The NSA has said that it is suspending collection of information under the controversial Section 702 of the Foreign Intelligence Surveillance Act that gives the NSA the ability to read your email if your email mentions a target of a FISA investigation and goes to someone outside the United States.

The National Security Agency said Friday that it had halted one of the most disputed practices of its warrantless surveillance program, ending a once-secret form of wiretapping that dates to the Bush administration’s post-Sept. 11 expansion of national security powers.

The agency is no longer collecting Americans’ emails and texts exchanged with people overseas that simply mention identifying terms — like email addresses — for foreigners whom the agency is spying on, but are neither to nor from those targets.

The decision is a major development in American surveillance policy. Privacy advocates have argued that the practice skirted or overstepped the Fourth Amendment.

The change is unrelated to the surveillance imbroglio over the investigations into Russia and the Trump campaign, according to officials familiar with the matter. Rather, it stemmed from a discovery that N.S.A. analysts had violated rules imposed by the Foreign Intelligence Surveillance Court barring any searching for Americans’ information in certain messages captured through such wiretapping.

This is a good start.

Abuses of Section 702 have been apparent for years. It allows law enforcement access to your personal electronic communications of all type so long as they can back into a FISA justification. To fully understand the domestic surveillance implications and the way Section 702 is now primarily a domestic law enforcement tool read this via Lawfare Blog:

The current rules are inadequate to prevent Section 702 information—gathered for foreign intelligence purposes—from being co-opted for domestic policing. Although ODNI created law enforcement use limits for Section 702 in 2015, these rules create broad, non-exclusive exceptions to the ODNI limits and only apply to in-court use of Section 702-derived evidence, with no limit on investigative use. In other words, at least in theory, an investigation for any crime could be built upon warrantless Section 702 surveillance that captured Americans’ communications.

The FBI Section 702 Minimization Guidelines give further credence these concerns. The FBI is permitted to use Section 702 data to open or support investigations of any federal crime, including nonviolent offenses, and the Guidelines state that it is an “encouraged practice” for FBI personnel to search potentially relevant and available databases, including FISA data, “in making an initial decision to open an assessment” of domestic criminal activity. Then-Privacy and Civil Liberties Oversight Board Chairman David Medine cautioned that even when “the FBI has absolutely no suspicion of wrongdoing … they’re just sort of entitled to poke around [in Americans’ communications obtained via Section 702] and see if something is going on.”

This idea that law enforcement can “poke around” and do anything with lawfully collected information is unreasonable and at odds with basic privacy rights. In passing Section 702, Congress created additional privacy risks for Americans; it did so for a specific foreign intelligence purpose and not with the expectation that a limited foreign intelligence tool would be used freely for domestic law enforcement, overriding stronger Congressional limits in that sphere. While the government disputes the notion that 702 information is frequently used for routine law enforcement, the FBI does not make those numbers publicly available. And the fact remains that under the existing statute the practice is perfectly legal.

Importantly, the FBI Minimization Guidelines only require that queries be designed to extract foreign intelligence information or criminal evidence, and do not limit use of terms that are likely to return sensitive or selective information.  The FBI Minimization Guidelines label religious, political, and media activities as “sensitive information,” but do not prevent targeted searching—the Guidelines permit retention, dissemination, and use of any “sensitive information” so long as it appears to be evidence of any crime, and do not comment on or in any way limit use of “sensitive information” as a query term.  This rule may prevent retention of non-illicit, embarrassing “dirt,” but it does nothing to prevent selective prosecution.  With the existing rules, language connected to protest organizations, religious groups, or press activity could be the basis of a keyword search. This could serve as a “sifting tool” to target groups, facilitating the opening or support of criminal investigations against members of those groups who might be engaged in any illicit activity. The attendant risks of court disclosure of sensitive intelligence information may provide some practical limitations against low-level crimes. The primary method for that limitation, however, are notice requirements to the defendant when the government uses 702 information court. In the past, the Department of Justice had maintained that derivative evidence from 702 did not trigger the notice requirement at all. While that policy has been changed, it is entirely possible the prior interpretation could be restored without public knowledge.

And efforts by criminal defense attorneys to uncover and challenge such derivative use of Section 702 will be strongly limited by two factors. First, the government could reintroduce parallel construction tactics to obscure the potential role in Section 702 in an investigation, as the Drug Enforcement Agency systemically did to hide its use of Intelligence Community intercepts to launch criminal investigations. Second, the Department of Justice could imitate its “stingray strategy,” whereby for years it blocked challenges against the use cell-site simulators in investigations through careful concealment tactics and dropping cases where stingray use was most likely to be revealed and challenged.

The last graf of my first pullquote says this is not related to the current unmasking kerfuffle. Don’t believe that for a second.

Section 702 is up for reauthorization this fall. The widespread abuse of Section 702 surveillance has been apparent for years and yet the law was sailing towards reauthorization with only a few people, like Rand Paul, opposing it. Then Mike Flynn happened. Then Carter Page happened. And a lot of members of Congress got a very quick and ugly lesson on how a lawless administration can use FISA as a political tool. What was once a slam dunk is now looking problematic. The NSA voluntarily stopping Section 702 surveillance is their way of telling Congress that if you will just trust us in the future we will be more responsible than we were in the past.

Congress needs to act. In theory, Section 702 can be tailored to prevent the abuses that have happened. In reality, the temptation to use FISA as a law enforcement tool will always be too strong to be resisted. Americans should be immune from warrantless surveillance. Period. Full stop. Using personal electronic communications obtained under the color of an intelligence investigation should be illegal and people should go to jail when they do it.