Correcting some Inaccuracies about NSA Surveillance

In her response essay, Marcy Wheeler keys on an important, and serious, consequence of the unauthorized disclosures and their aftermath: the developing adversarial relationship between the government and the private sector. Now past the first year of the disclosures, it is clear that companies on the receiving end of orders or directives issued under the Foreign Intelligence Surveillance Act (FISA) may be more likely to challenge them in the future. At least one company has already increased its challenges to requests for data from the government issued under National Security Letters or the Electronic Communications Privacy Act (ECPA). But Wheeler is wrong to suggest that – whatever it is the government may have done to effect the collection of foreign intelligence information overseas (which has happened for decades and continues to occur under Executive Order 12333) – somehow “violated…the deal” that was reached through the FISA Amendments Act of 2008 (FAA).  Instead, the information that has been released and declassified over the last year has demonstrated that the FAA has been implemented consistently with how it was described in the public record of legislative text and Congressional hearings that took place up to its passage in 2008.

It is also not accurate to describe the steps the Obama Administration has taken as “refus[ing] to do anything” to limit NSA surveillance. Indeed, the President has already implemented significant reforms to the telephone metadata program, including requiring advance approval from the Foreign Intelligence Surveillance Court (FISC) before querying the data, and limiting the extent of analysis of that data. His Presidential Policy Directive-28 (PPD-28), issued in January 2014, limits the categories of bulk collection the NSA may collect. He has adopted the Surveillance Review Group’s principle of “risk management,” to more formally involve foreign policy implications, for example, in making collection decisions. And he has directed that procedures and rules be changed in order to add privacy protections for foreigners in how the NSA handles information it has acquired. Although it is too soon to assess how the details of some of these and other changes will be implemented, their significance should not be underestimated.

Also from this issue

Lead Essay

  • One year after the Edward Snowden NSA revelations, Julian Sanchez reviews what we know and where the public policy debate now stands. He finds that we know incomparably more about telephone and Internet surveillance, and that this knowledge has provoked a significant backlash: The American public, tech companies, and foreign publics and governments have all come increasingly to demand reform. A real debate is underway today, one as we have never seen before. In particular, we now ask the question: What are the consequences of misusing the system, and, if misuse ever arrives, will it then be too late to do anything about it?

Response Essays

  • Benjamin Wittes argues that the NSA is indeed powerful, perhaps disturbingly so. But what matters most are the legal restraints and authorizations for these programs’ use. Wittes rejects the idea that the United States should unilaterally disarm itself in an international cyber arms race; he would prefer to discuss the specific contours of the rules for digital surveillance. Much as the Fourth Amendment has successfully restrained conventional police, constitutional and legal safeguards should be adequate to protect us from the NSA.

  • Carrie Cordero reviews the legal safeguards under which the NSA acts. She finds that they are in general adequate, and that subverting them would require either a large-scale conspiracy or massive incompetence by our elected officials. The NSA’s programs target foreigners, who have no constitutional protections, and not U.S. citizens. The agency’s self-reported legal noncompliance rate is exceptionally low, and members of Congress, who have access to classified information about the NSA, have in general signaled their unconcern. While discussion of safeguards can be useful, these safeguards are well in place and generally functioning as they should be.

  • Marcy Wheeler describes how the overseas storage of U.S. persons’ data provides a means of conducting domestic surveillance: In general, the lack of clear national boundaries on the Internet profoundly compromises all those laws drafted with national boundaries in mind. In particular, the oversight that would ordinarily apply to domestic surveillance fails when U.S. persons’ data can be mined overseas. The fallout of this and other surveillance operations has been costly to the U.S. economy, which depends on the high-tech sector. Much damage has also been done to U.S. soft power abroad, in that foreigners are much less apt to trust either the U.S. government or U.S. corporations. Lastly, the security benefits so far appear to have been negligible.