Senior DOJ official warns lapse of surveillance law would harm cyber investigations

A leading official at the Justice Department joined the White House in urging Congress to renew a controversial internet surveillance program for non-U.S. citizens on Tuesday, highlighting its critical use in cybersecurity investigations.

Assistant Attorney General Matthew Olsen told an audience at the Brookings Institution that Section 702 of the Foreign Intelligence Surveillance Act (FISA), which is set to expire at the end of the year, has given U.S. law enforcement agencies important powers since 2008 that have allowed them to stop terrorist activity, espionage and cyberattacks. 

“We've relied on 702 to mitigate and prevent foreign ransomware and other cyberattacks on us and on our critical infrastructure,” he said, noting that the law was particularly useful for cyber investigations because of how quickly it could be deployed.

Through Section 702, the National Security Agency and FBI can take data like emails and text messages from U.S.-based providers, such as Google and Apple, without the need for a warrant. The information collected is put into a large database that is overseen by the Justice Department, the Office of the Director of National Intelligence, federal courts and Congress.

The scope of the surveillance powers has drawn criticism from politicians on both sides of the aisle as well as rights groups fearful of overreach.

Olsen said on Tuesday that a return to the status quo before 2008, when law enforcement had to obtain court warrants for such surveillance actions, would be unfeasible for the level of hacking and espionage aimed at the U.S. 

“Even in cases where we could get enough information, the process of obtaining individual court orders each time took too long, often requiring months of effort — it’s simply not something we can do at operational speed, let alone at the speed required to disrupt a cyberattack,” he said. 

Olsen especially singled out the usefulness of Section 702 in the context of cyberattacks, including to identify "U.S. person victims of foreign hacking or spying."

"That’s what lets us warn and protect them. If we are to keep protecting Americans from escalating cyber and espionage threats, we need to maintain the capacity to conduct U.S. person queries," he said.

As an example, Olsen said a typical scenario would involve the FBI learning of a nation-state hack related an American energy company. The FBI would query 702 data to figure out what was stolen, what happened to the data, and whether there were other victims. 

Olsen added that U.S. agencies have no fallback authority to make up for the loss of Section 702 when it lapses in December.

He noted that Attorney General Merrick Garland and the Director of National Intelligence Avril Haines had sent a letter to Congress reiterating that there is “simply no way to replicate Section 702.”

President Joe Biden's national security adviser, Jake Sullivan, published his own statement on Tuesday highlighting the law's use in responding to cyber threats from China, Russia and nefarious cyber actors.

In January, NSA Director Gen. Paul Nakasone said that Section 702 has played an “irreplaceable” role in helping the agency fend off ransomware attacks. 

Bipartisan concerns

The law continues to face a barrage of attacks from across the political spectrum. Civil rights groups have long decried the law because it often involves the collection of information from U.S. residents who are in communication with the foreign targets of investigations.

But it also came under fire from Republicans in recent years after the Russia-focused investigations of former President Donald Trump. While Section 702 does not specifically relate to the part of the law used in the investigation of Trump officials, opponents have lumped it all together as an example of Justice Department overreach.

Rep. Jim Jordan (R-OH) is now head of the House Judiciary Committee — which has jurisdiction over FISA – and he said in October that Congress “should not even reauthorize FISA” because of how it was used in the investigation of Trump. 

Congress last extended the life of the surveillance powers in early 2018 but lawmakers made modest tweaks to the law, including a new mandate that the FBI account for every database query it makes for a U.S. person’s data.

There has been bipartisan skepticism about the program’s existing safeguards since ODNI last year declassified FISA court opinions related to Section 702 that found “widespread violations” by the FBI when querying the government’s database for information about Americans, the latest in a series of legal reprimands against the bureau.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.