NSA 'reform': Fewer phone records, but data flow continues

The NSA can no longer scoop up Americans' phone records, but it can continue to eavesdrop on our emails, video chats, and documents

NSA 'reform': Fewer phone records, but data flow continues
frederic.jacobs (CC BY 2.0)

No sooner had the NSA's bulk collection of phone records for millions of U.S. citizens come to an end, then members of Congress swung into action to dilute even that small step toward reform. Meanwhile, other programs that have much greater implications for privacy survive and thrive in the NSA's sprawling surveillance system.

The USA Freedom Act passed overwhelmingly in June, but its reform banning the NSA from scooping up more phone data only went into effect last weekend. Metadata already collected can be kept by the NSA until Feb. 29, and your phone data will continue to be collected by telecom companies, but the NSA must now go to the FISA (Foreign Intelligence Surveillance) court for permission to gain access. Documents leaked by Edward Snowden showed it was the secret FISA court that gave the NSA permission to indiscriminately collect Americans' phone records in the first place.

However, in another modest step toward reform, the USA Freedom Act also required FISA to become a little less secret. Some information about its rulings will be declassified, and in some cases outside bodies will be allowed to challenge its decisions.

Even this sliver of reform could be threatened, as a new bill introduced in the Senate this week aims to let the NSA continue to hold onto phone records it collected for another five years. It also would make permanent antiterrorist provisions criticized by civil rights groups, such as "lone wolf" and "roving wiretap" provisions of the USA Patriot Act that allow that NSA to get a warrant from FISA without naming the person tracked or proving he is part of a terror group.

Supporters say that in light of the recent Paris attacks, the NSA needs unfettered access to phone records, but the bipartisan Privacy and Civil Liberties Oversight Board found no evidence that bulk collection of records made a difference in the fight against terrorism. "We have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation," it reported.

Meanwhile, the NSA is still amassing vast amounts of personal data about U.S. citizens using programs that civil rights advocates find more troubling than its previous collection of phone metadata.

For one, the spy agency continues to harvest bulk communications from the Internet and social media under PRISM, which allows the NSA and FBI to tap into the servers of leading U.S. Internet companies like Microsoft, Google, and Facebook to extract audio and video chats, photographs, emails, documents, and connection logs, according to documents obtained by the Washington Post

PRISM records not only the fact a communication was sent, but also the contents of emails and chats. According to the Washington Post's source, they can "literally watch you as you type."

PRISM uses Section 702 of the FISA Amendments Act of 2008, which is not up for renewal until 2017, as the legal basis for its surveillance. Previously, section 702 was restricted to communications of foreign individuals. However, documents obtained last month by The New York Times show that the NSA gets around that restriction by simply using its overseas offices to do the collection, since domestic data is often found on fiber optic cables abroad.

The NSA is also leaning on Executive Order 12333, signed by Ronald Reagan in 1981 to authorize foreign intelligence investigations, as the basis for its domestic surveillance. Under the vague wording of 12333, "any information 'incidentally' collected during an intelligence gathering mission focused outside the US -- even if it's the entire email history of a Minnesota teen or every iCloud photo from a Chicagoan's iPhone -- is fair game," Gizmodo writes.

Although the focus in Congress has been on the collection of phone data, the Electronic Frontier Foundation seeks to challenge this ongoing surveillance. "Under [Section] 702, the government has siphoned communications directly from tech companies and the key infrastructure of the Internet and worse," the EFF writes. "Executive Order 12333 is supposed to protect Americans from Presidentially-directed spying; however, despite the protections, it is being used for mass spying that collects Americans' communications, address books, and other information."

The EFF also notes that not only does the FISA court provide little oversight, Congress is largely in the dark as well. "Members of Congress have repeatedly noted that it is incredibly difficult to get answers from the intelligence community.... As Senator Barbara Mikulski stated: 'Fully briefed doesn't mean that we know what's going on.'" 

Although the political atmosphere is less open to reform of the surveillance system since the Paris terrorist attacks, Sen. Ron Wyden told Gizmodo, "I will continue to push for reforms to section 702 of the Foreign Intelligence Surveillance Act -- like closing the backdoor searches loophole. And I believe Congress needs to take a hard look at collection conducted under Executive Order 12333 as well to ensure it is not abused to circumvent laws or violate Americans' civil liberties."

Copyright © 2015 IDG Communications, Inc.