A Washington DC court house building where the secretive Foreign Intelligence Surveillance Court sits. (Image: file photo) The US government does not need the approval of its secret surveillance court to ask a tech company to build an encryption backdoor.
The government made its remarks in July in response to questions posed by Sen. Ron Wyden (D-OR), but they were only made public this weekend.
The implication is that the government can use its legal authority to secretly ask a company for technical assistance, such as building an encryption backdoor into a product, but can petition the Foreign Intelligence Surveillance Court (FISC) to compel a US-based company if it refuses.
In its answers, the government said it has “not to date” needed to ask the FISC to issue an order to compel a company to backdoor or weaken its encryption.
The government would not say, however, if it’s ever asked a company to add an encryption backdoor.
A spokesperson for the Director of National Intelligence declined to comment.
The government relies on section 702 of the Foreign Intelligence Surveillance Act to carry out the bulk of its intelligence gathering and surveillance operations. Section 702 has long seen the powers as the “crown jewels” of the intelligence community’s legal authority. One application of the powers allows the government to ask a tech company to deliberately bypass the encryption on one of its products. Last year, the FBI sought a court order — albeit under a different legal statute — to force Apple to alter the software on a dead terrorist’s iPhone to decrypt its data.
Critics have long argued that the government has wide latitude to conduct surveillance under broad approvals from the FISC.
Marcy Wheeler, a national security blogger, explained in a blog post last month that the FISC can approve an annual certification affirming that the government requires assistance from a US tech company, but it doesn’t require a description of what specific assistance is needed. That gives the government a wide range of powers to issue directives without any further approval or review from the FISC to collect intelligence.
A declassified but highly redacted FISC opinion from 2006 states that a directive must be signed off by both the attorney general and the director of national intelligence.
The admission comes just a few weeks before the controversial section 702 powers are set to expire. Congress has until December 31 to pass a new surveillance law, or the intelligence community risks losing its powers at the end of the annual certification cycle.
Several reform and reauthorization bills are under consideration by lawmakers.
Wyden, who sits on the Senate Intelligence Committee, last month opposed the committee’s own proposed bill, arguing that it “leaves in place current statutory authority to compel companies to provide assistance, potentially opening the door to government mandated de-encryption without [FISC] oversight.”
Wyden’s own bipartisan bill, supported by committee colleague Rand Paul (R-KY), would require the government to obtain approval from the FISC for each request for assistance.
Contact me securely
Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.
NSA’s Ragtime program targets Americans, leaked files show
Leaked TSA documents reveal New York airport’s wave of security lapses
US government pushed tech firms to hand over source code
At the US border: Discriminated, detained, searched, interrogated
Millions of Verizon customer records exposed in security lapse
Meet the shadowy tech brokers that deliver your data to the NSA
Inside the global terror watchlist that secretly shadows millions
FCC chairman voted to sell your browsing history — so we asked to see his
198 million Americans hit by ‘largest ever’ voter records leak
Britain has passed the ‘most extreme surveillance law ever passed in a democracy’
Microsoft says ‘no known ransomware’ runs on Windows 10 S — so we tried to hack it
Leaked document reveals UK plans for wider internet surveillance