NSA Section 702 and PRISM: warrantless surveillance of Americans

Congress passed the FISA Amendments Act of 2008, which created Section 702, in response to a legal crisis: the Bush administration had been conducting the NSA's warrantless wiretapping program, known as STELLAR WIND, outside any statutory authority after September 11, 2001. The New York Times reported the program in December 2005. The administration needed a legal framework. Section 702 provided one, authorizing the NSA to collect communications of non-U.S. persons located outside the United States from U.S. electronic communications service providers without obtaining an individual warrant for each target.

The statutory design included a limitation: Section 702 surveillance could only be targeted at foreigners abroad. Americans' communications collected incidentally, because they had communicated with a foreign target, were supposed to be subject to restrictions. The government was not supposed to use the database as a means of investigating Americans without going back to court for a warrant. That restriction did not hold.

The NSA operates two collection programs under Section 702. PRISM collects stored communications data directly from U.S. internet and communications companies, including Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, and Apple. Upstream collection intercepts data directly from fiber-optic cables carrying internet traffic. The two programs together created the largest collection of communications data in history, held in NSA databases that the FBI, CIA, and NSC can search without obtaining individual warrants.

The connection to this site's existing record: SHAMROCK, documented elsewhere on this site, ran from 1945 to 1975 and involved the NSA intercepting international telegrams without warrants for three decades. When the Church Committee exposed it, Congress passed FISA in 1978 specifically to prevent warrantless surveillance of Americans. Section 702 was passed thirty years later under the same statutory framework that was supposed to prevent exactly this. The FBI's use of Section 702 data to investigate Americans without warrants is, in primary source terms, the continuation of a pattern documented in this collection since 1945.

In June 2013, the Guardian and the Washington Post published documents from NSA contractor Edward Snowden. Among them was a PowerPoint presentation describing the PRISM program. The NSA confirmed PRISM's existence. Director of National Intelligence James Clapper acknowledged the program in a public statement. President Obama acknowledged it. The Director of the NSA testified about it before Congress. The documents' authenticity has never been formally disputed by any government official.

The PRISM slide showing the collection dates from each company reads: Microsoft July 11, 2007; Yahoo March 12, 2008; Google January 14, 2009; Facebook June 3, 2009; PalTalk December 7, 2009; YouTube September 24, 2010; Skype February 6, 2011; AOL March 31, 2011; Apple October 1, 2012. Each date represents when the company began providing data to PRISM. The slide describes the program as the number-one source of raw intelligence used in NSA analytic reports.

What PRISM collects: email, chat, video, photos, stored data, VoIP calls, file transfers, video conferencing, and login activity. All of it from the listed companies' servers, without individual warrants for each collection. The legal authority is the Section 702 certification process, renewed annually by the Foreign Intelligence Surveillance Court.

The Intelligence Community releases annual transparency reports on Section 702 use. The 2021 report, released by the Office of the Director of National Intelligence, states that in 2021 the NSA had 232,432 foreign targets under Section 702 collection. The FBI's own reporting to the FISC shows it conducted approximately 3.4 million queries of Section 702 data on U.S. persons in 2021.

The mathematics of that number: 3.4 million queries in one year is roughly 9,300 searches per day, or one search every nine seconds, every day of the year. Each search accesses communications data collected from the PRISM and Upstream programs without an individual warrant. Each search involves an FBI agent or analyst querying a database of private communications without obtaining judicial authorization for that specific search.

The PCLOB's September 2023 review of Section 702 found that the FBI's querying practices had shown persistent and widespread violations of the FBI's own querying standard, which itself is more permissive than a warrant requirement. The Board found the FBI frequently queried Section 702 data for purposes that did not meet the statutory requirement. It recommended Congress impose a warrant requirement on U.S. person queries.

The Foreign Intelligence Surveillance Court has released redacted versions of opinions describing specific FBI querying violations. These opinions, which represent the government's own court record, document what the warrantless searches were used for in specific documented cases.

