In the thawing air of a Russian spring in downtown Moscow, internet phenomenon John Oliver anxiously awaited the arrival of another famous (or infamous) figure, Edward Snowden. While pacing the chamber in anticipation of his comedic interview with the former NSA contractor, Oliver senses a looming concrete specter. As he slowly pulls back a dark curtain, the fading light reveals an ominous government office building: the Lubyanka.
Correctly identifying it as “the old KGB building,” the HBO comedian’s hallmark expression of unbreakable confidence wavered, revealing a legitimate sense of unease.
Unbeknownst to many American citizens, the seemingly innocent government office building in the heart of the Russian capitol serves as a de-facto tomb for thousands of Russian citizens who never escaped the confines of those yellow walls before and during the Soviet era. It was one of Vladmir Putin’s Cheka predecessors by the name of Felix Dzerzhinsky who once instructed the national police to “kill without investigation, so that [the citizens] will be afraid.” As pointed out by Doug Bandow of the CATO Institute, “in a testament to Dzerzhinsky’s effectiveness, the Nazis modeled their repressive security apparatus, most notably the Gestapo, after the Cheka.” Rather than ISIS-style executions, this vicious murderer’s preferred method of execution was a simply lodging a bullet directly between the tear-soaked pleading eyes of his people. A sizable number of these sorts of calloused killings took place in the basement of the Lubyanka.
This is the nation in which Edward Snowden ironically sought refuge from the “turnkey tyranny” of the United States, and this was the backdrop of bloodshed against which he further charged the NSA with “holding a gun” to the heads of American citizens.
As the world mourns for those savagely killed in the radical Islamic attacks on the French homeland, in San Bernadino, Burkina Faso, and Brussels, a renewed emphasis has been placed upon western surveillance practices.
Even during the first republican debate in August, (former candidates) Rand Paul and Chris Christie both emphatically addressed mass surveillance in a heated exchange that became a major highlight of that debate. Before his collapse in Florida, Marco Rubio had traded several blows with Ted Cruz and Rand Paul over their stances against NSA bulk data collection earlier last year, when they advocated for the USA FREEDOM Act (which would curtail intelligence gathering in the name of individual liberty).
Meanwhile, democratic candidate Bernie Sanders echoed Cruz and Paul’s criticisms of the NSA, declaring that in his view, “the NSA is out of control and operating in an unconstitutional manner” and that he worries about American kids growing up feeling fear when they open certain books, because they might be targeted as a terrorist.
If one thing is for certain, it is that fear does not change constitutional precepts. Therefore, the first issue that must be addressed in this debate is the constitution, with national security being a secondary issue. Therefore, Americans must have an informed discussion that transcends bumper sticker slogans and shallow Facebook comments in order to determine exactly what these precepts are.
The Consequences of Irresponsibility
It has been said that the two biggest lies of the internet age are “I am 18 years old” and “I have read and agree to the terms of service.”
This young adage is far more than correct, and those who disagree likely have not touched a computer since the Apple 2. As reported by the Daily Beast, a British gaming company managed to get 7,000 users to agree to grant the company “a nontransferable option to claim, now and forever more, your immortal soul” by slipping it into a terms of service agreement. Similarly, a technical support company called PC Pitstop hid a clause amongst its legalese granting (what ended up being) a $1,000 prize for anyone who read it – and it took a very long time before anyone inquired about it.
But regarding far more popular legal agreements (to which those reading this article have likely consented), companies such as Apple, Yahoo, Facebook, Microsoft, Twitter, Instagram, and Google protect user information much the same way that a roommate protects your food: theoretically, they have no intention of using it, but when it comes down to it, there’s nothing that can stop them from having their fill as soon as you’re not looking. This general observation was eloquently outlined by Victor Luckerson at Time Magazine in a piece titled, “You Probably Agreed to NSA Snooping When You Accepted That Website’s Terms of Service.”
“…we grant companies like Facebook, Google and Apple incredible leverage to hand over our data to government agencies the moment we accept their privacy policies and terms of service agreements. Tucked away in those long paragraphs of legalese on pretty much every major Internet website (including Time.com) is a clause about how a business will handle your private data when the feds come knocking. In general, these companies grant themselves wide latitude.
Yahoo says it might hand out your data to investigate or prevent “situations involving potential threats to the physical safety of any person.”
Facebook will respond to a court order, search warrant or other legal request “if we have a good faith belief that the law requires us to do so.”
Apple provides user data to government agencies if “for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.”
This charge is demonstrably true, as can be quickly verified by even a brief skimming of these companies’ privacy policies. Google, for instance, says the following regarding their handling of user information:
“We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
meet any applicable law, regulation, legal process or enforceable governmental request.
enforce applicable Terms of Service, including investigation of potential violations.
detect, prevent, or otherwise address fraud, security or technical issues.
protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.”
The most important thing to observe from this harmless-looking statement of “good faith” is that Google – and Google alone – ultimately determines the circumstances under which any of the aforementioned clauses apply with exactly zero oversight. But if you haven’t read it, surely it cannot be legally enforceable… can it?
Digital Contract (Not a Social Contract)
What many internet users do not fully recognize is that these terms and conditions constitute a legally-binding deal between the provider and the user. It is a digital contract, and clicking the box is no different than signing on the dotted line.
Even the privacy watchdog group known as the Electronic Frontier Foundation (which now routinely lobbies against NSA surveillance) noted that courts consider these agreements to be no different than written contracts.
“Given the emphasis placed on a user’s assent, courts favor finding a binding agreement where the user engages in affirmative conduct acknowledging the terms of a [terms of service agreement]. For instance, a genuine clickwrap agreement, in which a service provider places a TOS just adjacent to or below a click-button (or check-box), has been held to be sufficient to indicate the user agreed to the listed terms.”
There is a well-intentioned feeling of violation when all of this comes to light, and what the world submits itself to is certainly an overt and pervasive invasion of privacy. Many see this ostensibly “unfair” situation and conclude that it must somehow be a violation of the fourth amendment. Conservatives and libertarians alike must avoid falling into the trap of allowing guttural feelings to inform policy prescriptions without regard to the rule of law, lest they become the very thing which animates factions of the American left.
Once one delves into the case law surrounding the fourth amendment, things become less clear-cut, and a sobering sense of realism begins creeping in.
Throughout relevant case law, the Supreme Court has consistently affirmed that privacy rights under the fourth amendment are forfeited when information is voluntarily handed over to a third party.
The first court case from which to evaluate fourth amendment protections is the case of Smith v Maryland (keep in mind a pen-register collects and records dialed telephone numbers – also known as metadata).
“The telephone company, at police request, installed at its central offices a pen register to record the numbers dialed from the telephone at petitioner’s [or the robber’s] home. Prior to his robbery trial, petitioner moved to suppress “all fruits derived from” the pen register. The Maryland trial court denied this motion, holding that the warrantless installation of the pen register did not violate the Fourth Amendment. Petitioner was convicted, and the Maryland Court of Appeals affirmed.”
After the case ascended from the Maryland Court of Appeals, the following was held:
“The installation and use of the pen register was not a “search” within the meaning of the Fourth Amendment, and hence no warrant was required.
Application of the Fourth Amendment depends on whether the person invoking its protection can claim a “legitimate expectation of privacy” that has been invaded by government action…
Petitioner in all probability entertained no actual expectation of privacy in the phone numbers he dialed, and even if he did, his expectation was not “legitimate.” First, it is doubtful that telephone users in general have any expectation of privacy regarding the numbers they dial, since they typically know that they must convey phone numbers to the telephone company and that the company has facilities for recording this information and does, in fact, record it for various legitimate business purposes.”
One of the more notable components outlined by the court’s decision is the fact that companies keep these records for business purposes, as do companies such as Google and Facebook (which is why they are able to generate tailored advertisements based upon a user’s prior search queries). But the ruling continues:
“Second, even if petitioner did harbor some subjective expectation of privacy, this expectation was not one that society is prepared to recognize as “reasonable.” When petitioner voluntarily conveyed numerical information to the phone company and “exposed” that information to its equipment in the normal course of business, he assumed the risk that the company would reveal the information.”
Voluntarily handing over information to a third party annuls privacy expectations. In a more professional legal analysis, the George Washington University School of Law released a comprehensive white paper dealing with the clash of the 4th amendment with the internet.
“If you tell a secret to your friend, or give a document to your accountant, the Fourth Amendment will not offer protections from police efforts to get the secret from your friend or the document from your accountant. Even more broadly, the disclosure need not be to a human being. In Smith v. Maryland, the Supreme Court concluded that the same principle applies when a person enters information into another person’s machine. By telling the machine your private information, the Supreme Court held, you relinquish an expectation of privacy in the information just as you would if you had told your private information to a person.”
This principle not only finds its roots in the 4th amendment, but also is useful in the context of the 5th amendment. The constitution clearly protects the individual from self-incrimination, but if a friend is aware of incriminating information, there is no right on the part of the defendant to suppress their voice.
To this day, Smith v Maryland continues to be the single best case from which to evaluate 4th amendment protections in the 21st century. The principle firmly established by this court has come to be known as “third party doctrine,” and it absolutely undermines any claims of constitutional violation levied by conservatives or libertarians.
A well-intentioned voice echoing this misguided sentiment is Jim Harper of the CATO Institute. In a 2013 blog post, Harper argues through his title that those who observe Smith v Maryland as good law simply have not read the case.
His criticism begins by first saying that the situation of Smith v Maryland is not comparable to the situation of NSA bulk collection.
“The police had weighty evidence implicating one man. The telephone company voluntarily applied a pen register, collecting analog information about the use of one phone line by that one suspect. I can’t think of a factual situation that could be at a further extreme than NSA’s telephone calling surveillance program.”
This argument relies on two straw man fallacies: first, that the decision was based upon the number of individuals involved. Constitutional rights are unwavering regardless of scale. Second, that companies don’t voluntarily engage in surveillance (though this is solidly refuted when examining the PRISM program). The question remains to be “was the reasonable expectation of this man’s privacy violated?”
Further, Harper contends that the court incorrectly based its ruling on the fact that the defendant’s expectation of privacy was objective rather than subjective. However this position is patently absurd, given that it allows one to claim a right of privacy by simply declaring that they subjectively felt that they were alone – even if it was in the middle of a busy street. Again, this is an example of relying on feelings to dictate law, which is dangerous. This claim is also rightly refuted by the Legal Information Institute of the Cornell School of Law.
The only direct rebuttal of third party doctrine that Harper provides is an excerpt from a separate Supreme Court case (which will later be discussed) which read:
“[I]t may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks…. I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.”
