Josh Gerstein already wrote about some of this Mike Rogers blather. But I wanted to transcribe the whole thing to display how utterly full of shit he is.
At a conference at Georgetown the other day, (see video 3), Rogers laid into the tech companies for opposing USA Freedumber, which he badly misrepresented just before this. The context of European opportunism beings at 1:06, the quote begins after 1:08.
We should be very mad at Google, and Microsoft, and Facebook, because they’re doing a very interesting, and I think, very dangerous thing. They’ve come out and said, “well, we oppose this new FISA bill because it doesn’t go far enough.” When you peel that onion back a little bit, and why are you doing this, this is a good bill, it’s safe, bipartisan, it’s rational, it meets all the requirements for Fourth Amendment protection, privacy protection, and allowing the system to work,
Rogers claims they’re doing so solely because they’re afraid to lose European business. And Rogers — a Republican! — is furious that corporations prioritize their profits (note, Rogers has never complained that some of these same companies use European tax shelters to cheat the tax man).
And they say, “well, we have to do this because we have to make sure we don’t lose our European business.” I don’t know about the rest of you, that offends me from the word, “European business.” Think about what they’re doing. They’re willing, in their minds, to justify the importance of their next quarter’s earnings in Europe, versus the National Security of the United States. Everybody on those boards should be embarrassed, and their CEOs should be embarrassed, and their stockholders should be embarrassed.That one quarter cannot be worth the National Security of the United States for the next 10 generations. And if we don’t get this part turned around very quickly, it will likely get a little ugly, and that emotional piece that we got by is going to be right back in the center of the room to no good advantage to our ability to protect the United States.
Mostly, he seems pissed because he knows the collective weight of the tech companies may give those of us trying to defeat USA Freedumber a fighting chance, which is what Rogers considers an emotional place because Democracy.
But Rogers’ rant gets truly bizarre later in the same video (after 1:23) where he explains what the security interest is:
We have one particular financial institution that clears, somewhere about $7 trillion dollars in global financial transactions every single day. Imagine if tomorrow that place gets in there and through an attack of which we know does exist, the potential does exist where the information is destroyed and manipulated, now you don’t know who owes what money, some of that may have lost transactions completely forever, imagine what that does to the economy, $7 trillion. Gone — right? Gone. It’s that serious.
Mind you, Rogers appears unaware that a banks shuffling of money — while an incredibly ripe target for hackers — does not really contribute to the American economy. This kind of daily volume is churn that only the very very rich benefit from. And one big reason it’s a target is because it is an inherently fragile thing.
To make all this even more hysterical, Rogers talks about risk driving insurance driving proper defensive measures from the target companies … yet he seems not to apply those rules to banks.
Mike Rogers, it seems, would rather kill Google’s business than permit this rickety vitality killing bank to feel the full brunt of the risk of its own business model.
One of the things I was most surprised about in the House Intelligence Authorization was a requirement that the Director of National Intelligence report violations of law or EO 12333 to the Intelligence Committees.
SEC. 510. ANNUAL REPORT ON VIOLATIONS OF LAW OR EXECUTIVE ORDER.
(a) Annual Reports Required.–The Director of National Intelligence shall annually submit to the congressional intelligence committees a report on violations of law or executive order by personnel of an element of the intelligence community that were identified during the previous calendar year.
(b) Elements.–Each report required under subsection (a) shall include a description of, and any action taken in response to, any violation of law or executive order (including Executive Order 12333 (50 U.S.C. 3001 note)) by personnel of an element of the intelligence community in the course of such employment that, during the previous calendar year, was determined by the director, head, general counsel, or inspector general of any element of the intelligence community to have occurred.
(b) Initial Report.–The first report required under section 510 of the National Security Act of 1947, as added by subsection (a), shall be submitted not later than one year after the date of the enactment of this Act.
The language was inserted into the bill by Jim Himes (who also added very laudable language requiring Senate approval for the NSA’s Inspector General).
The language appeared in the RuppRoge NSA “reform” bill; I presumed then that it was meant as false transparency — an effort to show off that just one NSA cleared individual a year gets caught stalking an ex-girlfriend using its authorities.
And it may well be.
But I’m intrigued that Mike Rogers dedicated most of a Manager’s Amendment to the bill to tighten language from that section (in part limiting the reporting to actions “relating to intelligence activities”). And the hackish Ted Yoho submitted an amendment requiring a version of the report be shared with the House Oversight and Senate Homeland Security and Government Affairs Committees. I can’t imagine Yoho asking for it unless there were partisan hay to make out of it.
Now I want that report!
I’m particularly puzzled by an Amendment Mike Rogers submitted at the last minute, after having proposed it in committee but withdrawn it. The description of what he proposed reads,
Chairman Rogers offered an amendment to the amendment in the nature of a substitute to require a “cooling off” period before former Intelligence Community senior employees could work for a foreign government or a company controlled by a foreign government. The amendment would also establish notification and reporting requirements for former IC senior employees. He subsequently withdrew the amendment.
After having withdrawn that he submitted this amendment, but did not list it as a Manager’s Amendment (see below for the text).
Effectively, the Amendment seems to do two things. First, it requires high ranking intelligence community personnel (and this includes Congress, presumably up to and including Rogers himself) to tell their Agency when they start negotiating a new job with a company with foreign ties.
It would also prohibit those high ranking people from working for a company with foreign ties for a year – or two, if it pertains to something they worked on. It also requires former employees to disclose any payment they get from a foreign country or foreign owned company.
Now, this Amendment seems like a total no-brainer (indeed, the reporting requirements should be in place for all employers). It’s a measure to prevent top IC officials to go work for foreign governments.
So why didn’t this pass through committee? And why is Rogers submitting it now? What former high ranking official went to work for a foreign entity, raising the need for such a no-brainer law?
One more question: I wonder whether Israel will be included among the covered countries. Sure, it’s a close ally — precisely the kind that might hire away top IC talent. But it’s also an aggressive spy targeting the US. Precisely the kind of country that would make this kind of amendment even remotely controversial.
Update: Via Matt Stoller and billmon, this is presumably what this about:
A longtime adviser to the U.S. Director of National Intelligence has resigned after the government learned he has worked since 2010 as a paid consultant for Huawei Technologies Ltd., the Chinese technology company the U.S. has condemned as an espionage threat, The Associated Press has learned.
Theodore H. Moran, a respected expert on China’s international investment and professor at Georgetown University, had served since 2007 as adviser to the intelligence director’s advisory panel on foreign investment in the United States. Moran also was an adviser to the National Intelligence Council, a group of 18 senior analysts and policy experts who provide U.S. spy agencies with judgments on important international issues.
Though I’m not convinced Moran would be covered under this law. Plus, he disclosed his tie to Huawei.
I fear, reading this Kevin Drum post, that my explanations of why USA Freedumber will not end what you and I think of as bulk collection have not been clear enough. So I’m going to try again.
It is now, with the bill in current form, a 4-part argument:
The intelligence versus the plain English definition of bulk collection
This entire bill is based on the intelligence community definition of bulk collection, not the common English definition of it. As defined by President Obama’s Presidential Policy Directive on SIGINT, bulk collection means,
the authorized collection of large quantities of signals intelligence data which, due to technical or operational considerations, is acquired without the use of discriminants (e.g., specific identifiers, selection terms, etc.).
Bulk collection, as defined by the intelligence commonly, only means collection that obtains all of a particular type of record: all phone records, all Internet metadata, all credit card records. Anything that stops short of that – all 202 Area Code phone records, all credit card records buying pressure cookers, all Internet metadata for email sent to Yemen — would not count as bulk collection under this definition.
A more commonsense meaning of bulk collection would be the collection of large volumes of data, sweeping up the data of totally innocent people, on which to do further (sometimes technically intrusive) searches to find the data of interest. What we call “Big Data,” for example, would very often not qualify as bulk collection as the intelligence community defines it (perhaps its starts with the health data of everyone born after 1946, for example, or the purchase records from just one online store) but would qualify as bulk collection as you and I would define it.
As I explained in this post, the means USA Freedumber uses to ensure that it does not permit bulk collection is to require the collection start from a “selection term.” Thus, by definition, it cannot be bulk collection because the technical (but not commonsense) definition of bulk collection is that which uses a selection term.
And because they defined it that way, it means that every time some well-intentioned Congressman (it was all men, pushing this bill) boasted that this bill “ends bulk collection” they were only laying a legislative record that would prohibit the intelligence community definition of bulk collection, not the commonsense meaning.
The bill retains the “relevant to” language that gave us bulk collection in the first place
Man, Jim Sensenbrenner must have complained about the way the FISA Court reinterpreted the plain meaning of “relevant to” from the 2006 reauthorization of the PATRIOT Act three or four times in the post-passage press conference. He’s still angry, you see, that a court, in secret, defined the term “relevant to” to mean “any data that could possibly include.”
But this bill does nothing to change that erroneous meaning of the term.
Worse, it relies on it!
For most authorities — the Pen Register (PRTT) authority, the non-call record Section 215 authority, and all National Security Letter authorities –USA Freedumber leaves that language intact. It now requires the use of a selection term, but unlike the new call record language, those authorities don’t require that the selection term be “associated with a foreign power or an agent of a foreign power.” (You can compare the language for traditional Section 215 and the new call records Section 215 at b2B and b2C in this post.) They don’t even require that the selection term itself be relevant to the investigation!
Thus, so long as there is a selection term — some term to ensure the NSA isn’t grabbing all of a certain kind of record — they’re going to still be able to get that data so long as they can argue that sorting through whatever data they get will yield useful information.
“Specific selection term” is too broad
Now, all that wouldn’t matter if the bill required specific selection terms to be tied to the individual or entity under investigation. Even the USA Freedumb bill didn’t require that.
But the language in USA Freedumber that got passed today makes things worse.
SPECIFIC SELECTION TERM.—The term ‘specific selection term’ means a discrete term, such as a term specifically identifying a person, entity, account, address, or device, used by the Government to limit the scope of the information or tangible things sought pursuant to the statute authorizing the provision of such information or tangible things to the Government.’
Again, note that the selection term only needs to limit the scope of production, not have a tie to the target of the investigation.
And while I actually find comfort from some of these terms — I’d be happy if the financial NSLs could only search on a specific account and the toll record NSL could only get phone records of a specific device (though FBI does use NSLs to get 2 degree separation, so this would return more than just that device’s records). As I’ve said in the past, “entity” is far too broad. It could include al Qaeda — allowing the NSA to obtain all data that might have al Qaeda data within it — or VISA — allowing the NSA to obtain all of that credit card entity’s data.
Working on a detailed comparison of the difference between the USA Freedumb and USA Freedumber bills, one of the most alarming changes is the gutting of Pen Register minimization procedures. They took language not only adding minimization procedures to Pen Register orders,
(b) APPLICATION.—Section 402(c) (50 U.S.C. 1842(c)), as amended by section 201 of this Act, is further amended by adding at the end the following new paragraph:
(4) a statement of proposed minimization procedures.
(c) ORDER.—Section 402(d) (50 U.S.C. 1842(d)) is amended—
(1) in paragraph (1), by inserting ‘‘and that the proposed minimization procedures meet the definition of minimization procedures under this title’’
But permitting the court to review whether the government met those minimization procedures.
(h) At or before the end of the period of time for which the installation and use of a pen register or trap and trace device is approved under an order or an extension under this section, the judge may assess compliance with the minimization procedures by reviewing the circumstances under which information concerning United States persons was retained or disseminated.’
They even specified the government had to follow those minimization procedures!
USA Freedumber changed that by letting the Attorney General review what are are now called “privacy procedures.”
(h) The Attorney General shall ensure that appropriate policies and procedures are in place to safeguard non-publicly available information concerning United States persons that is collected through the use of a pen register or trap and trace device installed under this section. Such policies and procedures shall, to the maximum extent practicable and consistent with the need to protect national security, include protections for the collection, retention, and use of information concerning United States persons.
They limit the extent of these “privacy procedures” “to the extent practicable … with the need to protect national security.” That is, they don’t have to follow these “privacy procedures” if it’ll harm national security, and the change seems to show legislative intent to deprive the FISC of any review.
That’s alarming for a number of reasons:
NSA versus FISC
According to a footnote in the 2010 John Bates opinion on the Internet dragnet, when the government first applied to Colleen Kollar-Kotelly for a FISC order to authorize the dragnet, they claimed she had no authority to do anything but rubber stamp the application.
We know that, having made that argument, the government got caught in violating the rules Kollar-Kotelly placed on the collection, but then continued to violate the rules for at least 5 more years, until 2009, when it got shut down for a while.
It would seem that the original language in USA Freedom Act would have clarified this issue, and made clear the FISC could exercise real oversight over any PRTT collection.
Adopting RuppRoge’s Internet Dragnet language
This language adopts the nomenclature from the HPSCI’s RuppRoge bill. (See page 18.)
But these “privacy procedures” seem qualitatively worse than the RuppRoge bill in several ways. RuppRoge provides loosey goosey judicial review of the privacy procedures. And it did not include the “extent practicable” language.
Given the background — given the fact that the government has already told the FISC it shouldn’t have real oversight over PRTT — this language seems to lay clear legislative intent that FISC should have no role whatsoever, especially not with minimization procedures (which, after all, is what they fought with the FISC over for at least years).
The secrecy behind the FBI’s PRTT orders on behalf of NSA
Finally, there’s a series of entries on the classification guide for FISA programs leaked by Edward Snowden.
These entries show that FBI obtained counterterrorism information using PRTTs for NSA — which was considered Secret.
But that the FBI PR/TT program – which seems different than these individual orders — was considered TS/SI/NOFORN.
If you compare these entries with the rest of the classification guide, you see that this information — the fact that NSA gets PRTT information from FBI (in addition to information from Pen Registers, which seems to be treated differently at the Secret level) – is treated with the same degree of secrecy as the actual targeting information or raw collected data on all other programs.
This is considered one of the most sensitive secrets in the whole FISA package.
Even minimized PRTT data is considered TS/SCI.
Now, it is true that this establishes an exact parallel with the BR FISA program (which the classification guide makes clear NSA obtained directly). So it may be attributable to the fact that the existence of the programs themselves was considered a highly sensitive secret.
So maybe that’s it. Maybe this just reflects paranoia about the way NSA was secretly relying on the PATRIOT Act to conduct massive dragnet programs.
Except there’s the date.
This classification guide was updated on February 7, 2012 — over a month after NSA shut down the PRTT program. Also, over a month after — according to Theresa Shea — the NSA destroyed all the data it had obtained under PRTT. (Note, her language seems to make clear that this was the NSA’s program, not the FBI’s.)
That is, over a month after the NSA ended its PRTT program and destroyed the data from it (at least according to sworn declarations before a court), the NSA’s classification guide referred to an FBI PRTT program that it considered one of its most sensitive secrets. And seemed to consider active.
If FBI had a PRTT program active in 2012 that was separate from the NSA PRTT program (I’m not sure that’s the case; it could be they just didn’t update this part of the classification guide), then is it still active? Has the Internet dragnet just moved to FBI?
If so, it’s no wonder why the Intelligence Community would want to guarantee that FISC had no review of it.
Update: Note, too, that the bill removes reporting requirements related to PRTT.
