News Column

Senate (Select) Committee on Intelligence Committee Hearing

June 5, 2014



Chairman Feinstein, Vice Chairman Chambliss, and members of the Committee,

Thank you for the opportunity to testify today on behalf of the Center for Democracy & Technology. We applaud the Committee for holding this rare open hearing to advance a diligent and thoughtful analysis of the USA FREEDOM Act (H.R. 3361), and for the significant amount oftime and energy this Committee and its members have devoted to the important debate ongovernment surveillance that has occurred over the last year.

I am Senior Counsel and Deputy Director of the Project on Freedom, Security, and Technologyat the Center for Democracy & Technology (CDT). CDT is a nonpartisan, non-profit technologypolicy advocacy organization dedicated to protecting civil liberties such as privacy, free speech,and access to information. Our Project on Freedom, Security, and Technology works to developand promote policies that safeguard individuals from overbroad government surveillance while also preserving the government's ability to protect national security from evolving threats. Webelieve those threats are real, substantial and persistent, and we appreciate the work theintelligence community does to protect the nation against them, and this Committee's efforts tooversee that work.

Introduction

The past year has seen public disclosure of multiple national security programs involving the collection - by the National Security Agency (NSA), a highly secretive military intelligenceagency - of sensitive data of many millions of Americans and non-Americans with no connection to a crime or terrorism. n1 This has prompted a thorough, impassioned, and much-needed debate regarding the appropriate scope of government surveillance, including numeroushearings from various Congressional committees, and comprehensive reports from thePresident's Review Group on Intelligence and Communications Technologies and the Privacyand Civil Liberties Oversight Board. n2 The stakes in this debate are high because thetechnological capabilities to collect and analyze information in very large quantities, and to gleanintimate details and patterns about individuals, will rapidly grow more sophisticated ascomputing power continues to expand and digital services become more interwoven into everyday life. Congress has a responsibility to safeguard privacy not just from the surveillanceprograms and technologies of today, but those of the future as well. The surveillance reforms Congress settles on may not be revisited for decades, and we may be living in quite a different world by the time Congress considers the next major privacy update to national securitysurveillance authorities.

Although questions remain and further debate is needed in many areas, a near consensus hasemerged on a critical issue that has been of central focus to the American public: The government's bulk collection of records of phone calls and emails to, from and within the United States is both intrusive and unnecessary, and Congress must act to prohibit this activity. n3 The vehicle with the most headway in accomplishing this goal is the bicameral, bipartisan USA FREEDOM Act. n4 The USA FREEDOM Act directly takes on the bulk collection problem,attempting to prohibit untargeted mass collection while preserving the key requirement of prior court approval for surveillance demands, without unreasonably interfering with the government's ability to make targeted record requests. The legislation also pursues other important reforms,including permitting greater company disclosure regarding national security orders, and enhancing transparency of the Foreign Intelligence Surveillance Court (FISC).

The USA FREEDOM Act was never intended to resolve all of the profound civil libertiesproblems raised by overbroad national security surveillance. For example, the bill would make only very limited reforms to Sec. 702 of the Foreign Intelligence Surveillance Act (FISA), doesnot provide significant additional privacy protections for non-U.S. persons abroad, and takes nosteps to prevent the undermining of cryptography standards. n5 These matters need to be addressed in other legislation. From the outset, USA FREEDOM was a compromise.Nonetheless, the Center for Democracy & Technology, numerous civil society organizationsspanning the political spectrum, and many of America's largest technology companies initiallylent strong public support to these efforts. n6 This support continued after a House Judiciary Committee markup weakened the bill's provisions on private party reporting, governmenttransparency, FISC reforms, and the modest improvements to Sec. 702 of FISA. n7

However, the compromise ultimately went too far. Additional last-minute changes were made tothe USA FREEDOM Act prior to final passage in the House of Representatives - notably,changes to the requirement that a "specific selection term" be used as a means of preventingbulk collection. This sudden change raised serious concerns regarding the bill's effectiveness inlimiting overbroad surveillance activity, causing CDT, many tech companies, and other civil society groups to remove support for the bill for which we had fiercely advocated for more than half a year. n8 When the weakened USA FREEDOM Act went to the House Floor for final passage, a bipartisan majority of the bill's own cosponsors voted against it, and a majority of thevotes against the bill were cosponsors. n9 The bottom line is that there are strong, widespread doubts that the bill that passed the House achieves its stated goal of ending the government's bulk collection of Americans' personal information.

The Senate - and this Committee - now have the opportunity to shore up weaknesses in theUSA FREEDOM Act and pass legislation that would significantly advance the privacy interestsof Americans while protecting national security. However, in order to ensure that the USAFREEDOM Act actually achieves its goals and fulfills the public's strong desire to prohibit overbroad surveillance, additional protections and clarity must be provided.

I. Further Action is Necessary to End Bulk Collection of Americans' Private Information

The driving force behind the USA FREEDOM Act has been the need to prohibit bulk collection ofAmericans' sensitive personal information. Ending "bulk collection" does not just mean ceasing nationwide untargeted surveillance dragnets, but prohibiting large-scale government collection and retention of non-public records about persons who are not connected to national securitythreats. It would merely perpetuate existing problems to allegedly prohibit nationwide "bulk collection" while permitting collection on the scale of a state or city, or of millions of users of an Internet service provider, with a single FISA order. n10 Unfortunately, the USA FREEDOM Act, as passed by the House of Representatives, does not clearly prohibit such activity, nor does it takesufficient steps to protect the privacy of innocent individuals that would be swept up in suchbroad surveillance.

The primary means that the USA FREEDOM Act, as passed by the House of Representatives,seeks to prevent bulk collection is by requiring that the government use a "specific selection term" as the basis for production in requests for information under Sec. 215 of the PATRIOT Act, the FISA pen/trap authority, and national security letters (NSLs). n11 Applying this requirement to all intelligence authorities that could be used for the domestic collection of data is critically important: it can prevent the migration of bulk collection activities from one provision ofthe law to another. The requirement must be designed to ensure that every surveillance orderdescribes the information targeted, thereby preventing virtually limitless surveillance orders that could vacuum up records about masses of people, or even the entire nation. As the lynchpin ofthe bill's purported prohibition on bulk collection, the definition of "specific selection term" is quite important.

When the USA FREEDOM Act unanimously passed the House Judiciary Committee and the House Permanent Select Committee on Intelligence, "specific selection term" was defined as "aterm used to uniquely describe a person, entity, or account." n12 However, prior to consideration before the full House, this critical definition was significantly weakened. The new definition of "specific selection term" was "a discrete term, such as a term specifically identifying a person, entity, account, address, or device, used by the Government to limit the scope of information or tangible things sought pursuant to the statute authorizing the provision of such information ortangible things to the Government." n13 This change to the bill, more than any other, caused majortechnology companies, civil society groups, and a majority of the bill's cosponsors to pull theirsupport for the USA FREEDOM Act. n14

There is a major lack of clarity regarding what this new definition of "specific selection term" would authorize and prohibit in practice. At its core, the definition requires "a distinct term to limitthe scope of information sought," but there is no indication as to how stringent the limit must be.Although agencies may currently use selection terms to query data collected under surveillance authorities, this is an internal process and there is no history of the use of selection terms in law.Ambiguity is the point - the bill's definition is deliberately open-ended to provide the government with broad flexibility in making surveillance requests. One could argue that any term thegovernment uses to limit in any way the scope of the information or tangible things it seeksusing its domestic intelligence authorities fits the definition. Yet the highly controversial domestic telephony and Internet metadata bulk collection programs that prompted Congressional actionwere themselves borne of the government's exploitation of ambiguous terms in existing statutesand the FISC's willingness to accept these interpretations - "relevant to an authorized investigation" led to authorizations to collect the phone and email records of virtually everyone inthe United States. n15 Similarly broad interpretations of the USA FREEDOM Act's definition of "specific selection term" could effectively perpetuate mass collection of data about people in the U.S.

For example, if a government application for email records used as selection terms the namesof the top four email services in the United States, how would this meaningfully differ from the very type of mass, untargeted data collection that the USA FREEDOM Act was created toprevent?

