Tag: surveillance

What You Don’t Know Won’t Hurt You (Surveillance State Edition)

While there are many choice tidbits to relate from Tuesday’s hearings on PATRIOT Act reform at the House Judiciary Committee’s Subcommittee on the Constitution—not least the fellow who had to be wrestled from the room, literally kicking and screaming, after he tried to stand and interrupt with a complaint about alleged FBI violations of his civil rights—I’ll just relate a novel theory of the Fourth Amendment advanced by Rep. Steve King (R-Iowa).

The ACLU’s Mike German, a former FBI agent turned surveillance policy expert, was explaining that it’s hard to know whether expansive surveillance powers are being abused, they’re mostly used in secret and deployed via third-parties like financial institutions and telecoms, who have little incentive to raise much fuss or draw attention to their cooperation. King interrupted to suggest that if we weren’t hearing about constitutional challenges, then it was probably safe to assume there was no Fourth Amendment harm. German tried to reiterate that the people whose privacy interests were directly harmed typically would not know they had ever been targeted.

That, King declared, was precisely the point. Surveillance of which the subject never became aware, he said, could be compared to a “tree falling in the forest” when nobody’s around. In other words, if you aren’t ultimately prosecuted, and don’t even feel subjective distress as a result of the knowledge that your private records or communications have been pored over, then it’s presumably no harm, no  foul. If we take this line of thinking literally, sufficiently secret surveillance can never be unconstitutional, which would seem to make King a spiritual cousin of Richard “if the president does it, that means it’s not illegal” Nixon.

A Chance to Fix the PATRIOT Act?

As Tim Lynch noted earlier this week, Barack Obama’s justice department has come out in favor of renewing three controversial PATRIOT Act provisions—on face another in a train of disappointments for anyone who’d hoped some of those broad executive branch surveillance powers might depart with the Bush administration.

But there is a potential silver lining: In the letter to Sen. Patrick Leahy (D-VT) making the case for renewal, the Justice Department also declares its openness to “modifications” of those provisions designed to provide checks and balances, provided they don’t undermine investigations. While the popular press has always framed the fight as being “supporters” and “opponents” of the PATRIOT Act, the problem with many of the law’s provisions is not that the powers they grant are inherently awful, but that they lack necessary constraints and oversight mechanisms.

Consider the much-contested “roving wiretap” provision allowing warrants under the Foreign Intelligence Surveillance Act to cover all the communications devices a target might use without specifying the facilities to be monitored in advance—at least in cases where there are specific facts supporting the belief that a target is likely to take measures to thwart traditional surveillance. The objection to this provision is not that intelligence officers should never be allowed to obtain roving warrants, which also exist in the law governing ordinary law enforcement wiretaps. The issue is that FISA is fairly loosey-goosey about the specification of “targets”—they can be described rather than identified. That flexibility may make some sense in the foreign intel context, but when you combine it with similar flexibility in the specification of the facility to be monitored, you get something that looks a heck of a lot like a general warrant. It’s one thing to say “we have evidence this particular phone line and e-mail account are being used by terrorists, though we don’t know who they are” or “we have evidence this person is a terrorist, but he keeps changing phones.” It’s another—and should not be possible—to mock traditional particularity requirements by obtaining a warrant to tap someone on some line, to be determined. FISA warrants should “rove” over persons or facilities, but never both.

The DOJ letter describes the so-called “Lone Wolf” amendment to FISA as simply allowing surveillance of targets who are agents of foreign powers without having identified which foreign power (i.e. which particular terrorist group) they’re working for. They say they’ve never invoked this ability, but want to keep it in reserve. If that description were accurate, I’d say let them. But as currently written, the “lone wolf” language potentially covers people who are really conventional domestic threats with only the most tenuous international ties—the DOJ letter alludes to people who “self-radicalize” by reading online propaganda, but are not actually agents of a foreign group at all.

