Using the Current FISA Reauthorization Debate to Close the Data Broker Loophole and Introduce Relational Data Governance Over Mass Surveillance Programs

Michael Moran

 

With the upcoming sunset of Section 702 of the Foreign Intelligence Surveillance Act (FISA), congressional debate weighing national security and surveillance capabilities against civil liberties has returned, emerging around the capital like cicadas with increasing volume and urgency.[1] Amidst increasingly ubiquitous surveillance applied both at home and abroad, the “data broker loophole” has attracted particular scrutiny from lawmakers and privacy advocates.[2] This loophole allows law enforcement and intelligence agencies to circumvent a warrant requirement by purchasing commercially available personal data. At a time of heightened state surveillance capability and documented governmental data aggregation[3], introducing elements of Salomé Viljoen’s relational theory of data governance could constructively restructure this debate, weighing public safety needs against the collective harm of surveillance programs.

Current debates around FISA are still rooted in historical comparisons of public safety against individual data rights, but reframing that debate to consider these rights collectively may lead to a more durable solution.[4] Viljoen’s framework for data governance calls for a population-level lens of surveillance harm, and democratic mechanisms to evaluate privacy and data rights and uses in a more inclusive and responsive manner.[5] Reforms to increase transparency and advocacy in the Foreign Intelligence Surveillance Court (FISC), alongside the introduction of a data-governance entity, standalone, or within the FTC, could facilitate societal conversations around surveillance, rebuild public trust, and avoid the high stakes, all-or-nothing reauthorization cycles we face today.

In this article, I first define the data broker loophole in the context of FISA reauthorization and then outline the fundamentals of Viljoen’s relational theory of data governance. Next, I address why focusing on closing data pipelines or data broker loopholes is insufficient alone, without accompanying reforms that incorporate relational data governance. I then briefly propose some institutional reforms to incorporate democratic mechanisms into existing foreign surveillance oversight.

I. The Data Broker Loophole, FISA & Proposed Solutions

Protections against overly broad surveillance are rooted in the unreasonable searches and seizure suffered by American colonists, and embedded in the Bill of Rights by the founders. The Fourth Amendment requires the government to obtain a warrant before accessing personal data when an individual reasonably expects that information to be private.[6] In 1979, the Supreme Court opened the back door to allow warrantless searches, establishing the third-party doctrine: if a data subject shares personal information, including business records, with a third party, they retain no reasonable expectation of privacy and therefore surrender Fourth Amendment protection.[7] As the Court entered the digital age where sharing data is necessary to participate in modern society, their decision in Carpenter v. United States recognized the growing third-party loophole, and how technological innovations allowed mass surveillance to capture highly sensitive information.[8] In his dissent, Justice Gorsuch questioned whether metadata collected passively, such as IP addresses or location pings, was truly “willingly” shared.[9] Justices also noted that a comprehensive collection of a week’s worth of location data permitted inferences into intimate details never intended to be disclosed to a cell phone provider, nor necessarily shared for the conduct of business.[10]

Partially in response to that warrant requirement, a market solution emerged for intelligence and law enforcement agencies to sidestep the Fourth Amendment using data brokers. Data brokers are companies that collect, assemble, and analyze data.[11] Collection methods can include scraping public records and publicly available social media pages, purchasing metadata, or other less transparent means to acquire data that may be anonymized or individually worthless in isolation.[12] With sufficient datasets, data brokers can build detailed customer profiles and generate inferences through algorithmic analysis.[13] These valuable outputs can then be sold on multiple times, to buyers like the FBI, DHS, and other government agencies who do not need to pursue a warrant for this legally purchased third-party data.