Another example - it is entirely unclear whether the new definition of "specific collection term"would allow the government to use geographic regions such as a state, city, or zip code as thebasis for production of information. If the government demanded the credit card transactionrecords of everyone in Georgia and Maine, would that not be a limit on the scope of collection,as compared to nationwide surveillance? Congress should amend "specific selection term" with negative language making clear that the definition does not include broad geographic regionssuch as a state, city, zip code, or area code. It should include other negative language topreclude use of other overly broad specific selection terms.

Adding the words "device" and "address" to the definition of "specific selection term" also opensup the potential for collection of large amount of Internet communications that are not related tothe particular target. Some routers - which qualify as "devices" - can handle the email messages of thousands, perhaps millions, of people, so permitting collection by device identifier does not effectively limit collection to particular targets or those targets' personal devices. "Address" may include Internet Protocol (IP) address, yet thousands of computers and users may be assigned a single IP address, such as through web hosts or Network AddressTranslation devices. If the bill meant to limit "address" to physical address, then this should be made clear.

At the same time, we understand the government's legitimate need for flexibility to address a multitude of scenarios and to engage in new investigations that cannot be currentlycontemplated. If the USA FREEDOM Act were to prescribe a narrow and exclusive list of selection terms, this might inappropriately obstruct effective investigative techniques to address true threats. On the other hand, even the use of specific selection terms thought to be moreparticularized, such as "person" or "entity" may not effectively end mass collection since (for example) major corporations with millions of users are "persons" and "entities." Clear legislative history can clarify the meanings of these words to preclude unintended results. While the definition of "specific selection term" must be narrowed and clarified, Congress should alsoestablish meaningful statutory privacy protections that go beyond the definition.

II. Enhanced Minimization Procedures

In addition to narrowing and clarifying the definition of "specific selection term," Congress shouldalso strengthen existing minimization procedure, and establish minimization or privacyprocedures where there are none. Specifically, the USA FREEDOM Act should require minimization or privacy procedures that are reasonably designed to minimize the acquisition and prohibit the retention and dissemination, of non-public information concerning individualswho are not - based on reasonable, articulable suspicion - foreign powers, agents of foreignpowers, or in direct contact with foreign powers or agents of foreign powers. The FISC should be required to review the procedures for compliance with the statute before entering an order for the production of records. The procedures should be reviewed by an independent body, such asthe Privacy and Civil Liberties Oversight Board, on a regular basis and prior to any significant change to the procedures. These procedures should be applied to the authorities for which the USA FREEDOM Act seeks to end bulk collection - Sec. 215 of the PATRIOT Act, the FISA pen/trap statute, and NSLs.

An advantage to this approach is that the procedures would be adaptable multiple scenarios,and address both front-end acquisition and back-end retention of information about individuals who are not agents of foreign powers or in contact with such. That way, the government isrequired to seek the means of collecting information with minimal impact on non-targets, but isalso required to purge information unrelated to agents of foreign powers if acquisition of suchinformation is unavoidable.

Another advantage to this approach is that the government has a base of experience with thisframework because provisions of FISA already require minimization procedures. Section 215 ofthe PATRIOT Act and Sec. 702 of FISA both require more limited forms of minimizationprocedures that apply to the retention and dissemination of data. Section 215 requires theminimization procedures to minimize the retention and prohibit the dissemination of nonpublic information concerning U.S. persons, consistent with the need of the U.S. to produce foreignintelligence information, and prohibits dissemination of information that identifies a U.S. person unless identification is necessary to understand foreign intelligence information. n16 Section 702 requires similar procedures, but also requires that acquisition be minimized, which we view asan essential feature. n17 The pen/trap statute and NSL authorities currently do not require any minimization procedures. What we are proposing would go further than existing minimization procedures insofar as it would 1) require minimization or privacy procedures for Sec. 215, FISApen/trap, and NSLs, 2) require minimization of acquisition, not just retention and dissemination,3) prohibit retention and dissemination, not just dissemination, and 4) create new criteria foracquisition, retention, and dissemination - namely, whether the information concerns a foreign power, agent of foreign power, or person in contact with such, based on reasonable, articulable suspicion.

The USA FREEDOM Act, as passed by the House, takes some very modest steps in this direction. Section 104 of the bill would alter Sec. 215 of the PATRIOT Act to require FISC review of the minimization procedures for compliance with the statutory standard prior to issuing anorder, though the bill does not alter the current statutory standard for minimization procedures. Section 202 of the USA FREEDOM Act would establish new privacy procedures for the FISApen/trap statute, which currently have no such procedures, requiring "appropriate policies" that"include protections for the collection, retention, and use" of U.S. persons' information. n18 The bill does not establish procedures for NSLs.

To be clear, strong minimization or privacy procedures should not replace a narrower, clearerdefinition of "specific selection term." Nor should the procedures replace other useful safeguardspresent in the USA FREEDOM Act, such as the panel of amicus curiae, the governmenttransparency reporting requirements, or the requirement to declassify or publicly summarizeFISC opinions that interpret "specific selection term." n19 Rather, the strengthened procedureswould be a partial safeguard that should be added to the partial safeguards present in the bill.We remain open to considering other potential solutions, but believe this approach would help achieve the dual goals of protecting both privacy and flexibility.

III. In Addition to Prohibiting Bulk Collection, the USA FREEDOM Act Should Address OtherSurveillance Reforms

Prohibiting large-scale collection and retention of information about individuals who are notconnected to an investigation is the most critical issue the Senate must address in its consideration of the USA FREEDOM Act. However, Congress should also consider otherimportant surveillance reforms related to Sec. 702 of FISA, private party reporting of surveillance orders, and a FISC Special Advocate.

A. Section 702 of FISA

While much of the focus of this past year's debate on government surveillance has been bulk collection pursuant to Sec. 215 of the PATRIOT Act, it is also essential that Congress addressSec. 702 of FISA. Surveillance under Sec. 702 threatens the privacy rights of Americans, thehuman rights of those abroad, the continued growth of American tech companies, n20 and the future development of a global Internet. n21

First, Congress should limit the scope of surveillance that is permissible under Section 702.Under current law, the government can compel U.S. tech companies to assist with surveillanceof any non-U.S. person abroad in order to collect "foreign intelligence information" - a termbroadly defined to include even information that is only related to U.S. foreign affairs. n22 Instead, the government should be permitted to compel such assistance only in response to significant security threats, such as those outlined in Presidential Policy Directive 28 for use of information collected in bulk. This would require that collection pursuant to Section 702 only occur for purposes of detecting and countering: (1) espionage and other threats and activities directed byforeign powers or their intelligence services against the United States and its interests, (2) threats to the United States and its interests from terrorism, (3) threats to the United States andits interests from the development, possession, proliferation, or use of weapons of massdestruction, (4) cybersecurity threats, (5) threats to U.S. or allied Armed Forces or other U.S orallied personnel, and (6) transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named above. n23

Second, Congress should close the "backdoor search loophole" that Sec. 702 surveillance has opened, a reform that was in the USA FREEDOM Act as introduced, but which was removed tofinal passage in the House. n24 Under Sec. 702, the NSA collects huge quantities ofcommunications contents and metadata about both U.S. persons and non-U.S. persons - 250 million Internet communications per year, according to a 2011 court estimate. n25 In October 2011, the minimization procedures required under Sec. 702 were changed to permit NSA personnel toquery information collected under Sec. 702 using U.S. person identifiers. n26 The minimization procedures permit the NSA to retain and disseminate U.S. persons' communication if it containsforeign intelligence information n27 or if the communication contains evidence of a crime that may have been or may be committed. n28 As a result, a military intelligence agency is using a statutespecifically designed to permit collection that targets non-U.S. persons abroad to amass, analyze, and share U.S. persons' communications without court approval, even though thegovernment would have to ask the FISC for permission to directly obtain those U.S. persons' information if they were targeted directly. Congress should amend Sec. 702 to require, absent a life-threatening emergency, judicial approval to search information collected under Sec. 702 for the communications contents of U.S. persons. n29

Third, the use of Sec. 702 to collect communications "about" surveillance targets that are neitherto nor from a target should be prohibited. n30 Section 702 authorizes the government to target the communications of persons reasonably believed to be abroad, but it never defines the term "target." However, throughout Sec. 702, the term is used to refer to the targeting of an individual,rather than the content of a communication. n31 Further, the entire congressional debate onSection 702 includes no reference to collecting communications "about" a foreign target, and significant debate about collecting communications to or from a target. n32 The practice of collecting "about" communications is inconsistent with the legislative history of the statute,raises constitutional problems, and directs the focus of surveillance away from suspectedwrongdoers while permitting the NSA to monitor the communications of Americans with no linkto national security investigations. The USA FREEDOM Act, as approved by the House, includes mention of "about" collection in proposed statutory language, n33 which would give thispractice the seal of Congressional approval. Instead, Congress should specifically limit thescope of Sec. 702 surveillance to communications to or from a target. If the legislation does not explicitly prohibit the practice of collecting "about" communications, the reference to "about" communications should be removed.

These are some of the most important issues regarding reform of Section 702, but there aremany more. While the focus of the Senate's consideration of the USA FREEDOM Act willcontinue to be how to effectively prohibit bulk collection, Congress should make a clearcommitment to engaging in a comprehensive review of Sec. 702 in the future, and enactingreforms to address the range of problems that have come to light. The upcoming report of the Privacy and Civil liberties Oversight Board on Sec. 702 will provide Congress with a good opportunity to do so.

B. Transparency, Immunity, & FISC Reform

Congress should strengthen the transparency provisions of The USA FREEDOM Act, as passed by the House, especially those regarding company reporting of the intelligence surveillance demands they receive. Currently, the legislation provides a convoluted framework with three options. n34 The option that permits the most particularized reporting allows companies and otherpersons to report the number of orders received and accounts affected, in ranges of a thousand,separated by NSLs and distinct titles of FISA - except Title VII. The other two options permit reporting in ranges of 500 and 250, but doing so sacrifices the ability to distinguish which authority was used for collection and to estimate the accounts affected by surveillancedemands. The ability to separate reports by legal authority is essential to effective reporting, asthese different authorities permit government collection of different types of information andrequire different showings before an independent court. In addition, the bill's references to permitting reporting of "selectors targeted" should be replaced with reporting on accountsaffected. The number of selectors targeted is not an accurate representation of the number ofaccounts affected since one selector can encompass multiple accounts, while bulk collection may not be reported at all since it is not selector-based. n35

Moreover, we are also concerned about the change the bill makes to the liability provision inSec. 215. The threat of liability for unlawfully turning over of records to an intelligence agency isa powerful incentive for private parties to protect privacy. If a company acts within the law andturns over records to the government that a Sec. 215 order requires it to provide, it should haveimmunity for doing so. If it proves with factual evidence subjected to the rigors of the adversarial process that it had attempted in good faith comply with the law when it turned over thoserecords, but failed, the law should give the company a strong affirmative defense to a claimagainst it based on that failure. However, USA FREEDOM goes well beyond this: it removes the good faith requirement in current law and provides blanket immunity for companies that produce information or tangible things pursuant to a Sec. 215 order, and provides additional blanketimmunity for the provision of technical assistance to the government in connection with fulfillinga Sec. 215 order. This could mean, for example, that if a company contracts with its customer tohold customer records only in encrypted form, and the company decrypted the information andturned it over to the government in response to a Sec. 215 order, the customer could bring no cause of action to enforce the contractual commitment for which it had bargained. This immunityprovision, because it is overbroad, will erode trust in U.S. tech companies.

