Confronting the Surveillance State

By Memorial Day weekend, Congress will likely have decided whether the federal government’s mass surveillance programs — exposed first by The New York Times in December 2005 and more broadly by National Security Agency contractor-turned-whistleblower Edward Snowden in 2013 — will be partially reined in or will instead become a dominant, permanent feature of American life.

The creation of what many refer to as the “American Surveillance State” began in secret, just days after the Sept. 11 attacks. As the wreckage of the Twin Towers smoldered, President Bush and his top national security and intelligence advisers were making decisions that would trigger a constitutional crisis over surveillance programs that the public was told was essential to combating terrorism. The first act in this post-Sept.11 drama began on Capitol Hill.

On Sep. 12, 2001, just as the Senate was about to vote on the Authorization for the Use of Military Force (AUMF) against al Qaeda, Majority Leader Tom Daschle received urgent messages from senior White House officials. Even though there was a bipartisan agreement on the resolution, the Bush administration was seeking a radical change in the language. As Daschle revealed in a Dec. 2005 Washington Post op-ed, “Literally minutes before the Senate cast its vote, the administration sought to add the words ‘in the United States and’ after ‘appropriate force.’ This last-minute change would have given the president broad authority to exercise expansive powers not just overseas — where we all understood he wanted authority to act — but right here in the United States, potentially against American citizens. I could see no justification for Congress to accede to this extraordinary request for additional authority. I refused.”

But Bush administration officials wouldn’t take “no” for an answer.

Just two days after the confrontation with Daschle, then-NSA Director General Michael Hayden green-lighted more data collection of global communications system surveillance, including from people inside the United States. And while the country would only learn of this warrantless surveillance program from the New York Times story, many of the specifics about Hayden’s action only came to light much later, through a previously top secret NSA Inspector General report Snowden provided to the Guardian newspaper in June 2013.

As the IG report noted, Hayden directed the NSA “to conduct specified electronic surveillance on targets related to Afghanistan and international terrorism for 30 days. Because the surveillance included wire and cable communications carried in or out of the United States, it would otherwise have required [Foreign Intelligence Surveillance Court] authority.” And while the NSA’s lawyers deemed Hayden’s action a “lawful exercise of his power under Executive Order 12333, United States Intelligence Activities, as amended,” the inspector general observed that “the targeting of communication links with one end in the United States was a more aggressive use of EO 12333 authority than that exercised by former directors.”

What was supposed to be a temporary, emergency program became permanent on October 4, 2001. President Bush signed a secret memorandum formally authorizing it. For the first time since the Vietnam era, an American president was initiating warrantless spying on American citizens.

The chronology of this program, codenamed Stellar Wind, is laid out in great detail in the documents Snowden leaked. Since the publication of documents from the Snowden Archive, two things have become clear. Even as the Bush administration was negotiating with Congress for increased surveillance authority in 2001 — first in the authorization of the use of military force, and later in what became known as the Patriot Act — it was not prepared to be constrained by any act of Congress in its quest to gather data on al Qaeda. That included an unprecedented and for several years successful effort to keep as few lawmakers informed as possible informed, and then only in a cursory way, about the scope of Stellar Wind and related programs. And even after domestic surveillance activities were revealed by news organizations, Congress has not passed legislation to slow down, even a little, the most constitutionally questionable of these activities.

Contrast that with the Watergate era. The Congressional investigation into NSA domestic spying programs known as Shamrock and Minaret took place in 1975, and reforms under the Foreign Intelligence Surveillance Act (FISA) became law in 1978. While Executive Order 12333, signed by President Reagan in 1981, created a possible path around FISA, the public evidence so far suggests that FISA restrained presidents in surveillance until the terrorist attacks of Sept. 11, 2001.

The same month President Bush authorized the secret Stellar Wind program, Congress began the Patriot Act, an omnibus counterterrorism bill. The 131-page bill was, in the words of an ACLU letter to Congress, the result of a closed door deal that granted “the Attorney General and federal law enforcement unnecessary and permanent new powers to violate civil liberties that go far beyond the stated goal of fighting international terrorism. These new and unchecked powers could be used against American citizens who are not under criminal investigation, immigrants who are here within our borders legally, and also against those whose First Amendment activities are deemed to be threats to national security.”

