FBI Director Christopher Wray addresses the American Bar Association's Standing Committee on Law and National Security on April 9, 2024, in Washington, D.C.

Front and center is China—the defining threat of our generation. To put it simply, the CCP [Communist Party of China] is throwing its whole government at undermining the security and economy of the rule-of-law world. China’s hacking program is larger than that of every other major nation, combined. And if each one of the FBI’s cyber agents and intelligence analysts focused exclusively on the China threat, China’s hackers would still outnumber FBI cyber personnel by at least 50 to 1.

And it’s not just cyber, but also traditional espionage and economic espionage, foreign malign influence, election interference, and transnational repression—often working in tandem. They recruit human sources to target our businesses, using insiders to steal the same kinds of innovation and data their hackers are targeting. They’re engaging in corporate deception—hiding Beijing’s hand in transactions, joint ventures, and investments—all with the same goal. They’re exporting their repression efforts and human rights abuses—targeting, threatening, and harassing those who dare question their legitimacy or authority even outside China, including right here in the U.S.

We’ve seen professors and students on American campuses subjected to intense, almost Mafia-style pressure when they say things the CCP doesn’t like, using their massive cyber operation to keep tabs on how dissidents in America are exercising their First Amendment rights online.

And of course, the PRC [People's Republic of China] plays the long game.

China’s hackers have been positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities. China-sponsored hackers pre-positioned for potential cyberattacks against U.S. oil and natural gas companies way back in 2011.

Today, we’re seeing China’s increasing buildout of offensive weapons within our critical infrastructure. Setting up persistent PRC access in our critical sectors like telecommunications, energy, and water, poised to attack whenever Beijing decides the time is right.

Say when the PRC decides to invade Taiwan, and the Chinese government wants to cripple our military response. Because low blows aren’t just a possibility in the event of a conflict. Low blows against civilians are part of China’s plan. 

Earlier this year, the FBI and our partners exposed China-sponsored hackers known as Volt Typhoon hiding inside our networks. The Volt Typhoon malware enabled China to hide, among other things, pre-operational reconnaissance and network exploitation against our critical infrastructure.

But working with our partners, the FBI ran a court-authorized, on-network operation to shut down Volt Typhoon and the access it enabled. That operation was an important step. But there’s a lot more PRC cyber threat—in a lot more places—out there.

And of course, everyone here is well aware that China is not the only adversary we’re up against. Russia and Iran are also determined to use every available tool at their disposal to take aim at things we all hold sacred—our freedoms, prosperity, and democratic norms.

Russia is a very sophisticated adversary, and they remain a top cyber threat. The Russian government continues to invest heavily in their cyber operations, in part because they see cyber as an asymmetric weapon to keep up with us. Like China, Russia continues to target critical infrastructure—including underwater cables and industrial control systems both in the United States and around the world.

Since its unprovoked invasion of Ukraine, we’ve seen Russia conducting reconnaissance on the U.S. energy sector. Adding to that concern is that the Russians—like our other adversaries—don’t care if their cyber campaigns affect civilians. That’s what we saw in 2017, when Russia’s military used the NotPetya malware to hit Ukrainian critical infrastructure. They targeted Ukraine, but ended up also hitting systems throughout Europe, plus the U.S. and Australia. And even some systems within their own borders.

Showing the same wanton disregard for civilian safety through cyber that we’re now seeing on display on the battlefield itself. They shut down a big chunk of global logistics, and ultimately, their recklessness ended up causing more than $10 billion in damages—maybe the most damaging cyberattack in history. And Russia continues its campaign to target our secrets, especially our military technology, in a variety of ways—from traditional spying to sophisticated cyber intrusions, signals collection platforms, and other technical means.

And then you’ve got Iran, which shouldn’t be underestimated. They too are a very sophisticated, very aggressive cyber adversary and continue to engage in brazen behavior directed at us. In 2021, an Iranian-sponsored group conducted a cyber attack on a children’s hospital in the United States. They’re one of only two countries—the other being North Korea—to have conducted a destructive cyberattack inside the U.S. In recent years, individuals associated with Iran have plotted to assassinate a former U.S. National Security Advisor on American soil. And like China, they leverage covert means, including their cyber capabilities, to target dissidents and conduct transnational repression right here in the U.S.

An American journalist on U.S. soil has been targeted multiple times by Iranian intelligence officials, including most recently for assassination. Last year, we announced that the FBI and our partners had disrupted that assassination attempt, which Iran tried to carry out using an organized crime group. I have no doubt Iran will also continue to try to evade international sanctions by stealing our military technology through cyber hacking and illegal technology transfers—and of course, it remains the world’s leading state sponsor of terrorism.

The Threat of Terrorism

And that brings me to the final threat I wanted to discuss today, and that’s terrorism.

Terrorism is one of the most pressing national security challenges we face, and it remains the FBI’s number one priority. I’ve been very public in saying that at a time when the terrorism threat was already elevated, the ongoing war in the Middle East has raised the threat of an attack against Americans inside the United States to a whole ‘nother level.

One big reason for that is the steady drumbeat of calls for attacks we’ve seen from a veritable rogue’s gallery of foreign terrorist organizations. Groups ranging from Hezbollah, to ISIS, to al-Qaida have publicly called for attacks against America and our allies. Hezbollah has publicly expressed its support and praise for Hamas and threatened to attack U.S. interests in the region. Al-Qaida issued its most specific call to attack the U.S. in the last 5 years. al-Qaida in the Arabian Peninsula—or AQAP—called on jihadists to attack Americans and Jewish people everywhere. And foreign terrorists, including ISIS, al-Qaida, and their adherents, have renewed calls for attacks against Jewish communities here in the United States and across the West in statements and propaganda.

As you probably know, these are groups that haven’t always seen eye to eye—and that’s putting it mildly—now united in their calls for attacks on us. Given those calls for action, we cannot and do not discount the possibility that foreign terrorists may exploit the conflict to carry out an attack.

And while we continue to be concerned about individuals or small groups drawing twisted inspiration from the events in the Middle East to carry out attacks here at home. The foreign terrorist threat and the potential for a coordinated attack here in the homeland, like the ISIS-K [ISIS-Khorasan] attack we saw at the Russia Concert Hall a couple weeks ago is now increasingly concerning. October 7 and the conflict that’s followed will feed a pipeline of radicalization and mobilization for years to come.

Summation of Threats 

There’s a lot of national security experience represented in this room. Many of you will remember when our government—our country—was almost exclusively focused on the fight against terrorism. In the 9/11-era against al-Qaida or ISIS at its height in, say, 2015 and 2016. And everyone here will be familiar with the Intelligence Community’s more recent and much-discussed “pivot” to hard targets and great power competition.

What distinguishes the current moment is the breadth of national security threats we’re facing all at once. None of the threats our country, our allies, are confronting is going away. In fact, the threats are only growing bigger.

On the nation state side, China, Russia, Iran—they’re doubling down and heavily investing in their cyber, espionage, and foreign malign influence operations. And they’re not remotely constrained by the rule of law. 

They’re tasking their criminals and “private sector” as strategic weapons against us—whether to hack our critical infrastructure, steal our military secrets, or gain an economic advantage against our businesses. All that at a time when the terrorist threat is very much still with us, and as I said earlier, has reached a whole ‘nother level after October 7th.

America’s adversaries aren’t pulling any punches—they’re coming at us with everything they’ve got. So, this is not the time for us to hang up our gloves or take away the tools that help us punch back.

FISA Section 702

That brings me to what the FBI is doing to stay ahead of and strategically disrupt these threats.

Our focus is not only whether we’ve got the resources—the money and the right talent to deal with these threats to grow to meet the challenges of the next five, 10 years. But also whether we’ve got the necessary tools to combat our adversaries.

And one tool that’s indispensable to our efforts to combat threats posed by foreign adversaries, is one that will expire in just a couple of weeks if Congress does not act—and that’s our FISA Section 702 authorities.

702 allows us to stay a step ahead of foreign actors located outside the United States who pose a threat to national security. And the expiration of our 702 authorities would be devastating to the FBI’s ability to protect Americans from those foreign threats. 

We’re glad so many members of Congress support this critical tool, and our use of it, and recognize the value of 702 is undisputed. Whether it’s to protect our critical infrastructure, find victims and get them the help they need, or detect foreign terrorists overseas directing an operative here to carry out an attack in our own backyard.

And crucial to our ability to use 702 to protect Americans is our ability to review intelligence promptly and efficiently through queries. 

I’ve talked about how the PRC is pre-positioning on critical infrastructure across the United States. Just to pick an example: U.S.-person queries were key to discovering where Chinese hackers had successfully compromised network infrastructure at a transportation hub here in the United States, allowing us to alert the network operators so they could mitigate the intrusion.

Who knows how much damage those hackers could have caused—not just monetarily, but in the disruption and even the safety of Americans’ lives. Effective and prompt victim notifications like those hinge on our ability to conduct U.S.-person queries of our existing 702 collection.

In just one recent cyber case, for instance, 702 allowed the FBI to alert more than 300 victims in every state and countries around the world—many of those notifications made possible because of U.S.-person queries. And U.S.-person queries, in particular, may provide the critical link that allows us to identify an intended target or build out the network of attackers, so we can stop them before they strike.

And just like in cyber, U.S.-person queries continue to be key to identifying terrorists in the homeland, helping us find out who they’re working with and what they’re targeting—the intelligence we may need to stop them before they kill Americans. So, while it is imperative that we ensure this critical authority does not lapse, we also must not undercut the effectiveness of this essential tool with a warrant requirement or some similar restriction paralyzing our ability to tackle fast-moving threats.

Now, contrary to what a lot of folks are saying about the constitutionality and legality of U.S.-person queries, the law and the Fourth Amendment simply do not require a warrant in order for the FBI to query 702 data.

You don’t have to take my word for it. Multiple federal district courts and appellate courts have considered the issue, and no court has ever held that a warrant is required for the FBI to conduct U.S.-person queries—to blind ourselves from information already lawfully in our holdings. And when the Foreign Intelligence Surveillance Court renews the 702 program every year, not once has it found that the law requires a warrant to conduct U.S.-person queries.

And if the appetite for a warrant is borne out of compliance concerns, I can wholeheartedly say that there are plenty of ways to ensure compliance without paralyzing us and our ability to move fast. We’ve proven that. I’ve been unequivocal that the compliance incidents we’ve had in the past are unacceptable. And in response, we’ve undertaken a whole host of reforms to ensure that we’re good stewards of this authority.

Now, if you look at compliance reviews conducted by the Foreign Intelligence Surveillance Court and the Department of Justice on queries that were run after we put in place our reforms—let me say that again—the compliance reviews conducted on queries that were run after our reforms, both the FISC and DOJ have recognized that our reforms have resulted in substantial compliance improvements, hitting compliance rates well into the high 90% range.

And we’re going to keep looking for ways to push that number even higher. So, if there’s no constitutional, legal, or compliance necessity for a warrant requirement, then Congress would be making a policy choice to require us to blind ourselves to intelligence in our holdings. And if that’s the path that’s chosen, I can tell you that it will have real-world consequences on our ability to disrupt the threats I outlined—on our ability to protect the American people.

Take for example a foreign terrorist organization—ISIS or al-Qaida—legally or illegally sending an operative into the U.S. to conduct an attack. U.S.-person queries on the foreign terrorist’s communications are how we’re able to potentially learn the extent of what they’re planning and how imminent it may be.

Requiring a warrant for U.S.-person queries—which are typically conducted in the nascency of an investigation; when we usually cannot establish probable cause or demonstrate exigency; where time is of the essence to get ahead of the bad guys—would be a deliberate and shortsighted choice to blind us to the threat of a foreign terrorist in the U.S. planning and even executing an attack.

The consequences of tying our hands are not merely hypothetical. Just last year, we discovered that a foreign terrorist had communicated with a person we believed to be in the United States. Only by querying that U.S. person’s identifiers in our 702 collection did we find important intelligence on the seriousness and urgency of the threat. And less than a month after that initial query, we disrupted that U.S. person who, it turned out, had researched and identified critical infrastructure sites in the U.S. and had acquired the means to conduct an attack.

If we had to obtain a warrant to conduct that initial query, based on what we knew at that time, there is no way we could’ve met a probable cause standard or even an exigency exception. And if we hadn’t done that query, we would’ve lost valuable time we needed to get ahead of the potential attack.

Bottom line, a warrant requirement would be the equivalent of rebuilding the pre-9/11 intelligence “wall.” I saw the consequences of that policy choice 22 years ago. I’ve spoken with families of victims of that horrific attack. And now two decades later, I can assure you that none of our adversaries are holding back or tying their own hands—whether to attack us, steal from us, to put American national security, our economic security, and American lives at risk.

So we need lawyers—folks like you who are committed to educating the bar and the public on the rule of law and our national security to explain what’s law and what’s policy, what a warrant is and what it isn’t, and to help illuminate the consequences of purposefully choosing to limit the American Intelligence Community from accessing key and timely information about our foreign adversaries.

Because we’re in crunch time when it comes to reauthorizing this vital authority. And as the threats to our homeland continue to evolve, the agility and effectiveness of 702 will be essential to the FBI’s ability—and really our mandate from the American people—to keep them safe for years to come.

And we owe it to them to make sure we’ve got the tools we need to do that.

Thank you for having me, and I look forward to your questions.

Resources:

• Story: Warrant Requirement for FBI's Section 702 Queries Would Impede Investigations, Endanger National Security, Director Says
• Inside the FBI Podcast: Making Sense of FISA Section 702
• Resource Page: Foreign Intelligence Surveillance Act (FISA) and Section 702