Earlier this week, Sen. Dianne Feinstein expressed outrage that “the Senate Intelligence Committee was not satisfactorily informed” of the NSA’s surveillance of German Chancellor Angela Merkel’s phone. In response, Feinstein–typically a staunch supporter of the intelligence community–said “[i]t is abundantly clear that a total review of all intelligence programs is necessary” and that “our oversight needs to be strengthened and increased.” With reform and increased oversight in the minds of the Members of the Senate Intelligence Committee, draft legislation, which was introduced by Senator Feinstein, passed the full committee today by a vote of 11-4.
This bill, the draft FISA Improvements Acts [full text], purports to “increase[] privacy protections and public transparency of the National Security Agency call-records program in several ways.” But let’s take a closer look to see whether the new legislation will prove to be a Halloween trick or treat for those looking for real reform of the NSA’s metadata programs.
According the press release from Feinstein’s office, the proposed legislation “[p]rohibits the collection of bulk communication records under Section 215 of the USA PATRIOT Act except under specific procedures and restrictions set forth in the bill”:
“(i) GENERAL PROHIBITION ON BULK COLLECTION OF COMMUNICATION RECORDS.—No order issued pursuant to an application made under subsection (a) may authorize the acquisition in bulk of wire communication or electronic communication records from an entity that provides an electronic communication service to the public if such order does not name or otherwise identify either individuals or facilities, unless such order complies with the supplemental procedures under subsection (j).”
A promising start. However, when we turn to the text of the bill, we see the “procedures and restrictions” aren’t much different from the current bulk collection program under Section 215. The two substantive restrictions of the legislation are that (A) the bulk collection cannot include acquisition of content (which, of course, by now we likely all know that the NSA metadata program does not involve the acquisition of content) and (B) any bulk collection orders are effective for no more than 90 days, with the opportunity for renewal. Furthermore, the NSA may access individualized data when a “determination has been made that there is a reasonable articulable suspicion that the [target] is associated with international terrorism or activities in preparation therefor” (emphasis added).
Essentially, then, this “reform” legislation would codify the NSA metadata program in its current form and, in the process, eliminate arguments by critics that the program exceeds the scope of Section 215. But the legislation goes even a step further, granting the NSA new authority for certain non-U.S. persons located in the United States during “transitional periods” of up to 72 hours:
“Notwithstanding any other provision of this Act, acquisition of foreign intelligence information by targeting a non-United States person reasonably believed to be located outside the United States that was lawfully initiated by an element of the intelligence community may continue for a transitional period not to exceed 72 hours from the time when it is recognized that the non-United States person is reasonably believed to be located inside the United States”
So while Sen. Feinstein’s statement promises greater privacy protections and increased public transparency, the central part of the legislation delivers little of either, unless you consider providing a more solid statutory authority greater transparency.
To be fair, the legislation does deliver a few new privacy protections. For example, the bill would (i) impose “criminal penalties of up to 10 years in prison for intentional unauthorized access to data acquired under the [FISA authority]” and (ii) authorize the FISC to designate amicus curiae on matters that “present a novel or significant interpretation of the law.” But for the latter, outside groups are already, on occasion, filing amicus briefs on appeals before the FISCR. Therefore, while the Feinstein “reform” legislation claims to deliver much, it actually offers very little substantive change from the status quo. Sen. Wyden, who voted “no” on the bill, said the Feinstein legislation was “far from anything that could be considered meaningful reform.”
And as covered earlier on Just Security, Sen. Leahy and Rep. Sensenbrenner have already proposed their own NSA reform bill, the USA FREEDOM Act. Leahy and Sensenbrenner argue that their bill would end the bulk collection programs (although Jennifer Granick notes it would not address the most recent revelations that NSA infiltrated Google’s and Yahoo’s data centers). But for now, it looks like we have at least two congressional proposals with competing visions for the future of the NSA bulk collection programs.