Earlier this afternoon, the House Judiciary Committee circulated its draft FISA Sec. 702 reauthorization bill. This is a preliminary readout of the major problems I see with this legislation.



Mandatory Data Destruction Not Mandatory



One of the biggest vulnerabilities Americans face today is the growing volume of their personal data being stored on servers in the private sector and in government. In the government counterterrorism (CT) context—and CT intelligence collection was the original rationale for this authority—there is simply no reason for the government to continue the collection and storage of the information of innocent U.S. Persons (a legal definition that includes citizens and legal permanent residents).



The bill as drafted would allow the government to do exactly that for at least 90 days for "foreign intelligence purposes" and it allows the Director of the NSA (DIRNSA) to waive that requirement on an individual and specific basis if DIRNSA determines that such waivers are "necessary to protect the national security." All this provision will do is create more paperwork for NSA, but the waiver process could no doubt be largely automated, rendering this alleged reform meaningless. A genuine reform would 1) explicitly prohibit the government from obtaining and maintaining the data of Americans unless said Americans were the actual target of an authorized criminal investigation, and 2) require mandatory external audits (read Government Accountability Office) to confirm said data destruction.

No Penalties for Lying to the FISA Court



In September 2017, Demand Progress issued a report highlighting the number of times the NSA and Department of Justice have been caught violating Sec. 702, FISA Court orders, or both. From the report's executive summary: