Privacy Protections from FISA Court May Not Compute

This is cross-post on the American Constitution Society’s blog.

After the events of the past few weeks, a discussion presented by the American Constitution Center on the search for privacy and security on the Internet posed many questions but few answers. In an article on The Daily Beast, Harvard Law Professor Lawrence Lessig has noted that the “Trust us’ does not compute,” but after a contentious, technical discussion of both the NSA’s PRISM program and the cellular metadata orders, a panel of privacy law scholars were forced to concede that “trust us” is today’s status quo when it comes to programmatic government surveillance.

It wasn’t supposed to be this way. When the Foreign Intelligence Surveillance Act was first passed in 1978, the law was designed to “put the rule of law back into things,” explained Professor Peter Swire, co-chair of the Tracking Protection Working Group at the W3C and the first Chief Counselor for Privacy at OMB. The emergence of the Internet, however, changed everything. Intelligence agencies were faced with a legal framework that could not account for situations where “games like World of Warcraft [could be] a global terrorist communication network,” he said.

But even as communications technology has been made to serve bad actors, it has also ushered in a Golden Age of surveillance. Modern technology today can easily determine an individual’s geolocation, learn about an individual’s closest associates, and connect it all together via vast databases. Within the federal government, without strong champions for civil liberties, the availability of these technologies encouraged government bureaucracy to take advantage of them to the full extent possible. Absent outside pressure from either the Congress or the public, “stasis sets in,” Swire said.

Yet while service providers collect vast amounts of data about individuals, a combination of business practicalities and Fair Information Practice Principles which stress retention limits and data minimization mean that businesses simply do not keep all of their data for very long. As a result, the government has used Section 215 of the PATRIOT Act to collect and store as much information as possible in the “digital equivalent of the warehouse at the end of Indiana Jones,” said Professor Nathan Sales, who largely defended the government’s efforts at intelligence gathering.

The difficulty is that these sorts of data collection projects present important Fourth Amendment considerations.  In his passionate dissent in the recent Maryland DNA collection case, Justice Antonin Scalia joined three of his liberal colleagues to explain that the Fourth Amendment specifically protects against general searches and demands a particularity requirement.  However, a general search is exactly what an order permitting the collection of anyone and everyone’s cellular metadata appears to be.

Professor Susan Freiwald pointed out that the plain language of Section 215 is incredibly broad.  50 U.S.C. Sec. 1861 permits surveillance wherever “reasonable grounds” exist that surveillance could be “relevant . . . to protect against international terrorism or clandestine intelligence activities” where any individual, American citizen or otherwise, is “in contact with, or known to, a suspected agent of a foreign power.”  According to Freiwald, the plain language of the statute “doesn’t limit government investigations in any meaningful way.” What checks that exist are limited: Congress appears at best half-informed and the ISPs that are hauled before the Foreign Intelligence Surveillance Court (FISC) have been incentivized not to fight via the carrot of immunity and the stick of contempt sanctions.

“We’re waiting on the courts,” Freiwald said, suggesting that these programs “cannot survive review if the court does its job.”

Professor Sales countered that the FISC was already placing minimization requirements into the its orders, though he conceded he couldn’t know for sure if this was accurate.

Former U.S. District Judge Nancy Gertner interjected:

As a former Article III judge, I can tell you that your faith in the FISA Court is dramatically misplaced. . . . Fourth Amendment frameworks have been substantially diluted in the ordinary police case. One can only imagine what the dilution is in a national security setting.

What little we do know about the FISC suggests that it, too, is wary of the government’s behavior.  In a letter to Sen. Ron Wyden (D-Ore.) last fall, the Director of National Intelligence conceded that on at least one occasion the FISC found that the government’s information collection was unreasonable under the Fourth Amendment, and moreover, that the government’s behavior had “sometimes circumvented the spirit of the law.”

Unfortunately, the FISC’s full legal opinion remains classified, and the Department of Justice continues to contest its release.  This fact reveals the core challenge facing any sensible debate about the merits of government surveillance: our current understanding rests on incomplete information, from secret court decisions to the “least untruthful” testimony of government officials.

Louis Brandeis, who along with Samuel Warren “invented” the right to privacy in 1890, also wrote that “[s]unlight is said to be the best of disinfectants.”  A discussion about the future of privacy online that forces our best privacy scholars to repeatedly profess their ignorance and rests on placing our trust in the government simply does not compute.

Leave a Reply