Rogers/Ruppersberger vs Leahy/Sensenbrenner vs Obama? NSA reform proposals and reactions

Ending bulk collection of phone records? Er, not yet.

This week: much talk of potential surveillance reforms.

Sadly, this sounds more hopeful than it is.

On Friday, the Fisa court order for bulk domestic phone records collection expired. An alternative to bulk collection was thus badly needed. Or so you would think. Except, there wasn’t that much of a hurry, really.

In absence of new legislation that reflects surveillance reforms, “[t]he administration [sought] approval from the Fisa court to continue the [bulk collection] programs for another 90-days […] until Congress passes a bill along the administration’s guidelines”. All rejoice. 90 more days (at least) of the same stuff.

Ironically, “[a]fter President Obama announced his willingness to really end the bulk collection of phone records under Section 215 of the Patriot Act, Senator Patrick Leahy pointed out that the easiest way to do that was to simply not ask the FISA Court to renew that authority this Friday when it expired”.

Yes, I suppose that would have been the easiest way. It also didn’t happen. The president may be willing to really end the phone bulk collection programme in the long term, but in the short to medium term the programme remains in place.

So far, so rubbish.

Mind you, it isn’t for lack of (as yet unlegislated) alternatives.

For an initial idea of what those alternatives are, take a look at the Guardian’s neat overview of the individual proposals here.

No, seriously, do it now.

Are you doing it?

Have you done it?


New legislation: competing proposals

One: the USA Freedom Act

So then let’s take a look at them – and some reactions – in a bit more detail.

We have already heard a lot about the so-called USA Freedom Act – introduced among others by the author of the Patriot Act, Jim Sensenbrenner. Also known as the Leahy/Sensenbrenner bill, it has “163 co-sponsors in both chambers” and “would prohibit the NSA from searching for Americans’ identifying information in its foreign-oriented communications content databases.”

In short, it would end bulk data collection. Which is good.

I commented on this here and I still think that it’s one of the more exciting proposals as it would “require a stronger burden of proof for data searches and limit some of the NSA’s other programs, including surveillance of overseas internet traffic”.

However, as of this week, it has a couple of rivals.

Two: Rogers and Ruppersberger

Most notable amongst those (and not for promising reasons) perhaps a new bill introduced by the leaders of the House Intelligence committee, Dutch Ruppersberger and Mike Rogers (of Snowden-denouncing notoriety), the tellingly – and may I add deceitfully – named End Bulk Collection Act of 2014.

Now, about this particular gem of proposed legislation, I am not sorry to say, I utterly fail to get excited.

Fine, superficially, the bill also ends bulk collection. It does not “require telecommunications firms to keep such records any longer than the current 18-month maximum, a significant shift away from the five years during which they are currently held by NSA” (but still plenty of time for some good snooping).

However, and this is crucial, it                      

would allow the government to collect electronic communications records based on “reasonable articulable suspicion”, rather than probable cause or relevance to a terrorism investigation, from someone deemed to be an agent of a foreign power, associated with an agent of a foreign power, or “in contact with, or known to, a suspected agent of a foreign power.

Think about this for a moment.

What this legislation would actually do, is to expand rather than rein in, some of the NSA’s powers.

Whereas “[t]he NSA’s current phone records program is restricted to a reasonable articulable suspicion of terrorism”, amending this to “reasonable articulable suspicion” while omitting the limitation to terrorism would significantly lower the legislative threshold.

As the Guardian reports, “the bill […] proposes the acquisition of such phone or email data for up to a year and would not necessarily require prior approval by a judge. Authorisation of the collection would come jointly from the US attorney general and director of national intelligence.”

Fails to inspire confidence? Same here. I am particularly intrigued by the little detail that it does “not necessarily require prior approval by a judge”.

So, “[i]n essence, the draft bill gets rid of bulk collection, but makes it easier for government authorities to collect metadata on individuals inside the US suspected of involvement with a foreign power.”

And while it cuts the current “three hops” approach down to two, this still means that

if you talked to someone who talked to a suspect, your records could be searched by the NSA. Coupled with the expanded “foreign power” language, this kind of law coming out of Congress could, arguably, allow the NSA to analyze more data of innocent Americans than it could before.


I cannot be the only one to whom the bill smacks (yet again) of too many secret dealings by the FISA court, the attorney general and Director of National Intelligence (who is that again? Oh yes. James Clapper! The guy who lied to Congress.) This seems more like a continuation of too little oversight than anything.

And, as we all know and Jameel Jaffer has pointed out once again oversight was flawed to begin with:

…there was an entirely one-sided system in which government attorneys presented the supposed interests of the intelligence community in the most expansive way possible, and the judges of a poorly resourced court tried unsuccessfully, and sometimes halfheartedly, to imagine what ordinary citizens might say in response.

Equally bad, or perhaps worse

the intelligence committees that were meant to serve as a further check on unwarranted government surveillance failed just as profoundly. They allowed the intelligence community to launch dragnet programs when narrower programs would have been equally effective. They allowed it to mislead the public about the scope of its surveillance activities. They allowed it to pretend that the government’s surveillance technology was directed at suspected terrorists abroad when in fact it was directed at ordinary citizens.

Criticisms: Basically, don’t trust Rogers and Ruppersberger

No wonder that Jim Sensenbrenner, author of the rival bill, criticises that the Rogers/Ruppersberger bill “limits, but does not end, bulk collection”.

Trevor Timm, of the Freedom of the Press Foundation, is more explicit. He sharply criticizes both the bill and its proponent Mike Rogers, writing that

…[a]s a general rule, whenever Mike Rogers […] claims a bill does something particular – like, say, protect your privacy – it’s actually a fairly safe assumption that the opposite will end up true. His new bill seems to have the goal of trading government bulk collection for even more NSA power to search Americans’ data while it sits in the hands of the phone companies.

Personally, I have as little confidence as Mr Timm in anything Mr Rogers says, not only because of his “long history of distorting the truth and practicing in outright fabrication” but also because of “his attempts to impugn [Edward Snowden’s] motives” who, as Timm correctly emphasises is “once again vindicated.”

And here is why else I don’t trust Rogers, Ruppersberger or their bill: in a “highly unusual” move this week – which Dustin Volz at the National Journal labels as a “procedural coup” – they sent their bill first to the House Intelligence committee rather than the Judiciary committee, which begs the question of what Rogers’ and Ruppersbergers’ interest in protecting people’s civil liberties really is.
It may be needless to say that the Judiciary Committee were “pretty outraged”: “The maneuver, [one staffer] said, puts NSA reform in “the hands of its biggest chearleaders”.”

Which points to the crux of the problem: there is a good reason for why “[t]he House judiciary committee has primary jurisdiction over the legal framework of [America’s] intelligence-gathering programs”. That’s because the spies or their supporters should not be the ones making the laws that govern spying. Separation of powers and all that…

And finally: the White House

Ah well. There is another proposal so not all may be lost.

After all, president Obama himself announced this week that he really, really intends to end bulk collection, a move which has been hailed as a “turning point”, marking “a new effort to reclaim our rights from the NSA and restore the public’s seat at the table of government” by the very man who exposed bulk surveillance – Edward Snowden.

I am assuming Mr Snowden got overexcited because at the time he hadn’t actually seen the proposal. I can tell you, it’s not that grand.

Under the White House proposal, the New York Times reports,

the N.S.A. would end its systematic collection of data about Americans’ calling habits. The bulk records would stay in the hands of phone companies, which would not be required to retain the data for any longer than they normally would. And the N.S.A. could obtain specific records only with permission from a judge, using a new kind of court order.

Notably, the administration’s proposal entails a “judge’s prior approval for individual phone numbers” (emphasis added) as opposed Rogers and Ruppersberger’s proposed “review [of] the specific collection [by a judge] after the fact” which, frankly, seems like utter nonsense. Disapproval is useless once the action that is to be disapproved has been done.

Before you get all excited about the administration’s proposal though, do consider a couple of things that are wrong with it.

One, bulk records would still be held for up to 18 months by the phone companies. Like I wrote above, this plenty of time for…

Two, the judge whose prior approval the NSA would need, would likely be a FISA court judge which, once again, raises the question of responsible oversight: “the […] FISA court […] has a long record of rubber stamping government requests, no doubt in no small part because only the government is allowed to speak to the court”.

Mind you, there are a lot of questionable aspects of current surveillance practices that Obama’s proposed reforms don’t even mention. In fact, for a more in-depth dissection of what they do and don’t mention, I suggest you read Peter van Buren’s excellent article.