From a 2022 FISC opinion, declassified and released publicly: the FBI searched Section 702 databases for over 19,000 individuals who had donated to the same congressional campaign. No foreign intelligence justification was established for searching the communications of 19,000 Americans who made political donations. The same opinion documents that the FBI searched Section 702 data for individuals involved in civil unrest following the death of George Floyd in 2020, including participants in Black Lives Matter protests, without establishing a foreign intelligence basis for those searches.

Additional documented cases from FISC opinions and government reports: the FBI queried Section 702 databases for suspects in the January 6, 2021 Capitol breach; for a member-elect of Congress; for a state judge who had written about police abuses in the judge's professional capacity; and for multiple individuals the querying agent had a personal relationship with. Each of these queries was conducted without a warrant. Each was documented as a violation of the FBI's own internal standards in FISC opinions that later became public.

The PCLOB 2023 report noted that the most troubling documented cases involved searches conducted for reasons unrelated to any legitimate foreign intelligence purpose, and that the pattern of violations was persistent enough to require structural reform rather than case-by-case discipline.

In January 2025, Federal District Court Judge Nicholas Garaufis of the Eastern District of New York issued a ruling in United States v. Hasbajrami that backdoor searches of Section 702 databases for U.S. persons ordinarily require a warrant under the Fourth Amendment. The case involved a U.S. person whose communications had been collected under Section 702's foreign collection and were then searched by the FBI without a warrant. Judge Garaufis found that the Fourth Amendment's warrant requirement applied to those searches.

The ruling was the most significant judicial limitation ever placed on warrantless Section 702 searches of Americans' communications. It created a direct conflict: the Intelligence Community had been conducting approximately 3.4 million such searches per year. The ruling said they required warrants. The Intelligence Community did not obtain warrants and did not publicly announce it was suspending the searches. Congressional debate over reauthorization continued with the January 2025 ruling as a central contested issue.

Section 702 was set to expire on April 19, 2026 under the terms of the Reforming Intelligence and Securing America Act passed in 2024. Congress was required to reauthorize the program or allow it to lapse. The reauthorization debate, ongoing through 2025 and into early 2026, centered on whether to impose a warrant requirement for U.S. person queries.

The government's position: a warrant requirement would make counterterrorism investigations impractical because the database is too large to obtain individual warrants for each query. The reform position: the FBI has demonstrated through 3.4 million annual queries and documented cases of abuse that the existing standard has no meaningful limiting principle. The January 2025 court ruling that these searches are unconstitutional was cited by both sides in different ways.

The certification documents authorizing Section 702 collection are submitted to the FISC and are classified. The specific types of communications being collected, the specific companies still participating beyond those named in the PRISM slides, and the current annual U.S. person query totals after 2021 remain withheld from public disclosure. The ODNI transparency report for years after 2021 had not been released as of this writing. The expiration date itself has passed; whether Congress reauthorized the program and under what terms is part of the continuing record.

SHAMROCK, documented on this site, ran from 1945 to 1975. For thirty years the NSA intercepted international telegrams of Americans without warrants, with the cooperation of Western Union, RCA Global, and ITT World Communications. When the Church Committee exposed it in 1975, NSA Director Lew Allen Jr. testified that the program had swept in the communications of American citizens and that the NSA had exchanged information with the FBI about individuals it had no foreign intelligence authority to investigate. Congress passed FISA in 1978 specifically to prevent this from recurring.

The Section 702 record documents the same pattern with different technology. Telegram interception became internet collection. Western Union became Google and Apple. Three companies became nine. The scale went from thousands of messages per year to billions per day. The FBI's warrantless searches went from individual agents reviewing telegram intercepts to 3.4 million database queries per year. The oversight mechanism designed to prevent a recurrence of SHAMROCK produced a FISC that was approving 99.97 percent of government surveillance requests, a secret court whose classified opinions documenting FBI violations were years in becoming public, and a reform debate that has cycled through multiple reauthorization votes without resolving the warrant question.