Today, Access joined a coalition of dozens of civil society organizations, trade associations, and companies demanding an end to bulk surveillance activities conducted by the government under provisions in the USA PATRIOT Act.
On June 1, 2015, certain surveillance laws are scheduled to expire unless they are explicitly reauthorized by Congress. The letter makes it clear that these authorities cannot be renewed without strong, meaningful reform to prevent overbroad government collection of user data:
Together, we agree that the following elements are essential to any legislative or Administration effort to reform our nation’s surveillance laws:
- There must be a clear, strong, and effective end to bulk collection practices under the USA PATRIOT Act, including under the Section 215 records authority and the Section 214 authority regarding pen registers and trap & trace devices. Any collection that does occur under those authorities should have appropriate safeguards in place to protect privacy and users’ rights.
- The bill must contain transparency and accountability mechanisms in place for both government and company reporting, as well as an appropriate declassification regime for Foreign Intelligence Surveillance Court decisions.
Further, the letter also urges against other harmful mandates.
It is our view that meaningful reform must not include provisions on data retention or mandated back doors or vulnerabilities in products or services, and it must respect the rights of all users.
Bulk Collection of User Data
The U.S. government’s program to indiscriminately collect and store the telephone metadata of all phone calls that touch the United States was first revealed by the Guardian on June 5, 2013. Since then, the program has been denounced by civil society, corporate representatives, and by millions of individuals worldwide. Two independent government oversight bodies – the President’s Review Group and the Privacy and Civil Liberties Oversight Board – have called for an end to the program. Additionally, one federal district court has held that the program is unconstitutional, and cases are pending in several jurisdictions challenging its validity.
Perhaps most notably, President Obama, the intelligence agencies, and leading members of Congress (including the primary sponsors of the PATRIOT Act) have supported reform proposals for the law under which the program operates – Section 215 of the USA PATRIOT Act. Despite all this, Congress has so far failed to pass a meaningful reform package that would end either this bulk collection program or any others like it that are still operating in secrecy.
Today’s letter calls for “a clear, strong, and effective end to bulk collection practices under the USA PATRIOT Act.” This encompasses not only Section 215, but also Section 214, the provision under which the National Security Agency had previously been collecting users’ internet browsing habits in bulk. While the internet metadata program was purportedly discontinued some years ago, the choice was voluntary and could be easily reversed without any public notice. An end to bulk collection under both of these authorities is necessary in order to ensure that hundreds of millions of innocent users aren’t caught in a surveillance dragnet that would provide the government a continuing series of snapshots of the most intimate details of their private lives. It is hard to see how such a program can exist in a democratic government – it must end now.
Transparency and Accountability
On President Obama’s first day in office he issued a memorandum calling for “an unprecedented level of openness in government.” Despite this promise, his administration’s record on transparency over his tenure has been demonstrably less than stellar. The intelligence community has operated under an ever-decreasing amount of public oversight, with secret programs operating pursuant to secret legal interpretations, and approved by a secret foreign intelligence court.
It is only through adequate transparency that the administration and federal agencies can demonstrate that they are not abusing the human rights of users, and can start to rebuild the trust of the public. This means, at a minimum, that a robust mechanism must be put into place in the Foreign Intelligence Surveillance Court to oversee government applications for user data and argue in the defense of public interest; that any court opinion that modifies or interprets the law should be published; and that meaningful statistics should be published by the government (and publishable by the corporate sector) concerning the number of court orders sought, targets impacted, and rights violations that occur. These statistics should be sufficiently granular to actually impart information and not to obfuscate broad surveillance practices.
Finally, while intelligence agencies like the Office of the Director of National Intelligence and the NSA have established privacy offices to oversee civil liberties, those offices should be statutorily empowered with additional responsibilities and authorities to ensure that they are acting meaningfully in the interest of users and do not become captured by the interests of the agencies in which they are housed.
Further Reforms Necessary
In addition to the reforms discussed above, the coalition also urged against any package that contained new mandates. Reform legislation cannot create new obligations for companies or users that would further damage human rights or that would undermine the reform sought to be achieved.
One such mandate that may come up in discussion is data retention – the requirement that companies keep user data longer than they would otherwise need to in the legitimate course of business. As Access has explained, data retention policies create chilling effects, threaten user privacy, and increase the risk to data by undermining proper digital security practices.
Legislation also must not require any new programs that compel providers to provide government agencies with untargeted or unnecessary user data, or that compel providers to build in vulnerabilities to products or services (or otherwise create requirements that technologies are less secure than they can be.)
Finally, since the internet is a global tool and surveillance is a global problem, the U.S. must end its policies of treating innocent users outside of the country as suspects. We must respect the ability for users both inside and outside the United States to protect their communications and commit ourselves to laws that would mean (at least in regard to U.S. government practices) that users never operate under a false sense of digital security.
Without Reform, Surveillance Laws Must Sunset
With less than 80 days until the expiration of certain provisions of the USA PATRIOT Act, including Section 215, Congress must move quickly to introduce and pass adequate reform legislation. If sufficient reform cannot be passed, or if a good bill is watered down as it moves through the legislative process, then we must call on Congress to allow these provisions to sunset without any reauthorization.
Any congressional reauthorization of these provisions without adequate reform flies in the face of the demands of this coalition and of the will and the rights of the public.