Certainly, Jameel Jaffer isn’t wrong to criticize that the White House Proposal does not go far enough, for example by cutting the three-hops approach down to two hops (still plenty of people).

Similarly, “[p]rivacy groups […] expressed wariness that Obama’s proposals […] only covered phone data,” leaving the door open for other data to be collected in bulk.

One of the problems is that

the reform proposals seem specific only to bulk phone records collected by the NSA under section 215 of the Patriot Act. They do not appear to apply to any other collections by the NSA (email, Skype, chat GPS, texts, and so on and on), or any other federal or state agency, or to any programs in place today that we are not aware of or which may be created in the future, perhaps in response to the reforms.

As Dan Gillmor writes, “we can’t even begin to feel reassured about the long-term trajectory of surveillance […], not when so much of our ordinary communications don’t take place on the usual phone-record system at all.” He also correctly asks if “are we talking about the right reforms here”. “Maybe,” he suggests, “we’re missing the larger point”. That larger point includes all data besides phone records. It also includes encryption.

Worryingly, under the administration’s new proposal, the NSA would not “be prevented from surreptitiously undermining online encryption standards”.

I fail to understand why that particular omission hasn’t caused more of a stir. Perhaps it’s because it went so casually un-mentioned that no one noticed.

After all, we have been hearing a lot over the past months about how important encryption is and why undermining encryption exposes every single user of the internet to all sorts of threats that need not even have anything to do with the NSA.

And there is another deeply concerning aspect that many of us so far may not have been aware of. Trevor Timm points out that “neither [the White House nor the Rogers/Ruppersberger] proposal touches the NSA’s under-reported and incredibly dangerous “corporate store”.

Haven’t heard of that? Neither had I. I guess that’s what under-reported means.


More scary stuff: the corporate store

Yet this corporate store is actually a very significant and spooky “shiny object”. It is “where queries from the collection store [the much-discussed dragnet] are kept for an undisclosed (and possibly indefinite) period of time.”

You see, “[t]hat store, according to the government’s official privacy and civil liberties watchdog, contains tens of millions of phone numbers, and analysts do not face any restrictions on searching through it”.

Essentially, what it allows the NSA to do is to “pull together both network maps and additional lifestyle information.”

So, ironically, “all the things NSA’s defenders have been insisting the dragnet doesn’t do […] Everything the defenders say the phone dragnet is not, the corporate store is.”

Told you they can make a map of our lives and add every single bit of information to it. Mind you, Edward Snowden told us too. Vindicated. Once again. I wonder if the man isn’t feeling incredibly chuffed by now. I would.


No change for Snowden: figure it out

Maybe he doesn’t. Because what of Edward Snowden, the man whose disclosure prompted these proposals for change?

“There’s no change in our position that he needs to return and face the felony charges against him,” says the US administration.

And while “[m]ost Americans disapprove of the blanket electronic eavesdropping carried out by the vast apparatus of U.S. security organs” and president Obama sympathizes, “Americans overwhelmingly believe that Edward Snowden […] is a traitor who harmed his country. Obama’s officials wholeheartedly concur with that view.”

As, apparently, do many Brits.

“It doesn’t make any sense at all,” writes Neil MacDonald, while Peter van Buren puts it this way:

after nine months of ignoring the Snowden revelations, downplaying the Snowden revelations, not telling the truth about the Snowden revelations, insulting the Snowden revelations, sending members of his administration to lie to Congress about the Snowden revelations and claiming everything the NSA does is legal, righteous and necessary to keep the barbarians outside the gates, Obama is coincidentally now proposing some “reforms” without acknowledging the Snowden revelations.

Or, in fact, Edward Snowden’s role in bringing these reforms about. There can be no question that “had it not been for Snowden, his administration would not be supporting legislation that would put an end” to bulk collection.

If the bulk collection programme ends and if mass surveillance is subjected to meaningful reform, then this is due to Edward Snowden. And yet the new insights that will be the basis for any reform and changes in legislation have prompted no change in the US government’s position or most people’s opinion concerning Edward Snowden.

Yes, I dare you to go away and make sense of that one.

Clearly, “congruence and logic do not matter where official secrets are concerned.”


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s