The issue with Section 309


The issue with Section 309


Today I read this post about a bill that just got passed in it, Justin Amash, a member of congress, states the following:

"Last night, the Senate passed an amended version of the intelligence reauthorization bill with a new Sec. 309—one the House never has considered. Sec. 309 authorizes “the acquisition, retention, and dissemination” of nonpublic communications, including those to and from U.S. persons. The section contemplates that those private communications of Americans, obtained without a court order, may be transferred to domestic law enforcement for criminal investigations."

Reading that and the rest of the letter, I figured, well, can it really be this bad? Is it just stirring up some simple language or a possible misunderstanding? Perhaps the tinfoil hat is too tight on this one.

So I went ahead and read through Sec 309 of the bill and guess what.

He's right

Sec 309, paragraph 1 says:

Not later than 2 years after the date of the enactment of this Act each head of an element of the intelligence community shall adopt procedures approved by the Attorney General for such element that ensure compliance with the requirements of paragraph (3).

So we need our heads and say, ok, so what? In two years they need to comply with some requirements, what's the problem there? So then we look at the mentioned paragraph:

the procedures the attorney general sets forth shall apply to any intelligence collection activity not otherwise authorized by court order sub-poena, or similar legal process that is reasonably anticipated to result in the acquisition of a covered communication to or from a United States person and shall permit the acquisition, retention, and dissemination of covered communications subject

A covered communication, by definition, is any nonpublic telephone or electronic communication aquired without consent of anyone involved in said message. This also includes messages "in electronic storage", aka, your facebook messages, your emails, any thing you can really think of. And this but here says that the procedures will apply to intelligence collected that are not otherwise authorized by court.

This means any data that the NSA or any "intelligence element", even by accident, can be saved for up to 5 years. But here's the real kicker.

Subparagraph B, subsection iii states the following:

the communication is enciphered or reasonably believed to have a secret meaning

Which is in reference to subsection B:

A covered communication shall not be retained in excess of 5 years, unless

I'd like to point out to the reader that enciphered implies encrypted. I would also like to point out that all your bank transactions, all your logins to websites (such as facebook, gmail), all communications you assume to be private and untouchable that pass through HTTPS (the green lock on your browser), can be held for longer than the set forth 5 years.

This means they can sit around and hold on to your data for as long as they want. They can attempt to break it, they can do whatever they'd like with it. This is not a good thing. If you can't see the repercussions of this little clause slipping in, then ask any cryptographer about it. Ask about flaws in pgp, or flaws in https, or hell, look at the papers where in some cases they can break RSA. With a dataset of ALL the 'incidental' information being captured and kept for long periods of time, do you really want your information being the testing ground for a new hack?

The ability to keep information like this is disturbing, and sure, some of this does depend on what policies the attorney general puts forward, but still. Negligence does occur within the NSA and other agencys, look towards anything Ed Snowden has put out for validity of that, I for one, am going to write my representative and get them to represent what I think. Won't you?


I just wanted to note Section 302:

Sec. 302: Restriction on Conduct of intelligence activities.
The authorization of appropriations by this Act shall not be deemed to constitute authority for the conduct of any intelligence activity which is not otherwise authorized by the Constitution or the laws of the United States.

This is a giant ball of legalese that's difficult to decipher. Let's note the definition of appropriation:

From Google:

  1. The action of taking something for one's own use, typically without the owner's permission.
  2. a sum of money or total of assets devoted to a special purpose.

Considering the amount of effort that is taken for writing these bills, is it any surprise that a word that doubles both financial agreements, and taking something without permission is used? This definition, when taken in light with Section 309's blatant disregard of the 4th Amendment of the Constitution is chilling. Anyway, one more definition then back to the bill:

From Google: (constitute)

  1. be a part of a whole
  2. give legal or constitutional form to (an institution); establish by law.

In other words, the money taken for this bill won't give permission to do anything unlawful or in violation of the constitution. Or, read another way: even if information is taken without a warrant the money will still be given to the intelligence community as approved by this bill. In essence, this resolves the agency's being given this budget from having the money taken from them should they violate the laws.

Legalese is pretty bizarre to interpret as often it seems it can mean multiple things. If you happen to be a lawyer or someone well versed in policy law, please comment below and inform the rest of us what this section means.

Update 2

Well, it's official. Hr4681 is a law. As of this writing, there's only 9783 people on the petition, and we need a goal of 100,000 signatures to have Obama address the issue. I'm updating this on Christmas, because I just found out about this (even though I've refreshed the actions page of that bill since the 19th, slow update I guess). and I've never felt lower on a holiday. The only way the bill and issue is going to be rectified now, is with a christmas miracle.

comments powered by Disqus