at information for valid reasons – I think the question then becomes: just because we lawfully can do something doesn't mean we should. It becomes a policy choice of what should we be allowed to do? And I think what you're pointing out, Tess, is that you might do queries of the information for lots of different reasons. I think, as Josh pointed out, the 9/11 Commission, the Fort Hood commission, has emphasized how important it is in important national security matters to be able to connect dots in this way. That's one type of query. 

Another type of query that I know the government has talked a lot about is doing victim queries. Oftentimes, they'll have information about someone who might be a victim of a national security threat or other matters, and they might want to look in the database to find them, and seek to help them out and assist them. Then as you point out, Tess, there's a possibility of doing them for other reasons, like evidence of a crime queries. 

I think the policy benefits and the reasons to not do those queries could differ for each of those categories. And I think what Josh was indicating is, that's the discussion that really is important to be having, and we think is going to happen during the reauthorization debate that's just taking off now. 

Josh: I think that’s right. And once you're in that policy realm, and we've worked hard to try to share what we can with the public and with Congress, even in an unclassified setting – though, of course, we share even more with them in classified settings – is that those sorts of queries allow us to identify victims once we know enough to look for them, and of course, then try to mitigate them from the sort of national security harms we are charged with addressing. But when you're in that realm of a policy debate, that is the sort of benefits, sort of value, that we hope to demonstrate in this continuing conversation. I do think it's worth emphasizing here that sometimes just the vernacular, the language, actually trips up conversations on this, because we talk about searches for Fourth Amendment purposes, and then sometimes people – and those people include people in government – sometimes use the word “search” to talk about looking through that which has already been unlawfully collected under 702. But you, Tess, used the word “query” before, you hear us trying to use the word “query.” That's because it's not a search, at that point, for Fourth Amendment purposes. 

Again, you don't need to take Chris’s and my word for that, there are federal judges who have said that in various contexts. But I do think it's worth emphasizing to listeners that what happens at a stage of sifting through and figuring out an efficient way of organizing that which information has already been collected by querying it is something different, both in practice, but more importantly, different on legal grounds from the sort of search that's implicated by the Fourth Amendment of acquiring information in the first place. 

Tess: So is there still a circuit split on this question of whether querying the database for US person information constitutes a second search? How have courts thought about this? 

Josh: I think courts have grappled with, quite frankly, this question not only in the 702 contexts, but in a couple other contexts. And look, this is a great question of the future, because, you know, how one sifts through information – as a government, as the private sector, as a whole host of actors, who possess varying amounts of information and want to be efficient and effective about how they get to what matters – it's going to loom larger as time goes by. 

But I think for us, we have gotten court opinions, including, most importantly, the year after year federal court approval of this program that includes US person queries, and more than that, includes going to the court – very detailed materials on how those are actually used, what they actually mean in practice, what the sort of justifications are that are provided by those who are looking through the information, and what the the scope of that is. We've also seen parts of our government work hard to make sure they're being more and more rigorous about how they document that, about what the kind of presumption is for those who have access to this information, so that they're being quite deliberate and quite careful about it, because again, within the realm of that which is legally available – indeed, more than legally available, legally upheld by judge after judge – you still have concerns for treating inflammation with care and with caution, and you've seen parts of our government work to improve that practice in the years of operating under under the 702 statutory framework. 

Tess: So both of you and other executive branch officials who have been speaking publicly about Section 702 have provided a really robust explanation of the merits of the program from a national security perspective. All of the cases that you mentioned, Josh, are clearly compelling. But coming back to your point, Chris, that there's a prudential decision to be made about how this information is then used, I want to press you on what seems to be a controversial issue, which is that the secondary use case here is what's endangering the program's reauthorization – that is querying the database for us person information in “evidence of a crime” cases. So why not just limit permissible queries to the foreign intelligence context and a reasonably related category of national security crimes? Why is that not a good compromise to ensure that you keep this valuable tool available to the executive branch in the primary use cases that are frankly much more compelling?  

Josh: I'm happy to start which is, you know, think about what the queries are identifying, right? Think about them identifying, let's say, a US person – which can mean an individual, it can mean a company, a victim of a foreign hack, a foreign cyber intrusion – or think about it identifying a US person who is being recruited to spy for a foreign government. The fact that these are US persons being preyed upon in this way, or targeted and lured in this way, makes them even more important. In other words, it is a particular, we think, responsibility of us as a government, to help when a US entity has been victimized in a way that our 702 holdings, demonstrate, allow us to identify, allow us to then reach out to them confirm, help them mitigate, or to warn someone that in fact, they are being taken down the path of being recruited as an asset, a source, a spy by a hostile foreign power. If you think about whether you would be most concerned about a cyber victim or a potential spy recruit when they're a US person or when they're not, you would be most concerned when they are the US person being victimized. And so the fact that in this pot of information that we have the answers to those exist, it would seem of particular importance that we be able to access it.

