In 2013, the Snowden revelations—many of them reported by then Washington Post reporter, now Century Foundation fellow Barton Gellman—shook the American government at its foundations. A wave of public concern about invasive National Security Agency (NSA) surveillance followed. That wave crested in 2015 with the passage of the 2015 USA Freedom Act, which ended the bulk collection of domestic telephone metadata under the Patriot Act. The wave has more or less dissipated since.
But it would be a grave mistake to assume government surveillance is no longer something to worry about. The USA Freedom Act, while a good first step, left most of the opaque legal architecture of NSA surveillance untouched—including the law that authorizes the controversial PRISM and Upstream programs. Meanwhile, the Trump administration has signaled even less concern for constitutional norms than his two predecessors, presidents Bush and Obama, under whom the existing surveillance apparatus was built.
A new Century Foundation report by Jennifer Granick, director of Civil Liberties at the Stanford Center for Internet and Society, makes the case for finishing the unfinished work of surveillance reform by overhauling section 702 of the Foreign Intelligence Surveillance Act (FISA). Based on her findings, here are ten reasons you should still be worried about NSA spying:
1. NSA’s global surveillance dragnet is massive.
Under FISA 702, the NSA vacuums up massive quantities of sensitive, detailed, and intimate personal information about people around the world, including anyone of “foreign intelligence” interest. It is not a counter-terrorism statute. Section 702 authorizes eavesdropping on foreign bureaucrats, gathering information relevant to predicting the price of oil, and gaining leverage in negotiating trade disputes.
2. American communications are inevitably caught up in the dragnet.
In the process of spying on foreigners, the NSA cannot help but collect large volumes of Americans’ communications. The intelligence community refers to this collection as “incidental,” but it includes vast amounts of Americans’ conversations, email exchanges, photos, and other sensitive information.
3. NSA surveillance targets foreigners, but sweeps in more bystanders than targets.
Indeed, one analysis of data collected under section 702 suggested that non-target communications are ten times more likely to be sucked up than target communications.
4. Once acquired, our data can be searched by other law enforcement agencies without a warrant.
Privacy experts call this the “backdoor search loophole.” The Federal Bureau of Investigation (FBI) may search databases containing Americans’ personal data and communications to learn whether Americans are committing run-of-the-mill crimes without any pre-existing suspicion. For example, federal authorities could lawfully search 702 databases for information about doctors issuing prescriptions for medical marijuana.
5. NSA databases are magnets for insider abuse.
There are documented cases of agents using databases of private information to spy on their lovers or spouses. This problem is common enough that agencies call it “LOVEINT,” a parody name modeled on other abbreviations such as “SIGINT” (signals intelligence) and “HUMINT” (human intelligence).
6. The NSA ignores attorney-client privilege.
Except in ongoing criminal proceedings, the NSA does not recognize attorney-client privilege in its collection. Thus, the NSA treats client consultations on how to avoid or respond to potential criminal exposure—as well as attorney-client communications on civil matters—the same as any other conversation.
7. Your communications with a friend abroad could be sucked up if they are merely “about” a target.
Under the NSA’s Upstream program, the government scans data flowing over the Internet for messages that contain information “about” foreign intelligence targets. The NSA says selectors for this “about” surveillance have to be more specific than merely the names of targets. That is, according to the government, you couldn’t be spied on simply for talking about Angela Merkel. But you could be for mentioning her email address. Using email addresses as selectors can, however, wind up casting a wide net. If the NSA is acquiring messages sent to or from addresses like “[email protected]” or “[email protected],” for example, the incidental collection will be huge.
8. The NSA can collect your whole email inbox.
If only one email in your inbox is responsive to the NSA’s targeting terms, the NSA collection system may nevertheless pull your entire inbox flow into the NSA databases.
9. The ultimate decision about who intelligence authorities spy on is decided by the NSA alone.
Under section 702, no judge participates in the government’s targeting decisions. Courts assess whether the targeting procedures fit the statutory definition of targeting procedures, but they do not oversee targeting decisions. This means all the incidentally collected American content flowing to law enforcement via backdoor search—your whole email inboxes, for example—has never been authorized by a judge.
10. Excessive surveillance is not necessarily making us safer.
Too much information can cause what some in the intelligence community call “analysis paralysis.” A number of internal intelligence documents—e.g. “Data Is Not Intelligence,” “The Fallacies Behind the Scenes,” “Cognitive Overflow?” “Summit Fever,” and “In Praise of Not Knowing”—discuss the problem of having so much information, you don’t know what to do with it. Searching for the relevant needle in a signals intelligence haystack—or, more accurately, a needle among millions of haystacks—can be a time and resource intensive process. Meanwhile, more targeted and discriminate surveillance can avoid this problem.