9 June 2015

New Revelations About Secret NSA and FBI Counter-Hacker Operations Raise Serious Legal and Privacy Concerns

June 7, 2015

The scope and sophistication of recent cyberattacks on American government, business and personal accounts are chilling. The latest, a breach of federal personnel records that could affect more than four million current and former employees, is a reminder that enhancing the nation’s cyberdefenses has to be an urgent priority.

Yet, in tailoring new programs and policies to fight hackers, members of Congress and the Obama administration should not allow a siege mentality to take hold.

The disclosures by Edward Snowden about the abuses of the National Security Agency have led to important reforms that have sought to prevent the government from collecting information about Americans in unlawful ways and to strengthen privacy safeguards. But that process still has a long way to go, and it would be unwise to let the rising threat of cyberattacks snarl it or roll it back.

This week, The New York Times and ProPublica, relying on documents leaked by Mr. Snowden, reported that the N.S.A. and the F.B.I. have cooperated closely on cyberthreat investigations in recent years.

The partnership, which has eroded a firewall that once kept criminal and intelligence probes separate, raises serious privacy concerns. As the N.S.A. sweeps up information from suspected hackers abroad under the authority ofSection 702 of the Foreign Intelligence Surveillance Act, it may be gathering large amounts of data about American citizens. Currently, such data, which could include copies of stolen emails and financial records, can be stored in databases. Law enforcement personnel may query it to build criminal cases against Americans that are unrelated to tracking down hackers.

Representative Ted Poe, a Texas Republican and former judge, has been among the outspoken critics of the practice, known as “backdoor searches,” which he sees as a breach of constitutional protections against unreasonable searches. “The line is very muddy,” Mr. Poe said, referring to the collaboration between the F.B.I. and the N.S.A. “I’m very suspicious about how they work together on issues that cross the line.”

Cooperation between the N.S.A. and law enforcement agencies should not be inherently suspect, and will no doubt be crucial to enhancing protections against cyberattacks. It must, however, be done in a manner that is clearly lawful and that safeguards the privacy and civil liberties of American citizens.

The powers granted to intelligence agencies under Section 702, which were billed primarily as terrorism-fighting tools, expire in December 2017. Lawmakers should not wait until then to demand a fuller and clearer accounting of how the government has interpreted those authorities. It remains unclear, for instance, just how much information about Americans the N.S.A. sweeps up in the course of cyberinvestigations and later makes available to other government agencies. Also unclear is how routinely that data is searched by law enforcement personnel, and under what guidelines.

Experience has shown that Americans cannot count on intelligence agencies to be judicious, or the Obama administration to be forthcoming, so lawmakers should create tighter rules that ensure that intelligence programs have the robust privacy and civil liberty safeguards that the law and the Constitution require.

A cybersecurity bill currently before lawmakers, which sets ground rules for cooperation between the government and the private sector, may be an appropriate vehicle for that debate. Alternatively, reforms to Section 702 could be made in appropriations bills.

While the recent changes to the Patriot Act were insufficient, it is encouraging, at least, that more members of Congress from both parties have begun championing privacy in debates about national security. “It wasn’t really something Congress was engaged in in a bipartisan way,” Mr. Poe said.

No comments: