Window Narrowing for Congress to Renew Surveillance Authority
Strong privacy and transparency protections must be included in legislation renewing Foreign Intelligence Surveillance Act Section 702 authority, said privacy and global cloud-based business groups Friday at a TechFreedom/Engine event. With new European privacy protections coming next year that U.S. global companies must meet, it’s time for Congress to ensure that 702 authority adds privacy protections that can build confidence among overseas business partners, said Christian Dawson, co-founder of the Internet Infrastructure Coalition. Many global clients are deeply concerned about data privacy in U.S.-based cloud services, he said, and will closely watch how Congress updates 702 authority expiring Dec. 31.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
A new 702 bill introduced Friday by Sens. Mike Lee, R-Utah, and Patrick Leahy, D-Vt., contains language that would codify an end to "about" data collections that scan communications merely referencing a surveillance target, they said. The bill is modeled on House Judiciary's USA Liberty Act (HR-3989), and continues the senators' bicameral work with House Judiciary leaders Bob Goodlatte, R-Va., and John Conyers, D-Mich., on surveillance legislation dating back to the 2015 USA Freedom Act that ended bulk metadata collection in the program (see 1506030039). Privacy and civil liberties groups listed as supporting the bill included the American Civil Liberties Union, Brennan Center's Liberty and National Security Program, Center for Democracy and Technology, Constitution Project, New America’s Open Technology Institute and Project on Government Oversight.
The Leahy-Lee bill includes a provision to close the "backdoor searches" of the 702 database offered by Sen. Dianne Feinstein, D-Calif., in the Senate Intelligence Committee's markup of the 2017 FISA Amendments Reauthorization Act. Feinstein's failed S-2010 amendment would require a warrant to search 702 data for criminal and foreign intelligence queries that could yield information on innocent U.S. persons. "That is the most important issue, [the bill] effectively addresses it," said Constitution Project senior counsel Jake Laperruque.
"Straight reauthorization would send the wrong signal globally," said Sheila Jambekar, associate general counsel of cloud software developer Twilio. “Customers ask for assurance that their data won’t touch the U.S.” Without protections curbing searches, companies like hers will have to build infrastructure in Europe to segregate data flow, Jambekar said: “We’d be investing in Europe not because it’s the right thing to do but because customers don’t trust the data infrastructure in the U.S.” That could mean jobs and investment moving overseas, and siphoning money that could be spend on new products and services, Jambekar said.
Section 702 authority is a major policy issue for New America’s Open Technology Institute, closely tracking bills that take different approaches: HR-3989; the USA Rights Act (S-1997) backed by Sens. Rand Paul, R-Ky., and Ron Wyden, D-Ore.; and Senate Intelligence’s 2017 FISA Amendments Reauthorization Act (S-2010). The House Intelligence Committee also is working on a bill (see 1711150041). For Europe "the whole concept of upstream collection is uncomfortable," said OTI policy counsel Robyn Greene, referring to the NSA's practice of wiretapping the internet backbone -- undersea fiber cables over which nearly 80 percent of global internet traffic travels. "The practice is incredibly privacy-invasive," said an OTI paper advocating for permanent ban to the program NSA temporarily put on hold.
"If we don’t reform 702, all communications with the EU is going to be put in jeopardy," said AccessNow senior legislative manager Nathan White. Leahy-Lee doesn't go far enough, in White's opinion, to raise assurances the U.S. is serious about protecting privacy.