In this post I pointed out what Clapper’s letter really said. In this one, I described why it is so inexcusable that Clapper emphasized FBI’s exemption from reporting requirements (I will have a follow-up soon about why that earlier post just scratches the surface). And this post lays out some — but not all — the ways Clapper’s letter said he would gut the Advocate provision.
But I think there’s a far better way of understanding Clapper’s letter. He didn’t endorse Leahy’s USAF, S 2685. He endorsed USA Freedumber, HR 3361.
Below the rule I’ve put a summary of changes from USA Freedumber to Leahy USA Freedom, HR 3361 to S 2685. I did it a very long time ago, and there are things I’d emphasize differently now, but it will have to do for now (it may also be helpful to review this summary of how USA Freedumber made USA Freedumb worse). Basically, S 2685 improved on HR 3361 by,
This closely matches what the coalition that signed onto S 2685 laid out as the improvements from HR 3361 to S 2685.
[T]he new version of the bill:
- Strengthens and clarifies the ban on “bulk” collection of records, including by tightening definitions to ensure that the government can’t collect records for everyone in a particular geographic area or using a particular communication service, and by adding new post-collection minimization procedures;
- Allows much more detailed transparency reporting by companies—and requires much more detailed transparency reporting by the government—about the NSA’s surveillance activities; and
- Provides stronger reforms to the secret Foreign Intelligence Surveillance Court’s processes, by creating new Special Advocates whose duty is to advocate to the court in favor of privacy and civil liberties, and by strengthening requirements that the government release redacted copies or summaries of the court’s significant decisions.
Though as I explained here, there is no public evidence the minimization procedures required by the bill are even as stringent as what the FISC currently imposes on most orders, so the minimization procedures of S 2685 might – like the emergency procedures do — actually weaken the status quo.
Here are three of the key passages from Clapper’s letter that I believe would address the intent of the bill as written.
In other words, the limiting language in Clapper’s letter very clearly maps the changes from HR 3361 to S 2685.
He clearly says he doesn’t have to follow the new limits on specific selection terms. He signals he will use his authority to make classification and privilege determinations to keep information away from the amicus (or retain ex parte procedures via some other means). And by endorsing John Bates’ letter, he revealed his intention to take out requirements that the amicus advocate in favor of privacy and civil liberties. In addition — this is the part of Bates’ letter I missed in my previous analysis — he thereby endorsed Bates’ recommendation to “delet[e] this provision [specifying that the Court must release at least a summary], leaving in place the provision that significant FISA court decision would continue to be released, whenever feasible, in redacted form.”
Plus, as I mentioned, his use of “metadata” rather than “Call Detail Record” suggests he may play with that laudable limit in the bill as well.
I think Clapper’s read on the exemption for FBI is totally a fair reading of the bill; I just happen to think the Senate is doing a great deal of affirmative damage by accepting it. (Again, I hope to explain more why that is the case in the next day or so.)
Voila! Clapper’s “endorsement” of the bill managed to carve out almost all the improvements from HR 3361 to S 2685 (as well as emphasize Congress’ ratification for the FBI exemption, the huge reservation on the one improvement he left untouched). The only other improvement Clapper left in place was the limit on collection of prospective phone record to counterterrorism purposes.
That’s it. If Clapper’s views hold sway, that’s all this bill is: USA Freedumber with the retention of the status quo counterterrorism application for CDR collection.
Thanks to this NYT editorial, everyone is talking about Patrick Leahy’s version of USA Freedom, which he will introduce tomorrow.
Given what I’ve heard, my impression is the editorial is correct that Leahy’s bill is a significant improvement off of USA Freedumber.
That’s not saying much.
It tightens the definition for Specific Selection Term significantly (though there may still be limited cause for concern).
It improves the FISA Advocate (but not necessarily enough that it would be meaningful).
It improves transparency (but there’s one aspect of “improved” transparency that actually disturbs me significantly).
It pretends to fix concerns I had about the PRTT minimization, but I don’t think it succeeds.
Still, an improvement off of the USA Freedumber.
