Policy Letter

POGO and Partners to Oppose USA FREEDOM Act If Not Amended

Majority Leader Harry Reid

United States Senate

Washington, DC 20510

Chairman Patrick J. Leahy

U.S. Senate Committee on the Judiciary

Washington, DC 20510

Chairman Dianne Feinstein

U.S. Senate Select Committee on Intelligence

Washington, DC 20510

Republican Leader Mitch McConnell

United States Senate

Washington, DC 20510

Ranking Member Chuck Grassley

U.S. Senate Committee on the Judiciary

Washington, DC 20510

Ranking Member Saxby Chambliss

U.S. Senate Select Committee on Intelligence

Washington, DC 20510

June 18, 2014

Dear Majority Leader Reid, Republican Leader McConnell, Chairmen Leahy and Feinstein, and Ranking Members Grassley and Chambliss:

The undersigned civil liberties, human rights, and other public interest organizations write about the USA FREEDOM Act (H.R. 3361 and S. 1599), a version of which passed in the House on May 22.

All of the undersigned organizations believed the original version of the USA FREEDOM Act introduced in both the House and the Senate was an important step towards comprehensive reform. However, we are deeply concerned about the changes that the House Rules Committee made to the bill prior to passage, which substantially weakened the version of the bill that had passed with unanimous support from both the House Judiciary and Intelligence Committees. As a result of that strong concern, many of the undersigned withdrew their support, as did half of the bill’s sponsors.

We are writing today as a community to plainly express our position that, unless the version of the USA FREEDOM Act that the Senate considers contains substantial improvements over the House-passed version, we will be forced to oppose the bill that so many of us previously worked to advance.

Various stakeholders in our community prioritize concerns with the House bill differently, and this letter does not exhaustively catalogue every concern. Nor do we focus here on the fact that many potential pitfalls have not been fully explored, due to the rushed and closed-door nature of the bill’s drafting and approval in the House.[1] However, we all believe that the following six issues are of vital importance and urge you to make these substantial improvements to the bill:

1. Definitively end “bulk” collection. Although we appreciate Congress’ apparent intent to end indiscriminate, nationwide “bulk” collection such as the NSA’s current telephony metadata program, the House-passed bill may fall short of that goal. The bill’s overbroad and open-ended definition of “specific selection term” could abusively be read to authorize collection of the records of thousands or millions of innocent Americans. For example, it could conceivably allow the use of a selection term as broad as a zip code, all of the gmail.com Internet domain, or all of Verizon’s premises. We believe that this definition must be narrowed in order to definitively end and prevent surveillance dragnets. We also believe that USA FREEDOM should include new procedures to minimize the acquisition and prohibit the retention and dissemination of non-public information about individuals unconnected to investigations or foreign powers.[2] The primary stated purpose of the USA FREEDOM Act is to end bulk collection. If we are not confident that it will accomplish that goal, we will oppose it.

2. Strengthen transparency reporting and other transparency provisions. The original USA FREEDOM Act allowed detailed transparency reporting by private companies about the government demands they receive, and required more detailed transparency reporting by the government. Such transparency is critical both to ensuring government accountability and restoring customers’ trust in the US Internet industry both here and abroad. Transparency reporting is also a key priority of both the privacy community and the entire Internet industry. However, those provisions were substantially weakened in the House-passed version of the bill. It is vitally important that those provisions be re-strengthened to provide much greater transparency into how the government is using its surveillance authorities and how companies are or are not responding, including by allowing companies to report in smaller bands of numbers than the House bill currently allows.

With respect to reporting by private companies, the provisions in the House-passed bill should be improved in the following five ways: (1) Restore the rule of construction in the original USA FREEDOM Act making clear that the transparency provisions did not prohibit disclosures other than those authorized by those provisions;[3] (2) Remove the 2-year delay on reporting for new companies,[4] which imposes a transparency tax on startups and innovators; (3) Correct the clerical error allowing companies to report the number of content vs. non-content orders received but not the total number of orders received under each legal authority;[5] (4) Restore the provision, contained in the committees-approved version of the House bill, allowing companies to report on government requests made under Title VII of FISA.[6] That title contains authorities used for some of NSA’s broadest and most controversial programs, such as PRISM, which are the programs about which the least is known and that have caused the greatest loss of trust internationally. Finally, (5) companies should uniformly be allowed to report the number of “customer accounts affected” under each reporting option – rather than the number of “customer selectors targeted.”

