'Reform bill' would codify ability of NSA to spy on Americans, critics say

U.S. Senate Intelligence Committee's proposed legislation would legalize dragnet surveillance of Americans, privacy advocates warn

The U.S. Senate Intelligence Committee Thursday voted to back a "spying reform" bill that critics contend codifies and extends the National Security Agency's controversial phone metadata collection practices.

The FISA Improvement Acts of 2013, sponsored by Senator Dianne Feinstein (D-Calif.) is touted as bipartisan legislation that increases privacy protections for individuals. It's also said by backers to shed more light on NSA surveillance practices.

The Senate Intelligence Committee moved the legislation on to the full Senate by an 11-4 vote.

The bill seeks to, among other things, restrict the collection of bulk communication records and prohibit spy agencies from collecting the content of communications. The bill also calls for imposing criminal penalties for unauthorized access to data collected under the Foreign Intelligence Surveillance Act (FISA).

The proposed legislation also requires that the NSA report all violations of the law to Congress, and authorizes the secret FISA court to seek help from outside legal experts when they need help interpreting the law.

Many privacy rights groups are pointing the what's left out of the legislation.

Rather than prohibiting the NSA from collecting metadata records of phone calls made by U.S. citizens, Feinstein's bill actually codifies the practice that was exposed in documents leaked by fugitive Edward Snowden, said Alan Butler, appellate advocacy counsel at the Electronic Privacy Information Center (EPIC).

The government argues that Section 215 of the Patriot Act gives the NSA the authority to collect metadata records in bulk. Groups such as EPIC, the Electronic Frontier Foundation (EFF) and others have argued that the claimed authority is based on a flawed interpretation of section.

"EPIC and others have argued quite persuasively and strongly in the Supreme Court that this program violated the law," Butler said. "What [Feinstein's] bill does is to take the program and enshrine it in law. This is not reform. It is just a codification of the status quo and an imprecise codification at that."

EFF activist Trevor Timm noted in a blog post that the bill's backers really aim "paint a veneer of transparency over still deeply secret programs."

The bill does nothing "to stop NSA from weakening entire encryption systems, it does nothing to stop them from hacking into the communications links of Google and Yahoo's data centers, and it does nothing to reform the PRISM Internet surveillance program," Timm noted.

An alternative bill introduced earlier this week by Senate Judiciary Committee chairman Patrick Leahy (D-Vt) and Congressman Jim Sensenbrenner (R-WI) offers a better alternative to the one proposed by Feinstein, Butler said.

The Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet Collection, and Online Monitoring" (USA Freedom) Act is backed by more than 80 Republican and Democratic lawmakers and is expected to get more backing than the bill passed yesterday.

The USA Freedom Act would end what the lawmakers describe as the dragnet collection of U.S. phone records under Section 215 of the FISA law, its backers say. It also seeks to prevent the NSA and other intelligence agencies from using other provisions of the Patriot Act to justify bulk collection of phone records and other data on U.S. residents.

The Leahy and Sensenbrenner proposal "is much more of a reform bill," Butler said. "It is a bill that says quote forcefully that any kind of bulk records collection is not permitted by law."

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is jvijayan@computerworld.com.

Read more about cyberwarfare in Computerworld's Cyberwarfare Topic Center.

Tags: Cybercrime and Hacking, U.S. Senate Intelligence Committee, National Security Agency, cyberwarfare, security, nsa, Sena, intel

BlackBerry Hints at Complete End Point Security

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Risk Management Solutions

Protect resources and ensure security compliance through incident detection, response, and remediation.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.