A U.S. House of Representatives committee has taken a major step toward outlawing the NSA's controversial bulk collection of telephone and other business records generated by U.S. residents.
The House Judiciary Committee on Wednesday voted 32-0 to approve an amended version of the USA Freedom Act, a bill that would require the National Security Agency to get case-by-case approval from the Foreign Intelligence Surveillance Court before collecting the telephone or business records of a U.S. resident. The committee's vote sends the bill to the House floor; a similar bill is awaiting action in the Senate Judiciary Committee.
The bill would limit the controversial bulk collection program by allowing the FBI, asking on behalf of the NSA, to request U.S. phone records from carriers only if there are "reasonable grounds" to believe that the information sought pertains to a foreign power, an agent of a foreign power, or a person in contact with a foreign power.
The bill is similar in some ways to NSA surveillance reforms proposed by President Barack Obama in January, but would write those reforms into law.
"The best course is to trust but codify," said Representative Bobby Scott, a Virginia Democrat. Scott was referencing former President Ronald Reagan's "trust but verify" quote about the former Soviet Union.
The USA Freedom Act, introduced last October, would prohibit bulk collection under the business-records provision of the Patriot Act, the law cited by NSA and Department of Justice officials as giving them authority for the telephone records collection program exposed by leaks from former NSA contractor Edward Snowden.
The bill would also prohibit bulk collection targeting U.S. residents in parts of another statute, the Foreign Intelligence Surveillance Act, which the NSA has used largely to target overseas communications. The bill would take the phone records database out of NSA control and leave the records with carriers.
The USA Freedom Act also establishes an office of special advocate to argue on behalf of privacy rights before the FISA Court.
Congress, in passing the Patriot Act following the Sept. 11, 2001, terrorist attacks on the U.S., never intended to allow the NSA to collect U.S. residents' data in bulk, said Representative Jim Sensenbrenner, a Wisconsin Republican and main author of the Patriot Act. The NSA and other U.S. agencies have stretched the wording in the Patriot Act, allowing the collection of business records relevant to an ongoing terrorist investigation to include broad ongoing collection, he said.
"The government has misapplied the law that has passed," he said. "In a feat of legal and verbal gymnastics, the administration convinced the FISA Court that because some records in the universe of every phone call Americans make or receive are relevant to counterterrorism, the entire universe of those calls must be relevant."
Since October, lawmakers have been working to iron out a compromise language that could gain broad support. Many digital rights and privacy groups have continued to support the compromise version of the bill, saying it will create basic privacy protections for U.S. residents.
The vote Wednesday shows strong bipartisan support for "real NSA reform," said Kevin Bankston, policy director of the New America Foundation's Open Technology Institute.
"This historic vote by the House Judiciary Committee to ban the government's bulk collection of any records -- telephone records, Internet records, financial records, or any others -- is a milestone in the push to rein in the NSA's surveillance authority," he said by email.
Bankston called on the House Intelligence Committee to abandon its "much weaker reform bill" and support the USA Freedom Act when it meets Thursday to consider its own bill. "It's time to put aside fake fixes and ban bulk collection for good," he said.
The USA Freedom Act has 149 sponsors in the 435-member House of Representatives.
The committee on Wednesday rejected several proposed amendments that would have made it more difficult for the NSA and FBI to collect business records. Representative Zoe Lofgren, a California Democrat, offered a half-dozen amendments, including one that would have required a higher legal standard for business records collection by forcing the FISA Court to find probable cause of a crime and issue a warrant before allowing collection.
Sensenbrenner and other committee members said Congress has never required a probable-cause standard for business records that don't include the content of suspects' communications.
The committee needs to look at the collection of big data and its impact on the privacy rights of U.S. residents, Lofgren said.
When Congress passed the Patriot Act in 2001, "big data did not exist in the same way that it does today," she said. "I do believe this committee and this Congress is going to have to come to grips with ... what it means for personal privacy in the digital age."
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is firstname.lastname@example.org.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.