There has been a bipartisan push among a crop of tech-oriented, privacy-supporting legislators to tamp down on the surveillance authorities granted to federal agencies. It didn't end with the USA Freedom Act, which modestly reduced some bulk metadata collection authorities justified under the PATRIOT Act. In fact, some of these legislators ended up voting against the USA Freedom Act because it had been watered down.
Two of those legislators are well-known to Reason readers, Rep. Justin Amash (R-Mich.) and Rep. Jared Polis (D-Colo.). The two of them have partnered up (joined by 34 other representatives) to send a letter to the leaders of the House, Senate, and the House Appropriations Committee to push for the final passage of five tech privacy-related the amendments that have already been approved by the House. The goal is to get these amendments into a government funding bill for fiscal year 2016.
Two of the amendments are to prevent the government from using federal funds to push for the weakening of encryption standards in products for the purpose of making government surveillance easier. That is, they're trying to block the federal government from trying to force software or online companies to introduce encryption "back doors" into their products to facilitate the government snooping on people. Two amendments would limit the use of federal funds for bulk or warrantless data collection that targets U.S. citizens. And one amendment would prohibit the government from using federal funds to operate cellphone location data gathering devices like Stingrays without getting a warrant.
Read the letter here. The signers are a good split between Democrats and Republicans, a rare bipartisan push even libertarians might enjoy. The amendments restrict government power rather than expanding it. How often does that happen?
In the meantime, we have some much less positive news on digital privacy and security on the legislative front. Other folks in Congress are still pushing for the passage of the Cybersecurity Information Sharing Act (CISA). While the legislation is being sold as a way to help improve communication between private businesses and the federal government to help stop cyberattacks and hacking, it does so by pushing these businesses to provide customer data to the government and immunizing them from lawsuits over privacy breaches. Technology experts doubt the legislation will actually improve cybersecurity at all. While the House and Senate negotiate differences in their versions of the bill, The Hill notes that there's pressure by the intelligence community to use the legislation to given them access to the data:
The Senate's recently passed bill, known as the Cybersecurity Information Sharing Act (CISA), is expected to serve as the basis for the finished language. The compromise text will also likely include elements from a bill that originated in the House Intelligence Committee, observers said.
This completed product would mostly sideline the privacy advocate-preferred bill from the House Homeland Security Committee. They believe the Homeland Security bill includes the strongest provisions to protect people's sensitive data from falling into the NSA's hands.
Specifically, the Homeland Security bill would give the greatest role to the Department of Homeland Security (DHS) for collecting cyber threat data from the private sector and disseminating it throughout the government.
It's believed the DHS is best suited to scrub data sets of personal information.
The realization that the Intelligence Committee offerings would dominate the completed bill has sent some privacy groups into an 11th-hour frenzy.
"We've just learned that the Intelligence Committees are trying to pull a fast one," Nathan White, senior legislative manager at digital rights advocate Access, said in a recent email to supporters. "They've been negotiating in secret and came up with a Frankenstein bill — that has some of the worst parts from both the House and the Senate versions."
Amash tweeted his opposition to CISA yesterday.