The USA Freedom Act
What Is It And How Does It Affect Your Online Activities?
After the terrorist attacks of 9/11, a lot changed in regards to online privacy in the U.S.
Before, online activities of U.S. citizens were not being monitored by U.S. government agencies, but things have drastically changed.
So, what is the U.S. government doing, exactly, when it comes to your online activities?
The U.S. government employs various intelligence and law enforcement agencies to conduct online surveillance operations and data collection projects.
Three widely-known agencies are the FBI, the CIA and the NSA. The NSA (National Security Agency) is the most notorious, as it does most of the collecting of your online activities and conducts online surveillance operations.
These agencies operate under the legislation of the Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-collection and Online Monitoring Act (USA Freedom Act).
The USA Freedom Act is the successor of the controversial USA Patriot Act, which expired in 2015. The USA Freedom Act renewed most of the provisions of the USA Patriot Act (more about that in detail further in the article).
The aim of this guide is to provide you with a better understanding of the USA Freedom Act, how it’s different from the USA Patriot Act, how it affects your online activities and how you can protect your online activities against government spies - among other interesting subtopics that I’ll also discuss throughout the guide.
How Edward Snowden’s Revelations Contributed to
the USA Freedom Act
Edward Snowden was a former Central Intelligence Agency (CIA) employee and was working for Hawaiian information technology firm Booz Allen Hamilton.
At the time time, Booz Allen Hamilton was contracted by the NSA, so Edward Snowden was basically working for the NSA.
While working for them, he argued that the NSA was involved in illegal activities surrounding U.S. intelligence work, so he decided to leave his job.
On May 20, 2013, he left the country. A few weeks later, he leaked thousands of classified documents to journalists. He revealed a great deal of global surveillance data from numerous projects.
In response, the United States government charged Edward Snowden with espionage and theft of government property a short time later in June 2013.
While prior to the USA Patriot Act, American intelligence agencies mainly focused on foreign powers, spies and overseas surveillance, the Snowden documents revealed that the NSA and alternative intelligence agencies also focused on U.S. citizens on U.S. soil.
Moreover, the Snowden papers revealed that the NSA collected metadata of phone calls made by millions of U.S. citizens.
He also leaked documents about PRISM. PRISM is a code name for one of the NSA’s projects, which allows the agency to collect data from various U.S. tech companies, such as Google, Facebook, Apple and so on.
The Snowden documents also revealed several other questionable activities of the NSA. According to the documents, the NSA was involved in the offensive hacking and exploiting of vulnerabilities in consumer software in order to infect it with malware to track targets.
These revelations triggered major criticism from the general public and lit a fire of critical observations, which prompted discussions in Congress.
Ultimately, the Snowden papers contributed to the debate over NSA spying, which eventually led to President Barack Obama signing the USA Freedom Act on the June 2, 2015.
What Is the USA Freedom Act?
The USA Freedom Act stands for the “Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-collection and Online Monitoring Act.”
The USA Freedom Act was first introduced in both houses of the U.S. Congress in late 2013, but was passed by Congress in 2015, a day after the USA Patriot Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act) expired.
In fact, the USA Freedom Act basically restored many of the original provisions included in the USA Patriot Act. There were only a couple of changes adopted in the USA Freedom Act.
The legislation specifically
These are the changes in the legislation from the USA Patriot Act, but not the only things about the legislation. There will be more information about each of these changes later in the article.
Under the USA Freedom Act, the original provisions (of the USA Patriot Act) on roving wiretaps and lone wolf terrorists were restored, meaning that government intelligence agencies are still allowed to work within the boundaries of these two provisions under the USA Freedom Act.
The USA Freedom Act: What Kind of Surveillance Is Authorized?
The USA Freedom Act provides authorization for telecommunication surveillance and physical searches.
There are several means of communication that are authorized for surveillance. I’m talking about wiretapping smart/mobile phones, accessing voicemail history, intercepting email and text messages, and collecting data on Voice over Internet Protocol (VoIP).
VoIP are “IP-Enabled Services,” which is a technology that allows you to make phone calls (often internationally) using an internet connection instead of a (regular) phone line.
More information about these in the “How Does the USA Freedom Act Affect Your Online Activities?” section.
USA Patriot Act vs. USA Freedom Act
There were three major shifts in provisions when the USA Freedom Act was enacted. The first change was to the provision on mass data collection, often said to be the most controversial under the USA Patriot Act.
Increasing transparency, as well as changes in regards to how tech companies are treated under the law, are also part of the shift. In the following sections, I’ll describe each change in detail, and what has changed between the USA Patriot Act and USA Freedom Act.
No More Mass Data Collection
Under the USA Patriot Act, surveillance and gathering of all Americans’ phone records was allowed because the U.S. government argued it was crucial to restoring and maintaining national security.
The government argued that the collection of phone records was used to link and identify potential dangerous suspects.
“As intelligence officials have told members of Congress over the last two years: If you’re looking for a needle, you need the haystack,” says Politico.
The USA Freedom Act put new limitations on what data can be collected and how intelligence agencies could collect such records and data. In contrast to the previous bulk collection, under the USA Freedom Act, the NSA is only allowed to obtain the data of a specific person, not an entire company.
The NSA is still allowed to request data from a company, but not to seize the company’s entire database. Rather, it can collect the data of one employee or one device (phone or computer).
Under the USA Patriot Act, the NSA employed several methods to bulk-collect data. One of the major data sources was the telephony links of major telecommunications providers, which were accessed through tapping. Most of these were foreign telecommunications companies, but it also happened in the U.S.
As stated in the Washington Post:
“The NSA compile[d] information on a vast database of devices and their locations. Most of those collected, by definition, [were] suspected of no wrongdoing. Officials say they [did] not purposely collect U.S. phone locations in bulk, but a large number [were] swept up ‘incidentally.’”
Additionally, the Snowden papers revealed that there was a secret court order directing Verizon to hand over all of their data to the NSA on a daily basis.
That being said, most of the methods used are - for obvious reasons - classified and not known to the general public.
Fortunately, the methods have changed because the bulk collection of data under the USA Freedom Act is not allowed any longer.
For example, collecting metadata of phone calls of tens of millions Americans through forcing large telecommunication providers, such as Verizon, to hand over data, is no longer allowed under the USA Freedom Act.
Additionally, the NSA must be able to associate a specific target with a foreign power or terrorist group. Without such proof, the NSA isn’t allowed to collect the data of a target.
According to Politico, some argue that data collection may still happen on a large scale. But in this sense, large means thousands at a time, which is definitely a huge decrease compared to the NSA’s data collection under the USA Patriot Act. At that time, the NSA collected the data of millions of Americans.
Foreign Intelligence Surveillance Court (FISC)
The Foreign Intelligence Surveillance Court is a federal court. This court specifically oversees cases that involve intelligence and law enforcement agencies, which issue warrants to put surveillance out on a target (typically, foreign spies).
Typically, these special warrants are mostly requested by the NSA and FBI, and they’re generally classified.
The court’s main goal is to be a secret court. Only FISC judges and other government employees are present at cases. Obviously, the non-transparent nature of the court has led to many questions and criticisms from civil liberties defenders.
The FISC has been dubbed a “rubber stamp court” because, between 1979 and 2012 (33 years!), FISC judges granted 99.97% of all warrants requested.
“It approves every request for spying on Americans: 1,856 out of 1,856 in 2012, for example. In 2011, 1,674 out of 1,674. In 2010, 1,506 out of 1,506. You get the picture,” says Ted Rall, a columnist for The Los Angeles Times.
The USA Freedom Act created more opportunities for civil defenders to lobby the FISC and improve its transparency by declassifying cases from FISC judges.
These changes in the USA Freedom Act are steps to generate more transparency and accountability, especially in regards to the NSA’s activities.
Tech Companies May Disclose Information on Investigations
The USA Freedom Act’s predecessor, the USA Patriot Act, actually allowed government surveillance agencies, such as the NSA, to force large tech companies to be quiet about warrants for ongoing investigations.
Fortunately, the USA Freedom Act has removed such provisions from the legislation.
For example, Facebook can now bring forward a news statement in regards to the NSA collecting Facebook data for an investigation. At least now, you can be aware that your information might fall into their hands.
In return, that contributes to more transparency surrounding, for example, NSA activities.
These are the only changes between the USA Patriot Act and the USA Freedom Act. Every other provision of the USA Freedom Act mentioned in this article is a continuation of provisions from the USA Patriot Act.
Why Is the USA Freedom Act a Threat to U.S. Citizens?
The USA Freedom Act may arguably be a threat to U.S. citizens because it contains a number of provisions that are in violation of First and Fourth Amendment rights.
The First Amendment protects rights such as freedom of speech and press.
Under the USA Freedom Act, intelligence agencies are legally allowed to force a surveillance target (who is aware he’s being targeted) to keep the search secret from others. (However, this doesn’t apply to tech companies.)
The Fourth Amendment protects citizens from “unreasonable search and seizure” and forbids warrants without probable cause.
That means that, according to the Fourth Amendment, it should not be legal for the NSA to put a surveillance team on a target and intercept their metadata if they can’t prove there’s probable cause.
However, under the USA Freedom Act, intelligence agencies don’t need a warrant before starting an investigation on a target, which is heavily in conflict with the Constitution.
But there’s more to it than just the conflict between the USA Freedom Act and the Constitution. The USA Freedom Act also allows government forces an excessive amount of power and influence.
Before the U.S. government enacted the USA Patriot Act, government intelligence forces were only permitted to track and monitor targets that were proven to be agents of foreign powers.
However, after the USA Patriot Act was enacted, and now that the USA Freedom Act continues to uphold most of the original provisions, government intelligence forces don’t require probable cause any longer to launch investigations on targets, nor do the targets need to be agents of foreign powers.
It’s unknown whether or not they face much or any lawful review, especially in regards to the influence of Supreme Court judges, who may or may not possess the authority/power to shut down certain operations.
It’s for these reasons that investigations by government intelligence agencies pose a potential threat to your online activities.
In the next section, I’ll discuss how the USA Freedom Act can affect your online activities.
How Does the USA Freedom Act Affect Your Online Activities?
“Fun” fact: almost 20% of all the information collected by the NSA is of Americans.
The agency's purpose is to protect the U.S., ostensibly from foreign threats, yet a fifth of what they collect is from American citizens.
Nobody knows exactly how and when intelligence agencies collect data in regards to online activities. However, there are a few methods known, such as several classified “programs” to collect data, which the Snowden papers leaked.
The roving wiretap provision of the USA Patriot Act expired in 2015, but the USA Freedom Act was enacted a day after and immediately restored the roving wiretap provision.
Under the current wiretap laws applying to low-level law enforcement, if the surveillance target were to throw away the device that was being tapped, such as a mobile phone, and buy a new one, the surveillance order would drop.
In order to put surveillance on the new device, the low-level law enforcement in question would have to arrange a new order that applies to the new device.
A “roving wiretap” is fundamentally different, because once a roving wiretap order is authorized, the intelligence agency is allowed to follow the surveillance target, regardless of whether the target acquired a new phone or other means of communication.
This fundamental difference is in who’s applying for a wiretap court order: the CIA only needs one order to wiretap any target - the agency can tap a new device automatically, even if the current one is thrown out.
So, the surveillance target - such as a lone wolf - could be followed without having to arrange new surveillance orders if the target acquires a new device.
Definition of “Lone Wolf”
A “lone wolf” usually refers to a wolf without a pack to belong to, which spends its time alone.
But, in this case, it means “lone wolf terrorist,” which is someone who acts completely independently and alone in order to prepare or commit an act of terrorism or violence.
Typically, a lone wolf works alone and without any outside interference. A lone wolf may be influenced or motivated by beliefs of a fringe or foreign organization and might claim to act on behalf on such a group.
Intercepting Email and Text Messages
As discussed earlier, under the USA Freedom Act, intelligence agencies aren’t allowed to gather bulk data anymore. However, it’s still legal for intelligence agencies to track and monitor certain targets by intercepting their email traffic and text messages.
So, your online privacy is under scrutiny by such monitoring. If you don’t take the proper precautions, all of your email and text data could fall right into the hands of the NSA or one of their counterparts.
Voice Over Internet Protocol (VoIP)
VoIP (Voice over Internet Protocol) is shorthand for making calls over the internet - e.g., a WhatsApp or Skype call. The device isn’t connected to a phone line but is instead connected to a wireless network. You could make VoIP calls with a mobile phone or a computer.
The NSA is able to collect data points such as time, duration and the phone numbers of both you and the person you’re calling.
Accessing Voicemail History
How the NSA obtains voicemail history is not crystal clear. Some sources claim that the NSA is hacking phones to gain access to the voicemail history, photos and so on. A German source, Der Spiegel, which was one of the first to publish information about Edward Snowden’s leaked documents, claims that the NSA is installing spyware on smartphones (even before they’re shipped).
The same article suggested that (at the time) the head of the NSA, when hearing that there were 400,000 applications available for smartphones, said that meant that there were 400,000 opportunities to get access to a smartphone.
But, nobody knows whether this is still happening today. Nevertheless, it’s clear that you should be careful when choosing applications to use and that you should always consider an application’s security.
Various Intelligence Programs
The intelligence agencies label specific programs with certain names, which often means that the program focuses on a specific scope of surveillance or uses a specific software tool that targets systems.
It goes without saying that some highly classified programs are probably actively running and gathering data as I write this very sentence, but that’s just speculation on my part. Many other programs were probably never made public.
I’ve listed a few known programs that definitely have an impact on your online privacy.
MYSTIC was one of the NSA’s notorious surveillance programs, which collected metadata of millions of Americans. The program came to light because of the Snowden papers in 2013.
The program also collected the metadata of phone calls from other countries, such as Mexico, the Philippines and Afghanistan.
Whether the program is still running in the U.S. or on an international scale is unconfirmed. However, if it is, it’s very illegal.
The infamous NSA program called PRISM (leaked by the Snowden papers) collects internet communications from all of the large internet companies in the U.S. For example, PRISM made Google hand over data under the FISA Amendments Act of 2008.
There are zero reports that the PRISM program has been shut down. And, considering that the USA Freedom Act includes a stipulation that tech companies like Facebook and Google can inform their users that they handed over their data, it's safe to say that the program is still actively scanning your internet activities - otherwise, why would that provision have been included in the law?
The NSA program BULLRUN is designed to crack encryption of online communications and data sources.
As reported in The Guardian, the program employs various methods to exploit computer networks, using advanced mathematical techniques.
On the upside, tech and encryption companies such as Google, FreeBSD and OpenSSL improved their encryption protection after the revelations.
How You Can Protect Yourself Against Government Spying
As we have learned, the NSA and other intelligence agencies are constantly spying - and too much of it is done on U.S. citizens.
It’s therefore important to protect yourself against bulk surveillance and other types of data collection.
There are a few important components to protecting your data, namely encryption and a VPN. Another method is to opt to use the Tor network.
Let’s take dig a little deeper.
Encryption is a method you can use to keep your online activities and its accompanying personal and business-related information safe from government spying.
By encrypting your traffic, you’re actively protecting your logins, banking information, credit card information and other sensitive information. All of this data that you leave on the internet can be tracked by government intelligence agencies.
The NSA collected the phone records of millions of Verizon customers - not to mention that your very own Internet Service Provider (ISP) is now required to hand over customer data to intelligence agencies when asked for.
It’s therefore essential to encrypt your internet traffic, files, emails and other types of messaging apps.
What encryption basically does is mix up a set of “plaintext” (readable text) and convert that into “ciphertext” (unreadable text) with an encryption key. So, only the person or trusted party with the decryption key can “unlock” the message and read it.
For more information, read my in-depth post about how encryption works.
A Virtual Private Network (VPN) is a good starting point to protect your online activities. A VPN provides a secure and protected network connection (incoming and outgoing traffic) between your computer or mobile phone and an online network.
What a VPN essentially does is transmit all the device’s data traffic through a private network. The private server routes the traffic through a server based on a location of the user’s choosing.
Also, a VPN encrypts all of your traffic data, serving as an extra layer of protection. The VPN establishes a connection as if it were connecting through a regular network, looking and acting like a local connection but actually covering up the true IP address of your location.
This creates a secure tunnel for your connection, making it impossible for government intelligence agencies to spy on you or decrypt your data.
The tunnel allows you to connect to a VPN server first. The server will convert your true IP address into a generic IP address (all of the users accessing the same VPN server will have the same IP address as you). So, your IP address is well-hidden and keeps the government from tracing activities back to you.
If you want to learn more about VPNs and how you can set up your own VPN, check out my guide on VPNs and what they do.
As a last resort, you could opt for the Tor (“The Onion Router”) Browser. The Tor Browser will allow you to browse the web without being tracked.
The Tor Browser operates within its own network to anonymize your web activities by connecting to the internet and directly encrypting your connection.
All of your internet traffic is routed through multiple Tor “nodes,” which constantly and randomly change upon each page request. Therefore, Tor is quite a bit slower than a VPN, but the level of anonymity is higher.
The Tor Browser will let you browse the web completely anonymously, which means that government agencies can’t track or monitor your online behavior.
Additional Ways to Protect Yourself
Connect to the web through a proxy server, such as DuckDuckGo, so your IP address is hidden.
Use an encrypted and privacy-minded email service provider. Check out my post with top picks of the most secure email providers.
You can also encrypt your Gmail or Outlook emails on either your Windows computer, macOS, Android or iOS.
Use Bitcoin or another cryptocurrency for anonymous digital payments.
If you want to learn more about browsing the web anonymously and in a secure environment, you can find more information on this topic in my other guide - which includes a lot of other helpful information, too!
Unfortunately, most of the original provisions of the USA Patriot Act were renewed in the USA Patriot Act.
The major changes were mostly seen in the following areas:
No more mass surveillance.
More transparency in regards to intelligence agencies and FISC cases.
It’s legal for tech companies to inform the general public when they’re asked to hand over data.
Every year, the NSA publishes a public assessment report that shows the impact of the USA Freedom Act.
The 2017 Annual Transparency Report of the Office of the Director of National Intelligence indicates that - even under the USA Freedom Act - the NSA still collected more than 151 million metadata records of American citizens in 2016.
Also, the U.S. government is still allowed and able to wiretap mobile phones, intercept emails, monitor data on VoIP, as well as access voicemail history and text messages.
In order to protect yourself against such government surveillance, you’ll have to encrypt all of your data and online traffic/activities. Also, you should install a good VPN and the Tor Browser.
All of the surveillance methods under the USA Freedom Act can affect your online activities, yet some still question whether it’s really possible to “outsmart” agencies like the NSA.
However, you’ll have a great chance of beating them when you follow the protection precautions listed in this guide.