Tag: national security letters

Three Lessons from the Increasingly Irrelevant Annual Wiretap Report

The 2011 Wiretap Report was released this weekend, providing an overview of how federal and state governments used wiretapping powers in criminal investigations. (Surveillance for intelligence purposes is covered in a separate, far less informative report.) There’s plenty of interesting detail, but here’s the bottom line:

After climbing 34 percent in 2010 the number of federal and state wiretaps reported in 2011 deceased 14 percent. A total of 2,732 wiretaps were reported as authorized in 2011, with 792 authorized by federal judges and 1,940 authorized by state judges…. Compared to the numbers approved during 2010 the number of applications reported as approved by federal judges declined 34 percent in 2011, and the number of applications approved by state judges fell 2 percent. The reduction in wiretaps resulted primarily from a drop in applications for narcotics.

So is the government really spying on us less? Is the drug war cooling off? Well, no, that’s lesson number one: Government surveillance is now almost entirely off the books.

The trouble, as Andy Greenberg of Forbes explains, is that we’ve got analog reporting requirements in a digital age. The courts have to keep a tally of how often they approve traditional intercepts that are primarily used to pick up realtime phone conversationse—96 percent of all wiretap orders. But phone conversations represent an ever-dwindling proportion of modern communication, and police almost never use a traditional wiretap order to pick up digital conversations in realtime. Why would they? Realtime wiretap orders require jumping all sorts of legal hurdles that don’t apply to court orders for stored data, which is more convenient anyway, since it enables investigators to get a whole array of data, often spanning weeks or month, all at once. But nobody is required to compile data on those types of information requests, even though they’re often at least as intrusive as traditional wiretaps.

From what information we do have, however, it seems clear that phone taps are small beer compared to other forms of modern surveillance. As Greenberg notes, Verizon reported fielding more than 88,000 requests for data in 2006 alone. These would have ranged from traditional wiretaps, to demands for stored text messages and photos, to “pen registers” revealing a target’s calling patterns, to location tracking orders, to simple requests for a subscriber’s address or billing information. Google, which is virtually unique among major Internet services in voluntarily disclosing this sort of information, fielded 12,271 government requests for data, and complied with 11,412 of them. In other words, just one large company reports far more demands for user information than all the wiretaps issued last year combined. And again, that is without even factoring in the vast amount of intelligence surveillance that occurs each year: the thousands of FISA wiretaps, the tens of thousands of National Security Letters (which Google is forbidden to include in its public count) and the uncountably vast quantities of data vacuumed up by the NSA. At what point does the wiretap report, with its minuscule piece of the larger surveillance picture, just become a ridiculous, irrelevant formality?

Lesson two: The drug war accounts for almost all criminal wiretaps. Wiretaps may be down a bit in 2011, but over the long term they’ve still increased massively. Since 1997, even as communication has migrated from telephone networks to the internet on a mass scale, the annual number of wiretaps has more than doubled. And as this handy chart assembled by security researcher Chris Soghoian shows, our hopeless War on Drugs is driving almost all of it: for fully 85 percent of wiretaps last year, a drug offense was the most serious offense listed on the warrant application—compared with “only” 73 percent of wiretaps in 1997. Little surprise there: when you try to criminalize a transaction between a willing seller and a willing buyer, enforcement tends to require invasions of privacy. Oddly, law enforcement officials tend to gloss over these figures when asking legislators for greater surveillance authority. Perhaps citizens wouldn’t be as enthusiastic about approving these intrusive and expensive spying powers if they realized they were used almost exclusively to catch dope peddlers rather than murderers or kidnappers.

Speaking of dubious claims, lesson three: The encryption apocalypse is not nigh. As those of you who are both extremely nerdy and over 30 may recall, back in the 1990s we had something called the “Crypto Wars.” As far as the U.S. government was concerned, strong encryption technology was essentially a military weapon—not the sort of thing you wanted to allow in private hands, and certainly not something you could allow to be exported around the world. Law enforcement officials (and a few skittish academics) warned of looming anarchy unless the state cracked down hard on so-called “cypherpunks.” The FBI’s Advanced Telephony Unit issued a dire prediction in 1992 that within three years, they’d be unable to decipher 40 percent of the communications they intercepted.

