Sen. Ron Wyden has many problems with the cybersecurity bill that the Senate may take up before the August recess.
But he can only talk about some of them publicly. Other reservations remain strictly classified.
Wyden, the Democratic privacy hawk from Oregon, claims that a classified Justice Department legal opinion written during the early years of the George W. Bush administration is pertinent to the upper chamber’s consideration of cyberlegislation — a warning that reminds close observers of his allusions to the National Security Agency’s surveillance powers years before they were exposed publicly by Edward Snowden.
The Obama administration pledges that it does not rely upon the memo, which some privacy experts have speculated could be used under the auspices of cybersecurity to allow government surveillance of Americans’ Internet usage. Wyden and civil-liberties advocates worry that the memo could be invoked by a future president, a concern fueled in part by the use of other Bush-era legal opinions written to justify warrantless surveillance and the CIA’s so-called “enhanced interrogation techniques” during the war on terror.
Wyden has railed against the information-sharing legislation passed out of the Senate Intelligence Committee as a “surveillance bill by another name.” While its boosters say it could help minimize the damage wrought by hacks like those that crippled Sony Pictures or laid bare the Office of Personnel Management’s records of federal employees, Wyden insists that the Cybersecurity Information Sharing Act, or CISA, is overly broad and that evidence is thin that it would improve cybersecurity.
Senate Majority Leader Mitch McConnell has indicated that he hopes to move CISA, which would provide expanded legal protection to companies that voluntarily share “cyberthreat indicators” with the government and each other, within the next two weeks, likely after Congress wraps up debate over highway funding. While government officials say they no longer rely on the memo, Wyden continues to press for its declassification in order to ensure that future administrations don’t reverse course.
“I remain very concerned that a secret Justice Department opinion that is of clear relevance to this debate continues to be withheld from the public,” Wyden said in his written dissent against CISA, which cleared the Senate Intelligence Committee 14-1 in March. “This opinion, which interprets common commercial service agreements, is inconsistent with the public’s understanding of the law, and I believe it will be difficult for Congress to have a fully informed debate on cybersecurity legislation if it does not understand how these agreements have been interpreted by the Executive Branch.”
Last month, when McConnell tried and failed to pass CISA by attaching it to a defense authorization bill — a procedural trick that limited amendments and prompted a Democratic backlash, Wyden urged his colleagues to read the memo in question. Any senator that voted for the bill, he said, “is voting without a full understanding of the relevant legal landscape.”
The Justice Department would not comment on the contents of the opinion other than to say that it is “aware of the senator’s concerns and [has] provided a response.” That response is classified, Wyden’s office confirmed, adding that DOJ officials indicated they had no plans to release the legal memo publicly.
Privacy advocates say that refusal is unsettling, in part because the opinion was written by the Office of Legal Counsel in 2003 — a date revealed in congressional testimony a decade later and first highlighted by independent journalist Marcy Wheeler. At that time, the same group of lawyers working in the Bush administration also was writing secret memos that justified warrantless wiretapping by the National Security Agency and the creation of the CIA’s foreign black sites, where suspected terrorists were detained and subjected to brutal interrogation methods such as waterboarding and sensory deprivation.
“Torture and mass surveillance are our experiences with secret law,” said Nathan White, senior legislative manager with the digital rights group Access, which Monday joined other privacy advocates to launch a “week of action,” lobbying senators to vote down CISA.
White, in addition to several other civil-liberties activists, said he did not know specifically what the Justice Department memo could be referring to. But these memos can be significant, he added, noting that two other secret Justice Department memos from 2012 first published in June by The New York Times and ProPublica revealed that the NSA had expanded the breadth of its surveillance to include the cross-border Internet traffic of Americans, in an apparent attempt to uncover and monitor foreign hackers.
“Wyden is not a sky-is-falling kind of guy,” White said. “He is very clear and targeted when he is warning about stuff.”
The oblique warning from Wyden is reminiscent of insinuations that he and former Sen. Mark Udall made about NSA surveillance prior to the Snowden disclosures that began two years ago. Both Democratic lawmakers sat on the Senate Intelligence Committee and expressed grave concerns about the NSA’s bulk collection of U.S. phone records, but said they were restricted in their ability to reveal classified information.
“The American people will also be extremely surprised when they learn how the Patriot Act is secretly being interpreted,” Wyden said during a floor speech in 2011, more than two years before the Snowden disclosures, which revealed that a provision of the law known as Section 215 was being used to justify the NSA’s dragnet phone surveillance. “And I believe one consequence will be an erosion of public confidence that makes it more difficult for our critically important national intelligence agencies to function effectively.”
Udall’s defeat to Republican challenger Cory Gardner last year has often left Wyden as the solitary voice of dissent on the Intelligence panel, though he is occasionally joined by Sen. Martin Heinrich, a New Mexico Democrat, on pressing for more privacy protections. On CISA, and on the Justice Department memo specifically, Wyden has been on a largely lonely crusade. Two similar info-sharing bills easily passed the House this year, and in the shadow of massive hacks on private companies and government, final passage appears more likely than in previous Congresses.
Wyden, for his part, remains undeterred. Over the past several years, he sent letters to former Attorney General Eric Holder expressing his concern that the memo remains classified. In a rare open Senate Intelligence Committee hearing in December 2013, Wyden peppered Caroline Krass, then the nominee for CIA general counsel, with questions about the legal opinion, extracting an assurance that she would not invoke it during her tenure due to its age. She also said the memo was issued as a “first impression” on a then-novel technology in 2003 and that case law has evolved since.
Wyden said those promises were insufficient, however. “What concerns me is, unless the opinion is withdrawn, someone else might be tempted to reach the opposite conclusion,” he said at the hearing.