national security

The Cost of Counterterrorism Review

My synopsis of Laura Donohue’s The Cost of Counterterrorism: Power, Politics, and Liberty is now up on the JustSecurity blog.  A couple of quick thoughts on the book:

First, it was impossible not to read in various Snowden revelations throughout the book.  It read very much like a prelude to all of the different programs and oversight problems we have learned about over the past year, which suggests that Snowden’s leaks really just confirmed what security critics were already surmising.  Further, considering the book was release right at the start of the smartphone explosion and the rise of “Big Data,” it’s fascinating to see how Professor Donohue talked about the capabilities of these technologies.

Second, my major criticism of the book is that it reads like a bunch of law review articles duct-taped together.  This may speak volumes for how legal scholarship is produced, or how many non-fiction books are collections that build upon a certain idea or original essay. Regardless, it was impossible not to notice how jarring portions of the book were.  Professor Donohue’s overall framework is to compare the national security regimes of the United States with the United Kingdom, and this leads to chapters that bounce from the Irish Troubles to American military policy in Iraq.  The comparison doesn’t always hold, and it some spots feels unwarranted.

National Security Journalism: From Watchdog to Lapdog

In 2011, as I was wrapping up law school, I wrote a lengthy, ranting paper about the problems watchdog journalism faced in effectively reporting about national security and foreign affairs.  Fueled by a combination of a course on media law, a recent set of disclosures by WikiLeaks, and an unhealthy amount of Sunday morning talk show viewing, I blamed the “systemic professionalization” of our major media for weakening the press’ watchdog function vis-a-vis government.  Specifically, I argued that objectivity in journalism had the unintended consequence of making major media extremely susceptible to having its coverage of foreign affairs and national security issues in general manipulated by outside actors, especially the government.

A combination of cost-cutting and the twenty-four hour news cycle has forced the media to rely on information provided directly from government officials, and this sort of access has become arguably as valuable as rigorous documentation, critical analysis, or investigations. This leads to an outcome where government becomes the arbiter of what news the public gets to learn.  Over time, my thinking was that reliance on government for the story indirectly reduces the press’s credibility. Since government briefings have become notoriously managed and “spun,” the perverse result is that government information is often considered more reliable or more truthful if it given anonymously and off-the-record, which produces the deluge of anonymous sourcing we see in the media today.

It is my belief that one of the key values of a free press is to serve as a check on government action, but when this sort of government access is combined with a slavish devotion to objectivity, it has the unintended consequence of making our watchdog press more a neutral arbiter than an antagonistic body that oversees government behaviors. Cloaked in secrecy, national security issues provide government officials with an opportunity to shape reality as they wish it — as we have seen repeatedly over the last year.  I.F. Stone one famously stated that “every government is run by liars and nothing they say should be believed,” but how often do our most esteemed journalists dare call a politician’s lie a lie?

In 1947, the Commission on Freedom of the Press suggested that market forces and citizen efforts could be used to improve the media’s watchdog capability.  When I wrote this paper in 2011, I concluded that this casual observation may be more feasible now than six decades ago due the rise of so-called new media. Collaborative journalism is on the rise:

Reporting is becoming more participatory and collaborative. The ranks of news gatherers now include not only newsroom staffers, but freelancers, university faculty members, students, and citizens. Financial support for reporting now comes not only from advertisers and subscribers, but also from foundations, individual philanthropists, academic and government budgets, special interests, and voluntary contributions from readers and viewers. There is increased competition among the different kinds of news gatherers, but there also is more cooperation, a willingness to share resources and reporting with former competitors.

Maybe now the solution is the professionalize the blogosphere?

In any event, doesn’t this entire enterprise of collaborative journalism sound like exactly how this past year’s reporting on NSA surveillance has been carried out?  Glenn Greenwald is, in the best sense of the word, a blogger by tradition, and numerous organizations, from establishment media to ProPublica and independent researchers like Ashkan Soltani, have brought information to the public.  In the coming year, Greenwald has teamed with billionaire Pierre Omidyar to launch First Look Media.

