'Reform bill' would codify ability of NSA to spy on Americans, critics say

U.S. Senate Intelligence Committee's proposed legislation would legalize dragnet surveillance of Americans, privacy advocates warn

The U.S. Senate Intelligence Committee Thursday voted to back a "spying reform" bill that critics contend codifies and extends the National Security Agency's controversial phone metadata collection practices.

The FISA Improvement Acts of 2013, sponsored by Senator Dianne Feinstein (D-Calif.) is touted as bipartisan legislation that increases privacy protections for individuals. It's also said by backers to shed more light on NSA surveillance practices.

The Senate Intelligence Committee moved the legislation on to the full Senate by an 11-4 vote.

The bill seeks to, among other things, restrict the collection of bulk communication records and prohibit spy agencies from collecting the content of communications. The bill also calls for imposing criminal penalties for unauthorized access to data collected under the Foreign Intelligence Surveillance Act (FISA).

The proposed legislation also requires that the NSA report all violations of the law to Congress, and authorizes the secret FISA court to seek help from outside legal experts when they need help interpreting the law.

Many privacy rights groups are pointing the what's left out of the legislation.

Rather than prohibiting the NSA from collecting metadata records of phone calls made by U.S. citizens, Feinstein's bill actually codifies the practice that was exposed in documents leaked by fugitive Edward Snowden, said Alan Butler, appellate advocacy counsel at the Electronic Privacy Information Center (EPIC).

The government argues that Section 215 of the Patriot Act gives the NSA the authority to collect metadata records in bulk. Groups such as EPIC, the Electronic Frontier Foundation (EFF) and others have argued that the claimed authority is based on a flawed interpretation of section.

"EPIC and others have argued quite persuasively and strongly in the Supreme Court that this program violated the law," Butler said. "What [Feinstein's] bill does is to take the program and enshrine it in law. This is not reform. It is just a codification of the status quo and an imprecise codification at that."

EFF activist Trevor Timm noted in a blog post that the bill's backers really aim "paint a veneer of transparency over still deeply secret programs."

The bill does nothing "to stop NSA from weakening entire encryption systems, it does nothing to stop them from hacking into the communications links of Google and Yahoo's data centers, and it does nothing to reform the PRISM Internet surveillance program," Timm noted.

An alternative bill introduced earlier this week by Senate Judiciary Committee chairman Patrick Leahy (D-Vt) and Congressman Jim Sensenbrenner (R-WI) offers a better alternative to the one proposed by Feinstein, Butler said.

The Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet Collection, and Online Monitoring" (USA Freedom) Act is backed by more than 80 Republican and Democratic lawmakers and is expected to get more backing than the bill passed yesterday.

The USA Freedom Act would end what the lawmakers describe as the dragnet collection of U.S. phone records under Section 215 of the FISA law, its backers say. It also seeks to prevent the NSA and other intelligence agencies from using other provisions of the Patriot Act to justify bulk collection of phone records and other data on U.S. residents.

The Leahy and Sensenbrenner proposal "is much more of a reform bill," Butler said. "It is a bill that says quote forcefully that any kind of bulk records collection is not permitted by law."

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is jvijayan@computerworld.com.

Read more about cyberwarfare in Computerworld's Cyberwarfare Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Cybercrime and HackingU.S. Senate Intelligence CommitteeNational Security AgencysecuritycyberwarfarensaSenaintel

More about EFFElectronic Frontier FoundationElectronic Privacy Information CenterGoogleNational Security AgencyNSATopicYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts