Various advocacy groups, including the Electronic Privacy Information Center, the Electronic Frontier Foundation (EFF) and the Center for Democracy and Technology (CDT) have expressed concern that government agencies are using the law to justify extensive surveillance of both foreign nationals and millions of Americans.
Several lawmakers too have expressed concerns over the lack of transparency in how the law is being used and have asked for more oversight.
The law has also garnered considerable attention in the European Union where privacy authorities have expressed concern over how it will affect European businesses that have their data hosted with U.S. cloud providers.
In a report released last fall before the law was reauthorized, European data regulators warned of how the law specifically targeted data of non-US individuals located outside the U.S. The scope of the surveillance authorized under the amended act goes beyond the interception of communications and covers any data in cloud environments as well, the report cautioned.
FISA "can be seen categorically as a much graver risk to EU data sovereignty than other laws hitherto considered by EU policy makers," the report said.
Sign up for CIO Asia eNewsletters.