House approves weakened bill to limit NSA bulk collection

Critics of the bill say they plan to push for changes as it moves to the Senate

The U.S. House of Representatives has approved a bill that would limit the National Security Agency's bulk collection of domestic phone records, even as several civil liberties and tech groups withdrew their support after last-minute changes.

The amended version of the USA Freedom Act, approved by a 303-121 vote in the House Thursday, continues to give the NSA authority to collect telephone and other records from large groups of people because of a change in the definition of the search targets allowed, critics said.

Still, backers of the legislation said it will end the NSA's practice of collecting nearly all U.S. telephone records. The bill represents a huge step forward and would require the U.S. Foreign Intelligence Surveillance Court to publish its major surveillance opinions, supporters said.

The amended bill, supported by President Barack Obama's administration, is not perfect, many supporters said, but is better than nothing. The amended bill represents a "first step, not a final step" in congressional efforts reform U.S. surveillance programs, said Representative Jim Sensenbrenner, a Wisconsin Republican and vocal critic of the NSA phone records program.

"The days of the NSA indiscriminately vacuuming up more data than it can store will end with the USA Freedom Act," Sensenbrenner said. "In the post-Freedom Act world, we have turned the tables on the NSA and can say to them, 'we are watching you.'"

The House bill now heads to the Senate, where it could be further amended. Critics of the House bill said they will fight for stronger privacy protections in the Senate.

Opponents of the bill argued the amended version would allow the NSA to target wide groups of people with its surveillance. The result of the changes is a bill "that will not end bulk collection, regretfully," said Representative Zoe Lofgren, a California Democrat. "Regrettably, we have learned that if we leave any ambiguity in law, the intelligence agencies will run a truck right through that ambiguity."

The House Rules Committee made changes to the USA Freedom Act Tuesday after two other committees had approved an older version backed by several tech and civil liberties groups. After the changes, Facebook, Google, Apple, the Center for Democracy and Technology, the Electronic Frontier Foundation and other groups withdrew their support.

One of the major changes to the bill is an expended definition of a "specific selection term" that the NSA must use to target its searches. The amended version of the bill allows the NSA to target things such as a "person, entity, accounts, address, or device," instead of, in the original language, a "person, entity, or account."

The words "address" and "device" in the new language, as well as the open-ended term "such as," makes the new definition "incredibly more expansive than previous definitions," the EFF said in a blog post.

The amended bill also removed a provision banning the so-called reverse targeting of U.S. persons by accessing their communications through a legal surveillance target, and it limited the amount of reporting that telecom and Internet companies can publish about surveillance requests they receive, critics said.

The bill's requirement that the surveillance court publish its major findings, and its provision allowing the court to call upon privacy advocates and other experts when examining surveillance requests will limit over-expansive surveillance programs, said Representative John Conyers, Michigan Democrat.

However, critics of the changes to the specific selection term definition are correct in saying the new language is not as "clean or straightforward" as the old version's language, he acknowledged.

"Nothing in the [new] definition explicitly prohibits the government from using a very broad selection term like, 'area code 202' or the entire Eastern seaboard," he said. "But that concern is largely theoretical; that type of collection is not likely to be of use to the government."

Conyers didn't explain why the NSA has believed, up to this point, that collecting all phone records across the U.S. is useful.

Representative Rush Holt, a New Jersey Democrat, called on Congress to require the NSA to get a court-ordered search warrant, with evidence of probable cause of a crime, before collecting phone records.

When Representative Bob Goodlatte, a Virginia Republican, noted that U.S. agencies have never needed a search warrant for phone records because they aren't considered personal records, Holt disagreed. "Is there any American who doesn't think this is a search?" he said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the CSO newsletter!

Error: Please check your email address.

Tags telecommunicationJohn ConyersJim SensenbrennerU.S. Foreign Intelligence Surveillance CourtU.S. National Security AgencylegislationBarack ObamaprivacyElectronic Frontier FoundationBob GoodlatteFacebookZoe LofgrenGooglesecurityU.S. House of RepresentativesCenter for Democracy and TechnologygovernmentRush Holt

More about AppleEFFElectronic Frontier FoundationFacebookGoogleHouse of RepresentativesIDGNational Security AgencyNSATechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place