NSA headquarters in Fort Meade, Maryland. Image: Courtesy NSA
The U.S. House of Representatives has passed a bill that would end the NSAs mass collection of Americans phone records. Unfortunately, it may not end the NSAs mass collection of Americans phone records.
The House voted 303 to 121 Thursday in favor of the USA Freedom Act, broad legislation aimed at reforming the NSAs surveillance powers exposed by Edward Snowden. The central provision of the bill, which now moves on to debate in the Senate, is intended to limit what the intelligence community calls bulk collectionthe indiscriminate vacuuming of citizens phone and internet records. But privacy advocates and civil libertarians say last-minute changes to the legislation supported by the White House added ambiguous language that could essentially give the NSA a broad loophole through which it can continue its massive domestic data collection.
In the Houses final version of the bill, the NSA would be stripped of the power to collect all Americans phone records for metadata analysis, a practice revealed in the firstGuardian story about Snowdens leaks published last year. It instead would be required to limit its collection to specific terms. The problem is that those terms may not be nearly specific enough, and could still include massive lists of target phone numbers or entire ranges of IP addresses.
The core problem is that this only ends bulk collection in the sense the intelligence community uses that term, says Julian Sanchez, a researcher at the Cato Institute. As long as theres some kind of target, they dont call that bulk collection, even if youre still collecting millions of recordsIf they say give us the record of everyone who visited these thousand websites, thats not bulk collection, because they have a list of targets.
To any normal person, he adds, thats still pretty bulky.
Specifically, the House changed the definition of a search term from a term used to uniquely describe a person, entity, or account to a discrete term, such as a term specifically identifying a person, entity, account, address, or device. That shift, particularly the removal of the word unique and addition of such as, might be enough to enable nearly the same sort of mass surveillance the NSA now conducts, according to a statement from the New America Foundations Open Technology Institute.
Taken together, the Institute wrote, the changes to this definition may still allow for massive collection of millions of Americans private information based on very broad selection terms such as a zip code, an area code, the physical address of a particular email provider or financial institution, or the IP address of a web hosting service that hosts thousands of web sites.
Of course, how those specific terms are defined in practice will be decided by the Foreign Intelligence Surveillance Court, which must approve NSA requests for data collection under the 214 and 215 provisions of the Foreign Intelligence Surveillance Act. But after a year of revelations that have showed how the NSA uses word games to expand its legal powers, Kevin Bankston of the the Open Technology Institute says the court cant be fully trusted to interpret the law strictly. The danger is that its ambiguous, and if the FISA court and the NSA has showed us anything, its that any ambiguity in these laws is dangerous, Bankston says.
In fact, the watered-down version of the Freedom Act passed by the House also weakens early provisions that would have provided more resistance against the NSA in its FISA arguments, Sanchez says. The earlier version of the bill would have established a public advocate to argue against the NSA in FISA proceedings; the current bill has only a weaker amicus option, something closer to an outside adviser to the court.
Originally posted here: