Privacy advocates want protections for US residents in foreign surveillance law

Congress should require warrants for agencies searching for US information in NSA databases, advocates say

Congress should limit the ability of the FBI and other agencies to search for information about U.S. residents in a database of foreign terrorism communications collected by the National Security Agency, privacy advocates say.

The Foreign Intelligence Surveillance Act (FISA) Amendments Act, which allows the NSA to collect foreign Internet communications, expires in late 2017, and Congress should require that the communications of U.S. residents swept up in the controversial Prism and Upstream programs be protected with court-ordered warrants, privacy advocates told a Senate committee Tuesday.

The FBI can search the NSA database and look for information about U.S. residents without getting a court order. It's time for those searches to be limited, with a court-ordered warrant required before they happen, said Elizabeth Goitein, co-director of the Liberty and National Security Program in the Brennan Center for Justice at the New York University School of Law.

The amount of information collected by the NSA about U.S. residents "has exploded," and violates their Fourth Amendment rights against unreasonable searches and seizures, Goitein told the Senate Judiciary Committee. 

Section 702 of the FISA Amendments Act allows the NSA to intercept communications of any non-U.S. resident suspected of having valuable intelligence information, including information about terrorism plots. The law doesn't allow the NSA to target U.S. residents, but it's likely that the communications of millions of Americans get swept up in the NSA surveillance programs when they communicate with someone overseas.

Five years after Senator Ron Wyden, an Oregon Democrat, asked the NSA to account for how much intelligence on U.S. residents it collects under Section 702 programs, the agency has not yet released numbers, Goiten noted. 

The NSA collections of an estimated 250 million Internet communications a year "undoubtedly includes millions, if not tens of millions, of Americans' emails," she said.

The NSA has to promise the Foreign Intelligence Surveillance Court that it is targeting foreign, not U.S., residents with its Section 702 surveillance programs. Despite that requirement, the NSA and the FBI can still search the database for U.S. residents' communications, Goiten said.

"This is a bait and switch that undermines" legal prohibitions against targeting U.S. residents, she added.

The Senate Judiciary Committee's hearing was intended as a head start on discussions about renewing the FISA Amendments Act before it expires in December 2017. There was no discussion during the hearing about letting the law expire, and there was little discussion about limiting what overseas communications the NSA can collect.

Goiten asked Congress to limit the NSA surveillance to terrorism-related suspects, instead of allowing the agency to target any non-U.S. resident with possible intelligence information. But most of the discussion centered on the so-called "incidental" collection U.S. residents' communications.

While Goiten and David Medine, chairman of the U.S. Privacy and Civil Liberties Oversight Board, called on Congress to rein in the NSA collection and search of U.S. communications, other witnesses and some senators praised the NSA programs.

The NSA surveillance programs have helped thwart dozens of terrorism plots, including some in the U.S., said Matthew Olsen, president of consulting for IronNet Cybersecurity and former director of the National Counterterrorism Center.

The surveillance programs are "vital to our security," Olsen said. "Beyond the United States, Section 702 surveillance has proven to be an invaluable tool in supporting the counterterrorism efforts of our allies around the world."

The programs allow the U.S. government to "obtain critical intelligence about terrorists and other targets that it simply could not obtain by other means," Olsen added.

Join the CSO newsletter!

Error: Please check your email address.

More about FBINational Security AgencyNSAPrismYork University

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts