Earlier this afternoon, the House Judiciary Committee circulated its draft FISA Sec. 702 reauthorization bill. This is a preliminary readout of the major problems I see with this legislation.
Mandatory Data Destruction Not Mandatory
One of the biggest vulnerabilities Americans face today is the growing volume of their personal data being stored on servers in the private sector and in government. In the government counterterrorism (CT) context—and CT intelligence collection was the original rationale for this authority—there is simply no reason for the government to continue the collection and storage of the information of innocent U.S. Persons (a legal definition that includes citizens and legal permanent residents).
The bill as drafted would allow the government to do exactly that for at least 90 days for "foreign intelligence purposes" and it allows the Director of the NSA (DIRNSA) to waive that requirement on an individual and specific basis if DIRNSA determines that such waivers are "necessary to protect the national security." All this provision will do is create more paperwork for NSA, but the waiver process could no doubt be largely automated, rendering this alleged reform meaningless. A genuine reform would 1) explicitly prohibit the government from obtaining and maintaining the data of Americans unless said Americans were the actual target of an authorized criminal investigation, and 2) require mandatory external audits (read Government Accountability Office) to confirm said data destruction.
No Penalties for Lying to the FISA Court
In September 2017, Demand Progress issued a report highlighting the number of times the NSA and Department of Justice have been caught violating Sec. 702, FISA Court orders, or both. From the report's executive summary:
The FISC has twice found that certain Section 702 collection violated the Fourth Amendment. In 2011 the government revealed that as part of its “upstream” Section 702 collection it collected non-targeted, entirely domestic communications. When NSA violated the rules that were supposed to make this collection legal, FISC again deemed the practice “a very serious Fourth Amendment issue.”
For almost 12 years, both under Section 702 and other programs before it, NSA was always engaging in or retaining some kind of electronic surveillance the FISC would go on to deem unauthorized, and NSA would only fix the problem when threatened with criminal sanctions.
The draft House Judiciary bill makes no mention of these past violations, much less proposes any remedies. House and Senate members apparently need to be reminded that the Constitution's impeachment function is applicable to all civil officers of government who engage in such violations.
Hiding The Real Numbers
For over six years, Senator Ron Wyden (D-OR) has attempted to get two Administrations to come clean on the actual number of innocent Americans whose communications are swept up by the Sec. 702 program, to no avail. The House Judiciary draft gives the Director of National Intelligence (DNI) a pass on compiling and making public this information if the DNI deems that such a calculation is "not achievable."
If AT&T, Verizon, and the other carriers have no problem finding you and me to give us our monthly cellular bills, there's simply no valid excuse for the DNI to be able to bob and weave on providing the number of innocent Americans being caught in this digital dragnet. The House Judiciary Committee should not be in the business of legalizing the DNI's subterfuge on the issue.
There are a number of other reforms that should be in this bill, but it is important to remember that the underlying premise of the FISA Amendments Act and the PATRIOT Act—that 9/11 happened because we didn't collect enough information on the terrorists prior to the attacks—has been refuted by the Congressional Joint Inquiry and the 9/11 Commission. This draft is proof that when it comes to rolling back unnecesary and ineffective mass surveillance programs, those facts simply don't matter.