The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Surveillance Reform May Arrive In Time for Christmas



The USA Liberty Act would require government agents to obtain a warrant before collecting communications belonging to U.S. persons.

As the end-of-year recess approaches and Washington prepares to go dark for several weeks, lawmakers in both the House and the Senate are working to push through bills that would reauthorize one of the major legal tools that the NSA uses to collect and store electronic communications.

Section 702 of the Foreign Intelligence Surveillance Act is due to expire on Dec. 31, and while both chambers of Congress have reauthorization bills in the hopper, privacy and civil liberties advocates say the Senate’s version includes important language that would protect United States citizens and legal residents from broad searches that could include their phone calls, emails, and other electronic communications.

The bill at issue is known as the USA Liberty Act in both the House of Representatives and the Senate, though the two measures have some important differences. At their core, both bills are intended to extend the use of Section 702 for several more years. The NSA and other agencies use the authority from this section to collect millions of records on phone calls, emails, and other communications, which they then store and search as needed during criminal or terror investigations.

Those searches generally are supposed to include only the communications of foreign citizens, but sometimes also include data belonging to Americans. These so-called backdoor searches have been controversial since they were revealed publicly several years ago, mainly because they don’t require a warrant.

But the USA Liberty Act in the Senate right now would change that.

“According to the Senate-side USA Liberty Act, if government agents want to read Section 702-collected communications belonging to U.S. persons, they first need to obtain a warrant from the Foreign Intelligence Surveillance Court (FISC), which provides judicial oversight on Section 702 surveillance. The bill requires the FISC to approve warrants based on whether there is probable cause to believe that the requested Section 702-collected communications contain evidence of a crime, or concerns an ‘agent of a foreign power’,” said David Ruiz of the EFF.

“Importantly, this backdoor search warrant requirement applies even if agents are searching for foreign intelligence information—a requirement not available in the House-side bill. That bill’s exception for foreign intelligence searches seriously undercuts the value of its warrant requirement.”           

It seems likely that Congress will reauthorize Section 702 before it expires next month, so the content of the bill that grants that authority is important. Before Edward Snowden walked away with a huge cache of NSA documents and began feeding them to reporters a few years ago, most people had no idea Section 702 existed, let alone how it was used or the effects of its use on Americans. But with much of that information now out in the open, legislators, privacy advocates, and others have been able to take a close look at the law and find ways in which can be improved. One such change proposed in the Senate’s version of the USA Liberty Act is some additional protections for foreign citizens living in the U.S.

“The Senate-side bill has another improvement: it explicitly grants backdoor search protections to “persons reasonably believed to be located in the United States.” This means that foreign individuals inside the United States will have the same backdoor search protections on their communications and metadata as those offered to U.S. citizens and permanent residents. The Senate-side bill is rare in codifying these protections,” Ruiz said.

Sen. Patrick Leahy (D-Vt.), one of the sponsors of the measure, said the bill is a necessary step on the road to surveillance reform.

“This legislation maintains a critical balance between protecting national security and ensuring the privacy rights and civil liberties of law-abiding Americans, and also provides additional oversight and transparency. It is my hope that this bipartisan legislation will result in real and meaningful reform to this powerful surveillance tool,” he said.

Dennis Fisher

INFOGRAPHICS

Don't Get Hooked: How to Recognize and Avoid Phishing Attacks

Dennis Fisher

Dennis Fisher is editor-in-chief at Duo Security. He is an award-winning technology journalist who has specialized in covering information security and privacy for the last 15 years. Prior to joining Duo, he was one of the founding editors of On the Wire, Threatpost and previously covered security for TechTarget and eWeek.