On June 2, 2015, after a Senate cliffhanger that featured a lengthy filibuster by Rand Paul and a resounding defeat for Senate Majority Leader Mitch McConnell, Congress enacted the USA Freedom Act. The act, whose name echoes the USA Patriot Act, does not exactly mark the restoration of freedom. But it is the first time Congress has limited intelligence powers since the terrorist attacks of September 11, 2001. The act ended, at least partially, the National Security Agency’s collection in bulk of nearly every American’s phone records. It requires the government to limit its demands for phone data and other business records to those related to specific “selectors” (for example, names, phone numbers, or addresses) suspected of terrorism.
The act also improved the Foreign Intelligence Surveillance Act court process, by requiring the appointment of lawyers with security clearances to argue for privacy in the court’s closed-door sessions, until now attended only by the government. And it increased transparency, requiring the government to report on the frequency of its demands for records, and allowing businesses to report how many times they have been approached for records. These are significant victories for privacy.
But consider what the USA Freedom Act didn’t do. It didn’t address the NSA’s practices of collecting enormous amounts of personal data on and communications of foreigners overseas, even when they are communicating with Americans. It said nothing about the NSA hacking into overseas Internet trunk lines to vacuum up indiscriminately data on millions of users, including Americans. It didn’t stop the NSA from inserting vulnerabilities into computer networks and encryption systems so that the agency can more easily conduct surveillance.
Nor did the USA Freedom Act address the increasingly common practice of police obtaining “location data” about citizens from cell phone and Internet service providers that maintain detailed records of everywhere your cell phone goes. It did not change a 1986 law that allows the government to obtain, without probable cause or a warrant, the contents of any e-mail you or your recipient have saved for more than 180 days. It did nothing to check the powers of Google, Facebook, website owners, and Internet service providers to collect, analyze, and sell data about your most private thoughts, desires, associations, and communications. And it was silent on the issue of cybersecurity, notwithstanding the increasingly common data breaches that leave all of us vulnerable to fraud, theft, and worse.
Congress also did not tackle one of Rand Paul’s other principal concerns about new technology—the use of unmanned aerial vehicles, or drones, for targeted killing. The last time Senator Paul conducted a marathon filibuster, it was about the possibility that the government might use a drone to kill a US citizen on US soil. Eventually, Attorney General Eric Holder assured the public that the Obama administration does…
This is exclusive content for subscribers only.
Try two months of unlimited access to The New York Review for just $1 a month.
Continue reading this article, and thousands more from our complete 55+ year archive, for the low introductory rate of just $1 a month.