Secret Rift Over Data Center Fueled Push to Expand FISA Surveillance Program
A hidden dispute over whether a data center for cloud computing must cooperate with a warrantless surveillance program prompted the House last week to add a mysterious provision to a bill extending the program, according to people familiar with the matter.
The disclosure helps clarify the intent behind an amendment that has alarmed privacy advocates as Senate leaders try to swiftly pass the bill, which would add two more years to a wiretapping law known as Section 702. The provision would add to the types of service providers that could be compelled to participate in the program, but it is written in enigmatic terms that make it hard to understand what it is supposed to permit.
Data centers are centralized warehouses of computer servers that can be accessed over the internet from anywhere in the world. In the cloud computing era, they are increasingly operated by third parties that rent out the storage space and computing power that make other companies’ online services work.
Even as national security officials described the provision as a narrow fix to a technical issue, they have declined to explain a classified court ruling from 2022 to which the provision is a response, citing the risk of tipping off foreign adversaries. Privacy advocates, for their part, have portrayed the amendment as dangerous, so broadly worded that it could be used to draft ordinary service people — like cable installers, janitors or plumbers who can gain physical access to office computer equipment — to act as spies.
Under Section 702, the government may collect, without a warrant and from U.S. companies like Google and AT&T, the communications of foreigners abroad who have been targeted for intelligence or counterterrorism purposes — even when they are communicating with Americans. Enacted in 2008, it legalized a form of the warrantless surveillance program President George W. Bush began after the terrorist attacks of Sept. 11, 2001.
Specifically, after the court that oversees national security surveillance approves the government’s annual requests seeking to renew the program and setting rules for it, the administration sends directives to “electronic communications service providers” that require them to participate. If any such entity balks, the court decides whether it must cooperate.