A Surveillance Law in Limbo
Congress is once again wrestling with reauthorization of a surveillance authority that critics describe as deeply opaque — one where even those charged with overseeing it struggle to assess its real-world impact. The law in question governs so-called Section 702 powers under the Foreign Intelligence Surveillance Act (FISA), which permits warrantless surveillance of electronic communications belonging to foreign targets. The authority is set to expire at the end of this month, triggering an urgent — and divisive — legislative scramble.
The most contentious element of Section 702 allows U.S. officials to search, or "query," those surveillance databases using the personal information of American citizens, provided the American is communicating with someone abroad. Privacy advocates have long argued this represents a de facto backdoor into the communications of people who have never been accused of wrongdoing.
In an effort to address those concerns, Congress passed the Reforming Intelligence and Securing America Act (RISAA) in 2024, which reauthorized Section 702 while incorporating 56 amendments aimed at curbing abuses — abuses that had become embarrassingly public, including hundreds of thousands of improper database searches. Yet the same law contained provisions that some critics feared would actually expand the government's surveillance reach rather than curtail it.
The House voted early Friday to extend the existing law as-is for 10 days. The Senate followed suit. The Trump administration, for its part, has pushed for a 180-day "clean" reauthorization — meaning no new changes attached.
What Did RISAA Actually Accomplish?
That is, to put it bluntly, a question nobody seems able to answer with confidence. Elizabeth Goitein, senior director of the Brennan Center for Justice's liberty and national security program, put it plainly:
"I don't think we know"what positive outcomes have resulted from the 2024 law. She added that it's equally difficult to determine whether the feared expansions have materialized:
"We don't have reliable information on this."
Jake Laperruque, deputy director of the Center for Democracy and Technology's security and surveillance project, offered a similarly bleak assessment of the transparency problem:
"There's a lot of black boxes here."
Both Goitein and Laperruque remain skeptical that RISAA has produced meaningful improvements, and both have long argued that U.S. person searches should require a warrant. Intelligence agencies have consistently resisted that requirement, contending that it would significantly slow time-sensitive national security investigations.
On the opposite end of the spectrum, Glenn Gerstell, former general counsel of the National Security Agency and now a senior adviser at the Center for Strategic and International Studies, characterized RISAA as
"the most significant set of reforms to the statute since its adoption in 2008,"arguing that
"those reforms have had a dramatic effect."
The Numbers Dispute — and the Hidden Filter Problem
One of the most contentious factual debates involves the volume of U.S. person searches. By the intelligence community's official tally, those searches have fallen sharply over recent years: 119,383 in 2022, 57,094 in 2023, 5,518 in 2024, and 7,413 in 2025. Gerstell cited these figures as evidence of RISAA's most significant achievement, noting that both the Department of Justice Inspector General and the staff of the Privacy and Civil Liberties Oversight Board (PCLOB) have flagged the dramatic decline — with some even suggesting that the pendulum may have swung too far.
However, those statistics carry a significant asterisk. A Justice Department Inspector General report from last year concluded that an "advanced filtering tool generated queries that were not tracked by the FBI." The report described an FBI system featuring an advanced filter function that allows users to select specific casefiles, phone numbers, or email addresses to review communications with targeted facilities — and from there, examine communications involving other participants in those exchanges.
According to the report, the National Security Division of the Justice Department became aware of this participants filter function in or around August 2024 and grew concerned that searches conducted through it constituted separate queries subject to the full legal standard and procedural requirements — yet they had not been counted as such.
Goitein was direct in her assessment:
"It is quite clear that the searches that were run using this filter function met the statutory definition of queries, and yet the FBI for some significant period of time decided to not count them as queries."
Laperruque pointed out that while RISAA included an audit mandate that was theoretically designed to catch exactly this kind of problem, it hasn't functioned as intended in practice.
"You're still relying on the FBI to properly log all of its queries and hand them over for DOJ to be checked, which hasn't happened. You're trusting DOJ and the executive to engage in self-policing, and that's something where folks rightfully have a lot of skepticism based on how DOJ has conducted itself recently,"he said.
