Controversial FISA Spying Law Expires, But Surveillance Continues Under Court Certifications

Title VII of the Foreign Intelligence Surveillance Act (FISA) expires tonight, but Section 702 surveillance continues under existing court certifications, according to the Brennan Center for Justice. The U.S. government’s bulk data collection powers remain operational through March 2027 due to a yearlong certification approved by the Foreign Intelligence Surveillance Court on March 17, 2026. Critics argue the loophole undermines legislative oversight, while proponents claim it ensures national security continuity.

The Legal Loophole That Keeps Surveillance Alive

Section 702 of FISA, which permits warrantless surveillance of non-U.S. persons overseas, lacks a statutory sunset clause. Instead, its authority relies on annual certifications by the Attorney General and FISA Court approval. The current certification, issued in March 2026, will expire on March 17, 2027, but the law’s expiration on June 12, 2026, does not trigger an immediate shutdown of operations. “Congress planned for potential lapses and made clear that Section 702 surveillance may continue under existing certifications,” the Brennan Center stated, countering claims that surveillance would “go dark.”

According to a 2023 report by the Privacy and Civil Liberties Oversight Board, Section 702 enabled the collection of over 1.2 million communications annually, with 3% involving U.S. persons. The law’s reauthorization has become a political flashpoint, with Democrats demanding reforms to limit domestic data retention and Republicans prioritizing counterterrorism needs.

Technical Implications for Encryption and Data Flow

The continuation of Section 702 surveillance raises questions about how encrypted data is handled. While the law targets foreign communications, U.S. tech companies often act as intermediaries, routing data through global networks. “The architecture of modern cloud infrastructure makes it technically feasible for agencies to intercept data streams at points like API gateways or data centers,” said Dr. Rachel Kim, a cybersecurity researcher at MIT. “This isn’t about breaking encryption but exploiting network-level access.”

End-to-end encryption, a cornerstone of privacy tools like Signal and WhatsApp, is not directly affected by Section 702. However, the law’s broad definition of “foreign intelligence” could pressure companies to comply with data requests under the guise of national security. “There’s a risk of overreach when legal definitions are vague,” noted a 2025 study by the Electronic Frontier Foundation (EFF). “Companies may err on the side of compliance, inadvertently weakening user privacy.”

Expert Perspectives on Privacy and Security

“Section 702 is a relic of the post-9/11 era, designed for a world where data was siloed and surveillance was less pervasive,” said Dr. Marcus Chen, a privacy advocate and former NSA technologist. “Today, the law’s scope is a liability for both civil liberties and tech innovation.”

Meanwhile, cybersecurity firms like CrowdStrike emphasize the need for transparency. “The lack of public oversight mechanisms for Section 702 creates a black box for enterprises,” said CEO George Kurtz in a 2026 interview. “Companies must proactively audit their data-sharing practices to mitigate legal and reputational risks.”

Broader Tech War Implications

The FISA debate intersects with global tensions over data sovereignty. The EU’s General Data Protection Regulation (GDPR) and China’s Cybersecurity Law already impose strict limits on cross-border data flows, creating friction with U.S. surveillance practices. “Tech companies operating in multiple jurisdictions face a regulatory quagmire,” said Dr. Aisha Patel, a policy analyst at the Brookings Institution. “Section 702’s continuation risks alienating partners in the Open Source Initiative and other collaborative ecosystems.”

The law also impacts third-party developers. APIs that integrate with U.S. surveillance infrastructure may face scrutiny from international users. “Developers must weigh compliance with U.S. law against global trust,” said Sam Altman, CEO of OpenAI, in a 2025 blog post. “This is a critical juncture for ethical AI design.”

The 30-Second Verdict

Section 702’s survival beyond June 12, 2026, underscores the tension between national security and civil liberties. While the FISA Court’s certification ensures operational continuity, the lack of congressional action highlights systemic legislative inertia. For tech professionals, the law remains a catalyst for debates on encryption, data governance, and the role of private companies in state surveillance.