FBI Director Wray Makes a Compelling Case for Reauthorizing Section 702 of FISA

F BI director Christopher Wray told the Senate Judiciary Committee on Tuesday that if Congress were to permit key overseas-surveillance authority to sunset, as it is set to at the end of this month unless reauthorized, it would be akin to rebuilding “the wall” — the Clinton-era Justice Department guidelines that prevented intelligence agents and criminal investigators from sharing information, leading to the government’s catastrophic failure to detect and thwart the 9/11 attacks, in which nearly 3,000 Americans were killed.

The surveillance authority at issue is Section 702, a 2008 addition to the Foreign Intelligence Surveillance Act of 1978. As I explained in a column over the weekend, Section 702 is the statutory authority that enables our spy agencies to monitor non-Americans outside the United States.

That sounds like it should not be controversial. Indeed, constitutionally speaking, the executive branch should be able to gather intelligence outside the United States even without statutory authority, and certainly without court approval. That is true, at the very least, when our government monitors non-Americans, and the notion that Americans have a reasonable expectation of privacy shielding them from surveillance when they are situated outside the United States, where the Fourth Amendment does not apply, is dubious to say the least.

Nevertheless, §702 is controversial for three reasons. First, Americans are sometimes incidentally monitored when the government tracks the communications of foreigners outside the United States. Second, the FBI scandalously abused its FISA surveillance authority in the Russiagate probe, later investigations of which exposed systematic FBI noncompliance with the Bureau’s own internal guidelines about verifying information before presenting it to the Foreign Intelligence Surveillance Court (FISC), as well as with the FISC’s rules requiring disclosure of errors. Third, although the Russiagate problems were unrelated to §702 (they instead involved the part of FISA that regulates surveillance inside the U.S.), there have been disturbing reports in past years about Bureau non-compliance with FISA “minimization” rules — in particular, with the standards that must be met before the FBI may search the government’s §702 database for the communications of (or information about) “U.S. persons” (i.e., American citizens and lawful-permanent-resident aliens).

While these issues are real, they have been exaggerated by surveillance opponents and Bureau critics (including some Trump supporters, who are understandably outraged by Russiagate but are taking it out on the FBI’s new leaders, who have replaced the Bureau’s Russiagate-era leaders).

To begin with, Americans are incidentally monitored in every kind of lawful surveillance, including wiretaps conducted under the criminal law, as well as physical monitoring (when police watch where suspects go and with whom they meet). This incidental and unavoidable surveillance does not mean the FBI is using §702 to target Americans or to spy on them by such deceptive tactics as “reverse monitoring” (in which a foreigner is pretextually targeted so the agents can surveil an American with whom they know the foreigner communicates). The statute expressly prohibits those activities. And as noted above, the Russiagate abuses had nothing to do with overseas surveillance under §702, they have been exhaustively investigated, and the malefactors have been removed.

Moreover, Wray stressed in his testimony that the §702 compliance errors predated extensive reforms he has imposed, which — according to the FISC and internal Justice Department audits — have dramatically improved FBI compliance, driving the error rate close to zero. As the director put it:

Given the critical importance of 702, we’re committed to being good stewards of our authorities. To that end, I’ve ordered a whole host of changes to address unacceptable compliance incidents—reforms many members of this committee have now seen with their own eyes in live demonstrations of our systems at FBI Headquarters. We’ve improved our systems, enhanced training, added oversight and approval requirements, and adopted new accountability measures. On top of that, we stood up a brand-new Office of Internal Auditing that’s been focused specifically on FISA compliance.

Most of the declassified reports that’ve come out over the past year or so involve compliance errors that predate those reforms, and I’ve been encouraged by the more recent data showing the significant, positive impact the changes have had. The most recently declassified opinion from the Foreign Intelligence Surveillance Court, for instance, shows a 98% compliance rate, and observes that the reforms are “having the desired effect.” And the two most recent Department of Justice semiannual reports, likewise, now show a greater-than-98% compliance rate.