With respect to government reporting, the House-passed bill would require the government to report only the number of “targets” affected by surveillance orders. Such reports would be highly misleading, as for every surveillance “target,” there may be hundreds or thousands of others whose communications or records the NSA obtains—because they wrote an email about the target, or because they once called the same telephone number as a target. Similarly, the bill’s requirements to disclose the number of FISC orders obtained would reveal little about the scope of surveillance, as we have seen that a single order can authorize the collection of information on millions of Americans. The government reporting provisions must be revised to accurately capture the number of individuals and U.S. persons affected, not merely the number of “orders” or “targets.” This is critical: if these provisions are not restored, the American public will have no way to verify that bulk collection has, in fact, ended.

In order to foster greater transparency, we also urge restoring the measures in the original USA FREEDOM Act to reform the “gag order” provisions for both FISA Section 215 orders and National Security Letters.

3. Avoid ratifying dragnet searches of our international communications. The past year’s disclosures revealed that the NSA uses Section 702 of the FISA Amendments Act to collect and retain international communications, not just to or from targets located outside the U.S., but about those targets.[7] According to reports, the NSA collects this information by tapping key Internet exchange points and scanning the contents of all international traffic, in what amounts to a dragnet search of all email to and from the U.S. Neither the language of Section 702 nor its legislative history gives any hint that the statute was designed for such a purpose. Nonetheless, Section 301 of the House-passed bill requires the minimization of information “that is not to, from, or about the target of an acquisition” – language that could be read to signal Congressional approval of the NSA’s monitoring of the content of millions of innocent individuals’ Internet communications. We believe Section 301 should be removed in its entirety, and Congress should address Section 702 comprehensively in subsequent legislation.

4. Strengthen Reforms to the FISA Court (FISC) Process to Provide More Accountability. As introduced, the USA FREEDOM Act modeled its FISC reforms after Senator Blumenthal’s FISA Court Reform Act of 2013 (S. 1467). That bill created an independent Office of the Special Advocate in the executive branch, responsible for reviewing all FISC applications and related materials, participating in all FISC proceedings, and advocating for Americans’ privacy and civil rights.[8] The House-passed version replaced this reform with a much weaker provision allowing the FISC to appoint amicus curiae with no express duties to advocate for Americans’ privacy interests.[9]

The House-passed bill also watered down provisions requiring public disclosure of FISC opinions. Under the original bill as reported in the House, the Attorney General would direct the disclosure process; in cases where the opinion itself could not be released, the Attorney General would be required to release a redacted version, summary, or other document containing certain minimum information (such as an identification of the legal questions at issue).[10] Under the House-passed version, the Director of National Intelligence would lead the process, and the bill provides no floor for what information must be contained in any redacted version or summary.[11] In theory, the DNI could meet the bill’s disclosure obligation by releasing an opinion with every sentence but one redacted.

The Senate should re-insert the independent advocate provision, and should ensure effective disclosure of the FISC’s legal analysis by requiring that disclosures include certain baseline information that is necessary for conducting effective oversight, consistent with Senator Blumenthal's original proposal.

5. Restore strong minimization requirements for the FISA pen register and trap & trace surveillance authority. The original USA FREEDOM Act codified court review of the government’s compliance with minimization procedures applied to FISA-authorized pen register and trap & trace (PRTT) surveillance. Minimization procedures have proved a critical tool for the FISC in reining in the NSA’s broad PRTT surveillance of the Internet. Yet the House-passed bill replaced PRTT minimization compliance review with a provision under which unspecified “privacy procedures” would be imposed by the Attorney General rather than the FISC. The original PRTT minimization provision should be restored, or the Senate should add a rule of construction making clear that the new “privacy procedures” provision does not prevent the FISC or the Attorney General from imposing additional minimization procedures.

6. Put strict limits on the new call detail records (CDR) authority. Multiple independent reviewers with access to classified intelligence, such as the Privacy and Civil Liberties Oversight Board and the President’s Review Group, have found little evidence to indicate that the call records program is an essential counterterrorism tool, and therefore many in our community see little need for the new CDR authority in the bill. However, and at the very least, Congress should not provide greater surveillance authority than that which the intelligence community and the President have said they need in order to transition away from the current bulk collection of CDRs. Therefore, to that end, (1) the Senate should clarify that the new authority for prospective collection of CDRs cannot be used to collect data three or more hops away from a target, by clarifying that the only “direct connection” justifying a first hop is a direct communication between the first device or account and the second, rather than, e.g., two devices being in close proximity to each other for a certain amount of time, or a phone number being found in another device’s contact list. Furthermore, (2) the new CDR authority should be limited to counterterrorism by codifying the current requirement that the government’s queries of call detail records collected in bulk are based on a reasonable articulable suspicion that the target is linked to a terrorist organization.[12] Additionally, the Senate should (3) ensure that there is no relaxation of current limits on data retention or dissemination; and (4) codify the current 90 day limit on the FISC’s CDR orders.

