In this space, guest contributor Gail Bronson defended the NSA’s mass surveillance program, taking the side of former NSA General Counsel Stew Baker against that of Georgetown University professor David Cole. By posing it as a confrontation, the audience is invited to take sides. A more productive method might be to see where the parties agree, and how we can improve and legitimize NSA data collection (spying).
To do so requires the kind of open and frank discussion and disclosure which, until the Snowden revelations, was all but impossible. Thus, the NSA has always operated under a “trust me” mentality – that they are doing important work (which they are) and that any discussion of what they do will necessarily undermine their ability to do it (which it won’t).
Spy on Me.
The title of Bronson’s article, “Go Ahead, Spy on Me” illustrates a common feeling among “law abiding” citizens. If you aren’t doing anything wrong, why should you worry about what the NSA (or FBI, or ATF, or local police, or for that matter, Iranian intelligence services, North Korean military, etc.) are doing? This concept that privacy is only a refuge for the guilty is inimical to the concepts, structure and purposes of the U.S. Constitution. The Fourth Amendment for example says “the right of the people to be secure in their persons, places, houses and effects against unreasonable searches and seizures shall not be abridged.” The Fifth Amendment similarly says, “no person shall be compelled to be a witness against himself.” These rights, and the others are reserved to all the people – not just those with something to hide. While an individual can choose to share their telephone calls, location data, Internet searches, browsing activities and other data with whomever they wish, the activities of the NSA take that choice away from them. Fine if Bronson wants to give her data to the NSA, but I should likewise be able to decide not to.
Which brings up the real problem with what the NSA is doing. The NSA, and unfortunately current law, tends to treat privacy as binary – like being pregnant; you either have privacy or you don’t. In a landmark case in 1979, the Supreme Court held that when a person chooses to share information (telephone toll data) with a third party (the phone company) they have voluntarily consented to sharing that data with anyone – they have lost their expectation of privacy. They have assumed the risk associated with this sharing. As Justices Marshall and Brennan pointed out in that case:
Implicit in the concept of assumption of risk is some notion of choice. At least in the third-party consensual surveillance cases, which first incorporated risk analysis into Fourth Amendment doctrine, the defendant presumably had exercised some discretion in deciding who should enjoy his confidential communications. By contrast here, unless a person is prepared to forgo use of what for many has become a personal or professional necessity, he cannot help but accept the risk of surveillance. It is idle to speak of “assuming” risks in contexts where, as a practical matter, individuals have no realistic alternative.
The NSA’s authority to collect the telephone records of hundreds of millions of innocent U.S. citizens, and then to mine that data, cross reference it, link it to other data, do pattern and other analysis on it, use it for target selection and identification, profile people based on that data, and use that data to collect other data is dependent on the concept that, in some way by using the telephone you have “consented” to this activity. In other words, the NSA asserts that you have consented to allow the NSA to do things with the data that they can’t tell you they are doing because what they are doing is classified. While Ms. Bronson may have so consented, I don’t recall doing so.
Is it Legal?
The NSA and Ms. Bronson unfailingly assert that their activities are perfectly legal, authorized by Congress, and approved by the Courts. Close. But no cigar.
First of all, when we say that something is “legal” we are saying that it does not expressly violate U.S. law. I am certain that the Bundeskriminalamt, the German law enforcement agency would NOT agree that wiretapping Angela Merkel is “perfectly legal.” Nor would EU governments agree that the mass collection of location data on innocent EU citizens is “perfectly legal.” Indeed, if a U.S. hacker were to break into a fiber optic trunk line, or exploit a vulnerability in security to obtain the exact data that the NSA did, they would be put in jail. Now U.S. computer crime laws have an exception for “authorized law enforcement or intelligence” activities, but I can be certain that, unless the foreign governments authorized the activities, they violated the law.
