A bipartisan coalition of 38 civil liberties and public interest organizations, including the Electronic Frontier Foundation, sent a letter to Congress yesterday that draws a line in the sand on NSA reform. The coalition made it clear that it cannot support the watered-down version of the USA FREEDOM Act passed in the House of Representatives without significant changes to the legislation, and outlined clear steps that Congress can take to address problems with the bill.

USA FREEDOM as it was originally introduced was a genuine step towards addressing out-of-control NSA spying. We had all along called it a floor, not a ceiling, for NSA reform. That’s why we weren’t happy to see it weakened considerably in rushed, closed-door proceedings. And the coalition agrees—the weakened House version contains fatal flaws:

Unless the version of the USA FREEDOM Act that the Senate considers contains substantial improvements over the House-passed version, we will be forced to oppose the bill that so many of us previously worked to advance.

Fortunately for Congress, the coalition letter explicitly listed the points the Senate must consider when it takes up USA FREEDOM.

First and foremost, whatever bill Congress passes must actually end bulk telephone records collection. The watered-down House version of USA FREEDOM may not actually accomplish that because of the overbroad and unclear wording in the bill. On this point the letter is clear (emphasis in original):

The primary stated purpose of the USA FREEDOM Act is to end bulk collection. If we are not confident that it will accomplish that goal, we will oppose it.

The coalition also addressed transparency issues, calling on the Senate to strengthen the reporting provisions of the bill, both for what the government must disclose and what companies can disclose. Additionally, as the coalition’s letter makes clear, the Foreign Intelligence Surveillance Court must also be more transparent. The letter called on the Senate to reinsert the original USA FREEDOM provision that created a privacy advocate in the Foreign Intelligence Surveillance Court (FISC) with the power to seek review by higher courts, rather than simply allowing the FISC to appoint "friends of the court" (something it already does). The letter also stated that the Senate should ensure that disclosures of FISC opinions “include certain baseline information that is necessary for conducting effective oversight…”

The NSA has (we believe incorrectly) interpreted Section 702 of the FISA Amendment Act to mean that it can collect communications that are “about” a target, even if the target is not a party to the communication. Unfortunately, the wording of the House's USA FREEDOM Act could be seen as codifying these about searches—something we’re particularly concerned about. The letter points out that the current wording of the House USA FREEDOM “requires the minimization of information ‘that is not to, from, or about the target of an acquisition,’” and that this language should be removed.

Finally, the letter calls for “strong minimization requirements for the FISA pen register and trap & trace surveillance authority” and “strict limits on the new call detail records (CDR) authority.”

USA FREEDOM has already had a hearing before the Senate Select Committee on Intelligence. However, it must go through the Judiciary Committee before it can move to the full Senate floor for a vote. While it is unclear how soon that will happen, Senator Leahy, the bill’s sponsor, stated in May: "I was disappointed that the legislation passed [in the House] does not include some of the meaningful reforms contained in the original USA FREEDOM Act. I will continue to push for these important reforms when the Senate Judiciary Committee considers the USA FREEDOM Act next month.”

That means there’s still time. Read the letter in full below and help defeat fake NSA reform by contacting your members of Congress today.

Full text of the open letter:

Dear Majority Leader Reid, Republican Leader McConnell, Chairmen Leahy and Feinstein, and Ranking Members Grassley and Chambliss:

The undersigned civil liberties, human rights, and other public interest organizations write about the USA FREEDOM Act (H.R. 3361 and S. 1599), a version of which passed in the House on May 22.

All of the undersigned organizations believed the original version of the USA FREEDOM Act introduced in both the House and the Senate was an important step towards comprehensive reform. However, we are deeply concerned about the changes that the House Rules Committee made to the bill prior to passage, which substantially weakened the version of the bill that had passed with unanimous support from both the House Judiciary and Intelligence Committees. As a result of that strong concern, many of the undersigned withdrew their support, as did half of the bill’s sponsors.

We are writing today as a community to plainly express our position that, unless the version of the USA FREEDOM Act that the Senate considers contains substantial improvements over the House-passed version, we will be forced to oppose the bill that so many of us previously worked to advance.

Various stakeholders in our community prioritize concerns with the House bill differently, and this `letter does not exhaustively catalogue every concern. Nor do we focus here on the fact that many potential pitfalls have not been fully explored, due to the rushed and closed-door nature of the bill’s drafting and approval in the House.[1] However, we all believe that the following six issues are of vital importance and urge you to make these substantial improvements to the bill:

1. Definitively end “bulk” collection. Although we appreciate Congress’ apparent intent to end indiscriminate, nationwide “bulk” collection such as the NSA’s current telephony metadata program, the House-passed bill may fall short of that goal. The bill’s overbroad and open-ended definition of “specific selection term” could abusively be read to authorize collection of the records of thousands or millions of innocent Americans. For example, it could conceivably allow the use of a selection term as broad as a zip code, all of the gmail.com Internet domain, or all of Verizon’s premises. We believe that this definition must be narrowed in order to definitively end and prevent surveillance dragnets. We also believe that USA FREEDOM should include new procedures to minimize the acquisition and prohibit the retention and dissemination of non-public information about individuals unconnected to investigations or foreign powers.[2] The primary stated purpose of the USA FREEDOM Act is to end bulk collection. If we are not confident that it will accomplish that goal, we will oppose it.

2. Strengthen transparency reporting and other transparency provisions. The original USA FREEDOM Act allowed detailed transparency reporting by private companies about the government demands they receive, and required more detailed transparency reporting by the government. Such transparency is critical both to ensuring government accountability and restoring customers’ trust in the US Internet industry both here and abroad. Transparency reporting is also a key priority of both the privacy community and the entire Internet industry. However, those provisions were substantially weakened in the House-passed version of the bill. It is vitally important that those provisions be re-strengthened to provide much greater transparency into how the government is using its surveillance authorities and how companies are or are not responding, including by allowing companies to report in smaller bands of numbers than the House bill currently allows.

With respect to reporting by private companies, the provisions in the House-passed bill should be improved in the following five ways: (1) Restore the rule of construction in the original USA FREEDOM Act making clear that the transparency provisions did not prohibit disclosures other than those authorized by those provisions;[3] (2) Remove the 2-year delay on reporting for new companies,[4] which imposes a transparency tax on startups and innovators; (3) Correct the clerical error allowing companies to report the number of content vs. non-content orders received but not the total number of orders received under each legal authority;[5] (4) Restore the provision, contained in the committees-approved version of the House bill, allowing companies to report on government requests made under Title VII of FISA.[6] That title contains authorities used for some of NSA’s broadest and most controversial programs, such as PRISM, which are the programs about which the least is known and that have caused the greatest loss of trust internationally. Finally, (5) companies should uniformly be allowed to report the number of “customer accounts affected” under each reporting option – rather than the number of “customer selectors targeted.”

With respect to government reporting, the House-passed bill would require the government to report only the number of “targets” affected by surveillance orders. Such reports would be highly misleading, as for every surveillance “target,” there may be hundreds or thousands of others whose communications or records the NSA obtains—because they wrote an email about the target, or because they once called the same telephone number as a target. Similarly, the bill’s requirements to disclose the number of FISC orders obtained would reveal little about the scope of surveillance, as we have seen that a single order can authorize the collection of information on millions of Americans. The government reporting provisions must be revised to accurately capture the number of individuals and U.S. persons affected, not merely the number of “orders” or “targets.” This is critical: if these provisions are not restored, the American public will have no way to verify that bulk collection has, in fact, ended.

In order to foster greater transparency, we also urge restoring the measures in the original USA FREEDOM Act to reform the “gag order” provisions for both FISA Section 215 orders and National Security Letters.

3. Avoid ratifying dragnet searches of our international communications. The past year’s disclosures revealed that the NSA uses Section 702 of the FISA Amendments Act to collect and retain international communications, not just to or from targets located outside the U.S., but about those targets.[7] According to reports, the NSA collects this information by tapping key Internet exchange points and scanning the contents of all international traffic, in what amounts to a dragnet search of all email to and from the U.S. Neither the language of Section 702 nor its legislative history gives any hint that the statute was designed for such a purpose. Nonetheless, Section 301 of the House-passed bill requires the minimization of information “that is not to, from, or about the target of an acquisition” – language that could be read to signal Congressional approval of the NSA’s monitoring of the content of millions of innocent individuals’ Internet communications. We believe Section 301 should be removed in its entirety, and Congress should address Section 702 comprehensively in subsequent legislation.

4. Strengthen Reforms to the FISA Court (FISC) Process to Provide More Accountability. As introduced, the USA FREEDOM Act modeled its FISC reforms after Senator Blumenthal’s FISA Court Reform Act of 2013 (S. 1467). That bill created an independent Office of the Special Advocate in the executive branch, responsible for reviewing all FISC applications and related materials, participating in all FISC proceedings, and advocating for Americans’ privacy and civil rights.[8] The House-passed version replaced this reform with a much weaker provision allowing the FISC to appoint amicus curiae with no express duties to advocate for Americans’ privacy interests.[9]

The House-passed bill also watered down provisions requiring public disclosure of FISC opinions. Under the original bill as reported in the House, the Attorney General would direct the disclosure process; in cases where the opinion itself could not be released, the Attorney General would be required to release a redacted version, summary, or other document containing certain minimum information (such as an identification of the legal questions at issue).[10] Under the House-passed version, the Director of National Intelligence would lead the process, and the bill provides no floor for what information must be contained in any redacted version or summary.[11] In theory, the DNI could meet the bill’s disclosure obligation by releasing an opinion with every sentence but one redacted.

