Leaked Senate Talking Points Say Internet Surveillance Warrants Would Force FBI to Let Terrorists Bomb Things Requiring federal agents to have “probable cause” to eavesdrop on the internet activities of American citizens poses a direct threat to national security and would force the FBI to stand by while terrorist plots unfold on U.S. soil, according to a leaked copy of talking points distributed to Senate lawmakers this… Read more...
Senate passes Patriot Act amendment strengthening independent oversight The Senate is preparing to vote on a reauthorization of the Patriot Act, which has been used to enable surveillance of the kind exposed by Edward Snowden. It allowed ford the bulk collection of data on millions of phone calls that could be queried by...
Here’s Who Just Voted to Let the F.B.I. Seize Your Online Search History Without a Warrant A bipartisan amendment that sought to prohibit law enforcement agencies, such as the FBI, from obtaining the web browsing and internet search histories of Americans without a warrant failed to pass by a single vote in the U.S. Senate on Wednesday. Read more...
Congress Must Put an End to Surveillance Under Section 215
This month, TechFreedom joined two different coalitions of privacy, civil rights and government transparency organizations in urging Congress to avoid reauthorizing bulk collection of phone records under Section 215 of the PATRIOT Act when it sunsets at the end of the month.
The first coalition letter opens:
Almost two years ago, the United States’ bulk surveillance programs operating under Section 215 of the Patriot Act and other authorities were revealed to the public. These bulk surveillance programs raise serious constitutional concerns, erode global confidence in the security of digital products, and are unnecessary for national security. These sentiments were echoed by the Privacy and Civil Liberties Oversight Board, which concluded that daily collection of Americans’ phone records under Section 215 both lacked a legal basis and failed to prevent even a single terror attack.
The second letter notes the immediacy of the upcoming deadline and urges Congress to oppose any measures that would reauthorize the bulk collection.
The bulk collection of telephone records authorized under Section 215 represents a major violation of Americans’ privacy rights; Congress must seize on this opportunity to win a major victory for surveillance reform.
America hasn’t even begun to have a meaningful debate about curtailing the government’s right to spy on citizens
By Stephen Vladeck, Foreign Policy, June 1, 2015
The ongoing debate over U.S. surveillance programs seemingly came to a head last night, when the Senate failed to extend controversial Section 215 of the USA Patriot Act, which expired at midnight. As we learned from Edward Snowden two years ago, Section 215 was the provision that the government secretly claimed provided authority for the bulk collection of Americans’ phone records--their telephone “metadata.” And although the government’s less-than-obvious interpretation of that statute was accepted by judges sitting on the largely secret Foreign Intelligence Surveillance Act (FISA) Court, it has since been repudiated by two different federal courts, one on the grounds that Congress had not in fact approved such a program and one on the grounds that, even if it had, such warrantless, suspicionless surveillance violates the Fourth Amendment to the U.S. Constitution.
For those reasons, and a host of others, the debate over what Congress should do with Section 215 as its sunset approached grew only more heated ahead of the deadline, provoking bitter disputes over the legal wisdom and practical necessity of the phone records program. Some privacy and civil liberties groups, joined by libertarian politicians such as Sen. Rand Paul (R-Ky.), supported outright expiration of the provision, arguing that the phone records program was both unnecessary and unconstitutional. At the other end of the spectrum, hardline conservatives, led by Senate Majority Leader Mitch McConnell (R-Ky.), backed a straight “reauthorization,” which would allow the program to continue for as much as two additional years before further reconsideration.
The Obama administration, along with a number of more moderate members of Congress, took more of a middle road, calling for the fairly modest reforms provided by the USA Freedom Act, which would replace the phone records program with a somewhat less open-ended (and somewhat better regulated) series of authorities for the government to obtain and review similar data--and which the House of Representatives overwhelmingly passed on May 13.
But whatever the merits of the competing sides in this debate, the larger problem is that this conversation has missed the forest for a very small--and largely irrelevant--tree. In fact, from the perspective of individual privacy rights, the phone records program is much less problematic than the government’s other authorities to conduct mass surveillance under Executive Order 12333 and the 2008 FISA Amendments Act. And so, in focusing on how to “fix” Section 215, we’ve given short shrift to the far more significant problems raised by these other authorities--and, just as importantly, the broader lessons we should be taking away from the surveillance reform conversation that Snowden started.
To understand the significance of these other authorities, it’ll help to describe their aims: Executive Order 12333, issued in 1981, is directed at the overseas interception of communications--both metadata and content--of non-citizens outside the United States, who, under a 1990 Supreme Court decision, categorically lack Fourth Amendment rights. The 2008 FISA Amendments Act was enacted to close a loophole that new technology had helped to create, where non-citizens outside the United States were nevertheless communicating through servers or other telecommunications infrastructure located stateside, which the government could not surveil under the executive order.
Ordinarily, the government needs a warrant before collecting the content of domestic communications, one based upon a judge’s determination that there’s good reason to believe a particular individual either is engaged in the commission of a crime or is an agent of a foreign power. But Executive Order 12333 and the 2008 FISA statute, by focusing on individuals who fall outside the Fourth Amendment, capitalize on the lack of constitutionally required individualized assessments and instead allow the government to engage in bulk collection of such information--as if it were using an industrial vacuum cleaner to pick up individual particles of dirt.
It’s easy to see how these authorities could cause diplomatic headaches (as, for example, with the contretemps surrounding U.S. surveillance of German Chancellor Angela Merkel’s cell phone). But most commentators have assumed that, at least legally, the validity of these programs turns on their overseas focus. After all, if the government is only targeting the communications of non-citizens outside the United States, what could possibly be the constitutional objection?
The answer, we now know, has everything to do with technology. Although the government is only allowed to “target” non-citizens outside the United States, it is inevitable, given how it collects information under both of these regimes, that the communications of U.S. citizens and non-citizens lawfully present in the United States will also be collected, albeit “incidentally,” as the government puts it. After all, when thousands of unrelated emails and other electronic communications are bundled together in a packet that travels through an Internet switch that’s physically located in the United States (for the 2008 statute) or overseas (for Executive Order 12333), it’s simply not possible for the government to only collect the communications between non-U.S. citizens and leave the others untouched, any more so than it’s possible for a vacuum to segregate particles of dirt.
To be sure, the U.S. government doesn’t dispute that it routinely collects the communications of U.S. citizens. Instead, it has argued that any potential for abuse is mitigated by so-called “minimization requirements”--procedural rules that require the relevant intelligence agency to take steps to avoid the improper retention and use of communications collected under these authorities.
The government’s defense, as we’ve come to learn, is flawed in two vital respects: First, as several since-disclosed opinions from the FISA Court have made clear, the government’s minimization requirements under the 2008 statute were often too skimpy, allowing the retention and use of information that both the statute and the Fourth Amendment prohibit. Second--and perhaps more importantly--even where the minimization rules were legally sufficient, there have been numerous instances in which government officials violated them, with the FISA Court only discovering the abuses after they were voluntarily reported by Justice Department lawyers. As a result, the government collected and retained a large volume of communications by U.S. citizens that neither Congress nor the Constitution allowed it to acquire.
More alarmingly, with regard to collection under Executive Order 12333, there isn’t any similar judicial review (or meaningful congressional oversight), which means that it has entirely been up to the government to police itself. As State Department whistleblower John Napier Tye explained last summer, there is every reason to doubt that such internal accountability has provided a sufficient check. In his words, “Executive Order 12333 contains nothing to prevent the NSA from collecting and storing all … communications … provided that such collection occurs outside the United States in the course of a lawful foreign intelligence investigation.”
