Update: On Tuesday night, the House Rules Committee voted to send a bill to reauthorize and expand Section 702 surveillance to the floor with only one amendment from Rep. Justin Amash and others. That amendment would replace the underlying bill with a pro-privacy measure that makes sweeping reforms to online surveillance. While it boasts bipartisan support in the House and Senate, it also faces fierce opposition from those in Congress and in the intelligence community who don’t want to see any pro-privacy changes to the law. The underlying bill and the amendment are expected to be on the House floor on Thursday.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Congress will decide in the next few days how to re-up an online spying power that could impact companies’ ability to do business abroad.
That online spying power is Section 702 of the Foreign Intelligence Surveillance Act, an authority that houses two controversial spying programs unveiled by former NSA contractor Edward Snowden: PRISM and Upstream.
Foreign officials specifically cite these surveillance programs when discussing ways in which U.S. privacy laws — and the tech companies they govern — are inadequately protecting foreigners’ privacy. And with many countries already taking a critical look at international streamlined agreements that let U.S. companies legally access foreign users, it will be U.S. startups who are left without the tools to grow their user base abroad and contribute to economic and job growth back home.
We’ve been here before. Section 702 was supposed to expire at the end of last year. During 2017, lawmakers introduced and debated various Section 702 reform bills, ranging from expanding the controversial surveillance to significantly reining it in. But after trying and failing to move a bad reform bill in December, Congress ultimately attached a short-term reauthorization to a government funding bill.
Now it has until January 19th to reauthorize the law, and some lawmakers are trying to move another version of the same bad bill. The House Rules Committee is slated to meet Tuesday to consider a version of a bill from the House Intelligence Committee that falls far short of the necessary reforms.
Instead of making meaningful pro-privacy changes, the bill creates a path forward for the intelligence community to restart a controversial practice that was prohibited by an intelligence oversight court last year. That practice is “about” collection, or collecting Internet communications that mention keywords and terms that the intelligence community believes are tied to foreign intelligence targets. For instance, under “about” collection, the intelligence community could retain emails between innocent people with no connection to national security concerns if they merely mention a name, email address, etc. that the intelligence community has identified as being tied to a person or group that possesses foreign intelligence information.
By prohibiting “about” collection, the court narrowed how wide the intelligence community casts its net when collecting online communications under Section 702. Opening the door to restart “about” collection would signal to the world that the U.S. is looking to cast as wide a net as possible and is unconcerned about the consequences of collecting and storing irrelevant communications between innocent people.
Lawmakers do have an opportunity to address this concern as Congress tries to move forward with the flawed underlying bill, including by moving to the House floor some of the amendments that up for consideration, including one from Reps. Ted Poe, Zoe Lofgren, and Jerry Nadler that would, among other things, codify the end of “about” collection.
Improving existing surveillance laws like this is critical to improve foreign countries’ perspectives on how seriously U.S. laws and companies take their citizens’ privacy. This is especially important as European officials and courts continue to review the Privacy Shield, a transatlantic deal that lets U.S. companies store and process Europeans’ data in the U.S. Thousands of companies rely on Privacy Shield to legally grow their user bases in Europe, and failing to demonstrate
As lawmakers again face an expiring shot clock on online spying, it should consider the far reaching impacts these laws have, especially on small U.S. startups that do business abroad.