In August 2024, a quiet disclosure revealed that the FBI had built a querying tool letting agents search Americans’ communications without following required procedures [American]. Nobody caught it until it was too late. That revelation now looms over one of the most consequential deadlines in U.S. surveillance law: Section 702 of the Foreign Intelligence Surveillance Act expires on April 20, 2026 [CEPA], and Congress has no consensus on what replaces it.
The White House wants a clean 18-month extension with zero reforms [CEPA]. A bipartisan coalition in Congress wants warrant requirements added [Cato]. Civil liberties groups want the whole framework rewritten for an era where AI-driven inference engines can do things the 2008 statute never contemplated. The clock is ticking, and the outcome will define how AI-powered intelligence gathering operates for the next decade.
The Expiration Nobody Planned For
Congress has reauthorized 702 several times, each cycle more contentious than the last.
Photo by The 2023 renewal barely survived, passing only after months of debate and a sunset clause that everyone assumed would get quietly extended. That assumption was wrong.
This time, the political math broke. A coalition of progressive Democrats and libertarian-leaning Republicans refused to fast-track renewal, citing concerns about AI-era overreach. President Trump’s request for a straight 18-month extension without reforms [CEPA] hardened opposition further. The result: a slow-motion lapse that intelligence agencies flagged as operationally catastrophic but couldn’t politically prevent.
The fallout is real. The FBI, CIA, NSA, and National Counterterrorism Center conduct thousands of warrantless backdoor searches, known as U.S. person queries, each year under 702 authority [American]. Without active authorization, the legal basis for those queries evaporates. Intelligence community lawyers are now parsing whether existing collection can continue under residual authority or whether data pipelines need to go dark.
National security hawks call this an emergency. A more accurate description: a forced reckoning that was overdue by at least five years.
AI Surveillance Outpaced the Law
Here’s what changed since 702 was written in 2008: everything about how data gets processed.
Photo by The Department of Justice’s National Security Division has been working with the intelligence community to discuss new AI tools involved in processing or analyzing FISA-acquired information [CFR]. That word “discuss” is doing a lot of heavy lifting. There’s no statutory framework governing what those AI tools can infer, correlate, or predict from collected data.
The core problem breaks into three layers:
-
Collection scale: AI-driven systems cross-reference communications, metadata, and behavioral signals simultaneously, processing orders of magnitude more data than 2008-era systems ever touched.
-
Incidental capture: 702’s “incidental collection” loophole, originally a minor edge case, now sweeps up vast volumes of U.S. person data when AI casts wider analytical nets.
-
Inference gap: FISA regulates collection. It says nothing about AI-generated analysis of that collected data. An algorithm building a behavioral profile of a U.S. person from incidentally collected fragments operates in a legal void.
The statute wasn’t designed to fail. It was designed for a world where human analysts manually queried databases. AI didn’t stretch 702. It rendered the statute’s core assumptions functionally obsolete.
Tech Companies in Compliance Limbo
Legal teams at major cloud and communications providers are having a rough stretch.
Photo by Without active 702 authority, government data requests citing that statute land in a gray zone. Comply, and you risk privacy litigation. Refuse, and you risk national security penalties.
For companies with GDPR-aligned European subsidiaries, the conflict is sharper still. Any continued 702-style data sharing directly contradicts EU privacy obligations. Legal holds are reportedly in place at several major providers pending DOJ clarification on post-expiration request validity.
The practical response from engineering teams has been predictable: deploy privacy-by-design architectures as a hedge. If the legal framework is uncertain, build systems where sensitive data is compartmentalized by default. It’s not a perfect fix, more like shipping a patch while waiting for the upstream repair, but it’s the rational move when compliance requirements are undefined.
Tech companies aren’t waiting for Congress. They’re building legal hedges into their infrastructure right now.
Civil Liberties Groups Play Offense
The expiration handed privacy advocates their strongest legislative position since the Snowden revelations.
Photo by They’re not wasting it.
The bipartisan Government Surveillance Reform Act of 2026 is the most concrete proposal on the table. It requires warrants for viewing Americans’ information incidentally collected under 702, with exceptions for emergencies, and blocks federal agencies from purchasing data that would otherwise require a warrant [Cato]. That last provision is critical: it closes the commercial data broker loophole that intelligence agencies have used to sidestep Fourth Amendment constraints.
Key provisions in the proposed reform:
- Judicial approval required for any U.S. person query of 702-collected data
- Emergency exceptions with mandatory after-the-fact court review
- A ban on purchasing commercially available data to circumvent warrant requirements
- New disclosure obligations for AI tools used in surveillance analysis
Public sentiment is running in reformers’ favor. The FBI querying tool scandal [American] combined with broader AI anxiety has shifted the conversation. Whether that translates into votes is another question.
The Contrarian Case for Letting It Lapse
A minority but credible argument holds that the 702 gap isn’t a national security emergency.
Photo by It’s a necessary reset.
Intelligence agencies retain significant alternative authorities. Executive Order 12333 and criminal surveillance statutes remain intact. The operational dependency on 702, while real, isn’t exclusive. The sky-is-falling narrative overstates how much collection actually goes dark.
Historical precedent matters here. The 2015 USA FREEDOM Act passed only after the Snowden revelations made the status quo politically untenable. Without a forcing function, Congress defaults to clean reauthorizations that kick structural problems down the road.
Three bipartisan Senate working groups have convened specifically to draft AI surveillance frameworks since the expiration deadline became imminent. That’s more legislative energy directed at AI-specific surveillance law than the previous five years combined. The gap, uncomfortable as it is, may be exactly the pressure needed to produce legislation fit for this decade.
What Comes Next
The post-702 landscape will be shaped by three competing forces running at once:
- Executive improvisation: The White House is expected to issue interim guidance invoking Article II national security authority to bridge the gap.
Photo by Think executive orders, not statutes. Fast to deploy, easy to challenge in court.
-
Legislative reconstruction: The Senate Intelligence Committee has signaled a 90-day drafting window, with AI-specific provisions as a non-negotiable requirement. The Government Surveillance Reform Act [Cato] provides the baseline, but the final text will reflect months of negotiation.
-
Judicial intervention: Federal courts are poised to fill any remaining void. The Supreme Court’s 2018 Carpenter v. United States ruling on digital privacy expectations is expected to anchor new judicial standards for AI-assisted surveillance.
Expect all three tracks to collide. Executive orders will get challenged. Legislative drafts will stall and restart. Courts will issue rulings that reshape the playing field mid-negotiation.
FISA 702’s expiration exposed a surveillance framework built for a pre-AI world. The statute didn’t fail because lawmakers were negligent. It failed because the technology it governed evolved faster than any legislative cycle could track. Tech companies are already adapting their architectures. Civil liberties groups are pushing concrete reform proposals. Congress has a narrow window to write AI-era surveillance law that balances national security with constitutional constraints. The language drafted over the next 90 days will set the rules for AI-powered intelligence gathering for a generation. We didn’t stop pretending the law had kept up with AI. The law’s expiration did it for us.
