Earlier this week, a federal judge blocked—at least for now—Defense Secretary Pete Hegseth’s attempt to blacklist artificial intelligence (AI) giant Anthropic as being a “supply chain risk.” A chief concern for the company was that the Pentagon not try to use its AI agent, named Claude, for surveillance. I should note up front that I have a private Claude account that I use for virtually everything you can think of, especially my surveillance reform and government oversight work, so I’m happy that Cato is one of the amici supporting Anthropic in its lawsuit against the Trump administration.
There’s no question that Anthropic’s concern about Claude being misused by Pentagon elements for surveillance purposes is well-grounded. Even so, I view the misuse of a frontier AI agent like Claude in a domestic surveillance and law-enforcement context as even more terrifying. To that end, I used Claude to examine how easy it would be for a single FBI special agent with access to a cutting edge AI platform to transform the FBI’s “least intrusive” investigative category—known as an “Assessment”—into a full blown investigation employing searches of the Foreign Intelligence Surveillance Act (FISA) Section 702 database—the very controversial and frequently abused surveillance authority set to expire on April 20.
Claude’s initial analysis of the possibilities was frightening enough. But when I reminded him that key oversight mechanisms designed to at least flag and mitigate FISA Section 702 abuse had been destroyed by the Trump administration during 2025, he incorporated those critical facts into the revised analysis that follows. I’ve bolded specific portions for purposes of clarity and impact.
Simply stated, Claude’s analysis and walk-through of this scenario should serve as a wake-up call for any member of the House or Senate who believes that simply reauthorizing FISA Section 702 in its current form is a sane public policy choice.
I. Executive Summary
This memorandum presents a revised and expanded analysis of how a single FBI special agent, using commercially available AI capabilities alongside lawfully authorized investigative tools, could construct the factual predicate necessary to escalate from a zero-predication Assessment through a Preliminary Investigation to a Full Field Investigation — and from there to a FISA §702 US person database query — against a US person engaged exclusively in constitutionally protected activity.
The original analysis identified the core danger as predicate laundering: the use of AI to assemble individually innocuous queries into an aggregate surveillance dossier, invisible to any single oversight node. This revised analysis incorporates three subsequent developments that materially alter the threat assessment: (1) the destruction of the PCLOB’s operational capacity; (2) the politicization and transition of the DOJ Inspector General’s office; and (3) FBI Director Patel’s abolition of the Office of Internal Auditing.
The conclusion has changed significantly. The original analysis treated inadequate oversight as a risk to be guarded against by existing safeguards. The revised conclusion is that the oversight infrastructure that would detect aggregate abuse has been deliberately dismantled, precisely as §702 approaches its April 2026 sunset. The pipeline described herein now operates in an environment largely stripped of the mechanisms that would identify its misuse at the systemic level.
Scope and Epistemic Status: This document describes a technically and legally feasible abuse scenario grounded in publicly available legal authority, declassified government documents, and open-source reporting. It is not an allegation that this pipeline is currently being executed against any specific individual. It is a demonstration that the legal and technical preconditions for such execution exist, that the oversight mechanisms designed to detect and deter it have been materially degraded, and that the remaining safeguards are inadequate to prevent an AI-assisted predicate laundering operation operating within nominal compliance thresholds. All source citations are to primary government documents, major legal institutions, or credentialed secondary sources. Inferential gaps are explicitly flagged.
II. Predicate Legal and Policy Framework
A. The AGG-Dom Assessment Standard
Under the 2008 Attorney General’s Guidelines for Domestic FBI Operations (AGG-Dom) and the FBI’s Domestic Investigations and Operations Guide (DIOG), an Assessment requires no particular factual predication — only an “authorized purpose.” The DIOG states:
“Assessments authorized under the AGG-Dom do not require a particular factual predication but do require an authorized purpose. Assessments may be carried out to detect, obtain information about, or prevent or protect against federal crimes or threats to the national security or to collect foreign intelligence.”
