The USA FREEDOM Act: NSA Data Collection, the Escalation of Encryption, and Curbing the Digital Arms Race
On October 29, 2013, the USA FREEDOM Act was introduced to end the mass gathering of phone record data by the NSA.
H.R.3361/S.1599 is a bipartisan effort authored by Sen. Patrick Leahy (D-Vt.), chairman of the Senate Judiciary Committee, and Rep. James Sensenbrenner Jr. (R-Wis.) that seeks to curb the mass targeting of communications by American citizens by clarifying the language in Section 215 of the USA PATRIOT Act.
How does this affect you?
ServInt supports the USA FREEDOM Act because the same limitations that the bill places on the phone surveillance activities of NSA apply to other forms of communication, specifically Internet traffic. Not only should this bill get the NSA out of your phone calls, it should get them:
• out of your inbox
• out of your search history
• out of your text logs
An outline of the USA FREEDOM Act provided by Senator Leahy’s office explains that this bill does not simply curb the act of phone meta data collection, but puts specific safeguards and limits on the collection of American’s communications in general:
“The bill closes NSA’s “back door” access to Americans’ communications by requiring a court order to search for the communications of Americans in data collected without individualized warrants under Section 702 of FISA.
“The bill imposes other safeguards on activities conducted under Section 702, including strengthening the prohibition on “reverse targeting” of Americans — that is, targeting a foreigner with the goal of obtaining communications involving an American.”
Right now the NSA says they don’t do mass surveillance. Why? Because what they do is collect mass data, and they say that surveillance only begins when they look at what they collected. By the NSA’s own figures, they ‘touch’ 1.6% of global Internet traffic and select 0.025% of it for review.
That may not sound like a big number, but most of the data on the Internet isn’t communications data — which presumably is what the NSA is chiefly interested in — it’s media. In North America, for example, communications data only makes up about 2.9% of Internet traffic. Assuming that percentage holds globally, the NSA is pretty much admitting to “touching” over half of all Internet communications. And with over 60% of email traffic considered spam, it could be assumed that the NSA has a finger on nearly all communications sent over the Internet no matter where you are in the world – stored and ready to be pulled up if necessary.
ServInt supports the passage of the USA FREEDOM Act because there are privacy and security issues — and potentially intellectual property issues — at stake. As the NSA builds back doors and breaks complex encryption techniques, they are making the Internet less safe and secure for everyone. They are also taking copies of data that don’t belong to them. The government defines that as piracy. Is the NSA the world’s biggest perpetrator of online piracy?
Having the government keep copies of our nation’s email traffic doesn’t just sound un-American — it opens up a wide range of extremely troubling legal issues. For example: does the government now have copies of all its citizens’ email correspondence with their doctors — and if so, doesn’t that contravene HIPAA and other privacy regulations? How about emails between lawyers and their clients, or emails containing confidential testimony from government informants and whistleblowers? Does the government’s retrieval of this kind of email traffic mean that web hosts are obligated to send security breach disclosures to their customers? There are countless examples of situations like this, where the NSA’s efforts run in direct contravention to existing privacy laws.
It’s tempting to shortcut the requirements of due process when the Internet puts so much data at the fingertips of anyone with the power to access it, especially when the stated mission of the NSA — to protect the U.S. from foreign threats — is so important, but also so broad. But just because it is easy, does not mean it is right. ServInt believes that due process must be protected for all Americans, whether on the Internet or out in the world. We are eager to to help the government fight terrorism and prosecute criminals when provided with clear and actionable warrants signed off by a judge.
The actions of the NSA are curbing cloud adoption by reducing consumer confidence in the security of their online data. As they actively work to break encryption, they are making the Internet a less secure place. Moreover, I believe the current data collection of the NSA and the measures security and encryption companies will be forced to take to combat these intrusions will mark the beginning of a cold war between the NSA and the Internet – the encryption economy versus the spies – with the loser being the taxpayer. Companies across the Internet are focused right now on how to make NSA surveillance harder and more expensive. Their customers require it.
This digital arms race harms the economy by both reducing consumer confidence in the Cloud, while also ringing up massive costs for both the users of the Internet and the American tax payer.
THE USA FREEDOM Act is a first step towards ratcheting down this escalation.
As part of my work as chairman and founder of the Internet Infrastructure Coalition, I have reached out to Senator Leahy’s office directly to see how we can best help drive forward the conversation in support of the USA FREEDOM Act. Though Senator Leahy was a sponsor of PIPA, his office has been very helpful in pushing for ECPA reform. We have met with his staff multiple times working on ECPA reform and are leveraging those relationships to find the best place to help assure the passage of the USA FREEDOM Act.
If you agree with ServInt and want to help protect online data from covert, unwarranted government surveillance, contact your Congressmen in both the House and Senate to say you support H.R.3361/S.1599, The USA FREEDOM Act.
Photo by Joe Pemberton