We keep asking if the politicians supporting CISA -- the "Cybersecurity Information Sharing Act" can explain just what security breaches it would have stopped -- and they can't. Because the answer is that it wouldn't have stopped any of them. And yet, the politicians pushing CISA never seem to waste an opportunity to pretend that each new big computer hack would have been stopped if only CISA had been in place. A few months ago it was the OPM hack and, now, apparently it's the T-Mobile/Experian hack.
Both Senators Richard Burr and Dianne Feinstein (the two leading members of the Senate Intelligence Committee from each party) have been taking swings at anyone who won't support the bill, and have cited the T-Mobile customer breach as a reason to support it:
“If these special interest groups are successful in mischaracterizing this bill, which authorizes purely voluntary sharing, they will only succeed in allowing more personal information to be compromised to criminals and foreign countries.”
The Intelligence panel leaders urged action on the bill following a breach that might have exposed private data for 15 million current and prospective T-Mobile customers.
Of course, the reason that the customer data was exposed has nothing to do with CISA, which would not have stopped that breach. It had to do with Experian screwing up their encryption. If Feinstein and Burr really wanted to encourage better cybersecurity, they'd be encouraging greater encryption.
And they're not being truthful in the rest of their statement. As far as I've seen, most of the people opposing CISA are happy to admit that it's about "voluntary" sharing of information -- but they note that by taking away all liability from companies for sharing info, companies have greatly decreased incentives to protect user privacy.
And, also, all of this totally leaves out the real reason behind CISA. As was revealed this past summer, the NSA uses "cybersignatures" as selectors in searching through all of the upstream (backbone) traffic that it sniffs. Given that, what the NSA is really looking for are more "cybersignatures" in order to be able to sniff out many more things.
And guess what CISA would do? That's right, create incentives for companies to give "cybersignatures" to the NSA.
This is almost certainly why Senator Ron Wyden made it clear that CISA is a surveillance bill in disguise, because it would play right into the hands of the NSA, by giving it a way to snoop on even more communications after convincing companies to hand over "cybersignatures" that it can then use to sniff through everyone's internet traffic.
Yes, CISA is "voluntary." But it's totally about surveillance, not cybersecurity, and nothing in CISA would have prevented the T-Mobile hack or the OPM hack or any other hack. For Feinstein and Burr to suggest otherwise is totally disingenuous fluff, designed to mislead the American public and to support the NSA.
Less than three months after announcing it was considering turning major social media platforms into unpaid government informants, the Senate Intelligence Committee is dropping its proposed requirement that Facebook, Twitter, etc. report "terrorist activity" to designated agencies.
Well, "dropping" is the polite phrasing. It's actually been forced to give up this demand (by one of the more rational members of the SIC, Ron Wyden) to ensure it gets its intelligence funding bill passed. As Wyden points out, social media entities should be in the business of social media, not acting as under-equipped stand-ins for law enforcement and intelligence agencies.
“Going after terrorist recruitment and activity online is a serious mission that demands a serous response from our law enforcement and intelligence agencies,” Wyden said in a statement, adding that he will now allow a vote on the intelligence bill. “Social media companies aren't qualified to judge which posts amount to ‘terrorist activity,’ and they shouldn’t be forced against their will to create a Facebook Bureau of Investigations to police their users’ speech.”
The government is rightfully concerned about the use of social media by terrorist groups, but the solution isn't to deploy private companies as ad hoc intelligence operatives. A majority of major social platforms already police their networks for inappropriate content -- which includes obvious terrorist-related postings -- and report these to appropriate authorities. The half-assed directive proposed by Sen. Feinstein would have been, at best, redundant. It would have applied only to social media platforms that already policed their own networks for this content. It would not have forced new entrants into the market to comply with the reporting requirements.
Despite its apparent death, Senator Feinstein still believes the redundant/useless directive is still the right thing to do.
“Sen. Feinstein still believes it’s important to block terrorists’ use of social media to recruit and incite violence and will continue to work on achieving that goal,” Mentzer emphasized.
It should be noted that blocking is a far more severe action than removal and reporting. This wasn't how the proposal was pitched ("“a… low burden” to companies, who would have to report only activity that has been reported to them…). Feinstein's post-defeat statements have exposed her ultimate goal for this directive: an attack on free speech disguised as a minimal burden, and one that once again would displace civil liberties to make room for more (national) security.
As we've been discussing, some surveillance hawks in Congress have been trying very hard to push CISA through into law, often using the disastrous OPM hack as evidence for why it's needed. Yet, as we've pointed out multiple times, there's nothing in CISA that would have prevented OPM from being hacked. Instead, the Senators pushing CISA and using the OPM hack as the reason seem to be blindly flailing around assuming that because both are tangentially related to "cybersecurity," people will believe that it all "works."
The reality, of course, is that CISA has nothing to do with the OPM hack, but is really a backdoor surveillance bill, designed to give immunity to companies sharing info with the NSA, that it can feed into its system that it uses to monitor all "upstream" traffic. Senator Ron Wyden has been warning about this for months, without too many people paying attention -- because fear! cybersecurity! hack!
So, Wyden's latest strategy is to look a little more deeply at the OPM hack itself and what the government's National Counterintelligence and Security Center (NCSC) did (if anything) to prevent the hack. In a letter to NCSC, Wyden asks for details of what steps it had taken to protect OPM.
The National Counterintelligence and Security Center (NCSC) is tasked with a very important mission, which includes defending the nation's classified information and assets from exploitation by foreign adversaries. The importance of this mission has recently been underscored by compromises of sensitive US government personnel data.
And thus, the following questions:
Did the NCSC identify OPM's security clearance database as a counterintelligence vulnerability prior to these security incidents?
Did the NCSC provide OPM with any recommendations about how to secure this information?
At least one official has said that the background investigation information compromised in the second OPM hack included information on individuals as far back as 1985. Has the NCSC evaluated whether the retention requirements for background investigation information should be reduced to mitigate the vulnerability of maintaining personal information for a significant period of time? If not, please explain why the existing retention periods are necessary?
There may be a variety of reasons for sending this letter -- but one clear one is to send the following message: before Congress rushes around demanding CISA as a response to the OPM hack, shouldn't we look at how our own processes failed to prevent that attack? And that's especially true given that the point of CISA is to trust the very same government to help private companies with cybersecurity. If the government can't even do the most basic things to protect its own data, why are we rushing to pass a law that is entirely premised on the idea that the government can help others protect their data?
A few weeks ago, we wrote about a troubling provision that the Senate Intelligence Committee had inserted into this year's intelligence authorization bill, which would require social networks to report to the government any "terrorist activity" they see on their systems. As we noted, this has all sorts of problems, and seems more designed to (1) generate headlines and (2) chill free speech than do anything useful. Thankfully, Senator Ron Wyden has put a hold on the bill specifically over this provision.
“There is no question that tracking terrorist activity and preventing online terrorist recruitment should be top priorities for law enforcement and intelligence agencies,” Wyden said, in a statement for the record today. “But I haven’t yet heard any law enforcement or intelligence agencies suggest that this provision will actually help catch terrorists, and I take the concerns that have been raised about its breadth and vagueness seriously.”
“Internet companies should not be subject to broad requirements to police the speech of their users,”Wyden continued.
But the issue goes even deeper than that. As Markham Erickson has written, there are significant free speech concerns raised by this provision, in large part because "terrorist activity" is not defined at all. Anywhere. It's just this vague term -- and given that companies may face liability for not reporting "terrorist activity" to the government, you can bet an awful lot of perfectly fine and protected speech is going to get reported. And that's worrisome.
A key problem with Section 603, however, is that the trigger for the reporting mandate is based on the vague and undefined term “terrorist activity.” This term is not a term of art in the US criminal code and arguably goes well beyond criminal activity to speech that is protected under the First Amendment.
Erickson also points out that the comparison that supporters have made of this bill to one that requires companies to report child porn, is that child porn is "per se unlawful and never protected speech" under the US Constitution. But "terrorist activity" is just vague.
The NCMEC reporting obligations, however, relate to images that are per se unlawful and are never protected speech under the US Constitution. A government mandate that an Internet company report facts and circumstances connected to the vague and overbroad term “terrorist activity” certainly would result in overbroad reporting to the government of speech that is protected under the First Amendment.
And, on top of that, this move would give other countries a blueprint for how to demand tech companies hand over information on users:
More troubling, if adopted, the provision would serve as a global template for other countries to impose reporting requirements for activities those jurisdictions deem unlawful. This would be particularly problematic with countries that regulate speech, including political speech, and with authoritarian regimes that would demand that Internet companies police their citizens’ activities.
And, finally, as noted, with such a vague term, and the threat of serious liability, companies are going to be pressured into serious over-reporting:
Section 603 also creates a practical compliance problem. Because no one knows the definition of “terrorist activity,” how does one counsel a client to establish a compliance protocol under the proposal?
Any company would be at risk that if it did not report “terrorist activity,” it could be liable if there were a subsequent event that resulted in loss of life, limb, or property. Likely, this would result in designing a protocol to over-report anything that could be considered “terrorist activity.” Given the massive scale of content shared and created on the Internet daily, this would result in reporting of items that are not likely to be of material concern to public safety and would create a “needle in the haystack” problem for law enforcement. This serves no one’s purposes and adds privacy concerns to the First Amendment concerns noted above.
This creates a perverse incentive for a company to avoid obtaining knowledge of any activity that would trigger the reporting requirement—the exact opposite of what the proponents of the legislation want. Yet, designing such an avoidance protocol is nearly impossible. If even one low-level employee received an over-the-transom email about a “terrorist activity,” knowledge of the activity can be imputed to the entire company – exacerbating the potential liability faced by an Internet company.
Of course, these days, it seems like most in the Senate go by headlines rather than actual understanding of the issues. Hopefully, at least this one time, they'll actually listen to Senator Wyden.
Years before Ed Snowden revealed how the NSA and DOJ had reinterpreted the PATRIOT Act and the FISA Amendments Act to allow the intelligence community to spy on Americans, Senator Ron Wyden tried to warn the public that this had happened:
We're getting to a gap between what the public thinks the law says and what the American government secretly thinks the law says.
For a couple of years after he said that, privacy and civil liberties advocates were forced into something of a guessing game to figure out what that secret law actually said. Eventually, the details were spilled by Ed Snowden who is, of course, now being threatened with a lifetime in prison for blowing the whistle.
This is not the only time that Wyden has made these kinds of warnings, and he's doing it again right now -- this time over CISA, the faux-"cybersecurity" bill that Wyden has made clear is really about surveillance. Recently released papers from the Snowden archives have made it clear why he's saying this, because it showed that, contrary to what's been said in the past, the NSA is using "cyber signatures" to sniff through upstream collections (their taps into the fiber backbone) under Section 702 of the FISA Amendments Act. And this opens up the information collected to so-called "back door" or "incidental" searches by the NSA. The whole point of CISA is to actually encourage companies to give the government more such "cyber signatures" which they can use to monitor the internet.
Wyden... claims that a classified Justice Department legal opinion written during the early years of the George W. Bush administration is pertinent to the upper chamber's consideration of cyberlegislation—a warning that reminds close observers of his allusions to the National Security Agency's surveillance powers years before they were exposed publicly by Edward Snowden.
[....]
"I remain very concerned that a secret Justice Department opinion that is of clear relevance to this debate continues to be withheld from the public," Wyden said in his written dissent against CISA, which cleared the Senate Intelligence Committee 14-1 in March. "This opinion, which interprets common commercial service agreements, is inconsistent with the public's understanding of the law, and I believe it will be difficult for Congress to have a fully informed debate on cybersecurity legislation if it does not understand how these agreements have been interpreted by the Executive Branch."
Last year, based on some breadcrumbs that Wyden dropped during the confirmation hearings for Caroline Krass as the CIA's new top lawyer, Marcey Wheeler dug into some more details about this document, and notes that it comes from the same period of time when the Bush administration was twisting itself into knots to justify warrantless wiretapping and torture. In other words, this document seems ridiculously relevant to the debate.
And while it appears that the vote on CISA has likely been delayed yet again, it seems like this is a fairly important detail.
In short, haven't we, as a country, learned enough to note that, when Senator Wyden points out that there's a secret interpretation of the law that is at odds with a plain reading of it, we should all be demanding answers?
In a bill announced Wednesday, Wyden joins Nevada Republican Sen. Dean Heller on the Protecting Individuals From Mass Aerial Surveillance Act, which if passed would require warrants for the government to analyze and collect data gathered en masse via domestic airplane or surveillance drone.
“Technology has made it possible to conduct round-the-clock aerial surveillance. The law needs to keep up,” Wyden said in a statement. “Clear rules for when and how the federal government can watch Americans from the sky will provide critical certainty for the government, and help the unmanned aircraft industry reach its potential as an economic powerhouse in Oregon and the United States.”
It's not just the FBI's flying spies being targeted by this bill. It's also looking to dial back the US Marshals Service's use of airborne IMSI catchers, a.k.a. "dirtboxes," as well as targeting surveillance drones, picking up where 2013's stalled Drone Privacy Act left off.
Hopefully, the bill will force a bit more transparency about use of these surveillance techniques. A warrant requirement is a nice thought, although it's hard to imagine what sort of warrant would cover a "search" that involves flying a plane in continuous circles over a small area of a city.
Considering the lowered expectation of privacy in public areas, the warrant requirement is going to be a tough sell. If it does stick, it will at least ensure deployments are targeted, rather than just exploratory. There's an opportunity here to force better and more detailed reporting of deployments, as well as significantly limiting the use of flying surveillance vehicles by eliminating exploitable loopholes.
The bill also would prevent government agencies from running footage obtained by drones or planes through facial/pattern recognition software in hopes of stumbling across untargeted suspects. It also would forbid law enforcement agencies from bypassing restrictions and reporting requirements by hiring private contractors to perform their illegal surveillance for them.
Five years ago, this sort of legislation would be dead on arrival, with deferential nods to terrorism and the War on Drugs replacing any serious consideration of the public's privacy. Thanks to the Snowden's leaks, any bill seeking to limit domestic surveillance now has a fighting chance, with even the reluctant administration forced to make more concessions to privacy than it would under other circumstances.
Showing that Congress realizes that at least something needs to be done to reform the surveillance state, the House voted overwhelmingly for the USA Freedom Act today, 338 to 88 (a significantly higher margin than when they approved last year's -- much weaker -- bill). Now, the big question is what will the Senate do? It can try to push forward with Mitch McConnell's preferred plan of just re-upping Section 215 for another few years with no changes and no restrictions. It can pass basically the same USA Freedom Act. Or, it can pass an even stronger surveillance reform bill. Chances are that it will pass the same bill that the House just passed -- but many are pushing for a stronger bill.
Senator Ron Wyden has said that he's looking to strengthen the Senate version, in particular trying to end backdoor searches under Section 702 of the FISA Amendments Act:
“I am working with Senate colleagues to pass additional reforms, particularly ending the warrantless backdoor searches of Americans' personal electronic communications under Section 702 of the Foreign Intelligence Surveillance Act. And I have made it clear I will fight any effort to extend mass surveillance of Americans’ records through a straight renewal of the Patriot Act – even a short-term one.
“Supporters of dragnet surveillance are fighting to preserve the status quo, but the American public is rightfully demanding a change. It is time for mass surveillance to end, and I will filibuster any attempt to extend this illegal surveillance, which violates core American rights without making our country any safer.
