Barring an extraordinary act of bipartisanship from Congress, several controversial provisions of the Patriot Act are set to expire today at midnight. Congress now has little time and only a few remaining options to preserve aspects of the law that administration officials deem important to preventing terrorism. However, critics of the law argue that these provisions are a mark of significant infringement upon civil liberties and may not even help law enforcement in the first place.

The three components of the Patriot Act that are set to expire are the “lone-wolf” amendment, the authority to place roving wiretaps, and the controversial Section 215. The “lone-wolf” amendment–which is actually part of the Foreign Intelligence Surveillance Act (FISA), but is set to expire along with the Patriot Act provisions–allows the government to monitor the activities of individuals who are suspected of international terrorism, but have no known connection to terrorist organizations. It is important to note that this amendment is explicitly directed toward people who are not U.S. citizens. The so-called roving wiretap section of the Patriot Act allows law enforcement to transfer wiretap orders to different phones and devices being used by the same person. Wiretaps must first be approved by a court, but are no longer limited to individual devices if terrorism is suspected. Section 215 of the Patriot Act allows law enforcement to access business records in terrorism cases, but is better known as the legal justification for the collection of millions of Americans’ phone records.

When the Patriot Act initially became law in 2001, it received overwhelming support in Congress. The bill, which incorporated components of another piece of legislation proposed earlier that month, was introduced on October 23 and passed both houses of Congress the very next day. In the House the vote was 357 to 66 and in the Senate it was 98 to 1. Since then, the sun-setting provisions of the bill have been reauthorized on three separate occasions, but in light of the revelations leaked by Edward Snowden in Summer of 2013, this year’s authorization has proven much more challenging for Congress.

In response to growing concern about the NSA’s bulk data collection programs, the House recently passed the USA Freedom Act, a compromise that seeks to maintain the tools available to law enforcement agencies while also providing additional safeguards for civil liberties. The bill would effectively end the collection of phone call metadata by the government, leaving it to the phone companies to compile and then provide to law enforcement provided that they have a warrant. Although the government would be able to access the same data, the new bill would put a clear process in place where a warrant is required to access only the information requested. While this new bill would mark a significant step in reforming data collection under Section 215, it would extend the Patriot Act, leaving the other controversial provisions in place. Additionally, the USA Freedom Act, would increase the maximum prison sentence for providing “material support” to terrorist organizations from 15 years to 20. Human Rights Watch and other opponents of the bill argue that the “material support penalty” is already too broadly used and expanding it will only increase the potential for abuse.

While the new USA Freedom Act passed the House with a wide margin and the support of several privacy and civil liberties organizations, it faces a major hurdle in the Senate. Senate Majority Leader Mitch McConnell is facing criticism for his handling of the Patriot Act renewal process. He first encouraged Republican legislators to support the Patriot Act and the associated NSA data collection program, calling for an outright extension of the law; however multiple attempts to do so have failed.

The Senate must now decide if it wants to allow the Patriot Act provisions to expire on Sunday night, or reach some sort of compromise on the USA Freedom Act, a potential embarrassment for McConnell. The Senate is set to convene Sunday night before the provisions expire in an attempt to make a last-minute deal, yet the House will likely remain on their Memorial Day recess until Monday. If the provisions expire, re-instituting the law enforcement capabilities would require an additional piece of legislation and not simply a re-authorization vote, something that could prove to be very challenging politically.

A wide range of opponents to the NSA’s bulk data collection program has recently emerged. The program took a major blow earlier this month when a federal appeals court ruled that the bulk collection of phone records violates the Patriot Act itself. Last week, Republican Senator Rand Paul protested the program in a so-called filibuster that lasted over ten hours. Paul called for further debate on the controversial provisions in the Patriot Act and demanded an end to bulk data collection. Paul, along with Democratic Senator Ron Wyden, is calling for a debate and open amendment process for the USA Freedom Act in the Senate, which both hope to add stronger protections for civil liberties. However, the addition of such protections may make the bill unpalatable for representatives in the House. A desire to reform the NSA program now exists in all three branches of government and may now be sweeping the internet. As many as 10,000 websites have joined the movement to “blackout Congress,” which will redirect computers with Congressional IP addresses to a page showing semi-nude pictures of people who claim, “NSA spying makes us feel violated.”

Kevin Rizzo

Kevin Rizzo is the Crime in America Editor at Law Street Media. An Ohio Native, the George Washington University graduate is a founding member of the company. Contact Kevin at krizzo@LawStreetMedia.com.

The post Will NSA Data Collection End Tonight? appeared first on Law Street.

It’s been a week since the last Lavabit court documents were filed and here I am, still trying to make sense of the whole charade. When I first heard of the case, I wondered how it is possible that law enforcement agents can rummage around unchecked, even when their investigations bring them past the proverbial doorsteps of regular people.

Such was the case this past June when the FBI demanded the “master keys” to secure-email provider Lavabit’s servers. The order was part of an investigation into the Internet correspondence of Edward Snowden: one of Lavabit’s customers.

“But wait,” you say, “doesn’t a ‘master key’ mean that they could then monitor data on all of Lavabit’s customers? Even the ones that hadn’t done anything wrong?” To which I respond, “Elementary, dear Watson.”

So in light of this fact, the obvious question is then: does secure email even exist?

End-to-end security: the key is having more than one.

In a conversation with Johns Hopkins University cryptography professor Matthew Green, Green said that the answer is yes. It does exist. But according to him, the name of the game is “end-to-end” security. In short, end-to-end security is a type of program where data is encrypted locally on a user’s device before it’s sent through the server to a recipient. The recipient then uses his or her own password to decrypt the message. This bars even the provider from being able to untangle the data in a way that’s readable.

Green, who has written about the subject in The New Yorker, says that the way the company’s servers revolved around SSL decryption, or essentially one set of master keys, was “the real problem with Lavabit.”

“The mail that came in was not encrypted using your password,” he said. “It was encrypted using SSL. And so anyone who got that SSL could be able to read all the data. And so it wasn’t a very good design from that perspective.”

But end-to-end security is not exactly a perfect science either. More geared toward text messaging and phone communications, there are only a few programs that use end-to end security technology with email. They usually come in the form of add-ons such as Pretty Good Privacy or Privacy Guard, where senders and recipients must use the same service.

However, Green says that at encryption software company Silent Circle, programmers are working to change that. In late Oct., the company announced that, with the help of Lavabit founder Ladar Levison, they would develop a new product called Dark Mail that integrates end-to-end protection with their email service.

Wait on technology. Not on Washington.

In a blizzard of political headway that some are now calling “the Snowden effect,” many lawmakers have announced their efforts to rally behind surveillance reform. One such effort is the USA FREEDOM ACT, a bill that has, since its introduction in late Oct., picked up 102 cosponsors from both parties. The bill calls for heightened regulation on surveillance activities, such as pen/trap procedures like the one that spelled doom for Lavabit’s a few months ago.

But Green says that it’s not enough, “forget about the government. Just imagine that the only people after you are criminals. You’re not going to be able to rely on laws to protect you from that kind of person.”

Furthermore, where the bill now sits in a congressional committee might just be its final resting place.

“I would love to see some kind of legal solution to all of this surveillance but I’m not sure that we [will] get something that we can really rely on. Ways that you can protect yourself and add privacy is to do it yourself and to do it through technology rather than hoping that the laws are going to be changed.”

However, that’s not to say that Green opposes the bill.

“I haven’t really looked at the legislation… but it sounds like a good idea,” he said.

—

Featured image courtesy of [twitter.com/mattwi1s0n via Flickr]

Jimmy Hoover

Jimmy Hoover is a graduate of the University of Maryland College Park and formerly an intern at Law Street Media. Contact Jimmy at staff@LawStreetMedia.com.

The post Secure Email, a Myth? appeared first on Law Street.