Wyden Pressing Intel Officials on Domestic Location Tracking
Back in May, during the debates over reauthorization of the Patriot Act, Sens. Ron Wyden (D-OR) and Mark Udall (D-CO) began raising a fuss about a secret interpretation of the law’s so-called “business records” authority, known to wonks as Section 215, arguing that intelligence agencies had twisted the statute to give themselves domestic surveillance powers Congress had not anticipated or intended. At the time, I marshaled a fair amount of circumstantial evidence that, I thought, suggested that the “secret authority” involved location tracking of cell phones. Wyden backed off after being promised a secret hearing to address his concerns—but indicated he’d be returning to the issue if he remained unsatisfied. The hearing occurred early last month. Now I suspect we’re seeing the other shoe dropping.
At a confirmation hearing this morning for Matthew Olsen, who’s been tapped to head the National Counterterrorism Center, Wyden repeatedly asked the nominee whether the intelligence community “use[s] cell site data to track the location of Americans inside the country.” This comes on the heels of a letter Wyden and Udall sent to Director of National Intelligence James Clapper demanding an answer to the same question. Olsen was unsurprisingly vague, calling it a “complicated question” but allowing that there were “certain circumstances where that authority may exist.” The committee was promised a memo explaining those “circumstances” by September. That means that just about ten years after Congress approved the Patriot Act, a handful of legislators may get the privilege of learning what it does. Ah, democracy.
On a related note, one of the data points I cited in my previous post was that Wyden’s Geolocation Privacy and Surveillance Act had, somewhat unusually, been structured primarily as a reform to the Foreign Intelligence Surveillance Act (FISA), which governs intelligence spying, only later incorporating the same protections into the statutes governing ordinary criminal investigations. Especially striking was the inclusion of a specific prohibition on the use of Section 215 for location tracking, above and beyond the general warrant requirement. Since that writing, however, the bill gained Republican co-sponsorship, and dropped the changes to FISA that had previously been the bill’s centerpiece. Instead, the bill now contains an explicit exception for FISA “electronic surveillance,” in addition to the section providing for location tracking authorized by either a criminal or a FISA warrant. I’m not privy to whatever negotiations necessitated that change, but it’s hard to imagine anyone would have insisted on such a substantial restructuring if the intelligence community weren’t doing at least some location tracking pursuant to a lower standard than probable cause.
It’s not entirely clear exactly what the current version of the bill would permit, however. FISA is mentioned twice in the draft: once as part of a vague general exemption for “electronic surveillance,” and then again as one of the sources of authority for a “warrant” to do geolocation tracking. At a first pass, though, those two definitions ought to overlap, because FISA requires a secret intelligence court to issue a warrant based on probable cause (to believe the target is an “agent of a foreign power”) for government monitoring that falls within the FISA’s definition of “electronic surveillance,” in contrast with the far laxer standards that apply to the use of Section 215. It’s therefore an interesting puzzle what, exactly, that exception is meant to permit. Possibly the idea is to permit the (otherwise prohibited) “use” and “disclosure” of geolocation information already obtained without a warrant in order to target future judicially authorized “electronic surveillance,” but it’s hard to be sure. What does seem increasingly sure, however, is that location tracking is connected to the controversy over Section 215—and that Congress owes the American people a debate over the proper use and scope of that power, which it has thus far refused to have.
The Latest ‘Intelligence Gap’
Stop me if you think you’ve heard this one before. The Washington Post reports that the National Security Agency has halted domestic collection of some type of communications metadata—the details are predictably fuzzy, though I’ve got a guess—in order to allay the concerns of the secret FISA Court that the NSA’s activity might not be technically permissible under the Foreign Intelligence Surveillance Act. Naturally, there’s the requisite quote from the anonymous concerned intel official:
“This is a basic tool we used to have, and it’s now gone,” said one intelligence official familiar with the impasse. “Every day, every week that goes by, there’s just one more week of information that we’re not collecting. You sit there and say, ‘This is unbelievable that we have this gap.’”
I want to take claims like these with due gravity, but I can’t anymore. Because we’ve heard them again and again over the past decade, and they’ve proven to be bogus every time. We were told that the civil liberties restrictions built into pre-9/11 surveillance law kept the FBI from searching “20th hijacker” Zacarias Moussaoui’s laptop—but a bipartisan Senate panel found it wasn’t true. We were told limits on National Security Letters were FBI delaying agents seeking vital records in their investigations—but the delay turned out to have been manufactured by the FBI itself. Most recently, we were warned that the FISA Court had somehow imposed a requirement that a warrant be obtained in order to intercept purely foreign telephone calls that were traveling through U.S. wires. Anyone who understood the FISA law realized that this couldn’t possibly be right—and as Justice Department officials finally admitted under pressure, that wasn’t true either. But this time there’s a really real for serious “intelligence gap” and we’ll all be blown up by scary terrorists any minute if it’s not fixed? Pull the other one.
That said, Republicans are claiming the problem requires a mere “technical fix” to FISA, so we should at least be able to get a rough sense of what the issue is, if Congress actually decides to act. Democrats, by contrast, appear to think NSA can “address the court’s concerns without resorting to legislation.” The word “resort” here seems depressingly apt: They’ll ask for a legislative tweak if there’s absolutely no way to shoehorn what they want to do into the statute through clever lawyering in an ex parte proceeding in front of a highly deferential court, but it’s a last resort.
As for what the problem might be, I can think of a couple of possibilities off the top of my head. A few years back, the FISA pen register provision was amended to effectively build into the legal order for a standard pen register, which records data about calls or e-mails made and received, language mirroring a legal demand for subscriber records known as a 2703(d) order in the criminal context. Law enforcement routinely uses that combination of a 2703(d) plus a pen register to get location tracking information for cell phones. But the evidentiary standard for getting a 2703(d) order is (very) slightly higher than the standard for a pen register alone, and federal law prohibits the use of a pen register alone to gather location data. So there might be a question about whether FISA pen registers alone can be used for cell phone location tracking purposes.
Alternatively, given that Internet communications aren’t just “metadata” and “content” but rather a whole series of layers containing different types of information, there could be a question about just how far down “metadata” goes. This might be especially tricky for protocols where quite a lot of information about the content of the communication—which is supposed to require a full probable cause warrant—can be gleaned from sophisticated analysis of the size and timing of packets in the stream.
These are, of course, blind guesses. What’s disturbing is how much blind guessing the FISA court itself may be doing. The new hiatus, the Post tells us via an anonymous source, came about when the FISA Court “got a little bit more of an understanding”of what the NSA was up to. Their enhanced understanding concerns data that NSA has been getting with the court’s approval for “several years,” according to the Post. And there you have the real “intelligence gap” in modern surveillance: We have a Court going through a pantomime of oversight over thousands of highly technologically sophisticated interception programs, but it may take a few years for them to really understand what they’ve been signing off on.
We’ll understand still less about the rationale for any “technical fix” to FISA that Congress might approve, if they deign to go that route. But we’ll be reassured that it’s very important, necessary to keep us safe from the terrorist hordes, and nothing worth bothering our pretty heads about.
Poor Judgment All Around
When school administrators discovered nude photos of teenage girls in the cell phones of some boys at school, they decided to set an example and crack down on “sexting.” The school officials took the matter to the local prosecutor. The prosecutor, in turn, informed the parents of the girls that the youngsters would either have to attend a multi-session education and counseling class or face felony child pornography charges.
The letter to the parents explaining the “program” stated, “Participation in the program is voluntary. … However, charges will be filed against those that do not participate.” Hmmm. This curious arrangement was challenged in a lawsuit and the court found the prosecutors’ actions illegal. Go here (pdf) for the ruling. Will the prosecutor be sanctioned for the illegal action? Don’t count on it.
Cell Phones and Ingratitude
When I was a kid in the 1960s and we came back from a visit to my grandmother’s, my mother used to call my grandmother, let the phone ring twice, and then hang up. It was important for my grandmother to know that we’d arrived home safely, but long-distance telephone calls were too expensive to indulge in unnecessarily. When I entered Vanderbilt University in 1971, my parents had to decide whether to pay for a telephone in my dorm room. They decided to do so, but most of the thoroughly upper-middle-class students on my floor did not have phones. Phones cost real money back then. Then came the breakup of the AT&T monopoly in 1984. Phone technology and competitive service provision exploded. In 1982, Motorola produced the first portable mobile phone. It weighed about 2 pounds and cost $3995. Within a very few years they were much smaller, much cheaper, and selling like hotcakes.
Today there are some 4.6 billion mobile phones in the world, and counting, or about 67 per every 100 people in the world. The newer ones allow you to carry in your hand more computing power than the computers that put Apollo 11 on the moon. You can cruise the internet, find your location with GPS, read books, send texts, pay bills, process credit cards, watch video, record video, stream video to the web, take and send photos — oh, and make phone calls from just about anywhere. Unimaginable just a few years ago.
And to celebrate this incredible achievement, Slate and the New America Foundation are holding a forum titled “Can You Hear Me Now? Why Your Cell Phone is So Terrible.”
This is an old story. Markets, property rights, and the rule of law provide a framework in which technology and prosperity soar, and some people can only complain. I was reading some of Deirdre McCloskey’s forthcoming book Bourgeois Dignity this week. She points out that the average person lived on the equivalent of $3 a day in 1800. Today there are six and a half times as many people, but the average person earns and consumes 10 times as much, far more than that in the most capitalist countries. And yet some people, most leftist intellectuals, continue to ignore what McCloskey calls “the gigantic gains from bourgeois dignity and liberty” and to denounce the markets, economic liberalization, and globalization that have liberated billions of people from eons of back-breaking labor.
Now don’t get me wrong. I’m a big fan of consumer reporting and analysis, which is an important part of a robust marketplace. Competition and consumer reporting both help to keep prices low and quality improving. And there’s plenty of room for criticism of cell phone pricing, contracting, and service. But when a discussion like this is held by a public policy research organization and a public-affairs magazine as part of a program on public policy, then it’s not just consumer advice. It is presumably a discussion of what the sluggish, coercive institution of government can do to improve — or more likely impede — a fabulously dynamic, constantly improving consumer-directed industry. And that usually ends in tears.
Maybe we should hold a forum titled “Can You Hear Me Now? And Watch Me on Video? And Read My Book on Your Handheld Device? And Check Your Blood Pressure and Glucose? How Markets, Innovation, and Entrepreneurs Have Taken Cell Phone Technology from Clunker to Computer in Barely a Generation.”
The Government Can Monitor Your Location All Day Every Day Without Implicating Your Fourth Amendment Rights
If you have a mobile phone, that’s the upshot of an argument being put forward by the government in a case being argued before the Third Circuit Court of Appeals tomorrow. The case is called In the Matter of the Application of the United States of America For An Order Directing A Provider of Electronic Communication Service To Disclose Records to the Government.
In that case, the Obama administration has argued that Americans enjoy no “reasonable expectation of privacy” in their—or at least their cell phones’—whereabouts. U.S. Department of Justice lawyers say that “a customer’s Fourth Amendment rights are not violated when the phone company reveals to the government its own records” that show where a mobile device placed and received calls.
The government can maintain this position because of the retrograde “third party doctrine.” That doctrine arose from a pair of cases in the early 1970s in which the Supreme Court found no Fourth Amendment problems when the government required service providers to maintain records about their customers, and later required those service providers to hand the records over to the government.
I wrote about these cases, and the courts’ misunderstanding of privacy since 1967′s Katz decision, in an American University Law Review article titled “Reforming Fourth Amendment Privacy Doctrine“:
These holdings were never right, but they grow more wrong with each step forward in modern, connected living. Incredibly deep reservoirs of information are constantly collected by third-party service providers today. Cellular telephone networks pinpoint customers’ locations throughout the day through the movement of their phones. Internet service providers maintain copies of huge swaths of the information that crosses their networks, tied to customer identifiers. Search engines maintain logs of searches that can be correlated to specific computers and usually the individuals that use them. Payment systems record each instance of commerce, and the time and place it occurred. The totality of these records are very, very revealing of people’s lives. They are a window onto each individual’s spiritual nature, feelings, and intellect. They reflect each American’s beliefs, thoughts, emotions, and sensations. They ought to be protected, as they are the modern iteration of our “papers and effects.”
This is a case to watch, as it will help determine whether or not your digital life is an open book to government investigators.
Three Keys to Surveillance Success: Location, Location, Location
The invaluable Chris Soghoian has posted some illuminating—and sobering—information on the scope of surveillance being carried out with the assistance of telecommunications providers. The entire panel discussion from this year’s ISS World surveillance conference is well worth listening to in full, but surely the most striking item is a direct quotation from Sprint’s head of electronic surveillance:
[M]y major concern is the volume of requests. We have a lot of things that are automated but that’s just scratching the surface. One of the things, like with our GPS tool. We turned it on the web interface for law enforcement about one year ago last month, and we just passed 8 million requests. So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone. So the tool has just really caught on fire with law enforcement. They also love that it is extremely inexpensive to operate and easy, so, just the sheer volume of requests they anticipate us automating other features, and I just don’t know how we’ll handle the millions and millions of requests that are going to come in.
Technology: Debating the Pace of Progress
Last night, thanks to Craigslist and a Web-enabled cell phone, I unloaded two extra tickets to tonight’s World Cup qualifying game between the U.S. and Costa Rica in under an hour. (8:00, ESPN2 “USA! USA! USA!”)
Wanting to avoid the hassle of selling the tickets at RFK, I placed an ad on Craigslist offering them at cost, figuring I might find a taker and arrange to hand them off downtown today or at the stadium tonight. Checking email as I walked to the gym, I found an inquiry about the tickets and phoned the guy, who happened to live 100 feet from where I was walking. A few minutes later, he had the tickets and I had the cash.
This quaint story is a single data point in a trend line—the high-tech version of It’s Getting Better All the Time. Everyone living a connected life enjoys hundreds, or even thousands, of conveniences every day because of information technology. Through billions of transactions across the society, technology improves our lives in ways unimaginable two decades ago.
Before 1995, nobody ever traded spare soccer tickets in under an hour, on a Tuesday night, without even changing his evening routine. If soccer tickets are too trivial (you must not understand the game), the same dynamics deliver incremental, but massive improvements in material wealth, awareness, education, and social and political empowerment to everyone—even those who don’t live “online.”
Sometimes debates about technology regulation are cast in doom and gloom terms like the Malthusian arguments about material wealth. But the benefits we already enjoy thanks to technology are not going away, and they will continue to accrue. We are arguing about the pace of progress, not its existence.
This is no reason to let up in our quest to give technologists and investors the freedom to produce more innovations that enhance everyone’s well-being even more. But it does counsel us to be optimistic and to teach this optimism to our ideological opponents, many of whom seem to look ahead and see only calamity.
A Federal Ban on Texting While Driving?
In response to claims that texting-while-driving (TWD) causes traffic accidents, Congress is considering “a federal bill that would force states to ban texting while driving if they want to keep receiving federal highway money.”
This approach to forcing a particular policy on the states mimics the 1984 Federal Uniform Driving Age Act, which threatened to withhold federal highway funds unless states adopted a 21-year-old minimum legal drinking age. The justification for that law was reducing traffic fatalities among 18-20 year olds.
