Earlier today, the House Committee on the Judiciary was scheduled to mark up the USA FREEDOM Reauthorization Act of 2020, a bill meant to reform and reauthorize Section 215 of the USA PATRIOT Act, as well as some other provisions of FISA, before they are due to expire on March 15, 2010. At the last minute, this markup was postponed without warning and without a new date, throwing the process into chaos.
It is time to enact real reforms to the government’s use of national security authorities, beginning with the obvious, overdue step of prohibiting the intelligence community from using Section 215 to collect the call records of innocent Americans on an ongoing basis. Just yesterday, the New York Times reported that the Privacy and Civil Liberties Board (PCLOB) found that between 2015 and 2019, the CDR program cost $100 million taxpayer dollars, but yielded only one significant investigation.
Especially when compared to the previously introduced Safeguarding Americans’ Private Records Act, the bill scheduled to be marked up today was far from perfect. But the USA FREEDOM Reauthorization Act of 2020 included some obvious and needed reforms, including ending the authority to conduct the CDR program.
EFF, along with other civil society advocates, has long been clear about the need for significant reform of Section 215. In fact, EFF has been suing over the NSA’s CDR program since 2006—long before the NSA admitted the program existed. In 2015, after Edward Snowden’s revelations in 2013 and after a federal appeals court ruled that the government’s interpretation of Section 215 was “unprecedented and unwarranted,” Congress passed the USA FREEDOM Act to amend Section 215 to stop mass surveillance of Americans’ telephone records. Although the law allowed the NSA to continue to use Section 215 to collect Americans’ call records, it substantially narrowed the program’s operation.
This first set of reforms were important, but it is now clear that they did not go far enough.
In 2018, the NSA announced that it received large numbers of CDRs it should not have had access to under the USA FREEDOM Act, and that these “technical irregularities” began in 2015. Despite this, the NSA encountered yet another “overcollection” incident just months later. After these two incidents, the NSA voluntarily shut the program down.
In 2019, both the House Committee on the Judiciary and the Senate Committee on the Judiciary called witnesses from the NSA, the FBI and the DOJ to discuss the current use of Section 215 authorities. The witnesses told both Committees they were requesting the renewal of the legal authorization for CDR program—that they had voluntarily shut down—because it might be useful one day.
And this is just a small selection of the problems that pervade Section 215. Although the law has become synonymous with the NSA’s collection of call records, it actually has a much wider scope. In addition to authorizing ongoing collection of telephone records, Section 215’s “business records” authority allows the government to obtain a secret order from the Foreign Intelligence Surveillance Court (FISC) requiring third parties to hand over any records or other “tangible thing” if deemed “relevant” to an international terrorism, counterespionage, or foreign intelligence investigation.
In the hearings last year, witnesses confirmed that the 215 “business records” provision may allow the government to collect sensitive information, like medical records, location data, or even possibly footage from a Ring camera. Both committees appeared rightfully skeptical, and the reform bills introduced in Congress this year attempt to curb some of the worst potential abuses of this far ranging authority.
It is past time for reform. Congress has already extended these authorities without reform once, without debate and without consideration of any meaningful privacy and civil liberties safeguards. If Congress attempts to extend these authorities again without significant reform, we urge members to vote no and to allow the authorities to sunset entirely.