US legislators concerned about weaknesses in a major surveillance reform bill intend to insert an amendment barring the National Security Agency from weakening the encryption that many people rely on to keep their information secure online, or exploiting any internet security vulnerabilities it discovers.



Congresswoman Zoe Lofgren, a California Democrat, told the Guardian that she and a group of colleagues want to prevent the NSA from “utilizing discovered zero-day flaws,” or unfixed software security vulnerabilities, and entrench “the duty of the NSA and the government generally not to create them, nor to prolong the threat to the internet” by failing to warn about those vulnerabilities.



Since the discovery of the Heartbleed bug afflicting web and email servers, the NSA has faced suspicions that it has exploited the vulnerability, which the agency has strenuously denied. Beyond Heartbleed, documents from whistleblower Edward Snowden have revealed that the NSA has weakened online encryption, causing consternation among technology companies as well as privacy advocates.



Lofgren intends to attach the provision to the USA Freedom Act, increasingly the consensus bill to reform surveillance in the wake of the Edward Snowden disclosures. The bill, mostly favored by civil libertarians and expected to go for a vote on the House floor as early as next week, does not include language stopping the NSA from undermining encryption.



In an indication of the difficulty legislators will face in recasting the USA Freedom Act to better protect privacy, Lofgren conceded that attaching the provision will be difficult, as House legislators do not want to upset a tenuous deal on surveillance reform by adding to the bill. She is currently seeking a parliamentarian ruling on the “germaneness” of her online security amendment in order to make it difficult for opponents to exclude it from consideration on the floor.



Lofgren said she and other civil libertarian-minded lawmakers will have limited opportunities to add amendments to the bill, and so are prioritizing measures they believe stand the best chance of winning House support.



Lofgren said she thought those would most likely include a ban on the NSA searching through its foreign-focused communications content troves for Americans’ information without a warrant; clarifying a Patriot Act prohibition on collecting Americans’ phone calls and email content; and permitting more detailed transparency for telecoms and internet companies to disclose the sorts of national-security orders they receive from the government for their customers’ data.

The price of moving the bill through the House judiciary and intelligence committees was the loss of many of the provisions that made civil libertarians support the USA Freedom Act in the first place. Photo: Patrick Semansky/AP Photograph: Patrick Semansky/AP

Lofgren last week fought an unsuccessful battle in the judiciary committee to strengthen the bill’s privacy safeguards. After she failed, the committee approved the current version of the Act, 32-0, bringing a measure cherished by privacy advocates back from the dead and putting it on a fast track to becoming law. Lofgren, who considers the bill an improvement on the status quo, voted for it.



But the price of moving the bill through the House judiciary and intelligence committees was the loss of many of the provisions that made civil libertarians support the USA Freedom Act in the first place.



The bill has been pitched as ending bulk domestic surveillance. But as it is now written, the government would, pending the approval of a secret court, be able to access phone records of people up to two degrees of separation from someone “reasonably” suspected of links to an agent of a foreign power, without a tie to an active counterterrorism investigation required. Thousands and potentially millions of records – from as many people – could be acquired through a single court order.



Lofgren, in debate with her colleagues last week, attempted to move the USA Freedom Act closer to its civil libertarian origins. She tried to make probable cause the standard for most data acquisition; to restore a major provision barring the NSA from sifting through its foreign-focused content troves for Americans’ information without a warrant; to constrain the intentional collection of Americans’ communications to the targets of active investigations; and to restrict the kinds of intelligence the NSA can collect to information relevant to threats the US faces.



All those efforts failed. Lofgren also agreed to withdraw an amendment that would explicitly bar the NSA from collecting the contents of Americans’ communications, something the agency insists it does not do under the Patriot Act. Lofgren called her amendment necessary to rectify a “clerical error” in the revised USA Freedom Act – which modifies the Patriot Act – but backed down after the judiciary committee chairman, Republican Bob Goodlatte of Virginia, agreed to work on a fix.



In an interview Monday, Lofgren said she was not asked to withdraw the amendment, but was aware of the precariousness of the congressional deal that had revived the USA Freedom Act and did not want to put allies in a difficult spot.



“Both the Republicans and Democrats had reached agreement with HPSCI [the House intelligence committee] on what the content was going to be, and didn’t want to blow up that agreement by making changes in it. I understand that. I’ve been in Congress a while,” she said.



Thanks to that deal, the USA Freedom Act’s civil libertarian backers in and outside Congress now give the bill qualified support. Several still consider it “probably the best we can do now,” as New York Democrat Jerrold Nadler put it last week.



“We’re very pleased that the judiciary and intelligence committees have moved reform legislation,” said Will Adams, the chief of staff for congressman Justin Amash, a Michigan Republican whose effort to rein in bulk domestic surveillance last year reshaped the Washington debate on the NSA’s powers.



“We’re looking at ways to improve the current bill, and we look forward to House floor consideration.”



Whether Amash and other legislators will have a chance to significantly revamp the USA Freedom Act during the floor debate depends significantly on the House leadership.



It is unclear how restrictive the process will be to add amendments to the USA Freedom Act when it reaches the House floor. Michael Steel, a spokesman for House speaker John Boehner, said the rules committee would decide what amendments would be allowed for consideration “shortly before the bill comes to the floor,” which is expected as early as next week.



“We’re not going to be given permission by Rules to offer a dozen amendments,” said Lofgren. “What we’re sorting through is what handful of items could we offer that Rules would permit that have the best chance of passing that would make the most difference. We’re going to be pragmatic.”



Before Snowden, the NSA relied on a secret interpretation of the Patriot Act to permit its collection of US phone data in bulk. Lofgren, who warned last week about the need for legislative precision on surveillance fixes, said the NSA was skilled at pressing its legal authorities to the outer limits.



“They abide by the law, but they also have good lawyers who will go to court and try to press the meaning of what we write to the maximum amount. And we should be mindful of that,” Lofgren said.