Meanwhile, Rep. Zoe Lofgren expressed similar concerns in the floor debate before the passage of the bill, noting that it could have been better. She voted for it, but hoped that her colleagues in the Senate would fix things like the backdoor loophole. As she noted, it's an important step forward, but it did not go far enough:
"The USA FREEDOM Act makes meaningful reforms to a few of our nation's surveillance programs. I applaud the bill's authors who worked to make sure these improvements were included.
"But this bill does not end all of the warrantless bulk collection of US persons' communications and data. While the legislation does not create these privacy violations, it fails to address widely reported privacy violations that occur under Section 702 of the FISA Amendments Act and Executive Order 12333.
"The House voted last year to close these backdoor forms of warrantless bulk surveillance by an overwhelming margin of 293-123. Reformers were blocked by Leadership and the Rules Committee from considering those much needed improvements to this bill today.
"Continuing these backdoor surveillance programs is wrong, detrimental to our economy, our competitiveness abroad, and the public's trust. It's time to end these serious privacy violations so that our government adheres to the constitution and protects electronic privacy.
"This bill is an improvement over the status quo. During Committee consideration the Judiciary Chairman and others assured reformers that once this bill passed we will quickly address backdoor surveillance loopholes under Section 702 and Executive Order 12333. If these commitments are not kept, reformers will reconsider their support for this legislation when it returns to the House from the Senate."
Again, this bill is a step forward, and the very fact that this debate is happening at all is a sign of how much impact the Snowden leaks have legitimately had on this debate. But, as most people recognize, there is still much to be done -- and the first part of that should happen over the next week in the Senate.
In a somewhat significant procedural move, the Senate failed to move forward on debating "fast track authority" or "trade promotion authority" after the Senate failed to come up with enough votes. The move to hold a debate on the fast track bill needed 60 votes, but only got 52 (with 45 against). Perhaps somewhat surprisingly, Senator Ron Wyden -- who had sponsored the fast track bill -- went against it as well, noting that he (and others) needed more promises on other issues before they'd move forward:
Democrats that are supportive of Obama’s trade efforts huddled on Tuesday afternoon to plot their strategy. After nearly an hour, led by Senate Finance Committee ranking member Ron Wyden (D-Ore.), the bloc of about 10 Democrats said McConnell has not offered them sufficient guarantees.
“The group is concerned about the lack of commitment to trade enforcement, which is specifically the customs bill,” Wyden told reporters after the meeting. “Until there is a path to get all four bills passed … we will, certainly most of us, will have to vote no.”
And thus, we have this weird situation, again, where it's basically Republicans pushing for giving up the Senate's Constitutional authority on trade agreements, and handing it to a Democratic President. Either way, today's vote came down to a bit of horse trading:
Democrats want McConnell to package the so-called fast-track Trade Promotion Authority legislation with three other pieces of legislation, including one that would help workers affected by the massive trade agreement and one to crack down on currency manipulation.
But McConnell is refusing to guarantee that TPA, Trade Adjustment Assistance, the African Growth and Opportunity Act and a customs enforcement bill, which includes the currency manipulation provisions, will all be passed as part of a deal to open debate on the trade bill.
The customs provision in particular is viewed as veto-bait for the White House, potentially complicating the trade package’s future if it is approved. The measure could force the administration to designate China as a currency manipulator, which the White House fears would spark a trade war with Beijing.
What happens next, should be interesting. There will likely be a lot more negotiating and some more horse trading, but it seems that Senator Orrin Hatch, who has been the driving force behind the fast track bill, is pretty angry with Wyden for the situation today:
Hatch, though, sounded pessimistic about another round of deal-making with Wyden. A visibility agitated Hatch told reporters that the bill had become a “mess,” adding that he was “through talking.”
“I’ll always be open, but we’ve just been jerked around here too much,” Hatch said. “I expect people to live their word just like I do.”
