By Mike Masnick | Techdirt | April 1, 2014
Now that people have had a chance to go through the proposal by Reps. Mike Rogers and Dutch Ruppersberger to “stop” the bulk phone record collection under Section 215 of the Patriot Act, they’re finding more and more things to be concerned about. We had noted some potential easter eggs in there for law enforcement, but the deeper people look, the worse it gets. Trevor Timm notes that the bill is really a trojan horse to expand surveillance capabilities, while pretending to end them.
Curiously, a large majority of the House bill focuses on new ways for the government to collect data from “electronic communications service providers” – also known as the internet companies. Why is a bill that’s supposedly about ending bulk collection of phone-call data focused on more collection of data from internet companies?
From there, we turn to Julian Sanchez, who has given one of the most thorough explanations of what’s actually in the bill, noting that it fails to really end the bulk collection of phone records while also potentially massively expanding other surveillance capabilities.
First, the HPSCI bill’s seemingly broad prohibition on bulk collection turns out to be riddled with ambiguities and potential loopholes. The fuzzy definition of “specific identifiers” leaves the door open to collection that’s extremely broad even if not completely indiscriminate. Because the provision dealing with “call detail records” applies only to §:215 and the provision dealing with “electronic communications records” excludes telephony records, the law does not bar the bulk collection of telephony records under FISA provisions other than §215. The prohibition on non-specific acquisition of other communications “records” probably does not preclude bulk collection under the FISA pen register provision that was previously used for the NSA Internet metadata dragnet. And, of course, none of these prohibitions apply to National Security Letters. If the government wanted to keep collecting metadata in bulk, it would have plenty of ways to do so within the parameters of this statute given a modicum of creative lawyering—at least if the FISC were to continue being as accommodating as it has been in the past.
Second, something like the novel authority created here may well be necessary to enable fast and flexible acquisition of targeted records without dragnet collection. However, once we get down to details—and even leaving aside the question of ex-post versus ex-ante judicial approval—this authority is in some respects broader than either the current §215 telephony program, the president’s proposal, or the pre-Snowden understanding of the FISA business records authority. Critically, it eliminates the required link to a predicated investigation—which, in the case of U.S. persons, must be for counterterror or counterespionage purposes.
In other words, this appears to be a superficial attempt to end bulk collection “under this program,” while at the same time knocking down a bunch of barriers to much broader bulk collection under other authorities, with less oversight and fewer ways to push back against abuse. Did anyone really expect anything different from the NSA’s two biggest defenders in the House?