The Fight to Rein in NSA Surveillance: 2016 in ReviewThursday, December 29, 2016 By Kate Tummarello, Electronic Frontier Foundation | News Analysis
It's been a busy year on a number of fronts as we continue to fight to rein in the National Security Agency's sweeping surveillance of innocent people. Since the 2013 leaks by former government contractor Edward Snowden, the secretive and powerful agency has been at the top of mind for those thinking about unconstitutional surveillance of innocent Americans and individuals abroad.
In 2016 the courts, lawmakers, and others continued to grapple with questions of how much we know about NSA surveillance.
In the Courts
Early this year, one of EFF's key cases in the fight to rein in government surveillance saw fallout from Congress' 2015 passage of the modest surveillance reform bill, the USA FREEDOM Act, which formally ended a controversial program that collected records about Americans' phone calls in bulk.
In a March decision, the Ninth Circuit Court of Appeals ruled in Smith v. Obama -- a case brought by Idaho neonatal nurse Anna Smith challenging the constitutionality of the phone records program -- that, because the program was ended by the USA FREEDOM Act, a court could not order the government to stop collecting phone records in bulk. The ruling also sent back to a lower trial court in Idaho the question of whether the US government must delete Smith's records.
We saw progress in another one of EFF's flagship cases against government surveillance in June, when a federal judge in California gave us the green light to start asking the NSA questions related to Jewel v. NSA, a case challenging the dragnet surveillance of AT&T customers' communications and communications records.
First filed in 2008, Jewel was stymied for years as the US government repeatedly sought to have it thrown out, arguing that our clients did not have standing to bring the case. The government also said that publicly available information was inadequate and could not inform a court about the legality of the NSA's surveillance but refused to provide any clarity or explanation that would help a court address that question.
While we've been able to glean considerable information about NSA surveillance through leaks, the work of investigative journalists, and public officials' statements, we are finally able to pursue discovery and pose questions to the NSA about its surveillance activities over the years.
In April, we saw two disappointing actions by the Foreign Intelligence Surveillance Court. First, the court unsealed a ruling from November 2015 that formally approved the FBI to use information collected through the NSA's warrantless surveillance programs in general criminal investigations. While we applaud the court's move to unseal the ruling in the first place, we're disappointed that this virtually un-appealable decision condones the use of information collected without a warrant -- under a sweeping surveillance program for "foreign intelligence" purposes -- in domestic criminal investigations.
The court also made public a ruling granting the FBI's request to obtain and retain call records, even if those records were not relevant to an investigation.
In the first ruling on call records since the enactment of USA FREEDOM, the court showed how limited the law's restraints on government surveillance really are. The law requires the government to prove it has "reasonably articulable suspicion" that an "individual, account, or personal device" is relevant to an investigation. But the court ruled that the FBI could obtain not only "first hop" records -- or those about a person, device, or account relevant to an investigation -- but also the "second hop" records of any person, device, or account that communicated with the first hop, regardless of whether the second hops were relevant to an investigation.
The ruling also flew in the face of the USA FREEDOM Act's requirements that the government promptly destroy call records that are not foreign intelligence related. Instead, the court ruled that the FBI could keep the records for six months and possibly longer. Again, it's a step in the right direction that the public see these rulings at all, but we are disappointed in the way the court has narrowly applied the already-narrow restraints in the USA FREEDOM Act.
Most recently, we saw a troubling decision out of the Ninth Circuit Court of Appeals in the case United States v. Mohamud that further eroded Fourth Amendment protections by allowing the warrantless surveillance of a US citizen under Section 702 of the FISA Amendments Act.
The case centered on Mohammed Mohamud, who in 2012 was convicted of plotting to bomb a Christmas tree lighting ceremony and was later notified that he had been subject to Section 702 surveillance. In an amicus brief last year, we argued that the surveillance in this case was unconstitutional because information about Mohamud was "incidentally" collected through a surveillance authority intended to target foreigners and then searched without a warrant, despite Mohamud's Fourth Amendment protections as an American citizen.
We think the Ninth Circuit erred in upholding this warrantless surveillance, effectively signing off on stripping fundamental privacy protections from American citizens who communicate with people abroad.
On the Hill
Congress started off 2016 particularly attuned to concerns about NSA surveillance after The Wall Street Journal reported at the very tail end of 2015 that the NSA was eavesdropping on phone calls between members of Congress, Israeli officials, and interest groups. This is just one example of the troubling surveillance the NSA conducts under overly broad and often mysterious authorities like Section 702 and Executive Order 12333. Both of those can be used to "target" sweeping groups of people and types of communications.
