Tag: privacy

Good First Steps, But Real Surveillance Reform Will Require More

The president’s speech on surveillance today proposed some welcome first steps toward appropriately limiting an expanding surveillance state — notably, an end to the NSA’s bulk phone metadata program in its current form, and a recognition that judges, not NSA analysts, must determine whose records will be scrutinized.

The details are important, however. Obama’s speech left open the possibility that bulk collection might continue with some third party — which would in effect be an arm of government — as a custodian. If records are left with phone carriers, on the other hand, it’s important to resist any new legal mandate that would require longer or more extensive retention of private data than ordinary business purposes require.

It was disappointing, however, to see that many of the recommendations offered by Obama’s own Surveillance Review Group were either neglected or specifically rejected. While the unconstitutional permanent gag orders attached to National Security Letters will be time-limited, they will continue to be issued by FBI agents, not judges, for sensitive financial and communications records.

Nor did the president address NSA’s myopic efforts to degrade the security of the Internet by compromising the encryption systems relied on by millions of innocent users. And it is also important to realize that changing one controversial program doesn’t alter the broader section 215 authority, which can still be used to collect other types of records in bulk—and for all we know, may already be used for that purpose.

Most fundamentally, Congress must now act to cement these reforms in legislation — and to extend them —to ensure safeguards implemented by one president cannot be secretly undone by another.

Ratifying NSA Spying, a Court Calls FISA ‘Courts’ Into Question

Two weeks ago, when D.C. District judge Richard Leon ruled that mass government surveillance of Americans’ telephone calling was likely unconstitutional, there was some well-poisoning about his opinion being “passionate.” The implication, of course, was that he was not being suitably judicial. The same could be said of this week’s ruling by Judge Pauley of the U.S. District Court in New York. When the first sentence intones: “The September 11th terrorist attacks revealed, in the starkest terms, just how dangerous and interconnected the world is,” and when the first citation is a “See generally” to the 9/11 Commission report, these are not signs that you’re about to get dispassionate application of law to facts.

Judge Pauley’s use of the 9/11 Commission report to argue that NSA data collection could have foiled the 9/11 plot is belied by the report’s clear statement with respect to Khalid Al-Mihdhar: “No one was looking for him.” (page 269) In our paper, “Effective Counterterrorism and the Limited Role of Predictive Data Mining,” Jeff Jonas and I detailed ways many of the 9/11 terrorists could have been found had anyone been looking. The argument that NSA spying would have prevented 9/11 is not a strong one.

But passions pitted against one another is just one of the symmetries between the two rulings. Judge Leon distinguished Smith v. Maryland. He believes that the Supreme Court case allowing the use of phone call information to convict a suspected burglar and obscene phone caller does not ratify the collection of phone calling information about every innocent American. Judge Pauley treated Smith v. Maryland as controlling. If one burglar in Baltimore doesn’t have a Fourth Amendment interest in his phone calling data, 200 million Americans don’t either. We have appeals to sort these things out, and Judge Pauley’s ruling makes it more likely that such an appeal will reach the Supreme Court, which is good.

The interesting thing in Judge Pauley’s ruling is ammunition he offers to critics of the panels of judges created by the Foreign Intelligence Surveillance Act. People often refer to them as the “Foreign Intelligence Surveillance Court” or “FISC.”

While the FISC is composed of Article III judges, it operates unlike any other Article III court. Proceedings in Article III courts are public. And the public enjoys a “general right to inspect and copy public records and documents, including judicial records and documents.” (citation omitted) “The presumption of access is based on the need for federal courts, although independent—indeed, particularly because they are independent—to have a measure of accountability and for the public to have confidence in the administration of justice.” (citation omitted)

Later, he writes:

The two declassified FISC decisions authorizing bulk metadata collection do not discuss several of the ACLU’s arugments. They were issued on the basis of ex parte applications by the government without the benefit of the excellent briefing submitted to this Court by the Governent, the ACLU, and amici curiae. There is no question that judges operate best in an adversarial system. “The value of a judicial proceeding … is substantially diluted where the process is ex parte, because the Court does not have available the fundamental instrument for judicial judgment: an adversary proceeding in which both parties may participate.” (citation omitted) … As FISA has evolved and Congress has loosened its individual suspicion requirements, the FISC has been tasked with delineating the limits of the Government’s surveillance power, issuing secret decision [sic] without the benefit of adversarial process. Its ex parte procedures are necessary to retain secrecy but are not ideal for interpreting statutes.

This echoes an argument Randy Barnett and I offered in our brief to the Supreme Court about NSA spying. These so-called ‘courts’ that administer NSA spy programs lack many of the hallmarks of a true court, and their use to dispose of rights that protect our privacy is a violation of due process.

There will be much more to come in the judicial path of the NSA spying debate. The legitimacy of FISA panels should be a part of that discussion.

Reviewing the Review Group: Practice What You Preach

The “President’s Review Group on Intelligence and Communications Technologies” has issued their report. Convened in late summer to advise the president on what to do in the wake of the Snowden revelations (without mentioning Snowden), the group was rightly criticized for its ‘insider’ composition. The report has beaten the privacy community’s low expectations, which is good news. It advances a discussion that began in June and that will continue for years.

Some observations:

- Contrary to expectations, the report is outside the White House’s “comfort zone.” That’s good, because, as noted, this group could easily have decided to ratify the status quo, handing the administration and the National Security Agency a minor victory. The report positioned Senate Judiciary Committee chairman Patrick Leahy (D-VT) to say: “The message to the NSA is now coming from every branch of government and from every corner of our nation: You have gone too far.”

- There is no reason to treat the report as a reform “bible.” This was a problem with the 9/11 Commission report, for example, which was held up as sacrosanct even when it was wrong. The Review Group report is right about some things, such as eliminating administratively issued National Security Letters, it is wrong about some things, and it omits some key issues, such as the government-wide penchant for secrecy that created the current problems.

- Weaknesses are more interesting than strengths, and a particular weakness of the report is its call for retaining the phone calling surveillance program. Recommendation Five calls for legislation that “terminates the storage of bulk telephony meta-data by the government under [USA-PATRIOT Act] section 215, and transitions as soon as reasonably possible to a system in which such meta-data is held instead either by private providers or by a private third party.” The debate over data retention mandates ended some years ago, and the government was denied this power. The NSA’s illegal excesses should not be rewarded by giving it authorities that public policy previously denied it. Outsourcing dragnet surveillance does not cure its constitutional and other ills.

- The data retention recommendation is in conflict with another part of the report, which calls for risk management and cost-benefit analysis. “The central task,” the report says, “is one of risk management.” So let’s discuss that: Gathering data about every phone call made in the United States and retaining it for years produces only tiny slivers of security benefit, the NSA’s unsupported claims to the contrary notwithstanding. Considering dollar costs alone, it almost certainly fails a cost-benefit test. If you include the privacy costs, the failure of this program to manage security risks effectively is more clear. The Review Group’s conclusion about communications surveillance is inconsistent with its welcome promotion of risk management.

Most legal scholars and most civil liberties and privacy advocates punt on security questions, conceding the existence of a significant threats, however undefined and amorphous. They disable themselves from arguing persuasively about what is “reasonable” for Fourth Amendment purposes. Concessions like these also prevent one from conducting valid risk management and cost-benefit analysis. Some of us here at Cato don’t shy from examining the security issues, and we do pretty darn good risk management. The Review Group should practice what it preaches if it’s going to preach what we practice!

D.C. Court: Smith Is Not Good Law

In debates about the NSA’s mass surveillance of all our phone calling, pro-government lawyers have often tried to play a trump card called Smith v. Maryland. Smith is a 1978 Supreme Court decision as right for our times as laws requiring public buildings to provide spittoons. But lawyering rightly relies heavily on precedent, so there it was, the argument that people don’t have a constitutional interest in data about their phone calling because a suspected burglar and obscene phone-caller didn’t have such an interest back in 1976.

D.C. district court judge Richard Leon ruled today that Smith is not an appropriate precedent for considering the constitutionality of the NSA’s mass surveillance program. “[T]he Smith pen register and the ongoing NSA Bulk Telephony Metadata Program,” he concluded, “have so many significant distinctions between them that I cannot possibly navigate these uncharted Fourth Amendment waters using as my North Star a case that predates the rise of cell phones.”

When phone calling was home- or office-bound and relatively rare, people’s interest in the information about their calling was not as great as it is today. Cell phones now accompany most people everywhere they go every single day. “[T]he ubiquity of phones has dramatically altered the quantity of information that is now available and, more importantly, what that information can tell the Government about people’s lives.” (emphases omitted)

Judge Leon applied the “reasonable expectation of privacy” test in finding that he is likely to determine that the NSA’s data seizures are a Fourth Amendment violation, even though that standard has been thrown into doubt by recent Supreme Court decisions. But what is important is that his decision breaks the circular logic adopted by the panels of judges ratifying mass domestic surveillance under the Foreign Intelligence Surveillance Act. These panels believed they could act in secret because of the premise that Americans don’t have a constitutional interest in data about their calls. Their secret operations barred Americans from contesting that premise. And the band played on. Until someone leaked this mass domestic spying to the public.

Judge Leon’s assessment of the government’s interest is notable. He picked up on the fact that the government’s collection of data about all our calls is simply to make things a little quicker when they want to do an investigation.

“[T]he Government’s interest,” he writes, “is not merely to investigate potential terrorists, but rather, to do so faster than other methods might allow. … Yet … the Government does not cite a single instance in which analysis of the NSA’s bulk metadata collection actually stopped an imminent attack, or otherwise aided the Government in achieving any objective that was time-sensitive in nature.” (emphases omitted)

Databasing of all our calls is a convenience and not a necessity. That stacks up poorly against the privacy costs all Americans suffer by having their phone-calling catalogued in government databases.

