A Floor, Not a Ceiling: Supporting the USA FREEDOM Act as a Step Towards Less Surveillance
Over the last few weeks, we’ve been analyzing the USA FREEDOM Act1, a bipartisan bill authored by Senator Patrick Leahy (D-VT) and Representative Jim Sensenbrenner (R-WI).
If passed, this bill (also known as S. 1599) would be a substantial improvement to America’s laws regarding mass surveillance. It brings new levels of transparency to the Foreign Intelligence Surveillance Act Court (FISA court), introduces a special advocate to champion civil liberties in the FISA court, and appears to create new statutory limits on mass surveillance by the National Security Agency (NSA). We are proud to support this bill and urge others to join us in working to ensure its passage.
However, we consider this bill to be a floor, not a ceiling. The bill only touches on a few of the issues surrounding the NSA’s invasive and unconstitutional surveillance. There are a variety of improvements that can and should be made to ensure the bill actually reins in the NSA and is less susceptible to being undermined by aggressive legal arguments in the FISA court or elsewhere.
What the Bill Doesn’t Cover
The bill only addresses a small portion of the problems created by NSA spying and overreaching government secrecy. It does not touch problems like NSA programs to sabotage encryption standards, it does not effectively tackle the issue of collecting information on people outside of the United States, and it doesn't address the authority that the government is supposedly using to tap the data links between service provider data centers, such as those owned by Google and Yahoo.
The bill also does not address a key issue that the government uses to inhibit lawsuits contesting the spying: excessive secrecy. For instance, it won't deal with the major over-classification issues or the state secrets privilege, the latter of which is used aggressively to prevent litigation from getting to a court decision on whether the spying is unconstitutional. The bill also leaves out a clause appearing in Sen. Ron Wyden's bill, which provides guidelines to obtain standing in legal cases against the spying.
Lastly, it does not hold public officials accountable for their role in allowing this spying to take place and hiding it from public and Congressional oversight, and it does not create a Congressional committee that could independently investigate the surveillance programs and give the country a full accounting. Remember we are still just learning the full depth of the programs on a piecemeal basis.
So while we are happy to support the USA FREEDOM Act, we also acknowledge that there is still much to do to dial back the NSA. This can happen through ongoing improvements to the USA FREEDOM Act as well as through additional bills.
7 Ways the USA FREEDOM Act Changes Federal Surveillance Law
The USA FREEDOM Act makes a number of changes to federal surveillance law, mostly in very positive ways, but in some instances the bill falls short of the reforms we think are necessary.
- It would likely stop the NSA's call records program. We believe that this bill, on its face and based on the intent behind it, should be interpreted as stopping the current NSA program collecting all Americans' phone records and the allegedly halted program to collect Internet records.
However, the NSA has a long history of twisting the language of statutes to argue for surveillance authority one might not otherwise expect (such as arguing that everything is "relevant" to an authorized investigation). Even more worrisome, the government makes these arguments in the secret, one-sided, FISA court (though the bill does attempt to address that, see 3 below).
We’re concerned that there may be too much wiggle room in the language of the USA FREEDOM Act, such that the Department of Justice will still argue the NSA can collect millions of records of innocent people—even if this is not the correct reading of the bill. This is because the bill allows for collection of records that are both relevant to an existing investigation and that "pertain to" agents of a foreign power and their activities. However, the bill never actually defines "pertain" for the purposes of the statute.
Providing a strong definition of the word "pertain" and/or explicitly banning bulk collection of records would foreclose this potential abuse of the language.
- The bill modifies Section 702 of the FISA Amendments Act. The bill changes Section 702 in two important ways—one good; one that needs fixing.First, the good: the bill limits the NSA’s authority to search its database of already-collected communications for the communications of Americans. To explain: when the NSA performs collections under Section 702, ostensibly targeting people overseas, it collects large volumes of communications, many of which are either to or from Americans. The NSA then stores these collections in large, searchable databases. The bill would require the NSA to first get a specifically tailored order from the FISA court before searching these databases for the communications of particular Americans. This is a protection that does not exist under current law.
Another change the bill makes is a problem. Under current law, the NSA believes it has the authority to perform two types of collections under Section 702: (1) the collection of communications "to" and "from" a surveillance target, and (2) communications that are “about” a target, even if the target is not a party to the communication. To conduct the second type of surveillance, the NSA sifts through large volumes of communications looking for non-target communications containing specific "identifiers" of the target—typically, email addresses and phone numbers, but it can be as broad as a name or a specific word—as those communications flow through telecommunication companies’ fiber optic cables.
