May 2, 2015 / by emptywheel


emptywheel Coverage of USA F-ReDux, or, PRISM for Smart Phones

This post will include all my coverage on USA F-ReDux.

Ten Goodies USA F-ReDux Gives the Intelligence Community 

USA F-ReDux’s boosters often suggest the bill would be a big sacrifice for the Intelligence Community. That’s nonsense. This post lists just 10 of the goodies the IC will get under the bill, including chaining on Internet calls, a 2nd super-hop, emergency provisions ripe for abuse, and expansions of data sharing.

2nd Circuit Decision Striking Down Dragnet Should Require Tighter “Specific Selection Term” Language in USA F-ReDux 

The 2nd Circuit just ruled that the phone dragnet was not authorized by Section 215. The language in the opinion on DOJ’s misinterpretation of “relevant to” ought to lead Congress to tighten the definition of “Specific Selection Term” in the bill to better comply with the opinion.

USA F-ReDux: Chaining on “Session Identifying Information” that Is Not Call Detail Records 

As I correctly predicted a year ago, by outsourcing “connection chaining” to the providers, the Intelligence Community plans to be able to chain on session identifying information (things like location and cookies) that is probably illegal.

USA F-ReDux: Dianne Feinstein Raises the Data Handshake Again (Latest post)

Some months ago, Bob Litt emphasized USA Freedom would only work if the telecoms retained enough data for pattern analysis (which may or may not back my worry the government plans to outsource such pattern analysis to the telecoms). Nevertheless, no one seems to want to discuss whether and if so how USA F-ReDux will ensure providers do keep data. Except Dianne Feinstein, who today once again suggested there is a kind of “data handshake” whereby the telecoms will retain our data without being forced.

Unlike the Existing Phone Dragnet, USA F-ReDux Does Not Include “Telephony” in Its Definition of Call Detail Record 

The definition of Call Detail Record that will be adopted under USA F-ReDux is closely related to the definition currently used in the phone dragnet — though the USA F-ReDux does not require CDRs to be comprehensive records of calls as the existing phone dragnet does. The big difference, however, is that USA F-ReDux never specifies that calls include only telephony calls.

Congress’s Orwellian spying “reforms”: Why the government wants to outsource its surveillance to your Internet provider 

At Salon, I explain more about why the IC wants to create PRISM for Smart Phones with USA F-ReDux.

Google Applauds USA F-ReDux Because It “Modernizes” Surveillance 

Neither Google nor any of the other providers are admitting they’ll be getting expansive immunity to help spy on their users if USA F-ReDux passes. But Google does reveal they consider this move “modernization,” not reform. Is that because they’ll once again get a monopoly on spying on their users?

Nine Members of Congress Vote to Postpone the Fourth Amendment 

In the House Judiciary Committee mark-up of USA F-ReDux, 9 members appeared to agree with Ted Poe, Zoe Lofgren, and others, that the IC continues to violate the Fourth Amendment under back door searches. But they nevertheless decided they could “postpone” the Fourth Amendment for two years until FISA Amendments Authorization.

USA F-ReDux’s “Transparency” Provisions and Phone-PRISM 

Remarkably, after publishing topline numbers for Section 702 collection two years running, the IC has decided it can no longer share such data after USA F-ReDux passes. Some reasons it might not want to is because that would reveal the sea of unique identifiers the IC is tracking, as well as the expansion of PRISM and PRISM-lite that will happen under USA F-ReDux.

How to Break the Law Under USA F-ReDux: The Emergency Provision that Would Blow Up the Bill 

Given that Jim Sensenbrenner says closing some loopholes in USA F-ReDux’s emergency provisions (to say nothing of retaining the status quo, under which the FISC can force the government to destroy data obtained illegally), it makes it far more likely the IC intends to use those emergency provisions to break the law. There is already reason to believe they have tried to collect on people solely for protected First Amendment activities. But using this emergency loophole, they likely will also spy on targets that have nothing to do with counterterrorism.

On Mitch’s PATRIOT Gambit 

Mitch McConnell has filed a straight reauthorization of the PATRIOT Act until next decade. While it would be unwise to underestimate the Majority Leader’s strength of position, neither should reformers or the press treat this as anything else than what it is: a negotiating tactic. Remember: the IC doesn’t want a straight reauthorization, because it won’t let them do everything they want to do.

McConnell Prepares to Retreat to Short-Term Reauthorization 

John Cornyn now admits the Republican leadership in the Senate may prepare a short-term reauthorization for Section 215 of the PATRIOT Act. While that doesn’t change Mitch McConnell’s very strong hand in this fight, it is a concession that straight reauthorization is not going to happen.

Bob Litt: That Bill I Wrote Looks Great on First Read 

Along with pretending that Mitch McConnell’s straight reauthorization is anything but a negotiating tactic, USA F-ReDux supporters and the press are also pretending that Bob Litt didn’t write this bill. He did.

Back Door Searching the Data Coming into FBI’s Front Door 

USA F-ReDux’s transparency provisions show that FBI will be able to do back door searches of data obtained through the connection chaining function. This also means that the data will come in through FBI, not NSA, which means it will be shared far, far more broadly than happens under the phone dragnet now, probably all the way down to localities.

The Loss of PRTT Minimization Review in USA F-ReDux 

There are two aspects of USA F-ReDux that add to my concerns about the use of the Pen Register provision for location data. One is that the IC eliminated authority for the FISA Court to review compliance of any minimization (or “privacy”) procedures under the provision.

FBI’s Pen Registers without Any Call Records 

The other reason to infer that the FBI is increasingly using PRTT to collect location data is that it only reports PRTT collection that involves phone and email records.

Congress Finally Gets Around to (Secretly) Tracking Section 215 Dragnets 

One improvement in the reporting requirements under USA F-ReDux is that the IC will have to tell Congress how many dragnets it is conducting under Section 215 and whether the FISC has imposed additional minimization procedures on those dragnets, suggesting they’re very privacy intrusive. This is tacit admission they weren’t being told about all the dragnets! What reporting requirement will Congress finally pass in another 9 years, after the IC has been abusing the program?

Copyright © 2015 emptywheel. All rights reserved.
Originally Posted @