Surveillance Like a Cancer Grows? The Implications of NSA Intelligence Activities on the Non-Proliferation & Arms Control CommunitiesPosted: July 17, 2013 Filed under: Biological, Chemical, Cyber, Nuclear, Terrorism | Tags: cyberspace, Edward Snowden, NSA, Surveillance, WMD 10 Comments
ELECTRONIC SURVEILLANCE AND THE COMMUNITIES INVOLVED IN NON-PROLIFERATION AND ARMS CONTROL
In a comment to Dan Joyner’s post on Lawyers, Guns, and Money, Yousaf Butt raised the need to link the disclosures being made about NSA surveillance to the work of people engaged on non-proliferation and arms control issues. In particular, he cited a July 6, 2013, New York Times article by Eric Lichtblau entitled “In Secret, Court Vastly Broadens Powers of N.S.A.” This article was widely read, as evidenced by The Economist basing a story on it. In the Times article, Lichtblau reported US intelligence officials obtaining “access to an e-mail attachment sent within the United States because they said they were worried that the e-mail contained a schematic drawing or a diagram possibly connected to Iran’s nuclear program.” Yousaf asked whether this example means anyone discussing nuclear proliferation could be subject to NSA surveillance. Or, more broadly, could electronic communications about WMD proliferation challenges to US national security be subject to NSA collection activities? Yousaf thought such surveillance could create a “chilling effect” that might adversely affect “free discourse” in the non-proliferation area. Dan asked me to share my thoughts on this issue, so here goes . . .
THE NUCLEAR PROLIFERATION CASE CITED IN THE TIMES ARTICLE
Section 702 of FISA
Let me start with the case reported in the Times and cited by Yousaf. Apparently, the e-mail communication that contained the attachment accessed by US intelligence officials was sent and received in the US, so, if accurately reported by the Times, this case does not involve the authority created in the Foreign Intelligence Surveillance Act (FISA) Amendments Act of 2008 that permits the FISA Court to authorize “the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information,” including communications involving US persons (Section 702, Foreign Intelligence Surveillance Act, 50 USC sec. 1881a(a)). Even though this case does not involve this authority, the free speech concerns raised by lawyers, journalists, and human rights activists in Clapper v. Amnesty International (decided on standing grounds, 133 S.Ct. 1138 (2013)) apply to persons engaged in electronic communications with foreign nationals located overseas on issues relating to US national security.
FISA defines “foreign intelligence” to include “information that relates to . . . the international proliferation of weapons of mass destruction by a foreign power or an agent of a foreign power” (50 USC sec. 1801(e)(1)). As the challenge mounted in Clapper indicates, many communities of interest are concerned about the “chilling effect” of the surveillance authority created by the FISA Amendments Act. The inclusion of WMD proliferation in the definition of foreign intelligence means the non-proliferation and arms control communities have been on notice about this US government power since 2008.
However, Snowden’s disclosures of PRISM (the NSA program operated under Section 702 of FISA) revealed how the US government uses this power. People in communities of interest not previously nervous about Section 702 of FISA might now be concerned about their communications with foreign nationals, and perhaps, as Yousaf’s comment suggests, this includes persons working on non-proliferation and arms control questions. So, as with other interested persons and organizations, the non-proliferation and arms control communities should monitor what happens next with this controversy, including law suits already filed in federal court challenging PRISM.
US Communications, Metadata, and Access to the Content of Communications
However, the case reported in the Times involved an e-mail and its attachment sent and received in the US, meaning that different aspects of FISA applied to this surveillance activity. The Times article is not exactly clear what happened, when it happened, what the FISA court did, and why it did what it did (at least these things are not clear to me from the article). My point is not that the Times article is wrong; my point is that it raises more questions than it answers, and trying to answer some questions proves difficult because of a lack of information. As explained below, these questions require more scrutiny of the Times article’s claim that the FISA court “vastly broadens powers of the N.S.A.” In short, we should not jump to conclusions about the Times article and its implications. In what follows, I try to sort through what the article does contain.
Collecting Internet and E-Mail Metadata
US intelligence officials probably picked up information from collecting and analyzing “metadata” on e-mail traffic that triggered a desire to see the e-mail attachment in question. Part of Snowden’s disclosures included information about the US government’s collection of e-mail and other Internet metadata within the US after 9/11 through 2011, when this aspect of NSA surveillance was apparently terminated. Initially undertaken by the Bush administration outside FISA, the collection and analysis of e-mail and other Internet metadata came within FISA court review and approval in 2004, after which the FISA court reviewed and approved orders for such surveillance periodically until 2011, when the Obama administration stopped this particular metadata surveillance effort.
Application of the “Special Needs” Exception to Collection of Internet and E-Mail Metadata under FISA
According to the Times article, the FISA court determined that such metadata surveillance did not violate the Fourth Amendment and relied, apparently, on the “special needs” exception to the Fourth Amendment’s warrant requirement. Generally, the “special needs” exception allows the government to undertake a search without a Fourth Amendment warrant to gather information unrelated to law enforcement purposes (e.g., drug tests of railway workers; passenger screening at airports). Referring to outside legal experts, the Times article commented that this application of this exception “is significant . . . because it uses a relatively narrow area of the law . . . and applies it much more broadly, in secret, to the wholesale collection of communications” for foreign intelligence purposes, including countering terrorism, WMD proliferation, espionage, and cyber attacks. This alleged expansive use of the “special needs” doctrine by the FISA court forms part of the Times article’s observation that this court is perhaps becoming “almost a parallel Supreme Court” because it regularly assesses “broad constitutional questions” and establishes judicial precedents for foreign intelligence surveillance.
Here is where the questions about the article begin to multiply. For starters, telephony and Internet metadata is not protected by the Fourth Amendment under existing jurisprudence, so, presumably, the FISA court does not need the “special needs” exception to the Fourth Amendment to review and approve collection of metadata. As Orin Kerr commented, if the FISA court “has ruled that all metadata is outside the Fourth Amendment, that’s not a surprise.”
Next, the “special needs” exception has long been associated with the gathering of foreign intelligence by the US government and with FISA itself. As Kris and Wilson put it, “Congress enacted FISA explicitly to serve as a special need not related to ordinary law enforcement: foreign intelligence and counter-intelligence. The courts have upheld FISA under a special-needs theory against multiple constitutional challenges” (David S. Kris and J. Douglas Wilson, National Security Investigations & Prosecutions (2007), sec. 11:12, p. 11-30). So, foreign intelligence activities subject to FISA fall under the “special need” exception for foreign intelligence gathering under existing law and jurisprudence. Again, Kerr commented that, if the FISA court has held that foreign intelligence efforts to locate terrorists fall under the “special needs” exception, then “that’s not noteworthy.” The same applies to foreign intelligence gathering for other serious national security threats, such as WMD proliferation.
These observations suggest that the FISA court is not vastly increasing the powers of the NSA or acting as a “parallel Supreme Court” but is operating within existing jurisprudence and statutory law. So, what’s going on here? I’m not sure based on what the Times article contains. Now, people might be worried about the powers existing jurisprudence and statutory law give the NSA and the FISA court–but the Times article claims something new, different, and secret is happening that does not track case precedents and legislation.
Accessing the E-Mail Attachment Related to Nuclear Proliferation
As noted above, the Times article reported that US intelligence officials went beyond metadata collection and accessed the content of an e-mail communication in the form of an attachment the officials feared “contained a schematic drawing or diagram possibly connected to Iran’s nuclear program.” The Times article is not clear how, and under what authority, the US intelligence officials accessed the content of this e-mail communication. The article states that gaining such access “[i]n the past . . . probably would have required a court warrant because the suspicious e-mail involved American communications.”
Well, if the US government wanted access to the e-mail attachment for foreign intelligence purposes, then FISA requirements for obtaining a FISA court order to undertake such content-based surveillance within the US apply. However, the Times article is not clear whether US intelligence officials obtained a FISA court order to access the content of the e-mail communication in question. Confusingly, the article follows up its statement about the probable need for a “court warrant” with a description of the broadening of the FISA definition of “foreign intelligence” in 2008 to include information related to WMD proliferation–information that is not helpful to understanding whether the US government obtained FISA court approval to access the e-mail attachment in question.
If the government obtained the FISA court’s specific approval for its access to the e-mail attachment, then the government complied with the relevant law–nothing new, then, legally speaking. However, if the FISA court has constructed some “special needs” exception to the FISA requirement to obtain a specific order for electronic surveillance in the US for foreign intelligence purposes, then we might have something new to ponder. But the Times article does not provide enough information to pursue this inquiry in any productive manner. We would have to be able to examine the FISA court decisions mentioned in the article, but those remain secret.
OK, so what does all of this mean for communities interested in non-proliferation and arms control that communicate through e-mail and other electronic means with people inside and outside the US? Based on what’s in the Times article, here’s my answer:
- Since the FISA Amendments Act of 2008 added Section 702 to FISA, it has been clear that electronic communications by US persons with foreign nationals could be subject to broad, FISA court-approved surveillance to acquire foreign intelligence through targeting persons reasonably believed to be located outside the US. The Times article does not change what we have known for quite some time on this aspect of FISA.
- The Times article’s reference to the “special needs” exception creates more questions than answers, meaning that, in such a state of affairs, it is best not to rage first and ask legal questions later. We know enough to wonder whether the article is accurately describing what’s actually happened in the FISA court. But, given recent disclosures, we also know enough to worry that we don’t know everything we need to know to assess what’s going on.
- What exactly the FISA court has done in the rulings mentioned in the Times article remains unclear, and the rulings remain secret. For the time being, we don’t know what we don’t know concerning the legal reasoning used by the FISA court.
My intent is not to promote a “don’t worry, be happy” attitude about the implications of NSA surveillance programs disclosed in recent weeks either generally or specifically to work that you might do. Like many people, I worry about the scale of the surveillance the disclosures have revealed and about some legal justifications given for these secret programs. But I am also concerned that the incomplete information we are getting through leaks in dribs and drabs is creating and agitating fears that, like a toxic miasma, government surveillance is permeating everything, everywhere and affecting everybody without meaningful limits or oversight. To prevent actual and imagined surveillance from doing more damage to the body politic, more transparency is required politically and legally.
thanks very much for your detailed analysis.
I hope we can get some more concrete info on what communities within the US may be fair game for collection and reading of their communications.
It _appears_ that USG reasons for communications being read is not limited to terrorism nor limited to non-US citizens.
in related news, WaPo:
“Rep. F. James Sensenbrenner Jr. (R-Wis.) — who sponsored the USA Patriot Act, which ostensibly authorized the collection — warned that the House might not renew Section 215 of the act, a key provision that gives the government its authority.
“You’ve got to change how you operate 215 . . . or you’re not going to have it anymore,” Sensenbrenner said.”
USG reasons for engaging in surveillance are, indeed, not limited to terrorism or non-US citizens, and we knew this before the Snowden disclosures. Section 215 of the PATRIOT Act permits foreign intelligence gathering “not concerning a United States person” or to protect against terrorism and clandestine intelligence activities. FISA defines foreign intelligence broadly, and, as mentioned in my post, includes WMD proliferation, and FISA permits (subject to its various requirements) surveillance within the US, surveillance against US persons located overseas, and surveillance that targets non-US persons reasonably believed to be located outside the US.
The surveillance authorities are broad in potential topics and targets, which is what has worried critics about the changes made post-9/11. Disclosures by Snowden and others let us peer behind the secrecy to understand, incompletely, how the USG uses these authorities. As your reference in your follow-on comment to today’s Washington Post article indicates, the disclosures have made many in and outside of Congress especially unhappy with the interpretation and application of Section 215 of the PATRIOT Act–so this part of surveillance law is the most likely to undergo legislative change.
thanks for the further clarification.
On a related note, we know there is cooperation between UK’s GCHQ and NSA.
In some instances NSA may not (legally) be allowed to look at US citizens’ communications.
Is it possible that NSA could ask GCHQ to look into US citizens’ communications without the hassle of legal hurdles?
This question has been raised, and here is the NSA’s answer (taken from this Reuters story):
I do not have any information to challenge this assertion, but perhaps Snowden does. I imagine that GCHQ has given the NSA some “heads up” about specific people, and the NSA has then sought the authorization it needs to conduct surveillance on those people.
The question you ask predates the current revelations.
Carl Cameron filed a report with FOX News over 10 years ago.
Thanks so much for this great piece, David. It is kind of frustrating that, as I’m sure you’re correct to say, we can’t really analyze the situation without more information – but more information is not likely to be forthcoming. And yet, this potentially does affect us all. Would I be right in thinking that it would be the acme of foolishness for some of us to try and FOIA more information about this?
Others have tried the FOIA route without success. More information might, however, be coming–and not just from Snowden. See the following development from this week (the quote is from Reuters as reported in the New York Times on July 16):
“A secret court overseeing government surveillance programs [the FISA court] has sided with Yahoo and ordered the Obama administration to declassify and publish a 2008 court decision justifying Prism, the data collection program revealed last month by the former security contractor Edward J. Snowden. Judge Reggie Walton issued the ruling on Monday, and the government is expected to decide by Aug. 26 which parts of the decision may be published, according to a separate court filing by the Justice Department. Publication could give a rare glimpse of how the government has legally justified data collection under the Foreign Intelligence Surveillance Act.”
