2015 was a mixed bag for digital privacy advocates on Capitol Hill.
Civil libertarians took one step forward this summer, reforming the National Security Agency (NSA) in the first major rollback of U.S. surveillance powers in a generation.
“It’s an ongoing battle and this is a major step backwards from the progress we’ve been making,” Rep. Jared Polis (D-Colo.), a leading privacy voice on Capitol Hill, told The Hill shortly after the spending bill passed.
The two bills, pushing in different directions, are emblematic of 2015 in general. Privacy activists, who have seen swathes of the public grow skeptical of intelligence agencies’ broad spying powers, have been unable to score the kind of wide-ranging and irreversible changes that they seek.
“We’ve ended the NSA bulk collection. I consider that to be a win,” Rep. Blake FarentholdBlake FarentholdGOP rips into Lynch, who refuses to discuss details in Clinton case Overnight Cybersecurity: Hacker leaks apparent DNC strategy guide SPEAK FREE Act would silence civil rights and public interest litigants MORE (R-Texas), are prominent voice on civil liberties issues, told The Hill this month. “But you always have the security hawks saying ‘The more information the government has, the better the battle on terrorism goes.’ I believe the more information the government has, especially about American citizens, the less freedom we have.”
Some digital rights advocates worry that passage of the cyber bill — which encourages companies to share more data on hacking threats with the government — represents a troubling momentum swing after several years of smaller, incremental gains.
A rash of data breaches and the recent terror attacks in Paris and San Bernardino, Calif., have given new urgency to previously muted calls for increased access to digital data.
“We do need to protect ourselves,” Rep. Zoe Lofgren (D-Calif.), a lawmaker who often focuses on tech issues, told The Hill. “There’s not an argument about that. We also need to protect the Constitution. Those two are not mutually exclusive.”
Two years ago, government leaker Edward Snowden’s disclosure of secret NSA spying programs kicked off an intense, nationwide discussion of government surveillance that gave privacy advocates enormous political capital.
This summer’s passage of the surveillance reform bill, known as the USA Freedom Act, was one product of that discussion.
The measure axed the NSA’s bulk collection of Americans’ phone records, which Snowden first revealed.
Under a new program that went into effect in late November, the NSA will have to go to private phone companies to request a narrow set of “metadata” records about a suspect, instead of indiscriminately gathering millions of Americans’ information and looking for individual suspects later.
The USA Freedom Act had an unusual combination of winds at its back — good timing, favorable politics and sympathetic public sentiment — and these helped push it through Congress.
Even with all of that, passage of the bill only came at the last moment, aided by a legal deadline demanding that lawmakers either address the program or let it die. Hawkish Republicans were obliged to accept reforms rather than risk the law expiring for good.
The cyber bill, by contrast, was tucked into the massive omnibus spending bill that floated through Congress on the last day of its legislative calendar.
“I think it’s revealing that it was jammed in here by the Republican leadership, because they couldn't actually pass it on its own,” Lofgren said. “And I think it’s really a black mark on the Republican Party that they would stain the Constitution in this way.”
Many others don’t see it that way. Industry groups, lawmakers in both parties and the White House hail the so-called Cybersecurity Act of 2015 as a much-needed tool to enable information about hacking threats to be shared. They point to the solid bipartisan majorities that approved the three individual bills that were ultimately merged into the final legislation.
Privacy advocates fear their loss in December was yet another example of Congress’s propensity to increase national security powers in the wake of new anxieties about terrorism.
“I noticed early on up here that members of Congress are more concerned about what’s in the news tonight than what’s going to be in the news in five or 10 years,” Farenthold said. “I think the country would be better served if we sometimes stepped back and considered what’s going to be in the news 10 years down the road.”
Still, digital rights groups insist their agenda is far from dead.
Even if privacy advocates’ progress on Capitol Hill has had a stutter-step quality, privacy backers point to victories elsewhere as proof that the national conversation has changed since Snowden’s leaks.
Encryption applications, which secure people’s data from hackers and spies, have proliferated in recent years.
Despite pushback from national security officials, who warn that the technology allows terrorists and criminals to “go dark,” the White House has decided — for now — against new legislation to outlaw strong encryption or force companies to give the government a “backdoor.”
And this summer, the Justice Department released new guidance restricting the use of cellphone tracking devices known as stingrays, which have been used by at least 13 federal agencies and 23 states.
Privacy activists also see several opportunities for wins on the horizon.
In coming weeks, U.S. and European officials are hoping to finalize a new agreement allowing American companies to deal with Europeans’ data under the continent’s more stringent privacy rules. And in 2017, lawmakers will have to reevaluate portions of national security law that authorize the NSA’s controversial “Upstream” and “PRISM” programs, which collect vast amounts of data about foreigners abroad, as well as some data on Americans.
“In the pendulum analogy, everyone says after Snowden it swung really far one way and now it’s starting to swing back the other way,” said Nathan White, the senior legislative manager with digital rights group Access Now.
“I don’t think it’s going to swing back as far as people think.”
“I don’t think that we’re going to go back to October 2001, when they passed the Patriot Act,” White added. “We’re going to go back to maybe October 2008, when people were still really concerned about these issues, but also willing to balance and consider real threats versus real privacy concerns.”