NSA Powers Expire as US Rolls Back Surveillance

Rand-Pauls-Patriot-Act-Filibuster-Just-Started.png

The US Senate packed up on Sunday evening without extending the expiring surveillance provisions of the Patriot Act, meaning that—for now, at least—the U.S. intelligence community is without tools that it says are vital to national security, including the National Security Agency's bulk collection of U.S. call data.

Thanks to the stubborn opposition of Sen. Rand Paul and a gamble with the clock by Majority Leader Mitch McConnell that sorely backfired, the Senate failed to deal with the three controversial parts of the post-9/11 act that reached sunset the moment the calendar turned to June.

The lapse appears likely to only last a few days, as lawmakers are expected to pass a White House-supported surveillance-reform bill—the USA Freedom Act—as soon as Tuesday that would revive the spying authorities, but with a host of transparency and oversight reforms tacked on.

Sweeping intelligence capabilities exposed by Edward Snowden shut down as hawks concede defeat on first major surveillance reform in a generation

Sweeping US surveillance powers, enjoyed by the National Security Agency since the aftermath of the 2001 terrorist attacks, shut down at midnight after a dramatic Senate showdown in which even the NSA’s biggest supporters conceded that substantial reforms were inevitable.

Almost two years after the whistleblower Edward Snowden revealed to the Guardian that the Patriot Act was secretly being used to justify the collection of phone records from millions of Americans, critics of bulk surveillance went further than expected and forced the end of a range of other legal authorities covered by the Bush-era Patriot Act as well.

The expired provisions, subject to a “sunset” clause from the beginning of June onwards, are likely to be replaced later this week with new legislation – the USA Freedom Act – that permanently bans the NSA from collecting telephone records in bulk and introduces new transparency rules for other surveillance activities. The USA Freedom Act, once passed, will be the first rollback of NSA surveillance since the seminal 1978 Foreign Intelligence Surveillance Act.

But until then, in addition to the expiration of the NSA’s phone records collection, the FBI is prevented from using powers granted under the Patriot Act, including the pursuit of so-called “business records” relating to internet use, hotel and rental car records and credit card statements.

Both developments represent a remarkable capitulation for the Republican Senate majority leader, Mitch McConnell, who had initially sought to simply extend the Patriot Act provisions, despite overwhelming support in the House of Representatives for the USA Freedom Act. McConnell and his colleagues who opposed reform were thwarted in their efforts by a growing backlash by Senate Republicans and, in particular, his Kentucky colleague, Senator Rand Paul.         

“This is the only realistic way forward,” acknowledged the Republican leader during a rare Sunday evening session just hours before the Patriot Act was set to expire. Shortly after, the Senate voted 77 to 17 to proceed to debate on the USA Freedom Act – a procedural hurdle that fell three votes short during another special session focused on surveillance reform nine days earlier.

The development was welcomed by the White House, which has also come to support the USA Freedom Act after Barack Obama proposed that the NSA could seek specific records directly from telephone companies instead.
“The Senate took an important – if late – step forward tonight,” White House press secretary, Josh Earnest, said. “We call on the Senate to ensure this irresponsible lapse in authorities is as short-lived as possible.”

Even Paul, after the procedural vote, conceded that the bill will now ultimately pass, although he appeared determined to drag it out as a long as possible. “Tonight begins the process of ending bulk collection,” he said. Paul, who is running for president on a libertarian-leaning agenda, believes the USA Freedom Act does not go far enough in tackling the surveillance abuses revealed by Snowden.

“I am not going to take it any more and I believe the American people are not going to take it any more,” Paul said, as he took the Senate floor for another of the extended speeches that have helped propel him into the public spotlight at a key moment in the Republican race for the presidency.

McConnell attempted to seek a temporary extension for additional Patriot Act powers to be affected by the expiration of powers unrelated to the NSA’s bulk domestic phone metadata program – including so-called “lone-wolf” and “roving wiretap” capabilities. But even a temporary continuation of those surveillance authorities were opposed by Paul, who has the power to block such attempts to speed up Senate business by seeking unanimous consent.

