Last month, US President Joe Biden signed a surveillance bill that increases the power of the National Security Agency to force US companies to wiretap telephone communications entering and leaving the country. The changes to the law have left legal experts largely in the dark about the true limits of this new authority, primarily as it relates to the types of businesses that could be affected. The American Civil Liberties Union and similar organizations say the bill has made legal language governing the limits of a powerful wiretapping tool too vague, potentially subjecting large swaths of American businesses to surveillance practices. secret and without a court order.
In April, Congress they rushed expand the “crown jewel” of the US intelligence system, Section 702 of the Foreign Intelligence Surveillance Act (FISA). The spy program allows the NSA to intercept calls and messages between Americans and foreigners abroad, as long as the foreigner is the “target” individual and the interception serves an important “foreign intelligence” purpose. Since 2008, the program has been limited to a subset of companies the law calls “electronic communications service providers,” or ECSPs: corporations like Microsoft and Google, which provide email services, and phone companies like Sprint and AT&T.
In recent years, the administration has quietly worked to redefine what it means to be an ECSP in an attempt to expand the NSA’s reach, first unilaterally and now with the backing of Congress. The problem remains that the bill Biden signed last month contains murky language that attempts to redefine the scope of a critical surveillance program. In response, a coalition of digital rights organizations, from the Brennan Center for Justice to the Electronic Frontier Foundation, are pressuring US Attorney General Merrick Garland and the country’s top spy, Avril Haines, to declassify details about a relevant court case that could, they say, shed much-needed light on the situation.
in a letter to senior officialsMore than 20 of these organizations say they believe the new definition of ECSP adopted by Congress could “allow the NSA to compel almost any American company to help” the agency, noting that today all companies provide some form of “service” and have access to the equipment on which the “communications” are stored.
“Deliberately writing overly broad surveillance authorities and relying on future administrations to decide not to exploit them is a recipe for abuse,” the letter says. “And it is completely unnecessary, since the administration can (and should) declassify the fact that the provision is intended to reach the data centers.”
The Justice Department confirmed receipt of the letter on Tuesday, but referred WIRED to the Office of the Director of National Intelligence (ODNI), which has primary jurisdiction over declassification decisions. The ODNI has not responded to a request for comment.
It is widely believed (and has been) reported—that data centers are the intended target of this textual change, and Matt Olsen, the US deputy attorney general for national security, appeared to confirm this during an April 17 episode of the show legal war podcast.
