PRIA Logo
Back to search
homeland-securityHomeland Security & Emergency Management

USA PATRIOT Act & National Security Surveillance

8 min read·Updated Apr 21, 2026

USA PATRIOT Act & National Security Surveillance

The USA PATRIOT Act — enacted 45 days after September 11, 2001 — dramatically expanded the U.S. government's authority to surveil communications, access records, and conduct intelligence operations within and across the country. Its most consequential provisions created or expanded three surveillance mechanisms: National Security Letters (NSLs) (18 U.S.C. § 2709) — administrative subpoenas issued by the FBI without any court approval, requiring phone companies, banks, and internet providers to turn over records; Section 215 bulk collection (50 U.S.C. § 1861) — FISA court orders compelling businesses to produce "any tangible things" relevant to national security investigations, used for years to collect bulk telephone metadata on millions of Americans before the NSA program was revealed by Edward Snowden in 2013 and reformed by the USA FREEDOM Act (2015); and Section 702 (50 U.S.C. § 1881a) — the FISA Amendments Act authority to collect foreign intelligence from non-U.S. persons abroad, which also "incidentally" captures U.S. person communications and has generated fierce civil liberties debate. Section 215 expired in 2020 and has not been renewed. Section 702 was reauthorized in April 2024 with new restrictions but also new authorities — including, controversially, the expansion of entities that can be compelled to assist with surveillance. The 2013 Snowden revelations fundamentally transformed the public debate over the tradeoffs between national security and privacy rights.

Current Law (2026)

ParameterValue
Core statutesUSA PATRIOT Act (2001); USA FREEDOM Act (2015); FISA Amendments Act (2008/2018/2024), Section 702
Section 215 (business records)Expired June 2020; bulk telephone metadata collection ended 2019 (replaced by targeted orders under USA FREEDOM Act)
Section 702Warrantless surveillance of non-U.S. persons abroad who use U.S. communications infrastructure; reauthorized 2024
National Security LettersFBI administrative subpoenas for communications metadata, financial records, and credit reports; no judicial approval required
NSL volume~10,000-15,000 NSLs issued annually
FISA CourtForeign Intelligence Surveillance Court — 11 federal judges designated by Chief Justice; approves surveillance orders ex parte
OversightFISA Court, Congressional intelligence committees, Privacy and Civil Liberties Oversight Board (PCLOB), agency inspectors general
  • 50 U.S.C. § 1861 (Section 215) — Access to business records (originally allowed FBI to seek court orders for "any tangible things" relevant to a terrorism or counterintelligence investigation; amended by USA FREEDOM Act to require a "specific selection term" rather than bulk collection; bulk telephone metadata program ended 2019; authority expired June 2020)
  • 18 U.S.C. § 2709 — National Security Letters (FBI may issue NSLs to communications providers, financial institutions, and credit agencies to obtain non-content records — subscriber information, toll records, financial records — relevant to counterterrorism or counterintelligence investigations; no judicial approval required; automatic gag order prohibits recipients from disclosing the NSL)
  • 50 U.S.C. § 1881a (Section 702) — FISA Amendments Act (authorizes targeting of non-U.S. persons reasonably believed to be located outside the United States for foreign intelligence purposes; does not require individual warrants; collection occurs through U.S. communications providers; "incidental" collection of Americans' communications permitted but subject to minimization procedures)

How It Works

The USA PATRIOT Act and its successors form the legal backbone of America's post-9/11 surveillance architecture — a system designed to prevent terrorist attacks but which has generated intense debate about the balance between national security and civil liberties.

Enacted 45 days after September 11, 2001, the PATRIOT Act lowered the standard for obtaining FISA surveillance orders, expanded the definition of "foreign intelligence information," allowed roving wiretaps, facilitated intelligence-law enforcement information sharing, and created Section 215 — the business records provision later used to justify bulk telephone metadata collection. Section 215 became the most controversial provision after Edward Snowden's 2013 revelations that the NSA had used it to collect call records (who called whom, when, and how long — but not content) of virtually every American, approved by the FISA Court under a secret interpretation of "relevant to" an investigation. The USA FREEDOM Act (2015) ended bulk collection and required the government to use a "specific selection term" (a particular person, account, or device) to query records held by phone companies; Section 215 itself expired in June 2020 and has not been reauthorized. Alongside Section 215, National Security Letters (18 U.S.C. § 2709) remain active — FBI administrative subpoenas issued without any court approval, compelling phone companies, banks, and credit agencies to produce non-content records, with an automatic gag order prohibiting recipients from disclosing the NSL's existence; approximately 10,000–15,000 are issued annually.

Section 702 (50 U.S.C. § 1881a) is now the intelligence community's most important surveillance authority and, since Snowden, the most contested. It allows the NSA to target non-U.S. persons reasonably believed to be outside the United States, collecting their communications as they pass through U.S. infrastructure — no individual warrant required; the FISA Court approves annual certifications for categories of foreign intelligence collection. Because Americans communicate with foreigners, their communications are "incidentally" collected in large volumes, and the FBI can then query this database for Americans' communications without a warrant — the "backdoor search" controversy. Section 702 was reauthorized in 2024 with new restrictions on backdoor searches but also expanded the categories of entities that can be compelled to assist collection. Oversight rests with the FISA Court (which operates ex parte), congressional intelligence committees (via classified briefings), the Privacy and Civil Liberties Oversight Board (PCLOB), and agency inspectors general — but effectiveness is debated given the classified nature of the proceedings and limited public accountability.

