The Debate Over the Reauthorization of Section 702 in the White House
The Biden Administration has come out in favor of reauthorizing Section 702 of the Foreign Intelligence Surveillance Act, with the intelligence community pointing to the growing threat of foreign cyberattacks on the U.S. as a key argument in favor of the controversial surveillance tool. Officials have made broad and general declarations, pointing to wide-ranging applications that include thwarting multiple ransomware attacks against U.S. critical infrastructure, finding out when foreign adversaries have hacked sensitive information related to the American military, and uncovering cyberattacks against critical federal systems.
However, 15 years into Section 702’s history, declassified examples of thwarting cyberattacks are sparse. In the little over three months that the Biden administration has been publicly advocating for the renewal of Section 702, it hasn’t mentioned a single specific public incident where Section 702 was used, despite a term marked by both ample cyber attacks and well-publicized takedowns of foreign hackers.
The Reticence in Providing Specifics
While the intelligence community has shared examples of the tool’s cyber significance in classified settings, it hasn’t made any declassified examples of thwarting cyberattacks public. This lack of transparency and specificity doesn’t appear to be helping the Biden administration in the uphill battle for Congress to reauthorize the authority before it sunsets in December. The reticence also isn’t helping the civil liberties community, who have challenged the intelligence community’s persistent claims that any reforms to Section 702 that slow down investigators would imperil America’s national security.
According to Adam Hickey, former assistant attorney general of the Justice Department’s national security division, officials are fighting with one hand behind their back. “On the one hand, you don’t want the very people who pose a threat to understand your capabilities, because they will work around them…On the other hand, you don’t want to be so careful to avoid that risk that you lose the very authority itself.”
The Importance of Section 702
Section 702 was first passed in 2008 as an amendment to FISA and was pitched initially as a key tool in America’s fight against terrorism. The authority allows the U.S. government to collect the U.S.-based communications of non-Americans outside the country, and the collection of the data of U.S. citizens using Section 702 is prohibited. While the amount of FBI searches of 702 data has fluctuated over time, the amount of those searches related to cybersecurity has steadily increased. A senior FBI adviser confirmed that “about half” or a “plurality” of Section 702 database searches made by the agency today relate to the investigation of malicious, state-sponsored cyber attacks.
Officials say part of the reason Section 702 has become so valuable in thwarting foreign actors is the complicated nature of cyberattacks. In the majority of cases, attackers use U.S. infrastructure as a lily pad into domestic targets. Intelligence officials have often pointed to this as a challenge when trying to follow the activity of foreign actors onto domestic soil, noting it as a “blind spot” that contributed to the failure to detect Russian hackers during the SolarWinds attack.
The FBI and NSA aren’t alone in praising the tool. This week a senior State Department official spoke about how the tool is instrumental in informing the work of U.S. diplomats, including cybersecurity issues such as North Korean IT fraud.
The Need for Industry Engagement
One potential stakeholder the Biden administration has yet to seriously court in the fight to renew Section 702 is industry. The senior FBI adviser stressed how failure to renew the authority would hurt its ability to advise chief information security officers, inundated with warnings about vulnerabilities, about which specific threats are most urgent. “This is one of those things that lets us reach out to specific sectors and even specific companies to say, look, this specific vulnerability is one you want to take care of right now because we’re seeing certain types of actors targeting companies, companies like you, using that.”
Former general counsel of the National Security Agency, Stewart Baker, has made the case that the intelligence community should do more to demonstrate to industry how they can benefit from Section 702. “If I were a CISO, I’d want to weigh in on the kinds of warnings, the kinds of uses of this intelligence in real-time, that would be particularly useful to me.”
The Challenges in Reauthorizing Section 702
Even if there were more examples, it’s unclear if Section 702’s purported value in preventing these attacks can overcome the program’s many criticisms, both from lawmakers wielding the power to reauthorize it and civil liberties groups seeking to reform the program. Most of the political pushback against the authority centers around concerns about well-documented abuses of America’s civil liberties. For instance, the FBI had improperly searched for information on Americans in the FISA database 278,000 times, including to spy on political campaigns and protesters. The report sparked outrage from both leading Democrats and Republicans.
Officials advocating for Section 702’s reauthorization have been vague about what reforms they would be willing to discuss, instead emphasizing that changes should not diminish the tool’s effectiveness. The reforms sought by advocates and lawmakers may do just that, at least in the eyes of the intelligence community. For instance, the senior FBI adviser said a warrant requirement, one of the top asks from reformers, would make it difficult for the agency to act swiftly to notify ransomware victims.
No matter what reforms are made, it is essential that the intelligence community demonstrates its value in preventing cyberattacks and protecting national security, while also respecting the civil liberties of Americans.
Keywords: National Security, White House, Section 702, Criticality, Public Evidence
<< photo by Conor Luddy >>
You might want to read !
- How Will the White House’s New AI Research Guidance Shape the Future of Technology?
- “White House Launches Bold Cyber Strategy with Focus on Digital Education Initiatives”
- “White House Unveils New AI Initiatives: DEF CON Event to Vet AI Software”
- The Consequences of Section 702 Data: State Department Warns of North Korean IT Scams
- Breaking Down Data Siloes: The Key to Effective SecOps
