FISA, Data Brokers, and AI

Key Resources and Talking Points

Background

• After 9/11, there was a dramatic expansion of surveillance authorities, including major expansions of the Foreign Intelligence Surveillance Act of 1978 (FISA). FISA provides a statutory structure that authorizes various forms of government surveillance.
• Section 702 of FISA was enacted in 2008 to broaden the scope of FISA, legalizing the government's interception of communications of non-U.S. persons who are located abroad so long as there is a chance such surveillance may yield any “foreign intelligence information,” which is broadly defined by statute to include information that “relates to … the conduct of the foreign affairs of the United States.” As a result, “foreign intelligence information” can encompass ordinary individuals relaying ordinary information about foreign affairs that has nothing to do with national security.
• Information obtained from foreign targets under Section 702 can include text messages, emails, and other forms of communication. Americans' communications get swept up in these collections because many of us communicate with foreigners abroad.
• This information is stored in a database that federal law enforcement and intelligence agencies routinely search for information about Americans, and information obtained through these “backdoor searches” can be used in many instances that have nothing to do with national security, from criminal cases to immigration proceedings, and to fuel domestic surveillance of communities without cause.
• Last week, members were pressured to pass a clean reauthorization of FISA before April 20th or risk intelligence agencies losing a critical national security tool. That argument was and remains false. The New York Times reported that the Foreign Intelligence Surveillance Court re-certified the Section 702 program through March 2027.
• The House took three votes on FISA in the early morning hours of April 17th. The first was a vote on a substitute amendment. The vote failed by 220-200. The second was a vote on the rule to bring a five-year extension with no privacy reforms to the floor. The rule vote failed by 228-197, with 20 Republicans breaking from their party and voting against the rule, and 4 Democrats breaking from theirs and voting for the rule. After these two votes, the House held a voice vote to pass a temporary ten-day extension through April 30th.
• Now, the House must act once again. Speaker Johnson released a bill for a three-year extension that is substantively the same as the five-year extension that failed on the 17th,  but for the time frame change.
• The bill does not require the FBI to get a warrant to query Americans’ data. Even former NSA General Counsel Glenn Gerstell said “There's not a lot of really substantive changes to the statute.” It’s merely the appearance of privacy protections to appease anyone who doesn’t look too close. Votes are likely in the House on FISA the week of April 27th.

Context

• We don’t want malicious actors overseas plotting to hurt us here at home. However, these backdoor searches have been abused in a myriad of ways, and often return information relating to innocent American citizens—not terrorists overseas.
• This means surveillance authorities explicitly designed for foreign threats are routinely touching the private communications of everyday Americans. And, once that information is collected and stored, it becomes available for use in ways that extend far beyond the original national security purpose.
• Many of the communications swept up in 702 surveillance are wholly innocent. The Privacy and Civil Liberties Oversight Board has emphasized that “ordinary Americans may be in contact with Section 702 targets for business or personal reasons even if the Americans have no connection to, or reason to suspect, any wrongdoing by their foreign contacts and even when the government has no reason to believe the target has violated any U.S. law or engaged in any wrongdoing.”
• Some argue that “if you have nothing to hide, you have nothing to fear.” But that framing fundamentally misunderstands both the purpose of civil liberties and the risks of unchecked government power.

• First, privacy is not about hiding wrongdoing. It is about maintaining the space necessary for free expression, association, and dissent, without fear of retribution for disagreement, even with those in power. Many Americans routinely engage in lawful but sensitive activities, such as communicating with journalists, protesting, seeking medical or legal advice, or practicing their religion or beliefs.
• Second, the issue is not just what is collected, but how it can be used. As documented, these authorities have been used to search for information about protestors, political donors, journalists, elected officials, and others. These are not hypothetical concerns but real-world examples of how surveillance tools can be misapplied.
• Third, civil liberties are not contingent on individual innocence. Constitutional protections are designed to apply broadly, ensuring that the government’s power is exercised within clear limits. The Fourth Amendment, in particular, reflects the principle that searches of Americans’ private information should generally require a warrant based on probable cause. Practices under FISA should be no different.