I’m not convinced that makes it an acceptable improvement off of the status quo (especially the status quo requiring court approval for each seed). That’s because — from what I’ve heard — Leahy’s bill retains the language from USA Freedumber on contact chaining, which reads,
(iii) provide that the Government may require the prompt production of call detail records—
(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii) as the basis for production; and
(II) using call detail records with a direct connection to such specific selection term as the basis for production of a second set of call detail records;
Now, I have no idea what this language means, and no one I’ve talked to outside of the intelligence committees does either. It might just mean they will do the same contact chaining they do now, but if it does, why adopt this obscure language? It may just mean they will correlate identities, and do contact chaining off all the burner phones their algorithms say are the same people, but nothing more, but if so, isn’t there clearer language to indicate that (and limit it to that)?
But we know in the equivalent program for DEA – Hemisphere – the government uses location to chain people. So to argue this doesn’t include location chaining, you’d have to argue that NSA is satisfied with less than DEA gets and explain why the language of this bill specifically prohibits it. (The bill — as USA Freedumber before it did — requires NSA to use Call Detail Records at each step; that may or may not impose such limits.)
I remain concerned, too, that such obscure language would permit the contact chaining on phone books and calendars, both things we know NSA obtains overseas, both things NSA might have access to through their newly immunized telecom partners.
In addition, Leahy’s bill keeps USA Freedumber’s retention language tied to Foreign Intelligence purpose, allowing the NSA to keep all records that might have a foreign intelligence purpose.
Why, after having read PCLOB’s 702 report stating that, “when an NSA analyst recognizes that [a communication] involves a U.S. person and determines that it clearly is not relevant to foreign intelligence or evidence of a crime,” destruction of it, which is required by the law, “rarely happens,” would anyone applaud a Section 215 bill that effectively expands retention using that very same utterly meaningless “foreign intelligence” language? And with it may expand the permitted dissemination of such data?
The bill is definitely an improvement over USA Freedumber. But until someone explains what that connection chaining language does — and includes limiting language to make sure that’s all it will ever do — I have no way of knowing whether Leahy’s bill is better than the status quo. As it is, however, it is certainly conceivable Leahy’s bill will result in more innocent Americans ending up in the corporate store.
(I may have two more new concerns about Leahy’s bill, but I’ll hold those until I see what precise language the bill uses for them.)
Back in February, I noted Ron Wyden’s question for then acting OLC head Caroline Krass (she’s now CIA’s General Counsel) about Jack Goldsmith’s 2004 OLC opinion authorizing the dragnet.
In the follow-up questions for CIA General Counsel nominee Caroline Krass, Ron Wyden asked a series of his signature loaded questions. With it, he pointed to the existence of still-active OLC advice — Jack Goldsmith’s May 6, 2004 memo on Bush’s illegal wiretap program — supporting the conduct of a phone (but not Internet) dragnet based solely on Presidential authorization.
He started by asking “Did any of the redacted portions of the May 2004 OLC opinion address bulk telephony metadata collection?
Krass largely dodged the question — but did say that “it would be appropriate for the May 6, 2004 OLC opinion to be reviewed to determine whether additional portions of the opinion can be declassified.”
In other words, the answer is (it always is when Wyden asks these questions) “yes.”
This is obvious in any case, because Goldsmith discusses shutting down the Internet dragnet program, and spends lots of time discussing locating suspects.
Wyden then asked if the opinion relied on something besides FISA to conduct the dragnet.
[D]id the OLC rely at that time on a statutory basis other than the Foreign Intelligence Surveillance Act for the authority to conduct bulk telephony metadata collection?
Krass dodged by noting the declassification had not happened so she couldn’t answer.
But the 2009 Draft NSA IG Report makes it clear the answer is yes: NSA collected such data, both before and after the 2004 hospital showdown, based solely on Presidential authorization (though on occasion DOJ would send letters to the telecoms to reassure them both the metadata and content collection was legal).
Finally, Wyden asks the kicker: “Has the OLC taken any action to withdraw this opinion?”
Krass makes it clear the memo is still active, but assures us it’s not being used.
This is an exchange Center for National Security Studies Kate Martin brings back into the discussion of whether USA Freedumber actually ends bulk collection.
[W]e don’t know whether the Justice Department has opined that other statutory authorities – not now addressed in the USA Freedom Act – could authorize the NSA’s bulk collection. Without this knowledge, we can’t be certain whether the proposed amendments to section 501 (215) will in fact be sufficient to prohibit the NSA from engaging in bulk collection of metadata using some other hitherto unidentified authority.
This is not a fanciful concern. There is in fact a still partly secret OLC opinion by the Justice Department that may address precisely this question.
CNSS is using the debate over USA Freedumber to demand the Administration declassify the rest of that opinion.
When the government declassified the statements submitted in the Jewel v. NSA case last December, it basically declassified everything that should be in that memo. So what’s the holdup on releasing the memo itself?
I Con the Record just released the most recent dragnet orders — I’ll have more comment on them later.
But for now, I wanted to show how HR 3361 — AKA the USA Freedumber Act — weakened FISA Court authority in yet another way.
I have repeatedly pointed to how pathetic the “prohibition” against using information, obtained via an Attorney General emergency order, but then ruled by the FISA Court to be an improper use of the Section 215 authority. It reads:
(5) If such application for approval is denied, or in any other case where the production of tangible things is terminated and no order is issued approving the production, no information obtained or evidence derived from such production shall be received in evidence or otherwise disclosed in any trial, hearing, or other proceeding in or before any court, grand jury, department, office, agency, regulatory body, legislative committee, or other authority of the United States, a State, or political subdivision thereof, and no information concerning any United States person acquired from such production shall subsequently be used or disclosed in any other manner by Federal officers or employees without the consent of such person, except with the approval of the Attorney General if the information indicates a threat of death or serious bodily harm to any person.
‘(6) The Attorney General shall assess compliance with the requirements of paragraph (5).
The bill would prohibit the government from using the improperly obtained information in trials and other proceedings. And the information is not supposed to be used in any manner — except if the Attorney General deems the information tin indicate a threat of death or bodily harm (which we know the government has secretly redefined to include threat to property).
But it’s the Attorney General — the same guy who approved the illegal production — who ensures the government follows that role.
Moreover, the bill does not require the government to destroy this data. They get to keep it.
Compare that with the status quo (see footnote 8).
In the event the Court denies such motion [retroactively seeking approval for emergency production], the government shall take appropriate remedial steps, including any steps the Court may direct.
Call me crazy, but I think the FISA Court judge who deemed the collection to be improper is a better person to determine what the remedy is to fix that improper collection.
I guess even that basic concept of separation of powers was too burdensome for Bob Litt.
As you know, I’ve been trying to track the language in existing phone dragnet orders and new legislation approving the collection of records that are “connected” to a selector by means other than actual calls made. (See here, here, and here for background.) Basically, the automated query approved by the FISA Court in 2012 and the USA Freedumber Act both authorize the government to collect call detail records from phones “connected” to a selector without any call having been made.
Clearly this provision serves to allow the government to track “burner” phones. But given that under the Hemisphere program, AT&T uses cell location to conduct chaining, I expect “connections” will include that too. And it may include things like address books, photos, and calendars, which would be accessible to smart phone providers, and which we know the NSA collects and uses to establish such connections overseas.
I just realized in the last few days that the Fake FISA Fix Dianne Feinstein passed through the Senate Intelligence Committee last year also provides for “connections” based chaining. Here’s how it appears in the bill:
Scope of permissible query return information:
For any query performed pursuant to paragraph (1)(D)(i), the query only may return information concerning communications—
(A) to or from the selector used to perform the query;
(B) to or from a selector in communication with the selector used to perform the query; or
(C) to or from any selector reasonably linked to the selector used to perform the query, in accordance with the court approved minimization procedures required under subsection (g). [my emphasis]
This appears to confirm that the existing connection chaining uses the minimization procedures stage to assess the validity of the connection.
Nowhere, however, have I ever seen any language limiting what kind of “reasonable links” NSA can make in secret.
Particularly given that the government is intent on giving telecoms to make these links, we really ought to be limiting the kinds of links they’re permitted to make.
The three surveillance critics from the Senate Intelligence Committee — Ron Wyden, Mark Udall, and Martin Heinrich — wrote a letter to Obama on the developments in the NSA reform. Generally, they repeat exhortations that Wyden and Udall have already made in hearings to end the dragnet right now, as Obama has already claimed he wants to do.
I’m not entirely sure what to make of it, but I find some of the details in it to be of particular interest.
The Senators point out, for example, that several bills accomplish the goals Obama has publicly stated he’d support. Those bills include the original USA Freedom Act, and separate proposals advanced by both Udall and Wyden.
But they also include the original PATRIOT Reauthorization from 2005, which Dianne Feinstein once supported, as did a young Senator named Barack Obama (though the Senators don’t mention either of those details). Wyden has long pointed obliquely to when the Executive first started using PATRIOT to conduct dragnets, and the record shows the Executive withheld information about how it was using the PRTT authority from even the Intelligence Committees during the 2005 reauthorization. So the Senators may be nodding towards Executive refusal to respect the will of Congress with this mention.
The Senators then both question claims from Administration officials that “in the absence of new legislation, there is no plan to suspend the bulk collection of Americans’ phone records,” and express their doubts “that the version of the USA Freedom Act that recently passed the House of Representatives would actually ban the bulk collection of Americans’ records.”
While they repeatedly reiterate their support for legislative reform, they also lay out a plan by which the President can immediately end the dragnet. Here’s the part I find particularly interesting.
First, they say it is “highly likely” FISC would let them get 2-degrees of phone records, unless FISC has already prohibited that.
Unless the FISC has already rejected such a request from the government, it does not seem necessary for the executive branch to wait for Congress before taking action.
Isn’t this already included in current orders? Shouldn’t the Senators know if FISC has rejected such a request (especially Wyden, who has been on the committee through all this period)? Is Wyden saying it’s possible there’s something else limiting the dragnet? Is he pointing to a ruling he knows about?
Just as interesting, the Senators argue the Pen Register Authority — not Section 215 — could serve to carry out the prospective collection the bill claims to want to do.
FISC would likely approve the defined and limited prospective searches for records envisioned under your proposal pursuant to current USA PATRIOT Act Section 214 pen register authorities, given how broadly it has previous interpreted these authorities.
Finally, although we have seen no evidence that the government has needed the bulk phone records collection program to attain any time-sensitive objectives, we agree that new legislation should provide clear emergency authorities to allow the government to obtain court approval of individual queries after the fact under specific circumstances. The law currently allows prospective emergency acquisitions of call records under Section 403 of the Foreign Intelligence Surveillance Act (FISA), and the acquisition of past records without judicial review under national security letter authorities.
Of course, the PRTT authority (cited twice here) should always have been the appropriate authority for this collection; we’ve just never learned why the government didn’t use that.
Basically, the Senators are laying out how the Executive could do precisely what it says it wants to do with existing authorities (indeed, with the PRTT authority that are actually targeted to the kind of record in question).
The Executive has all the authorities it needs, the Senators lay out, so why doesn’t it end the dragnet — achieve the reform it claims it wants — immediately?
We believe the way to restore Americans’ constitutional rights and their trust in our intelligence community is to immediately end the practice of vacuuming up the phone records of huge numbers of innocent Americans every day and permit the government to obtain only the phone records of people actually connected to terrorism or other nefarious activity. We support your March 27, 2014, proposal to achieve these goals, but we also view ending bulk collection as an imperative that cannot wait.
Damn! That’s a very good question! Obama moved immediately to implement his first reform proposal — advance FISC approval and limits to two hops — back in February. So why isn’t he moving immediately to implement the plan he says he wants now, as the Senators lay out he could well do under existing authorities?
It may be the Senators are just pressuring Obama to implement changes now, and nothing here is meant to point to some underlying issue.
But I wildarseguess that they’re trying to point out the differences between what they could do — under the PRTT orders they should have been using from the start — and what they want to do.
There’s one difference we can point to right away, after all: immunity. If all the government wanted to do was to obtain call detail records, then they wouldn’t need to give the telecoms immunity. That’s something they do every day. But there’s something they will do that has led the telecoms to demand immunity. That’s the stuff that goes beyond traditional PRTT activity.
Then there’s the stuff we don’t know about: the “connections” based chaining. As I’ve said, I don’t know what that entails. But it is an obvious explanation for why the telecoms need immunity — and for why a simple PRTT order won’t suffice.
One way or another, the Senators are calling Obama’s bluff. Obama says he wants nothing more than to obtain specific phone records going forward. If that’s true, he could make the change today. Yet the Executive is clear they can’t do that.
Update: One more detail. As Wyden’s release on this makes clear, today’s the day the March 28, 2014 phone dragnet order expires, so presumably the government got another one today. We’ve never seen that March 28 order, by the way.
The Massie-Lofgren amendment to the appropriations bill just passed, 293-123.
The amendment would prohibit funds to be used to do either of two things:
The vote total was similar to that the National Security folks have been crowing that USA Freedumber got a few weeks ago.
Leadership on both sides of the aisle will attempt to find some way to kill this, so the battle is not won yet. But the vote makes it very clear that a bipartisan majority is not okay with some of NSA’s worst abuses.
Update: Here’s the roll call. I’ll have more to say about that tomorrow.
I’m still working on understanding all the crud that is included in the USA Freedumber Act. And for the first time, I have looked really closely at the language on Inspector General Reports, which effectively modifies Section 106 of the 2005 PATRIOT Act Reauthorization. Not only does the language add a DOJ IG Report roughly parallel to the ones mandated for the years through 2006 for 2012 through 2014, but it adds an Intelligence Community IG Report for those 3 years.
I’ve long noted that that seems to leave 2010 and 2011 unexamined. That might be covered in the IG report Pat Leahy requested of the Intelligence Committee IG, Charles McCullough, though the dates are different and McCullough said he didn’t really have the time. So 2010 and 2011 may or may not currently being reviewed; they’re not required to be by the bill, however.
But upon closer review I’m just as interested in some holes the two reports will likely have, in combination.
What I realized when I reviewed the actual language, below, is that USA Freedumber is exploiting the fact that Section 215 was originally written exclusively for the FBI, even if the NSA and CIA and probably a bunch of other agencies are using it too (they’re doing this with minimization procedures elsewhere in the bill, too). Thus, they can leave language that applies specifically to FBI, and pretend that it applies to other agencies.
In practice, that leaves the DOJ IG to investigate general things about Section 215 use, including:
any noteworthy facts or circumstances relating to orders under such section, including any improper or illegal use of the authority provided under such section; and
So long as FBI retains a role in the application process, it will have access to and can review the categories of records obtained, which is critical because this is one of the ways Congress will learn what those categories are.
But only the DOJ IG assesses whether Section 215 is adhering to law (as opposed to protecting Americanas’ constitutional rights). At one level, I’d much rather have DOJ IG perform this review, because we’ve never seen anything out of the IC IG resembling real oversight. Plus, under Glenn Fine, DOJ’s IG did point to real legal problems with the dragnet (which DOJ largely refused to fix, but which may have led to addition FISC opinions on those subjects). But I have questions whether DOJ’s IG would get enough visibility into what NSA and CIA and other agencies are doing with this data to perform a real review of the legality of it.
Then there are some somewhat parallel things both DOJ’s and IC’s IG would review, including:
the importance (IC IG) or effectiveness (DOJ IG) of Section 215
the manner in which that information was collected, retained, analyzed, and disseminated by the intelligence community;
the minimization procedures used by elements of the intelligence community under such title and whether the minimization procedures adequately protect the constitutional rights of United States persons; and
any minimization procedures proposed by an element of the intelligence community under such title that were modified or denied by the FISC
These are all well and good, and there’s the possibility that an IC IG review of how NSA analyzes and disseminates Section 215 data would find any of the most concerning potential practices.
I find the last two things DOJ’s IG would review at FBI but not even at DEA (if DEA uses Section 215), and which the IC IG would not review at all, the most telling.
That is, the DOJ IG reports on how often the FBI uses Section 215 for finished intelligence products and how often it serves supports criminal proceedings. But it doesn’t track how often NSA uses Section 215 for finished intelligence products, nor does it track how often NSA uses Section 215 to investigate an American further.
The latter fact — that NSA isn’t counting how many Americans its targets because of Section 215 derived information — is not all that surprising. NSA has worked hard to obscure how many Americans have been sucked up in its analytical maw. Still, if we were serious about providing some transparency to the corporate store — where anyone 2 or 3 degrees from a RAS approved selector can get dumped and subjected to all of NSA’s analytical tradecraft forever — we’d require the IC IG to count this number, too.
And the fact that no one asks NSA and CIA how many finished intelligence reports they’re generating out of Section 215 is problematic both because it doesn’t identify how often NSA and CIA are sharing intelligence with FBI or National Counterterrorism Center or other agencies like DEA (which was one of the big problems with both the phone and Internet dragnet in 2009-10). But it also makes it harder for Congress to get a real understanding of how effective these tools are.
You can’t judge the efficacy of something you don’t measure.
