How the FISA Reauthorization Bill Could Force Maintenance Workers and Custodians To Become Government Spies

Tech companies and First Amendment groups are calling attention to a provision in a domestic spying bill that they say would significantly expand the federal government’s power to snoop on Americans’ digital communications—potentially by forcing employees of private businesses to become informants.

The Information Technology Industry Council (ITI), a global trade group that represents major tech companies including Google and Microsoft, is calling for last-minute changes to the Reforming Intelligence and Securing America Act (RISAA), which could get a final vote in the Senate on Friday. The bill’s primary purpose is to extend Section 702 of the Foreign Intelligence Surveillance Act (FISA), which allows U.S. intelligence agencies to scoop up communications between Americans and individuals abroad.

But the bill also includes a provision that “vastly expands the U.S. government’s warrantless surveillance capabilities, damaging the competitiveness of U.S. technology companies large and small, and arguably imperiling the continued global free flow of data between the U.S. and its allies,” the ITI said in a statement this week.

As Reason reported in December, that provision means that nearly any business or entity with access to telecom or internet equipment could be forced to participate in the federal government’s digital spying regime. The big target, as Wired noted this week, is likely to be the owners and operators of data centers.

Under the current FISA law, Section 702 only applies to telecommunications companies and internet service providers. But the amendment included in the RISAA would expand that definition to cover “any service provider” with “access to equipment that is being or may be used to transmit or store” electronic communications.

“The practical impact of the revised definition is significant and means any company, vendor, or any of their employees who touch the physical infrastructure of the internet could now be swept under FISA’s scope and compelled to assist with FISA surveillance,” the ITI warns. “If this amendment were to become law, any electronic communications service equipment provider or others with access to that equipment, including their employees or the employees of their service providers, would be subject to compelled FISA disclosure or assistance.”

In short, even someone like a custodian could be legally compelled to assist in the federal government’s spying efforts.

Marc Zwillinger, an attorney who has experience arguing before the Foreign Intelligence Surveillance Court (FISC), wrote this week on his personal blog that the RISAA would “permit the government to compel the assistance of a wide range of additional entities and persons in conducting surveillance under FISA 702.”

The newest version is less broad than what was initially proposed in December—for example, gathering places like hotels and coffee shops have been specifically excluded from the law. But, as Zwillinger writes, the revised definition would cover “the owners and operators of facilities that house equipment used to store or carry data, such as data centers and buildings owned by commercial landlords, who merely have access to communications equipment in their physical space,” as well as “other persons with access to such facilities and equipment, including delivery personnel, cleaning contractors, and utility providers.”

Because newsrooms and other places where journalists work are not specifically exempted, some First Amendment groups are also worried about how the expansion of digital spying authority could affect journalism.

“This bill would basically allow the government to institute a spy draft,” Seth Stern, director of advocacy at Freedom of the Press Foundation (FPF), said in a statement on Thursday. “If this bill becomes law, sources will rightly suspect that American newsrooms are bugged by the government. And journalists won’t be able to reassure them that they’re not, because, for all they know, the building maintenance worker is an involuntary government spy.”

The reactions from tech companies, legal experts, and free press advocates come on the heels of objections raised by various civil libertarian groups. As Reason‘s J.D. Tuccille covered earlier this week, some opponents of the FISA reauthorization bill have taken to calling it “the ‘Everyone Is a Spy’ provision, since potentially anybody with access to a laptop or WiFi router could be compelled to help the government conduct surveillance.”

If the RISAA is approved by the Senate on Friday, as expected, and signed by President Joe Biden, Americans will have little recourse except to hope that the Justice Department is telling the truth when it says it won’t use the broad authority contained in the bill. In a letter to senators on Thursday, Attorney General Merrick Garland wrote that his department “commits to applying” the new definition of electronic communications service providers in a narrow fashion. “The number of technology companies” covered by the new provision, he wrote, “is extremely small.”

Of course, anyone with a working knowledge of the history of federal surveillance programs—or any government initiative, for that matter—is probably right to be skeptical of that assurance.

“Even if the bill is intended to target data centers, it doesn’t say that,” Stern said in a statement. “And, even if one trusts the Biden administration to honor its pinky swears, they’re not binding on any future administrations.”

The post How the FISA Reauthorization Bill Could Force Maintenance Workers and Custodians To Become Government Spies appeared first on Reason.com.