When official documents are released on the eve of a national holiday, there is a good chance they will attract little notice. This almost happened with a July 2 report on a national security law known as Section 702, which allows warrantless surveillance of people who do not have US citizenship. Bland and bureaucratic, the 150-page report, issued by the bipartisan Privacy and Civil Liberties Oversight Board, mostly found that the surveillance program was working as it was supposed to, and thus seemed certain to disappear from view before the July Fourth fireworks on the National Mall were over.
But on July 5, The Washington Post published an explosive article by Barton Gellman and his colleagues Julie Tate and Ashkan Soltani, four months in the making, which used data from the Snowden cache to examine the actual surveillance enabled by Section 702. The main gist of the Post investigation was this: a law ostensibly governing surveillance of foreigners was being used by the intelligence community to monitor a substantial number of Americans themselves. After analyzing more than one hundred thousand intercepted emails, chats, text messages, and the like, Gellman and his colleagues found that about 90 percent of people whose communications were intercepted by the government were not the intended target, that many of those unintended targets were American citizens residing on American soil, and that many of the documents scooped up were personal correspondence—baby pictures, love letters, messages between attorneys and their clients.
The Privacy and Civil Liberties Oversight Board was established by the 9/11 Commission in 2007 to help the executive branch navigate the line between national security concerns and civil liberties. This was long before the name Edward Snowden was associated with National Security Agency excesses (indeed, it was before Snowden himself was associated with the NSA) and it predated, too, the 2008 FISA Amendments Act, which provided the Section 702 law as a way for the government to monitor email and other digital communications of non-American citizens.
Enacted in response to revelations about warrantless wiretapping of Americans by the Bush administration, the FISA Amendments Act figures strongly in Glenn Greenwald’s book No Place To Hide. In Greenwald’s words, it is “the current governing law for NSA surveillance.” To address concerns about domestic surveillance, the law required the government to obtain warrants from the secret FISA court only if it sought to monitor “US persons.” Under Section 702, “non-US persons,” all 6.9 billion of them, remained, essentially, fair game.
Anyone looking for a synopsis of the Privacy Board’s analysis of Section 702 need not read further than the second page:
Overall, the Board has found that the information the program collects has been valuable and effective in protecting the nation’s security and producing useful foreign intelligence. The program has operated under a statute that was publicly debated, and the text of the statute outlines the basic structure of the program. Operation of the Section 702 program has been subject to judicial oversight and extensive internal supervision, and the Board has found no evidence of intentional abuse. The Board has found that certain aspects of the program’s implementation raise privacy concerns. These include the scope of the incidental collection of U.S. persons’ communications and the use of queries to search the information collected under the program for the communications of specific U.S. persons.
How extensive that incidental collection was, the board did not say, though the word “incidental” gave the impression that it was largely inconsequential. The board seemed to suggest that though the NSA could do a better job at targeting suspects and the FBI could do better job at “minimizing” the data—that is, hiding the identities of Americans who are inadvertently netted in Section 702 fishing expeditions—it was doing a fine job using Section 702 to catch bad guys and that, while it came close to the line of “constitutional unreasonableness,” it stayed within it.
Though it is possible to read the Privacy Board’s recommendations as an acknowledgment by the board that the intelligence services had sometimes overstepped their authority, that’s not how the July 2 report was interpreted by privacy advocates and civil libertarians, many of whom echoed the Electronic Frontier Foundation’s response, which called the board’s effort “anemic.” This stands in contrast to the Privacy Board’s earlier report on Section 215 of the Patriot Act, issued in January of this year, which found, by a slim majority, that the bulk collection of telephone “metadata” was illegal and recommended that it be discontinued. Both reports were undertaken by the board at the request of a bipartisan group of senators following last summer’s stories in The Washington Post and The Guardian based on Snowden’s cache of NSA documents, which of course the Privacy Board was not privy to.
