Senate Judiciary Chairman Patrick J. Leahy introduced a new version of the Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act of 2014 (the “USA FREEDOM Act” or “Act”) in the Senate on Tuesday, more than two months House of Representatives passed a version of the bill that omitted several reforms sought by privacy advocates.
Leahy, a co-author of the original bill, said the updated legislation has the support of the Obama Administration. The Reform Government Surveillance coalition of technology companies, the American Civil Liberties Union, and the Electronic Frontier Foundation also support the new version, according to a statement by Leahy’s office. The measure has 13 co-sponsors in the Senate, including Senators Ted Cruz (R-Texas), Mike Lee (R-Utah), Al Franken (D-Minn.) and Tom Udall (D-N.M.).
The proposed Act would effectively ban bulk collection of phone records by circumscribing the scope and application of the so-called “business records” provision of the Foreign Intelligence Surveillance Act (also known as Section 215 of the USA PATRIOT Act). It makes clear that the government may not collect all information relating to a particular service provider or to a broad geographic region, such as a city, zip code or area code.
The new legislation also would allow technology companies to report the number of surveillance requests they receive in narrower ranges than currently allowed. Under an agreement with the government, companies can currently report the total number of national security process they receive in a six-month period, including National Security Letters (“NSLs”) and FISA Court orders and directives, as a single number in bands of 250, or separately report NSLs and FISA Court orders and directives in bands of 1,000. In addition to those two options, the new legislation would allow providers to issue: (1) semi-annual reports that separately report the number of NSLs received, in bands of 500, and the number of FISA orders for content and non-content, in bands of 500, or (2) annual reports that include the total number of all processes received, including both NSLs and FISA orders and directives, in bands of 100. In addition, the legislation maintains a six-month delay for reporting FISA-related process requests, but reduces — from two years to 18 months — the timing for reporting when a company receives the first process request for data on a platform, product or service for which no previous FISA-related order or directive has been received.
The Senate legislation also appears to allow technology companies that have not received any such surveillance orders to report that they have not received surveillance requests, a point on which privacy advocates said the House legislation was unclear. The Senate measure’s reporting provisions apply only to persons “subject to a nondisclosure requirement” accompanying a FISA order, directive, or NSL.
The proposed Act also requires the government to report the number of individuals whose information is collected under various surveillance authorities, and the number of those individuals who were likely Americans. The House version focused largely on the number of orders issued, not the number of individuals affected by those orders.
Finally, the Senate legislation would authorize the appointment of “special advocates” to appear as Amicus Curiae before the Foreign Intelligence Surveillance Court. Such advocates are tasked with “advocat[ing], as appropriate, in support of legal interpretations that advance individual privacy and civil liberties.” Advocates would also have access to certain briefings and background materials. That is a change from the House version of the legislation, which allows for the appointment of Amicus Curiae but does not include any specific mandate for them to protect civil liberties, nor guarantee them access to relevant materials.
Still, some supporters of surveillance reform have said the measure does not go far enough. Senators Ron Wyden and Mark Udall said in a joint statement that the legislation “lacks important provisions that reformers have proposed.” They pointed to the so-called “backdoor search” loophole, which allows the National Security Agency to conduct searches within the information it collects under the FISA Amendments Act without obtaining a warrant, as one example. While Wyden and Udall said the legislation is a “vast improvement” over the version that passed the House, they pledged to “further strengthen the bill’s privacy protections.”
The August congressional recess is looming, and Congress is expected to recess in September for the mid-term elections with uncertainty surrounding the length of any post-election lame duck session. Thus, the time for the Senate to vote on the measure before the end of the year is limited. Aware of the calendar, reform advocates are making a strong push to bring the bill up. A coalition of 21 organizations on Tuesday asked Congressional leaders to bring the measure to a floor vote without any changes, calling it a “carefully crafted compromise.” However, while the Senate may be able to bring the measure to a vote, the legislative calendar will make enacting the reforms difficult, especially as the House-passed bill is very different and the House was not a party to the negotiations that produced the new proposal. Even if the bill is not enacted this year, the impending expiration of some of the USA PATRIOT Act authorities in 2015, including Section 215, means the issue will be teed up early next year if Congress fails to enact legislation this year.
This post can also be found on InsidePrivacy, the firm’s blog on developments in global privacy and data security.