The new bill provides statutory language that acknowledges this practice, which does not exist under current law. The provision imposes two limits that do narrow what the NSA currently perceives its authority to be. First, the NSA would only be able to collect communications "about" a surveillance target in cases involving weapons of mass destruction and terrorism (instead of any "foreign intelligence" situation). Second, the NSA could only search for certain specific information (like an email address or a telephone number), not broad keyword searches. Thus, the bill places limits on the NSA’s current, perceived authority.
Nevertheless, we believe this type of mass searching of otherwise innocent communications must be prohibited, not codified, in the law. The bill should be amended to address this issue.
- The bill creates a special advocate in the FISA court. This advocate will serve for three-year terms and be selected by the Chief Justice of the Supreme Court from a list of names provided by the Privacy and Civil Liberties Oversight Board (PCLOB). The advocate is granted broad powers, like the ability to view all government orders, the authority to try to contest such orders, the authority to argue for more transparency in FISA court opinions, and authority to appeal to higher courts. Ideally, this special advocate would work to ensure that privacy and civil liberties issues are identified for the court.Notably, if the PCLOB were unstaffed again (as it was for years), the appointment of the special advocate could be derailed.
- "Significant decisions" by the FISA court must be disclosed by the Attorney General. This is an extremely important and helpful measure, as it brings a new level of transparency and accountability to the FISA courts.
- It increases protections designed to limit the potential harm from the use of National Security Letters (NSLs). Nevertheless, NSLs would still be unconstitutional. If enacted into law, the bill would improve civil liberty protections relating to NSLs, the secret FBI orders demanding user data in national security investigations that come with strict gag orders preventing recipients from even acknowledging that they had received one.
The USA FREEDOM Act would require the government to seek judicial review of an NSL gag order if asked to do so by a recipient. Other reforms include improving the judicial review standard, requiring that challenges be resolved promptly, and adding a sunset provision so that the authority would be reviewed by Congress in 2015. These reforms only nibble around the edges of the law but fail to address the core flaw in the NSL statutes: under its NSL authority, even if this bill passed, the FBI can order the disclosure of potentially sensitive (and constitutionally protected) customer records and gag recipients without any prior court oversight whatsoever.
Any improvement in NSL procedures is welcome and may lead to better outcomes in a modest number of situations. The fundamental problem remains: the FBI would retain its ability to issue such demands and gag orders on its own, without a court’s review.
- Transparency. The bill will allow companies that wish to be more transparent about government access to user data to issue quarterly reports that are more granular than what the government currently permits. The bill also mandates multiple reports by various Inspectors General to look into how the spying laws were used, how effective they were, and how the "minimizations procedures" worked.
While the bill allows for such reports, there is still an unconstitutional gag that prevents recipients from even acknowledging that they have received an order. This limits the free speech rights of companies that want to talk about these surveillance demands.
- It grants subpoena powers for the Privacy and Civil Liberties Oversight Board (PCLOB). PCLOB is supposed to provide oversight and recommendations to the executive branch when it comes to our civil liberties. However, the board lacks direct subpoena authority (it can request the DOJ issue a subpoena, but not issue one itself). Granting the PCLOB subpoena authority is a step in the right direction, but the USA FREEDOM Act does not give the PCLOB a way of enforcing its subpoenas. So, there’s still room for improvement.
A Good Start
We know that no bill is perfect, but the USA FREEDOM Act could well be our best shot at fixing some of the worst problems with NSA surveillance. That’s why we’re urging members of Congress to support the bill, work to improve the bill through the amendment process, and above all to resist efforts to undermine the privacy protections offered by the bill.
The USA FREEDOM Act stands in sharp contrast to the FISA Improvements Act, a bill recently introduced by Sen. Dianne Feinstein that seeks to legalize some of the worst aspects of NSA spying. We urge EFF members to help us beat back this fake fix by contacting Congress today.
- 1. Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet Collection, and Online Monitoring Act (H.R. 3361/ S. 1599)
Recent DeepLinks Posts
Feb 17, 2017
Feb 17, 2017
Feb 17, 2017
Feb 16, 2017
Feb 16, 2017
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- UK Investigatory Powers Bill
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Artificial Intelligence & Machine Learning
- Bloggers' Rights
- Border Searches
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- Eyes, Ears & Nodes Podcast
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Genetic Information Privacy
- Government Hacking and Subversion of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Reclaim Invention
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Shadow Regulation
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games