To put the matter bluntly, whereas the Section 215 debate has addressed whether the government can collect our phone records, Executive Order 12333 and the 2008 FISA Amendments Act allow the government to collect a lot of what we’re actually saying, whether on the phone, in our emails, or even to our search engines. There is no question that, from a privacy perspective, these programs are far more pernicious than what’s been pegged to Section 215. There is also no question that such collection raises even graver constitutional questions than the phone records program. Whereas there is an open debate over our expectation of privacy in the metadata we voluntarily provide to our phone companies, there’s no doubt that we have an expectation of privacy in the content of our private communications.
Why, then, has all the fuss been around Section 215 and the phone records program, while the far more troubling surveillance authorities provided by Executive Order 12333 and the 2008 FISA Amendments Act have flown under the radar?
Part of it may be because of the complexities described above. After all, it’s easy for people on the street to understand what it means when the government is collecting our phone records; it’s not nearly as obvious why we should be bothered by violations of minimization requirements. Part of it may also have to do with the government’s perceived intent. Maybe it seems more troubling when the government is intentionally collecting our phone records, as opposed to “incidentally” (albeit knowingly) collecting the contents of our communications. And technology may play a role, too; how many senders of emails know where the server is located on which the message is ultimately stored? If we don’t realize how easily our communications might get bundled with those of non-citizens outside the United States, we might not be worried about surveillance targeted at them.
But whatever the reason for our myopic focus on Section 215, it has not only obscured the larger privacy concerns raised by these other authorities, but also the deeper lessons we should have taken away from Snowden’s revelations. However much we might tolerate, or even embrace, the need for secret government surveillance programs, it is all-but-inevitable that those programs will be stretched to--and beyond--their legal limits. That’s why it’s important not only to place substantive limits upon the government’s surveillance authorities, but also to ensure that they are subject to meaningful external oversight and accountability as well. And that’s why the denouement of Section 215 debate has been so disappointing.
Reaching some degree of closure with regard to the phone records program may leave many with the impression that America has concluded a meaningful and productive national debate over surveillance reform. We haven’t. And although the 2008 FISA Amendments Act is also set to expire--on December 31, 2017--the debate over Section 215 leaves little reason to believe that we’ll have it then, either.
As of the end of yesterday, section 215 of the USA PATRIOT act has not been renewed. This means that the US government is no longer allowed to gather “intelligence” on large numbers of people without suspecting them of doing anything illegal. This means that they are no longer legally allowed to listen to phone calls, read emails, and otherwise collect information on people without a search warrant. We’ll see how it is interpreted by the courts, there is still the discussion of whether “metadata” is considered intelligence.
As Patriot Act Debated, Privacy Tools More Accessible
Other than civil liberties activists, people never used to get too agitated over privacy issues. Edward Snowden’s revelations changed all that and it’s possible you were one of the protesters in San Francisco that went to the Sunset Vigil on May 21st to demand that Senator Dianne Feinstein let a section of the Patriot Act expire on June 1st.
Regardless, people around the world hold strong views on protecting privacy. A recent survey from the Pew Research Center shows 74 percent of Americans believe control over personal information is “very important,” yet only 9 percent believe they have such control.
The tech community is trying to change that.
Andy Isaacson, one of the co-founders of Noisebridge, a hacker and education space in the Mission District, lead a recent Cryptoparty to teach civilians how to use privacy tools. He talked to Mission Local about the importance of digital privacy.
Why is the Mission an important hub to talk about digital privacy issues?
Andy Isaacson: San Francisco and the Mission are really exciting places to be in the privacy and technology space right now because there are so many opportunities and so much work happening. Places like Noisebridge, where we are hoping to have a Cryptoparty on a regular basis, organizations like Open Whisper Systems which is a software development company that builds open source and secure messaging systems, -like Signal and TextSecure-, and the Electronic Frontier Foundation, which is no longer based in the Mission but has deep roots here. All of them are taking steps to advance people’s rights and digital freedoms.
When did this discussion to involve non-tech community begin and how to speak to that general audience?
AI: It’s been a long journey, we’ve (the tech community) built systems that were secure in some sense, like PGP 20 years ago, but those systems weren’t very useful, they weren’t well matched to our real life communications to be secure. It’s really hard to teach, it has a lot of confusing conceptual hurdles that you have to clear before you can use it confidently. But we’re finally getting to a place where modern systems like Signal have made a giant leap towards building systems that are actually usable in the real world by actual people who have real problems that they need to solve. So that together with other systems like OTR (Off the record) to send instant messages andCryptocat, another example in browser secure chat application, there’s this whole new generation of modern privacy tools that are making the internet as a whole more secure, and letting individuals take control of their personal digital security, rather than giving up that control to Gmail, for example.
How does a Cryptoparty work and what kind of things do you teach there?
A.I: Thanks to this new generation of tools things like a Cryptoparty become possible. An educator or advocate can go to a community and help them to understand what the privacy tools can and can’t do, because there are still limitations that should be known to use the tools safely. A crypto party is a way for people to get excited doing something practical, and taking the first steps towards building a freer and a more secure internet for everyone. We teach them how to download and use the tools for secure communications, and how to navigate in the TOR system.
How would you describe the audience of these Cryptoparties?
A.I: There’s a wide variety of people, and everybody can get something useful out of a crypto party. We had lawyers concerned about communicating securely with their clients. We had educators, teachers who might have information that needs to be kept private about their students or “from” their students if their students are trying to change their grades. We had artists who are concerned about the social implications of mass surveillance or of malware and bad actors affecting people’s privacy on the internet. And we also had some politicians and activists who are interested in what do we need as a society to defend privacy. We expect to do another one in July and to reach a bigger audience in the Mission.
The core ingredient of these workshops is encryption. How do you see the learning of encryption within the general public?
AI: Encryption is a very important ingredient in an overall recipe of digital freedom and personal liberty, but it’s not the only one. We need very smart developers to build encryption systems, but we also need visual designers to help us deliver systems that people can look at and understand. We need educators to help the systems become used by real people. We need back and forth communications with users to come back to the designers to say: this doesn’t work right for me. Because for two to three decades, we as technologists have been building systems that aren’t actually usable. The magic of software is that it can turn an idea into a tangible object and encryption is a beautiful idea that requires many more decades of work, building systems that are a little bit better, a little bit more usable, a little bit more secure. A little bit more capable of bringing the benefits of digital freedom and free communications to everyone.
Noisebridge operates a TOR (The Onion Router) node. Can you explain how that project have evolved in the digital privacy field and how aware are the people about its possibilities?
AI: The TOR network is a globally cooperative volunteer network of servers that help to preserve people’s anonymity for connections to websites, on the internet, and the network has been running since around 2004. The critical thing that TOR provides that no other VPN or IP hiding service provides is that no single person or no single organization in the TOR system has the ability nor the possibility of figuring out what user of TOR is browsing what website. We’ve never had a law enforcement agency attempt to compel a TOR operator to break the anonymity or break the privacy of one of our users, but if it were the case, it is impossible to do it because of a highly reliable design of the system. The servers are all around the world and no single organization trusted has been able to break the thing, as the keys (encrypted) are in different nodes. That to me is really reassuring. It means that I can use Google to look up a really embarrassing medical condition safe, knowing that Gmail is not going to start showing me ads for that medical condition because I don’t want my girlfriend or my boss to see that over my shoulder at the office.
Some people wonder why they would be under surveillance, why they would be important for the government if for instance they are not doing any kind of political activities. Why is privacy important for everyone?
AI: There is this really weird argument that goes: “If you don’t have anything to hide why are you worried?” And I turn that around and say that everyone has something to hide and that is part of their privacy. Everyone has some medical question that they would like to answer, some friend they don’t want everyone knowing they’re friends with, that teacher who has their grade book stored on that public Gmail folder. And it’s really a question of privilege, social and cultural. There’s a really infamous quote from Mark Zuckerberg (the founder of Facebook) that says: “it’s just not proper for people to not want to use their real name on the Internet”. And that is a voice of incredible privilege speaking right there. He is lucky that he has never had a hobby that could get him ostracized in his hometown where he was stuck. He is lucky to love someone without having to worry about the state telling him that he couldn’t marry that person, and the recognition of that privilege is really lacking in the tech community. For instance, during the ‘Say Her Name’ protests in Oakland, Police had profiled the organizers, so some privacy might have helped them to be more effective as activists.
Still many people choose to expose their lives in social media or are not aware of how much of that data ends up in the wrong hands. How to make encryption a little bit sexier?
AI: Some people think of the extra cost or the extra struggle or the extra work (of protecting online communication) just isn’t worth it. It’s too much hassle, it’s too limiting and really what do I have that anyone would want to get at? And that’s actually a legitimate position to take. But it’s best to make that decision from a position of power and knowledge than from a position of ignorance or powerlessness. So learning how the tools work and starting to use them in cases where it’s easy, can help you clear the hurdle if it turns out at some point that you need a tool that has the capability. The technical term for this is pretty confusing, it’s “Threat modeling.” What do I have to protect and from who? Whether that’s protecting my privacy, or protecting information from being changed without me knowing it, or protecting my ID from being disclosed unknowingly in a public or commercial space. If you need to protect it against 6th graders, maybe the correct actions are less drastic. If you need to protect it against an organized crime organization because you are trying to help women who have been trafficked into the Mission for sex work or if you are trying to be Edward Snowden and you have nuclear secrets and you’re trying to protect it against the NSA, that’s a different kettle of fish entirely. The tools aren’t useful unless you have some idea of what you’re trying to use them for. And those two pieces make the Crypto party useful.
Talking about Edward Snowden, one of his revelations what that section 215 of the Patriot Act gave the intelligence community the ability to collect information about anyone in the United States. This section is going to expire on June 1st. How has been the role of activists to make people understand that legislators shouldn’t extend this measure?
A.I: The NSA and a couple of other organizations have really broad and sweeping powers to surveil U.S. citizens who were not suspected of any crime. At the time Patriot Act it was passed, back to 2001, America was scared. We were really terrified and anything that would help us be less afraid was going to get passed… carte blanche. But a few reasonable people in Congress weren’t comfortable with giving these powers indefinitely, so they set a sunset date of these section 215 on June 1st. Thanks to Snowden, we know that the intelligence community lied to Congress about how these powers were being used. These tools aren’t actually useful for fighting terrorism, they’ve never been used in an active terrorism investigation, they’ve never resulted in the defeat of a terrorist plot. We still don’t actually know all of the programs that are being run under their supposed section 215 authority. Furthermore, a federal judge found that section 215 was being interpreted incorrectly and it was unconstitutional. So for all of these reasons, the activism thrust over the last few months has been ‘let’s kill the extension’ just let it sunset, let it die.
How has been the battle so far, and what do you think is going to happen on Sunday?
AI: When we started this fight, the consensus among the Washington talking people was that it was a fool’s errand, that there was no way that we would actually win this fight. To our delighted surprise, the Senate Saturday morning (May 23rd) did not vote to extend 215 even by a few days. So there’s gonna be another showdown on Sunday, just a few hours before the sunset date. Even if it turns out the wrong way, just the fact that we’ve gotten to this point is a contradiction for the naysayers. It’s just proof that the people organizing together to stand up and say no this really isn’t ok, can make a huge difference.
Still the Section 215 is not the only piece of law to worry about in terms of Privacy rights…
AI: No. The fight isn’t over. NSA has a team of several hundred lawyers, whose job it is to sift through every law that they can to find some justification for whatever program they want to run. And every time the spokesperson of anyone at the executive branch talks about stopping a collection program, they have to say ‘under this authority’ at the end. Because every program of collection that the NSA has, is covered by multiple secret interpretations of the law. What we need is Congress to give up their claims that they can’t disclose programs. The Senate has a responsibility to address these abuses that happened in the intelligence community and to really clean the house.
