Privacy advocates everywhere are celebrating. The passage of the USA Freedom Act by the Senate and the signing by the President mean that there will be changes to the way the intelligence community collects phone data and the way the Foreign Intelligence Surveillance Court works— eventually.
But now, right after the bill has passed into law, nothing much has changed at all. The government has six months to figure out how to wrap up the process of collecting and storing phone metadata.
In addition, the phone companies involved, which means nearly all U.S. phone companies, will be required to store that metadata and to make it available to the intelligence services if served with a warrant requiring it.
Unfortunately, it only applies to phone metadata. That metadata can give a good picture of who you call and for how long. If it’s analyzed it provides a good picture of your relationships with others and in turn their relationships with even larger groups. But that’s all you get with the metadata. There’s no question that it invades your privacy if used indiscriminately. But despite everything, it still doesn’t show what you actually said.
Another major provision is that the FISC will have to declassify some of its decisions. Exactly how that will work and which decisions will have to be declassified has yet to be determined. Even if the court embraces openness, it will take a while, perhaps a year or two, for it to determine rules and procedures.
But in reality, the whole fuss about Section 215 of the Patriot Act, which the USA Freedom Act revised, is far from the only means that the government has to search at will through your business and your personal life. For example, there are the rarely-discussed National Security Letters (NSL), which allow the FBI to demand access to your communications and financial data with no judicial review at all.
In fact, all that’s required for the FBI (or another intelligence agency) to go search your records is a letter from the supervising agent in charge of your FBI office. Because NSLs don’t require a warrant or anything else, they aren’t subject to even the lenient standards of the FISC.
Compounding the issue is the gag order that goes along with an NSL, which prevents the companies being served with one from telling anyone about it. Those orders are usually perpetual, which means that they can never be revealed.
By now you’re probably asking yourself whether this violates a number of Constitutional protections, such as those found in the First and Fourth Amendments.
After Freedom Act Vote Much Must Be Done to Restore Data Privacy
The answer is that decisions by U.S. District Courts have found that they do, and they’ve declared the NSL gag orders to be unconstitutional along with the lack of judicial review. So far, the court orders have been ignored.
Continuing the trip down Alice’s rabbit hole, it’s important to remember that hidden within Section 215 of the Patriot Act is something called the “Grandfather Clause,” which allows the continued collection of data for any continuing investigation as long as it was begun before the termination date.
Considering the vast number of investigations, some of them very broad, it’s possible that the government can simply use that authority to keep collecting the data it has been collecting, basically forever.
Fortunately the White House, in an effort to encourage the Senate to vote on the USA Freedom Act, said that it wouldn’t invoke the Section 215 Grandfather Clause. The idea here was that Senate Majority Leader McConnell couldn’t rest on the idea that collection would continue even if the law expired.
So right now we’re left with what can best be described as a positive sign. It’s clear that the law is changing and that eventually, your electronic communications won’t be subject to the indiscriminate bulk collection of metadata. But so much else hasn’t changed that it’s difficult to see how this actually changes the position of technology companies in the US.
The over-reach of the intelligence services into commerce that was made distressingly clear in the revelations of former NSA contractor Edward Snowden wasn’t just about phone metadata and in any case, that’s not the issue that’s costing U.S. companies the ability to compete in a global market.
What’s really hurting U.S. technology companies is the seeming insatiability of U.S. intelligence services for data on anything they wish. This was made very clear by the U.S. Justice Department’s continuing legal action trying to force Microsoft into revealing emails belonging to a European national that are stored on a server in Europe, without going through the existing treaties.
As long as the U.S. government rides roughshod over the privacy and the rights of citizens with data collection processes that violate U.S. and international law without consequence, it’s hard to see how technology companies will ever be able to freely compete. And this is very much a competition issue. Walk through a major city in Europe and the billboards are everywhere telling companies that they can’t trust U.S. providers of IT products and services to respect their privacy or their business information.
Of course, the U.S. government isn’t the only nation state trying to rifle through the private data of citizens and corporations, but in this case it’s doing it to its own citizens and its own companies.