By Tom Simonite & Rachel Metz, MIT Technology Review
Privacy advocates have warned for years about the kinds of surveillance revelations that were aired this week.
Of the two big U.S. government surveillance
projects that came to light this week, the one that might seem less
startling—the fact that the National Security Agency gathers Verizon’s
U.S. call records—troubled privacy activists more than the report that
the NSA can get user data such as e-mails and photographs held by
Internet companies including Google and Facebook.
That’s because
details of the phone surveillance, and the confirmation of its scope by
the U.S. director of national intelligence, suggest that the NSA has
broadened its interpretation of the 2001 Patriot Act in ways that allow
for the mass collection of information about U.S. citizens.
The
mandate of the NSA is to capture intelligence about foreigners. But the
vast communications dragnet it operates inevitably scoops up information
about Americans as well. In 2005, revelations emerged that the NSA was
collecting phone records of U.S. citizens. Public concern about the
program soon waned, but many activist groups and researchers have spent
the years since working to learn more about NSA surveillance activities.
Reports this week
that the NSA is secretly tracking people’s phone records and online
data to uncover possible terrorist activities rekindled outrage over the
surveillance, with even the president using careful language to defend
the activities, telling the public, “nobody is listening to your
telephone calls.”
Specifically, a court order released by the Guardian,
a British newspaper, shows that the NSA required Verizon’s business
division to hand over all records of calls “on an ongoing basis” using a
section of the Patriot Act, which was passed shortly after the
September 11 attacks in an effort to crack down on terrorism. That
section had been previously interpreted as allowing demands only for
specific, existing data. Such requests are screened by the Foreign
Intelligence Surveillance Court (FISC).
The new revelation
suggests that the government and the FISC have come up with a new
interpretation of the Patriot Act that enables bulk collection of data
on American citizens and residents, says Christopher Soghoian, principal
technologist and senior policy analyst for the ACLU’s Speech, Privacy
and Technology Project. “I think there’s a reasonable case to be made
that the government has stretched the law to its breaking point,” he
says.
Section 215 of the Patriot Act regulates government access
to “tangible things” and says that could include “books, records,
papers, documents, and other items,” while another section with stricter
oversight, 214, applies to tapping of future communications. “In this
new secret interpretation, they’re using a provision of the law that
allows them to compel release of existing records as a sort of back
door,” says Soghoian.
Deirdre Mulligan, an assistant professor at
UC Berkeley School of Information and the chair of the Center for
Democracy & Technology, is also worried, and she’s not the only one.
She attended the Privacy Law Scholars Conference at UC Berkeley on
Friday and says the feeling was “morose.”
“I think this revelation
makes clear there was a cost to not having a more detailed conversation
and public decision about the balances between democracy and policing,”
she says.
The Internet data-gathering program, known as PRISM,
also troubled privacy advocates, but it appears to fall clearly within
the previously established interpretations of the relevant legislation,
the FISA Amendments Act, says Soghoian. However, PRISM could run afoul
of the laws of other countries whose data-privacy laws tend to be
stricter, he adds.
Julian Sanchez, a research fellow at the Cato Institute, points out that details of the Verizon arrangement, described in a statement
by director of national intelligence James Clapper on Thursday, show
that the NSA has moved toward collecting data in bulk, and in advance,
rather than targeting only data that has been deemed likely to be of
interest.
Clapper acknowledged that collection of data was broad,
but said that the collection is only “queried when there is a reasonable
suspicion.” That’s concerning because data about many U.S. citizens and
residents will pile up on government servers, says Sanchez. “Now the
assumption is that we can data-mine out records that are relevant, so we
collect them all first,” he says. “There’s obviously a lot more
potential for abuse.”
Numerous experts and civil liberties groups are now calling
for a new Church Committee—a Senate committee led by Idaho Democratic
senator Frank Church in the 1970s that investigated government
intelligence gathering and domestic surveillance. This led to the
formation of the Foreign Intelligence Surveillance Act and Foreign
Intelligence Surveillance Court.
“It seems to me that the time is
really ripe for Congress to, in a very detailed and public way, get a
better handle on the sorts of activities that we are engaged in in the
name of the war on terror,” Mulligan says.