Secret data center dispute spurred push to expand FISA surveillance program

Photo of author


A hidden dispute over whether a cloud computing data center must cooperate with a warrantless surveillance program led the House last week to add a mysterious provision to a bill extending the program, according to people familiar with The issue.

The disclosure helps clarify the intent behind an amendment that has alarmed privacy advocates such as Senate leaders. try to quickly pass the billwhich would add two more years to a wiretapping law known as Section 702. The provision would expand the types of service providers that could be forced to participate in the program, but it is written in cryptic terms that make it difficult to understand what it is supposed to allow.

Data centers They are centralized warehouses of computer servers that can be accessed via the Internet from anywhere in the world. In the era of cloud computing, they are increasingly operated by third parties who rent the storage space and computing power that power other companies’ online services.

Even as national security officials described the provision as a limited solution to a technical problem, they declined to explain a classified court ruling starting in 2022, to which the provision is a response, citing the risk of alerting foreign adversaries. Privacy advocates, for their part, have portrayed the amendment as dangerous, worded so broadly that it could be used to recruit ordinary people (such as cable installers, janitors or plumbers who can gain physical access to computer equipment). office) to act as spies.

Under Section 702, the government can collect, without a warrant and from U.S. companies such as Google and AT&T, the communications of foreigners abroad who have been targeted by intelligence or counterterrorism targets, even when they communicate with Americans. Signed into law in 2008, it legalized a form of the warrantless surveillance program that President George W. Bush began after the Sept. 11, 2001, terrorist attacks.

Specifically, after the court that oversees national security oversight approves the government’s annual requests seeking to renew the program and establish rules for it, the administration sends directives to “electronic communications service providers” requiring them participate. If any of these entities resist, the court decides whether they should cooperate.

Last August, the government partially declassified judicial rulings focused on the dispute. The surveillance court in 2022, and an appeals court panel a year later, sided with an unnamed company that had objected to being forced into the program because it believed one of its services did not meet the requirements. necessary criteria.

The details were redacted. But according to people familiar with the matter, who spoke on condition of anonymity to discuss a sensitive issue, the judges determined that a data center service does not fit the legal definition of “electronic communications service provider” because it itself does not give its users the ability to send or receive electronic messages.

Portions not written in both sentences suggested that Congress update the definition if interpretation were a problem. “If the government believes that the scope of Section 702 directives should be expanded as a matter of national security policy, its appeal is to Congress,” wrote Judge Rudolph Contreras, then president of the oversight court.

And the appeal panel noted that the definition invoked in Section 702 It dates back to a law that Congress wrote in 1986, meaning it was “based on the architecture of the Internet that is now almost 40 years old.” They added: “Any unintended gaps in coverage revealed by our interpretation are, of course, open to reconsideration by the branches of government whose constitutional jurisdiction and authority extend to statutory review.”

In an interview, Matthew G. Olsen, head of the Justice Department’s national security division, said the impetus for the provision was because of the way communications technology had evolved since Congress drafted Section 702. in 2008. But he declined to address whether the data center boom was the specific catalyst.

“Over the last 15 years, we have gone from relying on just a handful of major Internet backbone providers,” he said. “As technology changes, we have to get back to the fundamental purpose of 702, which is about foreign adversaries using American infrastructure.”

Olsen also highlighted that the law only allows targeting the communications of foreigners abroad and that its use is subject to supervision by the three branches.

Privacy advocates have proposed a much more troubling interpretation of what the provision could do. In recent days, for example, the office of a prominent privacy-conscious senator, Ron Wyden, D-Ore., has circulated a warning that the provision could be used to recruit someone with access to a journalist’s laptop. to extract communications between that journalist and a hypothetical foreign source who was an intelligence target.

“Even if legislation is introduced that addresses a specific situation, history shows that intelligence agencies will use every inch of authority Congress grants to spy on Americans,” Wyden said in a statement, calling the provision “an expansion impressive Section 702.” , which should terrify anyone who cares about the rights of Americans.”

One of the provision’s co-sponsors, Rep. Jim Himes of Connecticut, the ranking Democrat on the House Intelligence Committee, expressed frustration over such concerns.

“Privacy groups – and I admire their commitment to civil liberties – have been suggesting that this is giving rise to the Stasi,” he said in an interview. “What they are doing here is a huge exaggeration, as they have done throughout the entire reauthorization process to try to generate fear.”

As lawmakers debated whether to renew Section 702, Himes and his co-sponsor, his Republican counterpart, Rep. Michael R. Turner of Ohio, introduced an amendment to broaden the definition of who could receive a directive. Under its changes, it would also cover “any other service provider that has access to equipment that is being used or may be used to transmit or store electronic or wire communications.”

Private advocates expressed dismay and said that, because of its clear language, the amendment could be used to force companies that offer wireless Internet services to customers (such as coffee shops and hotels) to take advantage of those networks for warrantless surveillance, collecting Americans’ messages to and from foreign targets.

Turner and Himes finally strengthened their relationship the amendment, adding a series of exceptions. These include restrictive directives toward entities that primarily serve as housing, community facilities, food service establishments, or other public accommodations.

The amendment passed, 236 to 186.

Still, as the bill heads to the Senate, privacy advocates have warned that the wording remains unacceptably broad. Sean Vitka, policy director at the civil liberties group Demand Progress, said that even if the Biden administration did not intend to use the provision so broadly, there was no guarantee that a future administration would agree.

“This change can be used to turn countless dozens of Americans into secret government spies, posing a serious threat to hundreds of thousands of businesses large and small and their many millions of customers and users,” he said.

In theory, the Senate could further limit the language to exclude the most alarming scenarios raised by critics of the provision. In that case, however, the bill would have to return to the House and, given the legislative calendar, there may be little time for that step.

Although Section 702 is written in a way that would allow the program to continue operating until early April 2025. Even if the statute expires Friday, Senate leaders appear determined to avoid any breaches of the law.

Leave a comment