The Thursday disclosure of a rife-for-abuse top-secret NSA program may have come too late to affect the recently concluded USA Freedom Act debate. But lawmakers are already suggesting that the new revelation about bulk collection activities will influence the next NSA fight on the horizon.
A joint-investigation by the New York Times and ProPublica revealed that the agency was using its internet dragnet capabilities to monitor IP addresses and computer code related to foreign hackers—a surveillance method that leaves Americans’ communications prone to exploitation by US spies.
Rep. Zoe Lofgren (D-Calif.) told The Guardian that the report “is an example of how the USA Freedom Act did not end bulk collection of communications and data.”
The USA Freedom Act infamously left untouched Section 702 of the Foreign Intelligence Surveillance Act. The statute is used primarily for foreign intelligence gathering, as its name would suggests, but the activities result in bulk collection of sensitive American data as well.
“This report shows why our efforts to reform Section 702 of the FISA Amendments Act are so urgent,” Rep. Lofgren added.
The NSA uses the law as cover for its “upstream collection” activities: the tapping into the worldwide network of fiber optic cables that serve as the backbone of the internet. The intercept can be configured to divert reams of information to databases, where it can be tasked by NSA analysts looking to exploit it for an advantage.
Documents provided by Snowden revealed in 2013 that the agency has the authority to dip into those data reserves, without a warrant, to also search for communications belonging to Americans—a practice that Sen. Ron Wyden (D-Ore.) has described as allowing “backdoor” domestic spying.
Thursday’s revelations about warrantless searches are bound to only exacerbate civil libertarians’ concerns, with news that the hacker-IP address dragnet is configured to collect cyber threat data, which can be difficult to identify as foreign or domestic.
ProPublica noted that since the program monitors data flowing to a hacker, it also involves copying information that hacker has stolen, which leaves vulnerable “significant volumes of Americans’ information—anything from private emails to trade secrets and business dealings.”
That, according to Rep. Lofgren, does more harm than good.
“Under this program victims of cybercrime are doubly harmed when their government collects and searches their private stolen communications and data,” she said.
The administration has provided mixed messages in the past about how Section 702 of FISA is used to combat hacking threats in addition to counterterrorism. On Wednesday, however, when asked about the latest NSA disclosure, White House spokesman Josh Earnest claimed that the FISA provision is “a tool our national security officials have found to be valuable in protecting the country from a variety of threats including cyber threats.”
The top Senate Democrat on law enforcement issues, Judiciary Committee chair Patrick Leahy (D-Vt.), offered a less glowing review.
“Today’s report that the NSA has expanded its warrantless surveillance of Internet traffic underscores the critical importance of placing reasonable and commonsense limits on government surveillance in order to protect the privacy of Americans,” he said in a press release sent late Thursday afternoon.
“I have always believed and said that more reforms are needed,” said the Senator, a cosponsor of the USA Freedom Act.
The first incarnation of that bill—introduced by Sen. Leahy in October 2013—included restrictions on how the NSA could use Section 702 of FISA. There were, however, exemptions to those restrictions in cases of international terrorism and arms proliferation. .
That language was stripped out, however, at the behest of the administration and NSA sympathizers, long before the reform bill received serious consideration in both chambers of Congress.
It’s likely to be revisited in 2017, when the authority is set to expire—just as sunsets to provisions of the Patriot Act proved useful to reformers in Congress who were able to restrict at least some of the NSA’s ability to directly collect vast records about Americans’ phone calls.