Finally, a Special Advocate should be created to participate in select FISC proceedings. Trust inthe FISC has been eroded because it operates in secret and issues sweeping decisions withprofound civil liberties implications in proceedings during a one-sided process in which only the government is represented. Although the USA FREEDOM Act, as passed by the House,encourages, but does not compel, amicus participation, the amicus is given no statutory chargeregarding what issues to advocate, and could well argue for even broader surveillance authoritythan the government is seeking in the proceeding. In addition to providing for amicusparticipation, the USA FREEDOM Act should include a Special Advocate specifically tasked with vigorously defending privacy, civil liberties, and transparency in FISC proceedings. This wouldmore effectively prevent unnecessarily broad surveillance, enhance the value of Courtdeclassifications, and help restore public trust in the FISC. While concerns have been raised that such an Advocate might reduce efficiency, the USA FREEDOM Act, as introduced,alleviated this concern by giving the Court discretion over the Advocate's participation, so that an adversarial debate would precede significant interpretations of law, but routine courtdecision-making would proceed without such process. n36

These additional reforms should be given thorough consideration, but they are no substitutetaking bold steps to prevent bulk collection of information. Without a more effective solution to this issue, we cannot support the legislation now under consideration.

Conclusion

We appreciate the opportunity to testify before this committee and present our views on theUSA FREEDOM Act and Congress' continued consideration of how best to address thecomplex issue of government surveillance reform. Many positive steps have been made and a significant achievement is now within your reach, but obstacles remain to effectively prevent unnecessary mass surveillance. We look forward to working with you to craft a solution thatdefinitively prohibits mass surveillance, permits necessary surveillance, and protects the valuesthat are so critical to our democratic society and our future.

n1 These programs include the bulk collection of telephone and Internet metadata under Section 215 of the PATRIOT Act and the pen/trap statute, respectively. See, Amended Memorandum Opinion, In re Application of the Federal Bureau of Investigation for an Order Requiring the Production of Tangible Things, No. BR 13-109 (FISA Ct. Aug. 29,2013), available at http://www.uscourts.gov/uscourts/courts/fisc/br13-09-primary-order.pdf. See also, Opinion and Order, No. PR/TT [redacted] (FISA Ct.), available athttp://www.dni.gov/files/documents/1118/CLEANEDPRTT%201.pdf.

n2 The President's Review Group on Intelligence and Communications Technologies, Liberty and Security in a Changing World, (Dec. 12, 2013), available at http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf, hereafter President's Review Group Report. The Privacy and Civil Liberties Oversight Board(PCLOB), Report on the Telephone Records Program Conducted under Section 215 of the USA PATRIOT Act and on the Operations of the Foreign Intelligence Surveillance Court, (Jan. 23, 2014), available athttp://www.pclob.gov/SiteAssets/Pages/default/PCLOB-Report-on-the-Telephone-Records-Program.pdf, hereafterPCLOB [Sec.]215 Report.

n3 President's Review Group Report, pgs. 104, 118: "Our review suggests that the information contributed to terroristinvestigations by the use of section 215 telephony meta-data was not essential to preventing attacks and could readily have been obtained in a timely manner using conventional section 215 orders.... Even without collecting andstoring bulk telephony meta-data itself, there are alternative ways for the government to achieve its legitimate goals,while significantly limiting the invasion of privacy and the risk of government abuse." See also, PCLOB [Sec.]215 Report,pgs. 15, 155: "We have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack.... Given the limited value this program has demonstrated to date, as outlinedabove, we find little reason to expect that it is likely to provide significant value, much less essential value, insafeguarding the nation in the future." See also, First Unitarian Church of Los Angeles v. National Security Agency,Brief of Amici Curiae Senator Ron Wyden, Senator Mark Udall, & Senator Martin Heinrich, Case No. 3:13-cv-03287 JSW, N.D. Cal., Nov. 18, 2013, pg. 2, https://www.eff.org/files/2013/11/18/senatorsamicibrief.pdf. "[We] have reviewed this surveillance extensively and have seen no evidence that the bulk collection of Americans' phonerecords has provided any intelligence of value that could not have been gathered through less intrusive means."

n4 H.R. 3361, S. 1599. 5 Jospeh Menn, NSA infiltrated RSA security more deeply than thought - study, Reuters, Mar. 31, 2014, http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331.

n6 Sen. Leahy, USA FREEDOM Act draws bipartisan praise, Nov. 1, 2013, https://www.leahy.senate.gov/press/usa-freedom-act-draws-bipartisan-praise. See also, CDT letter to Senate and House endorsing USA FREEDOM Act,Center for Democracy & Technology, Oct. 29, 2013, https://cdt.org/insight/cdt-letter-to-senate-and-house-endorsing-usa-freedom-act.

