FBI boss: Congress must renew Section 702 spy powers – that's how we get nearly all our cyber intel

Nearly all of the FBI's technical intelligence on malicious "cyber actors" in the first half of this year was obtained via Section 702 searches, according to FBI Director Christopher Wray.

Section 702 of the Foreign Intelligence Surveillance Act, introduced in 2008 on national security grounds, primarily allows the Feds to snoop on foreigners' overseas electronic communications — but sometimes Americans get caught in the surveillance dragnet, too. Even US senators, as we discovered last week.

With the controversial FISA amendment set to expire at the end of the year, unless Congress reauthorizes the snooping clause, Wray has been making the rounds and delivering the same message: the FBI "cannot afford to lose" Section 702. 

The spying powers granted by Section 702 are "absolutely vital" role in preventing cyberattacks targeting US organizations and individuals, according to Wray, and allowed the FBI to confirm who was behind that Colonial Pipeline cyberattack.

Section 702 also identified an attempt by Chinese spies to compromised an unnamed US transportation hub, and "saved a US nonprofit from an Iranian ransomware attack last year and recovered their stolen information so they didn't have to pay a ransom at all," Wray said during his July 26 keynote at the FBI Atlanta Cyber Threat Summit.

"Section 702 is critical to our ability in particular to obtain and action cyber intelligence," Wray said. "With 702, we can connect the dots between foreign threats and targets here in the US, searching information already lawfully within the government's holding so that we can notify victims who may not even know they've been compromised, sometimes warning them even before they get hit." 

The first half of this year, 97 percent of our raw technical reporting on cyber actors came from Section 702

"You might be surprised to hear that malicious cyber actors have accounted for over half of our Section 702 reporting," Wray added on Wednesday.

"The first half of this year, 97 percent of our raw technical reporting on cyber actors came from Section 702. That's all intelligence we can action through threat alerts and defensive briefings; intelligence we use to help cyber victims."

This actionable threat intel, he said, helped the FBI recover most of the $4.4 million ransom that Colonial Pipeline paid after its IT systems were hit by extortionists in 2021. It also "preventing the loss of millions, possibly billions of dollars," by foiling that aforementioned Beijing-backed plan to breach a transportation hub, Wray added, though he didn't provide specific details about the attempt.

Identifying these intrusion efforts via S. 702 were critical in "avoiding widespread transit disruptions, and most importantly, keeping the American public safe," Wray said.

• Just declassified: US senator caught up in Section 702 FBI surveillance dragnet
• US senators and spies spar over Section 702 warrantless surveillance
• Proposed ban on data brokers selling warrantless personal info to Feds revived
• FBI: FISA Section 702 'absolutely critical' to spy on, err, protect Americans

"Those of you who know me know that I'm not the kind of guy that is prone to overstatement," he added. "So when I say it's vital, it's not helpful, it's not important: it's vital."

Wray didn't mention the flipside of Section 702: the FBI has routinely abused this snooping power, according to previously classified court opinions released this summer.

The bureau misused its warrantless surveillance abilities more than 278,000 times between 2020 and early 2021 to conduct searches on George Floyd protesters, January 6 rioters who stormed the Capitol, and donors to a Congressional campaign, according to one of the court opinions.

Despite a full-court PR campaign from law enforcement, lawmakers have indicated that they are unlikely to reauthorize Section 702 without adding some safeguards to protect people's privacy.

On July 21, Wray wrote a letter [PDF] to US House Speaker Kevin McCarthy (R-CA) in which he gave that same 97 percent figure to underline "the value of Section 702 to protect Americans and the Homeland."

Moving on to China and AI…

Also during the keynote address, Wray called out the threat posed by China building a huge AI-powered system to drive cyberattacks.

"It's got a bigger hacking program than that of every major nation combined, and it has stolen more of our personal and corporate data than every nation big or small, combined," Wray said, repeating the 50 Chinese cyber-spies for every one FBI analyst stat he's noted in previous talks.

Plus, the fact that China has amassed all of this information belonging to US businesses and ordinary folks means it poses "double" the threat when it comes to using AI for evil.

China "has already spent years stealing both our innovation and massive troves of data that turns out to be perfect for training machine learning models," Wray said. "And now they're in a position to close the cycle, to use the fruits of their widespread hacking to power with AI even-more-powerful hacking efforts." ®