Legislative protections reacting to technological developments and surveillance scandals have placed limitations around bulk data collection and dragnet surveillance programs, but have not closed this loophole. The Electronic Communications Privacy Act (ECPA) of 1986 restricts telecom carriers, internet service providers, and social media platforms from voluntarily disclosing the contents of consumer communications; however, non-content information like subscriber data and communication metadata receives less stringent protection.[14] The Stored Communications Act, a component of the ECPA, generally prohibits providers from sharing even non-content information with the government, but allows disclosure to non-governmental entities, with data brokers serving as a data-laundering intermediary. [15] Due to broad executive powers related to national security, the ECPA also includes wide carve-outs for foreign intelligence gathering.[16]

1. The Foreign Intelligence Surveillance Act (FISA)

FISA was enacted in 1978, following Nixon-era surveillance abuses exposing warrantless surveillance of individuals within the U.S., justified under foreign intelligence collection.[17] The Act created the FISC to oversee intelligence gathering, including electronic surveillance and compelled production of tangible things such as business records.[18] The FISC is comprised of Article III judges and holds ex parte proceedings: the target of surveillance is not informed of the procedure, although electronic service providers may petition to challenge a production.[19] The court relies on a “heightened duty of candor”, expecting the government to thoroughly investigate and transparently outline surveillance practices and risks to U.S. citizen privacy rights.[20] Amendments to FISA, such as the USA FREEDOM Act of 2015, now allow court-appointed independent amici curiae to assist the court in novel or significant interpretations of law. ^[21] The Act also banned warrantless bulk collection of business record data, including telecom metadata previously authorized under Section 215 of the PATRIOT Act.[22]

Section 702 of FISA was first enacted in 2008 to authorize the warrantless surveillance programs of non-U.S. persons abroad for foreign intelligence purposes.[23] The intelligence community cannot target Americans, but surveillance programs incidentally (and perhaps intentionally) may collect communications of Americans abroad, or Americans communicating with foreigners at home or abroad.[24] The FISC is tasked with reviewing surveillance programs, to ensure government targeting procedures comply with Fourth Amendment protections and minimize collection and retention of non-public information about U.S. persons.[25] Section 702 has been designed to sunset periodically, which has led to recurring and truncated congressional conversations acknowledging surveillance overreach, and the incidental collection of U.S. persons data before last minute reauthorization.[26] In 2024, during the most recent reauthorization debates, closure of the data broker loophole and introduction of additional oversight by the Department of Justice and the Privacy and Civil Liberties Oversight Board (PCLOB) were considered, but abandoned. [27] Ominously, that reauthorization expanded FISA surveillance authority to include immigration vetting[28], likely contributing to heightened incidental U.S. person data collection. As the current sunset clause of April 10, 2026 approaches and the same debates return, relational data governance is an appealing offramp to establish more fruitful conversations about durable solutions to surveillance and security.

II. A Relational Theory of Data Governance & FISA Reform

In “A Relational Theory of Data Governance”, Salome Viljoen posits that current privacy reforms erroneously center data governance on individual data subject rights along a vertical axis between data subject and data collector. This fails to consider the horizontal impact of data relationships, which may include incidental or unanticipated harm to individuals, and unaddressed population-level priorities for data collection and use. Viljoen refers to these failures as problems of sociality and legitimacy.[29]

To introduce horizontal relations of data, Viljoen uses vignettes involving individuals who have no existing connection to one another in the real world, yet a unilateral decision produces unanticipated consequences for the other. An individual may share a photo of their tattoo on social media, or inadvertently allow their phone to track their location while checking the weather. Regardless of intention, once collected by a data broker, that personal data may be used to create a behavioral profile, or train an inferential algorithm. Law enforcement could then buy the output from metadata that would require a warrant to collect, and target tertiary individuals, with no relation to the first individual.[30] In another prescient vignette, Viljoen outlines how law enforcement partnerships with Ring cameras create unrepresented interests and racially distinct harms to neighbors.[31]

1. The Problem of Sociality

These vignettes expose what Viljoen calls the problem of sociality: current privacy and surveillance reforms look at the targeted individual, but surveillance of one person, through proximity or algorithmic inference, affects additional people who may have never consented nor known they were implicated. Individual-rights reforms seek to cut off flows of data from a particular subject, missing a point already well understood by surveillance capitalists: data is most valuable not as isolated facts about one person, but as a relational resource from which behavioral and social inferences can be discovered and mined on a population scale.[32]

2. The Problem of Legitimacy

When governments purchase data broker dossiers, they acquire not just intelligence on individuals but a form of relational power over entire populations.[33] Proponents of Section 702 argue that this power is a strategic necessity because bad actors are already harvesting and weaponizing such data.[34] This argument reinforces what Viljoen refers to as the problem of legitimacy: all parties are seeking what could become a coercive power, without any public discussion to determine what legitimate uses and limitations exist.[35] Viljoen proposes a “data as democratic medium” (DDM) framework that manages data as a collective resource, organized similarly to a public utility.[36] As taxpayers, citizens are funding the assembly of massive datasets with predictive power; citizen stewardship may impose meaningful restraints or redirection towards societal priorities when necessary. [37] The concentration of inferential capacity, insulated from democratic debate, poses real and perceived threats to institutional trust in surveillance agencies and our democracy at large. By facilitating a more open and inclusive decision-making data governance regime, citizens become informed stakeholders, not simply data producers or surveillance targets.

III. Why Current Reforms Fall Short

The pending Government Surveillance Reform Act (GRSA)[38], and stalled Fourth Amendment Is Not For Sale Act^[39], and comparable state data-broker reforms represent well-intentioned attempts to close the loophole, but they share a common flaw: they are responsive to, and reinforce the individual-rights model that Viljoen identifies as inadequate. Some individual harms may be curbed, but through sociality, mass surveillance will present new problems, and lacking a legitimate data governance framework, some new loophole, technological innovation, or spying scandal will force Congress back into truncated and tired debates.

In 2024, Congress considered the Fourth Amendment Is Not For Sale Act, which would prohibit law enforcement and intelligence agencies from buying personal data they would otherwise need a warrant, court order, or subpoena to obtain. ^[40] In addition to the purchase prohibition, this year’s GRSA introduces accountability and transparency reforms, expanding the role of amici in the FISC to include greater access and appellate capability, and requiring the PCLOB to publish disparate impact reports on surveillance activities. ^[41] The bill also addressed a related “backdoor search” loophole, which permitted law enforcement to broadly expand searches, intruding upon protected information such as communications or geolocation information.^[42]

State-level responses have focused on breaking the vertical data flow from subject to broker to government, by restricting the sale of sensitive data, or banning government purchase of data that would require a warrant.^[43] These reforms are positive developments, but alone, are insufficient to disrupt the cyclical and reductively vertical private/public debate between data subject and surveillant that erupts every time a FISA provision nears expiration.

1. Sociality

The majority of FISA and Data Broker Loophole reforms seek to turn off the flow of data. This sort of vertical intervention will likely prompt evolution or obfuscation of data flows, resulting in new forms of surveillance and new horizontal harms that will go unaddressed without wider data governance reform. Data brokers will not be bankrupted by an individual opting out under notice-and-consent regimes, and intelligence agencies have demonstrated little restraint in crossing legal borders or exploiting creative loopholes in pursuit of mass surveillance.^[44] State-level registration regimes or even blanket prohibitions are geographically bounded, and also contain no mechanism for evaluating or limiting downstream inferential use.[45] A broker registered in California may sell a dossier assembled partially from Nevada residents’ data, which a federal agency can then de-anonymize based on incidental collection of personal data during surveillance along the Mexican border. Prohibiting government purchase of data does not prohibit the aggregation of that data in private hands, and then the creation of a public-private conglomerate dataset. Relatedly, the introduction of AI and increasing opacity of algorithmic inferences complicate the identification of data supply chains.[46] Therefore, data brokers may obfuscate or allow agencies willful ignorance about data sources, burying a claim of reverse targeting of U.S. citizens, or illegal purchase of data without a warrant.

