ACSBlog: The Blog of the American Constitution Society

When President Bush signed into law the amended Foreign Intelligence Surveillance Act creating a sea change in the privacy rights of Americans last Thursday, he claimed “this law will protect the liberties of our citizens, while maintaining the vital flow of intelligence.” This was another false statement in an ocean of obfuscation.

It is progress (of a sort) that protecting civil liberties has become an essential talking point, but there is a chasm between rhetoric and reality. The legislation the President lauded, however, traded away the privacy rights of the American people for a false sense of security. To understand what was lost in the deal, it is important to understand the rights that were previously protected.

Long-Standing Surveillance Rules

Before Thursday’s four-year extension of the warrantless surveillance program begun under the short-lived and ill-conceived “Protect America Act,” the Foreign Intelligence Surveillance Act, known as FISA, barred US-based phone and internet companies from allowing the government to “acquire” the contents in the US of electronic communications “to or from” Americans without a warrant. The warrant, required by the Constitution and (until this past year) by Congress, was to be based on a probable cause showing that at least one party to the communication sought was suspected of being an “agent of a foreign power.”

With the approval of a special court created under FISA, the government could obtain and analyze every phone call or e-mail, download one’s personal computer contents (including websites visited), and secretly search one’s home or office. In the event of an emergency, the law permitted the court to be consulted after the fact.

For foreigners, little evidence was needed to show a connection to a foreign government or hostile group, and thus get the court’s okay for surveillance. For U.S. persons, some evidence was required to posit that an American was conspiring with or aiding our nation’s enemies or spying for another country. As is well known, the FISA court approved 99.9% of surveillance requests, after an ex parte proceeding where a special judge reviewed the factual basis for the extensive intrusive secret searches FISA permits.

With the changes in the law signed by this president, now, Americans’ international communications can be acquired in the US by the government from our own telephone or internet companies without any individualized warrant. This overturned a longstanding rule promulgated to curb executive malfeasance. Extensive investigations by Congress in the 1970s revealed to the American people the very existence of the secretive National Security Agency (NSA) and several unconstitutional programs like “Operation Shamrock,” by which the NSA obtained the tapes of nearly every international telegram sent to or from American residents and businesses and analyzed these communications for “foreign intelligence information” (FII). FISA was a response to such abuses and an effort to give full meaning to Americans’ Fourth Amendment rights even when foreign intelligence was sought.

The Long Reach of “Foreign Intelligence”

Since 1978, foreign intelligence information (FII) has been defined to encompass protecting against foreign “terrorism” or “sabotage,” despite assertions by White House allies who pretended as if there was no law permitting surveillance of international communications of suspected terrorists. The threshold required to approve such surveillance was obviously easy to satisfy, as the above statistics demonstrate. But FII is very broad, and includes information related to the “conduct of the foreign affairs” of the US, which can encompass communications ranging from America’s intentions vis-à-vis Darfur to international trade matters that affect a host of US businesses and consumers.

Because FISA can thus permit electronic surveillance and physical searches for purely innocent communications, longstanding rules had permitted the government to demand access to American communications from phone and internet companies here only after first obtaining an individualized warrant from the FISA court. (There certainly was not some sort of novel judicial sanction for a wide-ranging “program” of surveillance in contravention of the Fourth Amendment’s guard against on general warrants.) What the Protect America Act sought to obliterate — and what the new law ostensibly extends for four more years — is the court’s examination of whether there is a proper predicate to obtain a particular individual’s communications and the specificity for such searches required by the Constitution.  

Under long-standing law, until the enactment of the PAA and now this new law, Americans’ communications privacy was protected not just from being targeted but from being acquired from our telephone and internet providers without any showing that someone participating in the communication did something wrong. Now, Americans are only protected (under this statute; I am not conceding the constitutional point) if they themselves are targeted, meaning that their particular phone number or e-mail is programmed into the selection device. Some may think that is good enough, but it is not. Under these new permissions, an array of purely private and innocent American communications will likely be swept up and analyzed ad infinitum.

The New Surveillance Law’s Big Overreach

Under the new law, the only showing the government must make is that their targets are reasonably believed to be abroad and their goal is to obtain foreign intelligence information. Here Operation Shamrock and its eavesdropping kin are resuscitated in plain (legislative) language:

(a)      AUTHORIZATION.—Notwithstanding any other provision of law, upon the issuance of an order in accordance with subsection (i)(3) or a determination under sub section (c)(2), the Attorney General and the Director of National Intelligence may authorize jointly, for a period of up to 1 year from the effective date of the authorization, the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information.

This is from Section 702 of the FISA Amendments Act, H.R. 6304, as passed by the House and Senate and signed into law on July 10, 2008.

More than 5 billion people live outside the US, many of whom communicate with friends, family, and colleagues in the US. Under the administration’s theory, persons abroad who are targeted could be any number of people or groups or governments. There is no need for individualized suspicion on either end of the communication the way the law is written. The government doesn’t need to hit a bulls-eye, but rather the broad side of a barn. In other words, it can “target” (by geography or other criteria) most of the rest of the world, and in the process, sweep in countless (read millions) of American communications, without a court or Congress ever knowing which Americans’ have had their private thoughts seized in transit through the US digital communications network.

We ought to have better protections for our privacy from our own government, not fewer. Americans are global citizens in our business relations, travel and work, and we commit more of our private thoughts to digital communications through cell phones and e-mails than ever before. Our international communications were properly shielded against the NSA’s (and its political masters) snooping until this past year, via a power that Congress was right to let lapse in February but which was reinstated this past week, largely from fear of partisan scaremongering attacks in this upcoming election. If there is a genuine problem with purely foreign-to-foreign e-mails transiting the US network, civil liberties groups were willing to support a focused fix, but not an approach where the government can over-collect private e-mails under the guise that it doesn’t know who or where anyone is located.

While we have heard administration lackeys suggest that the NSA always had access to our international calls under the so-called radio exception in FISA (for satellite reception outside the US), that was never the understanding of the American people. Whenever talk arose about “Echelon” — the array of satellite and monitoring equipment maintained in a partnership between the US, the UK and Australia — the US government would assure Americans that they were not being monitored. Indeed, in the late ‘70s after the NSA shut down Operation Shamrock and Congress was considering FISA, the Director of the NSA assured the investigating Senate Committee’s Chairman that the NSA was not monitoring any circuits terminating in the US.

What that means is that the NSA assured Congress it was no longer focusing on American’s international communications. The only way to believe editorials like the Washington Post’s last week is to believe that for the entire period that FISA has been the law, the NSA has in essence sat just off-shore and sifted through our international communications anyway. That would be a startling revelation, and I suspect it’s one that many Members of Congress would be shocked to learn, if true. That is perhaps the only way to make sense of claims that the bill simply modernizes the law and ensures the NSA has access to the communications it is entitled to.

But instead, Congress was told the bill is for monitoring terrorist communications — even though the administration refused every effort to limit this expansion of power to targeting terrorism or nuclear proliferation. Under long-standing understandings, the government already had the power to monitor purely foreign-to-foreign communications without FISA warrants. What it wanted was access to the US telecommunications infrastructure (as indicated by the sworn statements in the Qwest and Hepting cases).

Surveillance enthusiasts says that changes in technology — the internet — have rendered satellites less helpful with eavesdropping on international communications. Rather than create rules to deal with internet traffic that transits the US or that is generated by specific terrorist targets, they used this issue as a Trojan horse to gain access to virtually all internet communications and to sort through them without any individualized warrants. Administration allies have repeatedly claimed that there are no zip codes on the world wide web (even though in fact most IP addresses are geographic), while simultaneously refusing to discuss that what they want most is access to the American internet—they are interested in sifting through American communications, both content and data.

The New Bottom Line for Surveillance

All this may seem a bit complex, so here’s the bottom line: your e-mail is more vulnerable today than it was yesterday to acquisition, analysis and retention in the NSA’s enormous databases. Even purely domestic e-mails have a greater likelihood of being acquired under this new law. Only communications where the government “knows” “at the time of acquisition” that all recipients are physically located in the US are outside the government’s prying eyes. This implies that if they do not (or choose not to) “know,” they can sweep up American’s information in the process of sorting through international communications after commandeering the infrastructure of US telecom companies.

This approach is not a reasonable search. However, the administration crafted these powers in this way to permit this result. Plainly speaking, no law that respects civil liberties was going to be allowed to pass by the president’s allies or signed into law by this anti-civil libertarian president. While it is true that there are new rules against targeting Americans abroad — problem no one even knew existed until Senator Whitehouse read some of the Justice Department’s discredited OLC opinions — that simply does not outweigh the net loss to the privacy rights of Americans at home.

Looking Backward and Forward

The idea of a retroactive audit, albeit re-crafted by the administration as part of this legislation, has some hope of shedding some new light on how many Americans’ communications were acquired by the NSA, as well as how many calls were listened to or e-mails were analyzed under the Terrorist Surveillance Program (TSP). There is no doubt, in my mind, that this bill permits far more warrantless electronic surveillance than was admitted to under the TSP, which ostensibly was at least limited to al Qaeda. Hopefully, the audit and a new more aggressive Congress will help bring these core issues into the democratic debate next year, with a new president.

In addition, as has been discussed to a much greater degree in the blogs, there are serious constitutional concerns about the effort to permit the government to force the court to dismiss the telecoms companies from the civil suits. Those constitutionally flawed provisions are an offense to separation of powers and an independent judiciary, and I sure hope the court will make full use of the requirement that there be “substantial evidence” that the program at issue was designed at all times and in all iterations to protect against a terrorist attack. We should not create a license by the private or public sector to violate the Constitution and statutes.

At present, the administration stands in the long shadow of 9-11, a darkness in which the light of history or rule of law apparently does not shine. A more reasonable President and Director of National Intelligence would have pushed for a more reasonable result, one that truly protects Americans’ liberties while meeting legitimate national security needs. Giving any government agency warrantless access to the nodes of the US communication system, over which so much of the personal domestic and international communications of the American citizenry travel, is the wrong choice. It risks turning back the clock to an era where the government routinely infringed on Americans’ lives and liberties. We do not need our cold war victory against a totalitarian state to be turned into an Orwellian nightmare.