The only legislative safety valve included in the bill was a sunset clause governing some sections of its section — the business records and roving wiretap provisions. These were set to expire on Dec. 31, 2005. Many of the Patriot Act’s surveillance-related provisions alarmed civil liberties advocates. The business records provision, Section 215, would soon be dubbed the library records provision amid fears that it would give Washington the ability to see what library books people were reading. But it was the sweeping electronic communications interception provisions that caused most anxiety.

The business records provision allowed the feds to sweep up en masse a caller’s name, number, the numbers he or she called, when, and for how long. Intimate personal details, such as the whether the caller called his or her psychiatrist, or belonged to a shooting club, or called a divorce lawyer, would be known to the government.

Supporters of the bill claimed that if abuses surfaced, Congress would take appropriate action.

On the day the House voted on the Patriot Act, Rep. Ron Kind, or Wisconsin, told the States News Service that “should unintended results occur from the new authority given to law-enforcement officials to investigate suspected terrorists, there is little doubt Congress will act swiftly to redress these effects.”

Not only would that statement prove untrue, but Kind and other lawmakers were voting for a measure sold to the Congress and the public as offering the best chance to prevent another Sept.11-style attack, without any evidence that the bill actually addressed the real reasons the attacks succeeded.

Indeed, Congress would not launch an investigation into the Sept. 11 intelligence failure until four months after President Bush signed the Patriot Act into law. That investigation, known as the Congressional Joint Inquiry and conducted by the House and Senate Intelligence Committees, would find that our government had ample information well before the attacks that al Qaeda not only planned to strike the United States, but also that some of the hijackers were in living in California for nearly 18 months before they struck.

A child born on September 12, 2001 has lived his or her entire life under the shadow of this surveillance state.

As the executive summary of the report noted:

Some significant pieces of information in the vast stream of data being collected were overlooked, some were not recognized as potentially significant at the time and therefore not disseminated, and some required additional action on the part of foreign governments before a direct connection to the hijackers could have been established. For all those reasons, the Intelligence Community failed to fully capitalize on available, and potentially important, information.

Those findings would be confirmed and amplified by the 9/11 Commission in its final report released in July 2004.

But what neither report addressed were the allegations made at the time by a group of NSA employees, later joined by a former senior House Intelligence Committee staffer, that NSA director Michael Hayden killed a promising program that could have sorted through the available pre-Sept. 11 data on the hijackers and potentially uncovered the plot well in advance.

Beginning in the late 1990s, a tiny group of NSA employees working in the agency’s Signals Intelligence Automation Research Center were tackling what has since become known as the “big data” problem. Phones and computers generate billions of pieces of electronic information every day. NSA was drowning data. In response, crypto-mathematician Bill Binney, and his colleagues Kirk Wiebe and Ed Loomis, created a collection, analysis and dissemination program called Thinthread.

Describing it to New Yorker journalist Jane Mayer in 2011, Binney said, “The beauty of it is that it was open-ended, so it could keep expanding” to keep up with the ever-increasing volume of data flowing into the NSA. Binney and his team also gave Thinthread the ability to anonymize, segregate and encrypt the data of any American citizen whose communications were inadvertently swept up in the collection process. The idea was for U.S. courts to be the custodian of the encryption keys for data, which in Binney’s scheme would only be accessible via warrant.

NSA Director Michael Hayden had other ideas. He killed Thinthread in the fall of 2000 in favor of a far more expensive and untested system called Trailblazer, which turned into a boondoggle that wasted hundreds of millions of dollars without producing a single piece of actionable intelligence. Thinthread’s technology was turned into a mass surveillance tool with no constitutional protections for citizens’ communications.