Losing §702 would place the government’s capacity to collected foreign intelligence in legal limbo, paralyzing its operations to protect the nation and vital American interests from the machinations of hostile foreign regimes and terrorist groups. Indeed, Wray acknowledged to the Judiciary Committee that, since Hamas’s October 7 atrocities, the threats have metastasized to a level unprecedented in his career — reminiscent of, yet in some ways worse than, the “system was blinking red” threat environment prior to 9/11. He outlined §702’s role in grappling with these perils:

When an overseas cybercriminal breaches a transportation hub, a public utility, or even a children’s hospital, 702 is often the tool we use to find victims and get them what they need to get their systems back up and running. And, just as important, it helps us identify the next target so they can defend themselves against an attack.

In just one recent cyber case, for instance, 702 allowed the FBI to alert more than 300 victims in every state and countries around the world. And I should add that many of those crucial victim notifications were made possible by our ability to conduct U.S.-person queries of our existing 702 collection.

When it comes to foreign adversaries like Iran, whose actions across a whole host of threats have grown more brazen — seeking to assassinate high-level officials, kidnap dissidents, and conduct cyberattacks here in the United States — or the People’s Republic of China, which poses a generational threat to our economic and national security, stripping the FBI of its 702 authorities would be a form of unilateral disarmament.

Or, take the elevated threat of international terrorism. 702 is key to our ability to detect a foreign terrorist organization overseas directing an operative here to carry out an attack in our own backyard, and U.S.-person queries, in particular, may provide the critical link that allows us to identify the intended target or build out the network of attackers so we can stop them before they strike and kill Americans.

This last threat is where “the wall” is relevant. I discussed the wages of this self-imposed blindness in the above-linked column. Wray put a finer point on it:

What if there were a terrorist attack that we had a shot to prevent, but couldn’t take it, because the FBI was deprived of the ability under 702 to look at key information already sitting in our holdings?

I was in FBI Headquarters on 9/11 — 22 years ago — and, over the years, I’ve spoken with families of victims of that horrific attack.

Before that attack, well-intentioned policymakers had made the choice to build a wall preventing access to national security information sitting in our and our partners’ holdings. Allowing 702 to lapse or amending it in a way that undermines its effectiveness would be akin to laying bricks to rebuild another, pre-9/11-style wall.

My only quibble with Director Wray’s testimony is that he occasionally sounds as if he is fighting the suggestion that the FBI should obtain a warrant before searching the database for lawfully collected U.S.-person data when, as I detailed in the column, the FBI is already required by §702 to obtain a warrant in the only situation where one should be required — namely, if it is seeking the data for criminal investigative purposes, rather than foreign intelligence.

I understand why Wray frames the argument the way he does. An unusual coalition of libertarians, leftists, and sundry Trump allies, which deceptively claims that §702 is a tool for “spying on Americans,” is pushing to make a warrant a prerequisite for any FBI search for information on Americans. That would be ridiculous — it would paralyze the FBI’s ability to warn Americans who could be victimized by cyber-spies, terrorists, and other saboteurs. Wray is trying to get this point across, and he’s done a good job on that front.

Nevertheless, it is worth stressing that, even though the Constitution does not require the government to obtain a search warrant to collect foreign intelligence outside the United States, §702 does require FISC approval of the relevant intelligence-collection programs. Warrants — which traditionally call for the government to demonstrate probable cause of a crime prior to conducting a search — should be inapposite when the point of a search is to obtain foreign intelligence, not prove a criminal case. Yet, §702 requires court permission and government compliance with minimization rules anyway.

But not just that. If the FBI wants to query the §702 foreign-intelligence database in connection with a criminal rather than a counterintelligence investigation, the statute mandates that (a) the FBI must show probable cause that the search will yield evidence of a crime, and (b) the FISC must issue an order finding that the FBI has done so. Only then is the Bureau permitted to query the system.

To summarize, the evidence is only in the database in the first place because a court has found that the government was properly collecting foreign intelligence; but even so, the FBI may not seek to exploit the database for evidence against an American in connection with a criminal investigation unless the Bureau first gets a probable-cause warrant. (The relevant provision in the federal code, §1182a(f)(2)(C) & (D), calls what the court issues an order rather than a warrant, but it is a warrant in every substantive sense.)

Given the FBI’s history of missteps, there is a strong case for enhanced congressional oversight of U.S.-person queries, and for enacting into statutory law the reforms Wray has directed to improve compliance. These would be beneficial. An additional-warrant requirement, by contrast, would be counterproductive, perhaps disastrously so.