The newly-introduced bill targets the Patriot Act’s Section 215, previously used by the U.S. government to collect telephone data from millions of Americans.

A newly-introduced bill is proposing sweeping privacy reforms to a controversial government surveillance program, which has been previously used by the National Security Agency (NSA) to vacuum up the call records of millions of Americans.

The “Safeguarding Americans’ Private Records Act” was introduced Thursday by Sen. Ron Wyden (D-OR) and Sen. Steve Daines (R-MT). In particular the bill sharply curtails the Section 215 of the Patriot Act, which gives the government broad power to ask businesses for their records relating to someone who might be involved in terrorism.

The bill closes loopholes in vague language used by Section 215 for justifying mass surveillance sans warrant. For instance, while Section 215 originally stated that the government could collect telephone data if it was deemed “relevant” to an international terrorism, the bill cracks down on that broad language by limiting the types of criminal cases that are “relevant.” It also specifies how long data that’s been collected can be retained for and includes measures for more transparency around government data collection.

“The bill ends the authority for the NSA’s massive phone record program… It prohibits the warrantless collection of cell site location and GPS information as well as browsing history and internet search history, and ensures that the government cannot conduct collection for intelligence purposes that would violate the Fourth Amendment in the criminal context,” said Wyden in his introduction to the act.

I just introduced bipartisan legislation to formally end the NSA’s phone surveillance program and overhaul collection of Americans’ private records to protect constitutional rights. Liberty and security aren’t mutually exclusive. — Ron Wyden (@RonWyden) January 23, 2020

Privacy advocates have argued Section 215 allows government agencies like the NSA to justify the collection of telephone data from U.S. citizens sans warrant – particularly after the 2013 Snowden leak revealed that the government had been collecting phone records of customers from phone companies, like Verizon.

Section 215 was renewed temporarily by the Obama administration in 2015 under the U.S.A. Freedom Act, but its March 15, 2020 expiration date is fast approaching – opening a door to propose reforms during the process of its renewal.

The Bill

For Section 215, Wyden and Daines’ bill specifically establishes a three-year limitation on retaining data that is not foreign intelligence or evidence of a crime, and limits the types of criminal cases in which Section 215 information can be used to only include counterterrorism and espionage. It also includes measures for increased transparency around the government’s usage of Section 215; for instance, introducing new public reporting requirements regarding the number of Americans whose information has been collected.

The bill also cracks down on the Foreign Intelligence Surveillance Court (FISA Court), a secretive court that oversees requests for surveillance warrants against foreign spies in the U.S., by expanding third-party, independent oversight of transcripts and documents used in the FISA Court.

On a related note, the bill mandates that the Inspector General to investigate “the use of First Amendment-protected activities as well as race, ethnicity, national origin and religious affiliation to support Section 215 applications,” and requires the government to justify gag orders (an order that a case may not be discussed in public) on companies that receive Section 215 orders.

“These are important steps toward protecting the civil liberties and Fourth Amendment rights of citizens,” Jack Mannino, CEO at nVisium, told Threatpost. “Intelligence agencies do important work, and it’s necessary for them to be able to do their jobs, while preserving legal and moral boundaries. States, such as California, have passed legislation to protect internet privacy, and other states are quickly moving in the same direction. Overreaching surveillance erodes trust in the systems we use and our expectation of privacy.”

Future Debate

Though the bill is being touted as bipartisan, it’s likely to face roadblocks in the coming year, particularly with Senate Majority Leader Mitch McConnell historically being a staunch defender of Section 215. However, privacy experts, such as Steve Durbin, managing director of the Information Security Forum, are applauding the bill.

“The bill addresses two issues of concern – the Fourth Amendment rights embedded in the Constitution and the increasing level of awareness of the need for protection of the privacy rights of the individual, a very 21st Century issue,” Durbin told Threatpost. “There must be a balance between handing powers to the authorities to protect its citizens whilst also ensuring the protection of the individual’s right to privacy. But what is the right balance and how do we achieve it? This debate has been ongoing for some time now and there is clearly a need to protect the rights of the individual around the collection, processing and storage of personal data.”