By Aimee Thomson
The recent and ongoing disclosures by Edward Snowden have revealed massive U.S.-operated surveillance programs that are vacuuming up almost every aspect of modern communication in the name of national security.
Since the first documents came to light last June, a broad coalition of civil rights and privacy advocates has clamored for reforms of both the substantive law and the procedural safeguards. Six months later, not much has changed. A full exploration of what the NSA collects and how the government uses the data exceeds the scope of this article.
But, in brief, the revealed surveillance programs generally fall into two legal categories. First, there is the bulk collection of telephone metadata under Section 215 of the PATRIOT Act, which authorizes the collection of “any tangible things” if the government can demonstrate that they are “relevant to an authorized investigation . . . to protect against international terrorism or clandestine intelligence activities.” This standard lacks a requirement of individualized suspicion and falls far short of the Fourth Amendment’s requirement of probable cause for the issuance of a warrant. The government justifies bulk collection as being “relevant” to an authorized investigation by arguing that it is necessary in order to determine connections between known and unknown terrorist elements.
Second, the government collects telephone and internet communications (including the content of those communications) both by issuing directives to “downstream” telecommunications giants such as Facebook, Google, and Apple and by tapping the “upstream” fiber-optic cables running across the U.S. Both downstream and upstream collection operate under Section 702 of the Foreign Intelligence Surveillance Act of 1978 (FISA). Section 702 allows the government to set up year-long surveillance programs to collect the communications of persons “reasonably believed to be located outside the United States.” Once the programs are established, decisions about which telecommunications companies to approach and how to use the collected data are governed by internal NSA regulations only.
Although the government may not “intentionally” target U.S. persons (i.e. U.S. citizens or persons inside the U.S.), communications with one U.S. person on the line qualify as “foreign” and the government admits that the goal is to collect these U.S. person-foreigner conversations. The Foreign Intelligence Surveillance Court (FISA Court, or FISC), made up of eleven district court judges, appears to provide the judicial authorization for many of these programs. In secret, non-adversarial proceedings, the government requests authorization from FISC to collect metadata under Section 215 of the PATRIOT Act or to set up surveillance programs under Section 702 of FISA. Of the more than 33,000 requests made before FISC since 1979, the court has only rejected 11.
Civil liberties and privacy advocates from the government, the private sector, and civil society have put forth a number of recommendations that would restrict the government’s ability to implement bulk surveillance and data collection programs, increase transparency, and encourage greater government accountability to the American people. Although the government has made some cosmetic nods towards openness, substantive reform remains largely theoretical. Technically, the government has become more transparent. This past August, the Office of the Director of National Intelligence (ODNI) launched a Tumblr page, IC on the Record. To its credit, IC on the Record has provided a number of declassified documents (including FISC opinions and orders, government memoranda and letters, and intelligence agency reports), often as vignettes of inadvertent government wrongdoing soon corrected; Lawfare has provided substantive analysis of three such sets of declassified documents.
However, one need only look at the site’s self-proclaimed purpose (to provide “factual information related to the lawful foreign surveillance activities carried out by the U.S. Intelligence Community”) to recognize that impartiality doesn’t necessarily accompany transparency. FISC also launched a website this summer that contains copies of all unclassified or declassified court documents. Now accessible are the motions, amici briefs, and orders for cases filed by Google, Microsoft, Yahoo, Facebook, and LinkedIn, in which each company requests permission to publish aggregate information about the consumer data they provided to the government pursuant to FISC orders.
FISC has also posted newly declassified opinions responding to government surveillance requests and court correspondence to the Senate Committee on the Judiciary. This is a positive development in the quest for greater transparency from this secret court; unfortunately, the posted decisions represent only a fraction of FISC opinions in existence, many of which substantively interpret and apply FISA and the PATRIOT Act. Turning to oversight, the most promising new player is the Privacy and Civil Liberties Oversight Board (PCLOB), an independent agency created in 2007 upon recommendation of the 9/11 commission but only made operational in May 2013 upon Senate confirmation of the Board Chairman. PCLOB is charged with ensuring that privacy and civil liberties are “appropriately considered” in policies, laws, and regulations designed to protect the country from terrorism.
Following the revelations of secret documents by former NSA contractor Edward Snowden, PCLOB held a public workshop, a public meeting, and a public hearing (and accepted several rounds of public comments) ahead of its forthcoming public report on Sections 215 and 702. PCLOB sent a letter to the Attorney General and Director of National Intelligence requesting that the executive branch update the Executive Order that provides overarching guidance to intelligence activities, offering an encouraging sign of its willingness to push for meaningful reform. Whether its efforts will lead to tangible reforms remains to be seen. In August, President Obama established the Review Group on Intelligence and Communications Technologies within ODNI. Overseen by Director of National Intelligence (DNI) James Clapper, the Review Group is charged with conducting a (purportedly) independent analysis of how U.S. data collection capabilities can optimally protect national security, advance foreign interests, respect privacy and civil liberties, maintain the public trust, and reduce the risk of unauthorized disclosure.
