Expected changes to Patriot Act better, says IU Maurer cybersecurity expert

The failure of the U.S. Senate to reauthorize parts of the Patriot Act surprised cybersecurity expert Fred Cate, but he hesitated to describe the expiration of the legislation as a major shift in current policy.

Cate, professor at the Indiana University Maurer School of Law and senior fellow at the IU Center for Applied Cybersecurity Research, specializes in security law issues. He has testified before many congressional committees and is a member of the U.S. Department of Homeland Security Data Privacy and Integrity Committee Cybersecurty Subcommittee along with the Advanced Research Projects Agency Privacy Oversight Board of the U.S. Department of Defense

“This is national security,” Cate said, “… and usually Congress does not play such high stakes poker game when national security involved.”

The Senate supporters of the Patriot Act were unable to muster support for extending key provisions May 31 during a rare Sunday session. In particular, the federal government’s ability to collect and store bulk phone records has expired.

However, the Senate is expected to pass the House of Representatives’ USA Freedom Act this week which would put the collection of metadata of telephone calls in the hands of telecommunications companies. While the National Security Agency would no longer be allowed to collect the information, it would still be able to access to the data.

Phone companies already collect the data, Cate said, so the change in the House bill is not very significant. Still, he said, the bill is better. Under the House bill, the NSA won’t be able to access the information as easily as before. It will have to get authority from the Foreign Intelligence Surveillance Court to look at a new phone number in the data.

Although the collection and review of the data is still happening behind closed doors, Cate said the bill from the House is puts more people behind those doors. Phone companies have, in the past, gone along with government requests for metadata but they could still ask questions.

Moreover, the phone companies will have an incentive to be careful in their actions, Cate said. These companies do business all over the world and they will not want their data collection to violate other country’s laws and, therefore, hinder their ability to offer services to international customers.  

Cate said the expiration reflects a shift, although a minor one, in public attitude. Yet, if the U.S. suffers another terrorist attack on the level of 9/11, he believes the country would embrace an immediate return of all provisions in the Patriot Act.

During the debate, some Senators warned that letting parts of the Patriot Act expire would put the U.S. at risk. Cate tempered those views by pointing to findings of the D.C. Circuit Court of Appeals and the inspector general of the U.S. Department of Justice.

These entities and others have looked at the data collection program and could not find any evidence it was doing something significant, Cate said. Other parties have concluded that the information gathered from the phone records would have been discovered by other means.