Finally, there’s the “business records” provision, which actually covers the seizure of any “tangible thing.”  The problems with this one probably deserve their own post, and ideally you’d just go through the ordinary warrant procedure for this. But at the very, very least there should be some more specific nexus to a particular foreign target than “relevance” to a ongoing investigation before an order issues. The gag orders that automatically accompany these document requests also require more robust judicial scrutiny.

Some of these fixes—and quite a few other salutary reforms besides—appear to be part of the JUSTICE Act which I see that Sen. Russ Feingold (D-WI) introduced earlier this afternoon.  I’ll take a closer look at the provisions of that bill in a post tomorrow.

E-Verify: The Surveillance Solution

The federal government will keep data about every person submitted to the “E-Verify” background check system for 10 years.

At least that’s my read of the slightly unclear notice describing the “United States Citizenship Immigration Services 009 Compliance Tracking and Monitoring System” in today’s Federal Register. (A second notice exempts this data from many protections of the Privacy Act.)

To make sure that people aren’t abusing E-Verify, the United States Citizenship and Immigration Services Verification Division, Monitoring and Compliance Branch will watch how the system is used. It will look for misuse, such as when a single Social Security Number is submitted to the system many times, which suggests that it is being used fraudulently.

How do you look for this kind of misuse (and others, more clever)? You collect all the data that goes into the system and mine it for patterns consistent with misuse.

The notice purports to limit the range of people whose data will be held in the system, listing “Individuals who are the subject of E-Verify or SAVE verifications and whose employer is subject to compliance activities.” But if the Monitoring Compliance Branch is going to find what it’s looking for, it’s going to look at data about all individuals submitted to E-Verify. “Employer subject to compliance activities” is not a limitation because all employers will be subject to “compliance activities” simply for using the system.

In my paper on electronic employment eligibility verification systems like E-Verify, I wrote how such systems “would add to the data stores throughout the federal government that continually amass information about the lives, livelihoods, activities, and interests of everyone—especially law-abiding citizens.”

It’s in the DNA of E-Verify to facilitate surveillance of every American worker. Today’s Federal Register notice is confirmation of that.

DoJ Fails to Report Electronic Surveillance Activities

Unlike with wiretaps, law enforcement agents are not required by federal statutes to obtain search warrants before employing pen registers or trap and trace devices. These devices record non-content information regarding telephone calls and Internet communications. (Of course, “non-content information” has quite a bit of content - who is talking to whom, how often, and for how long.)

The Electronic Privacy Information Center points out in a letter to Senate Judiciary Committee Chairman Patrick Leahy (D-VT) that the Department of Justice has consistently failed to report on the use of pen registers and trap and trace devices as required by law:

The Electronic Communications Privacy Act requires the Attorney General to “annually report to Congress on the number of pen register orders and orders for trap and trace devices applied for by law enforcement agencies of the Department of Justice.” However, between 1999 and 2003, the Department of Justice failed to comply with this requirement. Instead, 1999-2003 data was provided to Congress in a single “document dump,” which submitted five years of reports in November 2004. In addition, when the 1999-2003 reports were finally provided to Congress, the documents failed to include all of the information that the Pen Register Act requires to be shared with lawmakers. The documents do not detail the offenses for which the pen register and trap and trace orders were obtained, as required by 18 U.S.C. § 3126(2). Furthermore, the documents do not identify the district or branch office of the agencies that submitted the pen register requests, information required by 18 U.S.C. § 3126(8).

EPIC has found no evidence that the Department of Justice provided annual pen register reports to Congress for 2004, 2005, 2006, 2007, or 2008. “This failure would demonstrate ongoing, repeated breaches of the DOJ’s statutory obligations to inform the public and the Congress about the use of electronic surveillance authority,” they say.

It’s a good bet, when government powers are used without oversight, that they will be abused. Kudos to EPIC for pressing this issue. Senator Leahy’s Judiciary Committee should ensure that DoJ completes reporting on past years and that it reports regularly, in full, from here forward.

What Is a “Fifth Column” Anyway?

@RadleyBalko points to a Washington Examiner column in which Jim Kouri, Vice President and Public Information Officer of the National Association of Chiefs of Police, says that Obama administration policy changes with regard to the “global war on terrorism” allow “suspected Fifth Column-type groups … to make symbolic demands on agencies such as the Federal Bureau of Investigation and the Central Intelligence Agency.” He says the Council on American-Islamic Relations has called on the FBI to confirm or deny that a number of Long Island mosques are under law enforcement surveillance.

It’s hard to find the answer to the first question this raises: “So what?” Kouri does not make the case he implies: that something sinister lurks because this group, having a suspicion of something they see as wrongdoing, asks the agency in question whether it’s happening or not.

But the piece raised another question for me: “What’s a ‘Fifth Column,’ anyway?” The expression has been around forever, but what does it really mean?

Ahead of the Siege of Madrid in the Spanish Civil War, a general under Francisco Franco claimed that he would take the city with the four columns of troops under his command and a “fifth column” of nationalist sympathizers inside the city.

The city never fell to the nationalists, but fear of this “fifth column” caused the Republican government under Francisco Caballero to abandon Madrid for Valencia and it led to a massacre of nationalist prisoners in Madrid during the ensuing battle.

So a “fifth column” is not so much an insidious group of spies or traitors as it is the threat of such a group which causes the incumbent power to miscalculate and overreact. That doesn’t clear up what Kouri is trying to get across, but it does have the air of unintended confession.

TLJ: Holder Advocates Some Constitutional Principles

I’m a long-time reader and fan of TechLawJournal. Dogged reporter David Carney produces an amazing amount of content about technology-related goings-on in Washington, D.C. and the courts. Subscription information is here.

I also appreciate his editorial style, which often betrays a dose of concern for civil liberties and healthy skepticism about power. A wonderful example follows, reprinted with permission:

Holder Advocates Some Constitutional Principles
Attorney General Eric Holder gave a lengthy speech at the United States Military Academy in West Point, New York in which he discussed the role of law in “our current struggle against international terrorism”.

It was a plea for adherence to Constitutional principles. However, it was as significant for what he said – about detention of people in places like Guantanamo Bay – as for what he did not say – about interception of communications and seizure of data.

He spoke with specificity about Guantanamo Bay, detainees, and the history of American treatment of detained soldiers and citizens.

But, he said nothing that suggested an intent to reverse, or halt, the deterioration of Constitutional protection of privacy and liberty interests in the context of new communications and information technologies.

Eric HolderHolder (at right) said, “And so it is today, at the beginning of a new presidency, as we face a world filled with danger, that we must once again chart a course rooted in the rule of law and grounded in both the powers and the limitations it prescribes.”

He said that “we will not sacrifice our values or trample on our Constitution under the false premise that it is the only way to protect our national security. Discarding the very values that have made us the greatest nation on earth will not make us stronger – it will make us weaker and tear at the very fibers of who we are. There simply is no tension between an effective fight against those who have sworn to do us harm, and a respect for the most honored civil liberties that have made us who we are.”

This statement could equally apply to government surveillance activities. But, he did not say so. Perhaps Holder intends to speak in a similar speech about surveillance at a later date. Or perhaps, he does not, and his concern for Constitution rights is selective and does not extend to surveillance.

He did make one statement that may pertain to electronic surveillance and data. He said that “many national security decisions must by necessity be made in a manner that protects our ability to gather intelligence, investigate threats and execute wars”.

He did not reference the state secrets privilege, or the government’s assertion of it in legal proceedings involving warrantless wiretaps.

On April 3, 2009, the Department of Justice (DOJ) filed a motion to dismiss and memorandum in support [36 pages in PDF] in Jewell v. NSA, a case against the NSA, DOJ, Holder and officials, arising out of the NSA’s warrantless wiretap program.

