What is FISA?

The Foreign Intelligence Surveillance Act (FISA), established in 1978, is a United States federal law that outlines the procedures for physical and electronic surveillance. It focuses on collecting “foreign intelligence information” from “foreign powers” and their “agents.”

FISA applies primarily to the surveillance and collection of intelligence within the United States by federal agencies from foreign powers and their agents.

The key entities and individuals to whom FISA applies include:

  • Foreign powers, such as foreign governments, factions of foreign nations not substantially composed of U.S. persons, and entities directed or controlled by foreign governments. It also includes groups engaged in international terrorism or activities for foreign powers.

  • Agents of foreign powers, including individuals or entities acting on behalf of a foreign power. This category can include non-U.S. citizens engaged in espionage or covert operations, but it can also extend to U.S. citizens if they knowingly engage in espionage or terrorism activities on behalf of a foreign power.

  • US government agencies that conduct surveillance and intelligence operations, such as the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Central Intelligence Agency (CIA), are required to obtain a FISA warrant to conduct electronic surveillance or physical searches targeting agents of foreign powers within the United States.

  • Foreign Intelligence Surveillance Court (FISC) was established to oversee requests for surveillance warrants against foreign spies inside the United States.

  • Communication service providers. In some cases, FISA can apply to telecommunications companies and internet service providers, as these entities may be required to assist in the surveillance authorized by FISA warrants.

You may be affected by FISA only if US government agencies require you to provide them with specific information that may be stored on your servers on US soil.

MergeBase and FISA

Considering the specific provisions outlined in the FISA, its scope of application, and the nature of MergeBase’s operations, it becomes evident that FISA’s regulations do not apply to MergeBase.

This conclusion is drawn from a thorough understanding of FISA’s legal framework, which primarily targets specific types of entities and activities. When assessed against these criteria, MergeBase’s business model and operational practices clearly fall outside the purview of FISA’s regulatory reach.

How Can MergeBase Help You with FISA Compliance?

The FISA empowers US law enforcement agencies with the authority to demand specific information from companies operating within the United States. This includes both U.S.-based companies and foreign entities conducting business on US soil. Under FISA, these agencies can issue requests for information that are considered vital for national security or for the purpose of surveillance related to foreign intelligence.

In scenarios where a U.S. enforcement agency exercises this power and mandates the disclosure of particular information, the company receiving such a request is legally obligated to comply. Therefore, when faced with a lawful request from a U.S. enforcement agency under FISA, companies generally have little recourse but to comply with the requirements and provide the requested information.