n7 See, e.g., Harley Geiger, USA FREEDOM Act Moves Forward, Center for Democracy & Technology, May 5, 2014, https://cdt.org/blog/usa-freedom-act-moves-forward.

n8 Center for Democracy & Technology, House Leadership Moves to Gut USA FREEDOM Act, May 20, 2014, https://cdt.org/press/house-leadership-moves-to-gut-usa-freedom-act. See also, Dustin Volz, Google, Facebook Warn NSA Bill Wouldn't Stop Mass Surveillance, May 21, 2014, http://www.nationaljournal.com/tech/google-facebook-warn-nsa-bill-wouldn-t-stop-mass-surveillance-20140521.

n9 Jim Cook, Amash: USA Freedom Act was Flipped so badly, a Majority of Cosponsors Voted Against It, IrregularTimes, May 23, 2014, http://irregulartimes.com/2014/05/23/amash-usa-freedom-act-was-flipped-so-badly-a-majority-of-cosponsors-voted-against-it.

n10 "The Board also recommends against the enactment of legislation that would merely codify the existing program or any other program that collected bulk data on such a massive scale regarding individuals with no suspected ties toterrorism or criminal activity. While new legislation could provide clear statutory authorization for a program that currently lacks a sound statutory footing, any new bulk collection program would still pose grave threats to privacy and civil liberties." PCLOB [Sec.]215 report, pg. 169.

n11 H.R. 3361, as engrossed, 113th Cong., Secs. 103, 201, and 501.

n12 H.R. 3361, as reported, 113th Cong., Sec. 107.

n13 H.R. 3361, as engrossed, Sec. 107.

n14 Harley Geiger, Why We Can't Support the New USA FREEDOM Act, Just Security, May 21, 2014, http://justsecurity.org/10689/guest-post-support-usa-freedom-act.

n15 The PCLOB labeled the telephony bulk collection program as "not statutorily authorized" for four independent reasons. See, PCLOB [Sec.]215 Report, pgs. 57-58. "First, the telephone records acquired under this program have no connection to any specific FBI investigation at the time the government obtains them. Instead, they are collected inadvance to be searched later for records that do have such a connection. Second, because the records are collected in bulk -- potentially encompassing all telephone calling records across the nation -- they cannot be regarded as"relevant" to any FBI investigation without redefining that word in a manner that is circular, unlimited in scope, and outof step with precedent from analogous legal contexts involving the production of records. Third, instead of compellingtelephone companies to turn over records already in their possession, the program operates by placing thosecompanies under a continuing obligation to furnish newly generated calling records on a daily basis. This is an approach lacking foundation in the statute and one that is inconsistent with FISA as a whole, because it circumventsanother provision that governs (and limits) the prospective collection of the same type of information. Fourth, thestatute permits only the FBI to obtain items for use in its own investigations. It does not authorize the NSA to collectanything."

n16 50 U.S.C. 1861(g)(2)(A)-(B).

n17 50 U.S.C. 1881a(e)(1), 50 U.S.C. 1801(h)(1)-(4).

n18 Earlier iterations of the bill established minimization procedures that were virtually identical to those currently in Sec. 215. In the earlier iteration of the bill, Government applications for pen/trap were required to include a statementof minimization procedures, the FISC was able to review whether the minimization procedures meet the statutorystandard, and the FISC was able to review compliance with minimization procedures involving U.S. persons. Theseprocedures were stripped out of the bill prior to final passage in the House.

n19 H.R. 3361, as engrossed, 113th Cong., Secs. 401, 601-603, 605. 20 Recent studies by the Information Technology and Innovation Foundation and Forrester Research estimate thatNSA surveillance will cost the U.S. tech industry between $35 billion and $180 billion over the next three years, a lossof up to 25 percent of total industry revenue. Daniel Castro, The Information Technology and Innovation Foundation,How Much Will PRISM Cost the U.S. Cloud Computing Industry?, Aug. 5, 2013, available at http://www.itif.org/publications/how-much-will-prism-cost-us-cloud-computing-industry. James Staten, Forrester Research, The Cost of PRSIM Will Be Larger Than ITIF Projects, Aug. 14, 2013, available athttp://blogs.forrester.com/james_staten/13-08-14-the_cost_of_prism_will_be_larger_than_itif_projects.

n21 NSA surveillance - notably surveillance of persons abroad conducted under Section -has fueled efforts abroad to require data to be stored locally, in particular countries. This could have enormous negative repercussions for thecompetitiveness of the American tech industry, the global free flow of information, and the internationalentrepreneurship and innovation that the Internet has engendered. See, Dean Garfield, Written Testimony to the Privacy and Civil Liberties Oversight Board Mar. 19, 2014, available at http://www.pclob.gov/Library/Meetings-Events/2014-March-19-Public-Hearing/Testimony_Garfield.pdf. "We are facing the possibility of a Balkanized Internet,and global innovation will certainly suffer. Brazil, for example, is considering a legislative proposal that could lead tothe requirement that certain data be stored in that country."

n22 50 USC Sec. 1801(e)(2)(B).

n23 Center for Democracy & Technology, Comments to PCLOB on Section 702 Reform, Apr. 11, 2014, available athttps://cdt.org/insight/cdt-comments-to-pclob-on-section-702-reform.

n24 H.R. 3361, as introduced, 113th Cong., Sec. 301.

n25 Oct. 2011 FISC opinion, available at https://www.eff.org/document/october-3-2011-fisc-opinion-holding-nsa-surveillance-unconstitutional.

n26 James Ball and Spencer Ackerman, NSA loophole allows warrantless search for US citizens' emails and phone calls, The Guardian, Aug. 9, 2013, available at http://www.theguardian.com/world/2013/aug/09/nsa-loophole-warrantless-searches-email-calls.

n27 50 U.S.C. 1801(e) defines "Foreign intelligence information" broadly to include information "necessary to theconduct of the foreign affairs of the United Sates."

n28 National Security Agency, Minimization Procedures Used by the National Security Agency in connection withAcquisitions of Foreign Intelligence Information Pursuant to Section 702 of the Foreign Intelligence Surveillance Act of1978, As Amended, Sec. 5, Oct. 31, 2011, http://www.dni.gov/files/documents/Minimization%20Procedures%20used%20by%20NSA%20in%20Connection%20with%20FISA%20SECT%20702.pdf.

n29 This recommendation was echoed in the President's Review Group Report, pgs. 145-146.

n30 See, Statement of Brad Wiegmann, Public Hearing Regarding the Surveillance Program Operated Pursuant toSection 702 of the Foreign Intelligence Surveillance Act (March 19, 2014), available at http://www.pclob.gov/Library/Meetings-Events/2014-March-19-Public-Hearing/19-March-2014_Public_Hearing_Transcript.pdf. "Why 'about' collection is different is it's not necessarily communications to or from that bad guy but instead about that selector."

n31 50 U.S.C. 1881a(a).

n32 See, e.g., U.S. Senate Select Committee on Intelligence, FISA Sunset Extensions Act of 2012 Report (S. Rpt. 112-174, Appendix), available at http://www.gpo.gov/fdsys/pkg/CRPT-112srpt174/pdf/CRPT-112srpt174.pdf. "Section 702permits the FISC to approve surveillance of terrorist suspects and other targets who are non-U.S. persons outside the United States.... The FISC may approve surveillance of these kinds of targets when the Government needs theassistance of an electronic communications service provider."

n33 H.R. 3361, as engrossed by the House, Sec. 301.

n34 H.R. 3361, as engrossed by the House, Sec. 604.

n35 Harley Geiger, Two Ways the Surveillance Transparency Rules for Companies are not Transparent, Center for Democracy & Technology, Mar. 19, 2014, https://cdt.org/blog/two-ways-the-surveillance-transparency-rules-for-companies-are-not-transparent.

n36 Steve Vladek, Judge Bates and a FISA "Special Advocate," Lawfare, Feb. 4, 2014, http://lawfareblog.com/2014/02/judge-bates-and-a-fisa-special-advocate.

Read this original document at: http://intelligence.senate.gov/140605/geiger.pdf


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Congressional Documents & Publications