The call for greater transparency might be gaining traction in connection with the legal reasoning used by the FISA court. Will that answer all questions? No, but it will make the challenge of figuring out what’s going on, and the implications, less impossible than this task is at the moment.
It would depend on the information sought, but there are enough statutory exceptions to the FOIA to make Swiss cheese out of it. James Bamfords’ Puzzle Palace covered much of this many years ago.
“. . .government surveillance is permeating everything, everywhere and affecting everybody without meaningful limits or oversight. ”
Just a few days ago we learned in a WaPo article that NSA’s head, Keith Alexander, has a motto: Collect It All.
Hmmm . . . . where have I heard that? I know, Stasi.
The day before the WaPo article on Alexander I was watching Thomas Drake’s Mar15.2013 speech at the National Press Club. Drake was an upper level NSA exec whistle-blower whom Bush and Obama both tried to destroy through an Espionage Act indictment. Drake pretty will lays out what happens to those who disclose the government’s crimes. Snowden watched the Drake speech, too. He left the country just a few weeks after the speech and has said that Drake was his role model.
Drake was in the Air Force and used to fly surveillance sorties over East Germany. He said that Stasi’s motto was: Know It All.
[Drake’s speech should be required viewing for every American. http://www.c-spanvideo.org/program/311537-1%5D
Know It All (K-I-A) . . . Collect It All (C-I-A). Weird.
NSA seems to be making constitutional distinctions based on these two objectives.
C-I-A is the vacuuming of all electronic communication – not just metadata, but content as well – into huge databases that will eventually be housed in Utah.
[ Have a look: 40°25’33.63″ N 111°56’10.96″ W GE is weird in this area. You can see the construction by opening historical view, which will give a Sep15.2011 image. But by default you get a useless Jun18.2010 image.]
NSA’s view is that C-I-A is, constitutionally speaking, clean.
Because mere collecting and warehousing of data are not activities directed at any specific individual or entity, these are not activities the Constitution speaks to or restricts, according to NSA, or at least Alexander. Most significantly, there is no problem with where the data originate or end up — communications inside the US between US citizens: no problemo. As I understand it, that’s what the FISA court order leaked by Snowden concluded with respect to Verizon. I haven’t seen that order.
According to EFF, US telecoms started giving up data on US citizens to NSA in Nov 2001, by late 2002 there were “voluntary agreements” in place, which undoubtedly included hold harmless provisions that were eventually incorporated into retroactive immunity provisions in the 2008 FISA amendments, Jul09.2008.
Running in parallel with C-I-A is the Stasi part – the K-I-A, because, well — what good is a bunch of stored data if you’re not going to mine it? K-I-A is achieved by sifting the collected data to see what specific individuals are up to.
The original Stasi pre-digital K-I-A activities were limited to real time evaluation of real time data regarding individuals — collection and storage techniques were limited.
21st century NSA’s K-I-A is computerized sifting through stored data to determine whether real time monitoring of individuals can be justified. The sifting and eventual monitoring may or may not require an acknowledgment of NSA’s constitutional limitations (i.e. warrant), depending on who is writing the secret legal memoranda and the secret, ex parte FISA court briefs – John Yoo or some other frightening neocons who think they can outwit the guys who wrote the Constitution.
Apparently, they can. Under Section 702 once NSA makes an assertion of facts to a FISA court to get a warrant, the court need not ask any questions. And NSA can spy on you for 7 days without even going through the formality of asking the FISA court for a warrant. IOW, it’s a 4th Amendment hoax. But it’s bigger than just NSA looking at your tweets to your paramour, especially the one in Kabul.
Recall that soon after 9/11 Cheney and Poindexter set up Total Information Awareness that was supposed to track and store data on every retail purchase every person made. If you so much a bought a butter-knife, that would be flagged. Public outrage forced Congress to shut the initiative down in 2003. As it turns out, the program just went underground. As recently as Jun07.13, the WSJ commented on NSA collection of credit card data. In a Sep01.2011 NBC article about USG tracking pre-paid debit cards, Alex Johnson noted:
It is safe to assume that NSA has a record of not just every electronic communication, but every retail transaction made by plastic by anyone in the country, possibly the world.
Al-Qaeda is winning this “war” – big time. Americans’ own government is destroying their freedoms, way of life, and constitution. This is not b/c Bush, Obama, and their spooks are afraid of another 9/11. It’s because they are afraid of something 1000x worse. Something nuclear. The biggest secret of all, the one no president can go public on, is how bad it can get. How bad can it get? Look at the way these guys turn grey while in office.