Clearly this opinion from justice Sotomayor merely calls into question the doctrine, (rather than providing any constitutional case against it) electing to instead cite the evolution of technology as rationale for changing precepts. This seemingly harmless position reveals a deeply dangerous idea: constitutional rights and responsibilities change with time. This same philosophy would suggest that the 2nd amendment ought to be updated for the 21st century due to the fact that American citizens may not need to defend themselves from tyranny in this lifetime. Once applied, this poisonous philosophy has the potential to undermine the constitution entirely.
It is also worth noting that the CATO Institute itself ironically confirmed that Sotomayor’s appointment to the federal bench was an instance of meritocracy being pushed aside in favor of affirmative action. Additionally CATO’s Dr. Ilya Shapiro recommended an especially thorough probing of her judicial philosophy prior to her nomination. This concern was well-founded, given that America now knows that Justice Sotomayor is a judicial activist who believes that a judge ought to help formulate a law rather than (as the late Justice Antonin Scalia preferred) interpreting it.
But even accepting Sotomayor’s sentiment as legitimate, third party doctrine is alive and well; unscathed by reversal or dilution.
Third Party Doctrine is Unrefuted
While there has been a shallow myth circulating among certain news outlets and advocacy groups that the Supreme Court struck down third party doctrine in five separate decisions, a closer look at these cases reveal that such a contention is misinformed at best, and disingenuous at worst.
The first is Bond v U.S., in which the court found that police cannot go through a passenger’s luggage without a warrant. This has nothing to do with a consensual disclosure of content. While it would appear as though public transportation annuls privacy rights, the bus in question was a privately-owned Greyhound bus, meaning that the passenger paid for his service (this critical fact will be explored in a moment).
The second case of Ferguson v the city of Charleston dealt with “a state hospital’s performance of a diagnostic test to obtain evidence of a patient’s criminal conduct for law enforcement purposes is an unreasonable search if the patient has not consented to the procedure.” The key clause in this holding is consent: it only violates the fourth amendment if consent is not given. This has nothing to do with a consensual disclosure of content.
The third is Kyllo v U.S. – again this has nothing to do with the consensual or incidental disclosure of information from a third party. The court held that police cannot use a thermal scanner on a private home without a warrant.
Fourth, in the case of Georgia v Randolph the court found that if the police have a warrant to search your apartment, your roommate can deny entry on the basis of his own privacy being invaded. This is an example of co-ownership, which in no way rebukes third party doctrine.
Finally, the most often-cited court case which allegedly denies the legitimacy of the third party doctrine is U.S. v. Jones. In this case, the Supreme Court ruled in favor of a an alleged narcotics dealer (Antoine Jones) when it held that evidence obtained through the warrantless use of a GPS device covertly placed on the bottom of his Jeep violated the fourth amendment. The majority opinion delivered by Justice Scalia seemed to affirm what many Libertarians already contend: that electronic surveillance without a warrant is unconstitutional.
It should be noted however, that this majority opinion was exclusive to this scenario, and privacy hawks were quick to expand its reach to include NSA surveillance. There is an important constitutional term, however, that utterly destroys this narrative: “effects.”
Via the Oyez Law Project, (citations omitted)
“The Fourth Amendment provides in relevant part that “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.” It is beyond dispute that a vehicle is an “effect” as that term is used in the Amendment.
We hold that the Government’s installation of a GPS device on a target’s vehicle, and its use of that device to monitor the vehicle’s movements, constitutes a “search.”
In other words, the search of his vehicle was indeed a violation of privacy – it was his private property. He worked for it. He purchased it. He maintained it. He paid for its fuel. It was indeed his property “beyond dispute.”
Just like we own our email accounts. We paid for them. We maintained them. We serviced them when they malfunctioned. We invested in security against external hacking. Our email servers are our own private property because we worked for them.
In order to suggest that this case applies to NSA surveillance, one must be willing to make this absurd argument. To borrow wording from the George Washington School of Law, one must prove that these social media accounts are not “another person’s machine.”
This attitude concerning free services offered by private companies is indicative of a nefarious and destructive ideology that serves as yet another corrupt stain in the fabric of America: unmitigated entitlement.
This entitlement (combined with an ignorant bliss) not only creates situations in which large amounts of people post meaningless legalese to their Facebook walls and Instagram pages, but it also means that users do not fully grasp what they have given up.
In the same way, as outlined in a massive review of NSA practices from the Privacy and Civil Liberties Oversight Board (PCLOB), the NSA’s telephone metadata program obtains information from companies directly, rather than seizing or intercepting it. In fact, the review board concluded:
“All of the information collected by the NSA in its calling records program is recorded by telephone companies for their own business purposes. Thus, just like the numbers that a telephone user dials, all of this information has been shared with telephone companies by their customers. As long as the third-party doctrine remains in force and assuming it applies regardless of the breadth of the data acquired, the NSA’s collection of calling records is not a search under the Fourth Amendment.”
This voluntary forfeiting of rights is a symptom of a greater disease ravaging American society: personal irresponsibility, which is a major enemy of Libertarianism in any context.
But aside from the well-established fact that NSA surveillance practices are constitutional, the concern of abuse still exists – and rightly so. Americans should be skeptical of abuse by any arm of government, but at the same time citizens must be careful not to sacrifice military effectiveness in the name of hysteria.
The NSA’s Culture of Non-Abuse
Many political pundits and candidates such as Bernie Sanders blanket the NSA in harsh accusations ranging from extreme corruption to tyrannical aspirations. A completely factual and honest analysis ought to be used instead.
When Edward Snowden originally leaked the first wave of NSA documents to the Guardian, he astonishingly suggested that he had the authority to “wiretap anyone” including a major head of state. This claim is false unless he was both deliberately breaking the law as well as disobeying NSA procedural rules.
According to Dr. James Bamford, a distinguished visiting professor of law at the University of California, Berkley who also has spent his career as an NSA journalistic investigator:
“…Snowden probably couldn’t eavesdrop on just about anyone, including the president, without breaking the law. The Foreign Intelligence Surveillance Act forbids the NSA from targeting U.S. citizens or legal residents without an order issued by the Foreign Intelligence Surveillance Court…According to documents from Snowden published by The Post and the Guardian on Thursday, if agency employees pick up the communications of Americans incidentally while monitoring foreign targets, they are supposed to destroy the information unless it contains “significant foreign intelligence” or evidence of a crime.”
The leaked document to which Dr. Bamford is referring is provided below. It clearly (and emphatically) directs agents to discard any wrongfully obtained information on American citizens. It should be noted that this was previously classified, and therefore cannot be argued as a ploy to hide the culture of abuse that Snowden alleged in his interview with John Oliver.
In spite of the fact that the NSA enthusiastically condemns the collection of U.S. persons (even though there is no expectation of privacy anyway), the ACLU elected to instead only focus on the portion encircled in red, which suggests that agents don’t have to report accidental data collection to the Inspector General’s oversight report. This is worthy of comment.
Obviously (as previously covered), this data has no fourth amendment protection, but it is constructive to ask whether or not the people with whom this exception has been granted can be trusted (which will be discussed in the next section).
But as far as the sort of deliberate abuses that Bernie Sanders, Rand Paul, and even Ben Carson tend to believe is rife within the agency, the Inspector General is fairly straightforward with regard to their frequency.
“The National Security Agency’s internal watchdog detailed a dozen instances in the past decade in which its employees intentionally misused the agency’s surveillance power, in some cases to snoop on their love interests…At least six of the incidents were referred to the Justice Department for possible prosecution or additional action; none appear to have resulted in charges.”
Fourteen instances of deliberate and corrupt abuse over the course of a decade is an impressive record for an agency that has the ability of processing five quintillion bytes of data, especially when it appears that nearly all violations occurred due to suspicion over their spouses. While it may appear suspect that no charges were pursued, CNN reported that these instances resulted in demotions, instant resignation, and various types of sanctioning.
The main takeaway from this information is that (to date) there is not a single instance of unanswered malicious NSA targeting of a common American citizen.
However, there was a report released in the Wall Street Journal which alleged that the NSA collected communications between congressional members during the debate on the Iran deal. This purported scandal was subsequently put to rest in the wake of congressional briefing by top intelligence officials. The story quickly died after house panelists were “satisfied that all procedures were followed by the Intelligence Community.”
One other source of public dissent stems from a 2012 audit which revealed that the NSA broke privacy rules about 3,000 times. Again, this figure is startling. But upon further investigation, the claim falls flat, as “most” of them are simply typographical errors.
“The May 2012 audit found 2,776 incidents of “unauthorized collection, storage, access to or distribution of legally protected communications” in the preceding 12 months, the [Washington] Post reported in its story.
“Most were unintended. Many involved failures of due diligence or violations of standard operating procedure,” said the Post article by reporter Barton Gellman. “The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders.”
That sounds extremely damning. But CNN elaborates:
“The Washington Post reported that most incidents involved unauthorized surveillance of Americans or foreign intelligence targets in the country. In one case, the NSA decided it didn’t need to report the unintended surveillance. In 2008, a “large number” of calls placed from Washington were intercepted due to a programming error that confused the capitol’s 202 area code for 20, the international dialing code for Egypt. The information came from a “quality assurance” review that wasn’t distributed to the NSA overnight staff, according to the Post. Separately, an NSA new collection method went undiscovered by the Foreign Intelligence Surveillance Court for months. The court, which has authority over some of the agency’s operations, ruled it unconstitutional.”
The Foreign Intelligence Surveillance Court ruled a certain sort of spying unconstitutional, and the accidental omission of a “2” lead to unintended data collection – not even that slipped through the net of oversight.
Throughout all of the various mistakes and misrepresentations of NSA practices, one thing is for certain: there are absolutely zero points of data that indicate a culture of corruption or abuse.
As a brief parenthetical, privacy hawks speculate that the FISA court merely functions as a “rubber stamp” for any NSA practices due to its incredibly high approval rate. This is first refuted by the above source, but further, the Stanford Law Review pointed out that the Justice Department has so many warrant requests to submit that they prioritize the unbeatable ones over requests which may be rejected. This is also confirmed by researchers at the Center for Strategic and International Studies, which said that warrant requests go through “intensive vetting” and that critics “lack insight into the workings of the Court.”
But evidence or no evidence, the concerns will persist – and that isn’t necessarily bad. As one eternally-respected conservative voice once said, “eternal vigilance is the price of liberty.” This is true of both foreign threats and governmental power. But there must some degree of trust between the citizens and their defenders.
Who Can We Trust?
At a speech in Central California in November of 2014, U.S. Navy Lieutenant Commander Rob Nelson established a basic NSA demographical fact: 75% of agents are active military personnel, and the remaining 25% are primarily retired officers. (Lt. Nelson happens to have extensive intelligence and cryptography experience, having served as an electronic intelligence analyst in the Marines.)
This should not serve as a surprise, given that the National Security Agency is a division of the Air Force’s Cyber Command, and its directors are Generals and Admirals. While civilian contractors are used to assist in tech support (such as Edward Snowden), the overwhelming majority of NSA agents emerge from the United States military.
This eliminates the narrative that unaccountable bureaucrats such as Lois Lerner of the IRS can easily sift through any data that they choose – which seems to be the public perception. The monumental importance of this distinction cannot be understated.
“The oath for enlisted military personnel repeats the preceding affirmation, “that I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same,” and concludes with, “I will obey the orders of the President of the United States and the orders of the officers appointed over me, according to regulations and the Uniform Code of Military Justice. So help me God.” The subtle distinction between officer oath and enlisted oath is that officers are bound to disobey any order that violates our Constitution, while enlisted personnel are bound to obey only lawful orders…Although military service personnel who violate their oaths are remanded for courts-martial under the Uniform Code of Military Justice, politicians who violate their oaths are often rewarded with re-election.”
Executive cronies aren’t held accountable, politicians face no real consequences for violating their oaths, but military personnel are tried and punished for violating theirs. So the question becomes “can we trust the military?”
It appears that Americans are perfectly willing to trust the military when our men and women are being shot, stabbed, and dismembered on foreign battle fields, but when they come home and are safe at a mass data center in Utah, do they still deserve as much trust?
This question is useful when evaluating the efficacy of any military asset, and two aspects must be analyzed: first, is there evidence of intentional misuse of military defense tools? Second, if there is abuse, is it going unaddressed?
The answer to both of those questions is a solid and emphatic “no.”
But still, there exists potential for a Soviet-Gestapo-style “turnkey tyranny.” But to oppose the NSA based on this potential alone as Edward Snowden would like to, one must also oppose the Navy’s SEAL program. After all, SEAL team 6 could drop into any American home in the dead of night to kidnap or kill an entire family just as easily as it did in Islamabad, Pakistan. The potential for abuse does not justify elimination or impediment of a critical mission. While misconduct unarguably exists within the military, severe violations against citizens do not go unpunished. Therefore, it is rational to accept the military as trustworthy – and this trust has been proven to be well-placed.
“We stress that there is no indication that the government has used the telephone records collected under Section 215 to trace religious or political affiliations or deduce other sensitive matters.”
(It should be noted that the above report does acknowledge that it did not have full top secret access to NSA operations, but it still serves as a solid rebuke against claims of “deep corruption.”)
Yet Edward Snowden seems content with accusing the military of “holding a gun” to the heads of the American populous, eerily similar to the way that Felix Dzerzhinsky would brutally slaughter his own people in that cold basement just across the street from where Snowden and John Oliver sat.
But is the mission of the NSA worth the risk of oppressive targeting?
The Effectiveness of the NSA
Soon after the 2013 leaks, the (now) former NSA director General Keith Alexander was called upon in a congressional hearing to explain the revelations. It was in this testimony that Alexander dropped a bombshell of a response to privacy hawks: the NSA has prevented over 50 terrorist attacks since 9/11, including a bombing of the New York Stock Exchange, a bombing of a New York subway, and a plot to conduct a Charlie Hebdo-style attack on a Danish newspaper office. Only four of these instances were approved for declassification, but the NSA did release the explanatory graphic below.
Naturally, this pleased a number of political leaders and American citizens, but attracted well-intentioned scrutiny of civil rights watchdog groups.
Eager to disprove the effectiveness of the NSA, the Electronic Frontier Foundation wrote the following commentary in a full-throated hit piece against the Agency:
“… the claim that the information stopped 54 terrorist plots fell completely apart. In dramatic Congressional testimony, Sen. Leahy forced a formal retraction from NSA Director Alexander in October, 2013:
“Would you agree that the 54 cases that keep getting cited by the administration were not all plots, and of the 54, only 13 had some nexus to the U.S.?” Leahy said at the hearing. “Would you agree with that, yes or no?”
“Yes,” Alexander replied, without elaborating.”
This falls far short of an admission of a lie as the EFF disingenuously suggests. In reality, he simply confirmed exactly what the original testimony said. While it is true that not all were in the homeland, both the EFF and Senator Leahy seemingly feel that 13 terrorist attacks is insignificant, and that foreign attacks (such as what occurred in Paris, Madrid, and Brussels) are not worthy of note. In spite of Leahy’s failed manipulation, it was spun as evidence of a lie (regardless of the fact that Alexander would have been tried for perjury if it was).
On top of General Alexander’s testimony, former NSA Deputy Director John Inglis stated that the 54 attacks were just what they were allowed to disclose, so the real number is actually higher.
“We’ve described that as 54 total plots. That’s, of course, not the totality of terrorist activity that we might have uncovered and exposed. But we were able to disclose in an unclassified domain, there are about 54 plots.”
But speaking of John Inglis, the EFF attempts to use his statements to further discredit the agency.
