Senate Intelligence Committee chair Dianne Feinstein (D-Calif.) said Thursday that she wanted to find a way to get the USA FREEDOM Act (H.R. 3361) passed, though she would prefer that the government retain the responsibility for storing and analyzing data rather than telecom companies.
Feinstein (pictured) introduced her own legislation on the issue, but said in the interests of time and getting a bill passed she wanted stakeholders to come together to find common ground on the House-passed bill.
That came in an unusual open hearing for the subcommittee to vet the legislation, held on the one-year anniversary of The Guardian newspaper's publication of the first story based on information on NSA data collection leaked by Edward Snowden, which is what has prompted changes to the government data collection regime.
The House on May 22 passed the bill, which was supported by the President. It would further restrict the data collected from communications companies by the NSA and other intelligence agencies, as well as boost transparency and reporting requirements for targeted data requests, require more specificity in those requests, and minimize retention and dissemination of nonpublic data.
Rather than have the government sweep and store the data, agencies would make specific requests for data the telecoms already store as part of their business. The bill has no mandated retention period, which Feinstein feared could be the law's undoing.
The President announced his own modifications to the data collection regime last March in the wake of revelations related to the NSA leaks.
Both the witnesses and the legislators were divided over the necessity and efficacy of the bill, and it was not a political divide. The Administration supports the bill, but many Democratic senators were not on the same side, instead echoing Republican concerns.
Feinstein said she thought privacy rights were better served by government supervised data retention accessed by only a handful of people, than by hundreds of people at numerous telecoms.
Sen. Jay Rockefeller (D-W.-Va.) said it seemed to him that the bill was doing something unnecessary and unpredictable that might make the public feel better, but was not good for national security.
Witness James Cole, deputy attorney general with the Department of Justice, conceded the move away from bulk data collection was not because that was illegal or being abused, but to give the public assurance that their privacy was being protected.
Rockefeller also clearly much preferred having the government continue to store the data, where only some 22 people can access it and where there is oversight and auditing, rather than turn it over to private companies, who had no mechanism in place, and that he said did not want to do it, no matter what they said.
Sen. Saxby Chambliss (R-Ga.), said the act appeared to fix a lot of things that aren't broken, and suggested the law would make the country less safe. He said that if the act had been in effect back when intelligence agencies used information to thwart the New York subway bombing, there would have instead been a big explosion.
He echoed Rockefeller and Feinstein in preferring the current government oversight rather than the act's move of storage to telecoms. He pointed to the current oversight mechanisms and small number of people who can access the data. He said he knows his own data was in the government hands along with everyone else's. "I am not worried because I don't talk to terrorists," he said.
Under the act, he said, that government storage is replaced with an untested process with more people handling that data.
Michael Woods, VP and assistant general counsel for Verizon, suggested the bill would not change that much. He pointed out that telecoms already have plenty of targeted requests through subpoenas from law enforcement and that the difference would be that government was not independently retaining data. But he also conceded that without a retention mandate, they would not retain any of that data longer than was necessary for business purposes. The FCC requires an 18-month retention of customer billing info, but Woods said that was increasingly not including phone numbers, so that data might not be available even 18 months.
Feinstein said she thought there would need to be a retention mandate, but then also said that would probably draw a lawsuit from someone. At which point she again echoed the theme that, for the sake of the country, everybody needed to find common ground on a passable bill, one that balanced privacy with the needs of intelligence gathering. She said that everybody wanted to do away with collection until a plane blows up or hits some buildings. She said the only way to disrupt real and growing threats, like ink cartridge bombs at the Dubai airport headed for the U.S., is through intelligence.
The lack of a retention mandate, suggested various senators, was a big problem with the bill, as was the definition of "specific selection terms" the government would have to provide for its targeted requests of telecoms. Some argued that definition was too vague and would allow the government to continue to collect too much information, other said it would not allow the government to collect enough.
Cole said the Administration was OK with the definition, and that the bill effectively balances privacy and intelligence gathering, but said the Administration would work with the senators to clarify language if necessary.
Feinstein urged stakeholders, witnesses and others to offer up their suggested fixes, preferably in bill-ready language, to try and get a bill passed.