The DOJ asserts the state secrets privilege, sovereign immunity, and other arguments, to evade litigation of this case on the merits.

The Electronic Freedom Foundation (EFF) stated in a release that “These are essentially the same arguments made by the Bush administration”.

This case is Carolyn Jewell, Tash Hepting, et al. v. National Security Agency, et al., U.S. District Court for the Northern District of California, San Francisco Division, D.C. No. C:08-cv-4373-VRW.

Ed Black, head of the Computer and Communications Industry Association (CCIA), stated in a release issued in response to Holder’s speech that “It’s disturbing that instead of helping investigate the extent of spying by the Bush administration, the new administration is not just defending those policies, but taking them a step further. In its April court brief (Jewel v. NSA), the Obama DOJ argued that the government is completely immune from litigation for illegal spying and even that it can never be sued for violating federal privacy laws with surveillance techniques. Those arguments sound more like ‘1984’ than 2009.”

Black continued that “President Obama appreciates more than most people how the Internet can be used as a tool to allow greater participation in a democracy. That same tool could also be the greatest innovation for surveillance and repression in the wrong regime. Defending practices like this sets a dangerous precedent down the road and makes it easier for a government to expand the programs from surveilling terrorists to surveilling political opponents.”

“The Obama administration had the courage to change policy on the treatment of terrorism suspects and how they were treated and sometimes tortured”, said Black. “But the abuse of the privacy rights of millions of U.S. citizens is a greater long term threat to the rule of law and the Constitutional rights of all Americans. The failure to allow the full investigation of the surveillance abuse by both the government and major collaborating industry giants would be a tragic betrayal by an administration so many were looking to for greater honesty, openness, and respect for all citizens’ constitutional rights.”

Will the Military Industrial Complex Save American Foreign Policy?

Missing from most of the commentary on the Secretary of Defense’s big defense spending speech yesterday is the fact that the program cuts he proposed are largely a result of freezing the topline – keeping defense spending level (once you adjust for inflation) for the next decade.

For nearly a decade the country has really had two defense budgets – one for imagined conventional wars against states like China, another from nation-building, peacekeeping and counterinsurgency. The first budget requires a small ground force and lots of big platforms operated by the Air Force and Navy. The latter requires much larger ground forces, a few niche capabilities like intelligence, surveillance and reconnaissance aircraft, and less high technology wonders.

The current American love affair with counterinsurgency has resulted in a gradual shift of dollars from the conventional budget to the unconventional one. We are reversing the old idea that the American way of war is to replace labor with capital, or manpower with technology. We are becoming a land power first.  We have been increasing manpower in the Army and Marines – adding 90,000 new troops – and paying them way more (compensation per service member is up by almost half since 1998). Personnel costs are taking more of the budget.  And for more complex reasons, including health care costs, the operations and maintenance part of the budget – essentially the day to day cost of running the military – has also been growing fast when measured per service member.  (For details on these issues, read this testimony by Stephen Daggett of the Congressional Research Service.)

That was bound to squeeze the other big parts of the defense budget – research, development and procurement of new weapons systems. There is too much future cost in the budget for everything to fit without topline growth, so something had to give. Big weapons programs are where the most give is, if you don’t want to cut manpower.

That conflict was delayed while the budget topline grew, but now that it is flat, it erupts. The manpower intensive military that follows from our current policies is eating into the conventional military that delivers manufactoring jobs across the country and the high-technology dreams of our military leaders.

What will be interesting to see is whether this shift encourages those leaders and their friends on the Hill to take up the arguments that people like me have been making for years: that small wars are mostly dumb wars.  Preparation for these wars didn’t much hurt the military industrial complex before, now it does. 

An additional note: Gates’ criticism of the acquisition process was on the mark. Rather than blaming out of control weapons costs on the kind of contracts we write or crafty contractors, as the President seems to, Gates noted correctly that the trouble is the requirements process – what we want, not how we buy it.