The U.S. National Security Agency has been allowed to continue to collect phone records in bulk of people in the country, while lawmakers consider new legislation that would block the agency from collecting the data.
The government's application for reauthorization of the program for a period of 90 days was approved by the Foreign Intelligence Surveillance Court (FISC), according to a joint statement Friday by the Department of Justice and Office of the Director of National Intelligence. The government argued that it was seeking the extension as the relevant legislation has not been enacted yet.
The bulk collection of phone metadata in the U.S. by the NSA was first disclosed in June last year by former agency contractor, Edward Snowden, through news outlets.
In the wake of criticism of the surveillance program, President Barack Obama proposed in January changes in the program, including requiring that the government should not collect or hold the data in bulk, and deciding that, except in an emergency situation, the FISC will have to approve any queries to the phone records database. Obama also decided that the government should pursue phone calls that are two-steps removed from a number associated with a terrorist group, instead of the three hops previously authorized.
In March, Obama said that the data should remain with the telephone companies, but said that Congress would have to pass the appropriate legislation.
The U.S. Freedom Act, which was passed in May by the U.S. House of Representatives, addresses issues relating to access to phone records by the NSA. It now awaits consideration by the Senate.
The version of the bill that was passed by the House has loopholes that could end with the NSA having the authority to continue to access phone data in bulk, according to civil rights groups.
Groups like the Electronic Frontier Foundation are, for example, concerned about the new definition of "specific selection term," which describes and limits who or what the NSA is allowed to monitor. (Originally defined in the legislation as "a term used to uniquely describe a person, entity, or account," the expression is now defined as referring to "a discrete term, such as a term specifically identifying a person, entity, account, address, or device."
The broader definition could allow for the use of broad selection terms such as a "zip code, an area code, the physical address of a particular email provider or financial institution, or the IP address of a web hosting service that hosts thousands of web sites," Kevin Bankston, policy director of the New America Foundation's Open Technology Institute, wrote in May.
Sign up for MIS Asia eNewsletters.