UPDATE—Thursday, May 7: The day after we posted this article, the US Court of Appeals for the Second Circuit in New York declared the NSA’s domestic phone metadata program illegal, on the ground that the USA Patriot Act provision on which the NSA program had rested did not in fact authorize bulk collection of every American’s phone records. In other words, the NSA’s domestic phone-records program was illegal from the outset, and never should have been created. The court’s unanimous and well-reasoned decision, noting the profound privacy interests we all have in our phone records, and the unprecedented scope of the NSA program, should inform the upcoming legislative debate on the USA Freedom Act. It underscores the crying need for NSA reform. But as the article below argues, passing the USA Freedom Act will only be a first step on that path.
* * *
On April 30, the House Judiciary Committee approved the USA Freedom Act, a bill to rein in dragnet surveillance by the National Security Agency (NSA), by a lopsided 25-2 vote. A front-page New York Times story heralded the bill’s approval as “the strongest demonstration yet of a decade-long shift from a singular focus on national security at the expense of civil liberties to a new balance in the post-Snowden era.”
If enacted, the USA Freedom Act will mark the first time since 9/11 that Congress has reined in any national security surveillance program. But to call it the sign of a fundamental shift is wishful thinking. The real reason the bill has such support, including from the White House and reportedly the NSA itself, is that if Congress does nothing, even more radical change would transpire: Section 215 of the USA Patriot Act, on which the NSA domestic phone data program rests, will expire on June 1 unless Congress acts. In truth, the USA Freedom Act addresses only a small fraction of the NSA’s dragnet surveillance operation, and will leave most of the problematic programs Edward Snowden disclosed untouched.
The USA Freedom Act, which has been endorsed by Silicon Valley corporations, human rights groups, privacy defenders like Senators Ron Wyden and Pat Leahy and Representative John Conyers, as well as staunch conservatives such as Representative James Sensenbrenner and Senator Mike Lee, has much to commend it. It would end the NSA’s “bulk collection” of virtually every American’s phone records, and instead authorize the NSA to access phone data and other personal records only when a court finds that there is reasonable suspicion that records relate to specific names, accounts, or addresses linked to international terrorism. It would impose reporting requirements on the agencies using such authorities, and permit companies served with official demands for their customers’ records to report publicly, in limited fashion, on the volume of such requests. And it would improve proceedings before the Foreign Intelligence Surveillance Court, the judicial body that reviews intelligence surveillance requests. That court currently operates entirely in the dark, where it hears only from the government. The new law would mandate the appointment of a panel of special lawyers who would be directed to defend privacy and civil rights with respect to any surveillance request that “presents a novel or significant interpretation of the law,” and require publication of declassified summaries of the court’s opinions where feasible.
But the real reason the law is being so widely supported, including by the executive branch, is because its reforms are in fact quite modest, and unless some reforms are adopted, the NSA’s authority to search our phone records will disappear entirely. The NSA currently collects all our phone records, but only searches through them when it has shown a judge that it has reasonable suspicion that a particular phone number is linked to terrorism. Under the new law, it would still be able to do that; the principal difference would be that the phone companies, not the NSA, would store the data. That’s not an insignificant change, but it’s hardly a radical reform.
Senate majority leader Mitch McConnell opposes the USA Freedom Act, and has instead proposed extending Section 215’s sunset with no reforms whatsoever, in a bill that might well be called the NSA Business As Usual Act. But McConnell’s bill has very little chance of success. Accordingly, the executive branch and many security-minded members of Congress are supporting the USA Freedom Act as better than the likely alternative—an end to Section 215 altogether. (That’s the solution the ACLU favors, but that outcome is as unlikely as Senator McConnell’s proposal.)
Even if passed, however, the USA Freedom Act only scratches the surface of the reforms that are necessary to respond to Edward Snowden’s revelations of the NSA’s insatiable appetite for information. The bill is addressed almost entirely to the NSA’s domestic surveillance, but the vast majority of the agency’s spying is conducted overseas and directed at foreigners. Under those programs, which are not touched by the USA Freedom Act, the agency has, for example, recorded the contents of every phone call for a year in some countries; vacuumed up massive amounts of Internet data on wholly innocent persons; and collected the contents of phone calls, e-mails, and Internet activity of millions of innocent people. Because these measures are targeted at foreigners, they don’t generate the same level of concern here at home. But these programs implicate our rights, too, as they routinely intercept communications between US citizens and foreign persons. Even an e-mail from Poughkeepsie to Peoria may be routed through France or England without our knowing it, and thus be subject to NSA interception. The Internet knows no borders, and we all increasingly communicate across borders, whether knowingly or not. But once the USA Freedom Act resolves our immediate domestic concerns, it’s hard to see a groundswell emerging to protect foreigners’ rights.
The most fundamental problem Snowden revealed was the absence of transparency about what the NSA is doing. It acts in secret, on the basis of secret interpretations of laws approved by courts acting in secret. As a result, we are denied any meaningful opportunity to assess whether the agency is acting consistent with our desires—something of a problem in a democracy. The USA Freedom Act gestures at that issue; it requires declassification and summaries of surveillance court orders, where possible, and some reporting on the volume of surveillance requests. But it has inexplicably abandoned a provision in last year’s version of the bill that would have required the government to inform us of how many Americans it collects information on each year—perhaps the most important fact of all. What Snowden showed is that unless we are aware of the scope of what the government is doing when it spies on us, we are unlikely to be able to control it.
Technological advances have made possible dragnet surveillance on a national and even global scale, and the NSA has been quick to exploit these capabilities. If we are to preserve our privacy in the digital age, we must insist on new legal constraints—including the transparency necessary to know whether the reforms we impose are working. Otherwise, the digital tracks of our lives will become increasingly transparent to a government that will be increasingly secretive about what it is doing in our name.