The Department of Justice (DOJ) tried to calm concerns about a part of the bill that would change which companies must follow the nation’s spying laws.
The change, added in an amendment accepted by the House, worries Senate members who value privacy as they consider renewing Section 702 of the Foreign Intelligence Surveillance Act (FISA).
The amendment deals with a secret fight by the government to get a company to help with overseas spying, with the Foreign Intelligence Surveillance Court (FISC) deciding that a new law was needed to make the company comply.
Critics think the wording is too broad and will force too many companies to do 702 spying, but the Justice Department stated that it would only apply this definition to the type of company involved in the FISC case.
The department also promised to update Congress every six months about how this part of the bill is used.
Attorney General Merrick Garland sent a letter to senators asking them not to let 702 expire before the Friday deadline to renew the program.
Some lawmakers immediately made it clear that the promise did not change their minds.
Sen. Ron Wyden (D-Ore.), who introduced his own FISA 702 reform bill, wrote on the social platform X that the DOJ is not denying that the provision greatly expands the number of Americans and American businesses that can be forced to spy for the government.
A senior DOJ official previously told The Hill that the amendment was meant to address all concerns about including a wide range of businesses.
Section 702 allows intelligence agencies to spy on noncitizens abroad. But in doing so, they often gather communications from Americans in contact with the people being watched.
The bill makes several changes, including one that limits who can approve queries of the 702 database involving people in the U.S., and another that requires an audit for all searches involving U.S. residents after the fact.
An amendment from House Intelligence Chair Mike Turner (R-Ohio) changes the definition of the specific electronic communications service providers who must comply with Section 702.
A one-page explanation from the House Intelligence majority said the new definition fixes a loophole created by the Foreign Intelligence Surveillance Court by exempting “a specific type of provider,” while another explanation from the minority said the effort is “designed to respond to a very specific (and classified) fact pattern.”
The heavily redacted court opinion does not clarify the details that led the intelligence community to ask for a new law. Thursday’s letter stated that the vague public discussion is deliberate.
“Very few technology companies offer this service, and we will reveal these companies to Congress in a secret attachment. To avoid alerting foreign enemies to sensitive collection methods, the ECSP provision in H.R. 7888 was written in a way not to do so, Carlos Uriarte, head of legislative affairs for DOJ, wrote in a Wednesday letter to Senate Intelligence leaders citing the bill’s number.
“In order to ensure proper oversight and transparency of the government’s commitment to only use any updated definition of ECSP for the specific purposes mentioned above, the Department will also update Congress every six months about any applications of the updated definition.”
It’s a revision of a previous provision in the House Intelligence bill that raised concerns that the language would require businesses such as restaurants and hotels to share data produced by their patrons using their internet.
The new version of the amendment, now part of the bill, specifically excludes many businesses serving the public, such as restaurants, hotels, and libraries, as well as private homes. However, it has still angered privacy advocates.
A senior Justice Department official told The Hill last week that the provision “is really an effort both to respond to that opinion, and simply update the statute to keep up with the changes in communications technology.”
“The exceptions in the provision are intended to address every concern that has been raised. It exempts any type of food service, any public accommodation, every type of dwelling — homes, apartment buildings — every type of community facility, from libraries to hospitals, to recreational facilities and day care centers,” the official said.
“Claims that this is a broad expansion of the authority are just incorrect.”
Privacy groups outside of Congress have likewise been critical of the provision.
“The problem is that in pretty much any U.S. business, there are people who are communicating on their devices, and they might be communicating with foreigners overseas, and they might be communicating with foreign targets. And so the idea is that you could get at those foreign targets’ communications, but by picking up international communications that are transmitted through the equipment located in all of these businesses,” Elizabeth Goitein, senior director of the Brennan Center for Justice’s national security program, previously told The Hill.
“What you’re going to see in these establishments is just massive amounts of wholly domestic communications that we’re giving the NSA access to. And then the NSA is kind of on the honor system to not retain any of those,” Goitein continued, using an abbreviation for the National Security Agency.
Uriarte in his letter emphasized that the provision, like FISA itself, would only be used to target foreigners abroad.
“Under Section 702, it would be illegal to use the modified definition of ECSP to target any entity within the United States, including any business, home, or place of worship. It would also be illegal to force any service provider to target the communications of any person inside the United States, regardless of whether such a person is in contact with a nonU.S. person outside the United States,” he wrote.
The Department of Justice (DOJ) on Thursday tried to ease concerns about a provision in the bill to renew the country's warrantless spy powers. The provision, which was added in an amendment approved by the House, is worrying Senate privacy advocates because it changes the definition of which communications companies must follow the rules.