Key Reforms

Backdoor Search Loophole

• Warrantless searches of Americans are not a side effect. They are already happening at scale and are being used far beyond national security.
• Courts are increasingly skeptical of these practices. A federal court ruled last year that certain warrantless backdoor searches of Americans’ communications are unconstitutional.
• The fix is straightforward and consistent with existing law enforcement practice. Requiring a warrant before searching for Americans’ information simply applies the same standard that already governs domestic criminal investigations and foreign intelligence surveillance targeting Americans under Title I of FISA.
• Warrants, subpoenas, and other judicial orders are an important check against government weaponization because, by requiring law enforcement and intelligence agencies to justify querying the 702 database for Americans’ communications, they protect against speculative investigations based on constitutionally protected categories or aimed at suppressing dissent and punishing political detractors. In fact, FISA was enacted as a response to the FBI’s spying on anti-war and civil rights activists in the 1960s and 1970s. At the time, the agency justified these actions by claiming these movements had links to foreign communist groups.  
• Without reform, misuse is likely to continue. Even with internal rules, compliance violations have persisted for years, demonstrating that internal oversight alone is insufficient.
• In 2021, the FBI alone conducted 3.4 million warrantless searches of Americans’ communications through FISA's Section 702. In 2022, the government reported to the FISA Court that the FBI had misused FISA 278,000 times to spy on American citizens.
• See how Section 702 has been abused to violate our right to privacy here, and some of the newest known abuses here. Broader histories of misuse since its enactment in 2008 are here and here.
• Abuses in recent years have included searches for the communications of: 141 Black Lives Matter protesters, 19,000 donors to a congressional campaign, members of Congress,  multiple U.S. government officials, political commentators, and journalists, and tens of thousands of Americans engaged in “civil unrest.”
• In February, President Trump illegally fired the Democratic members of the Privacy and Civil Liberties Board (PCLOB). The PCLOB serves a critical oversight function over surveillance authorities, and members of Congress across the political spectrum have relied on its analyses of the impacts of surveillance authorities on privacy, civil rights, and national security interests.

Data Broker Loophole

• Data brokers are companies that collect, aggregate, and sell large amounts of personal information about individuals. This can include highly sensitive data such as location history, browsing activity, app usage, and other digital behavior, often compiled from apps, websites, and third-party data sources. This data is typically collected not with a specific law enforcement purpose in mind, but for commercial reasons.
• While the government would typically need to obtain legal process to get this kind of information directly from a service provider, it can instead purchase that data from brokers without a warrant, court order, or even a subpoena.
• Agencies such as the Federal Bureau of Investigation, the Drug Enforcement Agency, the Department of Homeland Security, and even local and state law enforcement have been able to purchase data without a court order, warrant, or subpoena to access our personal information.
• This is often referred to as the “data broker loophole,” and represents a very significant gap in existing privacy protections. It allows agencies to access large volumes of Americans’ sensitive information while maintaining that they are not “collecting” it in the traditional sense, since they are buying it on the open market.
• Agencies use the data broker loophole to circumvent the most significant FISA reforms Congress has enacted in over a decade: In 2015 Congress passed the USA FREEDOM Act to ban domestic bulk collection. But now agencies flout that prohibition by buying data in bulk, engaging in precisely the type of mass, suspicion-free collection of sensitive data Congress sought to ban.
• As the use of artificial intelligence expands, the risks grow even more significant. AI systems amplify the risks of the data broker loophole by enabling large-scale analysis of sensitive personal data, making it easier to track individuals, build detailed profiles, and make decisions based on poorly understood internal processes.
• The data broker loophole needs to be closed by requiring government agencies to obtain court orders before purchasing sensitive information about people in the United States. This would also prevent government agencies from supercharging its AI-powered surveillance and weapons systems with data broker information in the absence of court oversight.
• Congress considered this same reform during the previous FISA Section 702 reauthorization debate, which concluded in 2024 with the passage of the Reforming Intelligence and Securing America Act (RISAA). Amid that debate, the Senate voted on closing the data broker loophole as an amendment to RISAA, and a bipartisan majority in the House of Representatives contemporaneously passed the Fourth Amendment Is Not For Sale Act as standalone legislation.
• Before that, the House Judiciary Committee overwhelmingly passed the Protect Liberty and End Warrantless Surveillance Act, which would have closed the data broker loophole and also would have reauthorized Section 702.  Before that, the House of Representatives voted without objection to close the data broker loophole in an amendment to the National Defense Authorization Act.
• Momentum for reform has also gained in states, most notably with Montana unanimously approving SB 282 in 2025 to close the data broker loophole with respect to state government agencies.
• A coalition of state attorneys general, led by New Mexico Attorney General Raúl Torrez, recently called on Congress to close the data broker loophole. Joining Attorney General Torrez on this letter are attorneys general from California, Colorado, Connecticut, Hawai’i, Illinois, Maine, Maryland, Massachusetts, Michigan, Minnesota, Nevada, New Jersey, Oregon, Vermont, Virginia, and Washington.

Electronic Communication Service Providers

• Prior to the Reforming Intelligence and Securing America Act (RISAA) becoming law in April 2024, electronic communication service providers (ECSPs) that can be required to assist in Section 702 surveillance were defined to cover companies that directly facilitate and can access communications, for example, Google, AT&T, and Meta.
• RISAA redefined ECSPs to encompass almost any entity or person that has access to equipment that stores or transmits communications. This dramatically expanded the number of American businesses that can be secretly and warrantlessly compelled to assist the government in tapping into most communications equipment across the United States.

• There are limited exceptions (libraries, hotels, and restaurants), but virtually any business that provides WiFi to patrons — such as a commercial landlord providing office space for a media organization, nonprofit, or political campaign — could be compelled in this manner.

• In recognition of the problematic expanded definition of ECPS, the Intelligence Act of 2024 included a provision that narrows the ECPS definition to the category of companies in the FISC opinion that led to the expanded definition in the first place. However, this is not a meaningful fix because the entity discussed in those decisions is classified, and it remains confidential in the bill text.
• While the language in the IAA was an attempt to fix the overbroad definition, “secret laws” while allowed are incompatible with a healthy democracy, because they prevent people from holding the government accountable for violations of the law – making these violations more likely.
• The language that expands the definition of “electronic communication service provider” must be repealed to limit this practice.

Current Landscape: Why Now?

On April 20, Title VII of the Foreign Intelligence Surveillance Act (FISA) is scheduled to sunset, including the extremely controversial warrantless surveillance authority known as Section 702. The sunset of this Title, however, would not change the legal obligations of firms to provide foreign intelligence information under this authority. This is because the Foreign Intelligence Surveillance Court has already approved continued collection through to March 2027, irrespective of whether Title VII lapses. So Members have time to consider what reforms would be appropriate, without worrying about a reduction in collection's impact on national security. Despite this, the Trump administration and Speaker Mike Johnson (R-LA) have been pushing an 18-month reauthorization without any reforms.

Recent revelations have made the need for reforms to protect Americans’ privacy unmistakably clear. In March, arguments surfaced between the Pentagon and providers of AI search technology. The center of this dispute was the Pentagon's intention to collect and analyze "commercial bulk data on Americans, such as geolocation and web browsing data." Using AI tools to analyze large volumes of Americans' sensitive data would allow the government to identify Americans' movements, habits, and beliefs at an unprecedented scale and create comprehensive pictures of Americans' private lives.

Per recent polling, Americans are overwhelmingly on the side of reform — only 12% of Americans want FISA extended as-is. 76% of Americans want Congress to close the backdoor search loophole and 80% want Congress to close the data broker loophole.

Relevant Votes

House Votes

Closing the Backdoor Search Loophole:

12-Apr-2024: Biggs Backdoor Amendment to RISAA (Roll Call)

Tied: 212 Ayes (128 Rs, 84 Ds)

Closing the Data Broker Loophole:

17-Apr-2024: Fourth Amendment Is Not For Sale Act (Roll Call)

Passed: 219 Yeas (123 Rs, 96 Ds)

Expanding the ECSP Definition:

12-Apr-2024: Turner ECSP Amendment to RISAA (Roll Call)

Passed: 186 Noes (104 Rs, 82 Ds)

Senate Votes

Closing the Backdoor Search Loophole:

19-Apr-2024: Durbin Backdoor Search Fix Amendment (Roll Call)

Rejected: 42 Yeas (18 Rs, 24 Ds)

Closing the Data Broker Loophole:

19-Apr-2024: Paul Fourth Amendment Is Not For Sale Act Amendment (Roll Call)

Rejected: 31 Yeas (15 Rs, 16 Ds)

Fixing the ECSP Definition:

19-Apr-2024: Wyden ECSP Amendment (Roll Call)

Rejected: 34 Yeas (15 Rs, 19 Ds)

Resources

Congressional Letters/Op-Eds

• CHC, CAPAC, CPC Chairs Lead 53 Members of Congress in Sending Letter Urging Leadership to Include Fourth Amendment Protections in FISA Reauthorization
• Rep. Jayapal Op-Ed: Don’t fall for Trump’s lies — FISA 702 endangers your privacy 
• Rep. Davidson Op-Ed: Americans’ Fourth Amendment rights are not for sale 
• Sen. Wyden Statement on Revelation of Major Compliance Problems With FISA Section 702 Surveillance
• Sen. Lee and Sen. Durbin Op-Ed: We Disagree on a Lot. But We Know This Law Must Change. 

