Privacy and Civil Liberties Oversight Board
Public Forum on FISA Section 702
General Paul M. Nakasone
United States Army, Commander of U.S. Cyber Command,
Director, National Security Agency/Chief, Central Security Service
January 12, 2023
GENERAL NAKASONE: Thank you, Chair. On behalf of the Intelligence Community, I want to thank the Privacy and Civil Liberties Oversight Board as well as those watching today for your interest in one of the U.S. government’s most important foreign intelligence authorities, Section 702 of the FISA Amendments Act. The authority will sunset on December 31, 2023, unless Congress passes legislation to reauthorize it.
Without Section 702, we will lose critical insights into the most significant threats to our nation. Our role today in talking about this authority is to help inform the forthcoming congressional debates. You may be already familiar with the legal authority. For those who are not, a brief history. FISA, the Foreign Intelligence Surveillance Act, dates back to 1978, Title VII, which includes Section 702 as added as part of the FISA Amendments Act of 2008.
The additions to FISA were made, in part, to address changes in communications technologies and the growing global use of U.S. communication services, including some of the highest priority foreign intelligence targets. This legal authority allows the Intelligence Community to collect the communications of many of our most critical foreign intelligence targets located outside of the United States who use these U.S. infrastructure and services to communicate.
FISA Section 702 is irreplaceable. It is focused and limited, yet agile enough to address national security threats in an ever-changing, technological and threat environment. It allows the Intelligence Community to acquire the communications of specific foreign actors overseas and use those details to identify terrorist plots, track spies, identify cyber attacks and try to stop them as well as provide U.S. policymakers with the information they need to understand a wide range of national security threats.
As someone who was in the Pentagon during the attacks of 9/11, I have a personal perspective about how this authority has helped secure the nation in the years since those attacks. As the commander of U.S. Cyber Command, the director of National Security Agency, I have seen firsthand how FISA Section 702 has continued to provide critical intelligence that has kept our country and our allies safe and secure.
Since the initial enactment of 702 in 2008, our threat environment has evolved substantially. Our focus has shifted from counterterrorism to strategic competition. In the two decades since 9/11, we have seen the People’s Republic of China evolve as America’s primary geopolitical challenge. The PRC is the only competitor with both the intent to reshape the international order and increasingly the economic, diplomatic, military and technological power to advance that objective.
Meanwhile, Russia continues to pose an acute and ongoing threat to regional security in Europe. We’ve also seen the nature of conflict change drastically where cyberspace is a battleground and cybersecurity has become one of our most pressing national security concerns. And as we have seen in the last year, the world has moved into an era where the shift from competition to crisis to conflict can occur in weeks or days or even minutes rather than years.
To address these evolving challenges and continue to keep our nation secure, the Intelligence Community needs authorities that are technology-neutral and agile. FISA Section 702 is just that. This authority plays an outsized role in protecting the nation, providing some of the U.S. government’s most valuable intelligence on our most challenging targets. It provides unique information with minimal risk.
In addition, when we look at the National Security Agency’s overall reporting, intelligence from FISA Section 702 accounts for an oversized portion of reporting relative to its cost. This authority provides the U.S. government irreplaceable insights whether we are reporting on cybersecurity threats, counterterrorism threats or protecting U.S. and allied forces. FISA Section 702 has helped us to understand the strategic intention of the foreign governments we are most interested in, the People’s Republic of China, Russia, Iran and Democratic People’s Republic of Korea.
We have learned about espionage plots to obtain sensitive U.S. technological information. We have used information from FISA Section 702 to prevent weapon components from reaching hostile foreign actors. We have identified threats to U.S. troops. We have discovered sanction evasions and disrupted foreign cyber attacks. And intelligence acquired under this authority has stopped significant terrorist plots, saving American lives.
I want to repeat that. We have saved lives because of 702.
Last month, I was part of a panel at the Reagan National Defense Forum with Senator Angus King about hybrid warfare with other top military, government and industry leaders. Senator King discussed how difficult it is to talk about successes in the Intelligence Community since successes often means that terrorist plots were foiled, or cybersecurity vulnerabilities were patched and nothing happened.
As the Senator noted, how do we demonstrate to the public the fact that the dog didn’t bark in the night? It’s difficult to provide you with concrete examples of how this authority has helped protect the country because so many of our successes are just that, preventing the dog from barking in the night. We also have to limit what we share publicly because our foreign adversaries are paying close attention to how the Intelligence Community and, most specifically, the National Security Agency function in hopes of learning our tradecraft and evading detection.
But it is important for the public to understand why this authority matters. So where we can declassify stories that tangibly demonstrate its impact on our security, we will.
Let me start with an example from the early days of 702. In 2009, NSA discovered information in 702 data indicating an Al-Qaeda courier in Pakistan was in communications with an unknown individual in the United States.
We passed this information to the Federal Bureau of Investigation, who found that the individual, Najibullah Zazi, and a group of co-conspirators had imminent plans to detonate explosives on the subway trains in Manhattan. The attack was prevented. Zazi and his co-conspirators were arrested and pled guilty or were convicted of their roles in the planned attack.
