Congress took on dual issues of Fourth Amendment and privacy rights in a bill meant to reform the Patriot Act to end the authority of NSA’s phone recording program, as well as, reform the FISA process, addressing the problems revealed by Justice Department Inspector General Michael Horowitz last fall.
The Safeguarding Americans’ Private Records Act “addresses two issues of concern – the Fourth Amendment rights embedded in the Constitution and the increasing level of awareness of the need for protection of the privacy rights of the individual, a very 21st Century issue,” said Steve Durbin, managing director of the Information Security Forum. “The challenge for us all both inside and outside of government is how to balance the rights of the individual in an increasingly cyber-enabled world in which cybercrime is becoming the norm with the needs of law enforcement to gather material for the protection of us all.”
The legislation proposes to prohibit warrantless collection of cell site location and GPS data, browsing history and internet search history. It prevents the government from collecting information “for intelligence purposes that would violate the Fourth Amendment in the criminal context,” eliminates what was considered a vague “relevance” standard that the government used to justify bulk collection, puts a three-year limit on retaining” information that is not foreign intelligence or evidence of a crime and permits the FISA Court to review compliance with minimization procedures,” according to a release summarizing the bill.
It also takes aim at the FISA process by giving amici curiae a more independent role, the release said, “granting them access to every opinion, transcript, pleading or other document of the FISA Court and the FISA Court of Review, and permitting them to raise any issues of concern with the Court.”
The debate over how to balance “handing powers to the authorities to protect its citizens whilst also ensuring the protection of the individual’s right to privacy” has persisted, Durbin noted.
“The answer, as embodied in other legislation such as the European GDPR for instance, would seem to be that any such collection should only be for specified, explicit and legitimate purposes and limited to what is necessary as defined by the courts and that the data once collected should not be stored for longer than is necessary,” he said, though he doesn’t see a “near term end to the ongoing debate over the concern with the gathering and processing of personal information whether it be through surveillance programmes such as that undertaken by the NSA or indeed more recently by other authorities around the world via facial recognition systems for example.”
The bill also expands oversight and accountability, creating new public reporting requirements to reveal the number of Americans whose data the government has collected under Section 215 of the Patriot Act as well as the number of information searches under Sections 215 and 702. “The bill requires the Inspector General to conduct an investigation into the use of First Amendment-protected activities as well as race, ethnicity, national origin and religious affiliation to support Section 215 applications,” the release said, further requiring an IG to probe “whether ‘roving wiretap’ authorities have been used to conduct surveillance of non-targeted individuals.”
National Security Letters would for the first time get “serious oversight” and the bill closes “secret law loopholes” that had previously allowed government to “secretly conduct surveillance entirely outside the publicly understood FISA process.” FISA would then be the only means to collect communications records to be used for intelligence purposes.
“Transparency and oversight are fundamental requirements and this Bill is at least an attempt, on a bi-partisan basis, to address what will be an ongoing challenge in our increasingly cyber-enabled world,” Durbin said.
“These are important steps towards protecting the civil liberties and Fourth Amendment rights of citizens,” agreed Jack Mannino, CEO at nVisium. “Intelligence agencies do important work, and it’s necessary for them to be able to do their jobs, while preserving legal and moral boundaries.”
Laws to protect internet privacy, like the one passed by California, are on the uptick as consumers and lawmakers alike to favor greater oversight and transparency. “Overreaching surveillance erodes trust in the systems we use and our expectation of privacy,” said Mannino.