“… Inglis admitted that the phone records program has not stopped any terrorist attacks aimed at the US and at most, helped catch one guy who shipped about $8,000 to a Somalian group that the US has designated as a terrorist group but that has never even remotely been involved in any attacks aimed at the US.”
Again, this is far from an admission of failure. Examining the full transcript on National Public Radio, it becomes exceedingly clear that Inglis is an avid supporter of current programs, and believes that they are of vital importance.
The segment which the EFF only chose to exclusively focus upon comes during the question, “there may only be one case that you can point to where you feel that the metadata program was significant,” to which Inglis replies, “I do think so.” Although he continues in saying that the metadata program is vital insurance, in the eyes of the Foundation, the interview was effectively one sentence long.
The logical fallacy on which the EFF’s rebuttal rests is a simple strawman: they suggest that the metadata program is meant to unilaterally stop attacks on the homeland. In reality, the program is meant to assist the FBI in domestic investigations by linking foreign targets to domestic targets. They then point to the fact that it has never stopped an attack, and claim that it has failed. Inglis solidly rebuts this narrative:
“This [metadata] program is narrowly focused on trying to determine whether there’s a connection between a foreign terrorist organization and a domestic plot. So against the 54 plots that were disrupted, since 41 of those had no U.S. connection, it would have been impossible for this program to make a meaningful contribution to those. It could have only made a contribution to the remaining 13. We essentially used this for 12 of the remaining 13. It returned information in 8 of those that we turned over to the FBI. But in the other four, where it didn’t return information, it actually returned useful information to the FBI. It gave them confidence that there wasn’t a domestic plot. They could focus their time and attention elsewhere.”
While privacy hawk groups have the best of intentions in analyzing this topic, the information must be relayed in a comprehensive manner.
Perhaps the most convincing piece of evidence which the EFF presents is that President Obama’s aforementioned Privacy and Civil Liberties Oversight Board reported a solemn review of classified information:
“The President’s Review Board issued a report in which it stated “the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential to preventing attacks,” The Privacy and Civil Liberties Oversight Board (PCLOB) also issued a report in which it stated, “we have not identified a single instance involving a threat to the United States in which [bulk collection under Section 215 of the Patriot Act] made a concrete difference in the outcome of a counterterrorism investigation.”
In a continuing the theme of strategic omissions, they conveniently leave out the minute detail that the report acknowledges that it relies on limited classified information regarding terrorism investigations. (In fact, legislators have actually pursued action to strengthen the board since this report was released.)
“Based on the information provided to the Board, including classified briefings and documentation, we have not identified a single instance involving a threat to the United States in which the program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack. And we believe that in only one instance over the past seven years has the program arguably contributed to the identification of an unknown terrorism suspect.”
All of the information covering the importance of the metadata programs boils down to two competing contentions that cannot coexist: either John Inglis (with full access to classified material) is correct that the program assisted in thwarting 12 plots, or the PCLOB (with limited secret information) is correct in “believing” that it only made a difference in once instance.
To avoid committing the same editorial error as the EFF, it ought to be noted that the Board also clarified that it felt the metadata program could (in some ways) be multiplicative of current FBI investigative tools.
“The Board’s review suggests that where the telephone records collected by the NSA under its Section 215 program have provided value, they have done so primarily in two ways: by offering additional leads regarding the contacts of terrorism suspects already known to investigators, and by demonstrating that foreign terrorist plots do not have a U.S. nexus. The former can help investigators confirm suspicions about the target of an inquiry or about persons in contact with that target. The latter can help the intelligence community focus its limited investigatory resources by avoiding false leads and channeling efforts where they are needed most. But with respect to the former, our review suggests that the Section 215 program offers little unique value but largely duplicates the FBI’s own information gathering efforts. And with respect to the latter, while the value of proper resource allocation in time-sensitive situations is not to be discounted, we question whether the American public should accept the government’s routine collection of all of its telephone records because it helps in cases where there is no threat to the United States.”
Thusly the Board has concluded that the program has value in uncovering new targets which the FBI could not have otherwise tracked and proving the degree of threat to the homeland. This is actually very significant because it allows for the investigation of terrorist networks and the uncovering of foreign attacks like in Paris. These programs are useful for saving lives whether they are American, British, or Syrian.
As a final note on this issue, the rise of ISIS has ushered in a new set of terrorist tactics, and connecting external threats to internal threats has never been more critical as they attempt to infiltrate the West and recruit “lone wolves” via online propaganda. Ergo, programs that may have not yielded significant information in the past stand great potential to do so in the future.
In the meantime, there are other practices which stir the nest of the privacy hawks.
Backdoors and Brute Force
One other aspect of NSA surveillance practices that has come under fire is the practice of using “backdoor” access to infiltrate software encryption in items such as iPhones, laptops, internet routers, data units, and most other electronic equipment (this issue drew massive media attention when Apple was issued a court order to unlock the iPhone of one of the San Bernadino shooters).
A “backdoor” essentially is a built-in hole in software encryption which requires a special “key” to exploit. The opposition to NSA backdoors is fairly broad, with critics arguing that a single weakness in code can compromise the integrity of software. To make this abstract concept more vivid, it is similar to a combination lock on a safe: it takes either a single master code to unlock it, or a safe-cracker sophisticated enough to put every single action movie villain in history to blistering shame. But advocacy groups and technology companies such as Yahoo argue that there is a third way: brute force.
“Brute force” attacks would essentially be tantamount to sticking a block of thermite to the face of the safe and melting through the locking mechanism. In the cyber realm, this would look like running (possibly) billions of lines of code through a system, destroying its integrity. Critics argue that the mere presence of a door unnecessarily weakens the entire structure, whereas a system with no doors would be impenetrable.
However, even analysis from a CATO Institute surveillance and technology specialist Julian Sanchez admits (to a very mild degree) that it is technically feasible to create a fully-secure backdoor system without the vulnerabilities.
“When [intelligence directors] get a ten minute briefing from their experts about the plausibility of designing “golden key” backdoors, they are probably getting the technically accurate answer that yes, on paper, it is possible to construct a cryptographic algorithm with a vulnerability that depends on a long mathematical key known only to the algorithm’s designer, and which it would be computationally infeasible for an adversary to find via a “brute force” attack.”
It must be stressed that Julian Sanchez’s position on this issue is that backdoors are a severe net loss in terms of security, and should not be used. But the potential exists for total security given proper advances in cryptography. One possibility is that if the NSA is successful in developing this sort of unbreakable safe, hackers may yet be able to steal the “golden key.” But given the fact that the master keys are kept in deep security at the NSA’s headquarters in Fort Meade (which may as well be Area 51 in terms of defenses). Unless and until the NSA (or FBI) can create a true golden key, policymakers must weigh the current pros and cons.
A larger issue with the presence of backdoors is the economic damage is deals to technology companies such as Apple, Microsoft, and IBM. It has been estimated that the revelation of NSA/FBI backdoors was expected to ravage corporate coffers to the tune of 180 billion dollars.
Whether the U.S. decides to discontinue this practice or not, companies will actually have to deal with such data threats anyway, because the Chinese government is drafting laws to gain similar influence in the cyber realm.
“President Obama criticized a new Chinese counterterrorism law that makes it necessary for all U.S. technology companies to provide the government with the keys to users’ data if they want to sell their products in China… Beijing’s legislation would force tech providers to hand over user passcodes, encryption keys and install security “backdoors,” making it possible for the government to wiretap devices without their owners’ knowledge.”
Given the projected expansion of the Asian technology market (due mainly to the growth in population), avoiding a regulatory clash with the Communist Party is a fool’s gambit which would sink most companies (specifically Apple in the near term). In confirmation of this truth, IBM will continue sales in China in spite of both the data threat and financial losses.
While domestic claims presently have merit, the instances of actual exploitation are largely theoretical, and the instances of backdoors being useful for cyber defenses are well-documented. But to explore the national security aspect of backdoors, one must first understand the highly-sophisticated cyberespionage division known as Tailored Access Operations (TAOs).
TAO teams within the U.S. Cyber Command are designed to conduct offensive operations against foreign nations and terrorist groups, and software backdoors are their primary weapons. Comparing cyberwarfare to nuclear warfare, backdoors function as the missile, and the bug or virus functions as the warhead. Without the delivery system, the weapon itself is rendered useless.
These pre-programed wrinkles in software have been critical in defending the U.S. and its allies. Not only have companies placed backdoors in smartphones and laptops, but also less obvious (but more important) devices such as routers and hard drives. This allows the U.S. military to weave its presence throughout the vast reaches of the Earth via cyberspace. In just 2011, this access facilitated 231 cyber offensives against some of America’s worst enemies, including North Korea, Russia, China, and Iran. In fact, TAOs allegedly built the Stuxnet virus against the Iranian nuclear program.
Naturally, one can only speculate about the hyper specifics of this attack, but it is possible that the virus entered Iran through a backdoor deployed by the Israeli spy division, the Mossad. The Mossad may have given the virus to an undercover computer salesman.
Dr. James Bamford, former intelligence analyst in the U.S. Navy, via Wired, 2013
“In 2006, the Department of Defense gave the go-ahead to the NSA to begin work on targeting these centrifuges, according to The New York Times. One of the first steps was to build a map of the Iranian nuclear facility’s computer networks. A group of hackers known as Tailored Access Operations—a highly secret organization within the NSA—took up the challenge. They set about remotely penetrating communications systems and networks, stealing passwords and data by the terabyte. Teams of “vulnerability analysts” searched hundreds of computers and servers for security holes, according to a former senior CIA official involved in the Stuxnet program.”
Dr. James Bamford, former intelligence analyst in the U.S. Navy, via Wired, 2013
“He not only had access to some of Iran’s most sensitive locations, his company had become an electronics purchasing agent for the intelligence, defense, and nuclear development departments. This would have given Mossad enormous opportunities to place worms, back doors, and other malware into the equipment in a wide variety of facilities. Although the Iranians have never explicitly acknowledged it, it stands to reason that this could have been one of the ways Stuxnet got across the air gap.”
NSA backdoors also helped trace the hack against Sony Pictures in late 2014 back to North Korea (though was is doubtful from the beginning that North Korea was not the instigator).
Not only are backdoors essential against hostile states, they have also been proven to be indispensable against non-state actors. Foreign Policy Magazine reported that a TAO backdoor program known as “Stumpcursor” was “critically important during the U.S. Army’s 2007 “surge” in Iraq, where it was credited with single-handedly identifying and locating over 100 Iraqi and al Qaeda insurgent cells in and around Baghdad.”
That is a significant intelligence asset, and inarguably (according to open source information) the most effective of the NSA programs.
Looking to the future of cyberwarfare which will most likely be very prevalent in the coming 50 years, backdoors will be (in the most literal sense of the word) vital to U.S. national defense. Even today, the threat of cyberattacks are is all too real – especially from the Chinese military. Luckily though, the NSA has built up deterrence against huge-scale attacks from the Middle Kingdom. Extending upon the analogy of nuclear weapons, backdoor-enabled cyberattacks function could be as economically and militarily damaging as a hydrogen bomb. The best way to ensure that weapons of mass destruction are never used is to build establish Mutually-Assured Destruction (MAD). As outlined by NSA director Mike Rogers, this is one of the purposes of backdoors – to make certain that in the event of a major attack, the United States can respond quickly with devastating effectiveness.
We currently have this capability.
“According to a number of confidential sources, a highly secretive unit of the National Security Agency (NSA), the U.S. government’s huge electronic eavesdropping organization, called the Office of Tailored Access Operations, or TAO, has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People’s Republic of China.”
Given the ability of backdoor technology to deter cyberattacks, Mike Rogers actually theorized that companies will increasingly accept military requests to provide master encryption keys, due to the protection that it provides against intellectual property theft (after all, IP theft drains over 300 billion dollars per year from U.S. firms, easily dwarfing the 180 billion in theoretical losses).
In summary, backdoors may cause economic damage and open new pathways for highly-complex hacking, but that risk will exist regardless of U.S. action. Further, as the new theater of warfare opens up, it is essential that United State maintain its edge. America must be able to strike with precision, attribute foreign attacks, learn enemy secrets, and deter destructive assaults. Backdoors grant all of these capabilities at a minimal cost.
The Libertarian Case
New weapons can easily inspire terror, regardless of their application. The military capabilities of the NSA are no different. While civil liberty groups will indubitably march forward to keep the government accountable to the people, overreactions must not smother the national defense – after all, that is one of the only actual constitutional responsibilities of the government.
But the Constitutional cornerstone must not be chipped away – under any circumstances. This piece explored the relevant case law and common critiques, concluding very clearly that the NSA is operating completely within Constitutional boundaries, but only because of personal irresponsibility on the part of the individual.
One of Ronald Reagan’s more famous axioms is that “as government expands, liberty contracts.”
Sometimes the contraction of liberty can be voluntary, even if it is through a frivolously-signed contract. But the freedom of signing away our own rights is itself a crucial human freedom, and is actually a foundation principle of Libertarianism. Unbound individual freedom is the centerpiece of the American way of life.
Those who enter a private business accept the risk of being recorded. The elderly who enter assisted living sign away medical confidentiality. Those who use location services on cell phones accept the risk of being tracked. Those who enlist in the military sign away far more than just their privacy. In all of these instances, it is unquestionably the freedom of the individual to engage in these transactions, and forfeit a degree of freedom in exchange for services.
“As Libertarians, we seek a world of liberty; a world in which all individuals are sovereign over their own lives and no one is forced to sacrifice his or her values for the benefit of others.”
Thus elegantly reads the official Libertarian party platform. But it continues:
“Individuals should be free to make choices for themselves and to accept responsibility for the consequences of the choices they make. Our support of an individual’s right to make choices in life does not mean that we necessarily approve or disapprove of those choices.”
The principle of personal responsibility has seemingly vanished from the mainstream Libertarian commentary surround NSA surveillance. If citizens do not read the contracts to which they legally consent nearly every day, can they really claim to be justified in their collective outrage against the U.S. military? According to the existing platform, Libertarians can only be justifiably incensed upon clear evidence of the willful violation of individual rights.
There is no credible evidence to suggest that this is the case.
In light of that truth, it is not at all wrong-sighted to institute more thorough oversight of NSA activity to ensure full transparency, as per prescription of section 3.2 of the platform, but it must be done in a measured manner that does not compromise national security. The U.S. military is doing its utmost to simultaneously preserve security and liberty – and they care far more for the Constitution than most politicians.
But at the same time, Libertarians must not forsake the principle of personal responsibility.
This Generation’s Existential Threat
It is fabled that James Madison once noted that “If tyranny and oppression come to this land it will be in the guise of fighting a foreign enemy.”
Reagan destroyed that enemy and buried it in the rubble of time. That evil now slithers in the basement of the Lubyanka, attempting to stifle the eternal shrieks of the innocent citizens who met their bloody end in those dark hallways.
But evil evolves, and it would like nothing more than for the liberty-loving men and women of this Earth to mistake it for its former self. Instead, it creeps into our hearts, choking out of us that exceptional sense of personal responsibility and planting the bitter seeds of entitlement and greed in its place.
In this age of infinite information, it is easy to be distracted by mass communication via email, Facebook, and cellphones. But Americans – particularly Libertarians – must not forget the role of the individual choice, and that “free” services may not be worth our civil liberties and independence.
In the oft-cited and renowned work of Aldous Huxley, “A Brave New World,” dystopia and oppression are not derived from the overt crushing of liberty, but by the senseless sacrifice of it.
This generation’s struggle to carry forward Lady Liberty’s torch will prove to be more difficult than that of our parents and grandparents. America has vanquished countless tyrants, but this time, the fight for the soul of this greatest nation will be won or lost in our own hearts and minds.
In the end, it may be our individual internal enemies which usher in an era of American tyranny.