Gerstell acknowledged the ambiguity around the filter function, but referenced reports suggesting that most of those searches would have been compliant even if counted, since they were subsets of already-compliant queries. He conceded, however, that the data needed to confirm that conclusion is unavailable.
The Expanded Definition — and Its Murky Consequences
Critics of RISAA also raised alarms about its revised definition of "electronic communications service provider," which some warned could sweep in businesses like coffee shops or landlords — entities far removed from the traditional telecommunications companies the law was designed to govern. The reported, though formally undisclosed, intended target of the definitional change was data centers.
"That was a pretty big expansion with a lot of potential abuse,"said Laperruque. Yet, he acknowledged,
"we don't really know much about how it's changed"anything in practice.
Following RISAA's passage, Virginia Senator Mark Warner — the top Democrat on the Senate Intelligence Committee — sought to advance clarifying language narrowing the provision's scope. The Biden administration stated it would limit the authority to the kind of undisclosed business arrangements that originally prompted the change. But Warner's clarifying language never became law, and the Trump administration has made no comparable commitment.
Court Pushback and Codified Reforms
Adding further complexity, the Foreign Intelligence Surveillance Court (FISC) has issued its annual opinion re-certifying the Section 702 program but reportedly took issue with the program's filtering systems. The court found that when such a system is used to search for information on Americans, it must be counted as a query, thereby subjecting it to additional legal restrictions. The Trump administration has announced plans to appeal that ruling.
Additional critiques of RISAA center on the argument that many of its most celebrated reforms were not new at all — they were simply codifications of administrative changes that then-FBI Director Christopher Wray had already put in place. Goitein noted that abuses continued even after those changes were implemented. Gerstell pushed back, arguing that enshrining the changes in statute had independent value, and that some provisions went further than Wray's internal reforms. Those codified changes included requiring FBI deputy director approval before querying databases using the information of elected officials, government appointees, political candidates, political organizations, or members of the media — categories that had been among the most criticized targets of prior surveillance abuses.
Republican Divisions and the Fight Ahead
Within the Republican Party, the path to a clean reauthorization remains contested. Some lawmakers who had previously expressed reservations appear to have come around. Senate Judiciary Chairman Chuck Grassley, R-Iowa, had raised objections about restrictions on congressional attendance at FISC proceedings, but has since indicated that concern was resolved. Others reportedly shifted their positions following direct lobbying from the Trump administration — including a post on social media from President Trump himself, who wrote:
"I am willing to risk the giving up of my Rights and Privileges as a Citizen for our Great Military and Country!"
Others, however, have hardened their opposition, citing both the FISC opinion and broader reservations. Complicating the debate further are calls from lawmakers of both parties to block federal agencies from purchasing personal data from data brokers — a provision some want attached to any reauthorization vehicle. George Barnes, former deputy director of the NSA and now president of Red Cell's cyber practice, was unambiguous in his view that such an attachment was a distraction:
"This has nothing to do with this authority."
Lawmakers on both sides of the aisle have also complained that the Trump administration waited far too long before making the public case for Section 702. Only recently did the administration begin sharing specific examples of the law's value, including a claim that it had thwarted a 2024 terrorist attack targeting a Taylor Swift concert.
Barnes said he understood the rationale for releasing such examples but remained cautious about the practice:
"I was always understanding but frustrated by the need to release examples just because they choreographed to the adversary what we could do."
Despite the political friction, Barnes stressed that reauthorization carries genuine urgency, particularly on the cybersecurity front.
"A lot of the impact that I saw the authority having over my time was in cybersecurity as well. And so when you have foreign entities that are targeting the U.S., or U.S. interests overseas, that authority can be positioned to help eliminate those activities."
The core tension at the heart of the Section 702 debate remains unresolved: a law Congress cannot fully explain, renewed repeatedly because the alternatives feel worse, even as the evidence for or against its effectiveness stays largely hidden from public view.
Source: CyberScoop