An NSA 'Reform Bill' of the Intelligence Community, Written by the Intelligence Community, and for the Intelligence Communityby Mark M. Jaycox, Electronic Frontier Foundation
Apr. 03, 2014
Representatives Mike Rogers and Dutch Ruppersberger, the leaders of the House Intelligence Committee, introduced HR 4291, the FISA Transparency and Modernization Act (.pdf), to end the collection of all Americans' calling records using Section 215 of the Patriot Act. Both have vehemently defended the program since June, and it's reassuring to see two of the strongest proponents of NSA's actions agreeing with privacy advocates' (and the larger public's) demands to end the program. The bill only needs 17 lines to stop the calling records program, but it weighs in at more than 40 pages. Why? Because the "reform" bill tries to create an entirely new government "authority" to collect other electronic data.
Collecting All Americans' Calling Records Is So 2012
The bill only ends the government collection of all Americans' calling records using Section 215 of the Patriot Act--a good, albeit very small, first step. It also tries to prohibit the mass collection of other records like firearm sales and tax records. Unfortunately, it may still allow the government to argue for such collection as long as the NSA uses a "specific identifier or selection term." In short: the government may still try to search these records, and potentially other records. The bill leaves almost all of Section 215 as-is; the sole fix being that the section would no longer apply to calling records. The bill also stays mum on the NSA's ability to mass spy on financial records, credit card records, or other purchasing records using Section 215.
Collecting All Americans' Internet Records Is the Future
The next twenty pages of the bill create a process where the government sends orders directed at electronic communication service providers for the collection of "records created as a result of communications of an individual or facility."
The words simply switch out one form of unconstitutional mass collection for another. And this latter version is even scarier than the mass collection of Americans' calling records. A "facility" could include an entire Internet Service Provider (ISP) like Comcast, or company like "Google." And the bill's use of "electronic communication" doesn't use the definition found in the Foreign Intelligence Surveillance Act (FISA), but the one found in criminal law, which includes any transfer of data like uploaded documents to the cloud, calendar entries, or address book entries. Under the bill, the government might try to argue that the order can collect any type of record created as the result of any "electronic communication" as long as the communication is of an agent of a foreign power or someone in contact with the agent or foreign power. This is an incredibly broad standard.
What's worse is that the order doesn't need prior judicial approval of who is targeted, where the information is supposed to be collected, and why the government is searching for the information. The new order could collect the content of the communication or US personal information like credit card numbers, social security numbers, names, or addresses. That's because the order must only be "reasonably designed" to not acquire such information. There is no mandate in the bill banning such collection or deleting such information upon collection.
The new order' has "civil liberties and privacy protection procedures," written by the Attorney General and the Director of National Intelligence. But don't let the name fool you. The procedures only have to "reasonably limit" the collection, retention, or searching of records not useful for foreign intelligence information. It's too bad that "foreign intelligence information" is essentially defined in FISA to mean "everything." The procedures are reviewed every year by the FISA Court, and once accepted, the government sends out orders to companies for records without any additional judicial approval.
The above procedures to minimize certain information ("minimization procedures") take after ones found in Section 702 of the Foreign Intelligence Surveillance Amendments Act, which is used to unconstitutionally mass collect innocent users' phone calls and emails. Unfortunately, the procedures in Section 702 fail at even nominally protecting innocent users communications. Section 702 requires the procedures to be "reasonably designed" to exclude wholly domestic American communications. Despite the fact that the FISA Court found the NSA collecting tens of thousands of such emails, the Court thought NSA's targeting procedures were still "reasonable." We also know that the procedures fail time after time and are designed to retain and search the very communications the NSA isn't supposed to be retaining and searching. Both are good reasons to think such procedures won't work for the bill's newly devised order. We won't even know how much they fail (or succeed) because the procedures are filed in secret and stamped classified. Keeping the law secret worked out well in the past, so it should work out well in the future, right?
The bill is what's expected from the House Intelligence Committee. The committee was created to oversee the intelligence community, but it has been coopted for quite some time. Though it stops the mass collection of all Americans' calling records, the bill's creation of a new order to conduct unconstitutional mass spying on any record created by a communication is disturbing. And it's a bill that will surely fail to pass Congress when real reform bills that would stop all uses of Section 215 to conduct mass spying, like the USA Freedom Act, are already on the table. Tell Congress now to support NSA reform that will stop every government use of Section 215 to mass spy on innocent users.