Privacy Advisor

Committee Hears Testimony, Patriot Act Must Change

July 18, 2013

By Jedidiah Bracy, CIPP/US, CIPP/E

At a House Judiciary hearing yesterday exploring the Obama administration’s use of Foreign Intelligence Surveillance Act (FISA) authorities, representatives from the Justice Department, National Security Agency (NSA), Office of National Intelligence and the Federal Bureau of Investigation were questioned by lawmakers, specifically on Section 215 of the USA PATRIOT Act (Patriot Act) and Section 702 of FISA.

The hearing followed last week’s meeting on the same topic, hosted by the Privacy and Civil Liberties Oversight Board.

For several hours, officials answered often heated bipartisan questioning about the collection, processing and legality of the provisions, most notably regarding Section 215—the provision under which the dragnet collection of phone metadata has been conducted.

Notably, Rep. Jim Sensenbrenner (R-WI), author of the Patriot Act, warned the government panelists, “There are not enough votes in the House of Representatives to renew Section 215, and then you’re going to lose the business records access provision of the Patriot Act entirely…It’s got to be changed, and you have to change how you operate Section 215 otherwise…you’re not going to have it anymore.” Rep. Zoe Lofgren (D-CA), later in the hearing, agreed with Sensenbrenner warning “the program has gone off the tracks.”

There are not enough votes in the House of Representatives to renew Section 215, and then you’re going to lose the business records access provision of the Patriot Act entirely.
Rep. Jim Sensenbrenner

The Patriot Act is due to expire at the end of 2015.

The hearing also featured what some consider revelations. NSA Deputy Director John C. Inglis testified that NSA analysts can conduct “a second or third hop query” into the collected records of phone metadata, prompting critics to note how many Americans would be affected by such queries, The Guardian reports. A “hop” refers to the immediate connections of a suspect; a second hop refers to the connections of the primary connections—with each hop accessing exponentially more connections.

Lawmakers expressed concern that phone records of Americans, not just foreign entities, were collected prior to any terrorist leads. Ranking member John Conyers (D-MI) said the “fundamental problem in this hearing” is not about the access to the data, it’s the very collection of the data in the first place. “It’s clear to me,” he added, “that we have a very serious violation of law.”

In answering how government authorities interpreted Section 215 to allow for the collection of every American’s phone metadata, Deputy Attorney General James Cole said there are strict limitations and that analysts cannot simply “wander through these records.” In order to delve into the collected records, the government must have “a reasonable and articulable suspicion” prior to querying the database.

Cole added, “If you’re looking for a needle in a haystack, you need to have the entire haystack. But you need court approval to look for the needle.”

If you’re looking for a needle in a haystack, you need to have the entire haystack.
U.S. Deputy AG James Cole

The panelists also noted that part of the reasoning behind collecting phone records is that different companies retain customer data for varying lengths of time. With its collection, the government retains the data for five years, after which such data loses investigatory significance. Rep. Steve King (R-IA) asked if it’s feasible to require phone companies to retain the data, presumably under a data retention statute or agreement—something already required in Europe under the data retention directive. Inglis said he could provide a more detailed answer at a later date.

Other lawmakers, including Rep. Jason Chafitz (R-UT), asked if geolocation is considered metadata or content. Cole said it wasn’t content and that it’s “an evolving area of the law.”

Rep. Spencer Bachus (R-AL) asked how “we can keep (these programs) from evolving into a weapon by government?”

Cole noted that all three branches of government have oversight of the process with strict limitations. He also said intelligence officials are “not operating with a secret playbook” and that all “significant” FISA court opinions are made available to both the House intelligence and judiciary committees. “We’re just trying to determine what we can let out so we can have this broader discussion,” he added.

The government officials were also repeatedly asked if tech companies, such as Google and Yahoo, will be allowed to disclose to the public FISA requests. Cole said it “is a matter we are looking at and taking seriously.”

A coalition of technology companies and civil liberties groups are calling on the Obama administration and Congress to expand public disclosure of its surveillance programs.

Read more by Jedidiah Bracy:
FTC, Irish DPA Release Mutual Enforcement Agreement
Privacy Board To Host Workshop on NSA Surveillance Programs
Are Multiple Mobile Privacy Guidelines Helping or Hurting the Mobile Ecosystem?