For privacy advocates, USA Freedom doesn't end push for surveillance reform

Proponents of reforming National Security Agency practices are now turning their attention to other controversial programs that USA Freedom didn't address. 

Supporters of surveillance reform took a brief moment on Tuesday to savor the Senate’s 67-32 passage of the USA Freedom Act before immediately locking their sights on the next targets for change.

The bill that was quickly signed into law by President Obama puts an end to the National Security Agency’s bulk collection of phone call metadata and imposes conditions and limits on how US spy agencies can use and access phone data.

It also amends key portions of the Foreign Intelligence Surveillance Act of 1976 and the USA Patriot Act of 2005 with language that introduces greater transparency and oversight of government surveillance practices and the decisions of the FISA court.

USA Freedom “is the most significant national surveillance reform in the last 30 years,” said Harley Geiger, advocacy director and senior counsel at the Center for Democracy and Technology. “It demonstrates that the era of rubber stamping mass surveillance is over.”

Several other groups including the American Civil Liberties Union, the Internet Infrastructure Coalition, and the Open Technology Institute expressed similar sentiments. “We’re celebrating because, however small, this bill marks a day that some said could never happen – a day when the NSA saw its surveillance power reduced by Congress,” the Electronic Frontier Foundation wrote.

But most reform groups also noted that the Freedom Act leaves unchanged many other controversial surveillance practices. For instance, the Freedom Act does not change a FISA provision referred to as Section 702, which the government has used as its authority to conduct extensive surveillance on online communications. The government has cited Section 702 as its authority for programs like PRISM for collecting huge quantities of data directly from servers and networks belonging to several Internet giants including Google, Microsoft, Yahoo, and Facebook.

The amount of records collected under Section 702 likely dwarfs the amount of records collected under the NSA's bulk phone records collection program Mr. Geiger said.

Though Section 702 is meant to enable surveillance of terror suspects based outside the US, Mr. Geiger and others say that in practice it enables warrantless backdoor collection of Internet communications belonging to many Americans. Sen. Ron Wyden (D) of Oregon is one of several lawmakers who have said they want additional reforms passed to rein in the "dragnet surveillance" enabled by Sec. 702. The provision is scheduled to sunset in 2017 and the effort has already begun to either kill it or reform it before renewal.

Also unchanged by the Freedom Act are authorities granted to government under Executive Order 12333 and statutes like the Electronic Communications Privacy Act (ECPA) of 1986.

EO 12333 is a President Reagan era artifact that among other things assigns specific roles, responsibilities and rules for spying for more than a dozen intelligence agencies including the CIA, the NSA, and the FBI.

Groups such as the Electronic Privacy Information Center have cautioned that the executive order often serves as an “alternate basis of authority for surveillance activities, above and beyond Section 215 and 702.” Activities such as the NSA's efforts to break online encryption and security technologies were likely conducted under the authority granted to the agency under the executive order.

The Privacy and Civil Liberties Oversight Board, an independent advisory board within the executive branch, has said it wants to examine surveillance activities conducted under EO 12333 with an eye to reforming them. In May, after House of Representatives overwhelmingly passed the Freedom Act, the PCLOB held a public meeting to discuss the constitutional and oversight implications of counterterrorism activities conducted under the EO.

The ECPA, which sets standards for government monitoring of cellphone conversations, is another target for major overhaul. As with many of the other statutes, the government has claimed that the communications privacy act gives it the authority to conduct warrantless tracking of cellphone users and for accessing e-mail and other stored content in the cloud.

Earlier this year, Senators Orrin Hatch (R) of Utah, Chris Coons (D) of Delaware, and Dean Heller (R) of Nevada introduced a bill titled the Law Enforcement Access to Data Stored Abroad (LEADS) Act that seeks to reform ECPA. Among other things, the law would require law enforcement to obtain a court-issued warrant in order to obtain the content of stored communications from an Internet service provider and limit the extra territorial reach of US-issued search warrants.

While the Freedom Act has put an end to one instrument for mass surveillance, similar reforms are needed to the various other statues being used by US law enforcement and spy agencies, Geiger said. “Framing this issue in the context of just one phone records collection program makes it appear smaller than it is."