Tag Archives: USA Freedom Act

OPM Breach, USA Freedom Act, Net Neutrality and Other Items

Several short items  – The battle over NSA spying is not over, the OPM breach is better or worse than we thought, The first ruling on net neutrality is here, Senator McConnell is trying to insert the cyber protection bill CISA inside the defense appropriations bill in a way that does not allow for debate.  Crazy Thursday.

First, The House voted today to defund two NSA backdoor spying programs that Rep. Thomas Massie (R-KY) said are worse than the NSA bulk data collection.  The NSA admitted that it sometimes spies on Americans communications under an authority that was intended to apply only to foreigners.  The amendment would require the NSA to get a warrant first.  The other amendment would block funds for NSA projects to build vulnerabilities INTO security products (see article).  These amendments to the NDAA are far from certain as there is a lot of mischief going on in the Capital over the NDAA.

The OPM is now saying that people’s SF-86 security questionnaires were not compromised in the breach.  However, AFGE union head David Cox wrote to the OPM saying that based on sketchy information released by the OPM, the target of the hackers was the central personnel repository database, which contains information on every federal employee, retiree and a million former employees.  Cox said that the data that the hackers stole included Social Security numbers, birthdays, addresses, military records, job and pay histories, and various insurance information, in addition to age, gender, and race data.  Since the OPM is being pretty quiet, we do not yet know the truth (see article).

The U.S. Court of Appeals for the D.C. Circuit has ruled against the telecom and cable companies to block the FCC plan to regulate Internet providers like other telecom carriers (the so called Title II classification).  The court did grant the request from both sides to expedite the hearing on the merits, but in the mean time, the rules go into effect on Friday, baring a ruling to the contrary from a higher court (see article).

Sen. Mitch McConnell is at it again.  This time he is trying to insert the long delayed cyber security bill known as CISA into the National Defense Authorization Act in a way that does not allow for debate or amendment.  The NDAA is a must pass bill, but President Obama has already said me may veto it for other reasons.  Adding other, totally unrelated bills into that bill will not improve its chances for passing.  McConnell says that because of the OPM breach, he is resorting to this strange approach.  The fact that CISA only applies to private companies, which does not include the OPM seems to make this argument misplaced (see article).  There are a number of Senators who are not happy with McConnell right now, so stay tuned.

ICANN, The organization that currently manages Internet names and numbers has been talking about giving up control, which currently rests with the Department of Commerce, to an independent international organization.  Some folks do not like the U.S. giving up power that it has over the Internet while others think it is a good idea.  In any case, ICANN said that there is no way it will be ready to do this by the September 30th target date.  September 30th is the end of the current existing contract between DoC and ICANN.  ICANN won’t even submit a proposal to the government on how this might work until mid October and who knows how long the evaluation process might take (see article).

Peter Swire Talks About What The USA Freedom Act Brings

Peter Swire, was a member of the President’s intelligence review team that was formed after the Snowden leaks.

Today he wrote a guest column for the International Association of Privacy Professionals on what the Act did and did not change.  The article is linked on the References page or you can go to it directly here.

While the Act did not restore privacy to everyone, it is a small step in the right direction.

 

Senate Passes USA Freedom Act

UPDATED: 02 Jun 2015 2216 EDT

The Senate, in a 67-32 vote, passed the same bill they were unable to pass before they went on vacation, restoring some of the expired provisions of the Patriot Act. The bill now goes to President Obama who said he would sign it.

Gone is the bulk collection of phone records, replaced with a much more targeted collection and added are changes to the super secret FISA court.

UPDATE:

President Obama has already signed the bill into law, just a few hours after the Senate passed it (see CNN article).

The fight over the bill came between the House Republicans who wanted to reign in the NSA and the Senate Republicans who wanted to actually give the NSA even more power.   Mitch McConnell, who led the fight in the Senate for more NSA powers wound up being the big loser in this case.  He got nothing that he fought for, had the NSA waste needless money winding down and starting back up their data collection operations and got the same bill approved that was handed to him weeks ago.

What does the USA Freedom Act provide?

First, it provides a six month transition period where business runs as usual – just like before Section 215 expired.  Sort of.

The NSA still needs to go back to the FISA court and ask permission to start collecting data again.  This would be a slam dunk if it were not for the decision from the Second Circuit Appeals court (see here) that ruled that what the NSA was doing did not comply with what Section 215 said – which is what some people have been saying since the fact that the NSA was doing this was revealed.  The decision of the appeals court is not binding on the FISA court, but if the NSA does start up the data collection again, the plaintiffs in that decision could ask the second circuit for a stay or they could go to the guys in the black robes in DC – the Supremes – and no, I don’t mean the musical group.

Ultimately, what the USA Freedom Act requires is that the NSA must ask the FISA court for a targeted warrant which will allow them to get the data they want from the phone companies.  This is dependent on whether or not the phone companies can show, in the next six months, that they can collect, store and produce the data requested by the NSA.  Otherwise, things stay as is.

Analysis of the details of the USA Freedom Act will no doubt take days or weeks, but one provision is clear – that the NSA has to request data for a specific person, organization or device and only if they convince the FISA court that the person is associated with a foreign power or terrorist group (see here).

The bill will also allow tech companies to talk more about how much data they are turning over, require the NSA to talk more about how much data they are collecting, allow civil liberty advocates to lobby the FISA court and require major decisions of the court to be declassified.