The Consequences of Section 702 Data: State Department Warns of North Korean IT Scams

Data from Section 702 of FISA Act Leads to State Department Warnings about North Korean IT Scams

A senior official from the State Department revealed that the department used data obtained through Section 702 of the Foreign Intelligence Surveillance Act (FISA) to identify and warn international partners and U.S. businesses about North Korea’s use of digital fraud to support its nuclear program. The announcement highlights the significance of Section 702 data in diplomatic efforts. While other government officials have emphasized the importance of the surveillance tool in dealing with nation-state threats, Brett Holmgren, the State Department’s assistant secretary for its Bureau of Intelligence and Research, emphasized how the tool is crucial to diplomatic efforts.

The Importance of Section 702 of FISA Act

Section 702 of the FISA Act permits intelligence agencies to collect non-U.S. citizens communications within the U.S. However, this authority also permits the collection of Americans’ data under certain conditions. State Department official Brett Holmgren highlighted various issues, including human rights, where Section 702 data has aided the State Department’s efforts. To combat Middle Eastern states surveilling and tracking dissidents abroad in 2021, Section 702 data came in handy. Additionally, the tool allowed the State Department to monitor “Russian atrocities” in Ukraine and share intelligence with allies supporting Ukraine.

The State Department’s use of Section 702 data indicates that intelligence agencies have shifted their priorities from thwarting terrorism to addressing a range of nation-state threats, including cyberattacks. According to the Office of the Director of National Intelligence’s annual threats assessment in 2023 report, China, Russia, North Korea, and Iran pose the most significant threats and their cyber capabilities a leading concern. The renewal of Section 702 has become a topic of concern as the Biden administration seeks to extend the authority. The relevant parties are expected to strike a deal this summer.

Privacy and Diplomatic Challenges

The use of Section 702 data has prompted concerns from the European Union over American surveillance practices, leading to the invalidation of the last transatlantic data-sharing agreement. The U.S. and EU are expected to come to a new agreement this summer. Holmgren acknowledged the misuses of Section 702 data and noted that the State Department’s intelligence division has a detailed compliance process for requests to unmask the identity of Americans whose information is included in data shared with the agency. However, lawmakers from both parties have called for significant reforms or scrapping the program entirely.

Advice

As the threat of cyberattacks and other nation-state threats persist, governments’ ability to leverage surveillance tools adequately remains crucial. However, such abilities must aim to ensure data privacy and respect the rights of individuals. Governments must strengthen privacy controls to support the use of these intelligence tools, establish redress mechanisms and emphasize transparency to maintain public trust.

Conclusion

The use of Section 702 data to identify and warn international partners and U.S. businesses about North Korea’s digital fraud supports the State Department’s diplomatic efforts. While the Biden administration seeks to extend the FISA surveillance tool, lawmakers remain skeptical about the tool’s potential for abuse. It is essential to strike a balance between government surveillance and privacy rights.