What Just Happened to NSA Reform?
You’re reading the Benton Foundation’s Weekly Round-up, a recap of the biggest (or most overlooked) telecommunications stories of the week. The round-up is delivered via e-mail each Friday; to get your own copy, subscribe at www.benton.org/user/register
On June 2, 2015, the Senate passed and President Barack Obama signed into law the USA FREEDOM Act of 2015. This week’s actions have been both celebrated and damned by all sides, it seems, of the political spectrum. Is it time to celebrate? Or move to Canada?
Two Years From Snowden to Reform
Two years ago exactly -- on June 5, 2013 -- we first started reading the revelations that the National Security Agency (NSA) was collecting the telephone records of millions of US customers of America's largest telecom providers. The revelations, soon attributed to former Central Intelligence Agency (CIA) employee Edward Snowden, showed that the records were being collected indiscriminately and in bulk – regardless of whether the people involved were suspected of any wrongdoing. The information was classed as "metadata", or transactional information, rather than communications, and so, we were told, did not require individual warrants to access. We learned that the Foreign Intelligence Surveillance Court (FISC) had granted an order requested by the Federal Bureau of Investigation (FBI) pursuant to section 215 of the USA PATRIOT Act, which was reauthorized by Congress in 2011. A 2005 court ruling judged that cell site location data – the nearest cell tower a phone was connected to – was also transactional data, and so could potentially fall under the scope of the collection.
The revelations and others that followed led to public debate and numerous reviews of NSA practices and claimed authority.
On January 17, 2014, President Obama announced reforms to the collection of signals intelligence by the Federal Government and issued Presidential Policy Directive (PPD) 28. The President directed that the queries of telephone metadata collected by the NSA under Section 501 of the Foreign Intelligence Surveillance Act of 1978 (FISA) must first be approved by a FISC judge and such queries would be limited to two ‘‘hops’’ (a ‘‘hop’’ is a colloquial term for a connection between two telephone numbers).
On March 27, 2014, President Obama announced several changes to the conduct of foreign intelligence activities in response to the Snowden disclosures. He announced changes that imposed both a substantive limit on the scope of NSA’s access to telephony metadata as well as a procedural limit on when the NSA may access the data in the first place. The substantive limit restricts the results of queries of telephony metadata to two hops. Prior to the President’s speech, the program had been authorized to receive query results of up to three hops. At the same time, the President announced that the government should no longer store telephone metadata in bulk; rather, the records should remain at the telephone companies for the length of time such records are stored in the ordinary course of business. Also, the President stated that the court-approved numbers could be used to query the data over a limited period of time without returning to the FISC for approval, the production of records would be ongoing and prospective, and the companies should be compelled by court order to provide technical assistance to ensure that the records can be queried and that results are transmitted to the government in a usable format and in a timely manner.
On May 7, 2015, the U.S. Court of Appeals for the Second Circuit issued a decision in ACLU v. Clapper, holding that Section 215 of the USA PATRIOT Act ‘‘and the statutory scheme to which it relates do not preclude judicial review, and the bulk telephone metadata program is not authorized by Section 215.’’ Specifically, the court declined to read the ‘‘relevance’’ standard of Section 215 as authorizing the broad-sweeping, nationwide collection of telephone metadata that is then queried by the NSA in authorized international terrorism investigations.
On June 1, 2015, you may well know, the Patriot Act was due to (and ultimately did) sunset – and with it, the legal authority for the NSA to continue its data collection. In response, the USA Freedom Act was introduced and passed in the House of Representatives earlier this Spring. House passage set up the final debate that took place in the Senate this week.
USA FREEDOM Act: From Introduction to Law in 36 Days
The USA FREEDOM Act was introduced in the House on April 28 of this year by Rep. Jim Sensenbrenner, Jr., one of the primary authors of the original Patriot Act in the wake of the 9/11 attacks in the U.S. Rep. Sensenbrenner summarized the bill’s provisions:
Protects civil liberties
- Ends bulk collection: Prohibits bulk collection of ALL records under Section 215 of the PATRIOT Act, the FISA pen register authority, and national security letter statutes.
- Prevents government overreach: The bulk collection prohibition is strengthened by prohibiting large-scale, indiscriminate collection, such as all records from an entire state, city, or zip code.
- Allows challenges of national security letter gag orders: NSA nondisclosure orders must be based upon a danger to national security or interference with an investigation. Codifies procedures for individual companies to challenge nondisclosure orders. Requires periodic review of nondisclosure orders to determine necessity.
Improves transparency and better information-sharing with the American people
- Expertise at the FISA court: The bill creates a panel of amicus curie at the FISA court to provide guidance on matters of privacy and civil liberties, communications technology, and other technical or legal matters.
- Declassified FISA opinions: All significant constructions or interpretations of law by the FISA court must be made public. These include all significant interpretations of the definition of “specific selection term,” the concept at the heart of the ban on bulk collection.
- Robust government reporting: The Attorney General and the Director of National Intelligence will provide the public with detailed information about how they use these national security authorities.
- Robust company reporting: Tech companies will have a range of options for describing how they respond to national security orders, all consistent with national security needs.
Strengthens national security
- Gives the government the tools it needs: Creates a new call detail records program that is closely overseen by the FISA court.
- Contains an additional tool to combat ISIL: The bill closes a loophole in current law that requires the government to stop tracking foreign terrorists when they enter the U.S. This provision gives the government 72 hours to track foreign terrorists when they initially enter the United States (it does not apply to U.S. persons) – enough time for the government to obtain the proper authority under U.S. law.
- Increases the statutory maximum prison sentence to 20 years for providing material support or resources to a designated foreign terrorist organization.
- Enhances investigations of international proliferation of weapons of mass destruction.
- Protects United States’ maritime activities from nuclear threats, weapons of mass destruction, and other threats by implementing the obligations of various treaties to which the United States is a party.
- Provides strictly limited emergency authorities: Creates new procedures for the emergency use of Section 215 but requires the government to destroy the information it collects if a FISA court application is denied.
On May 8, the USA FREEDOM Act was approved, without amendment, by the House Committee on Judiciary. Five days later, the House passed the bill on a 338 – 88 vote – again, without amendment. Some House Republicans were vexed that House Speaker John A. Boehner (R-OH) would not permit amendments to the bill on the House floor, but the Speaker said, “This is a very delicate issue,” adding that the floor was “not a place for people to bring out the wrecking ball.” As noted above, the Senate this week voted 67-32 to approve the House version of the bill – again without amendment.
So, yes, if you’re scoring at home, that’s 36 days between introduction of the bill and signing it into law – all without amendment. Must not be very controversial, right?
What Comes Next?
On the heels of the passage and signing this week, we’re already seeing developments on the new law’s impact, more action by Congress, and looking ahead to the next big issues.
In the House this week, the Commerce, Justice and Science (CJS) Appropriations Act included measures to rein in snooping from the Drug Enforcement Administration (DEA), National Security Agency (NSA) and other agencies. The $51.4 billion CJS bill passed through the House 242-183 on June 3. It includes an amendment, offered by Rep. Darrell Issa (R-CA) and adopted without opposition, that would ban the use of “StingRay” devices without a court order. The tools, also known as “IMSI catchers,” replicate cellphone towers and scoop up information about people’s phone data and location. Rep. Jared Polis (D-CO), meanwhile, added an amendment prohibiting the DEA from ever restarting a previously secret program collecting bulk records about people’s phone calls. The program — which was revealed just earlier this year — was halted in 2013. Two other amendments included in the bill would ban the government from forcing tech companies to place “back doors” to get around their security measures, and limit the NSA 's ability to weaken encryption security guidelines.
The Guardian reported June 3 that the Department of Justice intends to use part of the new law to temporarily restart the bulk collection of US phone records. The USA FREEDOM Act provides a six-month grace period to prepare the surveillance and legal bureaucracies for a world in which the NSA is no longer the repository of bulk US phone metadata. During that time, the act’s ban on bulk collection will not yet take effect. But the NSA stopped its 14-year-old collection of US phone records on June 1, when provisions of the Patriot Act lapsed. The government will argue it needs to restart the program in order to end it.
“We are taking the appropriate steps to obtain a court order reauthorizing the program. If such an order is granted, we’ll make an appropriate announcement at that time as we have with respect to past renewal applications,” said Marc Raimondi, the Justice Department’s national security spokesman.
“[Senate Majority Leader Mitch] McConnell’s gamble on a clean reauthorization of [parts of the Patriot Act] without reform and his further attempts to weaken the privacy protections contained in the USA Freedom Act has caused this ridiculous situation in which the bulk metadata program is being reanimated in order to be shut down for good,” said Amie Stepanovich, an attorney with the digital-rights group Access. Stepanovich added: “While the USA Freedom Act allows for a period of six months to transition the collection of data outside of the NSA, the administration should actively work to move the program as quickly as possible. If the NSA takes the entire six months to stop indiscriminately collecting our data it is in violation of the spirit of the transition and needlessly continues to harm the privacy of users en masse. We need to move to the targeted collection codified by the USA Freedom Act without any delay.”
Unclear is whether or not the FISA court will hear arguments from the newly established “amicus,” who will be empowered by the new law to contest the government’s contentions before the previously non-adversarial court. The law permits the amicus to argue before the court in novel circumstances. “Whether the NSA can restart this bulk collection is a novel question, and this decision should not be made in secret. The FISA court should appoint an amicus – that’s what this provision of USA Freedom is for. And the decision and its reasoning should be made public,” said Jennifer Granick, director of civil liberties at the Stanford University Law School’s Center on Internet and Society.
