But if the FISA Improvements Act became law, Congress would be validating expansive powers that have been claimed by the NSA and upheld by a court — but never explicitly written into statute — to harvest the phone and e-mail records of millions of Americans, the advocates say.
“The bill that the intelligence committee voted on this week would expressly authorize this bulk collection for the first time, and that would be a huge step backward for the rights of law-abiding Americans,” said Sen. Ron Wyden (D-Ore.), one of four committee members who voted against moving the bill.
Committee Chairman Dianne Feinstein (D-Calif.), who cosponsored the 45-page bill with Vice Chairman Saxby Chambliss (R-Ga.), has said the phone records program is legal and that though they want to place some limits on it, she will do everything she can to prevent it from being halted.
Committee staff disputed the critics’ contention that the bill, which amends the “business records” provision of FISA, would authorize harvesting of e-mail metadata. That includes the “to” and “from” lines, date and time stamp, and file size. “We do not understand business records to include Internet metadata,” said a committee aide, who was not permitted to speak on the record.
“The committee neither intended to authorize nor prohibit e-mail records collection through this provision,” the aide said, but rather sought to focus on the phone records program, which collects phone numbers and call duration but not content. Authorizing e-mail metadata surveillance “is certainly not our intent.” And, he added, the committee is willing “to deal with this if it’s a problem as the bill moves forward.”
The NSA in 2011 halted a program to gather e-mail metadata in bulk because it was not operationally useful, officials have said, though it is possible the data are collected in other ways. In any case, Wyden and privacy advocates object to the codifying of the authority.
Several former senior Justice Department officials, who were not permitted by their current employers to speak on the record, said that e-mail metadata are clearly a business record. “It’s a classic business record,” one former official said. “It’s a record that’s created by the company for the purpose of providing a service. It’s not created at the request of law enforcement or the government.”
Another former official said Internet companies’ servers “create logs for security purposes and to detect fraud, so yes, business records comprised of Internet metadata are generated as part of the company’s ordinary course of business.” And, he added, “that would include Gmail or Hotmail or any of those services.”