And maybe I'm going one step further in the conversation here, we don't think that which some have proposed, which is seeking some sort of prior court approval for those sorts of searches, is either consistent with how to think about them – because they're not really searches, they're queries – or able to deal with the fact that they are not themselves guilty parties, they are indeed victims in some cases, or able to keep up at the speed and scale with which we're acquiring the sort of information and trying to utilize it. But I would emphasize it in some cases, those are what we feel highest responsibility to identify, so we can warn, mitigate, protect or take whatever the appropriate next step might be.

Tess: So I take it that your case overall is simply that once the information is in the US government's possession, it would essentially be irresponsible not to use it in these other contexts, even though they go beyond the original purpose of the collection. Am I hearing that right? Or would you put it differently?

Josh: So I do think we think it's a responsibility to identify threat information, threat warnings that we've lawfully collected, and then act on it responsibly. But that isn't to say we use even all of the 702 collected information in all the imaginable ways. So for example, FBI, which is charged with the homeland-protecting mission, gets less than four percent of the information collected under 702, with the deliberate recognition that it makes sense to protect privacy above and beyond what may be legally available under the program.

What's more, and I mentioned this before, as well, FBI has over the years worked to structure how its personnel have access to the information, that makes it even clearer to those who might be querying it that they are doing so, and that they have a reason for doing so that can be recorded and looked at later if there's any question or concern about it. So, yes, I think we start fundamentally from the premise that's been urged of us by some of those blue ribbon commissions and others that we make use of that which has been lawfully acquired to protect Americans. But within that, we still try to take the steps that we think minimize any of the privacy concerns that we hear from critics of the program, and account for a need to make use of the really extraordinary value of the sort of collection adds, while protecting privacy under it.

Tess: So I have two last questions for you both, and the first is on the issue of what would be in your view the most reasonable proposals for modifications to the program. You've both mentioned the FBI guidelines on how they can query the database for US person information, including when there's not a foreign intelligence purpose. Would you say that codifying those guidelines that have been promulgated by the executive branch and are working insofar as they're enabling you to identify instances of non-compliance, to report them to the FISC as already required, and in addition to that transparency-forcing function, they also have this front end function of educating FBI agents and ensuring that within the building, these procedures are followed – so why not codify those guidelines? Or are there other proposals floating out there that you think are reasonable? Because I'm hearing you say, and I certainly understand why, having formerly worn a hat similar to yours, “this program works as it is. It's lawful, please don't touch it.” But let's just assume for the purposes of this question that there's going to have to be a compromise made, some reform measure, as part of reauthorization. What's the compromise that you think you could live with without sacrificing the value of the program?

Josh: So let me say a couple of things on that very good question to ask. So first, it is probably just worth hitting quickly on what some of the steps that have been taken by FBI are, because they have had an impact. And so just to give listeners a sense of it, for example, you now need to opt in if you are FBI personnel seeking to query 702 holdings, you have to affirmatively opt in. You need to get certain approval to do what are called batch queries, which are a combined query involving multiple terms. For particular queries that are deemed sensitive for varied reasons, you need to get certain attorney approval to do so. You need to provide case specific justifications for the queries. There's been new guidance and training put in place. So I think it just provides a flavor of what some of these steps have been, that have been put into place.

In terms of our view of reauthorization, you and those others who follow this closely probably noticed the language in the letter that kind of kicked off the full throated reauthorization process, a letter to the Hill from the Attorney General and Chris's boss, the Director of National Intelligence, which indicated two things that we wholeheartedly believe this program is in the interest of national security and are seeking its reauthorization, and at the same time that we anticipate, anticipated, continue to anticipate dialogue with Congress on any steps that could be taken that would be ways of improving the program so long as they preserve its full efficacy. And I think for now, I will say, we have been engaged in some of those early discussions with the Hill, we're appreciative to those who've responded constructively and begun talking this through with us. We will probably in the months to come negotiate less in public, more in private as we work through what it is that those on the Hill want to propose. But ultimately, we do think it's important to ensure that this program certainly doesn't lapse given the value it provides not to us, but to the American people through allowing us to, as a government, to offer protections, but also to ensuring that as we consider the various ideas that have been floated, or will be floated, we're preserving its full efficacy going forward.

Tess: So I want to take this discussion in a little bit of a different direction to close out. So Section 702, of course, isn't just being scrutinized in the United States. Courts and regulators in the EU have scrutinized it as well in the context of most notably litigation over a US-EU framework on cross border data transfers. And the question in that context is essentially whether US intelligence programs, including specifically Section 702, are rights protective enough of foreign nationals' privacy interests? 

There could be massive financial and political consequences, and of course, commercial consequences, for US telecommunications providers if that framework is invalidated. But this raises a different set of issues than the ones we've been talking about. And likely, these are concerns that those in Congress who are worried about civil liberties in the domestic context might not be thinking much about. So how do you reconcile the tensions between ensuring Section 702 has sufficient safeguards and transparency measures in place for foreign nationals to survive scrutiny by our European counterparts, while also ensuring domestic civil liberties concerns regarding how this program impacts specifically US nationals, or others who are present in the US with Fourth Amendment protections? Are there reasonable reform proposals out there in your view that would tackle that second set of issues without raising problems in the transatlantic context?

Chris: I think that's a great point, and it's actually one of the things that I think we can be proud about with Section 702. I mean, obviously, the undercurrent of what you're talking about, Tess, is obviously the long standing back and forth we've had with the European Commission and the European Union in the wake of the multiple rounds of Schrems litigation, where the Court of Justice of the European Union has now twice found that the US doesn't offer adequate protections to data transferred from Europe to the United States. And 702 was something that in the second of those opinions, which is referred to as the Schrems II opinion, that they looked at quite in detail and pointed to as one of the reasons why they thought that we didn't provide adequate protections. 

I think the thing that's important, though, is that in the wake of that Schrems II decision, we engaged with the European Commission and engaged in lengthy negotiations, and arrived at a new data protection framework, data privacy framework, pursuant to which the European Commission determined in principle that the United States does offer appropriate protections. And they're now working through their process to get that approved. I think that the US implemented its commitments in that data privacy framework in an executive order the President Biden issued late last year, Executive Order 14086, which is an executive order that provides a set of protections to individuals, whatever their nationality, who might be subject to US signals intelligence activities. 

And those protections apply not just to Executive Order 12333 collection – which is the collection we engage in overseas – but also Section 702 collection, which obviously targets non-US persons overseas and is the program we're describing here. It delineates the intelligence targets, provides a lot more granularity in what categories of intelligence we collect, it provides a further set of privacy and civil liberties protections, and also provides a redress mechanism to folks whose data is transferred from qualifying states to the United States.

In my view, having participated in these negotiations, taking a look at the European Commission's decision, I'd stack our system of protections up against any other country, particularly the 702 program. I don't think another country has a program that's analogous that has this robust form of multi layered oversight across multiple branches of government and this set of privacy and civil liberties protections. So I think that 702, and the protections in 14086, are very responsive to the precise concerns that you're mentioning.

I also think it's super important for us to do this because I think the United States and the European Commission working together to say that we we don't approach these issues exactly the same way, we don't have exactly the same systems, but we share a core set of values and a core set of privacy and civil liberties protections about how we engage in these sorts of intelligence activities, is a really important thing for countries like ours who share values, to be able to demonstrate to the world, because there's a lot of regimes who don't engage in these types of activities in the ways we do. 

I was on a panel a couple of weeks ago, where I was asked a very similar question. I said, the thing that demonstrates most about how different our system is, is the fact that this panel is existing at all, because I think a lot of countries that are engaging in surveillance and intelligence activities, the intelligence community doesn't sit down with the justice ministry and civil society and academy to discuss what type of collection we're doing. And I think that's really important that we do that. 

And I think that's what's really sort of kind of remarkable about the reauthorization debate we're engaging in. This is our system—this is our government working.  Congress faced an issue that was really challenging and complicated. They devised a pretty elegant solution, and periodically, they take it up again and consider it again, which I think is really a pretty remarkable thing. 

Tess: It's really important that we do have these discussions out in the open in a time when we have real concerns about rising digital authoritarianism, and states using surveillance tools to subvert democracy. So, thank you for coming on the show and giving us an overview of why this program matters to the executive branch, and a really rich understanding of the oversight regime that has been built up around it. I hope we can continue to chat with you as the debate continues this year, and thanks again for coming on.

Paras: The Just Security podcast is produced in partnership with NYU’s American Journalism Online program. AJO trains students to become world class journalists, no matter where they live or work. Find out more about how and how you can apply in our show notes. 

This episode was hosted by me, Paras Shah, with co-production and editing by Tiffany Chang and Michelle Eigenheer. Our music is the song, “The Parade,” by Hey Pluto. 

Special thanks to Clara Apt, Tess Bridgeman, Chris Fonzone, Josh Geltzer, Alex Kapelman, and Ben Montoya. You can read more of Just Security’s coverage on Section 702 on our website, which we’ll link to in the show notes. 

If you enjoyed this episode, please give us a five-star rating on Apple Podcasts or wherever you listen.