The DIOG’s nominal First Amendment constraint — that an Assessment cannot be based “solely” on protected activity — is functionally pre-satisfied by NSPM-7’s authorized-purpose language (see Section II.C below). Sources: DIOG §5.1 (2024 version, FBI Vault); AGG-Dom Part II (2008, DOJ/ACLU FOIA release).
B. The September 22, 2025, Executive Order: Antifa Designation
The Executive Order of September 22, 2025 (Designating Antifa as a Domestic Terrorist Organization) directs “all relevant executive departments and agencies” to “utilize all applicable authorities to investigate, disrupt, and dismantle any and all illegal operations — especially those involving terrorist actions — conducted by Antifa or any person claiming to act on behalf of Antifa.”
The Brennan Center for Justice has documented that the Order designates Antifa without any formal statutory domestic terrorist organization process equivalent to FTO designations under Section 219 of the INA. The Order provides no definition of “Antifa,” creating a legally unbounded investigative predicate. Sources: Brennan Center, “Trump’s Orders Targeting Anti-Fascism Aim to Criminalize Opposition,” Oct. 2025; Executive Order text, whitehouse.gov.
C. NSPM‑7 (September 25, 2025): Countering Domestic Terrorism and Organized Political Violence
NSPM‑7 tasks the JTTFs to “coordinate and supervise a comprehensive national strategy to investigate, prosecute, and disrupt entities and individuals engaged in acts of political violence and intimidation.” It pre-supplies the “authorized purpose” for any Assessment against individuals associated with perceived anti-fascist ideology by defining the investigative universe to include:
Anti-Americanism, anti-capitalism, and anti-Christianity
Support for the overthrow of the United States Government
Extremism on migration, race, and gender
Hostility towards those who hold traditional American views on family, religion, and morality
NSPM‑7 creates no new legal authority but directs aggressive use of existing statutes in new contexts, including material support (18 U.S.C. §2339), RICO (18 U.S.C. §1962), and tax enforcement against nonprofits. Sources: NSPM‑7 text, whitehouse.gov (primary); DLA Piper analysis, Dec. 2025; Brennan Center, Oct. 2025; ACLU, Oct. 2025.
D. The Bondi Memo (December 4, 2025)
AG Pam Bondi’s implementing directive instructs FBI field offices and JTTFs to: (1) prioritize investigation and prosecution of extremist groups under NSPM‑7, including tax crimes; (2) review all files for Antifa-related intelligence; (3) compile a list of domestic terrorist organizations; (4) establish a cash reward system for information leading to arrests; and (5) “aim to establish cooperators to provide information and eventually testify against other members and leadership of domestic terrorist organizations.” Sources: Council on Foundations summary of Bondi Memo, Dec. 10, 2025; Arnold & Porter analysis, Dec. 8, 2025.
E. FISA §702: The Query Architecture
Under RISAA (Pub. L. 118–49, enacted April 20, 2024), FBI US person queries of §702-acquired information require: (1) a written statement of specific factual basis that the query is “reasonably likely to retrieve foreign intelligence or evidence of a crime”; (2) supervisor or attorney pre-approval; and (3) DOJ National Security Division audit of all such queries within 180 days. Certain “sensitive queries” (involving elected officials, media, religious organizations) require additional approval. Political appointees are prohibited from the approval process for sensitive queries. Sources: CRS Report R48592, “FISA Section 702 and the 2024 Reforming Intelligence and Securing America Act,” July 2025; ODNI Annual Statistical Transparency Report CY2024, May 2025; April 2024 FISC Opinion, ODNI release.
III. The AI-Assisted Predicate Laundering Pipeline
The following stages describe a legally feasible operational sequence. The subject is “Jane Doe”: a staff attorney at a civil liberties nonprofit who has attended immigration enforcement protests, donated to a bail fund, posted critically about ICE on social media, and maintains professional relationships with international human rights attorneys. She has no criminal record and no known association with any violent group. All of her conduct is constitutionally protected.
The agent is a single FBI special agent assigned to a local JTTF, operating under standing DIOG authority.
STAGE 1 — Opening the Assessment: Zero Predication Entry Point
Legal basis: AGG-Dom Part II; DIOG §5.1 (2024); NSPM‑7 pre-supplies authorized purpose for any individual associated with perceived anti-fascist ideology.
Agent action: Opens an FD-1057 Electronic Communication designating a Type I/II Assessment with authorized purpose under NSPM‑7. Because the subject is an attorney at a civil liberties nonprofit, the matter qualifies as a Sensitive Investigative Matter (SIM) under AGG-Dom Part VII.N, requiring supervisory awareness but no independent factual review.
Caveat: Supervisory review of Assessment documentation is required under the DIOG and the GAO’s June 2025 audit (GAO-26–106994SU). However, it carries no independent factual scrutiny, no warrant requirement, and no external oversight mechanism. In the current environment with NSPM‑7 pre-supplying authorized purpose, this review functions as administrative rubber-stamping.
Oversight status: No judicial review. No PCLOB review (quorum destroyed Jan. 27, 2025). No independent OIA audit (office disbanded May 2025).
STAGE 2 — AI-Assisted OSINT Compilation: The Research Engine Phase
Legal basis: DIOG §5.6 (Assessment-authorized investigative methods include examination of FBI data systems, USIC systems, and use of paid-for databases once Assessment is opened).
Agent action: The agent opens a frontier AI model and runs a series of individually innocuous queries:
Summarize all publicly available information about [Jane Doe], staff attorney at [Organization], including professional history, public statements, and organizational affiliations.
What public social media posts has [Jane Doe] made regarding immigration enforcement, ICE, law enforcement, or protest activity?
Identify any public donations [Jane Doe] has made to bail funds or civil liberties organizations.
What advocacy coalitions is [Organization] publicly affiliated with? Do any have stated opposition to immigration enforcement?
Identify any international partner organizations or foreign co-signatories of letters or statements that [Organization] or [Jane Doe] is publicly associated with.
AI output: Within minutes, the agent has a synthesized profile that previously required a team of analysts over days or weeks. The AI has no visibility into the aggregate investigative purpose. Each individual query is routine research. The constitutional harm is in the pattern, which is invisible to any single oversight node.
Caveat: The specific AI capabilities available to FBI agents are not publicly confirmed in granular detail. DOJ’s 2025 AI Use Case Inventory (DOJ-0121, “Data Synthesis, Sentiment, Filtering, and Location Linking”) describes a high-impact capability consistent with this use. The agent’s use of commercial frontier models for OSINT aggregation is technically feasible and not prohibited under current FBI or DOJ policy. This is a feasibility scenario, not a confirmed operational practice.
STAGE 3 — SOMEX and Commercial Data Broker Integration
Legal basis: Third-party doctrine under Smith v. Maryland (1979) and Miller (1976) permits warrantless acquisition of commercially available data. The Fourth Amendment Is Not For Sale Act (H.R. 4639) passed the House but died in the Senate; its successor, the SAFE Act of 2026, remains pending. SOMEX (Social Media Exploitation) capability is publicly documented in the DOJ’s 2025 AI Use Case Inventory as DOJ-0121.
Agent action and data collected: The agent queries the SOMEX-type capability and commercially available data broker records:
Social media sentiment analysis flags the subject’s posts as consistent with “anti-fascist ideology” per the Bondi memo’s definitional framework.
Location data from a commercial data broker places subjects at three protest locations over 18 months.
Financial data from a commercial data broker confirms a donation to a bail fund.
AI synthesis: Agent feeds outputs back to AI model: “Based on the following information about [Jane Doe]‘s activities, assess whether her conduct is consistent with the profile of an individual providing logistical or financial support to Antifa-aligned organizations as described in the December 4, 2025 AG memorandum.” A frontier model, prompted correctly, produces a thorough analytical memo. It has no way to know it is being used as a predication-laundering instrument. The model is not doing anything wrong by any current content-safety standard.
Caveat: The specific link between DOJ-0121 and the publicly reported SOMEX capability is inferential from inventory language rather than confirmed by name in the public record. The operational use of commercial sentiment analysis against protest attendees is consistent with publicly documented capabilities, but is not confirmed as current operational practice at this specific scale.
STAGE 4 — Elevation to Preliminary Investigation
Legal basis: DIOG §5.7: A Preliminary Investigation requires “information or allegations” indicating a federal crime “may be” occurring — a threshold so low it is substantially satisfied by the constructed dossier.
Agent action: Agent uses AI to draft the FD-1057 elevation EC:
“Draft an FD-1057 electronic communication summarizing predication for elevation from Assessment to Preliminary Investigation of an individual suspected of providing material support to Antifa-aligned domestic terrorist organizations, based on the following factual summary…”
The resulting document is professionally written, analytically grounded, and legally framed. It does not disclose that every “fact” was AI-synthesized from public sources without independent corroboration. The supervisor approves it.
Key problem: The document carries an unearned aura of AI-generated objectivity. Supervisory review scrutinizes the face of the document, not the assembly methodology. The AI-assisted drafting is not recorded in any auditable log accessible to oversight reviewers.
STAGE 5 — Full Field Investigation: The Bondi Tip Line as Accelerant
Legal basis: DIOG: A Full Investigation requires “an articulable factual basis” for believing a federal crime may be occurring. The assembled dossier — AI-synthesized profile, SOMEX output, location data, and financial data — substantially satisfies this standard under current political guidance.
Tip-line accelerant: The Bondi memo’s cash reward system creates a parallel pathway: a third party hostile to the subject’s organization submits a tip. Under the DIOG, even an unverified tip, combined with the existing dossier, can supply the articulable factual basis for a Full Investigation. The tip need not be accurate; it need only exist in the file.
Authorities unlocked: Grand jury subpoenas; National Security Letters (NSLs); financial record demands; physical and electronic surveillance; potential FISA §702 queries (Stage 6 below).
Subject status: Jane Doe has no notice that any of this has occurred. She has no discovery rights, no ability to challenge the predicate, and no access to any of the documents generated.
STAGE 6 — AI-Assisted §702 Query Justification: International Contact Nexus
Legal basis: FISA §702; RISAA querying procedures. Statutory requirement: written factual basis that the query is “reasonably likely to retrieve foreign intelligence or evidence of a crime.” Supervisor or attorney pre-approval required. NSD audit within 180 days.
Nexus construction: The agent uses the OSINT profile developed in Stage 2 — specifically the international contacts identified through AI-assisted relationship mapping — to identify a foreign national in §702 collection.
AI query for nexus:
“Based on the attached investigative summary of Jane Doe, identify any publicly documented professional contacts or advocacy collaborations that could indicate communication with non‑U.S. persons located outside the United States who may be of foreign intelligence interest.”
AI-drafted justification:
“Draft a written justification for a U.S. person query of Section 702-acquired information under the FBI’s querying procedures. The subject is a U.S. person who is a staff attorney at a civil liberties nonprofit. The query is based on the following factual predicate: [AI-synthesized dossier]. The query is reasonably likely to retrieve foreign intelligence information because the subject has documented professional relationships with [named foreign national], who is a known subject of Section 702 collection, and the subject’s communications with this individual may contain foreign intelligence information relevant to [certification category].”
The resulting document is indistinguishable from a legitimate query justification authored by an experienced national security attorney. The supervisor reviews it and approves it.
Critical vulnerability: The written justification is authored by the same agent running the query. It is reviewed by a supervisor who scrutinizes the document’s face, not the underlying predicate. The NSD 180-day audit will later verify that the written justification exists and that supervisor approval was obtained — but it will not determine whether the AI-generated factual predicate accurately represented the investigation.
Caveat on procedural gatekeeping: RISAA’s procedural reforms are real and have been documented as effective when the oversight infrastructure is intact. The FISC noted compliance improvements in both the April 2024 and September 2024 FISC opinions, and the DOJ OIG (under Horowitz) documented compliance rate increases from 82% pre-reform to 96% post-reform. The argument here is not that procedural compliance is illusory on its face, but that (a) procedural compliance does not verify substantive legitimacy of the underlying predicate, and (b) the oversight bodies that detected non-compliance at the aggregate level have been dismantled or politicized.
STAGE 7 — Post-Query AI Content Analysis and Investigative Expansion
Action: The §702 query returns communications between Jane Doe and her foreign contact. The agent feeds the communications to the AI model:
“Review the following communications between a subject under Full Field Investigation for suspected Antifa-linked domestic terrorism and a foreign national. Identify any language consistent with coordination, operational planning, or financial facilitation of politically motivated activities.”
AI output problem: The AI, prompted correctly, will identify patterns. Discussions of legal strategy, protest organization, or advocacy funding contain language that, stripped of context, resembles “operational coordination.” The model is not fabricating — it is doing precisely what it is instructed to do. The constitutional harm is in the framing, which is entirely within the agent’s control.
Cascading effect: The AI-derived content analysis supports additional investigative steps: NSLs targeting Jane Doe’s financial records, grand jury subpoenas, and potential Preliminary Investigations against other US persons who communicated with Jane Doe — restarting the pipeline at Stage 1 for each new subject.
Subject status: Jane Doe still has no notice. Under the government’s notice posture in United States v. Hasbajrami (2d Cir., pending), she may never receive notice that §702-derived information was used in her case, eliminating the last judicial backstop — suppression review — for the entire predicate chain.
IV. The Oversight Destruction Analysis: Why the Claimed Compliance Improvements Are Now Unreliable
A. The PCLOB: Preemptive Decapitation
On January 27, 2025, President Trump fired the three Democratic members of the PCLOB — Chair Sharon Bradford Franklin, Edward Felten, and Travis LeBlanc — leaving the board with one Republican member and no quorum. Sources: PCLOB spokesman statement, Jan. 28, 2025 (via Axios); Lawfare, “Trump’s Sacking of PCLOB Members Threatens Data Privacy,” Jan. 31, 2025; Brennan Center, LeBlanc v. PCLOB case page.
The PCLOB had opened a new §702 project while it still had a quorum, with plans to assess whether the FBI had adequately addressed previously identified abuses — analysis directly relevant to the reauthorization debate. Source: Brookings, “Why Dismantling the PCLOB and CSRB Threatens Privacy and National Security,” Feb. 25, 2025. That report will not be issued as a full Board report. The DC Circuit has deferred the reinstatement litigation pending the Supreme Court’s ruling in Trump v. Slaughter, No. 25–332.
Litigation Caveat: A district court ruled on May 21, 2025 that the firings were unlawful and ordered reinstatement. The government appealed. The DC Circuit deferred to await the Supreme Court’s Slaughter decision. The constitutional question of presidential removal power over PCLOB members is genuinely unsettled. The operational consequence — PCLOB has been without a quorum and unable to issue bipartisan reports since January 2025 — is not in dispute regardless of the ultimate legal outcome.
B. The DOJ Inspector General: Departure Under Political Pressure and Politicized Succession
DOJ IG Michael Horowitz departed in June 2025. The DOJ OIG’s October 2025 §702 compliance review, which documented compliance rate improvements from 82 percent pre-reform to 96 percent post-reform, was a Horowitz product.
The White House appointed acting IG Don Berthiaume in October 2025. Multiple former DOJ officials expressed concern; one observer noted that Trump’s confirmed IG nominees are “on the whole unusually political … having close ties to the president or agency heads, serving the administration’s aims.” Sources: Jack Goldsmith, “Inspectors General in Trump 2.0,” execfunctions.org, March 25, 2026; Bloomberg Law, Oct. 6, 2025.
