Thursday, October 26, 2017

As Congress mulls surveillance reforms, here are the good, bad, and ugly options

(Image: Wikimedia Commons)

With three surveillance bills and just two months to pass one of them, Congress is scrambling to try to keep the bulk of the US government's foreign surveillance powers alive past the new year.

It's the first opportunity for lawmakers to reform some of the government's foreign surveillance laws since the Edward Snowden revelations more than five years ago. These are the same laws that authorize the controversial PRISM program, which collects data from servers of internet giants, the massive bulk collection of internet traffic, and the government's computer and network hacking powers.

Although the programs are meant to target foreigners overseas, they also sweep up vast amounts of emails, text messages, and phone calls without a warrant from Americans, who are constitutionally protected from domestic surveillance.

Those programs were authorized under section 702 of the Foreign Intelligence Surveillance Act (FISA), a law that will expire on December 31 unless Congress reauthorizes the law or passes new legislation.

On one side, you've got the Trump administration and former intelligence chiefs all pushing for a clean reauthorization on a permanent basis. On the other, you've got several lawmakers who have vowed to fight the reauthorization until they learn how many Americans are swept up under existing surveillance powers.

Here's what you need to know.

THE GOOD: SWEEPING REFORMS AND GREATER PRIVACY

There is a "good" surveillance reform option -- so say the civil liberties lobby.

Introduced by Sens. Ron Wyden (D-OR) and Rand Paul (R-KY), the so-called USA RIGHTS Act would, if passed, be an unprecedented effort to scale back the overreach of the intelligence agencies while retaining much of their core powers.

Based on a detailed spreadsheet of each bill compiled by Marcy Wheeler, a national security blogger, the Wyden-Paul bipartisan bill would fix several loopholes that the government has exploited in recent years.

That includes "backdoor searches," which let the government search communications on Americans without a warrant because the intended targets were ostensibly foreign. The bill would nix "about" collection, a controversial practice that allowed the NSA to search data sent across fiber cables and phone companies where a target was simply mentioned (in some cases that included wholly domestic communications). The practice was later found to be unlawful.

Any data that was collected that implicated an American in a criminal matter will not be used, unless it relates to the NSA's foreign intelligence goals, such as countering terrorism and espionage, the bill says.

The bill would also ensure that the government cannot force a company to include backdoors or other technical demands without explaining the purpose specifically. Thia comes after the FBI pushed Apple to build a backdoor for an iPhone used by a terrorist. The government has also used FISA to force companies to turn over source code, which can be used to find vulnerabilities to enable covert surveillance.

The bill would also require the government to reveal how many Americans have been caught up by surveillance. (The government's spy chief has so far refused to say what the number is.)

And, the bill will extend the government's section 702 powers for four years until September 2021, while giving the government's privacy and civil liberties oversight body (PCLOB) a greater mandate and more powers.

In all, civil liberties and rights advocates have praised the effort. Demand Progress, a coalition of groups, said the draft bill is "the only legislation on the table that reigns in the government's surveillance abuses."

Other groups, like the Center for Democracy & Technology, said the bill found the balance between creating "stronger protections for the rights of American citizens while also allowing intelligence agencies to conduct targeted surveillance."

The ACLU and EFF both called on Congress to quickly enact the legislation.

THE BAD: A MIXED BAG OF HITS AND MISSES

The House Judiciary Committee released the USA Liberty Act earlier this month. Experts said it was a mixed bag of some wins but not enough reform was put forward.

The bipartisan bill, championed by committee chairman Reps. Bob Goodlatte (R-VA) and John Conyers (D-MI), will extend most of the existing section 702 provisions by six years, but doesn't do enough to curb the overreach and abuses by the intelligence agencies, according to the EFF.

The bill won't end backdoor searches, and won't actively stop the NSA from gathering Americans data in the first place. However, if passed, the bill will prevent the FBI and other agencies from searching the section 702 database without a warrant.

And while the bill doesn't do anything to increase transparency, the bill does bolster the PCLOB's oversight role, and asks for a number of how many Americans are caught up by the surveillance programs.

The chances are that the bill will be amended several times before it's passed to the floor to be voted on. That's where the EFF hopes that some more meaningful amendments will come forward, like the twice-passed Massie-Lofgren Amendment, which would require law enforcement agencies to show any collected data is relevant to an investigation.

"Congress still has time to get this right," said the EFF in a blog post. "We urge the Judiciary Committee members to make changes to the bill to address these shortcomings."

THE UGLY: 'PRISM' ON STEROIDS

Where the other bills aim to amend and rebuild the laws, the Senate Intelligence Committee's effort focuses almost entirely on a clean, near-unmodified reauthorization of the surveillance laws.

The bill would extend the surveillance powers by eight years -- until December 2025 -- and would for the most part codify existing powers into law, with some additions.

While FISA allows for data collected under section 702 to be used for countering terrorism and espionage, the bill would allow the government to use that data for eight additional purposes -- including kidnapping, serious bodily injury, and offenses against a minor.

Marcy Wheeler said those provisions in the Senate's proposal alone amounts to a "domestic spying bill."

The bill would also cover cybersecurity, including violations of US hacking laws -- which in their own right are vague and ill-defined. Several security researchers and experts, who are most affected by the laws, decried the move.

Wheeler added that the bill, if passed, would permit the NSA to collect Tor traffic as well as VPN traffic -- two techniques used to enhance privacy and anonymity online.

"In other words, what [the Senate's] bill does is affirmatively approve the use of Section 702 to collect Tor traffic and use it to prosecute a range of crimes, some of them potentially quite minor," said Wheeler in a blog post.

Besides that, there's no fix for backdoor searches, about collection will largely continue, and PCLOB effectively will no longer be an agency.

The clock is ticking. Even if the lawmakers run out of time, the NSA's spying won't just grind to a half if no new laws are passed by the new year; the government's spy programs are authorized on an annual basis.

It's too early to say which of the reform bills will garner the most support -- but it hard to see how none of the bills pass.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More



from Latest Topic for ZDNet in... http://ift.tt/2gNw6BJ

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.