Twenty years ago today, and only six weeks after the terrorist attacks of September 11th, Congress enacted the USA Patriot Act. This landmark legislation dramatically expanded the U.S. government’s statutory authorities to conduct surveillance, and failed to include critical guardrails to mitigate the civil liberties threats that those powers created. This October also marks the twentieth anniversary of President George W. Bush’s Top Secret authorization directing the National Security Agency (NSA) to conduct electronic surveillance without court orders. That secret program, which became known as Stellar Wind, broadened U.S. surveillance activities even further under an assertion of inherent presidential authority.

In the intervening years, the government has abandoned some of the expansive surveillance powers it claimed in 2001, and Congress has further amended the statutes governing surveillance to incorporate some safeguards for privacy rights. But many of the powers that initially were only granted on a temporary basis in the Patriot Act have been made permanent, and Congress has codified authority for some of the surveillance activities originally conducted under brazen claims of inherent presidential power.

As we mark this two-decade anniversary, it is time for a comprehensive reexamination of the authorities governing U.S. intelligence surveillance activities.

The speed with which Congress passed the Patriot Act was remarkable. In part, this was due to the national consensus that followed the tragedy of the September 11th attacks. It also reflects the fact that Bush administration officials seized the opportunity to enact many already-drafted proposals from the FBI’s wish list that Congress had rejected in the past, in some cases repeatedly. For example, as Senator Ron Wyden (D-OR) reflected in a 2006 article, in 2000 then-Senator John Ashcroft (R-MO) had unsuccessfully proposed authorizing the FBI to delay notice of search warrants as part of counter-narcotics legislation; however, in the aftermath of September 11th, Ashcroft, as attorney general, was easily able to include delayed-notice search warrants in the Patriot Act.

Meanwhile, under the secret presidential order for Stellar Wind, the NSA began several types of collection. One of these, which involved collecting the contents of international email and phone communications without any court order, was revealed to the public in a December 2005 New York Times article. Although legal scholars and civil liberties organizations decried the illegality of and threats posed by this surveillance, ultimately Congress codified a version of the program as Section 702 of the Foreign Intelligence Surveillance Act (FISA) when it passed the FISA Amendments Act of 2008.

Over the past twenty years, Congress has periodically debated whether to adopt reforms or otherwise modify U.S. surveillance law. When Congress initially enacted the Patriot Act, 16 of the provisions were subject to sunset clauses, meaning that they were set to expire after four years unless Congress reauthorized them. In early 2006, Congress made 14 of them permanent and set new sunset dates for the remaining two provisions – the Section 215 business records provision (allowing collection of a broad range of records without a warrant) and the Section 206 roving wiretap provision (permitting wiretapping where the government does not know the target’s identity or location) –  as well as for the “lone wolf” provision originally enacted in 2004 (allowing surveillance without any showing that a target has ties to any terrorist group). From 2006 through 2015, Congress repeatedly reauthorized these three surveillance authorities with new sunset dates. Further, Congress has continued to renew Section 702 of FISA with sunset dates on a different schedule, with the next sunset date set for December 2023.

Unfortunately, the resulting reviews have been piecemeal, and although the conflicts don’t tend to break along traditional party lines, they have also been heavily politicized. Despite the continuing need to implement fundamental safeguards, only one of these periodic reassessments has led to meaningful reform of surveillance authorities: the review that resulted in Congress enacting the USA FREEDOM Act in 2015. Edward Snowden’s disclosures that began in June 2013 prompted an unusual two-year period of public debate over the appropriate bounds of U.S. surveillance, which led up to the June 2015 sunset date for the three surveillance authorities. This national conversation culminated in Congress passing the USA FREEDOM Act, which ended the bulk telephone records program that Snowden had revealed to the public, and imposed some additional important safeguards. These included prohibiting bulk collection through other authorities, and creating a role for “amici” or friends of the court, who advise the secret FISA Court on privacy and civil liberties issues. By contrast, when Congress reconsidered Section 702 two years later, it enacted some new transparency measures, but ultimately, no meaningful reform.

The arrival of the most recent sunset date in 2020 came amid renewed – and politically unusual – controversy over surveillance, with critical attention from both the right and left wings of the political spectrum. In this context, Congress considered the USA FREEDOM Reauthorization Act which would have renewed the Section 215 (business records), roving wiretap (government need not know target’s identity or location), and lone wolf (no requirement to show ties to known group) provisions, and included some measures to improve civil liberties safeguards. There appeared to be bipartisan support for reform, especially after the release of the Justice Department Inspector General’s report, which found numerous serious violations of the FISA process in the investigation of Carter Page. However, the House and Senate passed two different versions of the legislation and never reconciled their differences.

