Graphic by Cat Zakrzewski / Medill
WASHINGTON — Three weeks after President Barack Obama called for the private sector to maintain the vast data collections used by the National Security Agency for surveillance, members of the House Judiciary Committee Tuesday worried about the ability of third parties to keep that data secure in light of recent personal data breaches at Target and Yahoo.
The committee convened Tuesday to review proposed reforms the Foreign Intelligence Surveillance Act, which allows government agencies to use electronic surveillance to collect data without a traditional warrant.
The government’s surveillance programs came under fire in June when Edward Snowden, a former NSA contractor, released classified documents through The Washington Post and Britain’s Guardian newspaper that revealed the U.S. collected telephone metadata of Americans as part of efforts to uncover threats from foreign governments and citizens.
In the fallout of Snowden’s revelations, Obama called for an end to the controversial 215 provision that allows the government to collect and store telephone bulk metadata without telling those whose information is being collected. However, he called for a “mechanism” that would allow the government to continue to collect this data and not store it.
Obama did not specify what that mechanism would be, although he suggested the metadata could be stored by the phone companies or an independent third party and ordered Attorney General Eric Holder to find a solution.
House members suggested that using phone companies or independent third parties to collect and store telephone metadata could be problematic. Companies may not have the infrastructure in place to protect this data.
During the Christmas shopping season, identity information of up to 70 million Target shoppers was stolen as well as the debit or credit card information of 40 million shoppers. Yahoo reported Thursday that hackers had attempted to gain access to Yahoo Mail accounts using usernames and passwords leaked from a third-party website.
“Transferring storage to private companies could raise more privacy concerns than it solves,” said committee chairman Rep. Bob Goodlatte, R-Va., “We need look no further than last month’s Target breach or last week’s Yahoo breach to know that private information held by private companies is susceptible to cyber attacks.”
Peter Swire, who served on the President’s Review Group on Intelligence and Communications Technology, said leaks were a concern whether a third party or the government stored the metadata. He said the U.S. government is also susceptible to breaches, referring to Snowden’s leaks of NSA documents.
“We’re not comparing perfect with perfect,” he said.
Rep. Jim Sensenbrenner, a lead author of the Patriot Act, called the revelations Snowden made about the government’s surveillance practices “a shock.” He said if Congress does not act now to reform government surveillance practices, “the intelligence community will end up getting nothing.”
The surveillance provision under 215 is slated to expire in June 2015. Sensenbrenner called for support from the Department of Justice for a bill he authored called the Freedom Act. It would end bulk data collection and create an Office of the Special Advocate to protect privacy rights in the court’s closed proceedings and with the authority to appeal FISA court decisions. The bill also calls for more transparency from the government in disclosing the total numbers of individuals and U.S. persons subjected to FISA orders.
“The clock, sir, is ticking,” Sensenbrenner said. “It’s going to be addressed in this year even though it’s an election year.”
When asked if the Justice Department would support the bill, Deputy Attorney General James Cole said the agency has not yet taken a position on the proposal.