Remember how, in the days after President Obama announced his principles for reforming the dragnet, his Senior Administration Official pretended that any efforts to make the scope of the program worse would come from Congress?
First and very importantly, the conference call left unclear (and most subsequent reporting often didn’t directly address) whether Obama’s plan would apply just to counterterrorism purposes (as the current phone dragnet does) or more broadly (as the House Intelligence Committee RuppRoge proposal does). But SAO is clear: Obama’s plan focuses on specific terrorist groups.
The existing program only allows for queries of numbers associated with specified terrorist groups. Our operational focus is to make sure we preserve that counterterrorism authority in any new legislation. We will continue consulting with Congress on these issues.
This, then, is another way in which the President’s plan is significantly better than the RuppRoge plan — that it sets out to only cover CT, whereas RuppRoge sets out to cover foreign intelligence purposes broadly. Though that “consult with Congress” bit seems to allow the possibility that the White House will move towards broader use for the query system.
Well, it looks like the Administration isn’t so passive after all. They’re working with House leadership to gut the bill.
TROUBLE FOR USA FREEDOM? – House leadership and Obama administration officials met with committee members Sunday to negotiate changes to key NSA reform legislation, parting late in the evening without reaching a final resolution, said a congressional staffer close to the process. Still, it seems clear that the USA FREEDOM Act, approved by the House Judiciary and Intelligence committees little more than a week ago, will not reach the House floor intact. Some passages have been watered down already, the staffer acknowledged, declining to go into specifics. The bill is set for “possible consideration” this week, according to the schedule circulated by House Majority Leader Eric Cantor’s office.
Word of the talks caused some of the bill’s most ardent privacy and civil liberties backers to cry foul and say they could withdraw support. Areas of concern to watchdogs include possible removal of transparency language allowing companies to tell their customers about the broad numbers of lawful intercept requests they receive; and a debate on whether the search terms used by the NSA to search communications records should be narrowly defined in statute.
“The version we fear could now be negotiated in secret and introduced on the House floor may not move us forward on NSA reform,” said human rights organization Access. “I am gravely disappointed if the House leadership and the administration chose to disrupt the hard-fought compromise that so many of us were pleased to support just two weeks ago,” said Kevin Bankston, policy director of the New America Foundation’s Open Technology Institute.
And while it’s not clear these secret changes would broaden the scope outside of counterterrorism (though I think that’s possible already), it does seem clear the Administration is pushing for these changes because the already weak bill is too strong for them.
It’s really hard to conclude this bill was ever an attempt to do anything but outsource one aspect of the dragnet to the telecoms, so as to “legally” access geolocation data, and the rest is an attempt to broaden the dragnet.
Civil liberties groups are — according to the Hill — getting cold feet on the USA Freedom (aka Freedumb) bill. The claim is that the Administration and “members of the House” are working to gut the bill.
“Last stage negotiations” between members of the House and the Obama administration could significantly weaken provisions in the NSA bill, people familiar with the discussions say.
“Behind the scenes, there’s some nervousness,” one House aide said.
But this makes limited sense: a bill, virtually identical in wording, was passed by two committees, the House Judiciary and House Intelligence Committee. So in principle, the bill should come to the floor with that same identical wording.
Except, as I noted, Mike Rogers said he had some “technical changes” to put into place. And unlike the technical changes Zoe Lofgren tried to put into place at HJC (to make clear that Section 215 can’t be used to collect content), Rogers got a vote of the committee to support making those technical changes without further review of the committee. So Mike Rogers has carte blanche to change this bill. Now wonder Jan Schakowsky is worried.
As I suggested, there are two things I think Rogers might want to fix: tweaking the definition of “specific selection term” (or eliminating it altogether) or changing the language on bulk collection to protect some programs that are bulk but thus far unknown.
Which is another way of saying that HJC got screwed in this deal. (Told them!)
