Last month, the US president, Joe Biden, signed a surveillance bill that expanded the National Security Agency’s authority to require US businesses to conduct wiretaps on communications entering and leaving the country. Legal experts are uncertain about the extent of this new power, especially regarding which companies could be impacted. The American Civil Liberties Union and similar organizations are concerned that the bill has made the language governing the limits of wiretapping too vague, potentially exposing many American corporations to warrantless and secretive surveillance.
In April, Congress hastily extended Section 702 of the Foreign Intelligence Surveillance Act (FISA), which allows the NSA to wiretap communications between Americans and foreigners abroad under certain conditions. The program was previously limited to electronic communications service providers like Microsoft, Google, Sprint, and AT&T. However, recent attempts have been made to redefine what qualifies as an electronic communications service provider in order to increase the NSA’s scope.
Various digital rights groups are urging the US attorney general and the top spy to declassify information related to a court case that could provide clarity on the matter. They believe the new definition of an electronic communications service provider could potentially allow the NSA to compel almost any US business to assist them in surveillance efforts.
Concerns have been raised about the broad surveillance authorities granted in the bill and the potential for abuse. The Justice Department acknowledged receipt of a letter from over 20 organizations expressing these concerns but referred inquiries to the Office of the Director of National Intelligence (ODNI), which has not yet responded.
It is believed that data centers are the primary target of this legislative change, as indicated by comments from the assistant US attorney general for national security.