House approves weakened bill to limit NSA bulk collection
Critics of the bill say they plan to push for changes as it moves to the Senate
IDG News Service - The U.S. House of Representatives has approved a bill that would limit the National Security Agency's bulk collection of domestic phone records, even as several civil liberties and tech groups withdrew their support after last-minute changes.
The amended version of the USA Freedom Act, approved by a 303-121 vote in the House Thursday, continues to give the NSA authority to collect telephone and other records from large groups of people because of a change in the definition of the search targets allowed, critics said.
Still, backers of the legislation said it will end the NSA's practice of collecting nearly all U.S. telephone records. The bill represents a huge step forward and would require the U.S. Foreign Intelligence Surveillance Court to publish its major surveillance opinions, supporters said.
The amended bill, supported by President Barack Obama's administration, is not perfect, many supporters said, but is better than nothing. The amended bill represents a "first step, not a final step" in congressional efforts reform U.S. surveillance programs, said Representative Jim Sensenbrenner, a Wisconsin Republican and vocal critic of the NSA phone records program.
"The days of the NSA indiscriminately vacuuming up more data than it can store will end with the USA Freedom Act," Sensenbrenner said. "In the post-Freedom Act world, we have turned the tables on the NSA and can say to them, 'we are watching you.'"
The House bill now heads to the Senate, where it could be further amended. Critics of the House bill said they will fight for stronger privacy protections in the Senate.
Opponents of the bill argued the amended version would allow the NSA to target wide groups of people with its surveillance. The result of the changes is a bill "that will not end bulk collection, regretfully," said Representative Zoe Lofgren, a California Democrat. "Regrettably, we have learned that if we leave any ambiguity in law, the intelligence agencies will run a truck right through that ambiguity."
The House Rules Committee made changes to the USA Freedom Act Tuesday after two other committees had approved an older version backed by several tech and civil liberties groups. After the changes, Facebook, Google, Apple, the Center for Democracy and Technology, the Electronic Frontier Foundation and other groups withdrew their support.
Many of the changes to the bill came out of concerns from U.S. national security officials, said Representative Bob Goodlatte, a Virginia Republican and chairman of the House Judiciary Committee. "We knew that both our national security and civil liberties were at stake in the debate, but that both could be protected," he said during a press conference.
One of the major changes to the bill is an expended definition of a "specific selection term" that the NSA must use to target its searches. The amended version of the bill allows the NSA to target things such as a "person, entity, accounts, address, or device," instead of, in the original language, a "person, entity, or account."
The words "address" and "device" in the new language, as well as the open-ended term "such as," makes the new definition "incredibly more expansive than previous definitions," the EFF said in a blog post.
The amended bill also removed a provision banning the so-called reverse targeting of U.S. persons by accessing their communications through a legal surveillance target, and it limited the amount of reporting that telecom and Internet companies can publish about surveillance requests they receive, critics said.
Supporters of the bill noted it would require the NSA to issue a classified report to Congress within a day of making significant changes to its collection program and issue a public report within 45 days. "In this country, there should be no such thing as secret law," said Representative John Conyers, Michigan Democrat.
The bill's requirement that the surveillance court publish its major findings, and its provision allowing the court to call upon privacy advocates and other experts when examining surveillance requests will also limit over-expansive surveillance programs, supporters said.
However, critics of the changes to the specific selection-term definition are correct in saying the new language is not as "clean or straightforward" as the old version's language, Conyers acknowledged.
"Nothing in the [new] definition explicitly prohibits the government from using a very broad selection term like, 'area code 202' or the entire Eastern seaboard," he said. "But that concern is largely theoretical; that type of collection is not likely to be of use to the government."
Conyers didn't explain why the NSA has believed, up to this point, that collecting all phone records across the U.S. is useful.
Representative Rush Holt, a New Jersey Democrat, called on Congress to require the NSA to get a court-ordered search warrant, with evidence of probable cause of a crime, before collecting phone records.
When Goodlatte noted that U.S. agencies have never needed a search warrant for phone records because they aren't considered personal records, Holt disagreed. "Is there any American who doesn't think this is a search?" he said.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is email@example.com.
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Planning for Mobile Success Many organizations are seeing clear and quantifiable benefits from the deployment of mobile technologies that provide access to data and applications any time,...
- The Challenges and Opportunities of Mobile Application Development Nearly all business users now demand mobile devices--their own or company-owned--along with anywhere access to corporate applications and data. What turns mobile devices...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Gov't Legislation/Regulation White Papers | Webcasts