Topic: Telecom, Internet & Information Policy

NSA Snooping: a Majority of Americans Believe What?

Yesterday, the Washington Post and the Pew Research Center released a joint poll that purportedly showed that “a large majority of Americans” believe the federal government should focus on “investigating possible terrorist threats even if personal privacy is compromised.”

But a careful look at the poll shows citizens are far less sanguine about surrendering their privacy rights, as the facts continue to be revealed.

Pollsters faced a difficult challenge—to accurately capture public opinion during a complex and evolving story. Recall, on Wednesday of last week, the story was about the NSA tracking Verizon phone records. So the pollsters drew up a perfectly reasonable and balanced question:

As you may know, it has been reported that the National Security Agency has been getting secret court orders to track telephone call records of MILLIONS of Americans in an effort to investigate terrorism. Would you consider this access to telephone call records an acceptable or unacceptable way for the federal government to investigate terrorism?

Fifty-six percent found this “acceptable.” Thus, the “majority of Americans” lead in the Washington Post.

However, on Thursday, the Washington Post revealed explosive details about the massive data-collection program PRISM—and the public was alerted that the NSA was not just collecting phone records, but email, Facebook, and other online records. So the pollsters quickly drew up a new question, asked starting Friday, from June 7-9:

Do you think the U.S. government should be able to monitor everyone’s email and other online activities if officials say this might prevent future terrorist attacks?

Fifty-two percent—a majority—said “no.” So Americans feel differently about the story based on the facts on Wednesday, when the story was about tracking “telephone calls,” and facts on Thursday, when the story was about monitoring all “email and other online activity.”

The Washington Post could have fairly gone with a story that a majority of Americans do not agree that the federal government should monitor everyone’s email and online communication, even if it might prevent future terrorist attacks.

Unfortunately, that’s not the story that the Washington Post went with. Subsequent media coverage of the Post-Pew poll has neglected this nuance and cemented this misinterpretation of what “majority of Americans” believe.

A more reasonable interpretation of the Post-Pew poll is that citizens’ views seem to be changing as more details are revealed about the massive extent of the NSA snooping program. Indeed, most citizens have not been following this story as closely with only 48 percent report following thing “very closely” or “fairly closely.”

I’ll be watching eagerly to see what the next polls find out about that ever elusive “majority of Americans.”

In Its Bubble of Secrecy, the National Security Bureaucracy Redefined Privacy for Its Own Purposes

Rep. Jim Sensenbrenner (R-WI) is nothing if not a security hawk, and this weekend he decried the NSA’s collection of all Americans’ phone calling records in a Guardian post entitled, “This Abuse of the Patriot Act Must End.” On Thursday last week, he sent a letter to Attorney General Eric Holder demanding answers by Wednesday.

It also became apparent over the weekend that the National Security Agency’s program to collect records of every phone call made in the United States is not for the purpose of data mining. (A Wall Street Journal editorial entitled “Thank You for Data Mining” was not only wrong on the merits, but also misplaced.) Rather, the program seizes data about all of our telephone communications and stores that data so it can aid investigations of any American who comes under suspicion in the future.

Details of this program will continue to emerge–and perhaps new shocks. The self-disclosed leaker–currently holed up in a Hong Kong hotel room waiting to learn his fate–is fascinating to watch as he explains his thinking.

The court order requiring Verizon to turn over records of every call “on an ongoing daily basis” is a general warrant.

The Framers adopted the Fourth Amendment to the Constitution in order to bar general warrants. The Fourth Amendment requires warrants 1) to be based upon probable cause and 2) to particularly describe the place to be searched and the persons or things to be seized. The leaked warrant has neither of these qualities.

A warrant like this would never be adopted in an open court system. With arguments and decisions available to the public and appeals going to public courts, common sense and simple shame would foreclose suspicionless data-gathering about every American for the benefit of future potential investigations. 

Alas, many people don’t believe all that deeply in the Constitution and the rule of law when facile promises of national security are on offer. It is thus worthwhile to discuss whether this is unconstitutional law enforcement and security practice would work. President Obama said last week, “I welcome this debate and I think it’s healthy for our democracy.”

Why The NSA Collecting Your Phone Records Is A Problem

Privacy advocates and surveillance experts have suspected for years that the government was using an expansive interpretation of the Patriot Act’s §215 “business record” authority to collect bulk communications records indiscriminately. We now have confirmation in the form of a secret order from the secret Foreign Intelligence Surveillance Court to Verizon — and legislators are saying that such orders have been routinely served on phone carriers for at least seven years. (It seems likely that similar requests are being served on Internet providers — increasingly the same companies that provide us with wireless phone services).

Some stress that what is being collected is “just metadata”—a phrase I’m confident you’ll never see a computer scientist or data analyst use. Metadata—the transactional records of information about phone and Internet communications, as opposed to their content—can be incredibly revealing, as the recent story about the acquisition of Associated Press phone logs underscores. Those records, as AP head Gary Pruitt complained, provide a comprehensive map of reporters’ activities, telling those who know how to look what stories journalists are working on and who their confidential sources are. Metadata can reveal what Websites you read, who you communicate with, which political or religious groups you’re affiliated with, even your physical location.

In a way, the ground was prepared for this indiscriminate collection of Americans’ data way back in the 1970s, when the Supreme Court held, implausibly, that we surrender our expectation of privacy—and with it, the protection of the Fourth Amendment—just by using modern technology that leaves traces of our activity on someone else’s computers. But Americans were also sold a false bill of goods when Congress passed and reauthorized the Patriot Act powers used here—which we were repeatedly assured were only intended to be used to track “bad guys.” What we weren’t told was that, if the government thinks datamining ALL our records might help identify “bad guys,” then that information too is “relevant” to an investigation.

This collection is probably well enough intentioned. The problem is that these records are likely to be retained in databases indefinitely. Which means we don’t just need to worry about whether the government’s motives are pure when they collect the information. Even if they are, someone with access to that data, maybe in five or ten years, may be unable to resist the temptation to use that information for other purposes. That could mean investigating ordinary crimes: If you can data mine for suspicious terrorist activity patterns—which as Jim Harper and Jeff Jonas have pointed out is likely to be extremely difficult—you can plug in “suspicious patterns” that may identify drug dealers and tax cheats as well. Still more disturbing is the possibility that, the intelligence community has repeatedly done historically, those records could be exploited for illegitimate political purposes, or even simple greed. (Imagine probing communications for signs of an impending corporate merger, product launch, or lawsuit.)

We are, predictably, being told that this program is essential to protecting us from terrorist attacks. But the track record of such claims is unimpressive: They were made about fusion centers, and the original NSA warrantless wiretap program, and in each case collapsed under scrutiny. No doubt some of these phone records have proven useful in some investigation, but it doesn’t follow that the indiscriminate collection of such records is necessary for investigations, any more than general warrants to search homes are necessary just because sometimes searches of homes are useful to police.

In the short term, we should hope for an Inspector General audit of this program, both to look for abuses—as a similar audit of National Security Letters uncovered “widespread and serious” misuse of authority—and to skeptically interrogate the claim that such sweeping collection is somehow indispensable to national security. In the longer term, we need to follow the suggestion of Justice Sotomayor in United States v. Jones and think hard about the “third party doctrine,” which leaves all this increasingly voluminous and revealing metadata stripped of constitutional protection.

NSA Spying on a Gazillion Americans

Today’s widespread outrage over reports that the National Security Agency is conducting widespread, untargeted, domestic surveillance on millions of Americans reminds me of this post from July 2012, in which Sen. Rand Paul reported on a private briefing he’d received. He couldn’t reveal what he’d learned, but he was able to report that the number of Americans subject to surveillance was closer to “a gazillion” than to zero. Now we have a bit more information. As I wrote then:

Sen. Rand Paul (R-KY) gave a great speech on surveillance last week at FreedomFest. Actually, he gave two good speeches, but the one embedded below is his short 6-minute talk at the Saturday night banquet. He talks about our slide toward state intrusion into our phone calls, our emails, our reading habits and so on. You know how big the surveillance state has gotten? The answer is “a gazillion.” Watch the speech—complete with high-falutin’ references to Fahrenheit 451 and the martyr Hugh Latimer!

U.S. Trade Agency Bans iPhones

Well, some of them anyway. The U.S. International Trade Commission has found that Apple infringed one of Samsung’s patents related to 3G technology and issued an injunction against the importation and sale of the iPhone 3GS, iPhone 4, iPad 3G, and iPad 2 3G.  These are not the latest models, but neither are they obsolete. (For a very helpful and thorough explanation of the issues in the case, check out Florian Mueller’s FOSS Patents blog.)

The outcome in this case offers an excellent example of why having a redundant patent litigation venue at the ITC with slightly different laws and procedures is bad public policy. If this patent had been litigated in federal district court, where the vast majority of patent litigation takes place, the judge would have refused to issue an injunction as contrary to the public interest—even if Apple egregiously and remorselessly infringed Samsung’s patent.

The patent at issue in the ITC investigation is what’s known as a standard-essential patent. This is a term for technology that’s so ubiquitous as to be necessary for interoperability within the industry (like 3G) and that the patent owner has agreed to license to anyone who makes a reasonable royalty offer (thus promoting it to become the industry standard). It is highly unlikely that a federal district court would issue an injunction against any product based on infringement of such a patent, because doing so would be excessively disruptive and unfair. In fact, the Justice Department and other antitrust agencies have argued that merely seeking an injunction based on one of these patents might violate antitrust law.

