Tag: NSA spying

Good Precedents against NSA Spying

With debate about NSA spying continuing in the Senate, it’s worth looking at some of the historical and modern precedents for protecting our communications and communications data. A few highlights:

  • The earliest precedent for protection of communications in the United States is the treatment of mail. The founders used postal mail to communicate their revolutionary ideas and even to plan their insurrection against the tyranny of King George, so they prioritized protecting the privacy of the mail. In the Act of Feb. 20, 1792, passed a few short years after ratification of the Constitution, the U.S. Congress enshrined protections for mail in the law, creating heavy fines for opening or delaying mail.
  • The Supreme Court confirmed the existence of constitutional protection for postal communications in Ex Parte Jackson. In that 1877 case, the Court described the Fourth Amendment’s guarantees in very interesting and clear language: “Letters and sealed packages … are as fully guarded from examination and inspection, except as to their outward form and weight, as if they were retained by the parties forwarding them in their own domiciles.” Though we place mail in the hands of government agents, the Fourth Amendment protects it like it’s inside our homes.
  • The year Ex Parte Jackson case was decided, both Western Union and the Bell Company began providing voice telephone service. The Supreme Court addressed constitutional protection for phone calls some decades later in 1928. The Olmstead case was wrongly decided, we now know. It found that telephone communications weren’t protected by the Constitution. So the dissents are where to look for precedential language. Justice Brandeis’s famous dissent spoke of the “right to be let alone,” but Justice Butler provided thinking and language that should have more lasting value: “The contracts between telephone companies and users contemplate the private use of the facilities employed in the service,” he wrote. “The communications belong to the parties between whom they pass.” The communications belong to the parties. That’s a fasacinating and important way to think about our communications, as property that we own.

In Holding NSA Spying Illegal, the Second Circuit Treats Data as Property

The U.S. Court of Appeals for the Second Circuit has ruled that section 215 of the USA-PATRIOT Act never authorized the National Security Agency’s collection of all Americans’ phone calling records. It’s pleasing to see the opinion parallel arguments that Randy Barnett and I put forward over the last couple of years.

Two points from different parts of the opinion can help structure our thinking about constitutional protection for communications data and other digital information. Data is property, which can be unconstitutionally seized.

As cases like this often do, the decision spends much time on niceties like standing to sue. In that discussion—finding that the ACLU indeed has legal standing to challenge government collection of its calling data—the court parried the government’s argument that the ACLU suffers no offense until its data is searched.

“The Fourth Amendment protects against unreasonable searches and seizures,” the court emphasized. Data is a thing that can be owned, and when the government takes someone’s data, it is seized.

In this situation, the data is owned jointly by telecommunications companies and their customers. The companies hold it subject to obligations they owe their customers limiting what they can do with it. Think of covenants that run with land. These covenants run with data for the benefit of the customer.

NSA Spying and a National ID Are Peas in a Pod and You Should Eat Your Peas

That’s the upshot of a column by Froma Harrop appearing in the Seattle Times.

“Arguments leveled against Real ID are being recycled to bash the National Security Agency’s surveillance program,” she writes. “They inevitably lead to the assumption that the government is up to no good.”

Well, … yes.

The argument against creating a U.S. national ID is that its cost in dollars and privacy are greater than the tiny margin of security they might provide. Over years, I’ve pointed out that spending billions of dollars to herd law-abiding Americans into a national ID system might mildly inconvenience any terrorists. It’s not worth doing.

That idea—that security measures should be cost-effective—is wisely ‘recycled’ for use with respect to the NSA’s program to gather data about every call made in the United States. Doing so doesn’t provide a margin of security worth the cost in dollars, privacy, and menace to liberty.

When the government wastes our money, privacy, and liberty on programs that don’t provide a sufficient margin of security, that is bad. That is government “up to no good.”

The states asked to implement our national ID law rejected it because, in the disorganized way our federal republic makes decisions, it was decided that REAL ID does not pass muster. (Some states and national ID advocate groups continue to press forward with it, a subject on which I’ll say more soon.)

In a similarly messy process, the organs of democracy are finding that the NSA’s programs—originally constructed and conducted in secrecy—do not pass muster either. We’re rightly pushing this plate of peas away.

Reviewing the Review Group: Practice What You Preach

The “President’s Review Group on Intelligence and Communications Technologies” has issued their report. Convened in late summer to advise the president on what to do in the wake of the Snowden revelations (without mentioning Snowden), the group was rightly criticized for its ‘insider’ composition. The report has beaten the privacy community’s low expectations, which is good news. It advances a discussion that began in June and that will continue for years.

Some observations:

- Contrary to expectations, the report is outside the White House’s “comfort zone.” That’s good, because, as noted, this group could easily have decided to ratify the status quo, handing the administration and the National Security Agency a minor victory. The report positioned Senate Judiciary Committee chairman Patrick Leahy (D-VT) to say: “The message to the NSA is now coming from every branch of government and from every corner of our nation: You have gone too far.”

- There is no reason to treat the report as a reform “bible.” This was a problem with the 9/11 Commission report, for example, which was held up as sacrosanct even when it was wrong. The Review Group report is right about some things, such as eliminating administratively issued National Security Letters, it is wrong about some things, and it omits some key issues, such as the government-wide penchant for secrecy that created the current problems.

- Weaknesses are more interesting than strengths, and a particular weakness of the report is its call for retaining the phone calling surveillance program. Recommendation Five calls for legislation that “terminates the storage of bulk telephony meta-data by the government under [USA-PATRIOT Act] section 215, and transitions as soon as reasonably possible to a system in which such meta-data is held instead either by private providers or by a private third party.” The debate over data retention mandates ended some years ago, and the government was denied this power. The NSA’s illegal excesses should not be rewarded by giving it authorities that public policy previously denied it. Outsourcing dragnet surveillance does not cure its constitutional and other ills.

- The data retention recommendation is in conflict with another part of the report, which calls for risk management and cost-benefit analysis. “The central task,” the report says, “is one of risk management.” So let’s discuss that: Gathering data about every phone call made in the United States and retaining it for years produces only tiny slivers of security benefit, the NSA’s unsupported claims to the contrary notwithstanding. Considering dollar costs alone, it almost certainly fails a cost-benefit test. If you include the privacy costs, the failure of this program to manage security risks effectively is more clear. The Review Group’s conclusion about communications surveillance is inconsistent with its welcome promotion of risk management.

Most legal scholars and most civil liberties and privacy advocates punt on security questions, conceding the existence of a significant threats, however undefined and amorphous. They disable themselves from arguing persuasively about what is “reasonable” for Fourth Amendment purposes. Concessions like these also prevent one from conducting valid risk management and cost-benefit analysis. Some of us here at Cato don’t shy from examining the security issues, and we do pretty darn good risk management. The Review Group should practice what it preaches if it’s going to preach what we practice!