Under Section 702 of the Foreign Intelligence Surveillance Act, the U.S. Intelligence Community (IC) can intercept  communications to or from a foreign target when stored in or passing through the United States. This surveillance, controversially, does not require a warrant. While the target must be foreign, communications involving Americans can be incidentally collected and used for law enforcement purposes.

Recent work has demonstrated the feasibility of quantitatively estimating incidental collection, responding to congressional oversight and the IC’s openness to new empirical methods. The key insight is to convert the incidental collection estimation problem into a secure multiparty computation problem, which could be addressed with a variant of private set intersection. That prior work relies on elliptic curve cryptography, which is efficient—but the IC has expressed concern about the protocol’s vulnerability to future quantum attacks.

In this work, we extend the proposal for estimating incidental collection under Section 702 to provide resistance against quantum computing. We first describe the specific security risks that a quantum adversary would pose for the protocol in prior work, Multiparty Private Set Intersection with Union and Sum (MPSIU-Sum). We then harden the protocol against quantum attack by updating the construction with lattice-based cryptography based on the ring learning with errors problem. We implement and benchmark the quantum-resistant version of MPSI-Sum, demonstrating that it remains practical for estimating Section 702 incidental collection.

The CITP Works in Progress (WiP) Seminar meets weekly during the semester. This reading group is open to any Princeton affiliate, including faculty, staff and undergraduate and graduate students.

To receive the Zoom link to join the WiP Seminar please contact Ben Kaiser at