On June 4, documents disclosed by Edward Snowden revealed that the government uses cyber threat signatures and malicious code as the basis for collection occurring under Section 702. This raises new concerns regarding the Cybersecurity Information Sharing Act (CISA, S. 754), and demonstrates that passing this legislation could increase the controversial collection and use of communication that occurs pursuant to Section 702.

CISA permits companies to share threat signatures with the government, and requires that this information be immediately and automatically forwarded to the NSA. The new disclosures show that these signatures can then be used as “selectors” under the NSA Section 702 upstream program, with communications containing the signatures grabbed directly off the Internet backbone. Databases containing those communications can then be queried to find Americans’ information, and forwarded to domestic law enforcement agencies to initiate and aid in the investigation of any crime. As Congress considers legislation that could expand the number of communications containing threat signatures the NSA collects without a warrant, it should consider reforms to Section 702 that will close loopholes and restore due process protections.