2. Legitimacy

Regarding efforts to address legitimacy, most FISA reforms operate within the same vertical paradigm: they add procedural safeguards to the relationship between the government and a targeted individual, either through surveillance program approval by the FISC or periodic review by PCLOB. The operational structure of Section 702, requiring FISC authorization of data collection programs, instead of approval of individual targets, suggests that mass surveillance is a government-wide project, demanding public articulation of legitimate and illegitimate surveillance activities.[47] Section 702 reforms to the FISC have increased representation through amicus roles, but the court still lacks any mechanism to consider the population-level interests of the communities surveilled or to anticipate horizontal harms. Past promises of increased transparency amidst reforms to the FISC and PCLOB have been reneged on, degrading trust.[48] PCLOB currently functions as a belated whistleblower, which fuels the fire of reauthorization conversation without providing substantial restraint to prevent surveillance abuses.[49] Absent significant structural reforms, unaddressed surveillance harms will continue to stress and destabilize existing data governance structures, leading to pendular surveillance programs and a nadir of public trust.

IV. Proposed Reforms to Review Surveillance in a Relational Framework

The pending Section 702 reauthorization debate is an opportunity to introduce structural changes that move beyond the individual-rights paradigm to a more durable and inclusive conversation on societal expectations around surveillance. The following proposals draw on Viljoen’s relational framework and range from minor improvements to more transformative suggestions.

1. Strengthening the FISC Amicus and Transparency Functions

The most immediately attainable reform builds on the amicus curiae mechanism as proposed by the GSRA. Currently, the court-appointed amicus role is limited and reactive.[50] Congress should expand it to include standing amici, as “special advocate” representing civil liberties organizations and communities historically subject to disproportionate surveillance, such as immigrants, or racial justice groups.[51] These voices would inject horizontal, population-level perspectives into proceedings that could stand in as a quasi-adversary. Public submission of amicus briefs on novel legal questions, with appropriate classified carve-outs, would further democratize the court’s interpretive process. Alongside the amicus reform, FISC should be required to publish meaningful summaries of its legal holdings in a form comprehensible to the general public. The court has resisted transparency on national security grounds, but the binary choice between full secrecy and full disclosure is false.[52] Descriptive summaries of targeting criteria, minimization standards, and Fourth Amendment interpretations would allow citizens to exercise informed judgment about the surveillance they are funding, without undermining surveillance gathering activities. Citizens must understand what civil liberties are being traded in the name of their safety, to assert their rights, and instill trust in their government.

2. An Empowered Federal Privacy and Surveillance Oversight Agency

More ambitiously, Congress should empower the Federal Trade Commission or a new dedicated agency to function as the kind of collective data steward Viljoen envisions. This body would establish and enforce conditions on the purchase, aggregation, and secondary use of commercially available personal data. It could require data brokers and surveillance agencies to conduct and publish impact assessments identifying relational and inferential harms, with mitigation strategies to limit collateral surveillance harms. And it would maintain a formal public-comment process for surveillance norm-setting, analogous to notice-and-comment rulemaking, to give affected communities a venue to raise concerns and an alarm before irreversible harm occurs. [53] Such an agency would not supplant the FISC or PCLOB but would complement them, setting baseline rules for the data marketplace that FISC-approved surveillance programs operate within, rather than around.

The data broker loophole persists in part because there is no regulatory body with both the jurisdiction and the mandate to evaluate the societal consequences of the secondary market in personal data. With increasingly sophisticated and novel uses of personal data, a functioning reporter and regulator are necessary to ensure an informed and engaged public ready to consider the next loophole.

Viljoen’s framework suggests other possible structural changes to mass surveillance programs that current political conditions make unlikely. [54] In the absence of legislative action, industry self-regulatory standards could apply pressure towards baseline accountability, but such arrangements remain unenforceable and have a poor track record in the surveillance sector. [55]

V. Conclusion and Criticism

Considering the data broker loophole through a relational lens is an opportunity, as part of the privacy versus surveillance argument that recurs every several years, like those cicadas. Individual opt-outs and purchase prohibitions will not produce stable surveillance norms; just another time capsule capturing the orientation of the day. Building durable institutional oversight capable of holding a genuine societal conversation about collective interests in data use offers a more honest reckoning with what is actually at stake when intelligence agencies purchase their way around the Fourth Amendment. This may not lead us to any greater consensus, but increased citizen agency to develop the kind of informational society we collectively want to inhabit.

 

[1] Cicadas are large winged insects, endemic to D.C., that spend most of their lives underground, but emerge every 13 or 17 years, depending on the species, creating a cacophony of buzzing sounds. Periodical Cicadas, Smithsonian Nat’l Museum of Nat. Hist., https://naturalhistory.si.edu/education/teaching-resources/life-science/periodical-cicadas (last visited Mar. 27, 2026).

[2] Jake Laperruque, Section 702 Reauthorization Must Close the Data Broker Loophole, Ctr for Democracy & Tech. (March 20, 2026), https://cdt.org/insights/section-702-reauthorization-must-close-the-data-broker-loophole/.

[3] Nicole Alvarez, The Trump Administration is Using American’s Sensitive Data to Build a Digital Watchtower, The Ctr. for Amer. Progress (Aug. 25, 2025), https://www.americanprogress.org/article/the-trump-administration-is-using-americans-sensitive-data-to-build-a-digital-watchtower/.

[4] Fred E. Inbau, More About Public Safety v. Individual Civil Liberties, 89 J. Crim. L. & Criminology 1421 (1999).

[5] Salome Viljoen, A Relational Theory of Data Governance, 131 Yale L.J. 573, 586 (2021).

[6] U.S. Const. amend IV. See also Katz v. United States, 289 U.S. 347 (1967).

[7] Smith v. Maryland, 442 U.S. 735, 744, (1979). Some cases and scholars have questioned whether “knowingly” or “voluntarily” disclosing the information is a lost element of third-party doctrine. See Kyllo v. United States, 533 U.S. 27, 42 (2001); Orin S. Kerr, The Case for the Third-Party Doctrine, 107 Mich. L. Rev.

. 561, 588 (2009).

[8] Carpenter v. United States, 585 U.S. 296, 316 (2018) (demanding a warrant for dragnet surveillance of historical cell-site location information (CSLI)).

[9] Id. at 389 (Gorsuch, J., dissenting).

[10] Id. at 337 (Kennedy, J., dissenting).

[11] Emile Ayoub & Elizabeth Goitein, Closing the Data Broker Loophole, Brennan Ctr. for Just. (Feb. 13, 2024), https://www.brennancenter.org/our-work/research-reports/closing-data-broker-loophole.

[12] Id. See also Alfred Ng and Jon Keegan, Who is Policing the Location Data Industry? The Markup (Feb. 24, 2022), https://themarkup.org/the-breakdown/2022/02/24/who-is-policing-the-location-data-industry (reporting that data brokers have encouraged app developers to embed code to siphon user data, leading to app stores to become de facto regulators).

[13] Robert Mackey, Kash Patel Admits Under Oath FBI is Buying Location Data on Americans, The Guardian (Mar. 18, 2026), https://www.theguardian.com/us-news/2026/mar/18/kash-patel-fbi-location-data.

[14] See Ayoub & Goitein, supra note 11.

[15] 18 U.S. Code § 2702 Stored Communications Act (a)(3), (c)(6).

[16] 18 U.S. Code § 2517 Electronic Communications Privacy Act (2(a)(iii)(f).

[17] Andreas Kuersten, Cong. Rsch. Serv., R48592, FISA Section 702 and the 2024 Reforming Intelligence and Securing America Act (2025) https://www.congress.gov/crs-product/R48592#_Toc202965548.