None of this matters at the ITC, where injunctive relief is the only remedy available. In 2006, the U.S. Supreme Court held that courts should award only monetary damages in patent cases unless there are special circumstances necessitating an injunction and doing so would not harm the public interest. The purpose and consequence of the Supreme Court’s decision was to prevent patent trolls from using small patents to get large settlements. But monetary damages are unavailable at the ITC, and the agency decided the Supreme Court’s ruling didn’t apply to them.

In the Apple-Samsung case, Apple claimed that Samsung’s request for royalties of 2.4 percent was unreasonably high. If the patent is worth less than 2.4 percent of the product’s value, an injunction against selling the entire phone is excessive. This is especially true when the technology is virtually impossible to design around. Rather than simply deciding who pays what to whom in a dispute that is mostly about licensing fees, a sales ban deprives consumers of choice in the market.

The good news is that efforts are underway in Washington to fix the problem of excessive remedies at the ITC. The White House released a proposal for patent reform this week that included a call “to enhance consistency in the standards applied at the ITC and district courts.” Specifically, they want the ITC to use the same public interest test that courts use before issuing an injunction (Rep. Devin Nunes made a very similar proposal last year). This is a good plan. It would likely have prevented the new iPhone ban and will do a lot to make the ITC less attractive to patent trolls.

Fixing problems at the ITC by making it more like district court litigation, however, shows very clearly how redundant and unnecessary it is to have two venues for patent litigation. Why should we have the ITC hearing patent cases in the first place?  There is no satisfactory answer to that question. As I argued in a Policy Analysis last year, the ITC’s power to investigate and exclude imports for patent infringement not only disrupts the proper functioning of the U.S. patent system, it also violates international trade rules. We could save ourselves a lot of trouble down the line by shutting the whole thing down.

Your Congress, Your NSA Spying

The National Security Agency is collecting records of every domestic and cross-border Verizon phone call between now and July 19th. The secret court order requiring Verizon to hand over these records has been leaked to the Guardian.

You may find that outrageous. 1984 has arrived. Big Brother is watching you.

But the author of this story is not George Orwell. It’s Representative Lamar Smith of Texas, Senator Diane Feinstein of California, and you.

Here’s what I mean: In June of last year, Representative Smith (R) introduced H.R. 5949, the FISA Amendments Act Reauthorization Act of 2012. Its purpose was to extend the FISA Amendments Act of 2008 for five years, continuing the government’s authority to collect data like this under secret court orders. The House Judiciary Committee reported the bill to the full House a few days later. The House Intelligence Committee, having joint jurisdiction over the bill, reported it at the beginning of August. And in mid-September, the House passed the bill by a vote of 301 to 118.

Sent to the Senate, the bill languished until very late in the year. But with the government’s secret wiretapping authority set to expire, the Senate took up the bill on December 27th. Whether by plan or coincidence, the Senate debated secret surveillance of Americans’ communications during the lazy, distracted period between Christmas and the new year.

Senator Dianne Feinstein (D) was the bill’s chief defender on the Senate floor. She parried arguments doggedly advanced by Senator Ron Wyden (D-OR) that the surveillance law lacks sufficient oversight. My colleague Julian Sanchez showed ably at the time that modest amendments proposed by Wyden and others would improve oversight and in no way compromise security. But false urgency created by the Senate’s schedule won the day, and on December 28th of last year, the Senate passed the bill, sending it to the president, who signed it on December 30th.

The news that every Verizon call is going to the NSA not only vindicates Senator Wyden’s argument that oversight in this area is lacking. It reveals the upshot of that failed oversight: The secret FISA court has been issuing general warrants for communications surveillance.

That is contrary to the Fourth Amendment to the Constitution, which requires warrants to issue “particularly describing the place to be searched, and the persons or things to be seized.” When a court requires “all call detail records” to be handed over “on an ongoing daily basis,” this is in no sense particular. Data about millions of our phone calls are now housed at the NSA. Data about calls you make and receive today will be housed at the NSA.

The reason given for secret mass surveillance of all our phone calls, according to an unofficial comment from the Obama administration, is that it is a “critical tool” against terrorism. These arguments should be put to public proof. For too long, government officials have waved off the rule of law and privacy using “terrorism” as their shibboleth. This time, show us exactly how gathering data about every domestic call on one of the largest telecommunications networks roots out the tiny number of stray-dog terrorists in the country. If the argument is based on data mining, it has a lot to overcome, including my 2008 paper with IBM data mining expert Jeff Jonas, “Effective Counterterrorism and the Limited Role of Predictive Data Mining.”

The ultimate author of the American surveillance state is you. If you’re like most Americans, you allowed yourself to remain mostly ignorant of the late-December debate over FISA reauthorization. You may not have finished digesting your Christmas ham until May, when it was revealed that IRS agents had targeted groups applying for tax exempt status for closer scrutiny based on their names or political themes.

The veneer of beneficent government is off. The National Security Agency is collecting records of your phone calls. The votes in Congress that allowed this to happen are linked above in this post. What are you going to do about it?