As we have pointed out, Section 702 has one of the broadest authorizations for global, warrantless surveillance, and it is set to expire at the end of 2017. Ultimately, the only real way to “fix” it would be to allow it to sunset. However, the simple truth is that the U.S. Congress is not likely do that. Right now, it would be unrealistic to anticipate Congress allowing the FISA Amendments Act to expire. Another way to fix some of the core issues with surveillance under Section 702 would be to outright prohibit Upstream collection, since this is perhaps the most unlawful part of the program. As some have pointed out, Upstream constitutes a search of all internet traffic. But, again, we don’t believe it would be realistic to anticipate that type of action in the current U.S. Congress. There are not enough members willing to end a program that many consider to be effective and important.

That said, we believe there are still several ways to achieve meaningful reform of Section 702, and we are ready to fight for those reforms. These changes could have a real impact on protecting the rights of the people most at risk, and put another stone into the cathedral that is global surveillance reform.

Generally we can split these proposals into categories based on whether they codify existing or previous safeguards or create new ones. In each of these categories, there are proposals to increase the transparency and accountability of the programs conducted pursuant to Section 702. Several are derived from reports of oversight bodies, such as the Privacy and Civil Liberties Oversight Board (PCLOB) and the President’s Review Group. Our list is not exhaustive, but it does represent realistic avenues for reforming Section 702 to better protect human rights.

Codifying existing or previously existing safeguards

Include definitions to ensure proper understanding of the law – As the PCLOB noted, keywords in the FISA, like “targeting,” are not defined by law. In addition, while the PCLOB sought to reassure the public that the term “selectors” (which is not actually used in the statute but guides the implementation of the programs) is no longer is being stretched to include servers or gateways, we still don’t have mandatory public reporting that can provide ongoing reassurance of this. As we learned in the fight to reform the USA PATRIOT Act from 2013-2015, the intelligence community’s capacity to secretly redefine the scope of key terms can have a huge impact on the scale of surveillance. To avoid this, key definitions and limitations must be written into the public law.

Codify and expand Presidential Policy Directive 28 – U.S. President Obama took a huge positive step in surveillance reform when he implemented Presidential Policy Directive (PPD) 28, which, among other things, recognized that non-U.S. persons have a legitimate privacy interest. We should codify protections in PPD 28 to preserve them under future administrations, for example by including in the law PPD 28’s prohibition against using surveillance to obtain a competitive advantage. In addition, we should strengthen the language in PPD 28, such as by further narrowing the circumstances under which bulk data collection should be allowed (if ever), or by recognizing not only the “privacy interests” of non-U.S. persons, but also their fully fledged rights to privacy and freedom of expression. (We provide more information about this and meeting international human rights standards below, under “Creating new safeguards.”)

Minimize the data that are retained in massive surveillance databases – Some intelligence agencies have an internal practice of masking the identifiers of innocent people within surveillance information. This practice should be normalized and applied evenly to both U.S. and non-U.S. persons. Congress should also codify the requirement that all queries of Section 702 surveillance information be documented and included in regular audits.

Limit surveillance targets to foreign powers or agents of foreign powers – To limit the number of innocent people included in Section 702 surveillance, targets should be limited, at a minimum, to foreign powers or agents of foreign powers. This limitation existed in the original version of the President’s Surveillance Program (a program nevertheless hugely overbroad), and it would help to narrow the much broader mass surveillance program that operates today. We could accompany this requirement with improvements in process and procedure to help give the government the flexibility and faster response time it may need in some cases.

Creating new safeguards

Recognize human rights standards – The International human rights standards that exist under treaties ratified by countries around the world, including the United States, require that surveillance must be both necessary and proportionate. Unfortunately, the U.S. has never recognized that non-citizens outside the country have these rights. In order for Section 702 to satisfy the United States’ international obligations, not only should surveillance be limited to foreign powers as described above, but operations should be limited to those that are necessary and proportionate to achieve a legitimate and identified aim.

Strengthen the standards for collection – As discussed previously, the scope of what can be collected under Section 702 is very broad. This should be narrowed. To do this the law should be amended to expressly limit the valid foreign intelligence purposes of Section 702, such as to specific national security threats: sabotage, international terrorism, clandestine intelligence activities, attacks on the U.S. and its allies, and WMD proliferation. In addition, the language in FISA that presumes to authorize surveillance if the collection of foreign intelligence information is only a “significant” purpose, and not even the primary purpose, must be stricken from the law to close the huge loophole for circumventing the statute’s protections for human rights, which are already sharply limited.

Strike the encryption exception for data retention – Current policy is that information that is encrypted (or carries “secret meaning”) can be retained by the government indefinitely. As expert Laura Donohue has pointed out, it is an exception that threatens to swallow the rule limiting data retention, particularly as the amount of encrypted information on the internet continues to increase (a positive step that protects the digital integrity of users at risk). The current limits on retention should apply regardless of whether the information is encrypted.

Prohibit acquisition of communications that are not to or from targets – As part of the Upstream program, the NSA intentionally collects all internet transactions to, from, or “about” a target. This inclusion of information “about” a target specifically anticipates acquiring communications that are neither to or from people who have been identified as targets. The government has claimed, and the PCLOB has reiterated, that distinguishing content from metadata in the upstream scan is not possible at this time. But just because unlawful surveillance is necessary to conduct lawful surveillance does not mean it should be condoned. For example, there were previously limits to the scope of data that the NSA was getting under a surveillance program because the technology at the time did not allow compliance with statutory limitations. Only after the technology was developed to properly limit collection was the collection allowed.* Additionally, the ACLU has cast doubt on the overall assertion that there are no technical means to eliminate the acquisition of communications from non-targets.

Limit the dissemination of data to other agencies and international partners – Several U.S. government agencies and international partners or allies are authorized to access or receive surveillance data collected under Section 702. We should codify limitations on sharing and dissemination to ensure against secret mission creep and protect the sensitive information of people around the world.

Increase transparency and accountability

Increase transparency at the FISA Court – The USA FREEDOM Act took a step forward on transparency of FISA Court activities, including by requiring the publication of significant or novel FISA Court opinions no matter when they were written. To ensure that the public maintains an understanding of the law the government should be required to release the criteria it uses to determine whether an opinion issued by the FISA Court contains a significant or novel interpretation of the law. In addition, because the U.S. Department of Justice has refused to comply with the full scope of the USA FREEDOM Act provisions, Congress should reaffirm its intent to end secret law and give explicit retroactive application to those provisions.

Increase public reporting – Section 702 has provisions built in for internal oversight in the executive branch, by certain, limited Congressional committees, as well in the FISA Court. The current administration has supported transparency in its policy favoring publication of certain documents. However this has not included all documents that are necessary to review the programs, and there is no guarantee that the policy will continue, specifically when there are major changes or expansions of current programs. We must codify having a public eye into the operation of Section 702, consistent with national security, to preserve current levels of transparency. A start would be to require that reports about Section 702 surveillance, as well as the minimization procedures, which have already been released, and targeting procedures, be made public to the extent possible.