Angry at the waste, fraud and abuse generated by Trailblazer, and confident that Thinthread could have thwarted the Sept. 11 attacks, Binney, Wiebe and Loomis filed a complaint with the Department of Defense Inspector General in late 2002. Joining them was former House Intelligence Committee staffer Diane Roark, who had tried unsuccessfully to get her boss, committee chairman Porter Goss, to investigate the Trailblazer fiasco and Hayden’s role in killing Thinthread. Helping them in the background was senior NSA executive Thomas Drake, who had continued to lobby for Thinthread’s deployment after Binney, Loomis and Wiebe retired from the NSA.

[DISCLOSURE — The author is one of the few people outside of NSA and the DoD IG to have reviewed the full classified IG report on the Thinthread/Trailblazer episode. I did so in my capacity as a House staffer while working for then-Rep. Rush Holt in 2013 during his service on the National Commission on Research and Development in the United State Intelligence Community. Without disclosing classified details, I can say this: The report validated the allegations made by Drake, Binney, Loomis, Wiebe and Roark. I am currently seeking full declassification of that report.]

Drake went so far as to share the Thinthread story with the CJI investigators, but to no effect. I found no public evidence that the Joint Inquiry ever investigated Drake’s claims, or ever contacted Binney, Loomis, Wiebe or Roark. Neither did the 9/11 Commission, according to all five, who shared their recollections with the author. All of them would ultimately be investigated by the Department of Justice for allegedly leaking classified data related to Thinthread — an allegation that was never substantiated. Drake was indicted but the charges — were all dropped. In exchange, Drake pled out to a minor misdemeanor (having nothing to do with the original indictment or anything allegedly classified) under the Computer Fraud and Abuse Act for “exceeding authorized used of a government computer”. He was sentenced to one year probation and 240 hours of community service. At Drake’s sentencing, the presiding judge castigated the Justice Department for its misconduct in the case, but he levied no sanctions on government lawyers for wrongful prosecution.

Congress failed to conduct a thorough inquiry in which all of the relevant data offered by Drake, Binney, Loomis, Wiebe and Roark were examined. Instead, the House and Senate chose to wait to begin their flawed inquiry until after passing a bill that vastly and unnecessarily increased the government’s surveillance powers, and which ignored documented, credible allegations of malfeasance and dereliction of duty by the NSA leadership in the years leading up to Sept. 11.

Moreover, even after spending millions of dollars on two separate (but hardly exhaustive) Sept. 11-related inquiries, Congress failed to heed the most important finding of both, that analytical, management, and information sharing failures, not collection shortfalls, were the real reasons why the attacks succeeded.

Ignoring this key finding, Congress repeatedly renewed the expiring provisions of the Patriot Act. The first such renewal occurred despite the publication on Dec. 16, 2005 of the first New York Times story describing Stellar Wind. Congress also took a provision from the law creating the new Director of National Intelligence and rolled it into the Patriot Act reauthorization, a change the ACLU said permitted “secret intelligence surveillance of non-U.S. persons who are not affiliated with a foreign organization” in order to go after alleged “lone wolf” terrorists. And while the language of the Patriot Act’s “business records” provision was altered in March 2006 to include the phrase “relevant to an authorized investigation” in an effort to narrow the scope of the government’s dragnet collection operation, as documents from the Snowden archive and partially declassified Foreign Intelligence Surveillance Court records would show, executive branch officials chose to interpret the phrase “relevant” in the broadest possible way.

The New York Times story did lead to a debate in Congress lasting more than a year over how to deal with Stellar Wind. The solution, passed in 2007, was the so-called “Protect America Act” (PAA) — which simply legalized the illegal program. The ACLU deemed it the “Police America Act” and denounced the bill’s “bulk collection” language, which allowed the government to evade the Constitution’s individual, specific probable cause requirements and use a single warrant to collect information on potentially millions of people. Opponents were able to get a “sunset” provision inserted into the bill, but it was a pyrrhic victory. The bill that replaced it in 2008, the FISA Amendment’s Act (FAA), included the same “bulk collection” general warrant authority as the PAA, as well as no meaningful court oversight. Like the Patriot Act, the FAA would be renewed into the second decade of the 21st century.

