Category Archives: Law: Privacy

Early Returns: NSA Surveillance Reforms are Not Impressive

Posted on January 17, 2014 by Michael Froomkin

EFF tries to strike a note of cautious optimism about President Obama’s NSA reform package, Obama Takes First Steps Toward Reforming NSA Surveillance, but Leaves Many Issues Unaddressed, even though by my reading Obama’s reforms, such as they are, don’t do very well on yesterday’s EFF scorecarrd.

Simon Davis is more pessimistic:

US privacy advocates are right to conditionally welcome some of Obama’s reforms, but they should take into account two critically important implications that the President avoided.

The first of these is the NSA’s intimate operational partnership with Britain’s SIGINT agency, GCHQ. Nothing in his reform package indicates a brake on the current arrangements which allow GCHQ to collect information on US persons.

The second key element is that the proposals appear to merely shift the current collection and retention of metadata from a centralised NSA operation to more of a European-style communications data arrangement that requires commercial entities to maintain a distributed retention. That arrangement in Europe has been deemed unlawful, but there is every chance the US will adopt it.

All things considered, the prospects for genuine intelligence reform at the global level are more bleak than they were 24 hours ago.

Posted in Civil Liberties, Law: Privacy, National Security | 2 Comments

Obama Limitation on Bulk Collection of E-Data Amounts to ‘Trust Us’

Posted on January 17, 2014 by Michael Froomkin

I’m underwhelmed by President Obama’s new Presidential Policy Directive/Ppd-28 on Signals Intelligence.

As I read it, the document announces various fine principles for how drift-net collection of email and telephone and other computer data will be used, but says nothing about collecting any less of it. The memo purports to define “why, whether, and how” this data will be collected; in fact it has a lot more to say about limitations on use than collection, most of it pretty good. 1

Unfortunately the collection section, section 3, is the shortest and, on first reading, the worst. Here it is in full:

Sec. 3. Refining the Process for Collecting Signals Intelligence.

U.S. intelligence collection activities present the potential for national security damage if improperly disclosed. Signals intelligence collection raises special concerns, given the opportunities and risks created by the constantly evolving technological and geopolitical environment; the unique nature of such collection and the inherent concerns raised when signals intelligence can only be collected in bulk; and the risk of damage to our national security interests and our law enforcement, intelligence-sharing, and diplomatic relationships should our capabilities or activities be compromised. It is, therefore, essential that national security policymakers consider carefully the value of signals intelligence activities in light of the risks entailed in conducting these activities.

To enable this judgment, the heads of departments and agencies that participate in the policy processes for establishing signals intelligence priorities and requirements shall, on an annual basis, review any priorities or requirements identified by their departments or agencies and advise the DNI whether each should be maintained, with a copy of the advice provided to the APNSA.

Additionally, the classified Annex to this directive, which supplements the existing policy process for reviewing signals intelligence activities, affirms that determinations about whether and how to conduct signals intelligence activities must carefully evaluate the benefits to our national interests and the risks posed by those activities. (footnote omitted)

I read that to mean … “trust us”. Am I wrong?

  1. There is one odd footnote, footnote 5, that I don’t fully understand:

    The limitations contained in this section do not apply to signals intelligence data that is temporarily acquired to facilitate targeted collection. References to signals intelligence collected in “bulk” mean the authorized collection of large quantities of signals intelligence data which, due to technical or operational considerations, is acquired without the use of discriminants (e.g., specific identifiers, selection terms, etc.).

    []

Posted in Civil Liberties, Law: Privacy, National Security | Comments Off on Obama Limitation on Bulk Collection of E-Data Amounts to ‘Trust Us’

Judge Leon Rules that NSA Bulk Telphony Meta-Data Collection Program is Likely Unconstitutional (Updated)

Posted on December 16, 2013 by Michael Froomkin

It takes a legal leap to do it, but U.S. District Court Judge Richard Leon ruled today that the NSA’s dragnet metadata collection program is likely a violation of the Fourth Amendment (the “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated”). It’s only ‘likely’ because this is a ruling on a request for a preliminary injunction, but there’s no doubt about the drift even on a very rushed read.

To get there Judge Leon has to take several steps, at least one of which will likely be controversial.

1. Judge Leon finds (some of) the plaintiffs have standing. I don’t think this will be the controversial part, although I commend the text around footnote 36, and especially footnote 36, to anyone who has doubts.

2. Judge Leon holds that the APA review is implicitly precluded by FISA and by the Patriot Act. Generally, courts do not find implied preclusion of the APA, and I never like it, but I do not think this will be the controversial part of this opinion.

3. Judge Leon holds that the collection and analysis of telephone metadata is a search. I think this obviously is the right answer on first principles. Doctrine makes it harder to reach that conclusion than it should. For starters, there’s the problem of the pen register precedents — the Supreme Court has said that installing and using a pen registers is not a search, and they collect pretty much the same data as does the NSA — just one line at a time, and for limited intervals. Doctrine does not make it easy to say that the scope and scale of the NSA’s activities are so transformative as to make Smith v. Maryland, 442 US 735 (1979) (pen register not a 4th Amendment search) inapplicable. But that’s what Judge Leon more or less does. He also relies, somewhat less persuasively, on the close relationship between the government and the carriers as far exceeding any reasonable expectation of erosion of privacy. Slightly more persuasive is the argument that technological change — the ways in which the data can be used — make it time to rethink Smith as does the change in the way we use phones — one mobile per person, instead of one fixed line phone in 90% of homes when Smith was decided. I think the most one can say here is that if the Supreme Court wants to revisit Smith as five Justices may have signaled in United States v. Jones, 132 S. Ct. 945 (2012) [Smith and Jones, what great names for privacy and mass surveillance cases!], then here’s the chance to do so.

4. Judge Leon rejects the ‘special needs’ exception to the Fourth Amendment. I think this exception is a mistake on principle, but again it’s doctrine. But here the doctrine is less helpful to the NSA, especially as it appears that it introduced no evidence — despite being invited to do so — as to the efficacy or utility of the bulk meta-date program. That might change, though, if the trial ever gets to the merits.

Incidentally, all the other trial courts that have addressed the bulk telephony metadata collection program ruled that it was legal.

Judge Leon stayed his own order pending appeal, which is certain. How timely that Obama’s new nominees to the D.C. Circuit will be on duty for the all-too-likely en banc!

Posted in Law: Privacy, Surveillance | 5 Comments

As We Suspected (Updated)

Posted on December 8, 2013 by Michael Froomkin

FBI can secretly activate your webcam, without you being any the wiser – ex-official – Pogo Was Right Blog.

Update: Juan Cole offers a useful juxtaposition: FBi Laptop Camera Snooping and Orwell’s 1984: Side by Side Comparison. Click through for the graphic.

Posted in Law: Privacy | Comments Off on As We Suspected (Updated)

Impeach James R. Clapper

Posted on September 10, 2013 by Michael Froomkin

Director of National Intelligence James R. Clapper caught lying again. (Not the first time.)

If we ever want to put an end to the parade of lies the public (and Congress!) have been subjected to on surveillance, the only way to do it is to take some scalps. By undermining the democracy he thinks he is protecting, Mr. Clapper, however patriotic his motives, has made a good claim to be at the head of the line.

Posted in Civil Liberties, Law: Privacy | 2 Comments

The Regularity of Evil

Posted on August 24, 2013 by Michael Froomkin

Read Jennifer Granick’s account of My Dinner With NSA Director Keith Alexander.

The two most striking things were, first, that General Alexander — the head of one of our biggest intelligence agencies — can’t even conceive that a member of the establishment might be to the left of Senator Wyden. Any world view that puts Senator Wyden as the leftmost pole of legitimate domestic politics is seriously impoverished, maybe dangerous.

Second, there’s the clash of cultures: “trust us” (from a body proven again and again and again to grossly mislead) verses the lawyer’s view of ‘if men were Angels‘.

Posted in Civil Liberties, Law: Privacy | 15 Comments