Senate Judiciary Chairman Patrick J. Leahy introduced a new version of the Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act of 2014 (the “USA FREEDOM Act” or “Act”) in the Senate on Tuesday, more than two months House of Representatives passed a version of the bill that omitted several reforms sought by privacy advocates.

 Leahy, a co-author of the original bill, said the updated legislation has the support of the Obama Administration.  The Reform Government Surveillance coalition of technology companies, the American Civil Liberties Union, and the Electronic Frontier Foundation also support the new version, according to a statement by Leahy’s office.  The measure has 13 co-sponsors in the Senate, including Senators Ted Cruz (R-Texas), Mike Lee (R-Utah), Al Franken (D-Minn.) and Tom Udall (D-N.M.).

The proposed Act would effectively ban bulk collection of phone records by circumscribing the scope and application of the so-called “business records” provision of the Foreign Intelligence Surveillance Act (also known as Section 215 of the USA PATRIOT Act).  It makes clear that the government may not collect all information relating to a particular service provider or to a broad geographic region, such as a city, zip code or area code.

The new legislation also would allow technology companies to report the number of surveillance requests they receive in narrower ranges than currently allowed.  Under an agreement with the government, companies can currently report the total number of national security process they receive in a six-month period, including National Security Letters (“NSLs”) and FISA Court orders and directives, as a single number in bands of 250, or separately report NSLs and FISA Court orders and directives in bands of 1,000.  In addition to those two options, the new legislation would allow providers to issue: (1) semi-annual reports that separately report the number of NSLs received, in bands of 500, and the number of FISA orders for content and non-content, in bands of 500, or (2) annual reports that include the total number of all processes received, including both NSLs and FISA orders and directives, in bands of 100.  In addition, the legislation maintains a six-month delay for reporting FISA-related process requests, but reduces — from two years to 18 months — the timing for reporting when a company receives the first process request for data on a platform, product or service for which no previous FISA-related order or directive has been received.

The Senate legislation also appears to allow technology companies that have not received any such surveillance orders to report that they have not received surveillance requests, a point on which privacy advocates said the House legislation was unclear.  The Senate measure’s reporting provisions apply only to persons “subject to a nondisclosure requirement” accompanying a FISA order, directive, or NSL.

The proposed Act also requires the government to report the number of individuals whose information is collected under various surveillance authorities, and the number of those individuals who were likely Americans.  The House version focused largely on the number of orders issued, not the number of individuals affected by those orders.

Finally, the Senate legislation would authorize the appointment of “special advocates” to appear as Amicus Curiae before the Foreign Intelligence Surveillance Court.  Such advocates are tasked with “advocat[ing], as appropriate, in support of legal interpretations that advance individual privacy and civil liberties.”   Advocates would also have access to certain briefings and background materials.  That is a change from the House version of the legislation, which allows for the appointment of Amicus Curiae but does not include any specific mandate for them to protect civil liberties, nor guarantee them access to relevant materials.

Still, some supporters of surveillance reform have said the measure does not go far enough. Senators Ron Wyden and Mark Udall said in a joint statement that the legislation “lacks important provisions that reformers have proposed.”  They pointed to the so-called “backdoor search” loophole, which allows the National Security Agency to conduct searches within the information it collects under the FISA Amendments Act without obtaining a warrant, as one example. While Wyden and Udall said the legislation is a “vast improvement” over the version that passed the House, they pledged to “further strengthen the bill’s privacy protections.”

The August congressional recess is looming, and Congress is expected to recess in September for the mid-term elections with uncertainty surrounding the length of any post-election lame duck session.  Thus, the time for the Senate to vote on the measure before the end of the year is limited.  Aware of the calendar, reform advocates are making a strong push to bring the bill up.  A coalition of 21 organizations on Tuesday asked Congressional leaders to bring the measure to a floor vote without any changes, calling it a “carefully crafted compromise.”  However, while the Senate may be able to bring the measure to a vote, the legislative calendar will make enacting the reforms difficult, especially as the House-passed bill is very different and the House was not a party to the negotiations that produced the new proposal.  Even if the bill is not enacted this year, the impending expiration of some of the USA PATRIOT Act authorities in 2015, including Section 215, means the issue will be teed up early next year if Congress fails to enact legislation this year.

 

This post can also be found on InsidePrivacy, the firm’s blog on developments in global privacy and data security.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of David Fagan David Fagan

David Fagan co-chairs the firm’s top ranked practices on cross-border investment and national security matters, including reviews conducted by the Committee on Foreign Investment in the United States (CFIUS), and data privacy and cybersecurity.

David has been recognized by Chambers USA and Chambers

David Fagan co-chairs the firm’s top ranked practices on cross-border investment and national security matters, including reviews conducted by the Committee on Foreign Investment in the United States (CFIUS), and data privacy and cybersecurity.

David has been recognized by Chambers USA and Chambers Global for his leading expertise on bet-the-company CFIUS matters and has received multiple accolades for his work in this area, including twice being named Dealmaker of the Year by The American Lawyer. Clients laud him for “[seeing] far more matters than many other lawyers,” his “incredible insight,” and “know[ing] how to structure deals to facilitate regulatory reviews” (Chambers USA).

David’s practice covers representations of both foreign and domestic companies before CFIUS and related national security regulators. The representations encompass matters in which the principal assets are in the United States, as well as those in which there is a smaller U.S. nexus but where solving for the CFIUS issues—including through proactive mitigation and carve-outs—is a critical path for the transaction. David has handled transactions for clients across every sector subject to CFIUS review, including some of the most sensitive and complex matters that have set the template for CFIUS compliance and security agreements in their respective industries. He is also routinely called upon to rescue transactions that have run into challenges in CFIUS, and to negotiate solutions with the U.S. government that protect national security interests, while preserving shareholder and U.S. business interests.

Reflecting his work on U.S.-China investment issues and his experience on complex U.S. national security matters intersecting with China, David is regularly engaged by the world’s leading multi-national companies across a range of industries to advise on strategic legal projects, including supply chain matters, related to their positioning in the emerging competition between the U.S. and China, as well as on emerging legal issues such as outbound investment restrictions and regulations governing information and communications technologies and services (ICTS). David also has testified before a congressional commission regarding U.S. national security, trade, and investment matters with China.

In addition, in the foreign investment and national security area, David is known for his work on matters requiring the mitigation of foreign ownership, control or influence (FOCI) under applicable national industrial security regulations, including for many of the world’s leading aerospace and defense companies and private equity firms, as well as telecommunications transactions that undergo a public safety, law enforcement, and national security review by the group of agencies known as “Team Telecom.”

In his cybersecurity practice, David has counseled companies on responding to some of the most sophisticated documented cyber-based attacks on their networks and information, including the largest documented infrastructure attacks, as well as data security incidents involving millions of affected consumers. He has been engaged by boards of directors of Fortune 500 companies to counsel them on cyber risk and to lead investigations into cyber attacks, and he has responded to investigations and enforcement actions from the Federal Trade Commission (FTC) and state attorneys general. David has also helped clients respond to ransomware attacks, insider theft, vendor breaches, hacktivists, state-sponsored attacks affecting personal data and trade secrets, and criminal organization attacks directed at stealing personal data, among other matters.