The Senate should re-insert the independent advocate provision, and should ensure effective disclosure of the FISC’s legal analysis by requiring that disclosures include certain baseline information that is necessary for conducting effective oversight, consistent with Senator Blumenthal's original proposal.

5. Restore strong minimization requirements for the FISA pen register and trap & trace surveillance authority. The original USA FREEDOM Act codified court review of the government’s compliance with minimization procedures applied to FISA-authorized pen register and trap & trace (PRTT) surveillance. Minimization procedures have proved a critical tool for the FISC in reining in the NSA’s broad PRTT surveillance of the Internet. Yet the House-passed bill replaced PRTT minimization compliance review with a provision under which unspecified “privacy procedures” would be imposed by the Attorney General rather than the FISC. The original PRTT minimization provision should be restored, or the Senate should add a rule of construction making clear that the new “privacy procedures” provision does not prevent the FISC or the Attorney General from imposing additional minimization procedures.

6. Put strict limits on the new call detail records (CDR) authority. Multiple independent reviewers with access to classified intelligence, such as the Privacy and Civil Liberties Oversight Board and the President’s Review Group, have found little evidence to indicate that the call records program is an essential counterterrorism tool, and therefore many in our community see little need for the new CDR authority in the bill. However, and at the very least, Congress should not provide greater surveillance authority than that which the intelligence community and the President have said they need in order to transition away from the current bulk collection of CDRs. Therefore, to that end, (1) the Senate should clarify that the new authority for prospective collection of CDRs cannot be used to collect data three or more hops away from a target, by clarifying that the only “direct connection” justifying a first hop is a direct communication between the first device or account and the second, rather than, e.g., two devices being in close proximity to each other for a certain amount of time, or a phone number being found in another device’s contact list. Furthermore, (2) the new CDR authority should be limited to counterterrorism by codifying the current requirement that the government’s queries of call detail records collected in bulk are based on a reasonable articulable suspicion that the target is linked to a terrorist organization.[12] Additionally, the Senate should (3) ensure that there is no relaxation of current limits on data retention or dissemination; and (4) codify the current 90 day limit on the FISC’s CDR orders.

In addition to these six concerns, there are a number of issues of great importance to our community that should be considered by Congress. We recognize that these issues may not be addressed in this legislation, but believe Congress must address them in some fashion in order to restore Americans’ trust in our government and the trust of people worldwide in the US technology industry. In particular, consistent with US leadership in promoting global Internet freedom, we urge Congress to respect the privacy rights of innocent people outside the United States, who have rights to privacy and free expression under international human rights law. We urge Congress to consider the ramifications of the NSA’s efforts to undermine international encryption standards, which leave all Internet users less secure. We urge Congress to correct the “backdoor search loophole” in Section 702, under which the NSA searches its databases for information on Americans, even when that data was collected incidentally. And finally, we urge Congress to avoid any form of mandatory data retention regime, which would force U.S. telecom companies to retain and make available to the government data on their customers that they would not otherwise maintain. Any such mandate, in addition to creating unnecessary economic burdens and data security risks, would represent an unacceptable threat to privacy and civil liberties and would face the strongest possible opposition from our community as well as the opposition of the Internet and telecommunications industries.

Our community is gravely concerned about the dangerously broad reach of the National Security Agency’s surveillance programs. We believe that strong legislation can effectively address our concerns and we are committed to supporting Congress in passing such legislation, but we will be forced to oppose any bill that is not a substantial improvement over the version of the USA FREEDOM Act that was passed in the House.

Thank you for your consideration,

Access

Advocacy for Principled Action in Government

American Association of Law Libraries

American Booksellers Foundation for Free Expression

American Civil Liberties Union

American Library Association

Amicus

Antiwar.com

Association of Research Libraries

Brennan Center for Justice

Center for Democracy & Technology

Competitive Enterprise Institute

Council on American-Islamic Relations (CAIR)

Defending Dissent Foundation

Demand Progress

DownsizeDC.org, Inc.

Electronic Frontier Foundation

Fight for the Future

Free Press Action Fund

Freedom of the Press Foundation

Government Accountability Project

Human Rights Watch

Liberty Coalition

National Association of Criminal Defense Lawyers

National Security Counselors

New America Foundation’s Open Technology Institute

OpenMedia.org

OpenTheGovernment.org

PEN American Center

Project on Government Oversight (POGO)

Reddit

Restore the Fourth

Rutherford Institute

Student Net Alliance

The Sunlight Foundation

TechFreedom

ThoughtWorks

World Privacy Forum