As a result, these three surveillance authorities all expired on the March 15, 2020, sunset date. The government has been able to continue Section 215 investigations begun prior to the expiration, and the business records provision reverted to its narrower pre-Patriot Act version. Yet with this lapse, the intelligence agencies lost some surveillance authorities, and without a pending reauthorization package, there is no clear legislative vehicle for achieving reforms. Most notably, privacy advocates lost the opportunity to significantly expand and strengthen the role of the FISA Court amici through the Senate’s USA FREEDOM Reauthorization bill.

So, how does the United States move forward from here?

One approach that has potential to break the logjam and move the country forward on a more productive path would be for Congress to create a commission on surveillance.  Congress has a long history of establishing commissions – a Congressional Research Service report inventoried 161 congressional commissions created between 1989 and 2020 – with varying levels of success. The advantages of a congressional commission include the potential to avoid fraught partisan conflict, to obtain relevant outside expertise, and to build consensus. Although commissions have sometimes been criticized as an abdication of congressional responsibility, Congress would have the opportunity to provide democratic accountability when it came time to act on the commission’s recommendations – with the benefit of the commission’s expertise.

One study that examined six commissions with mandates related to national security found that the most successful had evenly divided bipartisan membership and were insulated from claims of undue partisanship. Perhaps the best model is the 9/11 Commission, which conducted a non-politicized investigation, made impactful recommendations, and resulted in significant legislation. More recently, the Cyberspace Solarium Commission, established in 2019 to enhance U.S. cybersecurity, has seen 25 of its recommendations enacted into law.

To be productive, a surveillance commission would need to be established with several key features. First and foremost, the commission members must represent diverse backgrounds and perspectives that both remove the commission from the political fray and demonstrate a range of expertise. Some should have familiarity with existing surveillance authorities through prior experience serving in intelligence agencies. But the commission must also include strong representation from the privacy and civil liberties community – people who not only possess expertise in privacy and civil liberties, but who also have demonstrated a commitment to advocating for safeguards for individual rights.

Second, commission members and staff should hold security clearances at the highest level, and the commission should be granted full access to relevant information needed for its inquiry, including subpoena power. A requirement for members and staff to have Top Secret/SCI security clearances could cause some delay in launching such a commission, particularly given the need to include representation from the privacy advocacy community, in which people are unlikely to already hold such clearances. While this could impact the timeline for the commission’s reporting, it should be considered a necessary cost of getting the commission right.

Third, the scope of a surveillance commission’s mandate must be both sufficiently broad to permit a comprehensive review of government surveillance activities, and yet appropriately narrow to make the body’s work feasible. More specifically, the jurisdiction of the commission should include all intelligence surveillance and the authorities currently governing such activities, including FISA, Executive Order 12333, Presidential Policy Directive 28 (PPD-28), and national security letter authorities. By contrast, the commission should not be tasked with assessing surveillance conducted primarily for law enforcement purposes, such as under the Electronic Communications Privacy Act (ECPA). Such law enforcement surveillance involves somewhat different policy considerations, and this restriction would make the surveillance commission’s work more manageable and its mandate more realistic. However, the FBI plays a hybrid intelligence and law enforcement role, and the commission’s jurisdiction should include all FBI activities under these intelligence authorities as well as any use of such information in criminal proceedings.

In a retrospective piece marking the 20th anniversary of the September 11th attacks, the co-chairs of the 9/11 Commission point to excessive partisanship and congressional dysfunction as two of the key obstacles facing the United States today. The country needs a new approach. Establishing a surveillance commission following the 9/11 Commission model may provide the best hope for a thorough reexamination of the rules governing U.S. intelligence surveillance activities and for enactment of meaningful limits and robust guardrails.

Image: Then-President George W. Bush (C) signs into law an anti-terrorism bill that expands police and surveillance powers in response to Sept. 11 attacks on the World Trade Center and the Pentagon, 26 October 2001 in the East Room of the White House in Washington, DC. With Bush from left to right are Rep. Mike Oxley, R-OH, Sen. Orrin Hatch, R-UT, Sen Pat Leahy, D-VT, Sen. Harry Reid, D-NV, and Rep. James Sensenbrenner. LUKE FRAZZA/AFP via Getty Images.