What is Section 702?

Section 702 lets U.S. intelligence agencies gather communications of foreigners located abroad without a warrant. It’s made possible because much of the world’s digital traffic flows through U.S.-based companies and internet infrastructure.

The law, enacted in 2008, codified parts of the once-secret Stellarwind surveillance program created under the Bush administration after the Sept. 11, 2001, terrorist attacks. In 2013, former NSA contractor Edward Snowden disclosed documents detailing how the authority was used, fueling a global debate over privacy and mass surveillance.

The authority is widely viewed by intelligence officials as one of the government’s most vital national security tools, used for counterterrorism, cyber defense and tracking nuclear weapons threats, among other things. But it has also drawn scrutiny from privacy advocates and lawmakers in both parties because Americans’ communications can be incidentally collected under the program and later searched by agencies, including the FBI.

Privacy and civil liberties groups have long pushed for proposals requiring a warrant before intelligence analysts can query 702 data for information about U.S. persons. Such measures don’t break neatly along party lines. Republicans and Democrats have argued that Congress should not simply approve another extension, despite wishes to do so from the Trump administration.

In 2024, under then-President Joe Biden, lawmakers reauthorized the program for two years with a number of reforms, though those didn’t include a warrant requirement.

On the other side of the debate, national security officials and other lawmakers in both parties contend that adding a warrant measure would slow or weaken intelligence work at a time of heightened threats from China, Iran and others.

March: Key court approves 702 activities

The Foreign Intelligence Surveillance Court approved the government’s annual certifications for Section 702 a few months ago, allowing collection under the authority to continue into 2027 even if Congress failed to act before the statutory deadline. The certifications cover broad categories of national security risks. For instance, one may cover foreign hackers targeting U.S. critical infrastructure.

That court approval means a lapse in the statute doesn’t cause the intelligence community’s existing 702 collection to immediately cease. But the lack of a congressional renewal can create legal uncertainty for technology providers compelled to assist the government in collection. 

Unlike more clandestine intelligence tools used by agencies like the NSA to collect data on foreign adversaries, Section 702 relies on a legal mechanism requiring U.S. companies such as AT&T and Microsoft to turn over communications like emails and text messages that are tied to qualifying targets.

April: Congress approves a 45-day extension 

As an April 30 deadline to renew the authority approached, Congress still had not settled the debate and agreed to buy itself more time. Lawmakers passed a 45-day extension after senators secured a deal requiring the declassification of a secret Foreign Intelligence Surveillance Court opinion within 15 days that privacy groups argue would help better inform discussions on the future of the program.

The vote punted the authority’s expiration to June 12. The status of that declassification is still unclear.

Over the last few months, the FISA fight has been shaped by rising unease over privacy and government power, with Democrats and advocacy groups questioning how Americans’ communications are handled and processed once collected. Those concerns have been folded into broader debates over immigration enforcement, the intelligence community’s use of commercially available data and the potential for artificial intelligence tools to expand the government’s ability to analyze sensitive personal information.

June: Intelligence leadership fight further complicates renewal 

The debate grew more complicated after President Donald Trump moved to install Bill Pulte, the Federal Housing Finance Agency director, as acting director of national intelligence.

The decision soon injected a fight over intelligence leadership into the 702 talks. Democrats and some Republicans raised concerns about placing Pulte — a Trump ally with limited intelligence experience who has used his post atop the Federal Housing Finance Agency to scrutinize the president’s political foes — in charge of the intelligence community while Congress was being asked to extend one of its most powerful surveillance authorities.

The backlash helped sink another short-term extension this week. On Thursday, Trump said he would nominate Jay Clayton, the U.S. attorney for the Southern District of New York and former Securities and Exchange Commission chairman, to serve as director of national intelligence on a permanent basis. 

The move appeared aimed, at least in part, at easing concerns over Pulte, but it did not immediately solve the 702 problem. Clayton still needs Senate confirmation, and Pulte’s interim role still remains part of the dispute as the deadline approaches.

What happens when 702 sunsets?

A lapse would be historically significant because Section 702 has never before been allowed to statutorily expire. Because the FISA court approved the government’s certifications earlier this year, existing collection activity may continue for now. 

A more immediate concern involves whether agencies can add new foreign targets under already-approved court certifications, and whether companies will keep up with regulations without congressional renewal. If a company stopped complying with a 702 directive, the government could ask the FISA court to force compliance. Typically, the court has up to 30 days to rule.

Civil liberties advocates contend that collection can meaningfully continue even after a statutory lapse because of the way annual certifications are approved, and that other authorities remain available to support national security operations. 

With the the House of Representatives scheduled to recess until June 23, lawmakers would not be able to approve any extension for at least a week. It’s possible Trump may sign an executive order to extend the FISA deadline, though whether he has the authority to do so remains unclear.

Last month, Defense One exclusively reported that Sen. Kirsten Gillibrand, D-N.Y., was spearheading a markup amendment to the National Defense Authorization Act that would create a Cyber Force. The effort ultimately failed by a vote of 14-13, with four Democrats and 10 Republicans swatting the amendment down. Nine Democrats and four Republicans voted in favor.

“We remain optimistic about Cyber Force and the Senator will continue to push for its creation,” a Gillibrand spokesperson said.

While the Senate Armed Service Committee’s version of the National Defense Authorization Act sidelined the creation of a Cyber Force, it does scrutinize various Pentagon policy changes meant to strengthen U.S. Cyber Command, the current cyber-focused combatant command. 

The committee’s version of the NDAA “directs an independent review of whether CYBERCOM is adequately organized and resourced to meet its expanding authorities and responsibilities” and also calls for “an independent study on the roles, responsibilities, authorities, and resourcing of the Principal Cyber Advisors of the military departments.”

The push to establish a Cyber Force under the Army, similar to how the the Space Force and Marine Corps sit under the Air Force and Navy, was in tandem with a new think tank report examining the perceived cost, time, and benefits of setting up a new cyber-focused service branch. 

Joshua Stiefel, a former House Armed Services Committee staffer, co-chaired the Center For Strategic and International Studies and the Foundation for Defense of Democracies’ Commission on Cyber Force Generation. The findings, released earlier this month, said the creation of the service “would address longstanding structural challenges and build the Cyber Force the United States needs for this critical domain of warfare.” 

Stiefel told reporters earlier this month that the findings were released at a pivotal moment where it seems CYBERCOM has been given a significant amount of authority, but concerns over how the military handles its cyber-focused troops still persist.

“What's interesting is that as someone who was in the legislative process for almost seven years, we tried, I tried, my colleagues tried everything and it seems as if we've reached that breaking point where there isn't any more authority to give to address this problem that doesn't start to begin to chip away or take away from the service chiefs,” Stiefel said.  “And that dilemma means we're at this precipice.”