About HR 3361, the NSA Surveillance Efficiency Act, AKA USA Freedom Act

The House Intelligence Committee passed a bill out of its committee Thursday, HR 3361, that will reportedly solve a problem (or problems) the NSA has been struggling with since 2009. The bill will now move to the full House for a vote.

The public — and surely a great majority of members of Congress — have no idea precisely what problem this bill will solve is: planted leaks suggest it has to do with difficulties dealing with cell phone records, perhaps because they include location data. If that is part of the problem, then it’s a fairly recent development, perhaps arising after US v. Jones raised new concerns about the legality of collecting location data without a warrant. There’s also the presumably-related issue of an automated query function; NSA has been struggling to resume that function since its alert function got shut down as a legal violation in 2009. The ability to tie multiple identities from the same person together as NSA runs those alerts may be a related issue.

The bill has not been reported as a fix for NSA’s long-term legal and technical struggles (though LAT’s Ken Dilanian has asked why civil liberties groups are so happy about this given that it will expose more data to NSA collection). Rather, it has been called the USA Freedom Act and reported as a reform of the phone dragnet program, a successful effort to “end” “bulk collection.”

The bill does have the critically important effect of ending the government’s practice of collecting and storing some significant portion of all US call records, beyond whatever US person call records it collects overseas. That, by itself, is the equivalent of defusing a nuclear bomb. It is a very important improvement on the status quo.

It remains entirely unclear — and unexamined, as far as I can tell — whether the bill will increase or decrease the number of entirely innocent Americans who will be subjected to the full range of NSA’s analytical tradecraft because they got swept up based on the guilt by association principle behind contact-chaining, or whether the bill will actually expose more kinds of US person records to the scrutiny of the NSA.

The bill the press is calling USA Freedom Act may also — though we don’t know this either — have the salutary benefit of changing the way the NSA currently collects data under other Section 215, Pen Register, and NSL collection efforts.  The bill requires that all Section 215 (both call record and otherwise), Pen Register, and NSL queries be based on a specific selection term that remains vaguely defined (a definition the House Intelligence Committee considered eliminating before Thursday’s hearing). But it remains unclear how much that rule — even ignoring questions about the definition — will limit any current practices. At Wednesday’s hearing Bob Goodlatte said the bill “preserves the individual use of Section 215 under the existing relevancy standard for all business records,” and at least for several NSL authorities, the new “restrictions” almost certainly present no change (and another NSL authority, the Right to Financial Privacy Act, uses the same “entity” language the bill definition does, suggesting it is unlikely to change either). Plus, at least according to DOJ’s public claims and court filings, it ended the bulk domestic collection under PRTT in 2011. So the language “ending” “bulk collection” may do no more than make it harder for FBI to construct its own phone books of phone company and ISP subscribers using NSLs, if it does even that.

What the bill doesn’t do — because this part of the bill was stripped as part of the compromise — is provide the Intelligence Community’s oversight committees detailed reports of what kind of records the government obtains under Section 215 (and for what agencies), and how many Americans are subject to all the FISA authorities, including Section 215. That is, the compromise eliminated the one thing that could measure whether the bill really did “end” “bulk collection” as you or I would understand it. In its stead, the bill largely codifies an existing reporting agreement that AT&T has already demonstrated to be completely deceptive. In Wednesday’s hearing, Zoe Lofgren called provider reporting “the canary in the coal mine” the committee would rely on to understand what collection occurred.

So this bill that “ends” “bulk collection” still prevents us, or even the oversight committees working in our name, from learning whether it does so.

It does, however, have some interesting features, given its other purpose of solving one or more challenges facing the NSA.

The first of those is immunity.

No cause of action shall lie in any court against a person who produces tangible things or provides information, facilities, or technical assistance pursuant to an  order issued or an emergency production required under this section. 

This is another part of the bill the underlying reasons for which the public, and probably much of Congress, doesn’t understand. At one level, it seems to immunize the process that may have telecoms playing a role the NSA previously did, analyzing the data; it may also pertain to providing NSA access to the telecoms’ physical facilities. But given the background to the move to telecoms — NSA’s legal-technical problems dealing with cell phone data because it ties to location — it is possible the immunity gives the telecoms protection if they use but don’t turn over data they have already, such as location data or even Internet metadata, to perform the interim analysis.

Consider how the bill describes the call record query process.

[T]he Government  may require the production of call detail records—

(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii) as the basis for production; and

(II) using the results of the production under subclause (I) as the basis for production;

So a 2-hop query goes from a “specific selection term” to “the results of the production” to the “call detail record” handed over to the government. While the definition of call detail records clearly prohibits the final production to the government of either content or cell location, nothing in this process description prevents the telecoms from using such things (most Internet metadata is legally content to the telecoms) in that interim hop; indeed, the “results of the production under subclause (I)” available to the telecoms almost certainly would include some of this information, particularly for smart phones. We know the Hemisphere program (the AT&T-specific program for the DEA) uses cell location in its analysis. Remember, too, how NSA is gobbling up smart phone data (including things like address books) in overseas programs; this may permit analysis of similar data — if not collection of it — domestically.  So at the very least, this scheme seems to give the NSA access to cell location and possibly a whole lot more data for analysis they otherwise couldn’t get (which David Sanger’s sources confirm).

And consider two more details from Wednesday’s House Judiciary hearing. At it, Lofgren repeated a list of business records the government might obtain under Section 215 she got Deputy Attorney General James Cole to confirm at an earlier hearing. It includes:

  • ATM photos
  • location where phone calls made
  • credit card transactions
  • cookies
  • Internet searches
  • pictures captured by CCTV cameras

So long as the word “entity” in the definition of specific selection term remains undefined, so long as FISC precedents permit the tapping of entire circuits in the name of collecting on an entity, the government may still be able to collect massive amounts of this data, not actually targeted at a suspect but rather something defined as an entity (in both the existing 215 program and the new call records one the bill retains the “relevant to” language that has been blown up beyond meaning).

Finally, consider what happened with Lofgren’s last attempted amendment. After having submitted a number of other failed amendments, Lofgren submitted an amendment to fix what she called an inadvertent error in the manager’s amendment specifically prohibiting the collection of content under Section 215.

I believe this amendment fixes — at least I hope — an error that was created in the manager’s amendment that I cannot believe was intended. As you know we have specified that the content is not included in business records. This amendment clarifies that business records do not include the content of communication. We specify that in the new section about call detail records, but but the specification that content was not included somehow got dropped out of the business records section. It was included in your original bill but it didn’t make it into the manager’s amendment. I think this amendment clarifies the ambiguity that could be created and I hope it was not intentional.

This is a problem I pointed out here.

Almost without missing a beat after she introduced this, Jim Sensenbrenner recessed the hearing, citing votes. While there were, in fact, votes, Luis Pierluisi (who cast the decisive vote in favor of an amendment to redefine counterintelligence) and possibly Lofgren got a lecture at the break about how any such amendments might blow up the deal the Committee had with Mike Rogers and HPSCI. After the break, Lofgren withdrew the amendment, expressing hope it could be treated as a clerical fix.

That purported error was not fixed before HPSCI (which explicitly permitted the collection of content under its bill) voted out the bill.

Perhaps it will be “fixed” before it comes to the floor.

But if it doesn’t, it may expand (or, given Lofgren’s stated concerns about what records Section 215 might cover, sustain) the use of Section 215 to collect content, not just metadata. Imagine the possibility this gets yoked to expanded analysis at telecoms under the new CDR program?

We don’t know. This bill has gotten past two committees of Congress (we didn’t get to see any of the debate at HPSCI) without these details becoming clear. But the questions raised by this bill when you consider it as the fix to one or more problems the NSA has been struggling with, it does raise real questions.

Again, I don’t want to make light of the one thing we know this bill will do — take a database showing all phone-based relationships in the country out of NSA’s hands. That eliminates an intolerably risky program. That is an important fix.

But that shouldn’t lead us to ignore the potential expansion of spying that may come with this bill.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

9 replies
  1. chronicle says:

    quote:”Almost without missing a beat after she introduced this, Jim Sensenbrenner recessed the hearing, citing votes. While there were, in fact, votes, Luis Pierluisi (who cast the decisive vote in favor of an amendment to redefine counterintelligence) and possibly Lofgren got a lecture at the break about how any such amendments might blow up the deal the Committee had with Mike Rogers and HPSCI. After the break, Lofgren withdrew the amendment, expressing hope it could be treated as a clerical fix.” unquote

    After the break, Lofgren withdrew the amendment. whudda thunk. Can’t be messing around with the NSA now can we?

    quote”Again, I don’t want to make light of the one thing we know this bill will do — take a database showing all phone-based relationships in the country out of NSA’s hands.”unquote

    wait..wait.. since when has the NSA EVER gave flying fuck about their “legal” limitations. I’ve got $1k that says Clapper is rolling on the floor in gut splitting laughter. In reality, we’ve been bamboozled. These scumbags in Congress have just codified the future surveillance state, and they really don’t give a fuck about the database.. because they’ll do it anyway…, mark my words. After all..we’re talking about the biggest LIARS on the planet.

  2. orionATL says:

    the behavior of congress critters toward this legalization/kosherization of electronic spying on americans by their government is one of the most bizarre congressional events i have ever watched.

    the amalgamated bill created by house “leadership” is a monstrosity of privacy deprivation – a totally unnecessary gift to federal police and prosecutors – and an abject failure by our “leaders” to challenge the limits technology can have on our individual lives and our society.

    no congressperson is speaking out against, trying to change, or criticizing this horrendous uniting of government and corporate record keeping and power which will severely weaken, if not destroy, future citizen protests against government and corporate conduct.

    the bizarre quiescence from our leadership is as if a pall, a burial pall, has fallen over washington for the entire length of pennsylvania avenue.

  3. chronicle says:

    quote”the behavior of congress critters toward this legalization/kosherization of electronic spying on americans by their government is one of the most bizarre congressional events i have ever watched.”unquote

    They mock everything the Constitution stood for. To me..the entire Congress has now become one big traitorous cabal. If this bill isn’t living testimony, I don’t know what is. They are beyond salvation. They’re now completely illegitimate. The only question left is how long before the American people wake up to absolute Totalitarianism..and what will they do about it? Given the INSANE militarization of local police across this entire nation, and their sadistic expansion of murder with no accountablity, I personally think we are closer than you think. Especially if this bill becomes law. Here is but one example of total-out-of-control psychopaths with badges….

    http://www.policestateusa.com/2014/galveston-wedding-beatdown/

    The mere fact that someone had to build a website called PoliceStateUSA to document the daily crimes of LEO’s around this nation tells me something. Especially..when it says this at the bottom….

    quote”PSUSA has been exposing the police state since 2010 and never runs out of material. “unquote

    If you can get through that page about the wedding assault without vomiting, read on. If that doesn’t convince you where we are heading…nothing will.

  4. chronicle says:

    quote” In reality, we’ve been bamboozled. These scumbags in Congress have just codified the future surveillance state, and they really don’t give a fuck about the database.. because they’ll do it anyway…, mark my words. ” unquote

    Well sooprise sooprise sooprise…it didn’t take long.

    http://en.wikinews.org/wiki/Amended_USA_Freedom_Act_draws_questions_from_civil_liberties_groups

    quote”According to Deputy Attorney General James Cole, even if the Freedom Act becomes law, the NSA could continue its bulk collection of American’s phone records. He explained that “it’s going to depend on how the [FISA] court interprets any number of the provisions” contained within the legislation. Jennifer Granick, Director of Civil Liberties at Stanford Law School, stated:

    The Administration and the intelligence community believe they can do whatever they want, regardless of the laws Congress passes, so long they can convince one of the judges appointed to the secretive Foreign Intelligence Surveillance Court (FISC) to agree. This isn’t the rule of law. This is a coup d’etat. “unquote

    This is a coup d’etat. Indeed. Whudda thunk. In that case, insurrection becomes the only option left.

  5. Sulboa says:

    Marcy, if you were my woman I would make you a dandelion necklace.

    I am sure this bill would not exist with out your good mind.

    Yes I know it’s problematic but it’s important, significant, a milestone.

    Our love to you, and you and you.

    Thank you

  6. C says:

    This is typical of this sad sad impotent administration. As they have demonstrated here, as in financial cases, their focus on “looking forward not back” is about covering up crimes and legalizing them not preventing future violations. Rather they work to make them legal. While I agree that the phone database is an issue the fact remains that the NSA can still get all the data that they want when they want it so they have not lost any actual power and in absence of any serious oversight they will do what they want anyway.

    At this point any illusion that the D’s or R’s believe in, or have the power to affect, civil liberties should be dispensed with.

  7. chronicle says:

    quote:” Jennifer Granick, Director of Civil Liberties at Stanford Law School, stated:

    The Administration and the intelligence community believe they can do whatever they want, regardless of the laws Congress passes, so long they can convince one of the judges appointed to the secretive Foreign Intelligence Surveillance Court (FISC) to agree. This isn’t the rule of law. This is a coup d’etat. “unquote

    If anyone can define coup d’etat , she can…

    http://justsecurity.org/2014/01/30/reforming-section-702-dragnet-1/

    I truly believe it now. Jim Garrison notwithstanding.

Comments are closed.