It still has a chance of things moving forward, but for the moment, the big push to get fast track through in order to allow the TPP agreement to be completed has had to hit the brakes.
By now, one hopes, you've seen this video of James Clapper lying to Senator Ron Wyden and the American public while testifying before Congress in early 2013:
Here's the key transcript:
Wyden: Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?
Clapper: No sir.
Wyden: It does not?
Clapper: Not wittingly. There are cases where they could, inadvertently perhaps, collect—but not wittingly.
This was a lie. Many people believed it was a lie at the time, but that was confirmed thanks to the documents leaked by Ed Snowden, who later claimed that seeing that bit of testimony helped convince him that he needed to go through with his plan to leak this information.
James Clapper, of course, is the Director of National Intelligence, and the heads of the various intelligence agencies basically report in to him. He's still in that job, which many people argue is a complete travesty. He flat out lied to Congress and got away with it.
What's been really odd is that the story as to why Clapper lied seems to keep changing. When questioned about this, Clapper's initial response was that he thought that Wyden was asking about collection of email information, which is clearly not the case if you just listen to the actual question. Wyden, pretty clearly, says "any type of data at all." About a week later, Clapper changed his story, saying that he believed the question was an unfair "loaded question" (he compared it to the "when did you stop beating your wife" type of question -- even though it's not that at all) and then said that he gave "the least untruthful answer."
This didn't make much sense either -- and it made even less sense when Senator Wyden revealed that he didn't just spring this question on Clapper, but had sent it to Clapper's office a day ahead so he could review the question and be aware of what he was to be asked. On top of that, Wyden revealed that after Clapper's answer -- which Wyden knew was false -- Wyden staffers sent a letter to Clapper asking him if he wanted to amend his answer, and Clapper's office refused to do so.
Finally, about a month later, Clapper finally admitted that he lied, now claiming that it was all a "mistake."
"mistakes will happen, and when I make one, I correct it."
Except... he had been given the chance to correct it and he didn't. It was only after it was publicly revealed (via Snowden and Glenn Greenwald) that Clapper was outright lying that he claimed he made "a mistake." But, even then, it only came after pretending he misheard the question, then claiming that it was a loaded question (when it was not). And then, of course, months later, Clapper could pretend, with the benefit of hindsight, that he should have been more forthright about the program, but that's difficult to believe. And none of it matters, because the DOJ refuses to investigate Clapper for lying.
And yet, Clapper's story continues to keep changing. Late last year, he tried to rewrite the story, suggesting that he was sandbagged and caught off-guard, rather than lying:
“When I got accused of lying to congress because of a mistake ... I had to answer on the spot about a specific classified program in a general, unsecure setting.”
And, now, the latest is that the top lawyer in Clapper's office (ODNI), Bob Litt, is trying to rewrite the story even more, by claiming that James Clapper forgot about the metadata collection program when he answered Wyden's question:
“This was not an untruth or a falsehood. This was just a mistake on his part,” Robert Litt, the general counsel for the Office of the Director of National Intelligence, said during a panel discussion hosted by the Advisory Committee on Transparency on Friday.
“We all make mistakes.”
Litt on Friday said that Clapper merely did not have a chance to prepare an answer for Wyden and forgot about the phone records program when asked about it on the spot.
“We were notified the day before that Sen. Wyden was going to ask this question and the director of national intelligence did not get a chance to review it,” Litt said.
“He was hit unaware by the question,” Litt added. “After this hearing I went to him and I said, ‘Gee, you were wrong on this.’ And it was perfectly clear that he had absolutely forgotten the existence of the 215 program.”
Instead, Litt said, Clapper had been thinking about separate programs authorized under Section 702 of the Foreign Intelligence Surveillance Act, which the NSA has used to collect massive amounts of foreigners’ Internet data. The law explicitly prohibits the government from gathering the same kind of data about Americans, unless t is “incidental.”
