FBI: Give us warrantless Section 702 snooping powers – or China wins
Never mind the court orders obtained to thwart Volt Typhoon botnet
Analysis The FBI's latest PR salvo, as it fights to preserve its warrantless snooping powers on Americans via FISA Section 702, is more big talk of cyberattacks by the Chinese government.
During a US House subcommittee meeting last week on cyber threats from Beijing, FBI boss Christopher Wray told lawmakers that "702 is the greatest tool the FBI has to combat PRC hacking groups." PRC being People's Republic of China.
Wray cited an example he's used previously about how, last year, Section 702 of America's Foreign Intelligence Surveillance Act allowed the FBI to observe Chinese government snoops trying to break into an unnamed US transportation hub and take action.
"We were able to quickly notify the entity and share technical details, which enabled them to be able to kick the Chinese off the networks before harm could be done — before some of the more apocalyptic scenarios we've been talking about here could transpire," Wray told the House select committee hearing on competition with China.
Section 702 is a contentious amendment to FISA that is supposed to allow US intelligence agencies to spy on foreign intelligence targets located overseas. In reality, the private communications of some US persons may be warrantlessly swept up in these Section 702 dragnets and analyzed by agents, which alarms privacy campaigners.
Failure to reauthorize Section 702 ... would be a form of unilateral disarmament in the face of the Chinese Communist Party
The amendment is due to expire by April 19 this year unless Congress votes to reauthorize it. Lawmakers have the option of tweaking the rules so that, for instance, warrants are required in certain circumstances or some other protections are put in place. The Feds aren't a fan of some of the changes to 702 right now under consideration, as they argue things like warrant requirements for all those queries they run each month will slow down and hamper investigations.
"Failure to reauthorize Section 702, or for that matter, reauthorizing it in a way that severely restricted our ability to use it, would be a form of unilateral disarmament in the face of the Chinese Communist Party," Wray continued. "I can assure the American people, the Chinese government is not tying its hands behind its back. It's going the other direction, and we need to do the same."
At yesterday's press briefing on China's Volt Typhoon crew infiltrating US critical infrastructure facilities' IT networks, Cynthia Kaiser, deputy assistant director for the FBI's cybersecurity division, revealed her agents, using spying powers granted under Section 702, "also identified other Chinese-state cyber actors" breaking into vital American systems.
"And in fact, we only know about many critical infrastructure entities compromised by the Chinese, because of FBI FISA 702 collections," she added.
Later on the call, when asked if Section 702 was used in the FBI's operation to remotely kill Volt Typhoon's KV botnet, Kaiser said she couldn't get into specifics. "But I want to end by noting how critical 702 is to all of our operations, especially within cyberspace."
We don't know all of the details, and don't have a seat in the war room where the FBI and other US agencies fight nation-state snoops on the regular.
But we do know, specific to the Volt Typhoon takedown: The FBI obtained warrants that allowed it to remotely search US-based routers that had been infected with backdoor malware by China. The Feds wanted to hunt for information about Beijing's espionage efforts before wiping that malicious code from the compromised devices.
Keyword here being "warrants." It is possible for the FBI to get court orders to conduct searches on remote equipment and perform other special operations, and it has done so many times in the past. The Feds draw the line at having to get a warrant for each and every query they run that may involve a US citizen, resident, or organization, it seems.
Within the FISA Section 702 debate, the FBI is fighting to retain its powers to conduct, without a warrant, surveillance that may accidentally or otherwise vacuum up US persons' data – powers that have been abused millions of times by the FBI. The Feds last year said auditors determined FBI agents had achieved a 96 percent compliance rate for FISA queries.
Drilling deeper, FISA Section 702 allows the FBI and its fellow federal organizations to monitor foreigners' electronic communications beyond America's borders. But if these emails, texts, and phone calls are with or about US persons, those individuals and organizations' data can get pulled in as well for analysis, along with anyone those US persons also talked to.
It's a wide net, and this has led to extreme cases of misuse — especially from the FBI, which has used 702 powers to conduct warrantless surveillance on US citizens including protesters, political campaign donors, and elected officials including a US senator.
In terms of cyber value, we've seen little evidence of queries providing value
Because of these abuses, and, you know, the constitutionally guaranteed right to privacy and protection from unreasonable searches and seizures, there's been a big push to reform Section 702 and require all US intelligence agencies to obtain a warrant before conducting a US person query.
Currently, there are four bills in Congress to reauthorize Section 702. But only two of them, the Protect Liberty and End Warrantless Surveillance Act (aka the Protect Liberty Act) and the even broader-reaching Government Surveillance Reform Act of 2023, include a warrant requirement.
"In terms of cyber value, we've seen little evidence of queries providing value, and in cases where it has, the Protect Liberty Act's exceptions for queries with consent (which critical infrastructure being targeted would certainly provide), queries focused on malware code, and metadata queries (which can map out unusual network traffic and intrusion attempts) mean that proposed reforms wouldn't inhibit operations," Jake Laperruque, deputy director of the Center for Democracy and Technology's Security and Surveillance Project, told The Register.
"The bottom line is the FISA 702 debate isn't about whether the authority is valuable, it's whether reforms unduly interfere with that value," he added. "The answer is a resounding no."
- Volt Typhoon not the only Chinese crew lurking in US energy, critical networks
- Congress told how Chinese goons plan to incite 'societal chaos' in the US
- Four more months of Section 702 snooping slipped into $890B US defense budget bill
- As NSA buys up Americans' browser records, Uncle Sam is asked to simply knock it off
Still, arguing the Feds can't fight terrorism and other serious crimes perpetrated by foreign governments without warrantless searches of Americans seems like a shell game at best, especially in light of the FBI's Volt Typhoon disruption, which involved court-issued search warrants.
"I think this is the same issue that has come up again and again in the government's rhetoric," Kia Hamadanchy, senior policy counsel at the ACLU, told The Register.
"They continue to speak to what they view as the overall value of Section 702 surveillance without making the case as to why this necessitates violating the constitutional rights of Americans. And I think it continues to be a disingenuous argument when it comes to cyberthreats from China."
One week it's needed to combat fentanyl, the next it's international polluters, or cyberthreats from China
Other organizations also advocating for reining in government snooping powers agree with this assessment.
"Remember the old television serials in which the antagonists often were monsters of the week, villains who'd show up for one episode to be vanquished by the heroes just in time for them to face a new monster in the next episode?" Electronic Frontier Foundation senior policy analyst Matthew Guariglia said.
This, he said, sounds an awful lot like Uncle Sam's strategy to convince the public of the need to renew Section 702.
"One week it's needed to combat fentanyl, the next it's international polluters, or cyberthreats from China, or Russia," he told The Register. Maybe the Feds are just that busy.
Ultimately, this surveillance tool, intended to be used overseas for national-security reasons, "has morphed into an invasive domestic spying program which can and has been used to investigate regular law enforcement matters in the US without a warrant," Guariglia said. "Absent major reforms, Section 702 should be allowed to expire." ®