Posts

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

What HPSCI Wants to Protect in 702: Back Doors, the Tor Exception, and a Dysfunctional FISC

/5 Comments/in /by

The House is revving up to vote on 702 reauthorization, offering either the shitty bill drafted by Devin Nunes, Adam Schiff, and Devin Nunes or the Amash amendment (which is the Wyden-Paul USA Rights bill). As I noted in a piece at The New Republic,

Congress is, in an apparently serious attempt at surveillance reform, about to make it easier for the FBI to spy on those whom it has zero evidence of wrongdoing than those whom it has probable cause to suspect of illegal behavior. This bill would protect a very small subset of suspected criminals—perhaps just one a year, based on reporting from 2016. But it would do nothing to prevent the FBI from reading the communications of any innocent American who is named in a tip.

HPSCI has come out with a one pager making shite up about USA Rights. And I’m interested in three things HPSCI prioritizes:

  • Ensuring that NSA can order companies to bypass encryption
  • Sustaining the Tor domestic spying exception
  • Coddling the dysfunction of the FISA Court

Ensuring that NSA can order companies to bypass encryption

The HPSCI flyer complains that USA Rights,

Significantly limit[s] the Government’s ability to obtain Section 702 information on foreign terrorists by unnecessarily restricting when the Government may ask for technical assistance from electronic communication service providers;

At issue is language in USA Rights that limits government requests for technical assistance to things that are necessary, narrowly tailored, and would not pose an undue burden.

(B) LIMITATIONS.—The Attorney General or the Director of National Intelligence may not request assistance from an electronic communication service provider under subparagraph (A) without demonstrating, to the satisfaction of the Court, that the assistance sought—

(i) is necessary;

(ii) is narrowly tailored to the surveillance at issue; and

(iii) would not pose an undue burden on the electronic communication service provider or its customers who are not an intended target of the surveillance.

It is clear this is Wyden’s effort to prohibit the government from using individual directives (which are not reviewed by the FISA Court) to back door or circumvent a company’s encryption. While the government says it has not yet asked the FISC to force companies to do this (which is different from saying they haven’t asked and gotten companies to willingly do so), it has dodged whether it has asked companies to circumvent their own encryption.

So basically, one of the big things HPSCI thinks is wrong with USA Rights is that it won’t let NSA back door your phone.

Sustaining the Tor domestic spying exception

The HPSCI flyer claims that USA Rights,

Mandat[es] a flat prohibition on the use of Section 702 information in prosecuting dangerous criminals, including murderers and child abusers;

That flips reality on its head. What HPSCI is trying to protect, here, is its carve-out permitting the use of 702 information for anything that,

“Affects, involves, or is related to” the national security of the United States (which will include proceedings used to flip informants on top of whatever terrorism, proliferation, or espionage and hacking crimes that would more directly fall under national security) or involves,

  • Death
  • Kidnapping
  • Serious bodily injury
  • Specified offense against a minor
  • Incapacitation or destruction of critical infrastructure (critical infrastructure can include even campgrounds!)
  • Cybersecurity, including violations of CFAA
  • Transnational crime, including transnational narcotics trafficking
  • Human trafficking (which, especially dissociated from transnational crime, is often used as a ploy to prosecute prostitution; the government also includes assisting undocumented migration to be human trafficking)

[snip]

Importantly, the bill does not permit judicial review on whether the determination that something “affects, involves, or is related to” national security. Meaning Attorney General Jeff Sessions could decide tomorrow that it can collect the Tor traffic of BLM or BDS activists, and no judge can rule that’s an inappropriate use of a foreign intelligence program.

As I have noted, the carve out, taken in conjunction with the 2014 exception letting the NSA collect on location obscuring servers (like VPNs and Tor) used by Americans, effectively makes 702 a domestic spying bill (on top of permitting its use for anything else Jeff Sessions claims is related to national security).

In other words, HPSCI doesn’t so much want 702 to spy on the terrorists, spies, and proliferators included in USA Rights: it wants to spy domestically.

Coddling the dysfunction of the FISA Court

Finally, the HPSCI flyer complains that USA Freedom,

Subvert[s] the authority and expediency of the Foreign Intelligence Surveillance Court by requiring an amicus review during every Section 702 authorization; and

This is a complaint about a number of common sense measures that make the FISA Court more credible, most notably requiring each 702 authorization to include an amicus review. The bill also includes measures to make the amicus review more robust, like enough advance involvement to be useful.

For a body of Congress to guard “the authority and expediency” of the FISC — especially in the wake of last year’s debacle of a ruling from Rosemary Collyer, who stubbornly refused to follow the law and either appoint an amicus or explain why she chose not to do so, is an outright abdication of congressional authority.

The FISC just defied Congressional intent as reflected in USA Freedom Act. USA Rights would make it harder for the FISC to continue to do so. And HPSCI’s response to that is to whimper that Congress is “subverting the authority” of another branch by demanding that it follow the law?

Update: DemandProgress did a fact check of this flyer that’s quite good.

After Lying in a Closed Surveillance Briefing in 2011, Intelligence Community Plans Another Closed Briefing

/6 Comments/in /by

On May 18, 2011, 48 members of the House (mostly Republicans, but also including MI’s Hansen Clarke) attended a closed briefing given by FBI Director Robert Mueller and General Counsel Valerie Caproni on the USA PATRIOT Act authorities up for reauthorization. The hearing would serve as the sole opportunity for newly elected members to learn about the phone and Internet dragnets conducted under the PATRIOT Act, given Mike Rogers’ decision not to distribute the letter provided by DOJ to inform members on the secret dragnets they were about to reauthorize.

During the hearing, someone asked,

Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?

One of the briefers — the summary released under FOIA does not say who — responded,

To the FBI’s knowledge, those authorities have not been abused.

As a reminder, hearing witness Robert Mueller had to write and sign a declaration for the FISC two years earlier to justify resuming full authorization for the phone dragnet because, as Judge Reggie Walton had discovered, the NSA had conducted “daily violations of the minimization procedures” for over two years. “The minimization procedures proposed by the government in each successive application and approved and adopted as binding by the orders of the FISC have been so frequently and systemically violated that it can fairly be said that this critical element of the overall BR regime has never functioned effectively,” Walton wrote in March 2009.

Now, I can imagine that whichever FBI witness claimed the FBI didn’t know about any “abuses” rationalized the answer to him or herself using the same claim the government has repeatedly made — that these were not willful abuses. But Walton stated then — and more evidence released since has made clear he was right since — that the government simply chose to subject the vast amount of US person data collected under the PATRIOT Act to EO 12333 standards, not more stringent PATRIOT Act ones. That is, the NSA, operating under FBI authorizations, made a willful choice to ignore the minimization procedures imposed by the 2006 reauthorization of the Act.

Whoever answered that question in 2011 lied, and lied all the more egregiously given that the questioner had no way of phrasing it to get an honest answer about violations of minimization procedures.

Which is why the House Judiciary Committee should pointedly refuse to permit the Intelligence Committee to conduct another such closed briefing, as they plan to do on Section 702 on February 2. Holding a hearing in secret permits the IC to lie to Congress, not to mention disinform some members in a venue where their colleagues can not correct the record (as Feingold might have done in 2011 had he learned what the FBI witnesses said in that briefing).

I mean, maybe HJC Chair Bob Goodlatte wants to be lied to? Otherwise, there’s no sound explanation for scheduling this entire hearing in closed session.

 

USA F-ReDux: The Risks Ahead

/4 Comments/in /by

Sometime after 2 today, the House will pass USA F-ReDux by a large margin. Last night the Rules Committee rejected all amendments, including two (a version of the Massie-Lofgren amendment prohibiting back doors and a Kevin Yoder amendment that would improved ECPA protections) that have majority support in the House.

After the bill passes the House today it will go to the Senate where Mitch McConnell will have his way with it.

What happens in the Senate is anyone’s guess.

One reason no one knows what Mitch has planned is because most people haven’t figured out what Mitch really wants. I think there are 3 possibilities:

  • He actually wants USA F-ReDux with some tweaks (about which more below) and the threat of a straight reauthorization is just a tactic to push through those tweaks; this makes the most sense because USA F-ReDux actually gives the IC things they want and need that they don’t currently have
  • There is something the government is doing — a bulk IP program, for example — that Mitch and Burr plan to provide Congressional sanction for even while basically adopting USA F-ReDux as a limit on Section 215 (but not other authorities); the problem with this plan is that secret briefings like the Administration offered the Senate, but not the House, last night don’t seem to meet the terms of ratification described by the Second Circuit
  • The Second Circuit decision threatens another program, such as SPCMA (one basis for Internet chaining involving US persons right now), that the Senate believes it needs to authorize explicitly and that’s what the straight reauthorization is about
  • [Update] I’m reminded by Harley Geiger that Mitch might just be playing to let 215 sunset so he can create a panic that will let him push through a worse bill. That’s possible, but the last time such an atmosphere of panic reigned, after Congress failed to replace Protect American Act in 2008, it worked to reformers’ advantage, to the extent that any cosmetic reform can be claimed to be a win.

I think — though am not certain — that it’s the first bullet, though Burr’s so-called misstatement the other day makes me wonder. If so Mitch’s procedural move is likely to consist of starting with his straight reauthorization but permitting amendments, Patrick Leahy introducing USA F-ReDux as an amendment, Ron Wyden and Rand Paul unsuccessfully pushing some amendments to improve the bill, and Richard Burr adding tweaks to USA F-ReDux that will make it worse. After that, it’s not clear how the House will respond.

Which brings me to what I think Burr would want to add.

As I’ve said before, I think hawks in the Senate would like to have data mandates, rather than the data handshake that Dianne Feinstein keeps talking about. While last year bill supporters — including corporate backers — suggested that would kill the bill, I wonder whether everyone has grown inured to the idea of data retention, given that they’ve been silent about the data handshake since November.

I also suspect the IC would like to extend the CDR authority to non-terrorism functions, even including drug targets (because they probably were already using it as such).

The Senate may try to tweak the Specific Selection Term language to broaden it, but it’s already very very permissive.

I’m also wondering if the Senate will introduce language undermining the limiting language HJC put in its report.

Those are the predictable additions Burr might want. There are surely a slew more (and there will be very little time to review it to figure out the intent behind what they add).

The two big questions there are 1) are any of those things significant enough to get the House to kill it if and when it gets the bill back and 2) will the House get that chance at all?

emptywheel Coverage of USA F-ReDux, or, PRISM for Smart Phones

/10 Comments/in , /by

This post will include all my coverage on USA F-ReDux.

Ten Goodies USA F-ReDux Gives the Intelligence Community 

USA F-ReDux’s boosters often suggest the bill would be a big sacrifice for the Intelligence Community. That’s nonsense. This post lists just 10 of the goodies the IC will get under the bill, including chaining on Internet calls, a 2nd super-hop, emergency provisions ripe for abuse, and expansions of data sharing.

2nd Circuit Decision Striking Down Dragnet Should Require Tighter “Specific Selection Term” Language in USA F-ReDux 

The 2nd Circuit just ruled that the phone dragnet was not authorized by Section 215. The language in the opinion on DOJ’s misinterpretation of “relevant to” ought to lead Congress to tighten the definition of “Specific Selection Term” in the bill to better comply with the opinion.

USA F-ReDux: Chaining on “Session Identifying Information” that Is Not Call Detail Records 

As I correctly predicted a year ago, by outsourcing “connection chaining” to the providers, the Intelligence Community plans to be able to chain on session identifying information (things like location and cookies) that is probably illegal.

USA F-ReDux: Dianne Feinstein Raises the Data Handshake Again (Latest post)

Some months ago, Bob Litt emphasized USA Freedom would only work if the telecoms retained enough data for pattern analysis (which may or may not back my worry the government plans to outsource such pattern analysis to the telecoms). Nevertheless, no one seems to want to discuss whether and if so how USA F-ReDux will ensure providers do keep data. Except Dianne Feinstein, who today once again suggested there is a kind of “data handshake” whereby the telecoms will retain our data without being forced.

Unlike the Existing Phone Dragnet, USA F-ReDux Does Not Include “Telephony” in Its Definition of Call Detail Record 

The definition of Call Detail Record that will be adopted under USA F-ReDux is closely related to the definition currently used in the phone dragnet — though the USA F-ReDux does not require CDRs to be comprehensive records of calls as the existing phone dragnet does. The big difference, however, is that USA F-ReDux never specifies that calls include only telephony calls.

Congress’s Orwellian spying “reforms”: Why the government wants to outsource its surveillance to your Internet provider 

At Salon, I explain more about why the IC wants to create PRISM for Smart Phones with USA F-ReDux.

Google Applauds USA F-ReDux Because It “Modernizes” Surveillance 

Neither Google nor any of the other providers are admitting they’ll be getting expansive immunity to help spy on their users if USA F-ReDux passes. But Google does reveal they consider this move “modernization,” not reform. Is that because they’ll once again get a monopoly on spying on their users?

Read more

How to Break the Law Under USA F-ReDux: The Emergency Provision that Would Blow Up the Bill

/in /by

Broadcast live streaming video on Ustream

As remarkable as was the House Judiciary Committee’s impotence to protect the Fourth Amendment in yesterday’s markup of USA F-ReDux, of equal importance was Raul Labrador’s effort to more narrowly tailor the emergency provision in the bill, which permits the Attorney General to authorize emergency production under Section 215 prior to getting FISA Court approval.

EMERGENCY AUTHORITY FOR PRODUCTION OF TANGIBLE THINGS.—

(1) Notwithstanding any other provision of this section, the Attorney General may require the emergency production of tangible things if the Attorney General—

(A) reasonably determines that an emergency situation requires the production of tangible things before an order authorizing such production can with due diligence be obtained;

(B) reasonably determines that the factual basis for the issuance of an order under this section to approve such production of tangible things exists;

Labrador (at 2:07) suggested that his amendment was very minor, just requiring the emergency provision be used only when there was an actual emergency.

I don’t see what it should blow up the bill, I don’t see why it would blow up the bill, all it’s doing is attempting to clarify the meaning of a term in the bill, which is an emergency situation, as one that involves the potential or imminent death or bodily harm to any person.

Yet, as Labrador noted, without the restriction would permit the AG to get records whenever she wanted.

As Zoe Lofgren noted, the lack of specificity in the bill is an invitation for abuse.

Labrador’s proposed change was even more minor given that we know NSA, at least, has redefined “threat of bodily harm” to “threat to property” in the case of corporate persons.

Jim Sensenbrenner, who argued that this emergency provision goes beyond what is required for emergency electronic surveillance or emergency physical surveillance under FISA, countered that tweaking the emergency provision would blow up the bill.

He and I may have a difference of opinion on what blows up this bill. You know, let me say this all was considered during the negotiations that were going on, I think there is an appropriate compromise to keep the dogs at bay, that is continued in the emergency appropriations of this bill and I am afraid that the amendment from the gentleman from Idaho would be who let the dogs out.

This is alarming.

I get that there’s a need for an emergency provision under Section 215 if it will cover things like Internet production, because the authorization process is too long for active investigations (which wouldn’t, mind you, meet the terms of Labrador’s amendment). But the emergency provision of USA F-ReDux will be one of the chief ways the IC will break the law under this bill (even going beyond what I believe to be a general violation of Riley‘s prohibition on searching smart phones without a warrant under the CDR provision).

That’s because of the way the bill significantly degrades the status quo on what happens if the FISC judges that this was an inappropriate use of Section 215. Currently, the FISC can make the government destroy the records. Under the bill, the government would be prevented from actually using the records in any official proceeding, but given that the AG polices that, and given that FBI basically has a department whose role is to parallel construct records like this, what this bill becomes is a means by which the FBI can get records they know to be illegal. Then, after the FISC rules the collection illegal (or, after FBI decides to “stop” collection before the 7 day deadline and thereby avoids telling the FISC what they’ve done), they can still keep those records so long as they parallel construct them. I’m not even sure collection ended before application would ever get reported to Congress.

And remember, there’s reason to believe that in the one year that the government has had an emergency provision for Section 215, it violated the prohibition on targeting someone for First Amendment protected activities.

If, as Sensenbrenner claims, closing some of the gaping loopholes on this provision would blow up the bill, it is an all but explicit admission that the Intelligence Community plans to use the immunity of this bill to be able to conduct illegal collection against people who are only “related” to an ongoing investigation.

Nine Members of Congress Vote to Postpone the Fourth Amendment

/7 Comments/in /by

Broadcast live streaming video on Ustream

John Conyers, Jim Sensenbrenner, Darrell Issa, Steve Cohen, Jerry Nadler, Sheila Jackson Lee, Trey Gowdy,  John Ratcliffe, Bob Goodlatte all voted to postpone the Fourth Amendment today.

At issue was Ted Poe’s amendment to the USA Freedom Act (USA F-ReDux; see the debate starting around 1:15), which prohibited warrantless back door searches and requiring companies from inserting technical back doors.

One after another House Judiciary Committee member claimed to support the amendment and, it seems, agreed that back door searches violate the Fourth Amendment. Though the claims of support from John Ratcliffe, who confessed to using back door searches as a US Attorney, and Bob Goodlatte, who voted against the Massie-Lofgren amendment last year, are suspect. But all of them claimed they needed to vote against the amendment to ensure the USA Freedom Act itself passed.

That judgment may or may not be correct, but it’s a fairly remarkable claim. Not because — in the case of people like Jerry Nader and John Conyers — there’s any question about their support for the Fourth Amendment. But because the committee in charge of guarding the Constitution could not do so because the Intelligence Committee had the sway to override their influence. That was a point made, at length, by both Jim Jordan and Ted Poe, with the latter introducing the point that those in support of the amendment but voting against it had basically agreed to postpone the Fourth Amendment until Section 702 reauthorization in 2017.

(1:37) Jordan: A vote for this amendment is not a vote to kill the bill. It’s not a vote for a poison pill. It’s not a vote to blow up the deal. It’s a vote for the Fourth Amendment. Plain and simple. All the Gentleman says in his amendment is, if you’re going to get information from an American citizen, you need a warrant. Imagine that? Consistent with the Fourth Amendment. And if this committee, the Judiciary Committee, the committee most responsible for protecting the Bill of Rights and the Constitution and fundamental liberties, if we can’t support this amendment, I just don’t see I it. I get all the arguments that you’re making, and they’re all good and the process and everything else but only in Congress does that trump — I mean, that should never trump the Fourth Amendment.

(1:49) Poe; We are it. The Judiciary Committee is it. We are the ones that are protecting or are supposed to protect, and I think we do, that Constitution that we have. And we’re not talking about postponing an Appropriations amount of money. We’re not talking about postponing building a bridge. We’re talking about postponing the Fourth Amendment — and letting it apply to American citizens — for at least two years. This is our opportunity. If the politics says that the Intel Committee — this amendment may be so important to them that they don’t like it they’ll kill the deal then maybe we need to reevaluate our position in that we ought to push forward for this amendment. Because it’s a constitutional protection that we demand occur for American citizens and we want it now. Not postpone it down the road to live to fight another day. I’ve heard that phrase so long in this Congress, for the last 10 years, live to fight another day, let’s kick the can down the road. You know? I think we have to do what we are supposed to do as a Committee. And most of the members of the Committee support this idea, they agree with the Fourth Amendment, that it ought to apply to American citizens under these circumstances. The Federal government is intrusive and abusive, trying to tell companies that they want to get information and the back door comments that Ms. Lofgren has talked about. We can prevent that. I think we should support the amendment and then we should fight to keep this in the legislation and bring the legislation to the floor and let the Intel Committee vote against the Fourth Amendment if that’s what they really want to do. And as far as leadership goes I think we ought to just bring it to the floor. Politely make sure that the law, the Constitution, trumps politics. Or we can let politics trump the Constitution. That’s really the decision.

Nevertheless, only Louie Gohmert, Raul Labrador, Zoe Lofgren, Suzan DelBene, Hakeem Jeffries, David Cicilline, and one other Congressman–possibly Farenthold–supported the amendment.

The committee purportedly overseeing the Intelligence Community and ensuring it doesn’t violate the Constitution has instead dictated to the committee that guards the Constitution it won’t be permitted to do its job.

Massie-Lofgren Would Shut Down ALL Back Door Searches under Section 702

/10 Comments/in /by

There are two details about the Massie-Lofgren Amendmentwhich passed the house by a 293-123 vote last night — that are currently being missed. First, the bill would shut down all back door searches under Section 702.

Except as provided in subsection (b), none of the funds made available by this Act may be used by an officer or employee of the United States to query a collection of foreign intelligence information acquired under section 702 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1881a) using a United States person identifier.

That means it would apply to FBI, in addition to CIA and NSA (which is what some people are reporting).

That’s the other detail people are missing. According to the John Bates opinion in which he first authorized back door searches for NSA and CIA in 2011, a third agency, which another document says is the FBI, had had that authority going back to 2008. According to the same language, FBI also had the authority to conduct back door searches on traditional FISA taps, which they would retain under this amendment.

 

Massie-Lofgren Amendment Closes NSA’s Back Door (for Now)

/4 Comments/in /by

The Massie-Lofgren amendment to the appropriations bill just passed, 293-123.

The amendment would prohibit funds to be used to do either of two things:

  • Conduct back door searches on US person selectors
  • Require companies to put back doors into their products

The vote total was similar to that the National Security folks have been crowing that USA Freedumber got a few weeks ago.

Leadership on both sides of the aisle will attempt to find some way to kill this, so the battle is not won yet. But the vote makes it very clear that a bipartisan majority is not okay with some of NSA’s worst abuses.

Update: Here’s the roll call. I’ll have more to say about that tomorrow.

Mark Warner Lays Out How USA Freedumber Will Put the NSA in Your Smartphone

/23 Comments/in /by

I noted this yesterday in a quick post, but I wanted to post the video and my transcription of Mark Warner’s efforts to lay out some of the privacy problems with HR 3361, which I call USA Freedumber.

Warner, who made his fortune as a telecom mogul, points out that USA Freedumber will be able to access calls from smaller cell companies that are currently not included as primary providers to NSA (he doesn’t mention it, but USA Freedumber will also be able to access VOIP).

Warner: It was reported when we think about 215 in the previous program that that collected metadata that was with those entities — those companies — that entered into some relationship with the IC, and I believe there was a February WSJ article that reported — and I don’t want to get into percentages here — that while the large entities, large companies were involved, that in many cases, the fastest growing set of telephone calls, wireless calls, were actually a relatively small percentage. Is that an accurate description of how the press has presented the 215 program prior — previously?

Ledgett: Yes, that’s how the press represented it.

Warner: And if that was an accurate presentation, wouldn’t the universe of calls that are now potentially exposed to these kind of inquiries be actually dramatically larger since any telco, regardless of whether they had a relationship with the IC or not, and any type of call, whether it is wire or wireless, be subject to the inquiries that could be now made through this new process.

Ledgett: Uh Yes, Senator, that’s accurate.

Warner: So, again, with the notion here that under the guise of further protecting privacy, I think on a factual basis, of the number of calls potentially scrutinized, the universe will be exponentially larger than what the prior system was. Is that an accurate statement.

Ledgett: No, Senator, I don’t believe so, because the only calls that the government will see are those that are directly responsive to to the predicate information that we have.

Warner: No, In terms of actual inquiries, correct, but the the universe of potential calls that you could query, when prior to the calls were only queried out of the 215 database that was held at the NSA, which as press reports said did not include — in many cases — the fastest growing number of new calls, wireless calls, now the universe of — even though the number of queries may be the same, because the protections are still the same, the actual universe of potential calls that could be queried against is dramatically larger than what 215 has right now.

Ledgett: Potentially yes, that’s right Senator.

From there, Warner focuses on a more troubling issue: the likelihood that NSA could get cell location data and call detail records with the same request. Read more

As Snowden Leak Anniversary Approaches, Intelligence Community Prepares to Declare Victory

/21 Comments/in /by

As June 5 approaches — and with it the one year anniversary of the first reporting on Edward Snowden’s leaks — the privacy community is calling supporters to redouble efforts to improve the NSA “reform bill,” which I call the USA Freedumber Act, in the Senate.

I explained here why the Senate is unlikely to improve USA Freedumber in any meaningful way. The votes just aren’t there — not even in the Senate Judiciary Committee.

Ominously, Dianne Feinstein just scheduled an NSA hearing for Thursday afternoon, when most of the privacy community will be out rallying the troops.

Unless the surveillance community finds some way to defeat USA Freedumber, the intelligence community will soon be toasting themselves that they used the cover of Edward Snowden’s disclosures to expand surveillance. The “Edward Snowden Put the NSA in Your Smartphone Act,” they might call it.

To prevent that, the privacy community needs to find a way to defeat USA Freedumber. It’s not enough, in my opinion, to point to the judicial review codified by USA Freedumber to accede to letting this pass. Not only doesn’t USA Freedumber end what most normal people call, “bulk collection,” but it expands collection in a number of ways.

That’s true, in part, because of the way the bill defines “bulk collection.” USA Freedumber only considers something “bulk collection” if it collects all of some kind of data (so, all phone data in the US). If NSA limits collection at all — selecting to collect all the phone records from Area Code 202, for example — it no longer qualifies as bulk collection under the Intel Community definition used in the bill, no matter how broadly they’re collecting.

Here’s a post where I lay that out.

To make things worse, the last version of the House bill changed the term “selection term” to make it very broad: including “entities,” “addresses,” and “devices” among the things that count as a single target, all of which invite mass targeting. I was always skeptical about “specific selection term” serving as the limiting factor in the bill; key language about how the FISC currently understands “selection term” remains classified. But I do know that Zoe Lofgren and others in the House kept saying that under the current definition of the bill the government could collect all records in, say, my Area Code 202 example. And if that’s possible, it means the phone dragnet under this “reform” may be little more targeted than upstream Section 702 collection currently is, which has telecoms sniff through up to 75% of US Internet traffic.

But it’s not just that the bill doesn’t deliver what its boosters claim it does.

There are 4 other ways that the bill makes the status quo worse, as I show in this post:

  • The move to telecoms codifies changes in the chaining process that will almost certainly expand the universe of data being analyzed — potentially significantly
  • In three ways, the bill would permit the use of phone chaining for purposes beyond counterterrorism, which isn’t currently permitted
  • The bill weakens the minimization procedures on upstream Section 702 collection imposed by FISC Judge John Bates in 2011, making it easier for the government to collect and keep domestic content domestically
  • The bill moves the authority to set minimization procedures for Pen Registers from FISC to the Attorney General (and weakens them significantly), thus eliminating the tool John Bates used to shut down illegal content-as-metadata collection

In my opinion, these changes mean the NSA will be able to do much of what they were doing in 2009, before what were then called abuses — but under this bill would be legalized — were discovered. That, plus they’re likely to expand the dragnet beyond terrorism targets.

For a year, privacy advocates have believed we’d get reform in response to Snowden’s leaks. For too long, advocates treated HR 3361 as positive reform.

But unless we defeat USA Freedumber, the Intelligence Community will have used the event of Snowden’s leaks as an opportunity to expand the dragnet.