On November 9, 2015, U.S. District Judge Richard J. Leon issued a preliminary injunction ordering the National Security Agency to stop its bulk telephony metadata program. The preliminary injunction was issued in favor of subscribers of Verizon Wireless Business Network and comes 20 days before the program was set to expire under the USA Freedom Act. The case is Klayman v. Obama et al. (1:13-cv-00851) in the U.S. District Court for the District of Columbia.
On May 7, 2015, the U.S. Court of Appeals for the Second Circuit sided with the American Civil Liberties Union, holding that the National Security Agency’s (“NSA’s”) collection of metadata relating to domestic phone records is not permitted under the PATRIOT Act. This ruling overturns a December 2013 Southern District of New York decision finding that the NSA’s telephone data collection program is lawful under Section 215 of the PATRIOT Act. The Second Circuit did not issue a preliminary injunction to stop the program or address questions as to whether the program is constitutional under the Fourth and Fifth Amendments. The case will now return to the Southern District of New York for further proceedings.
The House of Representatives passed two complimentary bills related to cybersecurity, the “Protecting Cyber Networks Act” (H.R. 1560) and the “National Cybersecurity Protection Advancement Act of 2015” (H.R. 1731). These bills provide, among other things, liability protection for (1) the use of monitoring and defensive measures to protect information systems, and (2) the sharing of cybersecurity threat information amongst non-federal entities and with the federal government. With the Senate having just recently overcome disagreement on sex trafficking legislation and the Attorney General nomination, that body is now expected to consider similar information sharing legislation entitled the “Cybersecurity Information Sharing Act” (S. 754) in the coming weeks. Assuming S. 754 also is passed by the Senate, the two Chambers of Congress will convene a Conference Committee to draft a single piece of legislation which will be then voted on by the House and Senate, before heading to the President’s desk. The White House has not committed to signing any resulting legislation, but has signaled some positive support.
In a flurry of activity on cybersecurity in the waning days of the 113th Congress, Congress unexpectedly approved, largely without debate and by voice vote, four cybersecurity bills that: (1) clarify the role of the Department of Homeland Security (“DHS”) in private-sector information sharing, (2) codify the National Institute of Standards and Technology’s (“NIST”) cybersecurity framework, (3) reform oversight of federal information systems, and (4) enhance the cybersecurity workforce. The President is expected to sign all four bills. The approved legislation is somewhat limited as it largely codifies agency activity already underway. With many observers expecting little legislative activity on cybersecurity before the end of the year, however, that Congress has passed and sent major cybersecurity legislation to the White House for the first time in 12 years may signal Congress’ intent to address systems protection issues more thoroughly in the next Congress.
On July 2, 2014, the Privacy and Civil Liberties Oversight Board (“PCLOB”) held a public meeting to finalize the release of a report concluding that the National Security Agency’s (“NSA’s”) collection of electronic communications from targets reasonably believed to be non-U.S. persons located outside the United States has operated lawfully within its statutory limitations.
On May 22, 2014, the United States House of Representatives passed H.R. 3361, a bill aimed at limiting the federal government’s ability to collect bulk phone records and increasing transparency regarding decisions by the Foreign Intelligence Surveillance Court (“FISC”). The bill was approved by a vote of 323-121 by majorities of both Democrat and Republican members of the United States House of Representatives. It now moves to the Senate where it is likely to pass.
On January 29, 2014, the National Security Agency (“NSA”) announced that Rebecca Richards has been appointed to serve as the NSA’s new Civil Liberties and Privacy Officer. Ms. Richards, who previously worked as the Senior Director for Privacy Compliance at the Department of Homeland Security, will advise the NSA Director on civil liberties and privacy issues and implement reforms in those areas.
On January 28, 2014, Data Protection Day, Vice-President of the European Commission and Commissioner for Justice Fundamental Rights and Citizenship Viviane Reding gave a speech in Brussels proposing a new data protection compact for Europe. She focused on three key themes: (1) the need to rebuild trust in data processing, (2) the current state of data protection in the EU, and (3) a new data protection compact for Europe.
On January 23, 2014, the Privacy and Civil Liberties Oversight Board (“PCLOB”) released a report (the “Report”) concluding that the National Security Agency (“NSA”) does not have a valid legal basis for its bulk telephone records collection program. The NSA’s bulk collection of consumer telephone records has been under increased scrutiny since Edward Snowden leaked information about the program in June 2013, and recently has faced legal challenges. According to the Report, the NSA’s program exceeded its statutory parameters.
In a major speech delivered at the U.S. Department of Justice on January 17, 2014, President Obama addressed the call for reforms to government surveillance programs following disclosures regarding National Security Agency (“NSA”) activities leaked by Edward Snowden since June of last year. The President discussed the need to advance national security while strengthening protections for privacy and civil liberties, improving transparency in intelligence programs, engaging in continual oversight and rebuilding trust among foreign leaders and citizens. He outlined several areas of reform: Continue Reading President Obama Calls for Major Changes in National Security Surveillance Programs