In 2013, Edward Snowden revealed that the National Security Agency was legally collecting millions of Americans’ phone calls and electronic communications—including emails, Facebook messages, and browsing histories—without a warrant. Congress has now decided not only to reauthorize these programs, but also to expand some of their most invasive techniques.

The spying initiatives Snowden brought to light are authorized under Section 702 of the 2008 FISA Amendments Act, which was set to expire later this month. On Thursday, Congress voted down an effort to reform Section 702, and instead passed a bill that expanded warrantless surveillance of US citizens and foreigners. The newly passed bill reauthorizes Section 702 for six years, long after President Trump’s first term in office will have expired.

The amendment that the House of Representatives shot down would have added significant privacy safeguards to the law, including the requirement that intelligence agents get a warrant in many cases before searching through emails and other digital communications belonging to US citizens. The bill Congress did pass, meanwhile, codifies some of the most troubling aspects of Section 702, according to privacy advocates. The legislation still needs to pass in the Senate, where fewer representatives are interested in significantly reforming the law.

Warrantless

Section 702 is intended to allow intelligence officials to electronically surveil non-US "persons reasonably believe to be located outside the United States” without a warrant. The NSA collects millions of video chats, instant messages, and emails under Section 702 by compelling companies like Facebook, AT&T, and Google to hand them over.

The law also allows the FBI to search through the NSA’s database without a warrant, constituting what critics like Democratic Senator Ron Wyden call a backdoor to the Fourth Amendment. The law technically only authorizes the collection of communications belonging to foreign individuals, but citizens and permanent residents easily get swept into the dragnet. For example, Americans who communicate with foreigners may be included.

That appears to be the case with Michael Flynn, Trump’s former national security adviser. Flynn’s communications with Sergey Kislyak were collected when intelligence officials conducted routine surveillance on the former Russian ambassador to the US.

'It incentivizes doing searches earlier and earlier, when it’s less and less justified.' Elizabeth Goitein, Brennan Center for Justice

Some gains to 702 reform had been made prior to this most recent bill. In April, the NSA halted one kind of surveillance authorized under Section 702, referred to as so-called “about” collection. It stopped amassing conversations concerning foreign targets, but that weren’t from the targets themselves. If two people discussed a terrorist’s email address in a text for example, their communications could previously get swept into an NSA database despite not being of specific intelligence interest themselves. The spy agency halted the program because it couldn’t stop accidentally collecting information belonging to Americans.

But the bill newly passed by Congress opens the door to reintroducing about collection in emergency situations only—though what constitutes an “emergency” isn’t specified, leaving room for broad interpretation. In the event that about collection did resume, experts say the new legislation would allow for a far more broad implementation. Now, just mentioning a target—rather than an identifier like their email address—could get you sucked into the dragnet.

“Not only does the bill say you have our blessing to collect communications that contain a target's email address, it also endorses collecting communications that merely contain a reference to the target,” says Elizabeth Goitein, co-director of the Liberty and National Security program at New York University School of Law’s Brennan Center for Justice. “So literally if you and I sent an email to each other that had the word ISIS in it, if you and I send an email that talks about ISIS, under this bill the government is authorized to collect it.” (Assuming ISIS is a group that the NSA is specifically targeting.)

The bill does impose a warrant requirement upon the FBI, but the way it’s written appears to weaken privacy protections rather than strengthen them, says Goitein. Under the legislation, FBI agents need a warrant to search the Section 702 database when a criminal investigation has already been opened, but not when national security is involved. That means the FBI can query the database on nothing more than a tip. “It incentivizes doing searches earlier and earlier, when it’s less and less justified,” says Goitein.

In the Dark

Much of the debate leading up to Thursday’s vote had been shrouded in secrecy. The intelligence community has largely refused to provide lawmakers and the public with detailed information about how Section 702's programs operate and, crucially, how effective they are. “There’s a lot of inaccuracies that are put out about it. These enormous mischaracterizations are put out,” says Neema Singh Guliani, legislative council at the ACLU.