Last week the United States House of Representatives passed H.R. 3361, a bill aimed at reining in the mass collection of telephone and financial records by the federal government and increasing the transparency of the courts operating under the Foreign Intelligence Surveillance Act of 1978 (FISA), commonly known as FISA Courts. The bill passed by a vote of 303-121, receiving support from a majority in both the Democratic and Republican parties. It will now go before the Senate for consideration, where many political observers expect it to pass.
H.R. 3361 requires the use of a “specific selection term” when an agency seeks to access phone or financial records and when selecting a line or facility for the installation of a pen register or a trap and trace device. A “specific selection term” is defined as “a term used to uniquely describe a person, entity, or account.” The aim is to allow only the targeted collection of metadata and to prevent the bulk collection that has garnered international ire.
The bill takes a number of steps to increase the transparency of the FISA Courts. It requires the Inspector General of the Department of Justice to perform an audit on the use of FISA authority between 2012 and 2014 to obtain phone records. This includes an examination of whether or not the procedures in place properly protected rights of U.S. citizens. The Inspector General of the Intelligence Community is directed to engage in a similar audit of the same period. The Attorney General is required to review whether past FISA Court decisions, orders, and opinions that contain significant precedents or constructions can be declassified.
Of particular interest to business community will be the provisions relating to publically reporting the number of FISA orders and national security letters with which an entity has had to comply. The bill specifies the categories of orders and letters to be itemized in a report, specifies details that can be included, and lists the ranges of numbers of orders or letters that can be reported. Specific numbers of orders and letters complied with cannot be published.
In the wake of the revelations by Edward Snowden, telecom providers and tech firms came under fire for complying with FISA Court orders and national security letters. In an effort to be transparent with their customers, many of these companies attempted to publish data on how many orders they received, but faced uncertainty on what information they could disseminate. The reporting requirements outlined in H.R. 3361 will provide some clarity, but will likely do little to allay the concerns of privacy advocates.