Topic: Telecom, Internet & Information Policy

Under the Hood of the House Intel Committee’s NSA Reform Bill

This post was originally published on March 31, 2014 on Just Security

While details on the president’s proposal to end NSA bulk collection of telephony records remain sparse, we do now have an actual piece of legislation to look at from the House Permanent Select Committee on Intelligence—one that tracks the broad outlines of the White House plan even as it differs in several critical details. I’ve already done a quick take in broad brushstrokes over at The Daily Beast; here I want to get into the weeds a bit.

The HPSCI bill actually covers quite a bit more than just NSA bulk collection—there are a few transparency measures and a provision for the FISA Court to appoint amici curiae, which mostly seems like an attempt to preempt legislation creating a more robust FISC “advocate”—but in this post I want to focus on the meat: The prohibition (or so it seems) on bulk collection, and the new authority in §503 designed to replace the current bulk telephony program.

(A) The Bulk Prohibition

The first thing to note is that the (apparent) prohibition on bulk collection is structured somewhat oddly, even taking into account the framers apparent desire to limit that prohibition to certain subcategories of records. The USA Freedom Act, for instance, does this by means of a fairly straightforward modification: It limits the scope of §215 (as well as FISA pen/trap orders and National Security letters) to records that are both relevant to an investigation and pertain to a suspected foreign agent or their direct contacts, using language the Senate had unanimously approved back in 2005. The HPSCI bill is rather bit more convoluted.

First, Section 2 of the bill completely excludes “call detail records” from the scope of §215—and only from §215. The bill defines “call detail records” as “communications routing information,” which sounds awfully general, but both the description as “call detail records” and the series of enumerated telephony-specific data types that follow strongly suggest it’s really limited to telephonic communications routing information. There’s some wiggle room here since the general term precedes the more specific enumeration, but especially in light of the subsequent separate prohibition on acquisition of “electronic communications” records, defined to exclude telephonic communications, I’d be surprised if the FISC didn’t read this narrowly. Though the “including” that precedes the enumerated data types indicates that it’s not exhaustive, the omission of location-associated terms like “cell site and sector” is conspicuous. HPSCI staff are apparently assuring reporters that location data is implicitly included, but we do know that law enforcement routinely obtain bulk location data in the form of “tower dumps,” or records of all the phones registered with a specific cell tower at a particular time. Since phones routinely do this even when they’re not placing a call—which is to say, when no particular “communication” is being “routed”—it’s at least an open question whether this provision forbids bulk collection of tower location data.

NSA Spying and a National ID Are Peas in a Pod and You Should Eat Your Peas

That’s the upshot of a column by Froma Harrop appearing in the Seattle Times.

“Arguments leveled against Real ID are being recycled to bash the National Security Agency’s surveillance program,” she writes. “They inevitably lead to the assumption that the government is up to no good.”

Well, … yes.

The argument against creating a U.S. national ID is that its cost in dollars and privacy are greater than the tiny margin of security they might provide. Over years, I’ve pointed out that spending billions of dollars to herd law-abiding Americans into a national ID system might mildly inconvenience any terrorists. It’s not worth doing.

That idea—that security measures should be cost-effective—is wisely ‘recycled’ for use with respect to the NSA’s program to gather data about every call made in the United States. Doing so doesn’t provide a margin of security worth the cost in dollars, privacy, and menace to liberty.

When the government wastes our money, privacy, and liberty on programs that don’t provide a sufficient margin of security, that is bad. That is government “up to no good.”

The states asked to implement our national ID law rejected it because, in the disorganized way our federal republic makes decisions, it was decided that REAL ID does not pass muster. (Some states and national ID advocate groups continue to press forward with it, a subject on which I’ll say more soon.)

In a similarly messy process, the organs of democracy are finding that the NSA’s programs—originally constructed and conducted in secrecy—do not pass muster either. We’re rightly pushing this plate of peas away.

Litt on Warrants for Searching American Communications: Either Misleading or Terrifying

At a hearing Wednesday, members of the Privacy & Civil Liberties Oversight Board asked intelligence official Robert Litt a crucial question: If the sweeping general warrants authorized by the FISA Amendments Act are only supposed to be used for “targeting” foreigners for surveillance, shouldn’t a judicial warrant be necessary before NSA can intentionally dig through its massive database of intercepts for Americans’ communications? Otherwise, after all, such “backdoor searches”—currently allowed under NSA guidelines—seem a dangerous loophole that enables an end-run around the rules that would require court approval to directly target an American’s communications for interception.

Litt’s answer was either extremely misleading or extremely disturbing. He told the oversight board that the number of annual queries to the intercept database was “considerably larger” than the few hundred analysts currently run against NSA’s vast archive of telephony metadata records.  That would make the “operational burden” of a warrant requirement utterly impractical, Litt asserted, and that the Foreign Intelligence Surveillance Court  “would be extremely unhappy if they were required to approve every such query.”

Now, it’s possible that Litt was talking about the total number of queries analysts run against the database of intercepted communications as they sift through it for nuggets of foreign intelligence.  No doubt that number is very large indeed. But it’s also utterly irrelevant to the question PCLOB was asking. Nobody, after all, is suggesting that a warrant be required for every query of NSA’s databases—including queries for topical keywords or “selectors” associated with known foreign intelligence targets.  The question, rather, was whether a warrant should be required for the subset of those queries involving the name or e-mail address of a particular U.S. person—the very query terms that the government would be forbidden from using as selectors to task interception without first obtaining a particularized, probable cause warrant.  If Litt was answering that question by alluding to the total number of queries, then his answer had little bearing on what the PCLOB was trying to discover, and would vastly overstate the practical burden of such a requirement—seriously misleading overseers about the feasibility of a proposed civil liberties safeguard. Litt ought to correct the record if that is what he meant.

What would be hugely more disturbing, however, is if Litt really was giving an answer pertinent to the question he was asked.  In that case, he would be representing that NSA runs “considerably more” than a few hundred annual queries for the names and e-mail addresses of specific U.S. persons, against a database of private communications gathered via general warrants—an authority justified on the premise that it is “targeted” exclusively at non-Americans located outside the United States. That would suggest that the blanket surveillance authority created by §702 of the FISA Amendments Act is precisely what civil libertarians feared: A Trojan Horse mechanism for spying on Americans using the pretext of “foreign targeting.”

In short, either added safeguards on NSA’s use of the §702 database are far more feasible than Litt led the PCLOB to believe, or the authority is being used in a way that circumvents constitutional and statutory protections for Americans’ communications on a chilling scale. Litt should clarify which it is—and then Congress should hasten to reform §702 accordingly.

…In Which Katz Is Not Cited

The Supreme Court is gradually coming to terms with the effect information technology is having on the Fourth Amendment. In 2001, the Kyllo court curtailed the use of high-tech devices for searching homes. In its early 2012 decision in United States v. Jones, a unanimous Court agreed that government agents can’t attach a GPS device to a vehicle and track it for four weeks without a warrant.

But the Court was divided as to rationale. The majority opinion in Jones found (consistent with Cato’s brief) that attaching the device to the car was at the heart of the Fourth Amendment violation. Four concurring members of the Court felt that the government’s tracking violated a “reasonable expectation of privacy.”

What is the right way to decide these cases? Fourth Amendment law is at a crossroads.

The next round of development in Fourth Amendment law may come in a pair of cases being argued in April. They ask whether government agents are entitled to search the cell phone of someone they’ve arrested merely because the phone has been properly seized. Riley v. California and Wurie v. United States have slightly different fact patterns, which should allow the fullest exposition of the issues.

Cato’s brief in Riley, filed this week, again seeks to guide the Court toward using time-tested principles in Fourth Amendment cases. Rather than vague pronouncements about privacy and people’s expectations around it, we invite the Court to apply the Fourth Amendment as a law.

It’s Time to Break up the NSA

says security guru Bruce Schneier on CNN.com.

His brief, readable piece articulates the three distinct – and conflicting – missions the NSA now has, and how they should be handled. It’s no hit piece: Schneier calls NSA’s Tailored Access Operations group “the best of the NSA and … exactly what we want it to do.”

The generals who have built NSA into a fiefdom will fight tooth and nail against true reforms like these, of course, but they’re the kind of reforms we need. The most prominent measures under discussion are mere nibbles around the edges of the problem, or worse.

Spying on Trade Lawyers

The latest NSA spying revelations involve international trade issues, in particular an Indonesian complaint brought at the WTO in response to a U.S. ban on clove cigarette.  (The trade problem was that the U.S. banned clove cigarettes, which are mostly made in Indonesia, but did not ban menthol cigarettes, a competing U.S.-made product). According to the New York Times, the Australian government monitored communications between the Indonesian government and its DC-based trade lawyers, possibly in relation to this case, and passed the information along to the NSA.  (Note that law prof Orin Kerr is skeptical about the way the story is presented in the Times.)

Let me offer the following thoughts:

1. It’s hard to imagine that any information gathered by the Australians had much impact on the WTO case. I suppose it could be a slight advantage to get an early look at your opponents’ arguments, and see how they are thinking about the issues. But I can also imagine that all this additional information would be a distraction, with too much time being spent on marginal points.  It’s worth noting that, in spite of any information U.S. government trade lawyers may or may not have received, the U.S. lost the case. Thus, like most NSA spying, any spying here was probably of limited value.

2. Regardless of its value, this kind of spying is likely to be pretty offensive to our trading partners. The WTO has detailed rules of procedure for its disputes, one of which says the parties must act in good faith (“all Members will engage in these procedures in good faith in an effort to resolve the dispute”). It’s hard to see how receiving confidential information about your opponents’ arguments, if that happened, satisfies this requirement. It will be interesting to see if this gets discussed in upcoming WTO meetings.

3. I wonder whether all of these revelations about spying will accelerate proposals being made by foreign governments to develop non-U.S.-based communications networks: “German Chancellor Angela Merkel said on Saturday she would talk to French President Francois Hollande about building up a European communication network to avoid emails and other data passing through the United States.”

Transparency and Liberty

John McGinnis has some kind words for work I oversee here at Cato in a recent blog post of his entitled: “The Internet–A Technology for Encompassing Interests and Liberty.”

As he points out, the information environment helps determine outcomes in political systems because it controls who is in a position to exercise power.

The history of liberty has been in no small measure the struggle between diffuse and encompassing interests, on the one hand, and special interests, on the other.  Through their concentrated power, special interests seek to use the state to their benefit, while diffuse interests concern the ordinary citizen or taxpayer, or in William Graham Sumner’s arresting phrase, The Forgotten Man. When the printing press was invented, the most important special interests were  primarily the rulers themselves and the aristocrats who supported them. The printing press allowed the middle class to discover and organize around their common interests to sustain a democratic system that limited the exactions of the oligarchs.

But the struggle between diffuse and special interests does not disappear with the rise of democracy. Trade associations, farmers’ associations and unions have leverage with politicians to obtain benefits that the rest of us pay for. As a successor to the printing press, however, the internet advances liberty by continuing to reduce the cost of acquiring information. Such advances help diffuse groups more than special interests.

The Internet is the new printing press, and we’re generating data here at Cato that should allow it to have its natural, salutary effects for liberty.

My favorite current example is the “Appropriate Appropriations?” page published by the Washington Examiner. It allows you to easily see what representatives have introduced bills proposing to spend taxpayer money, information that—believe it or not—was hard to come by until now.

In John McGinnis, we have a legal scholar who recognizes the potential ramifications for governance of our entry into the information age. Read his whole post and, for more in this area, his book, Accelerating Democracy: Transforming Governance Through Technology.