US Warrantless Surveillance Law Lapses for First Time

The US law allowing warrantless surveillance of foreign targets has temporarily lapsed, creating a significant gap in government intelligence gathering.

US lawmakers have allowed a critical surveillance authority to expire temporarily. Section 702 of the Foreign Intelligence Surveillance Act (FISA), which lets agencies collect communications from foreign targets without a warrant, lapsed after Congress failed to vote on its extension. This is the first time the program has been suspended since its 2008 inception. The law is a primary tool for gathering foreign intelligence, and its shutdown puts some monitoring on hold. The failure to pass an extension stems from deep divisions over the program's scope and its potential to incidentally collect data from American citizens.

This lapse creates uncertainty for tech companies, especially those with international operations. For CISOs and legal teams, it highlights the volatile legal landscape of government data access. Section 702 has long been a contentious point in data-sharing agreements like the EU-US Data Privacy Framework. Any interruption to the law impacts compliance obligations and risk assessments for businesses handling user data across borders. While the suspension is likely short, it shows that legal foundations for data handling can shift unexpectedly. Companies must remain vigilant about how these legislative battles affect their duty to protect customer data while complying with government demands.

The future of Section 702 remains in flux as Congress prepares for another vote. A renewal is expected, but the debate over reforms is far from over. Privacy advocates and some lawmakers are pushing for new restrictions, such as requiring a warrant to search the database for information on US citizens. This temporary shutdown could strengthen their negotiating position. For business and security leaders, the key is to monitor these developments closely. The outcome will not only determine the program's future but also set a precedent for the balance between national security and privacy in the digital age.

The temporary lapse of a major US surveillance law creates legal uncertainty for companies handling international data, impacting compliance and risk management for government data access.

Companies with international operations or data flows face increased legal and compliance ambiguity. The event underscores the risk of sudden changes in surveillance laws, which can affect data-sharing agreements and data privacy obligations.