Fortunately, they lost, and strong encryption in private hands has become the indispensable foundation of a thriving digital economy—and a vital shield for dissidents in repressive regimes. Frankly, it would probably have been worth the tradeoff even if the dire predictions had been right. But as computer scientist Matt Blaze observed back when the 2010 wiretap report was released, Ragnarok never quite arrives. The latest numbers show that investigators encountered encryption exactly 12 times in all those thousands of wiretaps. And how many times did that encryption prevent them from accessing the communication in question? Zero. Not once.

Now, to be sure, precisely because police seldom use wiretap orders for e-mail, that’s also a highly incomplete picture of the cases where investigations run up against encryption walls. But as the FBI once again issues panicked warnings that they’re “going dark” and demands that online companies be requried to compromise security by building surveillance backdoors into their services, it’s worth recalling that we’ve heard this particular wolf cry before. It would have been a disastrous mistake to heed it back then, and on the conspicuously scanty evidence being offered during the encore, it would be crazy to approach these renewed demands with anything less than a metric ton of salt.

Wittgenstein, Private Language, and Secret Law

One would like to say: whatever is going to seem right to me is right. And that only means that here we can’t talk about ‘right.’ — Ludwig Wittgenstein, Philosophical Investigations §258

Among the arguments for which the great 20th century philosopher Ludwig Wittgenstein is famous, perhaps the best known—and most controversial—is his argument for the impossibility of a truly “private language.” Since Wittgenstein’s own language was, if not quite “private,” notoriously opaque, it’s a matter of some controversy exactly what the argument is, but here’s a very crude summary of one common interpretation:

Language is, by it’s nature, a rule-governed enterprise. Under normal circumstances, for instance, I use words correctly when I say “there’s a yellow school bus outside,” just in case there is a yellow school bus outside. If, instead, there’s a blue Prius, then I may be lying, or trying to make some sort of signally unfunny joke, or confused about either the facts or about what words mean—but I am, one way or another, using the words “incorrectly.” And indeed, the only way words like “yellow” and “school bus” can have any specific meaning is if they’re correctly applied to some things, but not to others.

Now suppose I decide to invent my own private language, meant to describe my own internal sensations and mental states, maybe for the purpose of recording them in a personal diary. On the first day, I experience a particular sensation I decide to call “S,” and record in my diary: “Today I felt S.” As time passes, on some days I write S to describe my private sensations, and on other days maybe I come up with different labels—maybe T, U, and V. This certainly looks like a private language, but there’s a problem: each time I write down “S,” the idea is suppose to be that I’m recording that I had the same sensation I had the first day—S—and not T, U, or V. But what’s the criteria for “the same”? What makes it true that my sensation on day 27 really is “more like” the sensation S that I had on day 1, and not V, which I first had on day 16? How do I know that this new sensation is really an S and not a V? (Say S was an itch in my hand; will I be correct to use S to refer to an itch in my shoulder? Or a pain in my hand? Or for that matter a pain in my shoulder?) The only criterion is that it seems or feels that way to me. But in that case, I’m not really engaged in a rule-governed language system at all, because in effect S applies to whatever I decide it does. Since I can never really be wrong, it doesn’t really make sense to say I’m ever right in my use either. Since the terms are truly private, there’s no difference between “correctly applying S” and “specifying in greater detail what S means.” What looked like a “private language” was actually just a kind of pantomime of a true, rule-governed language.

I found myself thinking of Wittgenstein and his private language argument, oddly enough, when thinking about the various forms of “secret law” and “secret legal interpretations” that increasingly govern our endless War on Terror. Consider, for instance, the secret legal memorandum justifying the assassination of Anwar al-Awlaki, discussed in an October 8 New York Times piece:

The legal analysis, in essence, concluded that Mr. Awlaki could be legally killed, if it was not feasible to capture him, because intelligence agencies said he was taking part in the war between the United States and Al Qaeda and posed a significant threat to Americans, as well as because Yemeni authorities were unable or unwilling to stop him.

Whether or not one agrees with the substantive principle articulated here, this at least sounds like a real rule limiting the discretion of the executive. Except…who decides when a capture is “not feasible” (as opposed to merely risky, costly, or inconvenient)? The same executive who is meant to apply and be bound by the rule. Who determines when the threat posed by a citizen is “significant” enough to permit targeting? Again, the executive.

This is not, one might object, a wholly “private” interpretive problem, because the Office of Legal Counsel provides some kind of quasi-independent check: it will occasionally tell even a president that what he wants to do isn’t legal. But in that case, the president can simply do what Barack Obama did in the case of his intervention in Libya: keep asking different legal advisers until one of them gives you the answer you want, then decide that the more favorable opinion overrides whatever OLC had concluded.

Similar considerations apply to the “secret law” of surveillance. The FBI may issue National Security Letters for certain specific types of records—including “toll billing records”—without judicial approval, but these secret demands must at least be “relevant to an authorized investigation.” A weak limit, we might think, but at least a limit. Yet, again, the apparent limitation is illusory: it is the Justice Department itself that determines what may count as an “authorized investigation.” When Congress initially passed the Patriot Act a decade ago, an “authorized investigation” meant a “full investigation” predicated on some kind of real evidence of wrongdoing. Just a few years later, though, the attorney general’s guidelines were changed to permit their use in much more speculative “preliminary investigations,” and soon enough, the majority of NSLs were being used in such preliminary investigations. Needless to say, “relevance” too is very much in the eye of the beholder.

In most of these cases, the prospects for external limitation are slim. First, of course, anyone who disagreed with the executive’s secret interpretation would have to find out about it—which may happen only years after the fact in whatever unknowable percentage of cases it ever happens at all. Then they’d have to overcome the extraordinary deference of our court system to assertions of the State Secrets Privilege just to be able to have a court consider whether the government had acted illegally. In practice, then, the executive is defining the terms of, and interpreting, the same rules that supposedly bind it.

The usual thing to say about this scenario is that it shows the importance of checks and balances in preventing the law from being perverted or abused. If we think there is at least a rough analogy between these cases and Wittgenstein’s diarist writing in a “private language,” though, we’ll see that this doesn’t go quite far enough. What we should say, rather, is that these are cases where “secret law,” like “private language” is not merely practically dangerous but conceptually incoherent. They are not genuine cases of “legal interpretation” at all, but only a kind of pantomime. Perhaps what we should say in these cases is not that the president or the executive branch may have violated the law—as though there were still, in general, some background binding principles—but that in these institutional contexts one simply cannot speak of actions as “in accordance with” or “contrary to” the law at all.  Where the possibility of external correction is foreclosed, the objectionable and unobjectionable decisions alike are, inherently, lawless.

10 Years of Patriot Act

It was ten years ago that President Bush signed the Patriot legislation into law.  If you wanted to find a textbook example of how not to make law, review the history of this law.  First, toss dozens of legal proposals together into a giant “package” and resist any effort to unpack it and hold separate votes.  Second, unveil the package at the last minute so members of Congress will not have an opportunity to study it.  Third, call it the “Patriot Act” so that any person voting against it will have to consider television ads declaring his/her opposition to the Patriot law.  Fourth, have the Attorney General declare over and over that if the law is not enacted right away, the terrorists may well launch more 9-11 attacks.  When members of Congress proposed attaching sunset provisions so that the law could go into effect, but would need reauthorization a few years later, the Bush administration fought the idea.

In the years afterward, the laws defenders like to pose the question, “Where are the abuses under this law?”  Some provisions, like those pertaining to National Security Letters, made it a crime for those served with them to tell anyone else about them.  That made it almost impossible to see what the FBI was doing.  In today’s Washington Post, Nicholas Merrill, explains what it was like to be on the receiving end of a National Security Letter:

In 2004, it wasn’t at all clear whether the FBI would charge me with a crime for telling the ACLU about the letter, or for telling the court clerk about it when I filed my lawsuit as “John Doe.” I was unable to tell my family, friends, colleagues or my company’s clients, and I had to lie about where I was going when I visited my attorneys. During that time my father was battling cancer and, in 2008, he succumbed to his illness. I was never able to tell him what I was going through.

For years, the government implausibly claimed that if I were able to identify myself as the plaintiff in the case, irreparable damage to national security would result. But I did not believe then, nor do I believe now, that the FBI’s gag order was motivated by legitimate national security concerns. It was motivated by a desire to insulate the FBI from public criticism and oversight.

Read the whole thing.   Nick Merill spoke at a Cato Capitol Hill Briefing a few months ago.

Some parts of the Patriot law were sensible, others were not.  For Cato scholarship on the subject, go here and here [pdf].

Tomorrow, Cato will be hosting a double book forum featuring ACLU President Susan Herman and bestselling author David Shipler.   Patriot Act issues will come up.

FBI’s New Guidelines Further Loosen Constraints on Monitoring

The New York Times’s Charlie Savage reports that the FBI is preparing to release a new Domestic Investigations and Operations Guide (DIOG), further relaxing the rules governing the Bureau’s investigation of Americans who are not suspected of any wrongdoing.

This comes just three years after the last major revision of FBI manual, which empowered agents to employ a broad range of investigative techniques in exploratory “assessments” of citizens or domestic groups, even in the absence of allegations or evidence of wrongdoing, which are needed to open an “investigation.” The FBI assured Congress that it would conduct intensive training, and test agents to ensure that they understood the limits of the new authority—but the Inspector General found irregularities suggestive of widespread cheating on those tests.

Agents can already do quite a bit even without opening an “assessment”: They can consult the government’s own massive (and ever-growing) databases, or search the public Internet for “open source” intelligence. If, however, they want to start digging through state and local law enforcement records, or plumb the vast quantities of information held by commercial data aggregators like LexisNexis or Acxiom, they currently do have to open an assessment. Again, that doesn’t mean they’ve got to have evidence—or even an allegation—that their target is doing anything illegal, but it does mean they’ve got to create a paper trail and identify a legitimate purpose for their inquiries. That’s not much of a limitation, to be sure, but it does provide a strong deterrent to casual misuse of those databases for personal reasons. That paper trail means an agent who might be tempted to use government resources for personal ends—to check up on an ex or a new neighbor—has good reason to think twice.

Removing that check means there will be a lot more digging around in databases without any formal record of why. Even though most of those searches will be legitimate, that makes the abuses more likely to get lost in the crowd. Indeed, a series of reports by the Inspector General’s Office finding “widespread and serious misuse” of National Security Letters, noted that lax recordkeeping made it extremely difficult to accurately gauge the seriousness of the abuses or their true extent—and, of course, to hold the responsible parties accountable. Moreover, the most recent of those reports strongly suggests that agents engaged in illegal use of so-called “exigent letters” resisted the introduction of new records systems precisely because they knew (or at least suspected) their methods weren’t quite kosher.

The new rules will also permit agents to rifle through a person’s garbage when conducting an “assessment” of someone they’d like to recruit as an informant or mole. The reason, according to the Times, is that “they want the ability to use information found in a subject’s trash to put pressure on that person to assist the government in the investigation of others.” Not keen into being dragooned into FBI service? Hope you don’t have anything embarrassing in your dumpster! Physical surveillance squads can only be assigned to a target once, for a limited time, in the course of an assessment under the current rules—that limit, too, falls by the wayside in the revised DIOG.

The Bureau characterizes the latest round of changes as “tweaks” to the most recent revisions. That probably understates the significance of some of the changes, but one reason it’s worrying to see another bundle of revisions so soon after the last overhaul is precisely that it’s awfully easy to slip a big aggregate change under the radar by breaking it up into a series of “tweaks.”

We’ve seen such a move already with respect to National Security Letters, which enable access to a wide array of sensitive financial, phone, and Internet records without a court order—as long as the information is deemed relevant to an “authorized investigation.” When Congress massively expanded the scope of these tools under the USA Patriot Act, legislators understood that to mean full investigations, which must be based on “specific facts” suggesting that a crime is being committed or that a threat to national security exists. Just two years later, the Attorney General’s guidelines were quietly changed to permit the use of NSLs during “preliminary” investigations, which need not meet that standard. Soon, more than half of the NSLs issued each year were used for such preliminary inquiries (though they aren’t available for mere “assessments”… yet).