“If you read his answer it is perfectly clear that he was thinking about the 702 program,” Litt said. “When he is talking about not wittingly collecting, he is talking about incidental collection.”
Litt, he said, also erred after the hearing by not sending a letter to the panel to correct the mistake.
First of all, while Litt at least is admitting that Wyden had sent the question in beforehand, he leaves out the part about Wyden asking Clapper's office the next day if it wanted to amend Clapper's answer. If it's true that Litt immediately told him that Clapper was wrong, then you would think when asked by Wyden if he wanted to amend his answer, he would have done so. He did not. So either Litt told Clapper he was wrong and Clapper said, "Hey, let's let that lie stand," or Litt is not being truthful here either. It wasn't just them not sending a letter correcting the mistake, but it was directly rejecting Wyden's staff specifically asking them if they wanted to correct the record. That shows that any claim that Clapper just "forgot" or even "misspoke" has to be a flat out lie, since he had a clear opportunity to correct the mistake and was even asked to do so, and consciously chose not to do so.
But much more importantly, considering just how much Clapper and others have been prattling on for years about how "crucial" and "important" the bulk phone records collection is in protecting the American public, it is simply unbelievable to argue that Clapper would "forget" about the program. Either that means the program is not important at all... or that someone is lying.
The fact that Clapper's story on this keeps changing suggests he still can't come to admit the obvious answer: he didn't want to reveal his beloved secret program, and so he lied. He just flat out lied. And he's still lying in failing to admit that.
The USA Freedom Act is back in another attempt to rein in the NSA -- one that was sabotaged twice last year. A bill under this name was first introduced in the House, which actually passed out of committee, but only after being gutted in response to pressure from the administration. A much better version was introduced by the Senate, but this one never managed to make it out to the floor for a full vote -- held back by NSA defenders who portrayed its Section 215 reforms as somehow more damaging to privacy than an unrestrained NSA.
This House bill heads into committee with only a few weeks remaining before certain provisions of the Patriot Act are due to expire, including the Section 215 bulk records program. Sen. Mitch McConnell has done what he can to lower this bill's chance of success. Shortly before USA Freedom was to be introduced into Senate, he delivered a bill that would authorize a "no questions asked" renewal of these provisions until the end of 2019. Thanks to his position as Majority Leader, he was able to bypass the committee vote and bring it straight to the floor.
This version of USA Freedom is obviously a vast improvement over the previously-eviscerated House bill, but there are still concerns on both sides of the issue. NSA defenders will probably oppose it because it supposedly goes too far. Civil liberties defenders will oppose it because it doesn't go far enough. The ACLU has already expressed its concerns about the pending legislation.
“The disclosures of the last two years make clear that we need wholesale reform. Congress should let Section 215 sunset as it’s scheduled to, and then it should turn to reforming the other surveillance authorities that have been used to justify bulk collection,” said Jameel Jaffer, the group’s deputy legal director.
What the bill does do is fix a lot of what was broken on its last trip through. The legislation would end the Section 215 bulk records collection and force the NSA to perform targeted requests for phone metadata from telcos. It would also provide an avenue to challenge the use of this data in court by adding a requirement to serve notice to those whose records were accessed. In addition, it would make National Security Letter gag orders challengeable by those companies served with one and require a "periodic review" of outstanding non-disclosure orders to ensure they're still valid.
What it doesn't do is actually end Section 215. It would end the bulk collection but "emergency" requests could still be made to circumvent the additional search restrictions USA Freedom imposes. It also preserves the NSA's ability to deploy roving wiretaps.
"I obviously want it to go further, closing the backdoor search loophole and the like," the Oregon Democrat said. "But I think Sen. Leahy's effort to end the collection of all of this personal information ... are very important and I'm in support of it."
Considering McConnell's last-minute maneuvering to save Section 215 from alteration or expiration, there will probably be others who will throw their support behind this bill rather than see the bulk records collection remain intact for the next half-decade. If nothing else, it's at least a step towards serious surveillance reform.
