Congress's Orwellian spying "reforms": Why the government wants to outsource its surveillance to your Internet provider

Edward who?

Published April 30, 2015 5:13PM (EDT)

        (<a href='http://www.shutterstock.com/gallery-559861p1.html'>nenetus</a>, <a href='http://www.shutterstock.com/gallery-84025p1.html'>Mopic</a> via <a href='http://www.shutterstock.com/'>Shutterstock</a>/Salon)
(nenetus, Mopic via Shutterstock/Salon)

Almost two years after publication of the first documents leaked by Edward Snowden, the House Judiciary Committee (HJC) has taken up a bill that purports to end one of the most widely reported abuses he exposed: the government's secret collection of all the records of phone calls Americans make on a daily basis. Today, HJC will consider the USA Freedom Act, which would finally get the government out of holding the phone records of some significant subset of Americans.

Support for the bill is even more fragmented than it was last year, when it fell two votes short of consideration in the Senate. A number of civil liberties groups -- including the ACLU, as well as grassroots groups, and former NSA whistleblowers -- oppose the bill as an inadequate solution to the government's spying. On the right, Senate Majority Leader Mitch McConnell has introduced a straight reauthorization of the expiring provisions of the PATRIOT Act until next decade. Nevertheless, amid urgent calls to do something before the provision expires in a month, the bill is the most likely resolution of this impasse.

Yet amid all the horserace discussion about what legislation will pass Congress, almost no one has reported on what the government actually plans to do to replace the phone dragnet incorporating the call records of every American. As much as supporters pitch this bill as a replacement for an abusive dragnet, it is also a replacement for an approach to spying made outdated by our media habits.

The problem is, we don't make all that many phone calls anymore.

Oh, sure, most of us still have things that we call "phones," and we use them to contact other people more or less often. Fewer and fewer of those phones are plugged into the wall and most of them are actually computers that carry voice and even video messages, have keyboards to send texts or chats, and also take pictures and provide directions.

Potential terror suspects and their co-conspirators, friends and family (along with the rest of us) communicate using all of these tools -- actual phone calls, though often carried over the Internet as opposed to a phone company's lines, chats, texts, Tweets, Facebook comments, and even comments on other Internet sites. Plus, those computer-phones provide terrorist investigators other useful information, such as online history, photographs, and location. All of those, for example, were entered as evidence in the trial of Boston Marathon defendant Dzhokhar Tsarnaev; and for a time, his actual phone service got shut down and he communicated (including with his brother Tamerlan) via Skype.

So, in spite of FBI claims that the Section 215 phone dragnet, exposed less than two months after the Boston Marathon, helped them investigate the attack, the Tsarnaev trial exposes how limited a dragnet that collects only phone calls carried by telecoms would in hunting terrorists.

But the alternative -- the alternative the government would like to adopt with USA Freedom Act -- may be problematic for other reasons.

For over a year, witness after witness gave testimony to Congress saying the government wants records of who suspected terrorists call and who those people called -- "contact chaining," the witnesses called it. But in fact, court documents show the government started calling this "contact or connection chaining" over a year ago. (Note the additional word, "connection.") And during last year's debate over USA Freedom Act, the government ditched "contact chaining"altogether and adopted "connection chaining," without explaining what that meant.

This version of the USA Freedom Act finally explains what the government actually intends to do with the requests it sends providers, who will have expansive legal immunity to provide whatever the government asks for. The government can obtain one round  of "call detail records" -- which aren't allowed to include certain things, like location data, and which must include other things like a specific identifier for someone's handset or phone account. But the government can also ask providers to chain on one round of "session identifying information" that doesn't have those restrictions.

Location data and the "cookies" that track a user's web behavior across sites are both session-identifying information. A lot of other things might be too -- if the government got to make their case in secret, as they will. If the government doesn't claim a national security exception they have already claimed covering this issue, they would have to reveal the arguments they're making about session-identifying information under transparency provisions of the bill.  Some of that might be necessary to get online chats, for example. Sometimes not. But accessing, via providers, broadly defined session-identifier information is far more intrusive than simply handing over records of phone calls made.

Without more limiting language, then, this bill would permit the government to require providers to give analysis based on the session-identifying information from people's smart phones, with very little oversight, and with only a reasonable suspicion (not probable cause) standard that the person in question has ties to terrorism. It would permit that, even after the Supreme Court ruled the government needs a warrant before it can search people's smart phone.

Maybe that's why the immunity in this bill is so expansive?

Though to be clear: The government would not be conducting this "connection chaining"; immunized providers would be. The government would just get a list of device identifiers of who had come up as a result of this chaining.

There is good reason for the government to want to collect some data from the phone-computer activity of suspected terrorists. But the Supreme Court has already said the government can't search smart phones based on a traffic-stop level of suspicion, which is the same level of proof required here. Effectively, by outsourcing the spying to providers, the government aims to evade that law to monitor people who have only tenuous ties to terrorism, and do so with none of the checks against abuse such spying would get in a criminal context.

The government has finally hinted at what it plans to do instead of conducting an equally unconstitutional dragnet that aspired to cover all Americans. It solves one big problem. But how many new abuses is it creating?


By Marcy Wheeler

Marcy Wheeler writes at EmptyWheel.net and is the author of "Anatomy of Deceit."

MORE FROM Marcy Wheeler


Related Topics ------------------------------------------

Edward Snowden Government Surveillance Spying Terrorism Usa Freedom Act War On Terror