September 19, 2021

Volume XI, Number 262


September 17, 2021

Subscribe to Latest Legal News and Analysis

September 16, 2021

Subscribe to Latest Legal News and Analysis

New Version of USA Freedom Act Introduced

Senate Judiciary Chairman Patrick J. Leahy introduced a new version of the Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act of 2014 (the “USA FREEDOM Act” or “Act”) in the Senate on Tuesday, more than two months House of Representatives passed aversion of the bill that omitted several reforms sought by privacy advocates.

Leahy, a co-author of the original bill, said the updated legislation has the support of the Obama Administration.  The Reform Government Surveillance coalition of technology companies, the American Civil Liberties Union, and the Electronic Frontier Foundation also support the new version, according to a statement by Leahy’s office.  The measure has 13 co-sponsors in the Senate, including Senators Ted Cruz (R-Texas), Mike Lee (R-Utah), Al Franken (D-Minn.) and Tom Udall (D-N.M.).

The proposed Act would effectively ban bulk collection of phone records by circumscribing the scope and application of the so-called “business records” provision of the Foreign Intelligence Surveillance Act (also known as Section 215 of the USA PATRIOT Act).  It makes clear that the government may not collect all information relating to a particular service provider or to a broad geographic region, such as a city, zip code or area code.

The new legislation also would allow technology companies to report the number of surveillance requests they receive in narrower ranges than currently allowed.  Under an agreement with the government, companies can currently report the total number of national security process they receive in a six-month period, including National Security Letters (“NSLs”) and FISA Court orders and directives, as a single number in bands of 250, or separately report NSLs and FISA Court orders and directives in bands of 1,000.  In addition to those two options, the new legislation would allow providers to issue: (1) semi-annual reports that separately report the number of NSLs received, in bands of 500, and the number of FISA orders for content and non-content, in bands of 500, or (2) annual reports that include the total number of all processes received, including both NSLs and FISA orders and directives, in bands of 100.  In addition, the legislation maintains a six-month delay for reporting FISA-related process requests, but reduces ¾ from two years to 18 months ¾ the timing for reporting when a company receives the first process request for data on a platform, product or service for which no previous FISA-related order or directive has been received. 

The Senate legislation also appears to allow technology companies that have not received any such surveillance orders to report that they have not received surveillance requests, a point on which privacy advocates said the House legislation was unclear.  The Senate measure’s reporting provisions apply only to persons “subject to a nondisclosure requirement” accompanying a FISA order, directive, or NSL.   

The proposed Act also requires the government to report the number of individuals whose information is collected under various surveillance authorities, and the number of those individuals who were likely Americans.  The House version focused largely on the number of orders issued, not the number of individuals affected by those orders.

Finally, the Senate legislation would authorize the appointment of “special advocates” to appear as Amicus Curiae before the Foreign Intelligence Surveillance Court.  Such advocates are tasked with “advocat[ing], as appropriate, in support of legal interpretations that advance individual privacy and civil liberties.”   Advocates would also have access to certain briefings and background materials.  That is a change from the House version of the legislation, which allows for the appointment of Amicus Curiae but does not include any specific mandate for them to protect civil liberties, nor guarantee them access to relevant materials. 

Still, some supporters of surveillance reform have said the measure does not go far enough. Senators Ron Wyden and Mark Udall said in a joint statement that the legislation “lacks important provisions that reformers have proposed.”  They pointed to the so-called “backdoor search” loophole, which allows the National Security Agency to conduct searches within the information it collects under the FISA Amendments Act without obtaining a warrant, as one example. While Wyden and Udall said the legislation is a “vast improvement” over the version that passed the House, they pledged to “further strengthen the bill’s privacy protections.”

The August congressional recess is looming, and Congress is expected to recess in September for the mid-term elections with uncertainty surrounding the length of any post-election lame duck session.  Thus, the time for the Senate to vote on the measure before the end of the year is limited.  Aware of the calendar, reform advocates are making a strong push to bring the bill up.  A coalition of 21 organizations on Tuesday asked Congressional leaders to bring the measure to a floor vote without any changes, calling it a “carefully crafted compromise.”  However, while the Senate may be able to bring the measure to a vote, the legislative calendar will make enacting the reforms difficult, especially as the House-passed bill is very different and the House was not a party to the negotiations that produced the new proposal.  Even if the bill is not enacted this year, the impending expiration of some of the USA PATRIOT Act authorities in 2015, including Section 215, means the issue will be teed up early next year if Congress fails to enact legislation this year.

© 2021 Covington & Burling LLPNational Law Review, Volume IV, Number 211

About this Author

David Fagan, Data privacy attorney, Covington

David Fagan co-chairs the firm’s top ranked practice on cross-border investment and national security matters, including reviews conducted by the Committee on Foreign Investment in the United States (CFIUS), and also leads the firm’s cyber and data security incident response practice. Mr. Fagan is rated by Chambers USA and Chambers Global for his leading expertise in CFIUS matters and privacy and data security, and was named as a ...

Richard Hertling, Covington, public policy lawyer
Of Counsel

Richard Hertling provides regulatory and legislative advice and guidance and lobbying to a diverse set of clients in a range of industries. He joined the firm after more than 27 years of federal government service that included senior positions in both Houses of Congress and the Justice Department, during which he was respected for developing strategic and tactical approaches to advance legislation. He brings those same skills to bear for clients with complex policy challenges.

While holding senior positions on Capitol Hill and at the Department of Justice, Mr....

Katharine Goodloe, litigation attorney, Covington

Kate Goodloe helps clients navigate a broad range of privacy, cybersecurity, technology and communications issues.

Ms. Goodloe represents clients in privacy-related litigation, enforcement actions, and government investigations, in addition to proactively counseling clients on regulatory and compliance issues. Ms. Goodloe has particular experience advising technology clients on laws regulating the collection, use, and sharing of data, including electronic surveillance laws, and in litigating these issues. Prior to becoming a lawyer, Ms. Goodloe worked as a...