Improved USA Freedom Retains “Connection” Chaining and “Foreign Intelligence” Retention
Thanks to this NYT editorial, everyone is talking about Patrick Leahy’s version of USA Freedom, which he will introduce tomorrow.
Given what I’ve heard, my impression is the editorial is correct that Leahy’s bill is a significant improvement off of USA Freedumber.
That’s not saying much.
It tightens the definition for Specific Selection Term significantly (though there may still be limited cause for concern).
It improves the FISA Advocate (but not necessarily enough that it would be meaningful).
It improves transparency (but there’s one aspect of “improved” transparency that actually disturbs me significantly).
It pretends to fix concerns I had about the PRTT minimization, but I don’t think it succeeds.
Still, an improvement off of the USA Freedumber.
I’m not convinced that makes it an acceptable improvement off of the status quo (especially the status quo requiring court approval for each seed). That’s because — from what I’ve heard — Leahy’s bill retains the language from USA Freedumber on contact chaining, which reads,
(iii) provide that the Government may require the prompt production of call detail records—
(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii) as the basis for production; and
(II) using call detail records with a direct connection to such specific selection term as the basis for production of a second set of call detail records;
Now, I have no idea what this language means, and no one I’ve talked to outside of the intelligence committees does either. It might just mean they will do the same contact chaining they do now, but if it does, why adopt this obscure language? It may just mean they will correlate identities, and do contact chaining off all the burner phones their algorithms say are the same people, but nothing more, but if so, isn’t there clearer language to indicate that (and limit it to that)?
But we know in the equivalent program for DEA — Hemisphere — the government uses location to chain people. So to argue this doesn’t include location chaining, you’d have to argue that NSA is satisfied with less than DEA gets and explain why the language of this bill specifically prohibits it. (The bill — as USA Freedumber before it did — requires NSA to use Call Detail Records at each step; that may or may not impose such limits.)
I remain concerned, too, that such obscure language would permit the contact chaining on phone books and calendars, both things we know NSA obtains overseas, both things NSA might have access to through their newly immunized telecom partners.
In addition, Leahy’s bill keeps USA Freedumber’s retention language tied to Foreign Intelligence purpose, allowing the NSA to keep all records that might have a foreign intelligence purpose.
Why, after having read PCLOB’s 702 report stating that, “when an NSA analyst recognizes that [a communication] involves a U.S. person and determines that it clearly is not relevant to foreign intelligence or evidence of a crime,” destruction of it, which is required by the law, “rarely happens,” would anyone applaud a Section 215 bill that effectively expands retention using that very same utterly meaningless “foreign intelligence” language? And with it may expand the permitted dissemination of such data?
The bill is definitely an improvement over USA Freedumber. But until someone explains what that connection chaining language does — and includes limiting language to make sure that’s all it will ever do — I have no way of knowing whether Leahy’s bill is better than the status quo. As it is, however, it is certainly conceivable Leahy’s bill will result in more innocent Americans ending up in the corporate store.
(I may have two more new concerns about Leahy’s bill, but I’ll hold those until I see what precise language the bill uses for them.)
