Pandemic surveillance and US foreign surveillance

Abstract

The Foreign Intelligence Surveillance Act of 1978 (FISA) authorized surveillance based on showing a court probable cause to believe that the target of the surveillance was an "agent of a foreign power." From that point, the United States' surveillance capabilities were greatly expanded in the interests of national security. Section 702 of the FISA Amendments Act of 2008 (FAA) introduced a way to seek authorization for systemic surveillance of non-US persons outside the US through the Foreign Intelligence Surveillance Court. Some frame the pandemic as a national security matter and that pandemic surveillance should fall within the surveillance authority of FISA and FAA. Post-9/11, the government greatly expanded its surveillance capacities, much as the surveillance capacities of the government are being expanded in light of the COVID-19 crisis. After the Snowden disclosures of 2013, the media revealed how this expansion of programmatic surveillance could be far-reaching and include US citizens as well as noncitizens. These revelations appear to have motivated the 2020 Schrems II decision by the Court of Justice of the European Union, finding that the EU-US Privacy Shield on transatlantic data transfers did not adequately protect EU persons' data as required under the European Union's General Data Protection Regulation (GDPR). The United States has a lot of work to do if it wants to meet the requirements of the GDPR and the CJEU's expectations of privacy. It is important to keep in mind the legal limitations that might exist under US surveillance law, what interests must be balanced, and what potential abuses might occur.