What HPSCI Wants to Protect in 702: Back Doors, the Tor Exception, and a Dysfunctional FISC
The House is revving up to vote on 702 reauthorization, offering either the shitty bill drafted by Devin Nunes, Adam Schiff, and Devin Nunes or the Amash amendment (which is the Wyden-Paul USA Rights bill). As I noted in a piece at The New Republic,
Congress is, in an apparently serious attempt at surveillance reform, about to make it easier for the FBI to spy on those whom it has zero evidence of wrongdoing than those whom it has probable cause to suspect of illegal behavior. This bill would protect a very small subset of suspected criminals—perhaps just one a year, based on reporting from 2016. But it would do nothing to prevent the FBI from reading the communications of any innocent American who is named in a tip.
HPSCI has come out with a one pager making shite up about USA Rights. And I’m interested in three things HPSCI prioritizes:
- Ensuring that NSA can order companies to bypass encryption
- Sustaining the Tor domestic spying exception
- Coddling the dysfunction of the FISA Court
Ensuring that NSA can order companies to bypass encryption
The HPSCI flyer complains that USA Rights,
Significantly limit[s] the Government’s ability to obtain Section 702 information on foreign terrorists by unnecessarily restricting when the Government may ask for technical assistance from electronic communication service providers;
At issue is language in USA Rights that limits government requests for technical assistance to things that are necessary, narrowly tailored, and would not pose an undue burden.
(B) LIMITATIONS.—The Attorney General or the Director of National Intelligence may not request assistance from an electronic communication service provider under subparagraph (A) without demonstrating, to the satisfaction of the Court, that the assistance sought—
(i) is necessary;
(ii) is narrowly tailored to the surveillance at issue; and
(iii) would not pose an undue burden on the electronic communication service provider or its customers who are not an intended target of the surveillance.
It is clear this is Wyden’s effort to prohibit the government from using individual directives (which are not reviewed by the FISA Court) to back door or circumvent a company’s encryption. While the government says it has not yet asked the FISC to force companies to do this (which is different from saying they haven’t asked and gotten companies to willingly do so), it has dodged whether it has asked companies to circumvent their own encryption.
So basically, one of the big things HPSCI thinks is wrong with USA Rights is that it won’t let NSA back door your phone.
Sustaining the Tor domestic spying exception
The HPSCI flyer claims that USA Rights,
Mandat[es] a flat prohibition on the use of Section 702 information in prosecuting dangerous criminals, including murderers and child abusers;
That flips reality on its head. What HPSCI is trying to protect, here, is its carve-out permitting the use of 702 information for anything that,
“Affects, involves, or is related to” the national security of the United States (which will include proceedings used to flip informants on top of whatever terrorism, proliferation, or espionage and hacking crimes that would more directly fall under national security) or involves,
- Death
- Kidnapping
- Serious bodily injury
- Specified offense against a minor
- Incapacitation or destruction of critical infrastructure (critical infrastructure can include even campgrounds!)
- Cybersecurity, including violations of CFAA
- Transnational crime, including transnational narcotics trafficking
- Human trafficking (which, especially dissociated from transnational crime, is often used as a ploy to prosecute prostitution; the government also includes assisting undocumented migration to be human trafficking)
[snip]
Importantly, the bill does not permit judicial review on whether the determination that something “affects, involves, or is related to” national security. Meaning Attorney General Jeff Sessions could decide tomorrow that it can collect the Tor traffic of BLM or BDS activists, and no judge can rule that’s an inappropriate use of a foreign intelligence program.
As I have noted, the carve out, taken in conjunction with the 2014 exception letting the NSA collect on location obscuring servers (like VPNs and Tor) used by Americans, effectively makes 702 a domestic spying bill (on top of permitting its use for anything else Jeff Sessions claims is related to national security).
In other words, HPSCI doesn’t so much want 702 to spy on the terrorists, spies, and proliferators included in USA Rights: it wants to spy domestically.
Coddling the dysfunction of the FISA Court
Finally, the HPSCI flyer complains that USA Freedom,
Subvert[s] the authority and expediency of the Foreign Intelligence Surveillance Court by requiring an amicus review during every Section 702 authorization; and
This is a complaint about a number of common sense measures that make the FISA Court more credible, most notably requiring each 702 authorization to include an amicus review. The bill also includes measures to make the amicus review more robust, like enough advance involvement to be useful.
For a body of Congress to guard “the authority and expediency” of the FISC — especially in the wake of last year’s debacle of a ruling from Rosemary Collyer, who stubbornly refused to follow the law and either appoint an amicus or explain why she chose not to do so, is an outright abdication of congressional authority.
The FISC just defied Congressional intent as reflected in USA Freedom Act. USA Rights would make it harder for the FISC to continue to do so. And HPSCI’s response to that is to whimper that Congress is “subverting the authority” of another branch by demanding that it follow the law?
Update: DemandProgress did a fact check of this flyer that’s quite good.