[18] Lizzie Evanko, FISA and the USA PATRIOT Act: Reforms and Legal Implications, 3 Prin.L.J.F. 53, (Spring 2023) https://legaljournal.princeton.edu/fisa-and-the-usa-patriot-act-reforms-and-legal-implications/

[19] Foreign Intelligence Surveillance Court, Elec. Privacy Info. Ctr, https://epic.org/foreign-intelligence-surveillance-court-fisc/ (last visited Mar. 28, 2026).

[20] Dia Kayyali, What You Need to Know About the FISA Court – And How it Needs to Change, Elec. Frontier Found. (Aug. 15, 2014), https://www.eff.org/deeplinks/2014/08/what-you-need-know-about-fisa-court-and-how-it-needs-change.

[21] See Elec. Privacy Info. Ctr., supra note 19.

[22] Id.

[23] The Government Surveillance Reform Act Returns with Strong Support in Both Houses of Congress, Project for Privacy and Surveillance Accountability (Mar. 16, 2026), https://www.protectprivacynow.org/news/the-government-surveillance-reform-act-returns-with-strong-support-in-both-houses-of-congress.

[24] ‘Incidental,’ Not Accidental, Collection, Elec. Frontier Found. (last updated Mar. 27, 2026), https://www.eff.org/pages/Incidental-collection.

[25] See Elec. Privacy Info. Ctr supra note 19.

[26] Matthew Guariglia, The SAFE Act is an Imperfect Vehicle for Real Section 702 Reform, Elec. Frontier Found. (Mar. 9, 2026). https://www.eff.org/deeplinks/2026/03/safe-act-imperfect-vehicle-real-section-702-reform.

[27] See Kuersten, supra note 17.

[28] Guariglia, supra note 26.

[29] Viljoen, supra note 5 at 582.

[30] Immigration and Customs Enforcement (ICE) has purchased cell-phone location data from a broker whose code is embedded in a weather app and use those inferences to track and detain individuals. See Paul Blest, ICE is Using Location Data from Games and Apps to Track and Arrest Immigrants, Report Says, Vice News

(Feb. 7, 2020). https://www.vice.com/en/article/ice-is-using-location-data-from-games-and-apps-to-track-and-arrest-immigrants-report-says/.

[31] Viljoen, supra note 5 at 616; and see Jon Chase, Ring Denies Rumors That Its Footage Is Used by ICE. Here’s What to Know, N.Y. Times (Updated Feb. 13, 2026), https://www.nytimes.com/wirecutter/reviews/ring-cameras-ice-what-to-know/.

[32] See generally, Shoshanna Zuboff, The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power (PublicAffairs, 2019).

[33] Viljoen, supra note 5 at 635.

[34] Chris Inglis and Jeff Kosseff, In Defense of FAA Section 702 An Examination of its Justification, Operational, Employment, and Legal Underpinning,  A Hoover Institution Essay Aegis Paper Series No. 1604   www.hoover.org/sites/default/files/research/docs/ingliskosseff_defenseof702_final_v3_digital.pdf

[35] Viljoen, supra note 5 at 635.

[36]  Id. at 583.

[37] Viljoen at 644 argues for the circulation of public databases, for dataset use in research and education, meanwhile Customs and Border Protection has entered into contracts with a data broker totaling over two million dollars. See Anika Venkatesh & Lauren Yu, News & Commentary: DHS is Circumventing Constitution by Buying Data It Would Normally Need a Warrant to Access, ACLU (January 12, 2026), https://www.aclu.org/news/privacy-technology/dhs-is-circumventing-constitution-by-buying-data-it-would-normally-need-a-warrant-to-access.

[38] See Press Release, Rep. Zoe Lofgren, Lofgren, Davidson, Wyden, and Lee Introduce Bipartisan FISA Reform Bill to Protect Americans’ Constitutional Rights (Mar. 13 2026),https://lofgren.house.gov/media/press-releases/lofgren-davidson-wyden-and-lee-introduce-bipartisan-fisa-reform-bill-protect.

[39] Press Release, Surveillance Hawks in Senate Block USA FREEDOM Act Surveillance Reform Bill, New America (May 23, 2015), https://www.newamerica.org/insights/surveillance-hawks-in-senate-block-usa-freedom-act-surveillance-reform-bill/.

[40] Don Bell, Fact Sheet: Closing the Data Broker Loophole, Project on Gov. Oversight (Jan. 12 2026), https://www.pogo.org/fact-sheets/fact-sheet-closing-the-data-broker-loophole

[41]See Lofgren, supra note 38.

[42] Project for Privacy and Surveillance Accountability, supra note 23.

[43] See e.g. Montana’s new law preventing state purchase of “electronic communications”, “contents of electronic communications” “precise geolocation data” or other “sensitive data” or a recently defeated Maine bill to prevent the sale of geolocation data. “Granted, this still leaves 49 states, plus every federal agency, free to exploit a constitutional loophole by using taxpayer money to spy on taxpayers.” Joe Lancaster New Montana Law Blocks the State From Buying Private Data To Skirt the Fourth Amendment, Reason (May 16, 2025),

https://reason.com/2025/05/16/new-montana-law-blocks-the-state-from-buying-private-data-to-skirt-the-fourth-amendment/; Christian Harsa, Maine House Approves Newly Amended Data Privacy Bill, Rejecting Senate Version, News Center Maine (March 26, 2026), https://www.newscentermaine.com/article/news/local/data/maine-house-data-privacy-bill-reject-senate-version/97-20a2d212-8da3-431b-b15a-b9bcd4bbbdc8.

[44] Viljoen, supra note 5.

[45] Id.

[46] Beth Stackpole, Ideas Made to Matter: Bringing Transparency to the Data Used to Train Artificial Intelligence, MIT Sloan Sch. of Mgmt. (Mar. 3, 2025), https://mitsloan.mit.edu/ideas-made-to-matter/bringing-transparency-to-data-used-to-train-artificial-intelligence.

[47] See Kuersten, supra note 17.

[48] Dustin Volz, NSA Backtracks on Sharing Number of Americans Caught in Warrant-Less Spying, Reuters

(June 12, 2017) https://www.reuters.com/article/us-usa-intelligence/nsa-backtracks-on-sharing-number-of-americans-caught-in-warrant-less-spying-idUSKBN19031B/

[49] Noah Chauvin, Analysis: Privacy and Civil Liberties Oversight Board Embraces Surveillance Reforms, Brennan Ctr. for Just. (Oct. 12, 2023), https://www.brennancenter.org/our-work/analysis-opinion/privacy-and-civil-liberties-oversight-board-embraces-surveillance-reforms

[50] Chris Baumohl, Reforming 702: Strengthening FISA Amici, Elec. Privacy Info. Ctr (Mar. 2, 2023), https://epic.org/reforming-702-strengthening-fisa-amici/

[51] Id.

[52] Charlie Hogle & Alex Abdo, News & Commentary: The Public Should Have Access to the Surveillance Court’s Opinions, ACLU (Apr. 20, 2021), https://www.aclu.org/news/free-speech/the-public-should-have-access-to-the-surveillance-courts-opinions.

[53] Alternatively, a citizen’s panel could fill this role, as recommended by former Facebook product leader, and Asana co-founder Justin Rosenstein. Justin Rosenstein, I Helped Build Facebook and Saw It Go Wrong. AI is headed the same way. Fortune (Mar. 29, 2026), https://fortune.com/2026/03/29/regulation-ai-social-media-mistakes-of-facebook-social-media/?abc123

[54] Access parity, radical transparency similar to Estonian blockchain, Common Carrier/Public Utility

[55] Press Release, Intelligence Community Published a Framework in May 2024 for Oversight of Commercially Available Information, But It is Unclear Whether the Framework is Still in Place, ODNI
(May 8, 2024), https://www.dni.gov/index.php/newsroom/press-releases/press-releases-2024/3815-odni-releases-ic-policy-framework-for-commercially-available-information.