The stark contrast between the findings of the Privacy Board and those of The Washington Post demonstrates, yet again, the value of independent investigative reporting. The Post reporters examined “roughly 160,000 intercepted e-mail and instant-message conversations, some of them hundreds of pages long, and 7,900 documents taken from more than 11,000 online accounts” supplied by Snowden, as well as consulting with national security officials; the government report relied solely on what it vaguely described as “information related to the Section 702 program” supplied by the “intelligence community.” According to the Post reporters, “No government oversight body, including the Justice Department, the Foreign Intelligence Surveillance Court, intelligence committees in Congress or the president’s Privacy and Civil Liberties Oversight Board, has delved into a comparably large sample of what the NSA actually collects—not only from its targets but also from people who may cross a target’s path.”
And with different sources came vastly different conclusions. As the Post article pointed out, unintended or not, once those extraneous communications were in the system, they were fair game, and not only for the NSA, but for the FBI, which could hold onto them for future reference. According to Gellman and his team, “The NSA treats all content intercepted incidentally from third parties as permissible to retain, store, search and distribute to its government customers. Raj De, the agency’s general counsel, has testified that the NSA does not generally attempt to remove irrelevant personal content, because it is difficult for one analyst to know what might become relevant to another.” As the Privacy Board report explains, personal identifiers are supposed to be “minimized,” but the Post journalists found that in many cases, minimization fails to act as an effective shield of anonymity. “NSA analysts masked, or “minimized,” more than 65,000 such references to protect Americans’ privacy,” they wrote, “but the Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to US citizens or US residents.”
Yet while many Americans accidentally get caught up in the wide nets tossed out by NSA operatives into chat rooms and Facebook groups, the reporters also found that it is quite easy for the NSA to manipulate Section 702 when it wants to monitor American citizens without first getting a warrant. It does so by using loose criteria to define “non-US persons.” Americans who converse in a foreign language have been classified as “non-US persons” under Section 702, for example, as have Americans who use off-shore proxy servers (that appear to place their computer in a foreign country, a practice often used by people in one country who would like to watch television in another, or want to bypass government firewalls). The implication here is that when the NSA wants to target American citizens without a warrant, Section 702 enables it to find a way.
As if to put a finer point on this, a week after the Privacy Board report came out, Glenn Greenwald published an article in The Intercept, also based on previously unreleased documents from the Snowden archive, that named five American citizens who had been spied on by the United States government. All were Muslim. If that was unsurprising, in view of the profiling of American Muslims that has often occurred in the years since 9/11, other aspects of the surveillance were unexpected: at least two of the five were affiliated with the Republican Party, one as a candidate for office in Virginia. That same man had also served in the Marines. None of the targets had connections to terrorist groups or had espoused anti-American sentiments. “It is unclear whether the government obtained any legal permission to monitor the Americans on the list,” Greenwald wrote. “Last week, anonymous officials told another news outlet that the government did not have a FISA warrant against at least one of the individuals named here.”
As might be expected, the fact that the NSA was monitoring Muslims, even American Muslims, even American Muslims who served in the military and ran for office, failed to elicit much public outrage. This may have to do with base prejudice, but since Section 702 has enabled the NSA to root out actual Islamic terrorists, abrogating the civil liberties of American Muslims may be perceived by other Americans as necessary collateral damage. One imagines public reaction might have been different if the targets had been “ordinary”—i.e. non-Muslim—Americans, as some commenters suggested. But if American Muslims can be targeted, then so can anyone else who is a member of a class of people the government—or its agents—deems subversive or suspicious—environmental activists, say, or peace advocates.
What all this suggests is that without examining what the NSA actually collects, it is difficult, if not impossible, to understand how closely it hews to the law. While The Washington Post article came too late to influence the findings of the Privacy Board, it might still have an effect on Congress when it writes legislation later this year aimed at curbing NSA abuses. The 2008 FISA Amendments were intended, in part, to restore Fourth Amendment rights to US citizens, but in practice those rights have proved to be fungible because Section 702 is so elastic. If, in light of the evidence supplied by Gellman, Greenwald, and their colleagues, it is still possible to agree with the Privacy and Civil Liberties Board that the NSA has not strayed outside the parameters of Section 702, perhaps it is time to acknowledge that the issue is not one of legality but of the failure of the law itself.