This is where people get really confused, and most of what you read mis-frames it badly. The way US law has always worked is that our intelligence services and military can legally collect any and all communications between non US persons (ie. not a citizen, resident, visa holder, or company incorporated in the US).
Now, this gets complicated if you have communication between two non US persons transiting a system in the US. Under the old FISA law there was no provision for handling this case, and there was a very credible legal argument that unrestricted collection of such communication was entirely fine under existing laws and presidential directives. So, after 9/11 the Bush administration decided to use that argument to compel various US telecom providers to grant access to these non US communications. (They did other stuff too, but that's the big one that the FISA law changed.)
People legitimately got freaked out at various things when the FISA situation went broadly public. And it really is a bad idea for the government to be able to press companies into providing foreign intelligence collection capability with no oversight. However, the intelligence community had actually been complaining about exactly this situation for decades earlier, because their conservative approach (prior to 9/11) had been to push everything through the FISA courts (which issued an order intended for targeting US persons). So, members of congress already had a bill mostly written to reform FISA for this case of non US person communications transiting US systems. That's the basis of the current FISA law.
So, that's where this whole warrant-less wiretapping thing comes from. The executive branch can now authorize collection for up to one year if various criteria and oversight are met, including a reasonable expectation that the collection will not contain any communications between US persons. And that authorization has the power of a warrant in that it can be used to compel service providers and telecoms to comply. As always, if all parties are non US persons and the systems used are outside the US then FISA doesn't apply at all, and the targets are simply fair game.
Isn't foreign spying great? Don't you just love it when the Chinese hack into our government and corporate systems and collect sensitive data? All for the safety of the Chinese people I'm sure.
Now, this gets complicated if you have communication between two non US persons transiting a system in the US. Under the old FISA law there was no provision for handling this case, and there was a very credible legal argument that unrestricted collection of such communication was entirely fine under existing laws and presidential directives. So, after 9/11 the Bush administration decided to use that argument to compel various US telecom providers to grant access to these non US communications. (They did other stuff too, but that's the big one that the FISA law changed.)
People legitimately got freaked out at various things when the FISA situation went broadly public. And it really is a bad idea for the government to be able to press companies into providing foreign intelligence collection capability with no oversight. However, the intelligence community had actually been complaining about exactly this situation for decades earlier, because their conservative approach (prior to 9/11) had been to push everything through the FISA courts (which issued an order intended for targeting US persons). So, members of congress already had a bill mostly written to reform FISA for this case of non US person communications transiting US systems. That's the basis of the current FISA law.
So, that's where this whole warrant-less wiretapping thing comes from. The executive branch can now authorize collection for up to one year if various criteria and oversight are met, including a reasonable expectation that the collection will not contain any communications between US persons. And that authorization has the power of a warrant in that it can be used to compel service providers and telecoms to comply. As always, if all parties are non US persons and the systems used are outside the US then FISA doesn't apply at all, and the targets are simply fair game.