Slashdot Mirror

← Back to Stories (view on slashdot.org)

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

Posted by timothy on from the stinkin'-badges-apparently-suffice dept.

Prune writes Congress has quietly passed an Intelligence Authorization Bill that includes warrantless forfeiture of private communications to local law enforcement. Representative Justin Amash unsuccessfully attempted a late bid to oppose the bill, which passed 325-100. According to Amash, the bill "grants the executive branch virtually unlimited access to the communications of every American." According to the article, a provision in the bill allows “the acquisition, retention, and dissemination” of Americans’ communications without a court order or subpoena. That type of collection is currently allowed under an executive order that dates back to former President Reagan, but the new stamp of approval from Congress was troubling, Amash said. Limits on the government’s ability to retain information in the provision did not satisfy the Michigan Republican."

14 of 379 comments (clear)

  1. Re:Over to you, SCOTUS by Anonymous Coward · · Score: 3, Informative

    The same SCOTUS that just said your employer can order you to do 25 minutes of security checks without compensation? The copyright extension SCOTUS? The fascism rubber-stampers in black robes? Good-luck.

  2. Congressman Amash’s letter sent to Colleague by Anonymous Coward · · Score: 5, Informative

    Dear Colleague:

    The intelligence reauthorization bill, which the House will vote on today, contains a troubling new provision that for the first time statutorily authorizes spying on U.S. citizens without legal process.

    Last night, the Senate passed an amended version of the intelligence reauthorization bill with a new Sec. 309—one the House never has considered. Sec. 309 authorizes “the acquisition, retention, and dissemination” of nonpublic communications, including those to and from U.S. persons. The section contemplates that those private communications of Americans, obtained without a court order, may be transferred to domestic law enforcement for criminal investigations.

    To be clear, Sec. 309 provides the first statutory authority for the acquisition, retention, and dissemination of U.S. persons’ private communications obtained without legal process such as a court order or a subpoena. The administration currently may conduct such surveillance under a claim of executive authority, such as E.O. 12333. However, Congress never has approved of using executive authority in that way to capture and use Americans’ private telephone records, electronic communications, or cloud data.

    Supporters of Sec. 309 claim that the provision actually reins in the executive branch’s power to retain Americans’ private communications. It is true that Sec. 309 includes exceedingly weak limits on the executive’s retention of Americans’ communications. With many exceptions, the provision requires the executive to dispose of Americans’ communications within five years of acquiring them—although, as HPSCI admits, the executive branch already follows procedures along these lines.

    In exchange for the data retention requirements that the executive already follows, Sec. 309 provides a novel statutory basis for the executive branch’s capture and use of Americans’ private communications. The Senate inserted the provision into the intelligence reauthorization bill late last night. That is no way for Congress to address the sensitive, private information of our constituents—especially when we are asked to expand our government’s surveillance powers.

    I urge you to join me in voting “no” on H.R. 4681, the intelligence reauthorization bill, when it comes before the House today. /s/

    Justin Amash
    Member of Congress

  3. That's not how it works by Sycraft-fu · · Score: 4, Informative

    The court can't just jump up and say "We don't like that, it goes out." They have to follow procedure which means a challenge has to appear in front of them. That challenge can also only be brought by someone with standing, meaning that this law had a negative impact on you somehow.

    That's one of the reasons the government loves the secret gathering so much, makes it harder for it to get challenged. If you can't show this harmed you, then you can't fight it in court.

    So someone has to be impacted by this, challenge it, and it has to be appealed up to the SC. Then and only then do they rule on it.

  4. Re:PRIVATE encryption of everything just became... by Matt.Battey · · Score: 2, Informative

    Don't forget it is the NSA who approves what type of encryption are legal for citizens to own. In the case of AES relies solely that combining 256 random bits with 256 non random bits, sufficiently, is too difficult to decipher except for the most powerful computer systems.

  5. Re:PRIVATE encryption of everything just became... by Karmashock · · Score: 4, Informative

    They can't practically stop people from using any kind of encryption. Once the encryption procredure is handled entirely client side, how would you even know if the data was encrypted to spec unless you tried to decrypt it? And that's an awkward thing to admit to people that are assuming your service doesn't even try to do that.

    Really, the whole NSA mission against general data has a big expiration date hanging on it. The cloud concept is obviously dead in the water in the long term unless the encryption keys and engine is kept client side. And are the terrorists of the future really going to be sending their terrorist plots over email and conventional cell phone calls? I can think of hundreds of ways to send information of an extremely criminal and national security relevant nature... completely anonymously... forever.

    The only reason they're getting anything now is because our enemies are computer illiterate. That is like relying on your enemy being literally illiterate... forever. It isn't going to happen.

    The whole thing is a giant waste of time and money. IF they had half a clue, they'd do their best to convince everyone that they're not actually going to wire tap everyone secretly. I know they say that all the time but they're not very convincing at it are they? Exactly. To be convincing, they need to be subtle. Which means the giant data centers and big laws flowing through congress are the opposite of what they should be doing IF they had a clue.

    But they quite clearly don't have a clue so they're just going to spend billions of tax payer dollars to accomplish jack shit. As usual.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
  6. Re: PRIVATE encryption of everything just became.. by Karmashock · · Score: 4, Informative

    Good thing geeks are responsible for building the entire information backbone.

    Look, decoding things client side isn't expensive. It isn't a big deal. All you have to do is retrain a copy of the decryption engine and key client side. Which means if you're running a large company network that hosts all company files on data centers in the "cloud" then all the IT guy has to do is maintain ONE tiny server client side that serves those two things to the clients. Which they download as part of their login script... etc etc etc.

    It isn't hard. And when that is in place... assuming the NSA has total control over the data center that is the cloud... what exactly do they have? Jack and shit.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
  7. Re:PRIVATE encryption of everything just became... by AaronLS · · Score: 3, Informative

    Not disagreeing with you, but want to clear up what it means to make cloud storage, or any type of server storage, secure and inaccesible from court orders:

    In the case of dropbox, data is stored encrypted, but the server software holds the encryption keys so it can serve the data to clients unencrypted. This means subpeanas and other legal/law enforcement actions can access the data by going to the server operators, who likely will not challenge the order.

    If you instead encrypt the data client side before you send it to the server, then everyone who accesses the data must also have the key.
    What if you want to revoke access for one person? You have to download the data client side, decrypt/re-encrypt with a new key, reupload, provide key to remaining sharers. So this technique only really works for data that you do not share, i.e. just your personal stuff, and is essentially what people do now when they encrypt data before uploading it to dropbox.

    Asymmetric techniques don't really apply here unless you're only sharing with one party. You combined your private key and their public key to encrypt the data, then only they can decrypt it. This does not work when dealing with 3 or more parties, unless some are going to share the same key for one side of the asymmetric encryption, in which case you're back to the same problem we had with sharing a symmetric key.

  8. Re:PRIVATE encryption of everything just became... by mi · · Score: 4, Informative

    Don't forget it is the NSA who approves what type of encryption are legal for citizens to own.

    There is no illegal encryption — not in the US. You can use anything you can get your hands on.

    Now, getting your hands on something, the NSA can't break, may be difficult — because they have sabotaged efforts to develop strong crypto. But not because it is illegal.

    That said, the existing freely available software — including OpenSSL — can be used properly to defeat would-be spooks. We know this — and the observation is confirmed by occasional stories on how the government leans on companies to reveal the private keys. If they could break the encryption itself, they wouldn't be demanding keys...

    --
    In Soviet Washington the swamp drains you.
  9. Re:Ok Justin by wiredlogic · · Score: 3, Informative

    and the law enforcement agencies that report to it already had this power.

    The summary is wrong. The unlimited, open-ended collection powers enacted by EO12333 only apply to government employees and employees of contractors subject to background investigation for national security reasons.

    --
    I am becoming gerund, destroyer of verbs.
  10. Glad to see this pushed through by hackshack · · Score: 5, Informative

    So they can't settle on a decent healthcare system for us, but when it comes to spying on us... push it right through!

    --
    Wrists killing you? Not in 2 weeks. Learn Dvorak.
  11. Re:Over to you, SCOTUS by mythosaz · · Score: 4, Informative

    Vote was reasonably even across party lines.
    https://www.govtrack.us/congre...

    71% of (D) voted for it.
    80% or (R) voted for it.

    9 congresscritters didn't vote, split 5(D), 4(R).

  12. Who voted "YEA" to this crap? by MinamataHG · · Score: 4, Informative

    https://www.govtrack.us/congre...

    If your congressman voted YEA and you don't agree, write to him/her.
    They are representing you.

  13. Re: PRIVATE encryption of everything just became.. by currently_awake · · Score: 3, Informative

    A law giving the NSA authority to intercept all communications means that your corporate crypto server will be copied, giving them all your keys so they can decrypt everything. If you want security it must be done entirely at the client side, with only the client having the keys. Any central crypto means they get everything. Also you should assume Microsoft and Google are working for the NSA, so they can patch your OS to copy your client side keys to the NSA if required.

  14. Re: PRIVATE encryption of everything just became.. by Karmashock · · Score: 3, Informative

    You missed everything I said about keeping the keys and decryption engine private... didn't you? Read that again and then comment please... you'll sound less stupid.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.