In mid-December, the White House publicly released the Review Group’s final report and recommendations. The forty-six recommendations span the gambit: from advocating that the government be prohibited from collecting and storing “all mass, undigested, non-public personal information about individuals to enable future queries and data-mining for foreign intelligence purposes” and supporting the installation of a Public Interest Advocate to represent privacy and civil liberties interests before FISC, to acknowledging the privacy rights of non-U.S. persons. Despite these encouraging proposals, however, the report nevertheless sidesteps constitutional analysis and condones ongoing mass surveillance—for example, by proposing that bulk metadata be stored by private or third parties (and only accessible by the government with a specific FISC order), and allowing bulk collection surveillance programs to remain secret if they serve a compelling government interest and their efficiency would be substantially impaired if revealed. President Obama is expected to announce his reaction to the report later this week.
Given the low likelihood that the Executive branch will self-reform, solutions must come from the outside—namely, via litigation and legislation. On the former front, reform groups are attempting to establish some accountibility under constitutional and statutory principles through litigation. In June 2013, the ACLU filed a complaint in the Southern District of New York, arguing that that the specific FISC order to Verizon (revealed by The Guardian on June 5, 2013) violated both the Section 215’s statutory authority and the First and Fourth Amendments. In a complementary effort, the Electronic Privacy Information Center (EPIC) unsuccessfully petitioned the Supreme Court directly with a writ of mandamus that challenged the same order on pure statutory grounds. Judge William H. Pauley’s late December opinion granted the government’s motion to dismiss, finding that Congress did not intend targets of Section 215 orders (including the ACLU) to have standing to challenge the statute, and that Section 215 as written allows bulk collection. Judge Pauley further held that although the ACLU has standing to challenge the constitutionality of Section 215 orders, Smith v. Maryland controls the Fourth Amendment claims, and bulk collection will not chill First Amendment freedom of association because the government’s actual use of ACLU metadata is highly speculative. The ACLU has filed an appeal.
In a surprising ruling issued just ten days prior, however, Judge Richard J. Leon of the U.S. District Court of D.C. granted the request for an injunction brought by Larry Klayman of Freedom Watch. Klayman had likewise challenged the constitutional and statutory authority behind the Section 215 orders. Judge Leon found similarly to Judge Pauley on the issue of standing, but ultimately enjoined the telephone metadata collection program as constituting an unreasonable Fourth Amendment search. Judge Leon stayed his order pending government appeal, which was filed on January 3, 2014. The Electronic Frontier Foundation (EFF) has also sued the NSA in the Northern District of California, arguing that the same Verizon court order violates the First Amendment protection of freedom of association. In addition, the ACLU has filed two further motions with FISC to force the disclosure of secret court opinions authorizing mass domestic surveillance.
Although Judge Leon’s opinion spells hope for reform via judicial review, all cases will face lengthy appeal before a final holding will permanently affect government behavior. Among legislative efforts, more than half a dozen reform measures have been introduced in Congress since June, but two bills have emerged as dueling forerunners. The USA FREEDOM Act, co-authored by Senator Patrick Leahy and Representative Jim Sensenbrenner, would, among other things, introduce a special advocate to FISC, constrain the government’s ability to collect communications under Sections 215 and 702, require public disclosure of “significant” FISC opinions, and mandate reports by various Inspectors General—positive reforms that would go a long way toward reasserting fundamental civil liberties into our nation’s surveillance programs. The bill does not, however, address related problems of government surveillance overreach such as the sabotage of encryption programs, the tapping of data links between service provider data centers, the surveillance of non-Americans, and excessive secrecy that precludes accountability.
The second contender, Senator Dianne Feinstein’s FISA Improvements Act of 2013, would establish some transparency mechanisms, but would essentially codify and actually expand the NSA’s current practices, including the bulk collection of metadata and the querying of collected data without judicial oversight. The bill would further allow government employees to sift through collected communications based solely on “reasonable articulable suspicion” (not checked by a judicial body) and allow foreigners who enter the United States to remain under surveillance for up to 72 hours. A direct challenge to the USA FREEDOM Act, the FISA Improvements Act would turn mass government surveillance and bulk collection of communications without cause into standard practice. Senator Feinstein’s bill was voted out of committee at the end of October; the USA FREEDOM Act remains in committee in both the House and Senate.
So, where does the nation stand? Mass surveillance continues unabated and the hope of substantive reform currently depends on Congress taking action, the Executive branch voluntarily adopting the Review Group recommendations, or the federal courts defying the government’s assertion that national security is paramount. While the status quo is certainly not grounds for despair, civil liberties and privacy face a steep uphill battle.