In addition to these six concerns, there are a number of issues of great importance to our community that should be considered by Congress. We recognize that these issues may not be addressed in this legislation, but believe Congress must address them in some fashion in order to restore Americans’ trust in our government and the trust of people worldwide in the US technology industry. In particular, consistent with US leadership in promoting global Internet freedom, we urge Congress to respect the privacy rights of innocent people outside the United States, who have rights to privacy and free expression under international human rights law. We urge Congress to consider the ramifications of the NSA’s efforts to undermine international encryption standards, which leave all Internet users less secure. We urge Congress to correct the “backdoor search loophole” in Section 702, under which the NSA searches its databases for information on Americans, even when that data was collected incidentally. And finally, we urge Congress to avoid any form of mandatory data retention regime, which would force U.S. telecom companies to retain and make available to the government data on their customers that they would not otherwise maintain. Any such mandate, in addition to creating unnecessary economic burdens and data security risks, would represent an unacceptable threat to privacy and civil liberties and would face the strongest possible opposition from our community as well as the opposition of the Internet and telecommunications industries.

Our community is gravely concerned about the dangerously broad reach of the National Security Agency’s surveillance programs. We believe that strong legislation can effectively address our concerns and we are committed to supporting Congress in passing such legislation, but we will be forced to oppose any bill that is not a substantial improvement over the version of the USA FREEDOM Act that was passed in the House.

Thank you for your consideration,

Access

Advocacy for Principled Action in Government

American Association of Law Libraries

American Booksellers Foundation for Free Expression

American Civil Liberties Union

American Library Association

Amicus

Antiwar.com

Association of Research Libraries

Brennan Center for Justice

Center for Democracy & Technology

Competitive Enterprise Institute

Council on American-Islamic Relations (CAIR)

Defending Dissent Foundation

Demand Progress

DownsizeDC.org, Inc.

Electronic Frontier Foundation

Fight for the Future

Free Press Action Fund

Freedom of the Press Foundation

Government Accountability Project

Human Rights Watch

Liberty Coalition

National Association of Criminal Defense Lawyers

National Security Counselors

New America Foundation’s Open Technology Institute

OpenMedia.org

OpenTheGovernment.org

PEN American Center

Project on Government Oversight (POGO)

Reddit

Restore the Fourth

Rutherford Institute

Student Net Alliance

The Sunlight Foundation

TechFreedom

ThoughtWorks

World Privacy Forum

[1] Letter from coalition of privacy organizations, to Senate Leadership, and the Chairmen and Ranking Members of the Senate Judiciary Committee and the Senate Select Committee on Intelligence (June 4, 2014) (on file with author), available at https://www.aclu.org/sites/default/files/assets/coalition_letter_regarding_usa_freedom_act_06_04_14.pdf.

[2] USA FREEDOM Act (H.R. 3361): Hearing Before the Senate Select Committee on Intelligence, 113th Cong. (2014) (statement of Harley Geiger, Senior Counsel and Deputy Director of Project on Freedom, Security and Technology, Center for Democracy & Technology, Pg. 6-7), available athttp://www.intelligence.senate.gov/140605/geiger.pdf.

[3] S. 1599, Sec. 601(e).

[4] H.R. 3361, as engrossed, Sec. 604(b)(2).

[5] Letter from coalition of privacy and advocacy organizations and companies, to Representatives John Boehner, Eric Cantor, et. al (May 14, 2014) (on file with author), available athttps://d1ovv0c9tw0h0c.cloudfront.net/files/2014/05/Letter-re-USA-FREEDOM-Rules-Floor-Amendments-051414.pdf.

[6] H.R. 3361, as reported, Sec. 604.

[7] See, e.g., Statement of Brad Wiegmann, Public Hearing Regarding the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (March 19, 2014), available at http://www.pclob.gov/Library/Meetings-Events/2014-March-19-Public-Hearing/19-March- 2014_Public_Hearing_Transcript.pdf.

[8] S. 1599, Sec. 401.

[9] H.R. 3361, as engrossed, Sec. 401.

[10] H.R. 3361, as reported, Sec. 402.

[11] H.R. 3361, as engrossed, Sec. 605.

[12] Press Release, Office of Dir. of National Intelligence, Joint Statement by Director of National Intelligence James Clapper and Attorney General Eric Holder on the Declassification of Additional Documents Regarding Collection Under Section 501 of the Foreign Intelligence Surveillance Act (Feb. 12, 2014) (on file with author), available at http://www.dni.gov/index.php/newsroom/press-releases/198-press-releases-2014/1018-joint-statement-by-director-of-national-intelligence-james-clapper-and-attorney-general-eric-holder-on-the-declassification-of-additional-documents-regarding-collection-under-section-501-of-the-foreign-intelligence-surveillance-act.