A Reply to Andy McCarthy on Patriot and Roving Wiretaps

National Review's Andrew McCarthy thinks proponents of Partiot Act reform, yours truly included, are too concerned with hypothetical problems:

Concerns about “John Doe” warrants — i.e., roving wiretap authorizations that do not name a specific person or place to be surveilled — have been discussed since 2001. Two things stand out. First, although we’ve now had this provision for close to a decade, civil liberties advocates like Mr. Friedersdorf and Cato’s Julian Sanchez still have to couch their objections in the subjunctive mood: the warrants “raise the possibility” of overbreadth abuses “disturbingly similar to the ‘general warrants’” prohibited by the Fourth Amendment. That is, although the Patriot Act has been examined, debated, and reauthorized a number of times since its initial passage shortly after 9/11, critics still have no concrete record that roving taps have been systematically abused, so they have to raise potential abuses that never seem to materialize.

A few points. The concerns about overbreadth—which at the collection stage are at least as likely to result from error as deliberate abuse—are about as "subjunctive" as the benefits of roving taps, given the paucity of public information about their use, which is precisely why caution is in order. (So useful are they, on McCarthy's telling, that you'd have to be "downright dumb" not to get a roving tap whenever you do FISA surveillance. I'm not sure what he means to imply about our intelligence agents, given that 99 percent of FISA wiretaps are non-roving.) We've had extensive Inspector General audits of both Section 215 business record authority and expanded National Security Letter powers—audits which have assuaged some worries in the former case and confirmed them in the latter one. We've had nothing comparable for roving wiretaps. It seems a little cute to use the very absence of transparency that characterizes surveillance in the criminal context as some kind of cudgel. And it seems downright absurd when you consider some of the practical realities of intelligence surveillance.

Just in fiscal 2008, the FBI alone collected 878,383 hours (or just over 100 years) of audio, much of it in foreign languages; 1,610,091 pages of text; and 28,795,212 electronic files. A recent review of FBI backlogs by the Office of the Inspector General found that fully a quarter of the audio collected between 2003 and 2008 remained unreviewed (including 6 percent of counterterror acquisitions and 31 percent of counterintelligence acquisitions, the two categories covered by FISA wiretaps). Let that sink in for a second: They have literally years worth of audio material alone that the Bureau itself can't be sure of the contents of, never mind any kind of independent oversight body.

In the criminal context, that recorded material would have been minimized in realtime to ensure that only conversations relevant to the criminal violation specified in the search warrant were recorded. In the case of a criminal roving tap, acquisition would begin only when an investigator had ascertained—by visual surveillance of a payphone, for example—that an individual target identified by name in the warrant was "reasonably proximate" to the facility being intercepted. (It is precisely these requirements, which leave "virtually no possibility of abuse or mistake" that have persuaded courts to find criminal roving taps compatible with the "particularity" requirements of the Fourth Amendment.) The targets of that criminal surveillance must be informed about it soon after the wiretap terminates, and since the purpose of criminal wiretaps is, of course, criminal prosecution, it will typically be subject to discovery at trial, subject to scrutiny by defense attorneys with a powerful incentive to identify any improprieties.

Under FISA, initial acquisition is broad with "minimization" occurring weeks or months later—if not longer. Those minimization standards are fairly permissive, and even recordings that have nominally been "minimized" (by omitting them from logs or indexes, for example) may remain retrievable in practice. The targets will typically never learn they have been tapped—nor will the non-targets whose communications get swept up in the process. Since the purpose of FISA surveillance is intelligence gathering rather than prosecution, there will never be a trial or a discovery process for most of that material. Now add atop that the realization that some of that material may be acquired on the basis of an agent's decision to target an account or phone line not identified in any warrant, on the basis of a belief that it is being used by an unnamed target identified only by description.

Finally, consider the nature of the "abuses" we need to be concerned about in the intelligence context. The most notorious cases in our history occurred under Richard Nixon, who brazenly authorized surveillance of political enemies unrelated to any legitimate national security or intelligence purpose—but was also often obtained in the course of initially justifiable investigations that strayed too far afield. Intelligence of political value was selectively leaked to friendly legislators and other government officials, while personally embarrassing or scandalous tidbits about activists, political figures, journalists, and celebrities found their way to J. Edgar Hoover's infamous "Personal and Confidential" file for safekeeping, where they might stay for months or years—until they could be converted into tools of intimidation, extortion, or personal destruction.

Two conclusions, I think, can safely be drawn from these facts. First, meaningful after-the-fact oversight of the fruits of FISA surveillance is a chimera. The issue is not just that the safeguards here are less stringent on the front end—in this case, the absence of the requirement that roving taps name each individual target—but that many of the the back end safeguards are missing too. Sometimes, of course, it is possible to catch abuses on the backend, but the reality is that if they do occur, there's a good chance we won't know about it. Last year, the Office of the Inspector General concluded that someone at the FBI had retroactively fabricated an investigation to justify the ill-considered (and, when it was disclosed, highly embarrassing) assignment of a rookie agent to observe an anti-war protest. As a result, the director of the FBI (unwittingly) provided false—and falsified—information to Congress under oath. Despite a protracted and intensive inquiry into this single incident, the OIG could not determine who within the Bureau was responsible for this. Yet Andy McCarthy assures us that there were any improprieties in the collection of that century of wiretap material, of course we'd know about it.

Second, the nature of intelligence abuses is such that the practical harm of overbroad information collection may not occur until well after the initial acquisition, and may be all but impossible to trace to the source when it does. Initially sweeping and discretionary acquisition, I suspect McCarthy would insist, doesn't count as an "abuse" because, of course, the rules permit sweeping and discretionary acquisition! (See what I did there?) Should some unscrupulous person find a way to exploit the overcollection years after the fact, it will certainly count as "abuse" by anyone's definition, should we ever learn of it—but history provides scant grounds for optimism there. The whole point of using private information as a mechanism of control is that the people over whom you're exerting that control—the victims—generally don't want it publicized. Because this sort of abuse is fairly difficult to detect or check on the back end, what you need to do in practice is ensure that the breadth and discretion of acquisition are sufficiently constrained on the front end.

One last general observation. McCarthy's approach here—and even more so in his previous post on the topic—is one we see surveillance hawks applying in a wide range of particular debates. Though they are forever reminding us that it is a grave error to conflate intelligence missions with ordinary criminal investigations, the vast differences between those two domains are conveniently forgotten when it's time to defend more surveillance powers. Then we're told that some new authority just gives intelligence agents "the same" tools as ordinary police or prosecutors have. But it is never the same. In this case even the narrow claim is false, insofar as criminal roving taps lack a "John Doe" option. But the more important point is that everything else about the context of intelligence—from the byzantine legal architecture to the anticipation of publicity to the institutional culture to the ultimate purpose of surveillance—is different. You might as well expect a drowning man to be grateful when you throw him a Ford Explorer. It is, after all, the very same vehicle that works so well in the context of ordinary road travel!