If you are interested in digging into these privacy tools and mass surveillance, here are some resources:
Read this first! Here's what's happened with the controversial Patriot Act program Section 215 last night:
After years of using delaying tactics and last minute deadlines to push last minute Senate votes, Mitch McConnell's attempt to use building deadline pressure to extend, with some modification, three of the more controversial Patriot Act provisions failed late Sunday night. The bill to do so is the USA Freedom Act. It is still likely to pass on Wednesday.
Rand Paul used parliamentary rules to disrupt the vote and debate pushed beyond midnight, forcing the government to shut down:
NSA bulk data collection (the now infamous Section 215 which allows, among other things, collections of photos of your dick, to paraphrase John Oliver)
Roving wiretap provisions, which allow the government to move warrants for wiretaps from device to device when subjects frequently switch through burner phones.
Lone Wolf provisions, which allow the government to use the full might of the national security apparatus against individuals with no connections to foreign terror groups but who the NSA might believe are inspired by organizations such as ISIS.
The USA Freedom Act would have extended the last two programs without modification and applied modification to Section 215 in a Presidentially-approved plan.
Who wanted it to pass?
Most Republicans in the Senate, the Obama administration. Notables: Attorney General Loretta Lynch, who called this a "serious lapse". Director of National Intelligence James Clapper who said:
[The United States] "would lose entirely an important capability that helps us identify potential U.S. based associates of foreign terrorists."
CIA Director John Brennan, who said that ending the program is "something that we can't afford to do right now."
Why shouldn't these provisions go on?
Consider these quotes from CNN's coverage:
"As it stands, several official review boards -- including a presidential review group and a government privacy oversight board -- found that the bulk metadata collection program was not essential to thwarting a single terror plot."
"The roving wiretaps provision that can be used in terrorism cases is used less than 100 times per year, but officials could be in a bind when it comes to new investigations."
"Officials say the rising threat of lone wolves -- including those inspired by ISIS, but not ordered -- raises the need to maintain that provision of the Patriot Act.
"But they concede the provision had not been used, even as the FBI has increasingly focused its efforts on lone wolves."
"Allowing the provisions of the Patriot Act to sunset wouldn't affect the government's ability to conduct targeted investigations or combat terrorism," the ACLU said. "The government has numerous other tools, including administrative and grand jury subpoenas, which would enable it to gather necessary information."
And from USA Today:
"A three-judge federal appeals court ruled in May that the NSA's bulk collection of phone data is illegal and is not what Congress intended when it passed the Patriot Act after the 9/11 terrorist attacks."
“The people who argue that the world will come to an end and we will be overrun by jihadists (by not passing the bill) are using fear,” - Rand Paul
What's next?
The USA Freedom Act is still expected to pass on Wednesday. If it does the Lone Wolf and roving wiretap provisions will come back into being with no alterations. Section 215 will change.
With the act's alterations the Section 215 portion of the US Patriot Act will instead force communication companies to gather and store customer information and would require the government to then get a search warrant to access it. It will also force a more public record of the mostly unseen FISA Court process and FBI requests for data accompanied by gag orders.
Additionally, it would allow companies to more fully report on government requests.
Is there anything advocates would like the Freedom Act to do that it does not?
From the EFF:
"First and foremost, the USA FREEDOM Act of 2014 does not adequately address Section 702 of the FISA Amendments Act, the problematic 2008 law that the government argues gives it the right to engage in mass Internet surveillance. We remain committed to reform of Section 702. We intend to pursue further reforms to end the NSA’s abuse of this authority.
"The legislation also does not affect Executive Order 12333, which has been interpreted by the NSA to allow extensive spying both on foreigners and U.S. citizens abroad. Strictly speaking, we don’t need Congress to fix this—the President could do it himself—but legislation would ensure that a later President couldn’t reinstate 12333 on her or his own.
"The legislation may not completely end suspicionless surveillance. With respect to call detail records, it allows the NSA to get a second set of records (a second “hop”) with an undefined “direct connection” to the first specific selection term. "
Read all about it in my archives collection on this topic. http://chronoto.pe/tag/usa-freedom-act/