The Federal Bureau of Investigation (FBI) is authorized to conduct warrantless searches of certain types of digital information under Section 702 of the Foreign Intelligence Surveillance Act (FISA). Passed in 2008, the amendment is meant to be used to investigate foreign nationals outside the United States. However, “incidental collection” provisions allow Americans’ data to be scanned, mostly in the form of “large batch queries” that cover particular keywords.
The FBI releases annual information on these queries, and in late April revealed that it had performed nearly 3.4 million of these FISA searches in the previous year, nearly triple the 1.3 million in the previous year. ‘last year. The FBI defended the increase, saying the searches were necessary to stem a wave of foreign threat actors operating against domestic companies, and that a “quirk” in the system often results in a search that returns the name of an American be counted as 100 searches.
Warrantless searches leap amid rise in cybercrime
Section 702 must be renewed by Congress every five years and has been a constant source of controversy. Renewals are sometimes changed due to privacy concerns, which happened with the most recent version (revised in 2018); it was expanded to restore powers that had been removed in the previous renewal of the bill.
The information comes from an annual transparency report the agency publishes, in which it is required to disclose a certain amount of information about its warrantless searches. The agency went into more detail than ever before in the current edition of the report, saying 1.9 million of such searches in 2021 (more than the total tally for 2020) were related to cyber threats. based in Russia. These weren’t the only critical infrastructure threats, however, with the report suggesting that the vast majority of warrantless searches in 2021 focused on cyber threats against the United States perpetrated by an assortment of foreign actors.
The FBI did not specify exactly which threats warranted warrantless searches, saying only that the majority came from Russia. 2021 was the year of notorious attacks on critical infrastructure, exemplified by the disruptive breaches at fuel supplier Colonial Pipeline and meatpacker JBS, in which a line was crossed by criminal groups in terms of temporarily halting the distribution of real-world essentials via ransomware. Although the perpetrators had no direct ties to the Russian government, the hacking groups were based in Russia, and the issue publicly exposed the Putin administration’s unofficial policy of letting cybercriminals have a free hand both that they avoided national targets and did not cause major problems. abroad.
A Russian government-related incident was the SolarWinds attack, which aimed to collect intelligence from US government agencies, but accidentally compromised thousands of private companies (and could have used ransomware or malware against them). if the attackers had wished) in the process. .
In addition to the need created by these overseas hacking campaigns, the FBI has also defended its warrantless searches by pointing out a “quirk” in the FISA search system. When a U.S. resident is identified in one of these searches, each term in a keyword-grouped search must be associated with that person’s name, even if most of the keywords do not match there. did not apply. The FBI says this can cause a result on a particular name for a particular keyword to be counted up to 100 times in terms of the overall search total, with the name associated with up to 99 other searches from keywords that ultimately yielded nothing. to do with it. Also, if the same search is performed multiple times, each new search is added to the total even if it yields identical results.
FISA mass searches vastly outnumber open investigations, targets under surveillance
Related data released by the Office of the Director of National Intelligence indicates that FBI warrantless searches dwarf the number of open cases involving the surveillance of foreign nationals who may be on US soil but who do not have the status of resident. The agency identified 376 warrants issued for wiretapping or physical searches of individuals in this category, down from the number (451) served in 2020.
There were 232,432 designated targets of Section 702-authorized FISA warrantless searches in 2021, all of those foreign nationals residing outside the United States who used certain United States-based products (such as Google’s GMail) that Federal agencies have the legal authority to search as part of an investigation but without the need for an individual court order.
Critics have argued that FISA’s bulk collection provides a legal loophole that is sometimes knowingly applied to nationwide surveillance and warrantless searches that would otherwise not be authorized. Chris Hauk, Consumer Privacy Champion at Pixel Privacytakes this view and recommends that Americans perform a privacy check with this practice in mind: “As we have seen in the past, the FBI and other government agencies will use every excuse possible ways to spy on American citizens and their activities. While the usual fears of terrorists and hackers are usually used as an excuse, such unconstitutional searches are of concern to anyone who cares about their private and professional lives. The government will continue to practice unconstitutional searches as mentioned in the report, at least until someone speaks up to put a stop to it. Until then, American citizens will need to remain vigilant about who is accessing their information, protecting as much as possible by using encrypted storage to protect their information and by using VPNs and privacy-focused browsers and search engines to protect their online activities from prying eyes. dig the government and other bad actors.
Section 702 is also up for renewal in 2023, and the Biden administration is widely expected to allow warrantless searches to continue despite greater legislative focus on digital privacy in recent years. Paul Bischoff, privacy advocate with Comparitech, observes, “Given that Obama renewed FISA powers with the Freedom Act in 2015, I expect Biden to follow suit and renew FBI surveillance powers under FISA. FISA was enacted before the proliferation of the Internet and was directed only at foreigners, not US citizens. Mass surveillance of private correspondence is a violation of the 4th Amendment because it targets Americans who have not been suspected of any crime. The lack of transparency, due to FISA court secrecy, makes it impossible to know who or even how many Americans have been targeted. The announcement stresses the need for end-to-end encrypted messaging apps instead of unencrypted emails and text messages.