The FBI, of course, prefers to emphasize all the restrictions that remain in place. We’ll probably have to wait a year or two to see which of those get “tweaked” away next.

Tuesday Links

‘I resent being conscripted as a secret informer for the government.’

The people who receive “national security letters” from the FBI are basically conscripted into serving as secret informers for the government.  Some of those served happily comply and turn over whatever information the government is seeking, and sometimes even more.  Others resent the conscription and the impact it has on their lives.  Here’s an excerpt from an op-ed by Nick Merill, the president of a small internet access and consulting firm, about his experience:

Living under the gag order has been stressful and surreal. Under the threat of criminal prosecution, I must hide all aspects of my involvement in the case – including the mere fact that I received an NSL – from my colleagues, my family and my friends. When I meet with my attorneys I cannot tell my girlfriend where I am going or where I have been. I hide any papers related to the case in a place where she will not look. When clients and friends ask me whether I am the one challenging the constitutionality of the NSL statute, I have no choice but to look them in the eye and lie.

I resent being conscripted as a secret informer for the government and being made to mislead those who are close to me, especially because I have doubts about the legitimacy of the underlying investigation.

Read the whole thing.  Mr. Merill will be speaking at Cato Capitol Hill Briefing tomorrow and will provide us with an update on his case since his 2007 op-ed in the Washington Post.

For related Cato work, go here.

Why the Senate’s Vote on the Patriot Act Is Actually Pretty Good News

Last night, By an overwhelming 86-to-12 margin, the Senate approved a temporary 90-day extension of three controversial provisions of the Patriot Act scheduled to sunset at the end of the month. The House just voted to move forward on a parallel extension bill, which will presumably pass easily. Because I’m seeing some civil libertarian folks online reacting with dismay to this development, I think it’s worth clarifying that this is relatively good news when you reflect on the outlook from just a couple of weeks ago.

The House has already approved a one-year extension that would plant the next reauthorization vote on the right eve of primary season in a Presidential election cycle, all but guaranteeing a round of empty demagoguery followed by another punt. As of last week, everyone expected the Senate to bring Sen. Dianne Feinstein’s three year reauthorization—which also extends the odious FISA Amendments Act of 2008—to the floor. The discussion on the Senate floor last night makes it clear that this didn’t happen because of pushback from legislators who were sick of kicking the can and wanted time to hold hearings on substantive reforms.

This is actually a better outcome than simply letting the three sunsetting powers lapse—which, realistically, was not going to happen anyway. First, because at least one of the expiring authorities, roving wiretaps, is a legitimate tool that ought to be available to intelligence investigators if it’s amended to eliminate the so-called “John Doe” loophole. Second, because while all three of these provisions have serious defects that raise legitimate concerns about the potential for abuse, they are collectively small beer compared with National Security Letters, which have already given rise to serious, widespread, and well documented abuses. One of the three sunsetting powers has never been used, and the other two are invoked a couple dozen times per year. All three involve court supervision. The FBI issues tens of thousands of National Security Letter requests each year, the majority targeting American citizens and legal residents, without any advance court approval. The vast majority of the thousands of Americans whose financial and telecommunications records are seized each year are almost certainly innocent of any wrongdoing, but their information is nevertheless retained indefinitely in government databases. With very few exceptions, these people will never learn that the government has been monitoring their financial transactions or communication patterns. Forcing a debate now on the expiring provisions opens a window for consideration of proposals to rein in NSLs—including a new sunset that would create pressure for continued scrutiny.

A new Pew poll released this week reports that Americans remain fairly evenly split on the question of whether the Patriot Act is “a necessary tool that helps the government find terrorists” or “goes too far and poses a threat to civil liberties.” (Perhaps unsurprisingly, with the change of administration, Democrats have become more supportive and Republicans somewhat more skeptical.) But this is actually a signally unhelpful way to frame debate about legislation encompassing hundreds of reforms to the byzantine statutory framework governing American intelligence investigations—more a toolbox than a “tool.” The question shouldn’t be whether you’re “for” or “against” it, but whether there are ways to narrow and focus particular authorities so that legitimate investigations can proceed without sweeping in so much information about innocent people. A three-month extension signals that Congress is finally, belatedly, ready to start having that conversation.