US intelligence officials: NSA reform bill is 'flawed'

A recent bill to stop the NSA's bulk collection of telephone records would hurt its ability to catch terrorists, officials say

Proposals in Congress to end the National Security Agency's bulk collection of U.S. telephone records would compromise the agency's ability to find and track terrorists, representatives of the intelligence community said Monday.

The USA Freedom Act, introduced last Tuesday by more than 85 U.S. lawmakers, would reduce NSA surveillance capabilities to the levels before the Sept. 11, 2011, terrorist attacks on the U.S., said Brad Wiegmann, deputy assistant attorney general of the National Security Division of the U.S. Department of Justice.

Wiegmann and other U.S. intelligence officials faced questions about alternatives to the controversial NSA phone records collection program during a hearing of the U.S. Privacy and Civil Liberties Oversight Board (PCLOB). The USA Freedom Act, sponsored by Senator Patrick Leahy, a Vermont Democrat, and Representative Jim Sensenbrenner, a Wisconsin Republican, would "essentially shut down" the phone records program, said Robert Litt, general counsel of the U.S. Office of the Director of National Intelligence.

The USA Freedom Act would require the NSA to show the records it seeks to collect are related to a foreign power, a suspected agent of a foreign power or a person in contact with a suspected agent. Among other changes, the bill would also require the NSA to get court orders to search U.S. residents' communications obtained without individualized warrants.

The bill is "flawed" because it presumes intelligence officials often have specific targets when looking for terrorist activity, said Patrick Kelley, acting general counsel of the Federal Bureau of Investigation. "That's the essence of terrorism prevention -- we don't know who we're after," he said."If we're limited to seeing numbers from a known [suspect], then we're not very effective."

The model of targeting specific suspects when trying to prevent terrorism doesn't work well, Kelley added. "We're connecting the dots here, so the fewer dots we that have, the fewer connections we'll make," he said. "You are reducing the amount of data available and therefore making it much more difficult to make the connections that we need to make."

PCLOB member Rachel Brand asked Litt if he would support a special advocate to argue for privacy issues at the U.S. Foreign Intelligence Surveillance Court, a proposal in the USA Freedom Act and advocated by several privacy advocates.

Litt said he has concerns about the special advocate assigned to the FISC. He questioned how such an advocate would have legal standing before the court. The addition of a special advocate at the FISC would also mean some terrorism suspects have more legal representation than U.S. residents have when law enforcement agencies are seeking court-ordered warrants, he said.

"Are you going to set up a process that provides more protection for a terrorist than for Americans who are subject of criminal search warrants?" he said.

PCLOB members questioned the limits of the NSA's authority to collect telephone and other records. "One question is, what's next? What could be next?" said board member James Dempsey. "What if the government decided it wanted to go back and start using [the Patriot Act to collect] Internet metadata?"

Dempsey asked if the NSA could use the same rationale it has used to collect telephone records to collect U.S. residents' Internet records.

Section 215 of the Patriot Act allows the NSA to collect tangible business records, Litt said. "It's not clear to me that the same legal authority could be used with respect to Internet service providers," he said.

The NSA had to provide evidence to the FISC that the bulk collection of telephone records was relevant to its antiterrorism efforts, Litt added. "We'd have to make that same showing to the court for another category of data," he said.

The FISC also put significant limitations on the NSA's use of the telephone data, he added. Any other bulk records collection program would face the same scrutiny, he said.

Intelligence officials told the board that NSA employees can only query the bulk telephone records for cases of counterterrorism, and those queries can only be more widely disseminated in a terrorism case.

Board member Patricia Wald asked if the NSA's search capabilities were mainly limited "to the technological capability of your search instruments," and not legal controls. "Can that be further expanded if new technological tools would allow you greater search capacity in this or other bulk programs?" she said. "Could the haystack be made as big as the technology tools you have [allow]?"

The FISC has considered the NSA's technological capabilities, but the court has not given the agency automatic authority to move forward as technology advances, said the DOJ's Wiegmann. "You have to look at all of the other factors the court considered," he said. "How important is the information? How necessary is it to get the information?"

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Federal Bureau of InvestigationtelecommunicationJim SensenbrennerRobert LittU.S. National Security AgencyU.S. CongressU.S. Office of the Director of National IntelligenceinternetprivacyJames DempseyPatrick KelleysecurityRachel BrandgovernmentPatrick LeahyPatricia WaldBrad WiegmannU.S. Department of Justice

More about Department of JusticeDOJFederal Bureau of InvestigationIDGNational Security AgencyNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place