Patriot Act Section 215 Deadline Looms: are We Safer Online?

Loretta Sanchez
Congresswoman Loretta Sanchez (Photo: Chris Prevatt)
Loretta Sanchez
Congresswoman Loretta Sanchez (Photo: Chris Prevatt)

June 1 brings a looming deadline; section 215 of the Patriot Act, which is the National Security Agency’s sweeping surveillance program of online communications, is up for renewal.  The Patriot Act, crafted hastily in the wake of 9/11, has been renewed every time it’s come up.  There’s a new bill, the USA Freedom Act, designed to reform Section 215 that just might have bi-partisan support.

Some background first: Section 215 has been used by the NSA used to justify warrantless, bulk collection of phone records of American citizens. The collection is done electronically and the records collected contains metadata on the phone numbers individuals call and the time the calls were placed. No one s listening to any conversation and no calls are recorded. If a phone number, though other intelligence, is connected to international terrorism, a secret review of activity is conducted by a judge of records to dig deeper.

Under the USA Freedom Act, Congress will call for a process where phone companies could disclose the government’s request for phone records when they were unable to under the Patriot Act.  The new legislation prohibits the NSA’s once secret practice of collecting large scale communications records, such as all records from an entire state, city or even zip code while still allowing authorities to get specific communications records in case of a national security threat upon court approval.

From a statement from four House sponsors of the USA Freedom Act:  “As several intelligence-gathering programs are set to expire in a month, it is imperative that we reform these programs to protect Americans’ privacy while at the same time protecting our national security.”

The House sponsors are Reps. Bob Goodlatte, R-Va., Judiciary Committee chairman; John Conyers, D-Mich., committee ranking member; Jim Sensenbrenner, R-Wis.; and Jerry Nadler, D-N.Y. Senate sponsors are Sen. Mike Lee, R-Utah and Patrick Leahy, D-Vt.

Now al of this is largely due to leaks of classified documents by Edward Snowden, who was a contractor for the NSA and was employed by Booz, Allen, Hamilton.  Snowden isn’t a maser hacker.  He borrowed a privileged password to gain access to data he was never entitled to see ad exposed the secretive NSA’s bulk collection program to the mainstream media.  If you caught HBO’s excellent program “Last Week Tonight,” Snowden was interviewed about the program and shown “man on the street” videos were most Americans have little idea what he did.

Is Snowden a Patriot or a Criminal? Or is he both?  The ACLU say he’s a patriot.  There are some progressives who disagree.  When I first read of Snowden’s leak, my first thought was his program is old news; progressives brought this year years ago over debates about FISA courts.  And even with the revelation, the NSA is not listening in on your phone calls or my phone calls.

My person view is Snowden is a criminal.

My argument is he was never supposed to access the data he did.  He yelled fire in a crowded theater but wants First Amendment protections as a whistleblower.  And I’m sure the Russians have every document he left the country with.  I’ve never been a fan of many provisions of the Patriot Act and think the FISMA courts were far generous in granting favorable rulings for government surveillance. But that said, I believe Snowden committed treason and I’m not the only progressive who feels this way (see Neil Patrick Harris’s comment at the Academy Awards after the Snowden documentary won an Oscar saying the subject of the documentary couldn’t attend the show “for some treason.”)

Congresswoman Loretta Sanchez did an interview shortly after the Snowden leak.  See the video here.  And it’s clear there’s a lot she can’t say and we’ll note Sanchez was a consistent vote against the Patriot Act.  And she wants revisions to The Patriot Act and FISMA Act, but it’s not clear where she stands on the new bill.  “At what cost …let’s find a way to get as much information as possible without trampling over people’s rights.” she said.

I attended the RSA Conference 2015 in San Francisco last week; it’s one of the largest data security conferences in the world.  At a dinner hosted by an investment company, Richard Clarke, a former cybersecurity czar who worked for both the Clinton and Bush administration, was asked to make some remarks at a dinner event prior to the show.  Industry analyst Jon Oltsik was there and paraphrased Clarke’s comments for an industry trade journal.

Clark’s paraphrased statement was something like this:

A lot of us have been to this show for at least 10 years.  Now if you had asked anyone in this room ten years ago to predict the state of the cybersecurity industry in 2015, I don’t believe that anyone would have dreamed that the industry would be as big as it is today.  So we’ve all had a good ride and made a little bit of money along the way. 

But here’s the problem:  If you asked a second question 10 years ago about the state of cybersecurity ten-years hence, few if any of us would have guessed that the cybersecurity risks to our nation, our critical infrastructure, and our sensitive data would be worse today than it was 10 years ago.

So while we enjoy our dinner tonight, it’s important to remember that we remain way behind so we as a group of cybersecurity leaders must stay focused and committed to the task at hand.

For Republicans who complain about the NSA Surveillance program, simply put, they are hypocrites.  Democrats who complained about the surveillance and data-mining program were called “weak” and “threats to national security” under the Bush administration.  President Obama has been effectively handcuffed in reforming the Patriot Act; without bipartisan support for a bill such as the USA Freedom Act (which isn’t all that different than what we have now), should terrorists hit us inside the US again in a 9/11-styled attack, Democrats would have been branded as having weakened our national security.  It’s fun to watch conservatives do backflips on what’s essentially the same program under Bush and Obama.  There’s this and this and this and this.

While we need to be concerned about nation-state attacks from China, Russia, North Korea and Iran, we also need to worry about hacks from our friends in Israel, Japan, and Europe.  If we’re going to be outraged about surveillance by the NSA, what about all those cameras on the roads and in public places set up either by local governments or what about security cameras set up by individuals or private organizations?  Was the video surveillance used to capture the Boston Marathon bombers a good thing or a bad thing?

As more devices become Internet-enabled (thermostats and baby monitors) via the Internet of Things, the great the chances hackers can get into your home in ways other than your PC.  As a nation, we do need to take security seriously.

A soon to be published survey from the Enterprise Strategy Group shows that two-thirds of cyber-security professionals who work at critical infrastructure organizations (utilities, energy plants, fuel refineries, transportation, water treatment, solid waste, airports and rail networks) believe that the cyber-threat landscape today is worse than it was just two years ago (which coincides with Snowden’s actions).

Security vs. Privacy is not a simple debate.