A few months before Snowden went public, there were hints that the NSA’s post-Sept. 11 surveillance activities were constitutionally dubious. In a March 2013 Senate Intelligence Committee hearing with Director of National Intelligence General James Clapper, Senator Ron Wyden of Oregon had the following exchange with America’s top spy:

So, what I wanted to see if you could give me a yes or no answer to the question: Does the NSA collect any type of data at all on millions, or hundreds of millions of Americans?”

Clapper: “No, sir.”

Wyden: “It does not?”

Clapper: “Not wittingly. There are cases where they could inadvertently, perhaps, collect, but not wittingly.”

Wyden: “All right. Thank you. I’ll have additional questions to give you in writing on that point, but I thank you for the answer.”

Both the general and Wyden knew Clapper’s answer was false, but Clapper refused to correct the record publicly until after the initial Snowden revelations appeared in the Guardian.

And the Patriot Act’s primary author, former House Judiciary Committee Chairman James Sensenbrenner, made it clear to executive branch officials a month after Snowden went public that the days of NSA and the Justice Department playing fast-and-loose word games to justify mass surveillance were over. At the end of a tense exchange with Deputy Attorney General James Cole in a July 2013 House Judiciary Committee hearing, Sensenbrenner said, “Let me tell you, as one who has fought Patriot Act fights usually against the people over on the other side of the aisle, Section 215 expires at the end of 2015, and unless you realize you have got a problem, that is not going to be renewed. There are not the votes in the House of Representatives to renew Section 215, and then you are going to lose the business record access provision of the Patriot Act entirely.”

But he didn’t wait until 2015 to make his point.

Later that same month, Sensenbrenner joined Tea Party favorite Rep. Justin Amash of Michigan and 203 other House colleagues on an amendment to the annual Defense Department spending bill that would have defunded the Sec. 215 warrantless surveillance program. Although the amendment failed by a mere 13 votes, its bipartisan nature (94 Republicans and 111 Democrats voted for it) sent what seemed to be a clear message: support for mass NSA surveillance was collapsing. And less than a month after that vote, Amash, Sensenbrenner, and other House members would learn that key information about the scope of NSA’s domestic spying under the Patriot Act’s Sec. 215 provision had been withheld from them by House Intelligence Committee leaders just before the 2011 Patriot Act renewal vote.

Amash said “It is not acceptable for the intelligence committee, or any other committee, to withhold critically important information pertaining to a program prior to the vote.” Had the true scope of the Sec. 215 telephone metadata program been understood by House members as a whole in early 2011, it is extremely unlikely the program would have been reauthorized in its original form, and possibly even killed altogether. House Intelligence Committee chairman Mike Rogers of Michigan, and his Democratic counterpart, Dutch Ruppersberger of Maryland, vehemently denied any deliberate attempt to withhold the reports in question.

During early 2013, NSA and Obama administration officials would be forced to backtrack on their sensational claim that the Sec. 215 program helped disrupt 54 terrorist plots. In fact, it played a minor and duplicative role in just one incident. Even NSA’s then-number two leader, Chris Inglis, was forced to concede to the Senate Judiciary Committee in July 2013 that it’s “not the most important tool.” In fact, it was a constitutionally-dubious electronic version of “security theater” that was simply vacuuming up the information of millions of innocent Americans.

Snowden’s revelations jump-started the surveillance reform effort. By the fall of 2013, two proposals were circulating in the House. The Surveillance State Repeal Act, first introduced in early August 2013 by then-Rep. Rush Holt, would have terminated both the Patriot Act and the FISA Amendments Act. [DISCLOSURE — I was the staffer who developed the bill for Rep. Holt]. The second, more modest proposal was offered by Sensenbrenner and called the USA Freedom Act. The bill was focused primarily on ending the existing Sec. 215 telephone metadata program, and included some FISA Court improvements.

