A Surveillance State Coda
The program of warrantless NSA wiretapping (and data mining) authorized by President George W. Bush shortly after the 9/11 attacks prompted a flurry of intense debate over its legality when it was disclosed by The New York Times back in 2005. Those arguments have, by now, been so thoroughly rehearsed that there’s not a whole lot new to say about it.
But like Monty Python’s Black Knight, some of those old arguments keep popping up — as evidenced by John Eastman’s contribution to the Cato Unbound roundtable on the digital surveillance state we held last month. So while the roundtable’s over, I thought it would be convenient to round up a compact version of the main arguments in one place, for the convenience of folks who might not want to slog through the many law review articles that have been written on the subject.
‘Perfect Citizen’: Congress’ Perfect Failure
Reliable national security reporter Siobhan Gorman at the Wall Street Journal has broken a story about an Internet surveillance program called “Perfect Citizen” to be managed by the National Security Agency.
Reading about it is frustrating, and for me blame quickly settles on Congress. Our legislature is utterly supine before the national security bureaucracy, which exaggerates cybersecurity threats and consistently uses the secrecy trump card to defy oversight.
If there is to be a federal government role in securing the Internet from cyberattacks, there is no good reason why its main components should not be publicly known and openly debated. Small parts, like threat signatures and such—the unique characteristics of new attacks—might be appropriately kept secret, but no favor is done to any potential attackers by revealing that there is a system for detecting their activities.
A cybersecurity effort that is not tested by public oversight will be weaker than ones that are scrutinized by private-sector experts, academics, security vendors, and watchdog groups.
Benign intentions do not control future results, and governmental surveillance of the Internet for “cybersecurity” purposes may warp over time to surveillance for ideological and political purposes.
These abstract criticisms of “Project Citizen” are all that publicly available information allows. Far better would come from me and others more qualified if Congress were to do its job.
Congress owes it to us, the United States’ true citizens, to have public hearings on “Perfect Citizen.” Congress should reject broad assertions of secrecy so that the whole body politic can participate in securing our country from all threats.
Congressional and public oversight—searching oversight that tests assumptions and asks hard questions—would strengthen any government cybersecurity effort we find warranted. It would also ameliorate the threat of such programs to our civil liberties, democratic processes, and privacy.
The Wall Street Journal’s Surveillance Fantasies
There are too few periodical venues for good short fiction these days, so I’d normally be enthusiastic about the Wall Street Journal‘s decision to print works of fantasy. Unfortunately, they’ve opted to do so on their editorial page—starting with a long farrago of hypotheticals concerning the putative role of the Foreign Intelligence Surveillance Court in hindering the detection and apprehension of failed Times Square bomber Faisal Shahzad. In fairness to the editors, they acknowledge near the end of the piece that much of it is unvarnished speculation, but their flights of creative fancy extend to many claims presented as fact.
Let’s begin with the acknowledged fiction. The Journal editors wonder whether Shahzad might have been under surveillance before his botched Times Square attack, and posit that the NSA might have intercepted communications from “Waziristan Taliban talking about ‘our American brother Faisal,’ which could have been cross-referenced against Karachi flight manifests,” or “maybe Shahzad traded seemingly innocuous emails with Pakistani terrorists, and minimization precluded analysts from detecting a pattern.” Anything is possible. But it’s a leap to make this inference merely because investigators appear to have had fairly specific knowledge about his contacts with terrorists after he had already been identified. They would not have needed to “retroactively to reconstruct his activities from other already-gathered foreign wiretaps:” Once they had zeroed in on Shahzad, his calling patterns could have been reconstructed from phone company calling records whether or not he or his confederates were being targeted at the time the communications occurred, and indeed, those records could have been obtained by means of a National Security Letter without any oversight from the FISA Court.
The Latest ‘Intelligence Gap’
Stop me if you think you’ve heard this one before. The Washington Post reports that the National Security Agency has halted domestic collection of some type of communications metadata—the details are predictably fuzzy, though I’ve got a guess—in order to allay the concerns of the secret FISA Court that the NSA’s activity might not be technically permissible under the Foreign Intelligence Surveillance Act. Naturally, there’s the requisite quote from the anonymous concerned intel official:
“This is a basic tool we used to have, and it’s now gone,” said one intelligence official familiar with the impasse. “Every day, every week that goes by, there’s just one more week of information that we’re not collecting. You sit there and say, ‘This is unbelievable that we have this gap.’”
I want to take claims like these with due gravity, but I can’t anymore. Because we’ve heard them again and again over the past decade, and they’ve proven to be bogus every time. We were told that the civil liberties restrictions built into pre-9/11 surveillance law kept the FBI from searching “20th hijacker” Zacarias Moussaoui’s laptop—but a bipartisan Senate panel found it wasn’t true. We were told limits on National Security Letters were FBI delaying agents seeking vital records in their investigations—but the delay turned out to have been manufactured by the FBI itself. Most recently, we were warned that the FISA Court had somehow imposed a requirement that a warrant be obtained in order to intercept purely foreign telephone calls that were traveling through U.S. wires. Anyone who understood the FISA law realized that this couldn’t possibly be right—and as Justice Department officials finally admitted under pressure, that wasn’t true either. But this time there’s a really real for serious “intelligence gap” and we’ll all be blown up by scary terrorists any minute if it’s not fixed? Pull the other one.
That said, Republicans are claiming the problem requires a mere “technical fix” to FISA, so we should at least be able to get a rough sense of what the issue is, if Congress actually decides to act. Democrats, by contrast, appear to think NSA can “address the court’s concerns without resorting to legislation.” The word “resort” here seems depressingly apt: They’ll ask for a legislative tweak if there’s absolutely no way to shoehorn what they want to do into the statute through clever lawyering in an ex parte proceeding in front of a highly deferential court, but it’s a last resort.
As for what the problem might be, I can think of a couple of possibilities off the top of my head. A few years back, the FISA pen register provision was amended to effectively build into the legal order for a standard pen register, which records data about calls or e-mails made and received, language mirroring a legal demand for subscriber records known as a 2703(d) order in the criminal context. Law enforcement routinely uses that combination of a 2703(d) plus a pen register to get location tracking information for cell phones. But the evidentiary standard for getting a 2703(d) order is (very) slightly higher than the standard for a pen register alone, and federal law prohibits the use of a pen register alone to gather location data. So there might be a question about whether FISA pen registers alone can be used for cell phone location tracking purposes.
Alternatively, given that Internet communications aren’t just “metadata” and “content” but rather a whole series of layers containing different types of information, there could be a question about just how far down “metadata” goes. This might be especially tricky for protocols where quite a lot of information about the content of the communication—which is supposed to require a full probable cause warrant—can be gleaned from sophisticated analysis of the size and timing of packets in the stream.
These are, of course, blind guesses. What’s disturbing is how much blind guessing the FISA court itself may be doing. The new hiatus, the Post tells us via an anonymous source, came about when the FISA Court “got a little bit more of an understanding”of what the NSA was up to. Their enhanced understanding concerns data that NSA has been getting with the court’s approval for “several years,” according to the Post. And there you have the real “intelligence gap” in modern surveillance: We have a Court going through a pantomime of oversight over thousands of highly technologically sophisticated interception programs, but it may take a few years for them to really understand what they’ve been signing off on.
We’ll understand still less about the rationale for any “technical fix” to FISA that Congress might approve, if they deign to go that route. But we’ll be reassured that it’s very important, necessary to keep us safe from the terrorist hordes, and nothing worth bothering our pretty heads about.
Crime and Punishment in the Intel Community
On Thursday, the government indicted former National Security Agency executive Thomas Drake for obstructing justice and mishandling classified documents—though the underlying crime, for which Drake was not actually charged, was leaking embarrassing information to national security reporter Siobhan Gorman (then of the Baltimore Sun, now at The Wall Street Journal). As Glenn Greenwald observes, the decision to move forward with a rare leak prosecution in Drake’s case stands in rather sharp contrast to the decision to look the other way when it comes to other sorts of wrongdoing in the world of intelligence.
For years, the NSA managed a sweeping program of warrantless wiretaps and large-scale data mining, which a federal judge recently confirmed was in gross violation of the Foreign Intelligence Surveillance Act. The telecoms who participated in the scheme were, equally clearly, violating the Electronic Communications Privacy Act. The FBI separately and systematically flouted the same law by obtaining call records for thousands of phone numbers without any legitimate legal process. And, of course, there’s the little matter of torture. For these crimes, the administration has pronounced a verdict of “boys will be boys,” on the grounds that it’s better to gaze boldly into our shining future than get bogged down in recriminations over all that old stuff.
Drake didn’t spy on the conversations of Americans without a court order, or subject detainees to simulated drowning or sleep deprivation. Far worse, apparently, he embarrassed the NSA. The first article for which he acted as a source, “Computer ills hinder the NSA,”detailed how the agency had squandered billions on faulty computer systems that were getting in the way of effective intelligence work:
One [system] is Cryptologic Mission Management, a computer software program with an estimated cost of $300 million that was designed to help the NSA track the implementation of new projects but is so flawed that the agency is trying to pull the plug. The other, code-named Groundbreaker, is a multibillion-dollar computer systems upgrade that frequently gets its wires crossed.
The downfall of the Cryptologic Mission Management program has not previously been disclosed. While Congress raised concerns about the agency’s management of Groundbreaker in a 2003 report, the extent and impact of its inadequacies have not been discussed publicly.
To be sure, Drake broke the law—just as Daniel Ellsberg did when he leaked the Pentagon Papers. But it’s hard to say how the law here was working to protect national security, as opposed to the agency’s image. In any event, the contrast between the reaction to Drake and the non-reaction to other forms of lawbreaking makes the standard in effect for Bush-era misdeeds clear: If you illegally gathered information on members of the public, Obama’s DOJ would rather let sleeping dogs lie. If you illegally tried to get information to the public, you’d better lawyer up. From Main Justice to Fort Meade, message received.
State Secrets, Courts, and NSA’s Illegal Wiretapping
As Tim Lynch notes, Judge Vaughn Walker has ruled in favor of the now-defunct Al-Haramain Islamic Foundation—unique among the many litigants who have tried to challenge the Bush-era program of warrantless wiretapping by the National Security Agency because they actually had evidence, in the form of a document accidentally delivered to foundation lawyers by the government itself, that their personnel had been targeted for eavesdropping.
Other efforts to get a court to review the program’s legality had been caught in a kind of catch-22: Plaintiffs who merely feared that their calls might be subject to NSA filtering and interception lacked standing to sue, because they couldn’t show a specific, concrete injury resulting from the program.
But, of course, information about exactly who has been wiretapped is a closely guarded state secret. So closely guarded, in fact, that the Justice Department was able to force the return of the document that exposed the wiretapping of Al-Haramain, and then get it barred from the court’s consideration as a “secret” even after it had been disclosed. (Contrast, incidentally, the Supreme Court’s jurisprudence on individual privacy rights, which often denies any legitimate expectation of privacy in information once revealed to a third party.) Al-Haramain finally prevailed because they were ultimately able to assemble evidence from the public record showing they’d been wiretapped, and the government declined to produce anything resembling a warrant for that surveillance.
If you read over the actual opinion, however it may seem a little anticlimactic—as though something is missing. The ruling concludes that there’s prima facie evidence that Al-Haramain and their lawyers were wiretapped, that the government has failed to produce a warrant, and that this violates the Foreign Intelligence Surveillance Act. But of course, there was never any question about that. Not even the most strident apologists for the NSA program denied that it contravened FISA; rather, they offered a series of rationalizations for why the president was entitled to disregard a federal statute.
Bush Wiretapping Illegal
That’s the finding by Federal Judge Vaughn Walker in a ruling made late yesterday. As the news reports note, Obama’s lawyers came into court to defend Bush’s policy–so that’s two administrations acting contrary to law.
The ruling itself can be found here (H/T to the How Appealing blog). For related Cato work, go here and here.
Wednesday Links
- Nat Hentoff reports on racism in Cuba.
- Federal judge dismisses charges against Blackwater guards over the killing of 17 in Baghdad. David Isenberg: “The fact that the Blackwater contractors are not getting a trial will only serve to further increase suspicion of and hostility towards security contractors. It is going to be even more difficult for them to gain the trust of local populations or government officials in the countries they work in.”
- New report shows state and local government workers have higher average compensation levels than private workers.
- Podcast: “Televising and Subsidizing the Big Game” featuring Neal McCluskey. “Everybody should watch the National College Football Championship because whether you’re interested or not, you are paying for it,” he says.
McCain: Interests of Defense Contractors May Conflict with US National Interest
USA Today reports that retired military officers join the boards of directors of, or become employees of, defense contractors and take home big bags of money doing so. Not surprising. At the same time, the paper reports, lots of them are being paid by the Pentagon to be “senior mentors” of their former colleagues. Not being government employees, but rather independent contractors, these folks aren’t subject to government ethics rules. To take one example, as chairman of BAE Systems, Gen. Anthony Zinni is clearing almost a million a year, in addition to his $129,000 per year government pension. In addition to all that, the Pentagon pays him about $2,000 per day to “mentor” people at DOD.
As the article points out, information is almost invaluable to the defense contractors in these contexts. The knowledge of what’s going on at DOD is extremely useful for planners at the defense companies, and so while the retired officers are protesting that being paid nearly $2,000 per day by DOD for their work as mentors is “way below the industry average,” it increases their value to, and presumably their compensation from, their military-industrial employers. As one coordinator of the mentors program told the retired officers, “you’re getting paid in two ways–monetarily and informationally.”
This isn’t too surprising a story, but the crowning irony comes as Sen. John McCain calls for an ethics rewrite and offers his view that “the important thing is that [the involved officers] avoid the appearance of conflict.” This is a puzzling remark coming from a man whose top foreign-policy adviser was collecting hundreds of thousands of dollars from the Georgian government to lobby McCain at the same time he was being paid by McCain to advise him on foreign policy.
McCain’s thoughts about conflict of interest in that instance? He was “so proud” of his lobbyist-cum-adviser. Presumably once McCain issued his ridiculous “today we are all Georgians” fatwa it became a patriotic duty to take money from foreign governments to represent their interests. But in the case of the proposed reforms–which would attempt to institute some semblance of transparency in these mentoring deals–one can only wish the senator from Arizona the best.
The FISA Amendments: Behind the Scenes
I’ve been poring over the trove of documents the Electronic Frontier Foundation has obtained detailing the long process by which the FISA Amendments Act—which substantially expanded executive power to conduct sweeping surveillance with little oversight—was hammered out between Hill staffers and lawyers at the Department of Justice and intelligence agencies. The really interesting stuff, of course, is mostly redacted, and I’m only partway though the stacks, but there are a few interesting tidbits so far.
As Wired has already reported, one e-mail shows Bush officials feared that if the attorney general was given too much discretion over retroactive immunity for telecoms that aided in warrantless wiretapping, the next administration might refuse to provide it.
A couple other things stuck out for me. First, while it’s possible they’ve been released before and simply not crossed my desk, there are a series of position papers — so rife with underlining that they look like some breathless magazine subscription pitch — circulated to Congress explaining the Bush administration’s opposition to various proposed amendments to the FAA. Among these was a proposal by Sen. Russ Feingold (D-WI) that would have barred “bulk collection” of international traffic and required that the broad new intelligence authorizations specify (though not necessarily by name) individual targets. The idea here was that if there were particular suspected terrorists (for instance) being monitored overseas, it would be fine to keep monitoring their communications if they began talking with Americans without pausing to get a full-blown warrant — but you didn’t want to give NSA carte blanche to just indiscriminately sweep in traffic between the U.S. and anyone abroad. The position paper included in these documents is more explicit than the others that I’ve seen about the motive for objecting to the bulk collection amendment. Which was, predictably, that they wanted to do bulk collection:
- It also would prevent the intelligence community from conducting the types of intelligence collection necessary to track terrorits and develop new targets.
- For example, this amendment could prevent the intelligence community from targeting a particular group of buildings or a geographic area abroad to collect foreign intelligence prior to operations by our armed forces.
So to be clear: Contra the rhetoric we heard at the time, the concern was not simply that NSA would be able to keep monitoring a suspected terrorist when he began calling up Americans. It was to permit the “targeting” of entire regions, scooping all communications between the United States and the chosen area.
Some Thoughts on the New Surveillance
Last night I spoke at “The Little Idea,” a mini-lecture series launched in New York by Ari Melber of The Nation and now starting up here in D.C., on the incredibly civilized premise that, instead of some interminable panel that culminates in a series of audience monologues-disguised-as-questions, it’s much more appealing to have a speaker give a ten-minute spiel, sort of as a prompt for discussion, and then chat with the crowd over drinks.
I’d sketched out a rather longer version of my remarks in advance just to make sure I had my main ideas clear, and so I’ll post them here, as a sort of preview of a rather longer and more formal paper on 21st century surveillance and privacy that I’m working on. Since ten-minute talks don’t accommodate footnotes very well, I should note that I’m drawing for a lot of these ideas on the excellent work of legal scholars Lawrence Lessig and Daniel Solove (relevant papers at the links). Anyway, the expanded version of my talk after the jump:
Wednesday Links
- How Washington’s plans may result in even higher executive pay.
“In 1993, Congress intervened in corporate compensation and messed things up. Now it’s the White House’s turn.”
- The case for allowing insider trading: “Want to keep companies honest, make the markets work more efficiently and encourage investors to diversify? Let insiders buy and sell.”
- Cato v. Heritage on the Patriot Act, Round III: “In hindsight, did Congress and the president react too hastily in 2001 by passing the Patriot Act just weeks after the 9/11 attacks?”
- Instead of fixing the Patriot Act, President Obama is protecting it.
- Twenty years later: Why the Berlin Wall fell.
- Podcast: “Financial Privacy and Freedom” featuring Prince Michael of Liechtenstein.
Cato on Facebook
Cato on Twitter
Cato on Google+
Cato on YouTube