To understand how important this is, consider the discussions about the phone dragnet we’ve had since last year. Everything has been measured in terms of reporting to FBI, which not only doesn’t disclose how many people are stuck in NSA’s maw, but to outsiders made the program look totally useless. We still don’t know precisely how the government is using the phone dragnet, because the data they’ve shared to describe its efficacy is probably not the most significant way it is used.
It seems the intelligence community would like to keep it that way. →']);" class="more-link">Continue reading
Josh Gerstein already wrote about some of this Mike Rogers blather. But I wanted to transcribe the whole thing to display how utterly full of shit he is.
At a conference at Georgetown the other day, (see video 3), Rogers laid into the tech companies for opposing USA Freedumber, which he badly misrepresented just before this. The context of European opportunism beings at 1:06, the quote begins after 1:08.
We should be very mad at Google, and Microsoft, and Facebook, because they’re doing a very interesting, and I think, very dangerous thing. They’ve come out and said, “well, we oppose this new FISA bill because it doesn’t go far enough.” When you peel that onion back a little bit, and why are you doing this, this is a good bill, it’s safe, bipartisan, it’s rational, it meets all the requirements for Fourth Amendment protection, privacy protection, and allowing the system to work,
Rogers claims they’re doing so solely because they’re afraid to lose European business. And Rogers — a Republican! — is furious that corporations prioritize their profits (note, Rogers has never complained that some of these same companies use European tax shelters to cheat the tax man).
And they say, “well, we have to do this because we have to make sure we don’t lose our European business.” I don’t know about the rest of you, that offends me from the word, “European business.” Think about what they’re doing. They’re willing, in their minds, to justify the importance of their next quarter’s earnings in Europe, versus the National Security of the United States. Everybody on those boards should be embarrassed, and their CEOs should be embarrassed, and their stockholders should be embarrassed.That one quarter cannot be worth the National Security of the United States for the next 10 generations. And if we don’t get this part turned around very quickly, it will likely get a little ugly, and that emotional piece that we got by is going to be right back in the center of the room to no good advantage to our ability to protect the United States.
Mostly, he seems pissed because he knows the collective weight of the tech companies may give those of us trying to defeat USA Freedumber a fighting chance, which is what Rogers considers an emotional place because Democracy.
But Rogers’ rant gets truly bizarre later in the same video (after 1:23) where he explains what the security interest is:
We have one particular financial institution that clears, somewhere about $7 trillion dollars in global financial transactions every single day. Imagine if tomorrow that place gets in there and through an attack of which we know does exist, the potential does exist where the information is destroyed and manipulated, now you don’t know who owes what money, some of that may have lost transactions completely forever, imagine what that does to the economy, $7 trillion. Gone — right? Gone. It’s that serious.
Mind you, Rogers appears unaware that a banks shuffling of money — while an incredibly ripe target for hackers — does not really contribute to the American economy. This kind of daily volume is churn that only the very very rich benefit from. And one big reason it’s a target is because it is an inherently fragile thing.
To make all this even more hysterical, Rogers talks about risk driving insurance driving proper defensive measures from the target companies … yet he seems not to apply those rules to banks.
Mike Rogers, it seems, would rather kill Google’s business than permit this rickety vitality killing bank to feel the full brunt of the risk of its own business model.
Eric Cantor, who famously held up earthquake relief to his own district on Paygo rules, got his ass handed to him last night by Tea Party candidate Dave Brat.
And while my impression is Cantor lost because of that kind of disdain for his constituents, it is in fact the case that 1) Cantor was a key player in watering down and then passing the USA Freedumber Act and 2) Brat campaigned on an anti-surveillance platform. Which means pundits are already reading Cantor’s defeat as a loss for the NSA.
But it’s only a loss if it leads to the defeat of USA Freedumber, one of the last bills Cantor shepherded through the House before his shellacking.
So I think the privacy community should use it as an opportunity to do what it should have done as soon as USA Freedumb got watered down into USA Freedumber: loudly declare that Jim Sensenbrenner reneged on the deal made in the USA Freedumb Act and that the legislative effort needs to be reset.
I say that because right now the privacy community has lost all its leverage in this process by not loudly coming out against USA Freedumber after Cantor watered it down, by not rallying the privacy community on solid principles. Sure, doing so doesn’t help in the House, where significant damage has already been done. But doing so may be one of the few things that would restore the credibility of the institutional players and restore some kind of unity to the effort.