NSA Surveillance Reflects a Broader Interpretation of the Patriot Act
Privacy advocates have warned for years about the kinds of surveillance revelations that were aired this week.
Electronic communications can be monitored in ways not always anticipated by privacy laws.
Of the two big U.S. government surveillance projects that came to light this week, the one that might seem less startling—the fact that the National Security Agency gathers Verizon’s U.S. call records—troubled privacy activists more than the report that the NSA can get user data such as e-mails and photographs held by Internet companies including Google and Facebook.
That’s because details of the phone surveillance, and the confirmation of its scope by the U.S. director of national intelligence, suggest that the NSA has broadened its interpretation of the 2001 Patriot Act in ways that allow for the mass collection of information about U.S. citizens.
The mandate of the NSA is to capture intelligence about foreigners. But the vast communications dragnet it operates inevitably scoops up information about Americans as well. In 2005, revelations emerged that the NSA was collecting phone records of U.S. citizens. Public concern about the program soon waned, but many activist groups and researchers have spent the years since working to learn more about NSA surveillance activities. Reports this week that the NSA is secretly tracking people’s phone records and online data to uncover possible terrorist activities rekindled outrage over the surveillance, with even the president using careful language to defend the activities, telling the public, “nobody is listening to your telephone calls.”
Specifically, a court order released by the Guardian, a British newspaper, shows that the NSA required Verizon’s business division to hand over all records of calls “on an ongoing basis” using a section of the Patriot Act, which was passed shortly after the September 11 attacks in an effort to crack down on terrorism. That section had been previously interpreted as allowing demands only for specific, existing data. Such requests are screened by the Foreign Intelligence Surveillance Court (FISC).
The new revelation suggests that the government and the FISC have come up with a new interpretation of the Patriot Act that enables bulk collection of data on American citizens and residents, says Christopher Soghoian, principal technologist and senior policy analyst for the ACLU’s Speech, Privacy and Technology Project. “I think there’s a reasonable case to be made that the government has stretched the law to its breaking point,” he says.
Section 215 of the Patriot Act regulates government access to “tangible things” and says that could include “books, records, papers, documents, and other items,” while another section with stricter oversight, 214, applies to tapping of future communications. “In this new secret interpretation, they’re using a provision of the law that allows them to compel release of existing records as a sort of back door,” says Soghoian.
Deirdre Mulligan, an assistant professor at UC Berkeley School of Information and the chair of the Center for Democracy & Technology, is also worried, and she’s not the only one. She attended the Privacy Law Scholars Conference at UC Berkeley on Friday and says the feeling was “morose.”
“I think this revelation makes clear there was a cost to not having a more detailed conversation and public decision about the balances between democracy and policing,” she says.
The Internet data-gathering program, known as PRISM, also troubled privacy advocates, but it appears to fall clearly within the previously established interpretations of the relevant legislation, the FISA Amendments Act, says Soghoian. However, PRISM could run afoul of the laws of other countries whose data-privacy laws tend to be stricter, he adds.
Julian Sanchez, a research fellow at the Cato Institute, points out that details of the Verizon arrangement, described in a statement by director of national intelligence James Clapper on Thursday, show that the NSA has moved toward collecting data in bulk, and in advance, rather than targeting only data that has been deemed likely to be of interest.
Clapper acknowledged that collection of data was broad, but said that the collection is only “queried when there is a reasonable suspicion.” That’s concerning because data about many U.S. citizens and residents will pile up on government servers, says Sanchez. “Now the assumption is that we can data-mine out records that are relevant, so we collect them all first,” he says. “There’s obviously a lot more potential for abuse.”
Numerous experts and civil liberties groups are now calling for a new Church Committee—a Senate committee led by Idaho Democratic senator Frank Church in the 1970s that investigated government intelligence gathering and domestic surveillance. This led to the formation of the Foreign Intelligence Surveillance Act and Foreign Intelligence Surveillance Court.
“It seems to me that the time is really ripe for Congress to, in a very detailed and public way, get a better handle on the sorts of activities that we are engaged in in the name of the war on terror,” Mulligan says.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today