A federal ban on TWD is not compelling:
1. Federal imposition of the 21-year old minimum drinking age did not save lives.
2. A ban on texting might increase other distractions: adjusting the radio, putting on makeup, eating a sandwich, reading a map, and so on. Relatedly, the evidence that TWD causes accidents is far from convincing. Traffic fatalities per vehicle mile travelled have declined substantially over the past 15 years, despite the explosion in text messaging.
3. TWD has benefits, not just costs. Truckers, for example, claim that
Crisscrossing the country, hundreds of thousands of long-haul truckers use computers in their cabs to get directions and stay in close contact with dispatchers, saving precious minutes that might otherwise be spent at the side of the road.
4. If the benefits of banning TWD become clear, most states will ban on their own.
Thus laws that penalize TWD might make sense. But this is an issue for states, not the federal government.
Online Privacy and Regulation by Default
My colleague Jim Harper and I have been having a friendly internal argument about Internet privacy regulation that strikes me as having potential implications for other contexts, so I thought I might as well pick it up here in case it’s of interest to anyone else. Unsurprisingly, neither of us are particularly sanguine about elaborate regulatory schemes—and I’m sympathetic to the general tenor of his recent post on the topic. But unlike Jim, as I recently wrote here, I can think of two rules that might be appropriate: A notice requirement that says third-party trackers must provide a link to an ordinary-language explanation of what information is being collected, and for what purpose, combined with a clear rule making those stated privacy policies enforceable in court. Jim regards this as paternalistic meddling with online markets; I regard it as establishing the conditions for the smooth functioning of a market. What do those differences come down to?
IRS Wants Worker Cell Phones to Be Taxable
With about 100,000 employees (more than the CIA and FBI combined), the IRS has plenty of people who daydream about new ways of taking money from taxpayers. The latest scheme to emanate from the tax bureaucracy is to classify employer-provided cell phones as a taxable fringe benefit.
To be fair, non-pecuniary forms of compensation should be treated the same as cash income, but a bit of common sense should apply. What happens with cell phone plans with unlimited minutes, meaning that a business is not paying extra for personal calls? And if the IRS does go down this path, why harrass individuals when it would be much easier to simply make a portion of cell phone costs non-deductible for companies? It almost seems as if the IRS wants to instigate a tax revolt.
The Wall Street Journal reports:
The Internal Revenue Service proposed employers assign 25% of an employee’s annual phone expenses as a taxable benefit. Under that scenario, a worker in the 28% tax bracket, whose wireless device costs the company $1,500 a year, could see $105 in additional federal income tax….
The IRS move, which is spurring efforts by the wireless industry and others to kill the idea, would mark a stricter enforcement of an existing rule that classifies employer-provided cellphones as a taxable benefit, rather than a 24-hour-a-day work tool. Under a 1989 law, workers who use company-provided mobile phones for personal calls are supposed to count the value of those calls as income and pay federal income taxes accordingly. But businesses and workers have long ignored the requirement, prompting the IRS to consider steps the agency said would make it easier for businesses and workers to comply.
…Wireless companies also argue the IRS rule is outdated. Rates have declined so dramatically in the past decade — with night and weekend calls free under many plans — that it makes little sense for the IRS to assess employee benefits by nickels and dimes. “This is a regulation from a bygone time, dating back to the infancy of the cellphone business, and it is in desperate need of updating,” said Howard Woolley, a senior vice president with Verizon Wireless, a venture of Verizon Communications Inc. and Vodafone Group PLC.
Fourth Amendment Up for a Vote?
New Jerseyans may get a chance to vote their Fourth Amendment preferences in the upcoming gubernatorial elections. Among the candidates is Chris Christie, who as U.S. Attorney for New Jersey authorized the tracking of suspects’ cell phones without getting a warrant.
Cato on Facebook
Cato on Twitter
Cato on Google+
Cato on YouTube
