Security
Headlines
HeadlinesLatestCVEs

Headline

US Senate to Vote on a Wiretap Bill That Critics Call ‘Stasi-Like’

A controversial bill reauthorizing the Section 702 spy program may force whole new categories of businesses to eavesdrop on the US government’s behalf, including on fellow Americans.

Wired
#google#git#intel#auth

The United States Senate is poised to vote on legislation this week that, for the next two years at least, could dramatically expand the number of businesses that the US government can force to eavesdrop on Americans without a warrant.

Some of the nation’s top legal experts on a controversial US spy program argue that the legislation, known as the Reforming Intelligence and Securing America Act (RISAA), would enhance the US government’s spy powers, forcing a variety of new businesses to secretly eavesdrop on Americans’ overseas calls, texts, and email messages.

Those experts include a handful of attorneys who’ve had the rare opportunity to appear before the US government’s secret surveillance court.

The Section 702 program, authorized under the Foreign Intelligence Surveillance Act, or FISA, was established more than a decade ago to legalize the government’s practice of forcing major telecommunications companies to eavesdrop on overseas calls in the wake of the September 11, 2001, terrorist attacks.

On the one hand, the government claims that the program is designed to exclusively target foreign citizens who are physically located abroad; on the other, the government has fiercely defended its ability to access wiretaps of Americans’ emails and phone conversations, often years after the fact and in cases unrelated to the reasons the wiretaps were ordered in the first place.

The 702 program works by compelling the cooperation of US businesses defined by the government as “electronic communications service providers”—traditionally phone and email providers such as AT&T and Google. Members of the House Intelligence Committee, whose leaders today largely serve as lobbyists for the US intelligence community in Congress, have been working to expand the definition of that term, enabling the government to force new categories of businesses to eavesdrop on the government’s behalf.

Marc Zwillinger, a private attorney who has twice appeared before the FISA Court of Review, wrote last week that the RISAA legislation expands the definition of “electronic communications service provider” (ECSR) to include data centers and commercial landlords—businesses, he says, that “merely have access to communications equipment in their physical space.” According to Zwillinger, RISAA may also ensnare anyone “with access to such facilities and equipment, including delivery personnel, cleaning contractors, and utilities providers.”

Zwillinger had earlier criticized the ECSR language this year, leading House lawmakers to amend the text to explicitly exclude certain types of businesses, including hotels.

Zwillinger noted in response that the need for those exclusions is proof enough that the text is overly broad; an exception that merely serves to prove that the rule exists: “The breadth of the new definition is obvious from the fact that the drafters felt compelled to exclude such ordinary places such as senior centers, hotels, and coffee shops,” he wrote. “But for these specific exceptions, the scope of the new definition would cover them—and scores of businesses that did not receive a specific exemption remain within its purview.”

This analysis quickly flooded inboxes on Capitol Hill last week, with some Hill staffers and privacy experts quietly dubbing the ECSR language the “Stasi amendment,” a reference to the East German secret police force notorious for infiltrating industry and forcing German citizens to spy on one another.

Digital rights groups have pointed to Zwillinger’s assessment while lobbying US senators this week to vote against the RISAA. “While the Department of Justice wants us to believe that this is simply about addressing data centers, that is no justification for exposing cleaning crews, security guards, and untold scores of other Americans to secret Section 702 directives,” says Sean Vitka, policy director at Demand Progress, which has taken to calling the ECSR text the “Make Everyone A Spy provision.”

In an interview with The New York Times on Tuesday, Jim Himes, a Democrat from Connecticut, decried comparisons between the ECSR text and the East German secret police, saying critics of the provision were “massively exaggerating” the 702 program’s domestic reach.

The Senate is expected to vote on RISAA on Wednesday, though a few procedural hurdles remain. A two-thirds majority vote will be needed to get the bill to the floor, and another two-thirds majority is required to prevent privacy defenders from filibustering the bill. Once those hurdles are cleared, however, a simple majority is needed to send the FISA reauthorization bill to the White House.

There is almost zero chance of US president Joe Biden rejecting the bill. The administration has spent months sending top lieutenants to the Hill to champion its cause. Biden’s support for the 702 program stands in stark contrast to the views of his campaign rival, former president Donald Trump, who last week commanded his supporters in Congress to “KILL FISA.”

Ron Wyden, the senior US senator from Oregon, argues that RISAA represents “one of the most dramatic and terrifying expansions of government surveillance authority in history.” A leading privacy hawk in Congress, Wyden joined the Senate Intelligence Committee just prior to the 9/11 attacks and has served for more than two decades.

The US House of Representatives passed RISAA last week in a 273–147 vote. An amendment aimed at requiring the Federal Bureau of Investigation to obtain search warrants before accessing wiretaps on US citizens was rejected after a vote on the amendment ended in a tie.

Members of the House Intelligence Community allied with the Biden White House and its spy agencies to defeat the amendment in what multiple House sources referred to as a “campaign of fear.” An hour before the vote on Friday, Himes openly threatened US lawmakers supporting the warrant requirement, claiming that if it passed, he’d ensure those lawmakers face the brunt of the blame in the wake of any future terrorist attacks.

“If we turn off the ability of the government to query US person data, the consequences will be known soon,” Himes said. “And we will audit why what happened happened. And accountability will be visited.”

For years, the US government has claimed that it would be impossible to estimate the number of Americans who are being eavesdropped on under Section 702. While statistics on the program are difficult to come by, it is known to have captured hundreds of millions of individual calls, texts, and emails while in the process of targeting only a few million individuals. (The FBI claims that, following a series of recent internal reforms, the 702 program now targets fewer than 300,000 individuals per year.)

While Section 702 is hailed as a powerful tool against terrorism, cybercrime, and drug trafficking, US spy agencies are likewise authorized to target foreigners on the basis that they’re believed to receive or possess “foreign intelligence information,” an ambiguous term legal experts argue could extend to a virtually unlimited number of activities with any number of tenuous ties to “foreign affairs.”

While attempting to paint the program as merely a threat to Americans who communicate with Hamas, ISIS, or other designated terrorist groups, House Intelligence Committee chairman Mike Turner did little to reject claims last week that the 702 program can also be aimed at foreign dignitaries and politicians of allied European nations. Notably, the US does not recognize any foreign citizen abroad as having privacy rights, and US spy agencies may freely target them without congressional approval. The 702 program exists because the government relies on US businesses to implement its wiretaps and ensnares Americans’ communications in the process.

Much of the criticism aimed at the 702 program stems from revelations in a declassified court filing last year that describes rampant abuse by agents of the FBI, which is known to have scoured the wiretap database for information on tens of thousands of American protesters, journalists, political donors, and at least one sitting member of Congress.

The FBI has implemented a number of internal policies in recent years designed to limit lower-ranking FBI employees from unilaterally authorizing searches that target Americans—reforms that Turner and other spy agency surrogates claim are sufficient to stave off future abuse.

The program’s critics, meanwhile, say relying on the FBI to internally police itself is a mistake, pointing to decades of surveillance abuses and political intelligence gathering carried out in clear violation of US law.

Wired: Latest News

More Spyware, Fewer Rules: What Trump’s Return Means for US Cybersecurity