FISA Section 702 Expires April 20 — What This Means for Your Privacy and VPN Use Right Now
FISA Section 702 — the US law allowing warrantless surveillance of foreigners' communications that also incidentally collects Americans' data — expires on April 20, 2026 unless Congress renews it. Simultaneously, six Democratic lawmakers are demanding clarification on whether VPN use already strips Americans of their 702 protections. These two issues are converging into the most significant US digital privacy moment in years.
What Is FISA Section 702?
FISA Section 702 is the legal authority used by the NSA, FBI, and CIA to collect communications of foreign targets without a traditional warrant. It was passed in 2008 following the Snowden-era revelations of warrantless surveillance. The controversial element: when foreigners communicate with Americans, those American communications are "incidentally collected" and can be searched by US intelligence agencies without a warrant under certain conditions — a practice privacy advocates call a Fourth Amendment violation.
Section 702 has been used in thousands of counterterrorism and counterintelligence investigations. It is also the authority behind programs like PRISM, which collects data from tech companies including Google, Apple, Microsoft, Meta, and others. Trump publicly stated he supports a "clean 18-month extension" of the 702 statute.
The VPN Connection — Does Using VPN Strip Your Rights?
Here is the specific concern lawmakers raised in their March 2026 letter to the Director of National Intelligence: when an American uses a commercial VPN, their traffic routes through VPN servers that may be physically located in foreign countries or operated by foreign-linked entities. Intelligence agencies may classify this as "foreign communications" — subjecting it to different, weaker surveillance protection under 702.
The letter asks explicitly: "While Americans should be warned of these risks, they should also be told if VPN services — advertised as a privacy protection including by elements of the federal government — could, in fact, negatively impact their rights against US government surveillance."
What Happens If 702 Expires on April 20?
If Congress does not renew FISA 702 before April 20, the legal authority for collection under this program lapses. Practically: existing collection operations would need to wind down, new surveillance under 702 would be illegal, and intelligence agencies would lose a significant counterterrorism tool. Given that Trump supports renewal and most Republicans do too, a clean extension or lapse without replacement is more likely than reform. The April 20 deadline creates genuine urgency for a Congressional vote.
What Should VPN Users Do Now?
- Choose VPNs in strong privacy jurisdictions: Switzerland (Mullvad, ProtonVPN), Panama (NordVPN), and British Virgin Islands (ExpressVPN) are not within the US surveillance alliance
- Verify no-logs policies: Choose VPNs with independently audited no-logs — what cannot be stored cannot be handed over to any government
- Use post-quantum encryption: NordVPN and ExpressVPN have PQE deployed — future-proofs against "harvest now, decrypt later" attacks
- Contact your representatives: The EFF (eff.org) and ACLU provide tools to contact Congress on FISA 702 reform
FISA 702 FAQ
Surveillance law questions answered