We shall see: I’m of the opinion that if Rogers fucks with this the bill must be killed, otherwise Rogers will ruin it in conference.
In addition to Mike Rogers’ confirmation that HPSCI does not intend HR 3361 to change any of the voluminous collection programs the intelligence community does aside from the phone dragnet, his report on the bill also drew my attention to this previously public detail I had overlooked.
3 The Committee understands that ‘‘[t]he first ‘hop’ from a seed returns results including all identifiers (and their associated metadata) with a contact and/or connection with the seed. The second ‘‘hop’’ returns results that include all identifiers (and their associated metadata) with a contact and/or connection with an identifier revealed by the first ‘hop.’’ ’ In re Application of the FBI for an Order Requiring the Production of Tangible Things, BR 14–01, at 1–2 n.1 (FISC Feb. 5, 2014). [my emphasis]
This is a description of the currently desired “hop” system (though not, I don’t think, what is fully in place) connecting people through their phone — and likely, other communications — habits.
Before I get into what it says, let’s look at where it points. The language here is from a footnote on page 14 of the bill report–suggesting it’s something Mike Rogers wanted to make sure got in the Legislative Record. It cites back to the February 5, 2014 order amending the January 3 order to include the Administration’s request to have FISC review all the query terms.
I don’t believe (but could be wrong — the new FISC docket is far less usable) that we ever got the revised order. But in the order to amend the order also dated February 5, that language appears in footnote 3. The footnote itself cites to the original application for the order dated January 3. But the reference footnoted cites the January 3 order, page 11-12. The footnoted discussion is a part (or summary) of the entirely redacted description of the automated query starting on page 11 and taking up all of page 12 of the order.
That is, this language on hops provides an unclassified version of the classified description of the automated query process (the one they haven’t gotten running yet).
So this is (part of) what the government has been trying — but failing, since November 2012 — to get up and running.
Which is reportedly one of the reasons the Intelligence Community has decided it may be in their best interest to outsource this to the telecoms.
In other words this language provides clues about why the IC was willing to outsource the dragnet.
The description of the hops reveals two things that got added to the 3- or 2-hop process the government once described.
First, they’re including “associated metadata” among the things that can be further chained. Even assuming we’re only talking voice telecom information, this would include cell site location on top of the other metadata (and, in the era of smart phones, potentially far, far more).
But in addition, they’re including “connections,” in addition to contacts, with the seed.
That is, you don’t have to ever call a target to be sucked up in the phone dragnet. You can be simply “connected” to that target. The kinds of connections in question surely include dropped burner phones (that is, a matching of phones that call the same pattern of phones as an inactive phone, and therefore are really targeting the same person). They may include common geolocation. But — again, given the advent of smart phones — they could include far, far more.
So what this little footnote calls to my attention (thanks, Mike Rogers!) is that they’ve gotten approval for different kinds of chaining, beyond actual phone contacts (remember, this could include Internet contacts over a smart phone). And they’ve included metadata generally, not just phone call records, surely including geolocation, among the things they might chain on.
Which explains one incentive for outsourcing this. They can’t use geolocation for chaining in government hands. They can in private hands. There’s likely far more information for which that is true when you consider smart phones.
They can’t access that information now. They will be able to once HR 3361 outsources everything to the telecoms.
But really, this is about reform.
Update: This post was tweaked on 5/18 for clarity.
According to the HPSCI Report on HR 3361 – which reformers refer to as the USA Freedom Act — Mike Rogers is still changing the fine print.
Members of the Committee will continue to work to make a number of important technical changes to ensure the preservation of operational equities before the full House considers the bill. These technical changes will ensure that the bill does not inadvertently disrupt important intelligence operations.
Chairman Rogers offered an amendment to revise the emergency authority of Section 102, add Section 604, and make other technical changes. The amendment was agreed to by a voice vote.
