Senate

DOJ courts Senate on warrantless spy bill ahead of looming deadline

The Department of Justice (DOJ) on Thursday sought to assuage concerts over a provision included in the bill to reauthorize the nation’s warrantless spy powers that would shift the definition of which communications companies must comply.

The provision, added in an amendment approved by the House, is one of several alarming Senate privacy hawks as they take up legislation to renew Section 702 of the Foreign Intelligence Surveillance Act (FISA).

The amendment addresses a somewhat mysterious battle by the government to get an unnamed communications company to aid in overseas surveillance, with the Foreign Intelligence Surveillance Court (FISC) determining a change in law was the only way to force compliance.

While critics say the wording is overly broad and will conscript too many companies into carrying out 702 surveillance, the Justice Department wrote that it “commits to applying this definition of [electronic communications service providers] (ECSP) exclusively to cover the type of service provider at issue in the litigation before the FISC.”

The department also said it would update Congress every six months on how the provision is used.


The promise comes via a letter forwarded by Attorney General Merrick Garland, urging senators to not allow 702 to lapse as they stare down a Friday deadline to reauthorize the program.

Some lawmakers made it immediately clear that the commitment did little to get them on board.

“Don’t be fooled. DOJ does not deny that the provision vastly expands how many AMERICANS AND AMERICAN BUSINESSES can be forced to spy for the government,” Sen. Ron Wyden (D-Ore.), who has introduced his own FISA 702 reform bill, wrote on the social platform X.

A senior DOJ official previously told The Hill that the amendment was “designed to cover every concern that has been raised” about sweeping in a large range of businesses.

Section 702 empowers the nation’s intelligence agencies to spy only on noncitizens living abroad. But in the course of those operations, the government frequently sweeps up communications from Americans in contact with the foreigners under surveillance.

The bill includes a number of reforms, including one drastically limiting the number of personnel who can sign off on any queries of the 702 database involving those in the U.S., and another that requires an after-the-fact audit for all U.S. person searches.

But an amendment introduced by House Intelligence Chair Mike Turner (R-Ohio) changes the definition of the particular electronic communications service providers who must comply with Section 702.

A one-page explanation from the House Intelligence majority said the shift in definition closes a loophole created by the Foreign Intelligence Surveillance Court by exempting “a specific type of provider,” while a separate explanation from the minority said the effort is “designed to respond to a very specific (and classified) fact pattern.”

The heavily redacted court opinion leaves unclear the particulars that prompted the intelligence community to seek a legislative fix.

Thursday’s letter said the vague public discussion is intentional.

“The number of technology companies providing this service is extremely small, and we will identify these technology companies to Congress in a classified appendix. To protect sensitive sources and methods, the ECSP provision in H.R. 7888 was drafted to avoid unnecessarily alerting foreign adversaries to sensitive collection techniques,” Carlos Uriarte, head of legislative affairs for DOJ, wrote in a Wednesday letter to Senate Intelligence leaders referencing the bill’s number.

“To facilitate appropriate oversight and transparency of the government’s commitment to apply any updated definition of ECSP only for the limited purposes described above, the Department will also report to Congress every six months regarding any applications of the updated definition.”

It’s a revamp of an earlier provision in the House Intelligence bill that sparked concern the language would open up businesses like restaurants and hotels to having to share data created by their patrons while using their internet.

The latest version of the amendment, now a part of the bill, specifically exempts many businesses that serve the public, like restaurants, hotels and libraries, as well as private homes. Still, it’s drawn the ire of privacy advocates.

A senior Justice Department official told The Hill last week the provision “is really an effort both to respond to that opinion, and simply update the statute to keep up with the changes in communications technology.”

“The exceptions in the provision are designed to cover every concern that has been raised. It carves out any type of food service, any type of public accommodation, every type of dwelling — homes, apartment buildings — every type of community facility, from libraries to hospitals, to recreational facilities and day care centers,” the official said.

“Claims that this is a broad expansion of the authority are just incorrect.”

Privacy groups outside of Congress have likewise been critical of the provision.

“The issue is that at pretty much any U.S. business, there are people who are communicating on their devices, and they might be communicating with foreigners overseas, and they might be communicating with foreign targets. And so the idea is that you could get at those foreign targets’ communications, but by picking up international communications that are transmitted through the equipment located in all of these businesses,” Elizabeth Goitein, senior director of the Brennan Center for Justice’s national security program, previously told The Hill.

“What you’re going to see in these establishments is just massive amounts of wholly domestic communications that we’re giving​ the NSA access to. And then the NSA is kind of on the honor system to not retain any of those,” Goitein continued, using an abbreviation for the National Security Agency.

Uriarte in his letter stressed that the provision, like FISA itself, would only be used to target foreigners abroad.

“It would be unlawful under Section 702 to use the modified definition of ECSP to target any entity inside the United States including, for example, any business, home, or place of worship. It would also be unlawful to compel any service provider to target the communications of any person inside the United States, regardless of whether such a person is in contact with a nonU.S. person outside the United States,” he wrote.