There will almost certainly be an appeal, and there will be more cases coming up through the courts that explore the many dimensions of this issue. But now we can tell our lawyer friends who have been a little too slavish to precedent that Smith v. Maryland is not good law.

Ohio Backs off of REAL ID

Sometimes there are setbacks to the efforts of the Department of Homeland Security, the American Association of Motor Vehicle Administrators, and state motor vehicle bureaucrats to quietly knit together a national ID. If this story is true, Ohio appears to be breaking with the national ID plan.

What’s remarkable about this case is Ohio’s recognition that the federal government will never act on the threat that TSA will refuse drivers’ licenses and IDs from states that decline to implement the REAL ID Act.

Ohio is among a growing number of states that are refusing to comply with federal standards intended to toughen access to driver’s licenses. … The states are betting that federal officials do not implement plans to accept only “Gold Star” licenses as proof of identity to fly on commercial flights or to enter federal buildings and courthouses. “We’re not so sure the federal government” will only honor IDs that meet its requirements, [Ohio Department of Public Safety spokesman Joe] Andrews said.

Time was when states fell in line at the suggestion of this federal government threat. Eight-and-a-half years after REAL ID became law, the states may be recognizing the inability of the feds to coerce them into implementing their national ID.

If You Think Smith v. Maryland Permits Mass Surveillance, You Haven’t Read Smith v. Maryland

… and you’re not following developments in Fourth Amendment law.

Jeffrey Toobin is the latest to claim that Smith v. Maryland settles the Fourth Amendment issues around the National Security Agency’s acquisition of data about every call made in the United States. He even links to the text of the decision in a recent blog post.

The majority opinion in Smith did say that people don’t have a reasonable expectation of privacy in phone records, but that rationale is weak, and the facts of Smith are inapposite to the present controversy. I think that’s easily gathered from reading the case with awareness of legal currents.

Here’s what happened in Smith:

On March 5, 1976, in Baltimore, Md., Patricia McDonough was robbed. She gave the police a description of the robber and of a 1975 Monte Carlo automobile she had observed near the scene of the crime. After the robbery, McDonough began receiving threatening and obscene phone calls from a man identifying himself as the robber. On one occasion, the caller asked that she step out on her front porch; she did so, and saw the 1975 Monte Carlo she had earlier described to police moving slowly past her home. On March 16, police spotted a man who met McDonough’s description driving a 1975 Monte Carlo in her neighborhood. By tracing the license plate number, police learned that the car was registered in the name of petitioner, Michael Lee Smith.

The next day, the telephone company, at police request, installed a pen register at its central offices to record the numbers dialed from the telephone at petitioner’s home. The police did not get a warrant or court order before having the pen register installed. The register revealed that on March 17 a call was placed from petitioner’s home to McDonough’s phone. On the basis of this and other evidence, the police obtained a warrant to search petitioner’s residence. The search revealed that a page in petitioner’s phone book was turned down to the name and number of Patricia McDonough; the phone book was seized. Petitioner was arrested, and a six-man lineup was held on March 19. McDonough identified petitioner as the man who had robbed her. (citations omitted)

Nat Hentoff on the NSA and Privacy

Today’s Washington Post reports that the National Security Agency violated the rules on domestic surveillance thousands of time a year since Congress granted the agency broader surveillance powers in 2008. Note this revelation did not come to light because of forthright disclosure from the professionals that run the agency, the congressional oversight committees, or the FISA court. Rather, whistleblower Edward Snowden provided this information to the Post. The U.S. government has made it clear that it wants Snowden locked away in a prison cell incommunicado. 

Over at the Wall Street Journal, Peggy Noonan interviewed Cato senior fellow Nat Hentoff about the implications of the surveillance state. Here’s an excerpt:

A loss of the expectation of privacy in communications is a loss of something personal and intimate, and it will have broader implications. That is the view of Nat Hentoff, the great journalist and civil libertarian. He is 88 now and on fire on the issue of privacy. “The media has awakened,” he told me. “Congress has awakened, to some extent.” Both are beginning to realize “that there are particular constitutional liberty rights that [Americans] have that distinguish them from all other people, and one of them is privacy”…

He wonders if Americans know who they are compared to what the Constitution says they are.

Mr. Hentoff’s second point: An entrenched surveillance state will change and distort the balance that allows free government to function successfully. Broad and intrusive surveillance will, definitively, put government in charge. But a republic only works, Mr. Hentoff notes, if public officials know that they—and the government itself—answer to the citizens. It doesn’t work, and is distorted, if the citizens must answer to the government. And that will happen more and more if the government knows—and you know—that the government has something, or some things, on you. “The bad thing is you no longer have the one thing we’re supposed to have as Americans living in a self-governing republic,” Mr. Hentoff said. “The people we elect are not your bosses, they are responsible to us.” They must answer to us. But if they increasingly control our privacy, “suddenly they’re in charge if they know what you’re thinking.”

This is a shift in the democratic dynamic. “If we don’t have free speech then what can we do if the people who govern us have no respect for us, may indeed make life difficult for us, and in fact belittle us?”

More thoughts from Nat Hentoff here.