After months of inaction – and worries that real change at the National Security Agency was indefinitely stalled – there was a flurry of action in Congress this week on the most promising NSA reform bill, as the USA Freedom Act unanimously passed out of the House Judiciary Committee and then, surprisingly, out of the Intelligence Committee, too. Only its movement came at a price: the bill is now much weaker than it was before.
What would the legislation actually do? Well, for one, it would take the giant phone records database out of the NSA's hands and put it into those of the telecom companies, and force judicial review. Importantly, it doesn't categorically make anything worse – like the House Intel bill pushed by Rep Mike Rogers would have – and it would at least end the phone records program as it exists today, while making things a little bit better for transparency.
However, anytime Rogers calls a bill "a great improvement," anyone who values privacy should be worried. The transparency section of the bill doesn't require nearly as much disclosure as it did previously, and there's no longer a full-time privacy advocate for the Fisa court in there – only the chance for outsiders to submit legal briefs. Plus, the "mandatory" declassification of Fisa court opinions now only "encourages" the executive branch to be forthcoming – a policy which the ace surveillance-law analyst Marcy Wheeler described as follows: "it only releases opinions if Edward Snowden comes along and leaks them."
Reactions to the new bill from NSA reform supporters have been mixed. Both the Electronic Frontier Foundation (EFF) and American Civil Liberties Union called it a positive step, but emphasized how much still needs to be fixed. Wheeler was more cynical in her analysis, suggesting it may be just as bad as the Intel bill that was so universally panned by national security watchers. But Kevin Bankston, the longtime surveillance reform crusader and policy director at the Open Tech Institute, explained the predicament well:
Some say, "How good can it be if the intel committee passed it?" I say, "This is what victory looks like." They had no choice. We beat them.
— Kevin Bankston (@KevinBankston) May 8, 2014
The bill is also far from a done deal; it can still get improved on the floor. If tech companies are serious about forcing NSA reform, then now is the time for them to step up lobbying efforts and prove that their public comments about changing surveillance laws amount to something more than a well orchestrated PR campaign.
But the battle to retake our privacy can't be won in the halls of Congress alone. Even the original version of the USA Freedom Act didn't do anything about the NSA's subversion of common encryption. It didn't address the stockpiling of zero-day vulnerabilities that puts internet security at risk. It didn't offer any privacy protections to 95% of the world that doesn't live in the United States. And given the NSA's unique talent for distorting the plain meaning of the English language (in fact, they seem to have created an entirely secret, bizarro dictionary of its own), it's always possible the agency will find a way to subvert the will of the people it allegedly serves.
This is the primary reason why a host of public-interest groups launched something called Reset the Net last week. The campaign calls for major websites and the general public to widely adopt end-to-end encryption tools to stem the ability of the NSA – or any other intelligence agency – to conduct mass surveillance, regardless of what our laws look like. The campaign will culminate on 5 June – the one-year anniversary of the Snowden disclosures – with a giant online push to get ordinary internet users signed up and using the tools that are so critical to keeping our information private online.