President Donald Trump’s pick for Director of National Intelligence has laid out his vision for the country’s surveillance, and it’s not good for technology users.
In his confirmation in front of the Senate Intelligence Committee this week, former-Sen. Dan Coats, a Republican from Indiana, said there need to be continued conversations about legal authorities to undermine encryption and called reauthorizing an authority that the government uses to spy on Americans’ Internet activities without a warrant his “top legislative priority.”
Coats made it clear that reauthorizing Section 702—which was created by the FISA Amendments Act and expires at the end of this year—is high on his to-do list. In answers to written questions prior to the hearing as well as during the hearing, Coats repeatedly praised the surveillance authority, calling it “a critical tool” and agreed when Sen. John Cornyn quoted FBI Director James Comey’s description of the authority as the “crown jewels of the intelligence community.”
He also repeatedly defended the programs under Section 702—which includes the NSA’s warrantless copying and searching of Americans’ Internet activity—as being “designed to go after foreign bad guys” and subject to “a robust oversight regime.”
We’ve long argued that the surveillance programs under Section 702 are not targeted, do not have sufficient oversight, and violate Fourth Amendment protections. That’s why we’re calling on Congress to let the authority sunset.
As Congress debates Section 702 reauthorization, lawmakers have repeatedly asked the Office of the Director of National Intelligence to make good on former Director James Clapper’s pledge to produce a long-delayed report on the number of U.S. communications that are swept up under Section 702 surveillance. When asked by Sen. Ron Wyden if he plans to produce that report, Coats said he will “do everything I can to work with [NSA Director Mike] Rogers and the NSA to get you that number.”
Coats also appears prepared to ask for rollbacks to crucial privacy reforms enacted in 2015.
As a senator, Coats voted against the USA FREEDOM Act, the bill that made privacy-enhancing improvements to the government’s national security surveillance programs, including prohibiting a program involving the bulk collection of Americans’ phone call records. In his written answers, Coats acknowledged that, if confirmed, he “will ensure the [intelligence community] abides by … the changes to the program made as part of the USA FREEDOM Act.”
However, he said he’s prepared to come back to Congress if he sees “deficiencies in the program,” including if telecom companies fail to retain phone records for long enough to be useful to intelligence agencies. Privacy advocates fought hard to keep phone record retention requirements out of the USA FREEDOM Act, and we stand ready to fight if Coats or anyone else tries to put them in place in the future.
Coats called on lawmakers and tech companies to continue working on the issue of law enforcement access to encrypted data.
While he said he recognized the value of encryption as an essential security and privacy tool, he also said the “ongoing discussion” about the legal authority to access data even when it’s encrypted should continue. “The CEOs of companies that are making devices and guaranteeing their buyers encryption, they worry about their families, … they worry about attacks on the U.S.,” he said. We’ve fought efforts on the Hill to undermine users’ security, and we will continue to push back on proposals to force companies to give law enforcement backdoors to encrypted technologies.
Privacy Protections Abroad
Coats tried to quell lawmakers concerns about the Trump administration undermining privacy protections for foreigners, especially in it’s aggressive anti-immigration push.
On Presidential Policy Directive 28 – an Obama-era document that outlines basic privacy protections for foreigners – Coats wrote that he expects the administration is reviewing the policy along with other presidential directives “in the interest of determining whether in their present for they still address national priorities or deserve to be revisited.”
But he noted specifically that European officials relied heavily on the privacy protections in PPD-28 when approving the Privacy Shield, a data deal that lets U.S. companies bring European users’ data across the Atlantic. “For that reason, before any changes to the PPD are made, I believe it important to consider the consequence of any modifications,” he wrote.
Although we’ve criticized PPD-28 as not going far enough to give privacy protections to those located abroad, rolling back those protections would be worse still.