Groups say FISA law needs more oversight -- now

Fear U.S. Senate will reauthorize warrantless surveillance of U.S. citizens before year's end

The specter that Congress will reauthorize the controversial FISA Amendments Act of 2008 without any changes to its sweeping spying provisions is evoking cries of alarm from advocacy and privacy groups.

Many say the law, originally targeted at keeping watch on foreign spies, agents and possible terrorists, has been amended to allow the government, without warrants, to monitor U.S citizens as well. Such powers would be unconstitutional, the groups contend.

The Foreign Intelligence Surveillance Act (FISA) was enacted in 1978 to improve the ability of courts to oversee foreign intelligence surveillance activities.

The FISA legislation initially created a set of procedures for electronic and physical surveillance of foreign individuals and groups that are located in the U.S. and are believed to be working for other governments.

The act established a special non-public federal court charged with issuing search warrants under FISA.

Over the years, the act has been significantly amended and broadened.

For instance, the FISA Amendments Act of 2008 gives the government broad powers to monitor all communications between people U.S. citizens and residents of other countries who are alleged to pose a risk to national security.

The amended law allows the National Security Agency and other spy agencies to monitor, without a warrant, all electronic communications between a suspect based outside the U.S. and a U.S. citizen that is in the country.

Various advocacy groups, including the Electronic Frontier Foundation (EFF), the Center for Democracy and Technology (CDT) and the American Civil Liberties (ACLU) have expressed concern that government agencies are using the law to justify extensive surveillance of both foreign nationals and millions of Americans.

The groups are demanding information on the number of American citizens who might have been impacted by the surveillance -- information they say is currently unavailable due to a near total lack of government transparency.

The groups say that questionable provisions of the law are now set to expire on Dec. 31, but would continue apace if Congress votes to reauthorize the provisions.

The U.S. House of Representative has already voted to extend the FISA Amendment Act for another five years. The advocacy groups say they fear that the U.S. Senate may approve the extension some time in the next few days.

Earlier this year, U.S. Senator Ron Wyden (D-Ore.) led a bipartisan group of nearly a dozen lawmakers seeking debate on the bill due to the concerns cited by EFF and the other groups.

In a letter addressed to the Director of National Intelligence, the senators demanded information on how many people within the U.S. had electronic communications intercepted and monitored by spy agencies.

Because the FISA legislation doesn't require individual warrants, "it is incumbent upon Congress to ensure that the government does not use these new authorities to deliberately spy on American citizens," the senators wrote.

"We are concerned that Congress and the public do not currently have a full understanding of the impact this law has had on the privacy of law-abiding Americans," the letter added.

Marc Rotenberg, president of the Electronic Privacy Information Center (EPIC) Friday expressed similar concerns.

"The public simply knows too little about the use of this surveillance authority" said Rotenberg, whose group is one of many seeking that Congress add new oversight mechanisms before reauthorizing the FISA law.

EPIC favors more detailed reports about FISA use, similar to reqorts required of federal wiretapping, he said.

"We also favor declassification of the opinions of the FISA Court," and an annual report on FISA use from the Inspector General of the Intelligence Community, he said.

"Its important for Americans to know if they are being eavesdropped on when they are talking to someone abroad," said Gregory Nojeim, senior counsel for the Center for Democracy and Technology.

Because the law does not require warrants or judicial oversight it is important for Americans to know how the surveillance is conducted and how people are targeted for the surveillance.

"You got this really broad program for collecting information from targets abroad. But if you are going to be targeting so many then you end up picking up communications of Americans and you cannot go around the warrant requirement," he said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Gov't Legislation/RegulationNational Security AgencysecurityregulationgovernmentintelGovernment/Industries

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts