I have trouble describing how disappointed I am that this bill has passed. The roll call vote is available here. I have written about FISA previously here and here.

Although there are many aspects of this bill that disappoint me, I would like to take a moment to talk about the one closest to my research: legal compliance in technology systems. This bill sets an incredibly bad precedent for anyone advocating legal compliance. Essentially, what the telecommunications companies did was blatantly against the law. However, this bill retroactively provides them immunity for their actions [1]. When the consequences for violating the law are removed retroactively, companies have an incentive to violate the law in the future.

The ethics in situations like this are already difficult for engineers to recognize. For a technologist like Mark Klein, setting up a room with a whole bunch of cables going into it is a normal daily aspect of their job. Most will not see the ethical implications. Most engineers at that level are not aware of the bigger picture. They may not be able to say for sure whether their action is a violation of the law. To speak out about such a thing already takes great personal courage.

The last thing engineers need to see is a case like this. They will recognize that even if they do risk their job to speak out about a possible legal problem, and even if that possible problem is recognized as such, it is now, with the passage of this bill, clearly possible that Congress will bend over backwards to let their employer off the hook.

To understand how difficult it was before this amendment was passed for someone like Mark Klein to do what he did, I urge you to read the introduction Cindy Cohn gave him at the EFF Pioneer Awards. Congress has just made it harder on the heroes. This is a disappointing day.

[1] Yes, I realize that this bill doesn’t directly provide for retroactive immunity. However, the bill sets up a sham court proceeding to determine whether or not the companies involved were told it was ok to do what they did by the President, which is already widely known to be true.

[Update: There's an extremely well-written article on the FISA Ammedment Act on ThreatLevel.]