On Ending The Surveillance State
Desperation is never an attractive quality. It inevitably leads to bad choices—usually in the form of a willingness to accept a bad deal over no deal. In this case, I am speaking of the back-from-the-dead USA Freedom Act, offered by Senate Judiciary Committee Chairman Patrick Leahy of Vermont.
Before I dive into why this bill in its current form will not fundamentally alter the powers of the Surveillance State, let me state up front that I very much appreciate the position the Chairman and his supporters find themselves in. In the Senate, he faces a powerful Democratic colleague—the senior Senator from California and chairwoman of the Select Intelligence Committee, Diane Feinstein—who is an outspoken supporter of the very programs Leahy seeks to rein in. And in the House, he faces the twin obstacles of outgoing House Intelligence Committee Chairman Mike Rogers and his counterpart, Rep. Dutch Ruppersberger—both ardent supporters of the National Security Agency’s existing collection authorities. It was the latter duo that were responsible for eviscerating the original USA Freedom Act, a development that caused most of the bill’s original sponsors to ultimately vote against it on the House floor. The political dynamic that made that legislative defeat possible is unchanged, which makes a repeat of the House USA Freedom legislative debacle in the Senate a near certainty.
And then there are the substantive problems with the new Senate version of the bill.
I do not believe for a single minute that the bill as written will end bulk collection, for two reasons. The first is the bill’s language itself.
Instead of adhering to the Fourth Amendment’s requirements, this bill uses the NSA-speak “specific selection term”, defined as a term “that specifically identifies a person, account, address, or personal device, or another specific identifier…” So let’s look at some examples:
Person: the definition does not include the phrase “natural person”, which refers to a specific, single human being. Thus, “person” as used in the bill could be interpreted to be a corporation, as understood in current law—which means they could tap that corporate “person’s” main number and rope in dozens or hundreds or thousands of people.
Account: How many organizations utilize a single Dropbox, Gmail, etc. account? Lots. Right back to “two hops” or much more than that.
Another specific identifier: How about an organization’s phone number? Would that be game under the bill? My reading is yes, it would. That’s “two hops” and then some if you start talking about the main phone number for a major organization with dozens, hundreds or thousands of employees.
These criticisms apply to the NSL “reform” section as well.
The second reason this bill will not end bulk collection is the recent revelations about the extent of US Person data collection under EO 12333, as revealed by John Napier Tye. The bill doesn't even touch this issue.
And there are no new oversight mechanisms created by this bill outside of the Foreign Intelligence Surveillance Court (FISC) reforms (which I think are actually quite good). No GAO (i.e., Congressional) audits of these programs—and absent independent, invasive oversight, how will anyone really know they are not conducting warrantless searches? NSA lied repeatedly to the FISC about what they were doing in the past. There is no reason to believe they won’t lie again.
I can also say with a high degree of confidence that the ODNI reporting requirements (pp. 74–75) will be stripped out in their entirety by NSA’s allies on the respective intelligence committees. They will argue that tracking individual IC employee searches is not only invasive but a violation of the separation of powers and undue interference with the daily work of IC analysts and managers.
I very much appreciate the statements of Senator’s Wyden and Udall that they intend to offer a floor amendment that would prohibit warrantless searches of U.S. Person data contained in NSA’s existing database of information collected under Sec. 702 of the Foreign Intelligence Surveillance Amendments Act (passed in 2008, up for renewal at the end of 2015). Earlier this year, the House passed an amendment to the Fiscal Year 2015 Defense Department Appropriations bill that bars funds from being used to search the existing 702 database for US Person data in the absence of a warrant. That same amendment bars the U.S. government from forcing companies to build exploitable flaws into their hardware/software to facilitate NSA surveillance. The Leahy bill fails to address either of those issues, and unfortunately I believe that even if Wyden and Udall are successful in offering a 702 database warrantless search ban on the Senate floor, I seriously doubt that language would survive in conference.
I am convinced that there is virtually no chance of a real authorization reform bill surviving the gauntlet of NSA supporters on HPSCI or SSCI, at least this year. Indeed, I believe the stage has been set for a replay of the House legislative train wreck that gave us the watered-down USA Freedom Act that privacy and civil liberties groups — and many of the bill’s own sponsors — walked away from earlier this year. The Leahy bill will get ground down by its opponents on SSCI and elsewhere, and then we will hear the usual “well-it’s-better-than-nothing” refrain, which is of course a lie. Passing a bad bill would lock the Surveillance State in place for at least a generation, possibly longer — possibly forever.
Keeping the NSA reform amendment language in the final DoD spending bill is crucial to setting the floor for the debate: namely, that no warrantless searches of American’s communications should be allowed, and no telecom products should be compromised by the U.S. government, period. If we can achieve that victory, we then will have the Congress on record as being opposed to warrantless searches of stored communications in a national security context and opposed to turning corporations into nothing more than extensions of NSA.
For me, the irony is that a warrantless search prohibition is the standard in the Electronic Communications Privacy Act reform bill that has over 260 cosponsors, a bill that has been championed by all of the traditional privacy and civil liberties groups (primarily on the left). Surrendering so quickly on that standard in the FISA/NSA context, which the revived USA Freedom Act inherently does, is bad strategy and bad policy.
Some in the the privacy and civil liberties activist community believe a failure “to pass something” in the way of NSA reform authorizing legislation this year will mean no NSA reform at all. I couldn't disagree more. A progressive-libertarian-Tea Party coalition of Democrats and Republicans won a major victory this summer with the passage of the aforementioned amendment to the DoD approps bill in the House—with the key blow delivered by FreedomWorks, which let every Republican office know it was scoring the vote. With a similar effort, that same coalition can win in a DoD appropriations bill conference — and that victory would pave the way for potentially blocking PATRIOT Act and FISA Amendments Act extensions next year, and if necessary (in the case of the FAA, in 2017). And if those extensions can be defeated, their demise would achieve far more than the USA Freedom Act ever could.