The Patriot Act Revision: What Does It Mean to You? [updated]
Update: USA Freedom Act Signed Into Law, Assuring NSA Mass Surveillance Shutdown
After the USA Freedom Act failed to get passed during a long Senate session in May 15th, the Senate finally passed the USA Freedom Act without any amendments with a 67-32 vote made after the Patriot Act expired on June 1. The bill will end the bulk collection of phone records by the NSA and restore the protection of people’s rights by allowing a streamlined and transparent process of getting access to Americans’ phone records by means of a specific “selector” such as customer names, or numbers.
Altogether, the USA Freedom Act’s intervention was met with acclaim from privacy advocates, reformists, and the tech industry. While hailed as a “milestone” achievement, many insist that it only addresses a “small slice” of the mass surveillance apparatus and that a bigger move beyond mere fixes is still needed.
In an overwhelming 388 to 88 vote, the US House of Representatives recently approved legislation to end the federal government’s mass collection of phone records, exerting intense pressure to effectively shut down the domestically contentious NSA spying program revealed by former NSA contractor Edward Snowden.
On June 1, when the provision of the Patriot Act that allows the NSA dragnet expires, a compromise of some form must be reached. If the USA Freedom Act gets support, the bipartisan bill under the existing Patriot Act will be changed to ban bulk collection of metadata on phone calls. While reformers are confident that they can convince the Senate to back the legislation, the near-unanimity in the House is not reflected in the Senate, where they face opposition from Senate majority leader Mitch McConnell and Senator Rand Paul. The small but powerful group that supports the program insists that the expiring section 215 of the 2001 Patriot Act, the section where bulk domestic surveillance is maintained, should be renewed in its current form.
The Scope of Surveillance: No Holds Barred?
When the NSA’s secret programs were made public in leaks by whistleblower Edward Snowden, it resulted in debates on the balance between liberty and security. Many argued that it isn’t so much about what the government is allowed to know but what government, holding unique powers, is allowed to do with what it knows. The Fourth Amendment tacitly speaks of the extent of the government’s authority and the right of the people to be protected from unwarranted spying. Without curtailment, such a scale of power could cripple civil liberties, and the surveillance of the public could be considered an overreach of the government’s authority.
On the one hand, the language of Section 215 of the Patriot Act allows for confidential court orders to collect "tangible things" with no restraint, which includes everything from driver’s license information to Internet browsing patterns—anything that could be relevant to government investigations for the purpose of counter-terrorism. Following the 9/11 attacks, it seemed fairly prudent to widen the government’s counterintelligence capabilities to "connect the dots" of probable terrorist plans. The tension between individual freedom and national security accelerated when the single-minded focus on counterterrorism shifted toward an intensified concern over civil liberties. After the Snowden revelations, a lot felt that something that initially seemed okay simply didn't seem okay anymore.
With domestic clandestine programs like Prism and Xkeyscore, as well as global surveillance programs such as Tempora, Muscular, Stateroom, and others, it could be presumed that metadata—or Big Data—could be misused, especially considering that they are covertly run on innocent, unknowing people, and not just to catch a terrorist.
What does it mean to you? Ultimately, transparency is crucial for trust. If someone enters a purchase, their information and credentials (i.e. debit card and pin data) are collected in order to complete the transaction, and the customer expects the bank to hold their information securely. This also applies to sensitive information and associated metadata used by the healthcare industry, schools, and government bodies where data is expected to be held anonymously. While the NSA moderately collects data for good purposes, it could also hypothetically be used to arbitrarily frame an innocent citizen, and it's a situation that no one should have to deal with.
Finding, Securing, and Maintaining the Balance
The creation of backdoors in technology to subvert security via phone metadata gathering, and the vacuuming of communication on the Internet basically scales issues of privacy. According to cryptographer and computer security and privacy specialist Bruce Schneier, “Liberty requires security without intrusion, security plus privacy.” The concept of protecting or maintaining someone's privacy is not about having “nothing to hide”, but rather preserving an individual's personal autonomy as a user, as a resident of the Internet. The debate is not about national security versus privacy, but liberty versus control.
While everyone should care about the importance of national security, at the same time, your privacy as a user should not be compromised. That's why you should probably care.
When you go on the Internet, you inevitably leave your digital thumbprint, even just by searching or clicking on ads, links, or posts. While you cannot completely disconnect from your digital life, there’s still something you can do to protect what is yours. Something as simple as reading your End User License Agreement (EULA) could safeguard your privacy. You can communicate securely by using encryption. Properly implemented cryptosystems are one of the few things you can rely on for safe communication. Anything that doesn’t allow you to make an informed decision is not a good security or privacy practice, and being reckless about your online habits could not only negatively affect you alone, but the people you care about as well.
The USA Freedom Act is expected to strike a better balance between personal liberties and government protection. If, or when, it passes, it will then be your turn to maintain the equilibrium by applying good security and privacy practices on your own domain.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases