Cybersecurity & Standards, Government Surveillance
CDT Proposes Collection and Retention Limits on Section 702 Surveillance
Today CDT submitted our comments to the Privacy and Civil Liberties Oversight Board for its ongoing evaluation of the government’s use of Section 702 of FISA, which authorizes the PRISM program and upstream collection of phone and Internet traffic directly from core cables and switches. These programs have infringed on human rights of individuals abroad, circumvented 4th Amendment protections, and severely harmed the U.S. tech industry globally. To address these issues, CDT recommends a number of actionable reforms.
In our comments, CDT proposes a number of front-end limits on collection:
- Refined Purpose for Collection: Limit the purpose for which Section 702 surveillance may be conducted to the six categories of national security that President Obama identified in a January 17, 2014 Presidential Policy Directive. This would prevent the government from monitoring communications purely to support the conduct of foreign affairs, which could lead to surveillance based solely on political activity.
- Higher Standard for Targeting: Require the government to have “probable cause” to believe that an individual is a non-U.S. person located outside the United States before targeting them. The Washington Post reported that the government was only requiring “51 percent certainty;” an unacceptable coin-flip standard that would render the targeting rules virtually meaningless.
- Prohibiting “About” Collection: End the collection of communications “about” targets, a process that lets NSA gather communications that are neither to nor from foreign intelligence targets by scanning all communications going into and out of the United States for references to a target.
Review Surveillance Directives: The Foreign Intelligence Surveillance Court should review surveillance directives issued to companies to ensure that surveillance complies with the law, does not involve intentional targeting of Americans, and prevents acquisitions of wholly domestic communications. This measure would bring much needed independent oversight to Section 702 surveillance.
CDT also called for a range of back-end limits on retention and use of information collected under Section 702:
- Closing the Backdoor Search Loophole: Close the “backdoor search loophole,” which allows the government to deliberately select Americans’ communications from Section 702 databases. The President’s Review Group supported this reform in its report last December (Recommendation 12(3)).
- Limiting Domestic Criminal Use: Significantly narrow the exception allowing the government to disseminate to law enforcement any US person’s communication that provides any evidence of any criminal activity. The President’s Review Group issued a similar recommendation in its report (Recommendation 12(2)).
- Removing the Crytpoanalytic Exception: End the cryptanalytic exception that allows the NSA to permanently retain any US person’s communications that can be used for cryptoanalytic purposes. Given the frequent use of encryption by civilians for legitimate purposes, this overbroad exception could become the rule.
While there is much more to do regarding global surveillance by the US government, we believe these reforms would be a strong start that significantly protects privacy of both US persons and individuals abroad, without impinging upon the government’s ability to protect national security.