How It Affects You

If you communicate internationally — with family, colleagues, or sources abroad: Your communications may be incidentally collected under FISA Section 702 (50 U.S.C. § 1881a) even if you are not a surveillance target. Section 702 authorizes the NSA to collect communications of non-U.S. persons located abroad who are "targeted" for foreign intelligence purposes — but when those targets communicate with U.S. persons, those U.S. person communications are collected too ("incidental collection"). NSA's PRISM program collects data from major internet platforms; Upstream collection taps internet backbone traffic. Minimization procedures govern what the FBI can do with incidentally collected U.S. person communications — including restrictions on "backdoor searches" querying the database for U.S. person identifiers. The FISA Reauthorization Act of 2024 extended Section 702 for two more years (through April 2026) and added new requirements for FBI queries of Section 702 data involving U.S. persons, but civil liberties advocates argued the reforms were insufficient. For journalists communicating with foreign sources: end-to-end encrypted messaging (Signal) significantly limits incidental collection compared to standard email or phone calls — it doesn't eliminate legal risk but substantially reduces technical exposure.

If you're a technology company, ISP, or cloud provider: You may receive several types of national security legal process. National Security Letters (NSLs) (18 U.S.C. § 2709) are administrative subpoenas — no court approval required — that compel disclosure of subscriber information (name, address, billing records) and can include gag orders restricting you from disclosing the NSL's existence. The FBI issues tens of thousands of NSLs annually. Section 702 directives from NSA compel providers to assist in collection from their systems. FISA orders from the Foreign Intelligence Surveillance Court compel assistance in electronic surveillance. You have limited ability to challenge NSLs (though Doe v. Mukasey, 2008, established some procedural rights), and Section 702 directives are reviewed only by the FISC. Transparency reports are now permitted with aggregate statistics (number of NSLs received, range of accounts affected) — publishing them is standard industry practice that provides the public with some visibility into the scale of government access requests.

If you're a journalist, lawyer, human rights researcher, or political advocate: The Section 702 framework creates real operational security risks. The FBI's ability to query Section 702-collected data for U.S. person identifiers — including searching for communications of U.S. journalists or attorneys — was at the center of the 2024 reauthorization debate. The PCLOB (Privacy and Civil Liberties Oversight Board) has documented FBI queries targeting political figures and journalists. For attorney-client privilege: minimization procedures include some protections, but FISA's "foreign intelligence purpose" exception can override privilege claims in specific circumstances. For journalists protecting sources: if your sources are non-U.S. persons abroad communicating about matters of foreign intelligence interest, Section 702 collection of your communications is legally authorized. Operational security practices — end-to-end encryption, air-gapped devices, in-person meetings — reduce (but don't eliminate) exposure. The Electronic Communications Privacy Act provides complementary protections for domestic law enforcement, but FISA operates on a separate legal track.

If you're a civil liberties advocate, congressional staffer, or policy researcher working on surveillance reform: The PATRIOT Act/FISA surveillance framework has been the subject of continuous legislative reform since the Snowden disclosures (2013) — the USA FREEDOM Act (2015), the FISA Amendments Reauthorization Act (2018), and the FISA Reauthorization Act (2024) each modified but preserved the core authorities. Key unresolved debates: (1) Section 702 backdoor searches — should FBI be required to obtain a warrant before querying 702-collected data for U.S. person information? The House has passed warrant requirement amendments that the Senate rejected in prior cycles; (2) NSL reform — the automatic gag order provision remains controversial; (3) Section 215 bulk records — sunset in 2020, but NSA's bulk metadata collection history informs current debates. PCLOB reports (pclob.gov) are the most authoritative independent assessments of how these programs operate in practice; EFF and ACLU track ongoing litigation challenging various surveillance authorities.

State Variations

  • National security surveillance authorities are exclusively federal — no state variations apply
  • State wiretap and electronic surveillance laws (governed by ECPA at the federal level) operate separately from FISA-authorized intelligence collection
  • Some states have enacted their own privacy protections that affect data held by state/local agencies but do not constrain federal intelligence collection

Implementing Regulations

The USA PATRIOT Act's surveillance provisions are primarily implemented through classified FISC orders, internal DOJ/FBI guidelines (Attorney General's Guidelines for Domestic FBI Operations), and ODNI procedures rather than public CFR regulations. Key public regulatory touchpoints include 31 CFR Parts 1010–1029 (Bank Secrecy Act/anti-money laundering requirements strengthened by PATRIOT Act Title III) and 31 CFR Part 501 (OFAC sanctions procedures).

Pending Legislation

  • S 3696 — Let Congress attend FISA court hearings, tighten penalties for Section 702 misuse, expand amicus roles, bolster whistleblower rights. Status: Introduced.
  • S 3893 — Tighten U.S.-person surveillance rules, restrict provider directives and data-broker purchases, add audits and court review. Status: Introduced.
  • HR 8178 — Protect Americans from unauthorized surveillance. Status: Introduced.
  • HR 7363 — Ban ICE/CBP facial recognition and biometric surveillance, require data deletion within 30 days. Status: Introduced.
  • S 3779 — Bar ICE/CBP biometric surveillance, require data deletion, create private and state enforcement rights. Status: Introduced.

Recent Developments

  • Section 702 was reauthorized in April 2024 with reforms including new restrictions on querying for U.S. person information and expanded Congressional reporting requirements
  • The Section 215 business records authority expired in June 2020; the government has not sought reauthorization
  • Debates continue about whether the FBI should be required to obtain a warrant before querying Section 702 data for U.S. person information
  • FISA Court transparency has marginally improved, with more opinions declassified, but the court remains fundamentally secretive
  • AI and automated surveillance tools raise new questions about the scope and effectiveness of existing oversight mechanisms

At My Address

See how USA PATRIOT Act & National Security Surveillance plays out in your area

Pull up the federal-data report for any U.S. ZIP — federal spending, environmental risk, hospitals, schools, your reps, all on one page.

Enter your address