As those two bills made their way through the legislative process, supporters of surveillance reform got their first and only court victory, in Dec. 2013. U.S. District Court Judge Richard Leon ruled that the government’s Sec. 215 telephone records collection program was unconstitutional.

Leon noted that FISA court judge Reggie Walton had previously “concluded that the NSA had engaged in ‘systemic noncompliance’ with [FISA court]-ordered minimization procedures” and “had also repeatedly made misrepresentations and inaccurate statements about the program to [FISA court] judges.”

“I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval… Indeed, I have little doubt that the author of our Constitution, James Madison, who cautioned us to beware ‘the abridgement of freedom of the people by gradual and silent encroachments by those in power,’ would be aghast,” Leon said.

While he granted attorney Larry Klayman’s request for an injunction against the government’s program, Leon stayed his order pending the inevitable government appeal. [The case, as well as two others against NSA, remain on appeal today.]

While 2013 ended on a relative high note for surveillance reform supporters, 2014 would bring a string of legislative setbacks. Even a stinging report by a hand-picked White House surveillance policy review group (which found the Sec. 215 program worthless) and a similar report by the federal Privacy and Civil Liberties Oversight Board (which stated the program had no legal basis) failed to produce meaningful changes in NSA domestic spying operations. And the hoped-for legislative fixes either went nowhere or were eviscerated by the House Republican leadership. Indeed, many of USA Freedom Act’s original supporters ended up voting against the watered-down version that eventually reached the House floor just before Memorial Day 2014.

Reformers were able to take some solace from a legislative victory in June 2014. Rep. Zoe Lofgren, D-Calif., and Rep. Thomas Massie, R-Ky., took the government “back door” ban language from the Holt bill and added language baring the government from using taxpayer dollars to search the stored emails of Americans absent a warrant to create an amendment they offered to the annual Pentagon spending bill. With the help of some privacy and civil liberties groups, such as FreedomWorks, the amendment passed by a whopping 293-123 — good enough to override an Obama veto.

But that victory would also be undone after the November 2014 elections, when GOP leaders in both chambers ensured the provision was not included in the final Defense Department spending bill. The final setback for reformers was the procedural death in the Senate of a revived (but still relatively weak) USA Freedom Act, offered by Senate Judiciary Committee chairman Patrick Leahy of Vermont. The vote to end debate on the bill and proceed to a final vote failed when Sens. Rand Paul of Kentucky, Chuck Grassley of Iowa, and Ben Nelson of Florida withheld their support.

This year began with both surveillance reformers and their opponents circling one date on their respective calendars: June 1, 2015. On this date, the Patriot Act’s Sec. 215 “business records,” “lone wolf” and “roving wiretap” provisions will expire unless Congress agrees to extend them. If public opinion on the topic is any indication, mass surveillance supporters have a tough job on their hands.

In March 2015, Pew released the results of its latest poll on attitudes on surveillance. Seventy percent of Republican or Republican-leaning respondents said they were “less confident the surveillance efforts are serving the public interest.” Over half of Democrats or those leaning Democratic felt the same way. And of the 87 percent of adults who have heard of the surveillance programs, 34 percent had “taken at least one step to hide or shield their information from the government.” This is how the true costs of mass surveillance programs should be measured: not just in dollars, but in how they have eviscerated the Constitution’s free association, speech and privacy guarantees. The chilling effect of government surveillance is real, and the poll makes clear it is causing this country’s citizens to disconnect from one another, alter what they search for online, and even self-censor. Our own government, not al Qaeda or ISIS, is responsible for this fear and subversion of constitutional rights that has produced these ominous changes.

A child born on September 12, 2001 has lived his or her entire life under the shadow of this surveillance state. Whether their full constitutional right to be free from warrantless search and seizure of their online communications will be restored remains to be seen. What is clear is that unless their elders force Congress to end the surveillance state, the generation born after Sept. 11, and all those who follow, will live in a country that would shock Madison, and the Founders.

Patrick G. Eddington is a policy analyst in homeland security and civil liberties at CATO.