UPDATED: On June 11, the U.S. House of Representatives attached an amendment defunding two “backdoor” spying programs to legislation appropriating money to the Department of Defense for FY2016. The amendment, introduced by Rep. Thomas Massie (R-Ky.) and Rep Zoe Lofgren (D-Calif.), would ban federal agencies from accessing Americans’ data captured “incidentally” in foreign surveillance programs without first obtaining a warrant, and would prevent the government from forcing tech companies to build weaknesses into their security systems. A coalition of privacy advocates joined TCP in supporting the amendment, which passed on a vote of 255 to 174. A similar proposal passed the House last year, but it was quietly stripped before the underlying legislation became law.
ORIGINAL POST: A coalition of technology companies and advocacy organizations, including TCP, is calling on Congress to close the warrantless “backdoor search” loophole in the Foreign Intelligence Surveillance Act of 1978 by requiring the National Security Agency to obtain permission from a court before examining communications of U.S. persons obtained under the law.
In a letter delivered May 11 to Rep. Ted Poe (R-Texas), Rep. Thomas Massie (R-Ky.) and Rep Zoe Lofgren (D-Calif.), the chief sponsors of H.R. 2233, the groups noted that ongoing revelations about “the intrusive nature and broad scope of government surveillance have badly damaged the trust” users have in the security of their communications, and claimed the legislation would help to restore that trust.
The current law authorizes foreign surveillance of online and telephone communications, but explicitly prohibits the NSA from intentionally targeting U.S. residents. Ordinarily, the Fourth Amendment requires an individualized warrant before the government can engage in surveillance on American soil. However, the current law does not prohibit the agency from querying databases for U.S. communications inadvertently gathered under a foreign surveillance program, so-called “incidental collection.” H.R. 2233 would address that loophole by prohibiting searches of those databases for communications of a U.S. person absent a court order or special circumstances. The legislation would extend the same protection to data collected under an executive order.
The bill also would prohibit the government from requiring or requesting that any person or entity build back doors into its products or services that would facilitate electronic surveillance of users of such products or services. Last year, FBI Director James Comey expressed concern that law enforcement was “going dark” as more and more companies began building strong encryption into their product. However, technology experts say it is impossible to build in access for law enforcement without also creating vulnerabilities for hackers and other bad actors.
In a separate letter delivered the same day to Senate leaders, many of the same groups argued against any data retention mandates that would require any company to retain user data for a defined length of time. “Indiscriminate data retention mandates intrude upon privacy, chill freedom of expression and association, needlessly expose users to risks of data theft or misuse, and significantly increase operating costs for small and large businesses,” they wrote.