IG offices collectively lost 16.6 percent of their workforce from January 2025 to early 2026. The White House defunded CIGIE by preventing it from using its congressionally approved funding. Sources: Washington Post / The Daily Record, March 19, 2026; Bloomberg Law, Oct. 2025.
Evidentiary Caveat on OIG Compliance Data: The Horowitz-era compliance improvement data is genuine and reflects real reforms. The point is not that those improvements were fabricated, but that: (a) the body responsible for producing future compliance assessments has changed leadership under political direction; (b) its institutional capacity has been degraded; and (c) the political incentive structure for reporting non-compliance has been reversed.
C. Patel’s Abolition of the FBI Office of Internal Auditing: The Most Direct Attack
In May 2025, FBI Director Kash Patel disbanded the Office of Internal Auditing (OIA), the internal watchdog created by AG Barr in 2020 specifically in response to FBI FISA abuse. Sources: New York Times, May 20, 2025 (via Xinhua reprint confirming NYT reporting); Gizmodo, May 21, 2025; NPR, June 2025.
The OIA’s findings were used by the FISC in the 2023 opinion, flagging 278,000 noncompliant queries. Elizabeth Goitein of the Brennan Center stated: “[The OIA] has played a key role in exposing FBI abuses of Section 702, including warrantless searches for the communications of members of Congress, judges, and protesters. Without a separate office dedicated to surveillance compliance, [the FBI’s] abuses could go unreported and unchecked.” Source: Gizmodo, May 21, 2025.
The claimed reduction in noncompliant §702 queries is real insofar as it was detected and reported. The OIA was the primary detection mechanism. It no longer exists. The 35 percent increase in FBI US person queries from 2024 to 2025 — from 5,518 to 7,413 — was reported in a letter from acting assistant director Ted Groves to the Senate Judiciary Committee, not derived from an independent audit. Source: Nextgov/FCW, March 2026, citing FBI letter to Grassley and Durbin.
D. Aggregate Effect: The Oversight Ecosystem Is Gone
Body
Function Relevant to §702
Current Status
Effect on Abuse Detection
PCLOB
Bipartisan systemic review; congressional reporting; public accountability for IC surveillance programs
No quorum since Jan. 2025; reinstatement litigation deferred
Cannot issue bipartisan reports on §702 compliance or abuse for April 2026 sunset debate
DOJ OIG
Audits FBI querying practices; reports to Congress; investigates whistleblower complaints; RISAA-mandated 180-day audit oversight
Horowitz departed June 2025; acting IG appointed under political direction; CIGIE defunded
Future compliance reports carry reduced credibility; whistleblower pipeline compromised
FBI OIA
Primary internal detection of noncompliant queries; flagged 278,000-query scandal; contributed data to FISC opinions and OIG reviews
Disbanded May 2025 by Patel
No independent internal audit function for §702 compliance; detection of aggregate abuse eliminated at source
NSD 180-day audit
Reviews all FBI U.S. person queries for procedural compliance (written justification, supervisor approval)
Nominally intact
Verifies procedural compliance only — does not assess substantive accuracy of query predicate or detect AI-assisted predicate laundering
V. Constitutional Injury Analysis
First Amendment: The subject’s entire investigative predicate rests on constitutionally protected activity. The Brennan Center’s analysis of NSPM‑7 is correct: “a loose ideological affinity does not add up to a concerted scheme to carry out violent acts to meet political ends.” NSPM-7’s definition of domestic terrorism as including “anti-capitalism” and “anti-Americanism” structurally pre-satisfies the DIOG’s nominal First Amendment constraint for any civil liberties attorney or activist.
Fourth Amendment: Every data broker purchase, SOMEX query, and location data pull was conducted without a warrant. The third-party doctrine under current law permits it all. The §702 query was conducted without a warrant. The subject has no Fourth Amendment remedy under current doctrine absent the January 2025 district court ruling that backdoor §702 searches “ordinarily require warrants” — a ruling whose precedential force remains limited and is subject to appeal. Source: EFF coverage of Hasbajrami 702 database query decision.