That’s not a moral judgment, by the way. Most of what the intelligence agencies do violate the law. Their purpose it to reveal that which people want concealed. To spy, to break in, to track and to monitor. So saying that what they do is a crime is not a moral judgment. Just a factual one. It is disingenuous for the NSA to claim that it is “legal.” It is like claiming that killing Afghan civilians with a drone attack is “legal.” A better term is “authorized by the U.S. government.” Now the people I know at the NSA have been scrupulous about following the law, but the people I know at the NSA have mostly been lawyers. The Snowden case, and the cases of SEXINT and massive disobedience to judicial constraints on power show that much of the activity of the NSA employees was clearly not “legal.”
But it is necessary to protect national security.
Compared to what, and at what price? Very few people would have a problem with the NSA being able to capture the phone calls and patterns of actual foreign terrorists, both in the U.S. and abroad. Very few would have a problem with the FBI collecting the same data on U.S. based terrorists. That is NOT what we are talking about here.
What we are talking about is the NSA collecting everything (and ultimately it will be revealed that they have collected or have attempted to collect everything) about everyone in the U.S. and have stored and processed it because it might later be relevant to any authorized NSA function.
Think about that for a minute. Under the NSA’s existing legal authority, coupled with their (and the FISA court’s) unique definition of “collect” and “relevant” and “document” the NSA has the legal authority to collect just about anything about just about anyone. Thus, the NSA could collect all credit card transactions, banking transactions, purchases, location data, facial recognition data, traffic cameras, surveillance cameras (think, your local 7-11 cam), communications information (call data), Internet data, social networking data, Internet searches, gaming habits, internet purchases and shopping, books periodicals and other reading data, video and streaming information, travel records, EZ Pass information, music listening habits, and even what books you read, and what page you are on when you stop reading.
And they can collect this information about everyone in and outside the United States. And they can store it for as long as they wish. And they can cross reference it, deep mine it, and share it with whomever they want. And they can do it all with or without a warrant.
You see, all of the data described above is “third party” data – data you have voluntarily shared with some third party. Therefore, under existing law, you have no “reasonable expectation of privacy” in that data, just like your telephone toll records. And just like telephone toll records, the NSA can demand that companies like Experian, Amazon, Apple, Google and Comcast produce these records on every single American citizen every single day, provided that the NSA really, really, really promises not to look at the data unless it relates to a foreign citizen. The NSA also was using Google cookies to select targets for offensive hacking operations.
Yes, that’s legal. So saying that what the NSA did is “legal” is the beginning, not the end of the analysis. The real question is, should it be?
I don’t doubt that there is tremendous utility in being able to track locations, analyze phone patterns, and use (Signals Intelligence) SIGINT. I don’t doubt that it is easier for the NSA to have everybody’s data in their location, rather than have to get it when they need it. In fact, if there was a massive database of this information for law enforcement in the United States, crimes could be solved more easily. Episodes of “Law and Order” would be only 5 minutes long. The government would collect everyone’s DNA from doctors and hospitals (remember, you voluntarily shared that data with a third party), and they wouldn’t have to do a “tower dump” from the phone company – they would have the location data already.
If we got rid of that pesky Fourth Amendment, we could just mosey into people’s houses, read their mail, listen in on their phone calls at will. That would help stop crime as well.
The presumption is that ALL searches without a warrant, ALL of them are illegal.
The presumption is that warrants are public.
The presumption is that warrants are issued by a neutral and detached magistrate, not one who operates in secret, is unaccountable to anyone, and whose decisions cannot be known, much less appealed.
The presumption is that a subject of a search knows that a search has been conducted, is given a copy of the warrant, and has the authority to challenge the scope and purpose of the search.
It’s not that what the NSA did was legal or illegal that is the problem. The problem is that we have so structured the law that virtually nothing is illegal. And that is what needs to be addressed. So if Ms. Bronson wants everyone to spy on her, that’s her prerogative. As for me, do the reasonable things to keep me safe, but stay out of my personal life. Please.