At the time, we pointed out the many other reasons congressional communications could end up in the hands of the NSA -- including communicating with officials at the United Nations or discussing trade issues with foreign trading partners -- and we urged members of Congress to ask tough questions about how their communications were collected and shared by the NSA.
Section 702 is not set to expire until the end of 2017, but Congress started thinking about reauthorizing as early as January, when the House Judiciary Committee announced a closed-door, members only meeting to discuss the surveillance authority.
The committee briefly debated -- but failed to pass -- Section 702 reforms when it considered the USA FREEDOM Act in 2015, and we looked forward to the debate around many much-needed changes to the law. But the closed-door meeting shut out participation from everyone except members of the intelligence community, so we joined two-dozen other organizations in calling on the committee to hold open hearings.
A closed meeting "continues the excessive secrecy that has contributed to the surveillance abuses we have seen in recent years and to their adverse effects upon both our civil liberties and economic growth," we wrote, arguing instead for open hearings to allow input from privacy and civil liberties advocates and promote transparency.
Months later, the Senate Judiciary Committee held an open hearing on Section 702, featuring testimony from civil liberties advocates and highlighting crippling knowledge gaps around the law's implementation, which make it impossible to conduct effective oversight of the surveillance programs.
One point driven home during the hearing was the fact that no one -- including members of Congress tasked with overseeing these surveillance programs -- seems to know how many Americans have their communications swept up by surveillance under Section 702, which is supposed to be aimed at individuals abroad.
"When the public lacks even a rough sense of the scope of the government's surveillance program, they have no way of knowing if the government is striking the right balance, whether we are safeguarding our national security without trampling on our citizens' fundamental privacy rights," committee member and vocal privacy advocate Sen. Al Franken said during the hearing. "But the public can't know if we succeed in striking that balance if they don't even have the most basic information about our major surveillance programs.
The hearing also highlighted concerns about minimization procedures -- or steps taken to ensure that irrelevant data about Americans incidentally swept up is deleted -- applied to information collected under Section 702. Then-Chairman of the Privacy and Civil Liberties Oversight Board told lawmakers that intelligence officials don't follow minimization procedures, which call for deletion of information about innocent Americans. "What the Board's report found is that in fact information is never deleted," he said. "It sits in the databases for five years, or sometimes longer."
As Congress continues to debate reauthorizing Section 702 ahead of the 2017 deadline, we hope lawmakers will push for more information about how many innocent Americans are impacted by these sweeping programs and what measures, if any, effectively protect their privacy.
We suffered a blow on Section 702 surveillance in June when, in the wake of the tragic nightclub shooting in Orlando, surveillance defenders in the House urged members to vote against a previously popular measure to curtail spying on Americans.
In past years, the House passed similar measures from Reps. Thomas Massie and Zoe Lofgren to prevent warrantless searches of Americans' information and keep the intelligence community from undermining encryption, including by an overwhelming 293-123 vote in 2014. But the vote fell short of the needed majority in 2016 after some lawmakers, including House Intelligence Committee Chairman Devin Nunes, launched a campaign against the amendment, dishonestly tying it to the tragedy in Orlando.
We noted that the claims that this amendment would somehow stop a warranted search of the Orlando shooter's communications to see if he was in contact with known terrorists had been debunked, and we encouraged our supporters to voice their concerns about the vote to their representatives in Congress.
We stand ready to fight similar misinformation campaigns and scare tactics as the debate continues next year.
The privacy of individuals abroad suffered a setback in 2016 when the European Commission and the US Department of Commerce reached an agreement on a new deal to let companies transfer users' data across the Atlantic. While many voiced concerns that a new cross-border data deal would pose the same privacy problems as the previous Safe Harbor agreement -- which the European Court of Justice threw out in 2015 citing US government surveillance -- US and EU officials went ahead with a new agreement.
We criticized the new Privacy Shield, saying the agreement "will not prevent the collection of hundreds of millions of law abiding Europeans by US intelligence agencies and their partners." We also noted that the much-lauded Judicial Redress Act -- which allows European citizens and others to use the US court system to defend their privacy rights -- provides little in the way of actual redress for Europeans' whose data is swept up in NSA surveillance.
We're waiting to see if European courts reject the new deal like they did the old one. If and when the deal is struck down, we will continue the fight to protect individuals abroad from sweeping surveillance by the NSA.