I had largely forgotten about the paper, but considering its the new year, I thought it worth something to share publicly.  Please feel free to read and criticize — that’s what being a watchdog is all about!

Europe Misdirects Rage on the US Safe Harbor

This morning, the European Commission released its report on the state of the US-EU Safe Harbor, a mechanism that provides for international data transfers, proposing a series of recommendations designed “to restore trust in data flows between the EU and the U.S.”  Europeans have long been critical of the Safe Harbor — and America’s free-wheeling attitude toward privacy in general — but the Summer of Snowden provided a perfect pretext to “reconsider” the efficacy of the Safe Harbor.

America’s hodgepodge or “sectoral” approach to privacy has increasingly placed U.S. officials on the defensive, and there’s no question the Safe Harbor can be improved.  However, conflating Safe Harbor reform with justified anger about expansive NSA snooping is counterproductive.  First and foremost, while public and private data sharing is increasingly intermingled, government access to data is not the same as commercial data use.  The Safe Harbor was explicitly designed to protect the commercial privacy interests of EU citizens.

It was not created to address national security issues, and the Safe Harbor specifically provides an exception from its requirements “to the extent necessary to meet national security, public interest, or law enforcement requirements.”  As FTC Commissioner Julie Brill has noted, national security exceptions to legal regimes are not unusual.  For example, the HIPAA Privacy Rule permits the disclosure of private health information in the interest of national security, and even the EU’s stringent Data Protection Directive includes an exception for state security or defense.

Read More…

The Toobin Principle as a Corollary to the Snowden Effect

Jay Rosen has a fantastic piece today on PressThink on what he calls the “Toobin principle“.  In effect, Jeffrey Toobin and a number of media figures have criticized Edward Snowden as a criminal or, worse, a traitor even as they admit that his revelations have led to a worthwhile and more importantly, a newsworthy debate. For his part, Rosen asks whether there can “even be an informed public and consent-of-the-governed for decisions about electronic surveillance”?

I would add only the following observations. First, an informed public may well be the only real mechanism for preserving individual privacy over the long term. As we’ve seen, the NSA has gone to great lengths to explain that it was acting under appropriate legal authority, and the President himself stressed that all three branches of government approved of these programs. But that hasn’t stopped abuses — as identified in currently classified FISC opinions — or and I think this is key, stopped government entities from expanding these programs.

This also begs the bigger, looming concern of what all of this “Big Data” means. One of the big challenges surrounding Big Data today is that companies aren’t doing a very good job communicating with consumers about what they’re doing with all this data.  Innovation becomes a buzzword to disguise a better way to market us things. Like “innovation,” national security has long been used as a way to legitimize many projects. However, with headlines like “The NSA is giving your phone records to the DEA. And the DEA is covering it up,” I believe it is safe to say that the government now faces the same communications dilemma as private industry.

In a recent speech at Fordham Law School, FTC Commissioner Julie Brill cautioned that Big Data will require industry to “engage in an honest discussion about its collection and use practices in order to instill consumer trust in the online and mobile marketplace.”  That’s good advice — and the government ought to take it.

Privacy Protections from FISA Court May Not Compute

This is cross-post on the American Constitution Society’s blog.

After the events of the past few weeks, a discussion presented by the American Constitution Center on the search for privacy and security on the Internet posed many questions but few answers. In an article on The Daily Beast, Harvard Law Professor Lawrence Lessig has noted that the “Trust us’ does not compute,” but after a contentious, technical discussion of both the NSA’s PRISM program and the cellular metadata orders, a panel of privacy law scholars were forced to concede that “trust us” is today’s status quo when it comes to programmatic government surveillance.

It wasn’t supposed to be this way. When the Foreign Intelligence Surveillance Act was first passed in 1978, the law was designed to “put the rule of law back into things,” explained Professor Peter Swire, co-chair of the Tracking Protection Working Group at the W3C and the first Chief Counselor for Privacy at OMB. The emergence of the Internet, however, changed everything. Intelligence agencies were faced with a legal framework that could not account for situations where “games like World of Warcraft [could be] a global terrorist communication network,” he said.

But even as communications technology has been made to serve bad actors, it has also ushered in a Golden Age of surveillance. Modern technology today can easily determine an individual’s geolocation, learn about an individual’s closest associates, and connect it all together via vast databases. Within the federal government, without strong champions for civil liberties, the availability of these technologies encouraged government bureaucracy to take advantage of them to the full extent possible. Absent outside pressure from either the Congress or the public, “stasis sets in,” Swire said.

Yet while service providers collect vast amounts of data about individuals, a combination of business practicalities and Fair Information Practice Principles which stress retention limits and data minimization mean that businesses simply do not keep all of their data for very long. As a result, the government has used Section 215 of the PATRIOT Act to collect and store as much information as possible in the “digital equivalent of the warehouse at the end of Indiana Jones,” said Professor Nathan Sales, who largely defended the government’s efforts at intelligence gathering.

The difficulty is that these sorts of data collection projects present important Fourth Amendment considerations.  In his passionate dissent in the recent Maryland DNA collection case, Justice Antonin Scalia joined three of his liberal colleagues to explain that the Fourth Amendment specifically protects against general searches and demands a particularity requirement.  However, a general search is exactly what an order permitting the collection of anyone and everyone’s cellular metadata appears to be.

Professor Susan Freiwald pointed out that the plain language of Section 215 is incredibly broad.  50 U.S.C. Sec. 1861 permits surveillance wherever “reasonable grounds” exist that surveillance could be “relevant . . . to protect against international terrorism or clandestine intelligence activities” where any individual, American citizen or otherwise, is “in contact with, or known to, a suspected agent of a foreign power.”  According to Freiwald, the plain language of the statute “doesn’t limit government investigations in any meaningful way.” What checks that exist are limited: Congress appears at best half-informed and the ISPs that are hauled before the Foreign Intelligence Surveillance Court (FISC) have been incentivized not to fight via the carrot of immunity and the stick of contempt sanctions.

“We’re waiting on the courts,” Freiwald said, suggesting that these programs “cannot survive review if the court does its job.”

Professor Sales countered that the FISC was already placing minimization requirements into the its orders, though he conceded he couldn’t know for sure if this was accurate.

Former U.S. District Judge Nancy Gertner interjected:

As a former Article III judge, I can tell you that your faith in the FISA Court is dramatically misplaced. . . . Fourth Amendment frameworks have been substantially diluted in the ordinary police case. One can only imagine what the dilution is in a national security setting.

What little we do know about the FISC suggests that it, too, is wary of the government’s behavior.  In a letter to Sen. Ron Wyden (D-Ore.) last fall, the Director of National Intelligence conceded that on at least one occasion the FISC found that the government’s information collection was unreasonable under the Fourth Amendment, and moreover, that the government’s behavior had “sometimes circumvented the spirit of the law.”

Unfortunately, the FISC’s full legal opinion remains classified, and the Department of Justice continues to contest its release.  This fact reveals the core challenge facing any sensible debate about the merits of government surveillance: our current understanding rests on incomplete information, from secret court decisions to the “least untruthful” testimony of government officials.

Louis Brandeis, who along with Samuel Warren “invented” the right to privacy in 1890, also wrote that “[s]unlight is said to be the best of disinfectants.”  A discussion about the future of privacy online that forces our best privacy scholars to repeatedly profess their ignorance and rests on placing our trust in the government simply does not compute.

The Rhetoric and Law of Government Surveillance

Two weeks ago, after the President’s national security address, I was left with little reaction other than the speech sounded good.  The President made overtures to “refining” and ultimately repealing the AUMF.  There was some measured rhetoric about drone warfare and a frank discussion about GITMO.  The President even tolerated a heckler, but nothing about the speech appeared to suggest a serious re-evaluation of American national security policy.  But as this week suggests, positive words, whether in a speech or in law, can easily be used to obfuscate more alarming acts.

This week, of course, came news that our government is collecting metadata of the phone calls of millions of (if not all) Americans.  The time, location, and duration of our calls are being recorded, aggregated, and transformed into a vast network of personal information.  Last night came the further revelation that the NSA has continued a vast data mining enterprise with the participation of every major tech company–Google, Facebook, Apple, Microsoft, Yahoo, Skype, YouTube, AOL.  Whether through ignorance or an intentional gag orders, these tech giants have been forced to hem and haw about what exactly they know and what exactly they’re giving away.

As a number of people have recalled, then-Senator Obama cautioned against this sort of intelligence dragnet. “We have to find the right balance between privacy and security, between executive authority to face threats and uncontrolled power,” he said.  “What protects us, and what distinguishes us, are the procedures we put in place to protect that balance, namely judicial warrants and congressional review. These aren’t arbitrary ideas. These are the concrete safeguards that make sure that surveillance hasn’t gone too far. That someone is watching the watchers.”

Speaking to reporters today, the President has inverted his priorities:  “You can’t have 100 percent security and then also have 100 percent privacy and zero inconvenience.  You know, we’re going to have to make some choices as a society.”  The problem is that “society” hasn’t made this choice; a small collection of government officials have.

There is little question that the letter of the law has been followed here.  Both judicial review and congressional oversight are in place, but can anyone say whether they are effective?  It’s impossible, because it’s all secret.  Few members of Congress were aware of the breadth of these programs, and those that were legally prohibited from discussing them.  Our congressional oversight effectively amounts to a handful of members, having access to sensitive documents within tightly controlled conditions without the resources to effectively “oversee” anything.

Meanwhile, to be blunt, our Foreign Intelligence Surveillance Court is a judicial rubber stamp.  In 2012, 1,789 applications to conduct electronic surveillance for foreign intelligence purposes were made to the FISC.  One was withdrawn.  None were denied.  A further 212 applications were made to the FISC to access business records.  None were denied.

In February, I attended an address by Rajesh De, General Counsel of the NSA, wherein he attempted to disabuse the audience of several “myths” about the National Insecurity Apparatus:

False Myth #1: NSA is a vacuum that indiscriminately sweeps up and stores global communications.
False Myth #2: NSA is spying on Americans at home and abroad with questionable or no legal basis.
False Myth #3: NSA operates in the shadows free from external scrutiny or any true accountability.

At the time, I remember being struck by how much of his remarks focused on procedure and structural legalese.  As Jennifer Granick put it today, however, the complexity of our national security laws are such that it allows officials to offer “non-denial denials” that mask the truth and obfuscate the bigger concerns.  For example, it may well be true that the NSA neither sweeps up nor stores “communications.”  But if collecting every phone number you dial, long your call last, and where both ends of the call came from are not legally “communications,” I imagine that might come as a surprise to most average people.The government’s initial response–both in the Administration and in Congress–have been dismayed and outraged at the “magnitude of the leak” involved.   Jack Clapper, director of National Intelligence, has called this “unauthorized disclosure” utterly “reprehensible and risks important protections for the security of Americans.”  Or perhaps these officials are more worried about a political backlash:

If so much information is being gathered about almost everyone to figure out patterns, then it’s not as though you’d be tipping off a particular target that we were on to him. Would publicizing the order that this information be collected have given away technical secrets to our enemies (or rather, at this point, has publicizing it done so)? I don’t see how. I can see why the government might want to keep this data-mining program secret to avoid a political backlash, but that is of course not a good reason for concealing it.

No laws have been broken.  No single politician or political party alone should be blamed for this state of affairs, but we ought to become more mindful about the disconnect between the rhetoric surrounding government transparency and personal privacy and the actions of our society when these principles are at stake.

 Scroll to top