This bill implements reforms to restrict warrantless queries for U.S. person communications under FISA Section 702 while simultaneously extending the underlying Section 702 authority by nine months.
Ron Wyden
Senator
OR
This bill implements significant reforms to foreign intelligence surveillance authorities, primarily by establishing strict new limitations and warrant-like requirements for accessing the communications data of U.S. persons collected under Section 702. It generally prohibits warrantless queries for U.S. person data, creating only four narrow exceptions, and mandates detailed record-keeping for all searches. Additionally, the legislation provides a nine-month extension of the underlying Section 702 authority until March 12, 2027.
New Privacy Rules Limit Warrantless Searches of U.S. Communications and Extend FISA Authority Through March 2027
This bill overhauls how federal agencies handle your digital data when they’re hunting for foreign intelligence. It sets a new baseline: federal officers are generally prohibited from accessing the content of communications belonging to 'covered persons'—which includes U.S. citizens and anyone currently on U.S. soil—unless they have a warrant or meet very specific criteria. While it tightens the leash on warrantless searches, it also keeps the lights on for the government’s broader surveillance powers by extending Section 702 of the Foreign Intelligence Surveillance Act (FISA) for an additional nine months, moving the expiration date from June 2026 to March 12, 2027.
The Digital Deadbolt
Under the new rules in Section 1, the government can’t just browse through collected data if it involves a U.S. person. To get a look at your 'covered information'—think emails or texts that would normally require a probable cause warrant—officials now need to check one of four boxes. They either need an active surveillance warrant already in place, your explicit consent, a defensive cybersecurity reason (like stopping a hacker from nuking your bank account), or a legitimate 'imminent threat' emergency. For example, if you’re a software developer whose data was swept up in a foreign sweep, an FBI agent can’t dig into your private messages just to see what’s there; they’d need a specific, documented reason that fits these narrow legal lanes.
Receipts for Every Search
One of the biggest shifts for the bureaucracy is a new 'paper trail' requirement. Every time an officer runs a query or accesses protected info, they have to create an electronic record. This isn't just a checkbox; they must include their ID, the date, the search terms used, and a written justification explaining why the search is likely to find foreign intelligence. For the average person, this means there’s finally a ledger showing who looked at what and why. Agencies have 90 days to prove to Congress that their record-keeping systems are up and running, which adds a layer of 'show your work' that hasn't always been there.
The Fine Print and the Clock
While the bill adds protections, it also includes some 'gray area' exceptions that could be stretched. The FBI, for instance, can still run queries without a foreign intelligence purpose if they’re trying to find info for a court case or a life-or-death emergency. There’s also the 'defensive cybersecurity' clause; while it’s meant to protect you, the bill doesn't strictly define what counts as a 'cybersecurity purpose,' leaving a window for interpretation. Finally, by pushing the FISA sunset date to March 2027, the bill ensures these surveillance powers stay active while the government adjusts to these new, stricter digital privacy hurdles.