The “start-up to shutdown” question will be decided against the backdrop over continuing debate over government surveillance. While reformers hope this week’s victory is an appetizer to a multiple-course meal to rein in the NSA, security hawks—many of them Republicans vying for the White House—hope to halt the post-Snowden momentum behind surveillance reform. And some already are talking about unraveling the new law.
Sen. Ron Wyden, a civil-liberties stalwart who serves on the intelligence committee and has worked for more than a decade to reform government surveillance, said "There is a lot more to do when—in effect—you can ensure you protect the country's safety without sacrificing our liberty." He used USA FREEDOM Act passage to call for additional intelligence-gathering reforms that he has long advocated, such as closing the so-called "backdoor search loophole" that allows U.S. spies to "incidentally" and warrantlessly sweep up the e-mail and phone communications—including some content—of Americans who correspond with foreigners. He added he plans to move quickly on reworking Section 702 of the Foreign Intelligence Surveillance Act, before Congress is backed up against its renewal deadline in 2017. He also supports tech companies in their ongoing tussle with the administration over smartphone encryption as a key priority. While Google and Apple have begun to build their phones with "too-tough-to-crack" encryption standards, the FBI has warned that the technology locks out the bad guys and the good—and can impede law-enforcement investigations.
But further reforms—such as to the Internet surveillance program known as PRISM, which Snowden also revealed—are likely to be tougher sells in Congress. For PRISM especially, that's in part because the program is considered more useful and because it deals primarily with surveillance of foreigners. U.S. tech companies that are subject to PRISM, including Facebook, Yahoo, and Google, have called for changes to the program. Yet when asked about whether he would work to take down PRISM, Sen. Wyden bristled at the question. Even reformers outside the confines of the Senate recognize that ending PRISM is a complicated pursuit. "It is not going to be quite as easy to drum up the same support," says Liza Goitein, co-director for the Liberty & National Security Program at the Brennan Center for Justice.
An update to the decades-old Electronic Privacy Communications Act may prove more palatable. Sens. Patrick Leahy (D-VT) and Mike Lee (R-UT), the lead authors of the Senate version of the USA FREEDOM Act, indicated their desire to move quickly on passing legislation that would update the law to require law enforcement obtain warrants before accessing the content of Americans' old e-mails.
Civil liberties groups will find themselves playing defense in the next battle as they attempt to prevent legislation that would increase the sharing of certain cyber data among the private sector and the government in order to better fend off data breaches. Such proposals, which already passed the House and are likely to be before the Senate in the coming weeks, could grant the NSA access to more personal data, privacy advocates warn.
As we look ahead to the 2016 presidential election, few issues divide the GOP White House contenders more than NSA surveillance, as defense hawks such as former-Governor Jeb Bush (R-FL) and Sen. Marco Rubio (R-FL) continue to defend the NSA bulk metadata program as necessary to protect the homeland, while libertarian-leaning agitators such as Sens. Rand Paul (R-KY) and Ted Cruz (R-TX) warn voters of the privacy perils associated with the government's prying eyes.
No matter how the looming debates shake out, for now, one thing is clear: the fight over the government's surveillance operations is far from over.
The Electronic Frontier Foundation (EFF), a nonprofit organization defending civil liberties in the digital world, released a statement by Executive Director Cindy Cohn and Legislative Analyst Mark Jaycox. They write, “Technology users everywhere should celebrate, knowing that the NSA will be a little more hampered in its surveillance overreach, and both the NSA and the FISA court will be more transparent and accountable than it was before the USA Freedom Act.” But EFF also noted some shortcomings. “Congress had an opportunity to champion comprehensive surveillance reform and undertake a thorough investigation, like it did with the Church Committee. Congress could have tried to completely end mass surveillance and taken numerous other steps to rein in the NSA and FBI,” Cohn and Jaycox wrote. On balance, EFF celebrates the bill for two key reasons: 1) however small, the bill marks a day when the NSA saw its surveillance power reduced by Congress; and 2) it shows that the digital rights community has raised its game: “We’ve gone from just killing bad bills to passing bills that protect people’s rights.”
The Last Word
In an op-ed published in the New York Times on June 5, 2015, Edward Snowden reflects on June 2013 when he worried he and the journalists he worked with might be risking it all for nothing — that the public would react with indifference, or practiced cynicism, to the revelations. “Never have I been so grateful to have been so wrong,” he writes. He reflects on the last month that has seen the courts, Congress and the President reject NSA’s call-tracking program. “This is the power of an informed public.” He concludes:
We are witnessing the emergence of a post-terror generation, one that rejects a worldview defined by a singular tragedy. For the first time since the attacks of Sept. 11, 2001, we see the outline of a politics that turns away from reaction and fear in favor of resilience and reason. With each court victory, with every change in the law, we demonstrate facts are more convincing than fear. As a society, we rediscover that the value of a right is not in what it hides, but in what it protects.