Full Report
The number of FBI searches of data collected through the surveillance program known as Section 702 of the Foreign Intelligence Surveillance Act (FISA) between December 2024 to November 2025 rose to 7,413 from 5,518 the previous year.
Analysis Summary
# Regulation/Compliance: FISA Section 702 Reauthorization (2026)
## Overview
Section 702 of the Foreign Intelligence Surveillance Act (FISA) is a statutory authority that allows U.S. intelligence agencies (NSA, FBI, CIA) to conduct warrantless surveillance on non-U.S. persons located outside the United States. While the primary targets are foreign individuals, the program incidentally collects "U.S. person" data (emails, phone calls), leading to controversial "U.S. person queries" by the FBI.
## Key Details
- **Issuing Authority:** U.S. Congress (Legislative branch) / U.S. Department of Justice (Executive oversight)
- **Effective Date:** Current authorization expires April 20, 2026
- **Jurisdiction:** United States (National Security/Intelligence)
- **Status:** In Effect (Pending Reauthorization debate)
## Requirements
### Mandatory Requirements
1. **Foreign Intelligence Purpose:** Data collection must be targeted at non-U.S. persons reasonably believed to be located outside the U.S. to acquire foreign intelligence information.
2. **Query Justification:** FBI personnel must adhere to specific "querying procedures" when searching the 702 database for information regarding U.S. persons.
3. **Reporting and Transparency:** Agencies are mandated to provide annual statistical transparency reports (ASTR) to Congress regarding the volume of searches and data hits.
4. **Targeting Procedures:** The Attorney General and Director of National Intelligence (DNI) must adopt procedures to ensure targeting is limited to authorized subjects.
### Recommended Practices
1. **Warrant Requirement (Proposed):** Many lawmakers and civil liberties groups are advocating for a mandatory judicial warrant before searching the database for U.S. person data.
2. **Enhanced Auditing:** Rigorous internal auditing of FBI agents' search terms to prevent political or domestic targeting (e.g., January 6 defendants or protesters).
## Affected Organizations
- **Industries:** Telecommunications providers, Electronic Communication Service Providers (ECSPs), Internet Service Providers (ISPs).
- **Organization Size:** All sizes (if they facilitate international communications).
- **Geographic Scope:** Primarily U.S.-based entities or entities with data centers/operations within U.S. jurisdiction.
## Compliance Timeline
- **December 2024 – November 2025:** Reporting period showing a 35% increase in FBI U.S. person queries (7,413 total).
- **March 11, 2026:** Official notification to House and Senate Judiciary committees regarding search statistics.
- **April 20, 2026:** Statutory expiration of Section 702 (The "Sunset Date").
- **Late April 2026:** Targeted reauthorization (currently proposed as an 18-month "clean" extension).
## Implementation Guidance
### Assessment Phase
- **Data Identification:** Organizations must identify if they are classified as ECSPs under 50 U.S.C. § 1881.
- **Request Review:** Legal teams should assess past FISA directives to determine the scope of cooperation required.
### Implementation Phase
- **Intelligence Directive Response:** Maintain secure channels for receiving and processing lawful directives from the DNI/AG.
- **Access Control:** Ensure only specific, authorized government requests are fulfilled via technical gateways.
### Validation Phase
- **Audit Logs:** Maintain comprehensive logs of data hand-offs to the government for internal compliance and legal protection.
- **Certification:** Review current Attorney General/DNI certifications to ensure they are active and valid.
## Technical Requirements
- **Intercept Capabilities:** Providers must have the technical capability to isolate and provide communications of targeted individuals to the government.
- **Redaction/Minimization:** Systems must support the "minimization" of U.S. person data to ensure incidental collection is not retained or shared unnecessarily.
- **Secure Transmission:** Data must be transmitted to intelligence agencies via encrypted, secure government-mandated protocols.
## Penalties & Enforcement
- **Fines:** Civil penalties may apply for non-compliance with lawful directives.
- **Other Consequences:** Contempt of court charges via the Foreign Intelligence Surveillance Court (FISC). Loss of public trust and legal challenges from privacy advocacy groups.
- **Enforcement:** Enforced by the Department of Justice (DOJ) and the FISC.
## Related Standards
- **NIST SP 800-53:** Controls for data privacy and lawful interception.
- **E.O. 12333:** Broad executive authority for intelligence gathering (foundational to FISA operations).
- **50 U.S.C. § 1881a:** The specific legal code for Section 702.
## Resources
- **Official Documentation:** [dni[.]gov/index.php/newsroom/reports-publications]
- **Guidance Documents:** Annual Statistical Transparency Reports (ASTR).
- **Tools:** DOJ/ODNI Compliance Reviews.
## Practical Recommendations
- **Monitor Reauthorization:** Organizations should track the legislative progress of the April 20 deadline to see if "clean" or "reformed" versions (with new warrant requirements) pass.
- **Update Transparency Reports:** If your organization publishes transparency reports, ensure you have accurate metrics for the number of directives received.
- **Review FBI Query Trends:** Given the 35% rise in FBI searches, legal and compliance teams should prepare for potentially higher volumes of inquiries if Section 702 is extended.