With just 10 days to go before Title VII of the Foreign Intelligence Surveillance Act (FISA) expires, surveillance hawks have intensified their propaganda and fear-mongering campaign.
On April 9, the House GOP leadership introduced their FISA Section 702 “clean” reauthorization bill, which would extend the program’s life through October 20, 2027. Simultaneously, the Central Intelligence Agency put out a FISA Section 702 “fact sheet,” and a 24-page joint federal law enforcement and intelligence Section 702 booklet was also made public. Both documents are slick, with high production values… and both are, at best, misleading.
The Oversight Architecture Is Not What It Was
The booklet’s central argument against reform is that §702 already operates under rigorous, multilayered oversight from all three branches of government. Page 10 displays an oversight wheel featuring the FISC, Congress, DOJ/ODNI, the Privacy and Civil Liberties Oversight Board, and IC internal compliance offices as coequal spokes. The CIA fact sheet calls §702 “the most extensively overseen US intelligence collection tool.”
These claims would be more persuasive if the oversight ecosystem they depict hadn’t been systematically destroyed in the months before the booklet was printed.
The PCLOB
The booklet lists the Privacy and Civil Liberties Oversight Board as a functioning oversight body. The reality is that on January 27, 2025, President Trump fired all three Democratic members of the five-member PCLOB without cause, leaving the board with a single Republican appointee, Beth Williams, and stripping it of the statutory quorum of three members required to commence new investigations and issue board reports.
A federal district court ruled those firings unlawful, ordering reinstatement; the government appealed, and the DC Circuit deferred the case pending the Supreme Court’s ruling in Trump v. Slaughter. The PCLOB, which Congress is being told to count on as an oversight body, is simultaneously the subject of active federal litigation over whether it is even legally constituted.
The “PCLOB report” the IC is circulating as current oversight of §702 is not a PCLOB report in any meaningful sense. It is a solo publication by Williams, the sole remaining member.
Senator Ron Wyden’s April 2, 2026, statement on the matter was pithy and to the point:
Donald Trump illegally fired members of the Privacy and Civil Liberties Oversight Board — now the only board member left is a former Trump appointee. She just put out a report that says Trump needs to do more warrantless spying on Americans. No one should fall for it.
Wyden also flagged what the Williams report omits:
The PCLOB report fails in another respect. I have raised concerns about a secret interpretation of Section 702 that affects the privacy of Americans. While this matter was addressed in the classified annex to the PCLOB’s 2023 report on Section 702, it was omitted entirely from today’s report.
Wyden has been warning about this secret legal interpretation for years, and his track record on these warnings is worth noting: in 2011, Wyden warned that the government had secretly reinterpreted the PATRIOT Act. Nobody believed it could be that bad. The Snowden revelations confirmed it was worse.
The FBI’s Office of Internal Auditing
The booklet’s FBI compliance section presents the RISAA reforms as a functioning compliance infrastructure. It doesn’t mention that in May 2025 — nine months before the booklet was produced — FBI Director Kash Patel disbanded the Office of Internal Auditing (OIA), the body established in 2020 specifically to monitor and improve compliance with national security surveillance, including §702. The OIA’s responsibilities were folded into the Inspection Division, a unit whose primary function is investigating agent misconduct and officer-involved shootings. Its leader, Cindy Hall, retired, most likely involuntarily.
The OIA was the central mechanism that produced the findings underlying the reforms the booklet celebrates. It was OIA audits that surfaced the 278,000 noncompliant queries documented in the FISC’s 2022 opinion — the same violations Patel himself cited when attacking the previous FBI leadership. As Elizabeth Goitein of the Brennan Center noted after the closure: “Without a separate office dedicated to surveillance compliance, [the FBI’s] abuses could go unreported and unchecked.”
The DOJ Inspector General’s 2025 review found that from 2019 through 2023, the FBI had implemented remedial measures that “reduced, but did not eliminate” compliance issues, and that “concerns about US person queries persisted” through the RISAA reauthorization.
The post-RISAA compliance picture the booklet implies is improving is also belied by recent disclosures.
FBI queries of Americans’ data rose 35 percent between December 2024 and November 2025, according to a March 2026 letter from FBI acting Assistant Director Ted Groves to the Senate Judiciary Committee. Wyden’s April 2 statement added that “sensitive” searches — those involving American journalists, political organizations, and religious groups — more than tripled in 2025, with “the FBI refus[ing] to explain why.” This is precisely the category of abuse that RISAA’s sensitive query approval requirements were supposed to curtail.
The Backdoor Search Problem Is Systematically Minimized
Both documents prominently feature the statutory prohibition on targeting US persons under §702 as the definitive answer to civil liberties concerns. “The US Government cannot use Section 702 to target Americans’ electronic communications for collection,” the CIA fact sheet states in bold. The booklet repeats variations of this claim throughout.
This framing is technically accurate and operationally misleading.
What both documents omit is that once foreign targets’ communications — including their communications with Americans — are collected, the FBI, CIA, NSA, and NCTC may query that database using American identifiers (names, phone numbers, email addresses) without a warrant. This is the “backdoor search” problem. The government collected the data without targeting Americans; it then searched for Americans in the collected data without any individualized judicial authorization. In 2022 alone, the FBI conducted more than 200,000 such searches. The Foreign Intelligence Surveillance Court (FISC) characterized the pattern of violations in those searches as “persistent and widespread.”
The warrant question is not merely a civil liberties talking point. In February 2025, a federal district court ruled that under the Fourth Amendment, the government must obtain a warrant to search §702 data using US-person terms, unless a specific established exception applies. That ruling is on appeal, but it represents the most direct judicial engagement with the constitutional question the IC’s documents treat as settled.
The CIA fact sheet’s closing argument — “Adding a new warrant requirement for FISA 702 will prevent the use of lawfully collected information to identify and stop threats to the American people” — is a policy assertion dressed as a factual claim. Reformers have argued that a warrant requirement applying only to queries using US-person identifiers would not impair collection against foreign targets, since collection occurs before any query. The warrant question applies to the search of already-collected data, not to the collection itself.
RISAA’s Surveillance Expansion Goes Unmentioned
The booklet discusses RISAA as a reform law. Neither document mentions RISAA’s most significant expansion of government surveillance authority: a new definition of “electronic communication service provider” that extends §702 compulsion orders to any entity with “access to equipment that is being or may be used to transmit or store wire or electronic communications.”
As the Center for Democracy and Technology documented at the time, this language is broad enough to cover data centers, colocation providers, business landlords, shared workspace operators, and others with incidental physical access to communications infrastructure. Senator Wyden called it “one of the most dramatic and terrifying expansions of government surveillance authority in history.” The DOJ issued a letter promising to apply the provision narrowly, but as Wyden noted, that commitment binds neither the current nor any future administration, and the underlying statutory authority remains on the books.
Wyden’s April 2 statement flags a related problem neither IC document addresses: “the government has used a loophole to more than quadruple warrantless collection under expired authorities” — specifically under PATRIOT Act “business records” provisions that expired more than six years ago. The IC’s public-facing materials present a bounded, tightly constrained program. The public record describes one that is expanding at every margin.
What the “Stopped an Attack” Claims Actually Show
The CIA fact sheet and booklet make sweeping claims about attacks §702 has prevented. These claims range from “needs caveats” to “never independently verified.”
The public record contains one well-documented, independently corroborated case of §702 contributing to the prevention of a terrorist attack on the American homeland: the 2009 Najibullah Zazi subway bomb plot. NSA §702 collection against an email address used by an al-Qaeda courier in Pakistan captured a communication from Zazi — then located in Colorado — urgently seeking advice on making explosives. The NSA passed the lead to the FBI, which identified Zazi and disrupted the plot before he reached New York. The ODNI’s own Guide to Section 702 Value Examples states that the PCLOB’s 2014 report concluded: “without the initial tip-off about Zazi and his plans, which came about by monitoring an overseas foreigner under Section 702, the subway bombing plot might have succeeded.” It is worth noting the PCLOB used “might have succeeded” — a hedge the IC routinely drops. It is also worth noting that the initial foreign email address was allegedly provided to the NSA by British intelligence partners, meaning the success resulted from combined allied intelligence sharing and §702 collection, not §702 alone.
That is one documented potential near-miss on American soil in nearly 18 years of program operation. The CIA fact sheet lists a foiled attack on a Taylor Swift concert in Vienna (not the United States); Operation Absolute Resolve (classified, unverifiable); a raid on drug kingpin El Mencho (a foreign partner operation in Mexico); fentanyl interdictions (drug enforcement, not terrorism prevention); and North Korean ransomware warnings (cyber threat notification). The booklet similarly leads with overseas operations, cyber intrusion detections, and drug interdictions.
This conflation of “contributed to national security operations” with “stopped an attack on the United States” runs throughout both documents. It may be that §702 has contributed to preventing additional homeland attacks that remain classified — program supporters assert this — but by definition, those claims cannot be independently verified.
Congress is being asked to grant a clean 18-month reauthorization based on classified threat vignettes produced by the agencies seeking reauthorization, evaluated by an oversight board that has been politically gutted, with the internal compliance watchdog that would catch abuses abolished, in a context where sensitive FBI searches of Americans’ communications tripled last year with no explanation, while a senator with an excellent predictive track record on surveillance abuses warns that the Section 702 program is operating under a secret legal interpretation that would “stun” the American public if declassified.
The Crawford bill
HR 8035, introduced March 24, 2026, amends the FISA Amendments Act of 2008 to push the §702 sunset to October 20, 2027. It contains no warrant requirement for backdoor searches. It contains no restoration of the PCLOB. It contains no reconstitution of the OIA. It contains no fix for the RISAA ECSP expansion. It contains no response to the secret legal interpretation Wyden has raised. And the bill completely ignores the ability of federal law enforcement and intelligence agencies to simply buy sensitive information on Americans, completely bypassing the normal Fourth Amendment requirement that government agents obtain a warrant before seizing and searching Americans’ data—something Wyden and Rep. Warren Davidson (R‑OH) have spent years trying to fix. It is three pages of legislative text extending a surveillance authority whose oversight infrastructure has been systematically dismantled, under circumstances its supporters’ own promotional materials cannot honestly describe.
All of those are reasons for Congress to hit the “pause” button on FISA Section 702 reauthorization, unless and until the problems described above are eliminated.
