But if the FISA Improvements Act became law, Congress would be validating expansive powers that have been claimed by the NSA and upheld by a court — but never explicitly written into statute — to harvest the phone and e-mail records of millions of Americans, the advocates say.
“The bill that the intelligence committee voted on this week would expressly authorize this bulk collection for the first time, and that would be a huge step backward for the rights of law-abiding Americans,” said Sen. Ron Wyden (D-Ore.), one of four committee members who voted against moving the bill.
Committee Chairman Dianne Feinstein (D-Calif.), who cosponsored the 45-page bill with Vice Chairman Saxby Chambliss (R-Ga.), has said the phone records program is legal and that though they want to place some limits on it, she will do everything she can to prevent it from being halted.
Committee staff disputed the critics’ contention that the bill, which amends the “business records” provision of FISA, would authorize harvesting of e-mail metadata. That includes the “to” and “from” lines, date and time stamp, and file size. “We do not understand business records to include Internet metadata,” said a committee aide, who was not permitted to speak on the record.
“The committee neither intended to authorize nor prohibit e-mail records collection through this provision,” the aide said, but rather sought to focus on the phone records program, which collects phone numbers and call duration but not content. Authorizing e-mail metadata surveillance “is certainly not our intent.” And, he added, the committee is willing “to deal with this if it’s a problem as the bill moves forward.”
The NSA in 2011 halted a program to gather e-mail metadata in bulk because it was not operationally useful, officials have said, though it is possible the data are collected in other ways. In any case, Wyden and privacy advocates object to the codifying of the authority.
Several former senior Justice Department officials, who were not permitted by their current employers to speak on the record, said that e-mail metadata are clearly a business record. “It’s a classic business record,” one former official said. “It’s a record that’s created by the company for the purpose of providing a service. It’s not created at the request of law enforcement or the government.”
Another former official said Internet companies’ servers “create logs for security purposes and to detect fraud, so yes, business records comprised of Internet metadata are generated as part of the company’s ordinary course of business.” And, he added, “that would include Gmail or Hotmail or any of those services.”
Wyden and privacy advocates are also concerned that the bill would place in statute authority for the NSA to search without a warrant for Americans’ e-mail and phone call content collected under a separate FISA surveillance program intended to target foreigners overseas. That is what Wyden has called a “backdoor search loophole.”
Aides note the bill restricts the queries to those meant to obtain foreign intelligence information. They say that there have been only a “small number” of such queries each year. Such searches are useful, for instance, if a tip arises that a terrorist group is plotting to kill or kidnap an American, officials have said.
Nonetheless, the bill’s language, privacy advocates said, leaves room for the FISA court, which oversees the NSA’s domestic surveillance, to interpret it expansively. They point as precedent to the recent revelation — following the leak of a classified court order by former NSA contractor Edward Snowden — that the court, which operates in secret, had authorized the sweeping phone records collection based on what they say is a bafflingly elastic reading of the underlying statute.
That statute — also known as Section 215 of the Patriot Act — requires that the records sought be “relevant” to an authorized foreign terrorism investigation. And the FISA court, it is now known, interpreted “relevant” to include all call logs held by U.S. phone companies, enabling the NSA to amass of billions of domestic phone records.
“The court accepted the NSA’s argument that all of the records qualified as relevant because a tiny fraction of them might prove to be relevant in the future,” said Elizabeth Goitein, co-director of the Brennan Center for Justice’s Liberty and National Security Program. “It turned what was supposed to be a limiting principle into a license to cast a dragnet.”
Moreover, the bill’s effort to impose limits could also have the unintended effect of enabling authorities not currently claimed by the government, they said. That is because the bill’s limits on bulk collection of “electronic communication records” could imply that no such conditions exist for mass collection of other types of records, such as tax or credit card records, they said.
“The best-case scenario is the bill locks in and authorizes the current conduct of the U.S. government,” said Julian Sanchez, a research fellow at the CATO Institute. “The worst-case scenario is it gives them an argument to expand the use of that authority.”
A competing version of reform legislation is pending in Congress. The USA Freedom Act, cosponsored by Sen. Patrick J. Leahy (D-Vt.), chairman of the Judiciary Committee, and Rep. F. James Sensenbrenner Jr. (R-Wis.), one of the original authors of the Patriot Act, would end the phone records program as part of a broader package of changes.
That bill has not yet been taken up by the Judiciary Committee. Senate leadership aides said it was too early to know when the Feinstein bill might receive floor consideration.