Coalition Letters

• Letters on key reform priorities to House and Senate Judiciary Committees
• Broad coalition letter (130+ orgs) calling on Congress to close Data Broker Loophole in any FISA reauthorization
• 90+ org coalition letter against a clean reauthorization of Section 702 of FISA

FISA Overview

• CDT: FISA Coalition Priorities
• CDT: Will Congress Seize the Opportunity to Fix FISA in 2026?
• Brennan Center: Section 702 of the Foreign Intelligence Surveillance Act, Explained
• Brennan Center: FISA 702 and Civil Rights Abuses
• AAJC: Denouncing the 2024 FISA Reauthorization 
• NYT: Secret Rift Over Data Center Fueled Push to Expand FISA Surveillance Program 
• Updated AAJC/AASF/Stop AAPI Hate: AAPI Factsheet
• AFP: Don’t Reauthorize Surveillance Powers Without Protecting Americans’ Rights 
• Testimony from Americans concerned about expanding surveillance 
• LETTER TO CONGRESS: A Clean Extension of FISA Section 702 Will Undermine Second Amendment Rights 
• EPIC: Coming to America: The Government Wants to See Your Emails
• Is Section 702 Still in Effect? Status and Expiration - LegalClarity
• Brennan Center: Foreign Intelligence Surveillance
• Former Congressman Bob Goodlatte: Will Section 702 become a backdoor gun registry? 
• Brennan Center: Watered-Down Warrant Proposal Is the Worst of Both Worlds
• Brennan Center: The need for FISA Section 702 reform is greater than ever
• Libertas Institute: Trump Says He’s Willing to Give Up Rights For Surveillance Legislation
• FISA Reform Needs to Happen Now | Project On Government Oversight 

Backdoor Search Loophole

• CDT: Debunking Myths Regarding the Warrant Requirement
• CDT: Four Reasons Why FISA 702 Needs a Warrant Requirement
• Brennan Center: Closing the Backdoor Search Loophole
• Brennan Center: Backdoor Searches Myths & Facts
• Brennan Center: The Truth Behind Section 702 Query Statistics

Data Broker Loophole

• POGO: Closing the Data Broker Loophole: A Q&A With a Privacy Expert
• Brennan Center: Closing the Databroker Loophole
• Brennan Center: Congress Must Close Data Broker Loophole by Prohibiting Government Purchases of Americans' Sensitive Data
• POGO: Data Broker Loophole Fact Sheet
• CDT: Your Data Is At the Heart of the Pentagon’s Battle with Anthropic

Electronic Communication Service Providers

• Brennan Center: An Explainer Regarding ECSPs’

• CDT: Explainer on the Impact of ECSP Expansion

Effect of Statutory Lapse on Intelligence Collection

• Demand Progress: The April 20 FISA Deadline is Fake
• Restore The Fourth: FISA Lapse Memo
• NYT: Congress’s Renewed Clash Over a Major Surveillance Law, Explained

FISA Abuses

• Trump suggests FISA Section 702 violates core civil liberties
• Brennan Center: New FISA Court Opinion Reveals Continuing Violations by the FBI
• AAJC/Stop AAPI Hate/AASF: Joint resource on FISA abuses on the Asian American community
• Newsweek: Trump admin sued over social media ‘surveillance’ of visa holders
• Cato: Trump DOJ Continues To Withhold FISA Section 702 Noncompliance Records

Polling

• Politico: Most Americans oppose government forcing AI use for surveillance, war
• Demand Progress: POLL: Voters Strongly Oppose Trump Admin’s Plans to Use AI for Spying, War

Pulte

• Pulte Appointment Underscores Need to Reform Section 702 Spying | Electronic Frontier Foundation 
• New Appointee to Lead Intelligence Department Is a Threat to Our Security | Project On Government Oversight 

If you are looking for more information or if you would like to chat about these issues, you can reach out to our experts: contact information here.