|إضافة تسمية توضيحية|
For the last two months, we’ve all watched the news about the National Security Agency and its friends over at the Foreign Intelligence Surveillance Court (FISC), which approves secret orders on behalf of the NSA and other spy agencies. But more often than not, a lot of these articles take the same basic structure: documents provided by NSA leaker Edward Snowden show X, and then privacy advocates and civil libertarians decry X for Y reason.
That now raises the question, what would these privacy advocates do if they were put in charge of the NSA and the FISC? Or more specifically, what changes would they immediately enact at those two opaque institutions?
Ars checked in with some of the best technical and legal minds that we know: Bruce Schneier, one of the world’s foremost cryptographers, and Jennifer Granick, an attorney and director of Civil Liberties at Stanford University’s Center for Internet and Society. For a historical perspective, we chatted with Gary Hart, a former United States senator from Colorado who served on the Church Committee in 1976. Its recommendations led to the creation of the Foreign Intelligence Surveillance Act (FISA) and the FISC. We also looked at recent public statements by the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU).
Schneier, who has previously criticized the Department of Homeland Security, proposed the most radical changes.
“There’s a fundamental problem in that the issues are not with the NSA but with oversight,” he told Ars. “[There’s no way to] counterbalance the way [the NSA] looks at the world. So when the NSA says we want to get information on every American’s phone call, no one is saying: ‘you can’t do that.’ Without that, you have an agency that’s gone rogue because there is no accountability, because there is nothing checking their power.”
The way Schneier sees it, in an attempt to keep the operational details of the targets secret, the NSA (and presumably other intelligence agencies, too) has also claimed that it also needs to keep secret the legal justification for what it’s doing. “That’s bullshit,” Schneier says.
The famed computer scientist wants to apply traditionally open and public scrutiny to how the NSA operates.
“How much does this stuff cost and does it do any good?” he said. “And if they can’t tell us that, they don’t get approved. Let’s say the NSA costs $100 million annually and that an FBI agent is $100,000 a year. Is this worth 1,000 FBI agents? Or half and half? Nowhere will you find that analysis.”
For the record: the size of the NSA’s budget is officially classified as secret, but estimates put it at least at $8 to $10 billion annually—but his point stands. It’s nearly impossible to judge the effectiveness of federal spending of an unknown sum, whose tactics, legal justifications, and most importantly, outcomes, are completely hidden from the public.
“We deliberately have given ourselves an inefficient form of government and an inefficient form of policing because we recognize the dangers in giving people so much power without any oversight or accountability,” he concluded.
Similarly, former Senator Gary Hart said that the intelligence apparatus has ballooned out of control in the United States in recent years.
“The use of outside consultants [and] private companies by these dozen and a half intelligence agencies is out of hand,” Hart said. “We don’t know how many companies there are, how many people they employ. We do know there are 1 million Americans with top-secret clearance, and that’s way too much.”
Indeed, the Wall Street Journal recently reported that “as of last October, nearly five million people held government security clearances. Of that, 1.4 million held top-secret clearances.”
A black box
While Schneier had the broadest and most sweeping proposed changes, the other tech and legal experts that we spoke with focused more specifically on individual legal reforms, and they tended to agree on a few broad suggestions: halt untargeted blanket surveillance, restore a pre-2008 version of the Foreign Intelligence Surveillance Act (FISA) that required a probable cause-driven warrant to conduct foreign surveillance, and create additional FISC reforms such that its proceedings are more open and have more avenues for pushback.
Jennifer Granick was the first to admit that it’s difficult to know what reforms are necessary, because as Schneier pointed out, it’s impossible to know what precisely is being undertaken by the NSA and other intelligence agencies.
“We’re responding to a black box,” she said. “We don’t know the full story of what they’re doing. We don’t know the full story of how useful or not useful the various tools are. We don’t know what they do with the information. We’re responding to these fragmented amounts of information.”
Granick, like the EFF and ACLU, called for an immediate cessation to the bulk collection of all Americans’ records.
As the EFF writes:
The starting point for NSA reform would be a definitive statement that court orders for bulk collection of information are not allowed and indeed are illegal. At all times, a specific person or specific identifier (like a phone number or e-mail address) or a reasonable, small, and well-cabined category (like a group on the terrorist list or member of a foreign spy service) must be specified in the context of an investigation. And a category like: “all records of all Verizon customers,” is neither reasonable, small, nor well-cabined.
Similarly, the ACLU’s Jameel Jaffer testified before the Senate Judiciary Committee (PDF) on July 31, 2013:
But the Fourth Amendment is triggered by the collection of information, not simply by the querying of it. The NSA cannot insulate this program from Fourth Amendment scrutiny simply by promising that Americans’ private information will be safe in its hands. The Fourth Amendment exists to prevent the government from acquiring Americans’ private papers and communications in the first place.
Because the metadata program vacuums up sensitive information about associational and expressive activity, it is also unconstitutional under the First Amendment. The Supreme Court has recognized that the government’s surveillance and investigatory activities have an acute potential to stifle association and expression protected by the First Amendment.
Bringing back 2008
In 2008, Congress passed the FISA Amendment Acts, which loosened the restrictions as to who could be surveilled. As Jaffer recently told the Senate:
Until Congress enacted the FISA Amendments Act, FISA generally prohibited the government from conducting electronic surveillance without first obtaining an individualized and particularized order from the FISA court. In order to obtain a court order, the government was required to show that there was probable cause to believe that its surveillance target was an agent of a foreign government or terrorist group. It was also generally required to identify the facilities to be monitored. The FISA Amendments Act allows the government to conduct electronic surveillance without indicating to the FISA Court whom it intends to target or which facilities it intends to monitor, and without making any showing to the court—or even making an internal executive determination— that the target is a foreign agent or engaged in terrorism. The target could be a human rights activist, a media organization, a geographic region, or even a country.
Granick also argues that it sets a bad precedent for other countries, particularly those authoritarian regimes that we frown upon.
“We don’t want to give comfort to those nations that want to have free range [over their people's] data—we should have a warrant requirement and that should not be contingent on whether the person is a US person or not,” she said.
“Open and adversarial proceedings”
Finally, these legal experts would love to see a narrowing of what the FISC can and can’t do. Granick said that she’d like to see FISC’s scope narrowed so all it could do would be to “approve secret targets.”
“It cannot make secret interpretations of statute, and it cannot interpret what the 4th Amendment is or should be,” she said. “We should have an open and democratic process and not a secret court. I think that the court should not be playing the role of making legal decisions in any case. All they’re doing is approving secret targets. There’s a lesser role for an independent [ombudsman] or defendant’s advocate.”
That "lesser role" that she’s referring to is a position that former Sen. Gary Hart (D-CO) and others have suggested, which would make the FISC process more adversarial. At present, when the government comes to the FISC and asks to target a particular person—often times, getting help from the court’s staff to make it more palatable to the judge—there is no advocate for the target, which has led to a near-100 percent target approval rate. Hart has called for the creation of a “citizen’s ombudsman,” who would have adequate security clearance.
“But that individual would make the counter argument so the court would not just [have the government’s argument to consider], but the [ombudsman] would be calling into question what the government was putting forward,” he said.
Granick said that such an ombudsman position would not be necessary if all FISA did was approve secret targets—leaving the legal justification to other open courts.
The ACLU has agreed generally with these recommendations. As Jaffer testified:
- Congress should ensure that the government’s surveillance activities are subject to meaningful judicial review. It should clarify by statute the circumstances in which individuals can challenge government surveillance in ordinary federal courts. It should provide for open and adversarial proceedings in the FISC when the government’s surveillance applications raise novel issues of statutory or constitutional interpretation. It should also pass legislation to ensure that the state secrets privilege is not used to place the government’s surveillance activities beyond the reach of the court