Privacy advocates said that newly leaked NSA documents confirm their fears: AT&T closely cooperated with the agency, in many cases when it wasn't required to by law. The revelations may bolster the Electronic Frontier Foundation's lawsuit in the 9th U.S. Circuit Court of Appeals against the NSA on behalf of several AT&T customers, said EFF Executive Director Cindy Cohn in an interview Monday. Retired AT&T technician Mark Klein, who worked there for 22 1/2 years before contacting EFF in 2006, told us that what the NSA documents show involved tapping into Internet data flows via AT&T fiber optic cables.
In a world facing a growing number of data breaches and leaks, the amount of time classified information can be kept secret within the intelligence community is dwindling, said New America Cybersecurity Fellow Peter Swire Thursday at a New America event on the release of his latest paper. Before information was leaked by ex-NSA contractor Edward Snowden about the intelligence community’s activities, the IC assumed secrets lasted 25-50 years, which is when declassification occurs legally, said Swire, a law and ethics professor at Georgia Tech.
Supporters and opponents of the Securing Participation, Engagement and Knowledge Freedom by Reducing Egregious Efforts (Speak Free) Act (HR-2304) speaking at a Congressional Internet Caucus Advisory Committee event Friday agreed more action is needed to curb strategic lawsuits against public participation (SLAPPs) being used against online reviewers, but disagreed whether HR-2304 was too broad to be an effective deterrent. HR-2304, introduced in May by House Communications Subcommittee ranking member Anna Eshoo, D-Calif., and Rep. Blake Farenthold, R-Texas (see 1505140041), would introduce a national anti-SLAPP statute similar in scope to those in effect in California and Texas. The bill would allow defendants in a SLAPP lawsuit to file for a special motion to dismiss the lawsuit if the defendant provided an oral or written statement or other expression in connection with an official proceeding.
The U.S. Court of Appeals for the D.C. Circuit ruled against AT&T Tuesday, reversing a lower court dismissal of a False Claims Act lawsuit alleging the carrier fraudulently overcharged schools and libraries that passed their costs along to the FCC E-Rate subsidy program (USA ex rel. Todd Heath v. AT&T, No. 14-7094). The three-judge panel remanded the case to the U.S. District Court in Washington, D.C., for further proceedings on the merits of the case.
“Bottom line is that the USA Freedom Act protects Americans’ civil liberties and enhances our national security,” said House Judiciary Committee Chairman Bob Goodlatte, R-Va., in a column on his website Friday. “In addition to ending the bulk collection of data by the federal government, the USA Freedom Act increases the transparency of the government’s intelligence-gathering programs by making more information available to the American public,” Goodlatte said. “It requires the declassification of all significant court opinions, mandates the Attorney General and the Director of National Intelligence provide the public with detailed information about how they use national security authorities, and provides technology companies with a range of options for describing how they respond to national security orders,” he said. “While this new law preserves key intelligence-gathering authorities, it replaces the NSA’s current, unlawful program with a new, targeted call detail records program." USA Freedom doesn’t stop the bulk collection of phone or email content authorized under Section 702 of the Foreign Intelligence Surveillance Act (FISA) or fiber taps authorized by executive order 12333, former NSA intelligence official-turned-whistleblower William Binney told us. There are 80 to 100 taps on fiber cables in the lower 48 states and they're not solely along the coasts, so they can’t be just for foreigners, Binney said. Metadata collected from Section 215 of the Patriot Act was used to fill in the content gaps, he said. Following an article in The New York Times and ProPublica Thursday that said the NSA conducted warrantless surveillance on Americans’ international Internet traffic to search for malicious attacks, the Center for Democracy & Technology in a news release Friday called the NSA’s expanded role in battling cyberattacks troubling. Leaked documents show that the NSA is using Section 702 of FISA “in a far broader manner than previously understood,” CDT said. “By using Section 702 to collect information directly from main Internet cables in the U.S., the NSA is sweeping up communications of Americans, including those who have been victimized by cyber attacks,” it said. “The NSA sees surveillance as the flipside of cybersecurity,” said CDT Freedom, Security and Technology Project Director Greg Nojeim. “Being the victim of a cyber attack should not be a reason for the NSA to collect your communications and mine them for intelligence purposes,” Nojeim said. "The backdoor search loophole in Section 702 of FISA is a far bigger problem than we thought,” he said, especially since “collection under Section 702 gets the actual content of communications.”
Personally identifiable information (PII) for some 4 million current and former federal employees that may have been compromised prompted the White House to push for cybersecurity legislation Friday. Experts said in interviews that the Office of Personnel Management breach isn't an outlier amid a slew of such intrusions at companies and government agencies. And while some blamed China for the OPM intrusion, others said that country may turn out to not be the culprit. OPM maintains personnel records for the federal workforce and the PII that may have been compromised includes names, Social Security numbers, date and place of birth, and current and former addresses, a spokesman told us.
President Barack Obama signed HR-2048, the USA Freedom Act, into law hours after the Senate voted 67-32 for the legislation Tuesday (see 1506020052). USA Freedom reinstates two of the three provisions authorized by the Patriot Act that expired at midnight on Sunday, once again allowing the FBI to gather business records in terrorism and espionage investigations and allowing eased access to eavesdrop on suspects who use throwaway cellphones in efforts to avoid surveillance. Most notably USA Freedom ends the bulk collection metadata program the NSA said was authorized by Section 215 of the Patriot Act in six months. The Senate’s vote to pass USA Freedom was hailed by many industry and privacy groups, including the Information Technology Industry Council, BSA | The Software Alliance, CEA and Yahoo, with some seeking additional surveillance reforms.
Following the more than 10-hour filibuster by Sen. Rand Paul, R-Ky., Wednesday and rumors the Senate lacks the votes needed to pass the USA Freedom Act, members of the House, government watchdogs and privacy advocates suggested the Patriot Act’s expiring provisions should sunset instead of passing a clean reauthorization bill or a watered-down version. Three provisions of the Patriot Act expire June 1. Section 215, the provision that the NSA said authorized a bulk metadata collection program, expires at midnight May 31.
Lawmakers questioned antitrust officials Friday on how the FCC net neutrality order affected their agencies, the FTC 2013 decision not to sue Google and the commission's Section 5 authority over unfair and deceptive practices. Comcast's recently abandoned takeover of Time Warner Cable also came up at the House Regulatory Reform, Commercial and Antitrust Law Subcommittee hearing, as did mergers and acquisitions generally and cybersecurity. FTC Chairwoman Edith Ramirez said staffers are in the final stages of assessing information collected in the study of patent assertion entities. The commission voted in 2013 to begin collecting comments on PAEs (see report in the Sept. 30, 2013, issue).
The House Judiciary Committee voted 25-2 to send the USA Freedom Act (HR-2048) to the floor Thursday. The 2014 USA Freedom Act was the foundation for the bill's 2015 version, which Chairman Bob Goodlatte, R-Va., said contains more privacy protections and national security tools. Democrats, Republicans, the intelligence community, civil liberties groups and private industry approve of the bill, Goodlatte said.