House Passes Bill To Limit NSA Spying

5 Online Tools Uncle Sam Wants You To Use

The US House of Representatives passed a bill by a substantial majority on May 22 that would prohibit the federal government from the bulk collection of metadata on Americans' telephonic and electronic communications and put in place tighter controls on government access to such information.

"With today's vote, the House approved the first significant rollback of government surveillance since the passage of the Foreign Intelligence Surveillance Act in 1978," said key lawmakers who backed the bill in a joint statement released Thursday by the House Judiciary Committee. "While this is not a perfect bill, the USA Freedom Act is an important step in the right direction."

House passage of the USA Freedom Act (H.R. 3361) comes almost a year after the National Security Agency spying scandal broke in June 2013. The bill was introduced on October 29, 2013, by Rep. Jim Sensenbrenner (R-WI) and Sen. Patrick Leahy (D-VT). Civil liberties groups and a number of technology giants originally supported the bill, but they recently withdrew their support on the grounds that the bill was gutted in last-minute negotiations with the White House.

[Cisco's CEO complains of alleged NSA interception of networking gear. Read: NSA Reports Prompt Chambers To Ask Obama For Changes.]

In addition to its prohibition on bulk collection of data, the bill increases protection of Americans' privacy by stipulating that details of call records can only be collected on a continuing basis after approval has been received by the Foreign Intelligence Surveillance Court.

To help ensure Americans' privacy, the bill would require the federal government to take steps to minimize the acquisition of Americans' business records and prevent the government from retaining such information.

The bill boosts oversight of federal intelligence gathering programs by providing judicial review of government efforts to minimize collection of business records. At the same time, the bill would establish a panel of experts to ensure the FISA court adequately considers privacy concerns and the constitutional rights of Americans.

Importantly, the bill requires the government to disclose the number of requests made for call detail records and requires the Administrative Office of the US Courts to publicly report on an annual basis the number of FISA orders issued, modified, or denied by the Foreign Intelligence Surveillance Court.

The bill would give technology companies new ways to report data concerning requests for customer information made under FISA by allowing them to inform their American and foreign customers when they receive national security requests.

Sensenbrenner expressed some disappointment that the bill passed did not have the force of the original one.

"While I wish it more closely resembled the bill I originally introduced, the legislation passed today is a step forward in our efforts to reform the government's surveillance authorities," he said in a statement. "It bans bulk collection, includes important privacy provisions and sends a clear message to the NSA: We are watching you."

While some groups have withdrawn their support for the bill in the wake of amendments that they feel diluted the strength of the original version, others see it as a step in the right direction that affords citizens and businesses essential protections.

"The legislation is a step towards ending the broad intelligence gathering that angers so many Americans," said Daniel Castro, senior analyst with the Information Technology and Innovation Foundation. "While it does not go as far as most advocates would like in limiting certain types of government surveillance of communications, the bill does make an effort to curtail bulk collection of personal data."

Others were harsher in their assessment.

"The ban on bulk collection was deliberately watered down to be ambiguous and exploitable," said Harley Geiger, senior counsel at the Center for Democracy and Technology. "We withdrew support for USA Freedom when the bill morphed into a codification of large-scale, untargeted collection of data about Americans with no connection to a crime or terrorism."

NIST's cyber security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work? Read the Protecting Critical Infrastructure issue of InformationWeek Government today.