NSA Powers Expire as US Rolls Back Surveillance

Rand-Pauls-Patriot-Act-Filibuster-Just-Started.png

The US Senate packed up on Sunday evening without extending the expiring surveillance provisions of the Patriot Act, meaning that—for now, at least—the U.S. intelligence community is without tools that it says are vital to national security, including the National Security Agency's bulk collection of U.S. call data.

Thanks to the stubborn opposition of Sen. Rand Paul and a gamble with the clock by Majority Leader Mitch McConnell that sorely backfired, the Senate failed to deal with the three controversial parts of the post-9/11 act that reached sunset the moment the calendar turned to June.

The lapse appears likely to only last a few days, as lawmakers are expected to pass a White House-supported surveillance-reform bill—the USA Freedom Act—as soon as Tuesday that would revive the spying authorities, but with a host of transparency and oversight reforms tacked on.

Sweeping intelligence capabilities exposed by Edward Snowden shut down as hawks concede defeat on first major surveillance reform in a generation

Sweeping US surveillance powers, enjoyed by the National Security Agency since the aftermath of the 2001 terrorist attacks, shut down at midnight after a dramatic Senate showdown in which even the NSA’s biggest supporters conceded that substantial reforms were inevitable.

Almost two years after the whistleblower Edward Snowden revealed to the Guardian that the Patriot Act was secretly being used to justify the collection of phone records from millions of Americans, critics of bulk surveillance went further than expected and forced the end of a range of other legal authorities covered by the Bush-era Patriot Act as well.

The expired provisions, subject to a “sunset” clause from the beginning of June onwards, are likely to be replaced later this week with new legislation – the USA Freedom Act – that permanently bans the NSA from collecting telephone records in bulk and introduces new transparency rules for other surveillance activities. The USA Freedom Act, once passed, will be the first rollback of NSA surveillance since the seminal 1978 Foreign Intelligence Surveillance Act.

But until then, in addition to the expiration of the NSA’s phone records collection, the FBI is prevented from using powers granted under the Patriot Act, including the pursuit of so-called “business records” relating to internet use, hotel and rental car records and credit card statements.

Both developments represent a remarkable capitulation for the Republican Senate majority leader, Mitch McConnell, who had initially sought to simply extend the Patriot Act provisions, despite overwhelming support in the House of Representatives for the USA Freedom Act. McConnell and his colleagues who opposed reform were thwarted in their efforts by a growing backlash by Senate Republicans and, in particular, his Kentucky colleague, Senator Rand Paul.         

“This is the only realistic way forward,” acknowledged the Republican leader during a rare Sunday evening session just hours before the Patriot Act was set to expire. Shortly after, the Senate voted 77 to 17 to proceed to debate on the USA Freedom Act – a procedural hurdle that fell three votes short during another special session focused on surveillance reform nine days earlier.

The development was welcomed by the White House, which has also come to support the USA Freedom Act after Barack Obama proposed that the NSA could seek specific records directly from telephone companies instead.
“The Senate took an important – if late – step forward tonight,” White House press secretary, Josh Earnest, said. “We call on the Senate to ensure this irresponsible lapse in authorities is as short-lived as possible.”

Even Paul, after the procedural vote, conceded that the bill will now ultimately pass, although he appeared determined to drag it out as a long as possible. “Tonight begins the process of ending bulk collection,” he said. Paul, who is running for president on a libertarian-leaning agenda, believes the USA Freedom Act does not go far enough in tackling the surveillance abuses revealed by Snowden.

“I am not going to take it any more and I believe the American people are not going to take it any more,” Paul said, as he took the Senate floor for another of the extended speeches that have helped propel him into the public spotlight at a key moment in the Republican race for the presidency.

McConnell attempted to seek a temporary extension for additional Patriot Act powers to be affected by the expiration of powers unrelated to the NSA’s bulk domestic phone metadata program – including so-called “lone-wolf” and “roving wiretap” capabilities. But even a temporary continuation of those surveillance authorities were opposed by Paul, who has the power to block such attempts to speed up Senate business by seeking unanimous consent.

Paul’s tactics provoked angry reactions from establishment Republicans, including a heated exchange with John McCain, who accused him of endangering national security to boost his presidential campaign. McCain said on Sunday that Paul “obviously has a higher priority on his fundraising and political ambitions than securing the nation”.
Paul, gesturing toward the acrimony that persists in the Senate even after the vote made passage of the USA Freedom Act a foregone conclusion, said his Republican opponents were rooting for a terrorist attack to embarrass him.
“Some of them I think secretly want an attack on the United States so they can blame it on me,” Paul said.
Obama and his intelligence chief, James Clapper, also made a final push on Friday for the Senate to pass the USA Freedom Act, alleging the expiration of the Patriot Act provisions would expose the US to terrorism.

But a Justice Department inspector general report found the FBI had come to use the business-records provision to amass “large collections” of Americans’ communications data. It noted that the spread of internet access had lead to an explosion in information accessible to the FBI, and cast doubt on Justice Department and congressional assurances that the authority, known as Section 215, is critical for counterterrorism.
“[T]he agents we interviewed did not identify any major case developments that resulted from use of the records obtained in response to Section 215 orders, but told us that the material produced pursuant to Section 215 orders was valuable in that it was used to support other investigative requests, develop investigative leads, and corroborate other information,” the DoJ report found.

Originally mindful of the privacy implications of Section 215, Congress permitted it to “sunset” after five years. Yet, with nearly all aspects of its practical applications hidden under extensive secrecy – especially the post-2006 addition of NSA bulk surveillance – reauthorization of the Patriot Act provisions had become routine.
The last time the legislation was considered, in 2011, it passed 72-23 in the Senate and 250-153 in the House.

But this time, Snowden’s revelations pierced the veneer of government secrecy and ushered in perhaps the most open debate about surveillance powers in the NSA’s 63-year history.
“No doubt it played a role,” Republican senator Dean Heller told the Guardian. “I think it played the same role for me as it did for most of the American people, who were surprised and stunned that the government had this sort of access to this kind of data.”

Nextgov:  http://bit.ly/1LZUvaK
Guardian: http://bit.ly/1GeNnsI

« Edward Snowden Answers Some Questions
Cyber Vulnerability Report 2015 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Daon

Daon

Daon offers a universal biometric authentication platform for mobile devices.

Center for Strategic Cyberspace & International Studies (CSCIS)

Center for Strategic Cyberspace & International Studies (CSCIS)

CSCIS seeks to advance global cyberspace security and prosperity by providing strategic insights for cyberspace and policy solutions to decision makers.

Inspirria Cloudtech

Inspirria Cloudtech

Inspirria Cloudtech is a specialized Cloud Technologies Services provider and Cloud Aggregator focused on executing cloud models for clients.

CSIRT-NQN

CSIRT-NQN

CSIRT-NQN is the Computer Incident Response Team for the Argentine province of Neuquen.

IXDen

IXDen

IXDen provides a novel software-based approach to OT systems protection, covering Industrial IoT cybersecurity and sensor data integrity.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

R3

R3

R3 is an enterprise blockchain software firm working with a broad ecosystem of more than 300 participants across multiple industries to develop blockchain applications.

Kasm Technologies

Kasm Technologies

Kasm Browser Isolation - Protect your organization from malware, ransomware and phishing by using zero-trust containerized browsers.

Axur

Axur

Discover and eliminate digital fraud and risks on the web. Utilize Axur’s entire AI potential, along with thousands of bots dispersed throughout the surface web as well as the deep and dark web.

ADL Consulting

ADL Consulting

ADL Consulting provide information security-related consultancy and training support to businesses across the UK. Our services include ISO27001, GDPR, Cyber Essentials and training.

Alpha Mountain AI (alphaMountain)

Alpha Mountain AI (alphaMountain)

alphaMountain provides up-to-date domain and IP intelligence for cybersecurity investigational and protection platforms.

HashDit

HashDit

HashDit products and services focus on helping build a safe ecosystem for both protocol users and smart contract developers on BNB Chain.

OSC Edge

OSC Edge

OSC was founded with the vision of providing expert solutions in IT to government and businesses. OSC Edge empowers organizations with solutions that prepare them for today and tomorrow.

Singularico

Singularico

Singularico help secure your software using the power of AI.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.

Myrror Security

Myrror Security

Myrror Security is a software supply chain security solution that aids lean security teams in safeguarding their software against breaches.