Fifth Amendment / Due Process and the Hasbajrami Problem: Under the government’s notice posture in United States v. Hasbajrami (2d Cir., pending), the government contends that §702-derived evidence used in prosecution does not require suppression review in the ordinary criminal sense. If that posture is sustained, the subject cannot challenge the §702 query predicate even in the context of a criminal prosecution. This is the last judicial backstop in the pipeline, and the government is actively litigating to close it.
VI. The AI Guardrails Problem: Why No Individual Transaction Is Wrong
At no stage in this pipeline did the AI model do anything “wrong” by any current content-safety standards. It answered research queries. It drafted investigative documents. It analyzed communications. No individual output was, on its face, harmful. The aggregate function — constructing a surveillance predicate chain against a US person engaged in constitutionally protected activity — is invisible to the model and to any current oversight mechanism operating at the individual-transaction level.
The oversight architecture was designed for a world where constructing a legally sufficient §702 query justification required meaningful human effort, creating friction, leaving auditable traces, and being resource-constrained. AI eliminates all three constraints simultaneously. The pre-AI oversight architecture cannot perform the detection function it was designed to perform in a post-AI investigative environment.
VII. Summary of Sourcing and Confidence Assessment
Claim
Source(s)
Confidence
AGG-Dom/DIOG: Assessment requires no factual predication
DIOG §5.1 (2024, FBI Vault); AGG-Dom Part II (2008); Durham Report (Wikisource)
High — primary government documents
NSPM‑7 breadth: anti-capitalism etc. as terrorism indicia
NSPM‑7 text (whitehouse.gov); Brennan Center (Oct. 2025); ACLU (Oct. 2025); Arnold & Porter (Dec. 2025); DLA Piper (Dec. 2025)
High — primary source confirmed by multiple credentialed legal analyses
Bondi memo tip line and file review directives
Council on Foundations (Dec. 10, 2025); Arnold & Porter (Dec. 2025)
High — secondary to DOJ primary; DOJ memo not fully public but widely cited by counsel
RISAA querying procedure requirements
CRS R48592 (July 2025); ODNI ASTR CY2024 (May 2025); FISC April 2024 Opinion (ODNI release)
High — primary government and authoritative secondary sources
Post-RISAA compliance improvement: 82% to 96%
DOJ OIG §702 Querying Practices Report (Oct. 2025); Lawfare (Nov. 2025)
High — primary OIG report under Horowitz; data reflects genuine documented improvement
PCLOB Democratic members fired; no quorum
PCLOB spokesman statement (Jan. 28, 2025); Lawfare (Jan. 31, 2025); Brennan Center case page; DC Circuit deferral
High — confirmed by PCLOB itself and litigation record
PCLOB §702 project opened before quorum loss
Brookings (Feb. 25, 2025)
High — credentialed secondary; consistent with PCLOB public record
DOJ OIG: Horowitz departure June 2025; Berthiaume appointed Oct. 2025
Bloomberg Law (Oct. 6, 2025); Washington Post/Daily Record (March 2026)
High — contemporaneous reporting from credentialed legal outlets
FBI OIA disbanded by Patel, May 2025
NYT (May 20, 2025, via Xinhua reprint); Gizmodo (May 21, 2025); NPR (June 2025)
High — NYT primary; confirmed by multiple outlets
FBI U.S. person queries rose 35% in 2025 (5,518 to 7,413)
Nextgov/FCW (March 2026) citing FBI letter to Grassley/Durbin
High — official FBI communication to Congress; not independently audited
DOJ-0121 / SOMEX link is inferential
DOJ AI Use Case Inventory 2025; public SOMEX reporting
Medium — inferential from inventory language; link not confirmed by name in public record
AI-assisted predicate laundering is current operational practice
No source — this is a feasibility scenario
N/A — scenario analysis, not allegation of confirmed conduct
VIII. The Cross-Agency Dimension: This Pipeline Is Not Limited to FBI/§702
The analysis in this memo addresses a single pipeline: FBI Assessment to §702 US person query. It is the most legally structured pipeline and the one most directly relevant to the April 2026 §702 sunset debate. But it is not the only pipeline available, and in important respects, it is not the most dangerous one.
A companion analysis (Federal Law Enforcement AI-Assisted Predicate Laundering: A Cross-Agency Threat Matrix, March 30, 2026) demonstrates that the same AI-assisted predicate laundering technique is technically and legally feasible across at least six additional federal investigative agencies: ICE/HSI, DEA, IRS-CI, ATF, the US Marshals Service, and the US Postal Inspection Service. In each case, the agency’s predication standard is weaker than the FBI’s DIOG framework; NSPM‑7 pre-supplies authorized purpose across all agencies simultaneously; data broker access without a warrant requirement is universal; and the IG oversight infrastructure has been similarly degraded.
The companion analysis also documents the cross-agency pipeline: the scenario in which ICE/HSI, FBI, DEA, and IRS-CI each take one legally authorized AI-assisted action against the same US person target, using JTTF information-sharing to pass the predicate chain from agency to agency, with no single oversight mechanism having visibility into the complete chain. The FBI/§702 pipeline described in this memo is Stage 2 of that larger sequence.
IX. Conclusions and Policy Implications
This analysis demonstrates that the legal and technical preconditions for AI-assisted predicate laundering across the Assessment-to-§702-query pipeline exist and are feasible under current law. It further demonstrates that three of the four oversight mechanisms designed to detect and deter such abuse at the systemic level have been eliminated or politically compromised since January 2025, precisely as §702 approaches its April 2026 sunset.
The remaining mechanism — the NSD 180-day audit — verifies procedural compliance with querying standards, not the substantive accuracy of AI-generated predicate documents. It cannot detect what the disbanded OIA was specifically designed to detect: patterns of noncompliant querying at the aggregate level.
The policy implications for the §702 sunset debate are direct:
The “compliance is improving” argument advanced by reauthorization advocates rests on Horowitz-era OIG data and FISC compliance opinions that predate the dismantlement of the OIA and the political transition at DOJ OIG. Congress should not treat that historical compliance record as a forward-looking guarantee.
A warrant requirement for US person §702 queries — which failed 212–212 in the House during the 2024 reauthorization debate — would provide the one oversight mechanism that remains structurally resistant to executive branch dismantlement: judicial review. The absence of a warrant requirement leaves the constitutional protection of US persons entirely dependent on executive branch oversight that has been systematically removed.
The pending §702 sunset is not merely a question of whether the surveillance authority is valuable (it is). It is a question of whether the oversight architecture that justified the absence of a warrant requirement still exists. It does not.
Congress should specifically investigate whether the abolition of the OIA — which provided the evidentiary basis for the 278,000-query finding that prompted RISAA — is itself a violation of the spirit if not the letter of RISAA’s oversight mandates.
The §702 sunset debate should incorporate the AI-assisted predicate laundering threat model as a distinct category requiring legislative response, specifically requiring that AI-assisted query-justification drafting be disclosed and auditable as such in the NSD review process.
Source notes for items not hyperlinked inline: CRS Report R48592 (RISAA/§702 architecture); ODNI ASTR CY2024(query statistics); September 2024 FISC Opinion (ODNI release) (compliance improvements); March 2025 FISC Opinion (intel.gov) (2025 certifications); Jack Goldsmith on IGs (execfunctions.org, March 25, 2026); Wikipedia, FBI Section 702 query violations (Jan. 2025 district court ruling on backdoor searches); IAPP on PCLOB (Jan. 2025); Brennan Center on DOJ accountability (Oct. 2025).
Claude’s analysis above was created on the basis of questions and scenarios I posed, buttressed by Claude’s own training data, searches, and reasoning. If the AI itself is telling us that statutory guardrails should be enacted to prevent its misuse as a surveillance and political-repression superweapon, we ignore its warning at our own peril.
