Tag: national security agency

Reviewing the Review Group: Practice What You Preach

The “President’s Review Group on Intelligence and Communications Technologies” has issued their report. Convened in late summer to advise the president on what to do in the wake of the Snowden revelations (without mentioning Snowden), the group was rightly criticized for its ‘insider’ composition. The report has beaten the privacy community’s low expectations, which is good news. It advances a discussion that began in June and that will continue for years.

Some observations:

- Contrary to expectations, the report is outside the White House’s “comfort zone.” That’s good, because, as noted, this group could easily have decided to ratify the status quo, handing the administration and the National Security Agency a minor victory. The report positioned Senate Judiciary Committee chairman Patrick Leahy (D-VT) to say: “The message to the NSA is now coming from every branch of government and from every corner of our nation: You have gone too far.”

- There is no reason to treat the report as a reform “bible.” This was a problem with the 9/11 Commission report, for example, which was held up as sacrosanct even when it was wrong. The Review Group report is right about some things, such as eliminating administratively issued National Security Letters, it is wrong about some things, and it omits some key issues, such as the government-wide penchant for secrecy that created the current problems.

- Weaknesses are more interesting than strengths, and a particular weakness of the report is its call for retaining the phone calling surveillance program. Recommendation Five calls for legislation that “terminates the storage of bulk telephony meta-data by the government under [USA-PATRIOT Act] section 215, and transitions as soon as reasonably possible to a system in which such meta-data is held instead either by private providers or by a private third party.” The debate over data retention mandates ended some years ago, and the government was denied this power. The NSA’s illegal excesses should not be rewarded by giving it authorities that public policy previously denied it. Outsourcing dragnet surveillance does not cure its constitutional and other ills.

- The data retention recommendation is in conflict with another part of the report, which calls for risk management and cost-benefit analysis. “The central task,” the report says, “is one of risk management.” So let’s discuss that: Gathering data about every phone call made in the United States and retaining it for years produces only tiny slivers of security benefit, the NSA’s unsupported claims to the contrary notwithstanding. Considering dollar costs alone, it almost certainly fails a cost-benefit test. If you include the privacy costs, the failure of this program to manage security risks effectively is more clear. The Review Group’s conclusion about communications surveillance is inconsistent with its welcome promotion of risk management.

Most legal scholars and most civil liberties and privacy advocates punt on security questions, conceding the existence of a significant threats, however undefined and amorphous. They disable themselves from arguing persuasively about what is “reasonable” for Fourth Amendment purposes. Concessions like these also prevent one from conducting valid risk management and cost-benefit analysis. Some of us here at Cato don’t shy from examining the security issues, and we do pretty darn good risk management. The Review Group should practice what it preaches if it’s going to preach what we practice!

A Data Retention Mandate? NO

The Wall Street Journal reports that a panel convened by the president to review the National Security Agency’s programs will recommend that “the records of nearly every U.S. phone call now collected in a controversial NSA program be held instead by the phone company or a third-party organization.” That recommendation is a non-starter.

Mandatory data retention has been floated for years using the most politically appealing rationale, child predation. In 2007, we characterized the idea as costly, outsourced surveillance, and Congress has consistently denied that power to the government. In fact, child protection bills containing data retention mandates were introduced in several Congresses but only passed once provisions deputizing communications providers into government surveillance were stripped out. Randy Barnett and I made this point in our brief urging the Supreme Court to take up the NSA’s mass surveillance of Americans’ telephone calling.

“Congress has declined to institute mandatory data retention laws because the costs, risks, and privacy consequences for innocent citizens outweigh their law enforcement and security benefits,” we wrote. “The Verizon order reverses this Congressional policy by requiring a telecommunications provider to turn all data over to the government for retention by the National Security Agency.”

How ironic it would be if the NSA’s illegal excesses delivered it a victory on a policy initiative that it lost years ago. Is secretly violating Americans’ communications privacy really rewarded by a policy requiring the violation of Americans’ communications privacy?

Rep. Jim Sensenbrenner (R-WI), who claims authorship of the USA-PATRIOT Act, came to Cato two months ago to lament the NSA’s use of that law for domestic spying he did not intend the NSA to have. In the past, he has said that data retention “runs roughshod over the privacy rights of people who use the Internet for thousands of lawful purposes.” Assumedly, he believes the same as to people’s use of the phone, and he will continue working with other privacy-minded legislators to relegate data retention mandates to the dustbin of history.

The NSA’s Rent Is Too Damn High

For months, the American public has received a steady stream of new information detailing the massive scale and scope of the United States’ spying activities. Of course, maintaining a surveillance state powerful enough to reach into the inboxes of world leaders, friend and foe, is not cheap. Indeed, as the Washington Post revealed when it released portions of the so-called Black Budget, this year’s price tag on America’s spook infrastructure comes out to a whopping $52.6 billion.

This is, of course, a tremendous sum – more than double the size of the Department of Agriculture, more than triple the size of NASA; the list goes on… But, what really puts this number into perspective is its average cost to each American taxpayer, or what I would call the NSA and associated agencies’ “rent.”

Yes, the NSA’s rent, charged to every taxpayer living under its web of surveillance, comes out to an exorbitant $574 per year. If this is the price the federal government is charging American taxpayers to have their own privacy invaded, then I say the NSA’s rent is too damn high.

Normally, at the end of one of these blogs, I would ask a rhetorical question like: “Washington, are you listening?” But, in this case, we know Washington is listening, and now we know how much we’re being charged for it.

NSA Spying in the Courts

The National Security Agency’s collection of every American’s telephone dialing information is hotly contested in the court of public opinion and in Congress. It is now seeing its first test in the courts since its existence was revealed.

The Electronic Privacy Information Center, arguing that it has no other recourse, has filed an extraordinary appeal to the Supreme Court of the order requiring Verizon to turn over telephone calling information en masse to the government. EPIC is a Verizon customer that communicates by telephone with confidential sources, government officials, and its legal counsel.

Cato senior fellow and Georgetown University law professor Randy Barnett joined me this week on a brief to the Court urging it to accept the case so it can resolve statutory and constitutional issues that have “precipitated a juridical privacy crisis.”

The brief first argues that the Foreign Intelligence Surveillance Act does not authorize a sweeping warrant for all communications data. The law requires such a warrant to show relevance to an existing investigation, which is impossible when the data is gathered in support of future, entirely speculative investigations. Not only the text of the statute, but Congress’s intent and the structure of the statute support this interpretation.

NSA Spying, NSA Lying, and Where the Fourth Amendment Is Going

If you want a good primer on the NSA spying disclosed so far, check out the item by Cato alum Tim Lee on the Washington Post’s WonkBlog. It’s a blessedly brief but informative run-down covering:

- mass collection of phone records;

- the PRISM program, which gathers data about Americans incidentally to its stated aim of foreign surveillance; and

- the NSA’s fiber optic eavesdropping: “[T]he NSA has a broad program (actually, several of them) to sweep up Internet traffic from fiber optic cables.”

Also, be sure to read the letter Senators Wyden (D-OR) and Udall (D-CO) sent to NSA head General Keith Alexander yesterday. In it, they point out inaccurate and misleading statements the NSA made in a recently distributed fact sheet. At a certain point, inaccuracies become willful.

On the question of whether surveillance of every American’s phone calling is constitutional, Lee notes how the government and its defenders will rely on a 1979 case called Smith v. Maryland. In that case, the government caused a telephone company to install a pen register at its central offices to record the numbers dialed from the home of a suspected robber. Applying doctrine that emerged from Katz v. United States (1967), the Court found that a person doesn’t have a “reasonable expectation of privacy” in phone calling information, so no search occurs when the government collects and examines this information.

It takes willfulness of a different kind to rely on Smith as validation the NSA’s collection of highly revealing data about all of us. Smith dealt with one suspect, about whom there was already good evidence of criminality, if not a warrant. The NSA program collects call information about 300+ million innocent Americans under a court order. And the Supreme Court is moving away from Katz doctrine, having avoided relying on it in recent major Fourth Amendment cases such as Jardines (2013), Jones (2012), and Kyllo in 2001.

Nobody knows where exactly the Court is headed with the Fourth Amendment in the challenging area of communications, but I’ve argued for reaching back to the wisdom of Justice Butler, dissenting in Olmstead (1929):

Telephones are used generally for transmission of messages concerning official, social, business and personal affairs, including communications that are private and privileged – those between physician and patient, lawyer and client, parent and child, husband and wife. The contracts between telephone companies and users contemplate the private use of the facilities employed in the service. The communications belong to the parties between whom they pass.

Using Metadata to Find Paul Revere

What stood out to me in David Brooks’ amateur psychologizing about NSA leaker Edward Snowden on Monday was his claim that Snowden “has not been able to point to any specific abuses.” Brooks’ legal skills are even worse than his psychologizing. He didn’t notice that the document Snowden leaked was a general warrant. It fails to satisfy the Fourth Amendment’s requirements of probable cause and particularity. That’s an abuse.

I gather that it’s hard to apply the principles of liberty and our nation’s founding charter to the new world of data. In aid of your consideration, I offer you the fun essay: “Using Metadata to Find Paul Revere,” which recounts how metadata (so-called) reveals relationships and, from the perspective of King George, sedition.

The essay concludes:

[I]f a mere scribe such as I—one who knows nearly nothing—can use the very simplest of these methods to pick the name of a traitor like Paul Revere from those of two hundred and fifty four other men, using nothing but a list of memberships and a portable calculating engine, then just think what weapons we might wield in the defense of liberty one or two centuries from now.

The present-day federal surveillance programs revealed in media reports are “the tip of the iceberg,” Rep. Loretta Sanchez (D-CA) said Wednesday after being briefed Tuesday.

In Its Bubble of Secrecy, the National Security Bureaucracy Redefined Privacy for Its Own Purposes

Rep. Jim Sensenbrenner (R-WI) is nothing if not a security hawk, and this weekend he decried the NSA’s collection of all Americans’ phone calling records in a Guardian post entitled, “This Abuse of the Patriot Act Must End.” On Thursday last week, he sent a letter to Attorney General Eric Holder demanding answers by Wednesday.

It also became apparent over the weekend that the National Security Agency’s program to collect records of every phone call made in the United States is not for the purpose of data mining. (A Wall Street Journal editorial entitled “Thank You for Data Mining” was not only wrong on the merits, but also misplaced.) Rather, the program seizes data about all of our telephone communications and stores that data so it can aid investigations of any American who comes under suspicion in the future.

Details of this program will continue to emerge–and perhaps new shocks. The self-disclosed leaker–currently holed up in a Hong Kong hotel room waiting to learn his fate–is fascinating to watch as he explains his thinking.

The court order requiring Verizon to turn over records of every call “on an ongoing daily basis” is a general warrant.

The Framers adopted the Fourth Amendment to the Constitution in order to bar general warrants. The Fourth Amendment requires warrants 1) to be based upon probable cause and 2) to particularly describe the place to be searched and the persons or things to be seized. The leaked warrant has neither of these qualities.

A warrant like this would never be adopted in an open court system. With arguments and decisions available to the public and appeals going to public courts, common sense and simple shame would foreclose suspicionless data-gathering about every American for the benefit of future potential investigations. 

Alas, many people don’t believe all that deeply in the Constitution and the rule of law when facile promises of national security are on offer. It is thus worthwhile to discuss whether this is unconstitutional law enforcement and security practice would work. President Obama said last week, “I welcome this debate and I think it’s healthy for our democracy.”