It’s Time to Renew Section 702 of FISA Permanently

Not again, you’re probably thinking. Is it really time for another battle over renewing Section 702 of the Foreign Intelligence Surveillance Act (FISA)?

Sadly, it is. In fact, it’s almost too late. The most recent extension of 702 pushed the deadline only to April of this year. The Trump administration has been slow off the mark in urging reauthorization, and so has Congress. On Jan. 28, the Senate Judiciary Committee held a hearing on the matter featuring testimony from three witnesses—I was one of them. What follows is a revised version of my testimony.

In the months since 702’s most recent extension, the case for renewal has only gotten stronger. Section 702 has been debated and approved by Congress multiple times—in 2007, 2008, 2012, 2018, 2023, and 2024—without anyone seriously questioning the protection it provides to Americans. In fact, the U.S. government recently credited the program with helping to disrupt several terrorist attacks here and abroad; identify the Chinese origins of imported fentanyl precursors; respond to ransomware attacks on U.S. companies; identify Chinese hackers’ intrusions into a network used by a key U.S. transportation hub; and disrupt foreign government efforts to carry out kidnappings, assassinations, and espionage on U.S. soil.^.

Those examples just scratch the surface. Section 702 is a uniquely flexible capability that adds value to most U.S. intelligence priorities; indeed, it regularly contributes to 60 percent of the President’s Daily Brief.

The program’s value goes far beyond the parts that have sparked controversy. Section 702 authorizes the collection of communications data about foreign intelligence targets that are using U.S. telecommunications infrastructure. Section 702 does not authorize the targeting of any U.S. person, but some of its targets communicate with Americans. When the foreign target is involved in a full FBI national security investigation, the target’s communications are stored in a database that can be accessed later by FBI agents. Those targets represent only 3.2 percent of all 702 targets.

But that tiny percentage has driven a controversy lasting 25 years, and one that could still bring about the program’s demise. Congress has chosen to authorize 702 only for limited periods—never more than six years and most recently only two. As a result, 702 has been the object of multiple legislative battles, attracting scores of killer amendments and often surviving by the skin of its teeth. Most recently, in 2024, the House rejected—by the narrowest possible margin (a tie 212-212 vote)—an amendment that would have crippled the program.

These increasingly precarious reauthorization votes do not reflect a decline in the program’s value. It remains one of the country’s most valuable sources of intelligence. But these votes have encouraged opponents of 702 to wage a relentless campaign against the program, hoping either to kill it outright or reduce its utility.

One consistent line of attack argues that the FBI has routinely violated its own rules for access to 702 data, particularly in queries that include the names or numbers of U.S. persons. There is no doubt that the rules were violated over a period of years. But as described below, this is no longer true. More importantly, the violations were almost without exception good-faith errors, not intentional abuses; most of them were the result of a badly framed rule.

Here’s why. At bottom, the 702 program assembles a database of U.S. phone numbers and IP addresses communicating with foreign parties who are under investigation for law enforcement or national security reasons—these include terror suspects, foreign government hackers, drug smugglers, and the like. The 702 database thus allows agents to find out whether a person of interest has been in touch with one of those targets. By and large, of course, Americans don’t talk to foreign terrorists or drug smugglers, and if their computers are communicating with foreign hackers, they almost certainly want to know about it so they can stop it. In short, putting an American citizen’s name into the 702 database is extraordinarily unlikely to result in a “hit,” let alone cause the citizen harm, unless he is up to no good. Launching a 702 query to dig dirt on an innocent American citizen is a fool’s errand.

That’s probably why, in the 25 years of its existence, no one has pointed to a query violation-based malice toward the query subject. Indeed, in its comprehensive review of the program, the Privacy and Civil Liberties Oversight Board identified only two improperly motivated query violations by FBI officers—both of which centered on queries relating to family members.

So where did those thousands of violations come from? Those violations are likely as much the fault of the rules as of the agents who performed the queries.  The rules require that, before making a query, an agent must have a specific factual basis for believing it will yield foreign intelligence or evidence of a crime. For an FBI agent, that is a trap. It means the agent can only ask the 702 database whether a U.S. person is talking to a foreign intelligence target if the agent already has reason to believe the person is talking to such a target.  

The problem is that law enforcement does not use most databases that way. Police can query the Department of Motor Vehicles to learn whether a person has a driver’s license even if they have no idea whether he does or not. Similarly, they don’t need evidence that a suspect’s fingerprints are in a federal database to ask whether they are. They can check arrest records without any reason to believe they will get a hit. They can do the same for searches of databases listing suspected terrorists, stolen vehicles, sex offenders, DNA identifiers, ballistics, missing persons, and on and on. Anyone using those databases needs a legitimate purpose and authority, but many, perhaps most, of the queries are “just in case” searches based on nothing more than a hunch or a desire to be thorough. None of these queries requires a warrant or probable cause—and for good reason: The use of existing government databases to run down tips and leads is a standard—and immensely valuable—law enforcement practice.

Perhaps not surprisingly, FBI agents who were used to doing such database searches treated 702 the same way. It was hard not to. The forms agents used to request database searches routinely included the 702 database, which was searched unless the agent affirmatively opted out. As a result, hundreds of thousands of searches violated the rules, not because the agents were conducting illegal surveillance but because they made good-faith mistakes. 

These good-faith “just in case” searches were blown into a national scandal by interest groups and politicians who have an ax to grind with Section 702. But it was all smoke and no fire, as 2025 in particular has demonstrated. Remember that for more than a year, the FBI and Justice Department have been run by officials convinced that President Trump and his supporters were the targets of unlawful intelligence surveillance by the preceding administration. Working with Congress, these individuals have declassified boatloads of government files to support that view. Some of the declassified files are indeed troubling. But they contain no instance in which Section 702 was abused by the Biden administration to harm President Trump or his supporters. This includes the handful of FBI queries that raised the most suspicion—one naming a Republican congressman and others tagging Jan. 6 defendants. Despite increased media attention, there is still no evidence that the queries were submitted with malice (as opposed to mistake) and none that they turned up prejudicial information.

In short, the FBI query flap is looking more and more like a scandal without a victim.

But that hasn’t stopped opponents of 702 from attacking the program. The resulting public furor and a fear of losing 702 led earlier administrations to adopt aggressive measures to enforce the rules. As a result, by 2023, standard FBI database searches no longer query 702 data unless the agent affirmatively asks for it; training in the rules is now mandatory, field office leadership can lose bonuses for their office’s violations, and agents who are negligent in following the rules face an escalating set of penalties. These measures worked. By 2023, FBI queries had achieved a 98 percent compliance rate. 

The next year, Congress added to the enforcement campaign. The 2024 Reforming Intelligence and Securing America Act (RISAA) barred searches for law enforcement purposes in the absence of a threat to life or serious bodily harm. By law, 702 queries now require a written justification and supervisor approval. “Sensitive” queries relating to politicians and political, media, or religious organizations require even higher approvals. The FBI is also required to institute “minimum accountability standards” with “escalating consequences for noncompliant querying of [U.S.-person] terms.” These standards must include (a) “zero tolerance for willful misconduct”; (b) “escalating consequences for unintentional noncompliance,” including a threshold for mandatory revocation of access to Section 702 information; and (c) “consequences for supervisors who oversee users that engage in noncompliant queries.” 

It’s now clear that these measures have dramatically reduced noncompliance. In 2024, the FISA court noted a “striking … decline” in FBI queries. In 2025, the Justice Department inspector general noted that the FBI “is no longer engaging in … widespread noncompliant querying of U.S. persons” and that most of the remaining violations “were noncompliant due to administrative mistakes, such as typographical errors, rather than due to fundamental misunderstandings of the query standard.”

In fact, the volume of U.S. person 702 queries has dropped by 99.8 percent: Below are the volumes of U.S. person 702 queries by year, according to FBI records:

This, however, is not entirely good news. It suggests that the effort to discourage U.S. person 702 queries is overachieving. Frankly, my greatest concern is not that the FBI is abusing 702 but that it is afraid to use 702.

Several FBI and Justice Department witnesses told the inspector general they had “a high degree of concern” that “users are failing to run queries that they should run, which … could lead the FBI to miss potentially critical threat information.” The inspector general identified several reasons why agents might not submit a legitimate 702 query, including the burden of drafting a special justification for each query and the risk of being audited and subjected to discipline for any errors. In short, the new measures have greatly reduced noncompliant queries, but at the cost of making Section 702 look more and more like a bureaucratic “no-go zone.”

This all reminds me of a dark chapter in U.S. intelligence policy. In the 1990s, like today, both conservatives and liberals viewed FISA with suspicion. Critics claimed that it made national security wiretaps too easy, so that the government could use FISA as a backdoor way of gathering criminal evidence. To reassure the critics, the Justice Department declared that a “wall” would separate national security and law enforcement investigations. Any sharing of evidence across the wall required special permission. But criticism of intelligence surveillance continued, on the Hill and elsewhere—so the wall grew higher. The FISA court began requiring promises from investigators that they were observing the wall. Finally, in 2001, when Chief Judge Royce Lamberth of the FISA court discovered that the wall had been breached in a terrorism case, he imposed career-ending sanctions on the agent in charge. By the summer of 2001, aggressive enforcement had turned the wall into a no-go zone for agents who valued their careers.

It couldn’t have happened at a worse time. That same summer, in August 2001, an FBI agent learned from intelligence sources that an al-Qaeda terrorist had entered the United States. The only task force with the resources to find the terrorist was investigating the bombing of the U.S.S. Cole—as a federal crime. To get their help would mean jumping the wall, and FBI’s lawyers wouldn’t allow it. The agent kept pressing in eerily prescient terms: “Someday someone will die—and wall or not—the public will not understand.” He was right. The United States had weeks to find Khalid al-Mihdhar, but without the Cole task force’s resources, investigators didn’t learn where he was until his team of hijackers flew American Airlines Flight 77 into the Pentagon. Thousands of Americans died that day because measures meant to protect civil liberties had left FBI agents afraid to do their jobs.

Now, 25 years later, the same thing could happen with 702. Even if 702 is renewed, the enforcement measures already in place need to be reviewed with that risk in mind.

The United States needs 702 more than ever. From Venezuela and Syria to Iran, the Trump administration’s approach to hostile regimes has been to achieve its goals with the threat of short raids and stand-off strikes rather than large-scale interventions. When it works, this strategy is usually far better than putting American lives at risk on the ground. But it runs the risk of leaving in place a resentful enemy regime and still-potent terror groups that could decide to strike back—potentially on U.S. soil.

Section 702, with its focus on tracking foreign actors who might seek to hurt the U.S. at home, is a key defense against such a strike. That’s why no one will—or should—forgive Congress and the executive branch if an attack succeeds because Congress let 702 lapse or made it too risky for ordinary agents to use. That’s why it should renew Section 702 promptly and with as few additional amendments as possible.

It’s time to put an end to can-kicking extensions. Section 702 should be permanently reauthorized. That may not fit the political moment, but bowing to the political moment can lead to disaster. And disaster is where an endless cycle of legislative sunsets for 702 will lead to. The country and Congress are more bitterly divided than at any time in decades, perhaps a century. The instinct to reach across the aisle to protect national security is weaker than ever. Bipartisan votes for “must pass” legislation are disappearing. Knowing all that, why in the world would we require Congress to muster a bipartisan majority every few years to keep alive a program that is a key to U.S. security?

My friends who work in finance sometimes describe a bad investment strategy as “picking up nickels in front of a steamroller.” It can pay off for a while, but it is courting disaster. That’s what is happening with Section 702: scratching together amendments and votes to get past the next deadline while ignoring the long-term unsustainability of the effort.

It’s time to treat 702 as what it is, a central piece of U.S. homeland security architecture. It has stood the test of time. It has been legislatively authorized under two Republican and two Democratic presidents, and it has mustered majority support in Congresses controlled by both Democrats and Republicans.

That’s enough. It’s time.

There is no excuse for not making 702 permanent.