Again, in 2014, FISA Section 702 provided the Intelligence Community key insights into ISIS planning and senior members of the terrorist organization, including ISIS leader Hajji Iman, ultimately leading to the removal of Iman, preventing attacks and, again, as Senator King mentioned, the dog didn’t have to bark. The information we get from 702 today is no less critical. Even as our focus has shifted towards strategic competition. This authority continues to provide critical intelligence to our policymakers.
Let me tell you about a few of the Intelligence Community’s most recent successes. The U.S. government identified multiple foreign ransomware attacks on U.S. critical infrastructure in 702 data. This intelligence positioned the government to respond to and mitigate these events and, in some instances, prevent significant attacks on U.S. networks.
In another recent example, the Intelligence Community used information from 702 to discover that a foreign adversary had used a cyber attack to acquire sensitive information related to the U.S. military.
In harkening back to the counterterrorism origins of the authority, FISA section 702 information contributed to a successful U.S. government operation against one of the last remaining 9/11 architects, Ayman al-Zawahiri.
These are just a few of the ways this authority has helped keep this nation safe. Stories like this are typically classified. There are countless others that we cannot share without putting the nation’s security and classified sources and methods at risk. But I hope these examples give you a sense of just how vital Section 702 is to our national security.
So I’ve talked about how this is a critical authority and a unique authority for the U.S. government’s foreign intelligence mission. But the PCLOB is tasked with ensuring we are also protecting the rights of U.S. persons. Civil liberties and privacy are central to the implementation of FISA Section 702.
The law was designed with safeguards to protect the rights of the American people and our allies. To that end, the collection must be focused on individual targets meeting specific criteria that must be documented and verified by those within and outside the Intelligence Community. Section 702 cannot be used to target Americans anywhere within the world or in any person outside the United States regardless of nationality. No exceptions.
Excuse me. Let me say that again. Section 702 cannot be used to target Americans anywhere in the world or any person inside the United States regardless of nationality. No exceptions. The government is also prohibited from targeting a foreign person abroad to learn about an American. Any information unintentionally collected is handled consistent with specific court-approved procedures intended to protect the civil liberties and privacy of U.S. persons and persons inside the U.S. By Executive Order, we extend comparable protections to foreigners.
This authority has layers of civil liberty and privacy protections embedded throughout from annual training to the use of the authority that I took again just last week to policy controls on when and how queries are conducted to technical controls on who has access to the data and how it is secure. Here at the National Security Agency, these safeguards are built upon a strong culture of compliance with a dedicated internal compliance group focused on identifying the sources of any possible incidents and improving the protections in place.
If there is an incident, NSA analysts report it, and it is investigated by our Compliance Group. After the investigation is completed, our training policy and technical controls are updated as needed. What is most important from my perspective is that these safeguards assure privacy protection and at the same time do not hamper our ability to produce foreign intelligence.
Oversight and transparency are also baked into the law. All three branches of the U.S. government have a role in the oversight of Section 702. In the legislative branch, the Congressional Intelligence and Judiciary Committees also provide stringent oversight of the program, routinely reviewing the government’s use of the authority. Within the executive branch, the Department of Justice and the Office of the Director of National Intelligence look at all 702 targeting, review potential compliance incidents and oversee other aspects of the program.
And of course, all of you, as members of the PCLOB, play an important role in the ongoing oversight of the program, particularly as it releases to the Board mission to ensure that the federal government’s efforts to prevent terrorism are balanced with the needs to protect privacy and civil liberties.
In the judicial branch, the Foreign Intelligence Surveillance Court plays a crucial role in overseeing NSA’s activities under FISA Section 702. The FISC is comprised of Supreme Court-appointed Article III judges and provides an expressed oversight in NSA’s use of the authority. In my personal opinion, the court applies great rigor in carefully considering all information bearing on lawfulness of the government’s activities authorized by Section 702.
It conducts a comprehensive review of the program every year, as well as, on a continual basis, ensuring incidents of noncompliance are addressed. Over the next year, we, in the Intelligence Community, will be working with our partners to ensure the immense value of FISA Section 702 and the civil liberties and privacy protections built into the authority are clear to Congress and the public. There will be conversation and debate. We welcome that.
Events such as this are an opportunity to engage directly with people who care about these critical issues. So, under Section 702, both national security and civil liberties and privacy are preserved and protected. It is an “and” and not an “or” that connects these two important goals. Neither is compromised for the other. 702 authorities provided exquisite foreign intelligence that is focused on non-U.S. persons outside the United States and specific invaluable insights that protect our nation, intelligence that cannot be obtained through other means.
These authorities are executed by trusted Intelligence Community personnel that are rigorously trained and certified, self-report when and if they make errors and operate under oversight from every branch of our government. This oversight provides the verification necessary to demonstrate the Intelligence Community’s lawful and appropriate use of Section 702, allowing us to carry out our crucial work while ensuring our rights as American citizens are protected. Thank you very much for the opportunity to talk with you about this important topic. I look forward to our forthcoming discussions.
(End of speech.)
Updated transcript Jan 17, 2023 to accurately reflect remarks.