Paul’s tactics provoked angry reactions from establishment Republicans, including a heated exchange with John McCain, who accused him of endangering national security to boost his presidential campaign. McCain said on Sunday that Paul “obviously has a higher priority on his fundraising and political ambitions than securing the nation”.
Paul, gesturing toward the acrimony that persists in the Senate even after the vote made passage of the USA Freedom Act a foregone conclusion, said his Republican opponents were rooting for a terrorist attack to embarrass him.
“Some of them I think secretly want an attack on the United States so they can blame it on me,” Paul said.
Obama and his intelligence chief, James Clapper, also made a final push on Friday for the Senate to pass the USA Freedom Act, alleging the expiration of the Patriot Act provisions would expose the US to terrorism.

But a Justice Department inspector general report found the FBI had come to use the business-records provision to amass “large collections” of Americans’ communications data. It noted that the spread of internet access had lead to an explosion in information accessible to the FBI, and cast doubt on Justice Department and congressional assurances that the authority, known as Section 215, is critical for counterterrorism.
“[T]he agents we interviewed did not identify any major case developments that resulted from use of the records obtained in response to Section 215 orders, but told us that the material produced pursuant to Section 215 orders was valuable in that it was used to support other investigative requests, develop investigative leads, and corroborate other information,” the DoJ report found.

Originally mindful of the privacy implications of Section 215, Congress permitted it to “sunset” after five years. Yet, with nearly all aspects of its practical applications hidden under extensive secrecy – especially the post-2006 addition of NSA bulk surveillance – reauthorization of the Patriot Act provisions had become routine.
The last time the legislation was considered, in 2011, it passed 72-23 in the Senate and 250-153 in the House.

But this time, Snowden’s revelations pierced the veneer of government secrecy and ushered in perhaps the most open debate about surveillance powers in the NSA’s 63-year history.
“No doubt it played a role,” Republican senator Dean Heller told the Guardian. “I think it played the same role for me as it did for most of the American people, who were surprised and stunned that the government had this sort of access to this kind of data.”

Nextgov:  http://bit.ly/1LZUvaK
Guardian: http://bit.ly/1GeNnsI

« Edward Snowden Answers Some Questions
Cyber Vulnerability Report 2015 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

Discover how you can implement endpoint detection and response (EDR) tools into your security strategy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Riverbed Technology

Riverbed Technology

The Riverbed Network and Application Performance Platform enables organizations to visualize, optimize, accelerate and remediate the performance of any network for any application.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

Quorum Cyber

Quorum Cyber

Quorum Cyber offer end-to-end cyber security solutions, specialising in Managed Security Services, Consulting and Resourcing.

Computing Technology Industry Association (CompTIA)

Computing Technology Industry Association (CompTIA)

CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy.

Evidence Talks Ltd

Evidence Talks Ltd

A leading forensic computing authority developing unique digital forensic technologies. Tools that detect potential terrorists & criminals & used by the military, enforcement & intelligence commmunity

Cowbell Cyber

Cowbell Cyber

Cowbell Cyber™ offers continuous risk assessment, comprehensive cyber liability coverage, and continuous underwriting through an AI-powered platform.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

Document Security Systems (DSS)

Document Security Systems (DSS)

DSS anti-counterfeit, authentication, and brand protection solutions are deployed to prevent attacks which threaten products, digital presence, financial instruments, and identification.

Bitcrack

Bitcrack

Bitcrack Cyber Security helps your company understand and defend your threat landscape using our key experience and skills in cybersecurity, threat mitigation and risk.

Cipher

Cipher

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of Managed Security Services.

Cirosec

Cirosec

Cirosec is a specialized company with a focus on information security. We carry out pentests & audits and advise our customers in the German-speaking countries on information and IT security issues.

Alcon Maddox

Alcon Maddox

Alcon Maddox is a niche recruitment and executive search firm specialised in sourcing exceptional Cyber Security sales and commercial leadership talent. Serving clients across the Middle East & Europe

Zephyr Project

Zephyr Project

The Zephyr Project strives to deliver the best-in-class RTOS for connected resource-constrained devices, built to be secure and safe.

Graylog

Graylog

Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.

Amnesty Tech

Amnesty Tech

Amnesty Tech's Security Lab leads technical investigations into cyber-attacks against civil society and provides critical support when individuals face such attacks.

Outsource Group

Outsource Group

Outsource Group is an award winning Cyber Security and IT Managed Services group working with a range of SME/Enterprise customers across the UK, Ireland and internationally.