Given Rogers’ assurances that the bill before us changes no other programs, I’m going to guess that there are actually a few other bulk collection programs that would, under the plain meaning of the bill, be prohibited (bulk collection, even as the Intelligence Community defines it, which means there are no discriminators). Given that Rogers was trying to remove the definition of selection term, I suspect that’s the rub: they think they can still do these bulk collections under the law, but need to tweak the definition of specific selection term (remember, the HPSCI bill originally used “specific identifiers or selection terms”).
Ah well, I’m sure we should all trust Mike Rogers. What could go wrong?
In my analysis of the HR 3361 — hailed by reformers as the USA Freedom Act — I have posited the possibility that the claim to forbid “bulk collection” across a number of authorities actually changes almost nothing. I based that on a two-part argument.
First, the bill only promises to eliminate bulk collection as the intelligence committee defines it — that is, it only eliminates collection that has no discriminator, and therefore collects all of a certain kind of record (so, all phone records). It does not promise to eliminate what you and I might consider bulk collection — the collection of very untargeted information (say, all phone records in the 202 Area Code).
Then I noted that we know of no other program that operates without discriminators. All NSL programs — save perhaps the financial records one and the subscriber records one — build in discriminators (and the financial records one is based on “entities,” which is what the bill’s definition of a discriminator uses anyway). And we don’t know enough about the other Section 215 programs to know if they use discriminators or not.
If this logic is correct, then the bill changes very little, in spite of the broad promises.
In his report on the bill, Mike Rogers confirms that I am right. (h/t Katherine Hawkins)
It notes that the prohibition on “bulk” collection only applies to indiscriminate collection, but not to the collection of “a large number of communications records or other tangible things.”
This bill first bans the bulk collection of tangible things under Section 215 of the USA PATRIOT Act. This ban is intended to stop the use of Section 215 to acquire bulk call detail records and to prohibit any future attempt to acquire bulk electronic communications records. The Committee recognizes that ‘‘bulk’’ collection means indiscriminate acquisition. It does not mean the acquisition of a large number of communications records or other tangible things—it would be nonsensical and dangerous for our intelligence agencies’ collection authorities to contract as the number of our adversaries expands.
The report then implicitly reveals (or at least claims as part of the legislative record) that no other collection program operates without discriminators, because the bill will not end any other current program.
The Committee’s decision to end the bulk collection of telephone metadata does not extend to any other intelligence programs currently conducted under FISA, including access to business records through Section 215 for foreign intelligence, counterterrorism, and counterintelligence purposes, and the targeting of persons outside the United States under Section 702.
The report also makes clear that any ban on bulk NSL collection is not meant to affect any ongoing NSL program.
Second, this bill contains amendments to other collection authorities, including Section 402 of FISA and National Security Letter authorities. These amendments respond to concerns that those existing authorities could somehow contain a ‘‘loophole’’ that would permit the reconstitution of a bulk telephone records program. The Committee does not intend these prophylactic amendments to affect any programs currently authorized by Section 402 or the use of National Security Letters.
So: no changes to any existing Section 215 collection programs, and no changes to any existing NSL programs (though the report also makes clear that the government should not try to use NSLs to replicate the existing phone dragnet).
One more thing: Rogers’ report makes it clear that the government can still use Section 215 to collect as much historical phone data as it wants.
The government can continue to obtain specified historical call detail records through the existing Section 215 authority.
This means the government has the ability to obtain far more than 5 years of call data on selected targets, and can do so by obtaining any records that transit AT&T backbones, because AT&T keeps records for years and years. While there is a 5 year age off requirement in the bill, that only applies to data that is not relevant to an investigation, and as we’ve learned, everything can be deemed relevant to an investigation.
So don’t take my word for it, take Mike Rogers’ (which will serve as the legislative record in any case). This bill only changes the phone dragnet’s prospective collection.
Update: Note that Rogers is still working on some “technical changes” to preserve operational equities, which may mean there are some programs that would be affected but he’s going to massage the bill to exempt them.