The report from the President's Review Group on Intelligence and Communications Technologies on the US government's mass spying — domestically and around the globe — has much that's good in it. As the folks handling the only ongoing case where National Security Letters have been declared unconstitutional, we also especially appreciate the recommendation that NSLs may only be issued after judicial review and subject to significant additional limitations.
We appreciate their strong endorsement of strong, non-backdoored encryption. And we never thought we'd see a presidential panel explain the risks posed by the government's stockpiling of Zero Days rather than making sure that they are fixed.
But there's also a strange disconnection in the report when it comes to mass surveillance. On the one hand, the report seems to take a strong stance against the government's "review it all" strategy. It explains that ensuring privacy of communications is part of creating security in a free society, noting:
- "In a free society, one that is genuinely committed to self-government, people are secure in the sense that they need not fear that their conversations and activities are being watched, monitored, questioned, interrogated, or scrutinized."
- "If people are fearful that their conversations are being monitored, expressions of doubt about or opposition to current policies and leaders may be chilled, and the democratic process itself may be compromised."
- "History shows that when government is engaged in surveillance, it can undermine public trust, and in that sense render its own citizens insecure. Privacy is a central aspect of liberty, and it must be safeguarded."
The report charts well the harms broad government surveillance can cause to trade and commerce and to our relationships with other nations, along with marking the risks to freedom and civil liberties. In addressing NSLs it especially notes the importance of prior judicial review where the government has to justify its individual targets.
In that vein, the report urges the end of the ongoing telephone records collection program handled under section 215 of the PATRIOT Act. The words are clear: "In our view, the current storage by the government of bulk meta-data creates the potential risks to public trust, personal privacy, and civil liberty."
When it comes to section 702 of the FISA Amendments Act, however, the President's review group seems to have suffered a bit of amnesia. They renege on their own principled discussion of the dangers to freedom and security.
There's no question that the 702 program is mass surveillance where, at best, a very broad range of non-suspect communications (of both Americans and non-Americans) are monitored with no judicial review or individualized showing of suspicion. The FISA Court decisions released by the government confirms that "upstream collection" refers to the acquisition of Internet communications as they transit the 'internal backbone' facilities" of telecommunications firms, such as AT&T. The Wall Street Journal gives more detail that pulls out the "mass" part:
The NSA asks telecom companies to send it various streams of Internet traffic it believes most likely to contain foreign intelligence. This is the first cut of the data. . . .The second cut is done by NSA. It briefly copies the traffic and decides which communications to keep based on what it calls "strong selectors" — say, an email address, or a large block of computer addresses that correspond to an organisation it is interested in.
The DNI and the NSA have jointly confirmed that this is done under Section 702. These descriptions of upstream Internet surveillance are mighty familiar to EFF. They are functionally identical to the surveillance configuration described in the evidence brought to us by Mark Klein in our long-running Jewel v. NSA case: a system designed to acquire Internet communications as they flow between AT&T's Common Backbone Internet network to the networks of other providers.
Section 702 is a mass surveillance program and triggers the same concerns about "monitoring" that the report so eloquently points out. Indeed, it sweeps much more broadly, since it "monitors" communications content, web browsing, essentially everything carried on the fibre-optic cables being diverted. This monitoring can leave people feeling insecure in their communications, chill speech, and undermine our international relations and international commerce.
Yet the report is strangely silent about this. And rather than discuss what the NSA is actually doing, it references the statutory text, noting only that "section 702 does not authorise NSA to acquire the content of communications of masses of ordinary people." We agree that the statutory language doesn't authorise it, but the report doesn't address the fact that, by its own description (and EFF's uncontroverted evidence), the NSA is intercepting communications in mass at least as part of its "initial cut" under 702.
The contradiction here is clear: The review group beautifully articulates the problems with overbroad, mass surveillance and opposes it under section 215, yet ignores the mass surveillance occuring under 702 entirely. Under both, the government has custody of and is searching through a broad, untargeted mass of communications first, leaving the rest of us to hope that they won't abuse this awesome power. And under both 215 and 702 no court reviews the government's actual targeting prior to collection.
We hope Congress will try to get to the bottom of this when the group members testify before Congress on January 14th. If mass surveillance is a problem for phone records, it's a problem for "upstream" too, and we need to end all mass surveillance if we're going to restore true freedom and real security to Americans and to people all over the world.
This article is reproduced from Electronic Frontier Foundation under Creative Commons Licence.
Picture: Tischenko Irina/Shutterstock