It Keeps Getting Worse
The other day I wrote a post entitled "Why the new FISA bill is worse than you think." The title of this post really should be "Why the new FISA bill is worse than I thought."
The focus of my previous posts has been on the interaction between section 105A of the new bill--which redefines "electronic surveillance"--and the other provisions of FISA. I wrote:
But the more I look at the scope of the authority granted under 105B, the more I can see why the government would want to invoke it. Above and beyond any concerns related to the FISA framework itself, 105B appears to authorize the circumvention of a number of other laws and thereby significantly increase the government's ability to secure information from private parties.
I first raised this concern in a comment over on one of Marty Lederman's posts, and it started a discussion that Just an Observer and Marty have now expanded upon significantly.
Before I get to that, though, let me take a step back and explain what I'm talking about. Here's the key language from section 105B:
But what 105B does do is provide the government with the authority to collect, without warrants, just about any non-content information, so long as it "concerns" people believed to be located outside of the country.
That's significant because FISA is not the only law that requires the government to seek warrants. There are a number of other laws (such as the Communications Act, the Stored Communications Act, and the Pen Register Statute) that either require the government to get a warrant before collecting information or bar the custodians of that information from turning it over absent a court order.
But 105B's provisions apply "notwithstanding any other law," meaning that once invoked, this authority trumps all other statutes. As Marty observes, "perhaps the evisceration of FISA is the least of it."
Moreover, there is also a lot of information out there in the hands of people or organizations who are under no obligation to provide it to the government absent a court order. But under 105B, the "communications service provider, custodian, or other person" in possession of the information must turn it over. Cooperation is compulsory. To quote Marty once again, "the compulsory service provisions do appear to vastly increase the ability of the NSA to enlist the service of many private parties to obtain information that once would have been difficult or impossible for NSA to acquire, thereby dramatically increasing the breadth of NSA surveillance as a practical matter."
Just an Observer puts it this way:
The focus of my previous posts has been on the interaction between section 105A of the new bill--which redefines "electronic surveillance"--and the other provisions of FISA. I wrote:
By carving out a large category of surveillance activities from the definition of “electronic surveillance,” the bill effectively exempts such surveillance from FISA altogether. And while the bill purports to establish conditions and procedures for conducting warrantless surveillance, these requirements are effectively optional and, in any case, there is no penalty in the statute for disobeying them.I stand by all that. I think the procedures laid out in section 105B are, for all intents and purposes, optional. They only come into play if the executive branch chooses to invoke them.
But the more I look at the scope of the authority granted under 105B, the more I can see why the government would want to invoke it. Above and beyond any concerns related to the FISA framework itself, 105B appears to authorize the circumvention of a number of other laws and thereby significantly increase the government's ability to secure information from private parties.
I first raised this concern in a comment over on one of Marty Lederman's posts, and it started a discussion that Just an Observer and Marty have now expanded upon significantly.
Before I get to that, though, let me take a step back and explain what I'm talking about. Here's the key language from section 105B:
Notwithstanding any other law, the Director of National Intelligence and the Attorney General, may for periods of up to one year authorize the acquisition of foreign intelligence information concerning persons reasonably believed to be outside the United States . . .Now, as I explained yesterday, 105B only applies when the acquisition at issue does not involve "electronic surveillance." So, with respect to the interception of contents of communications, 105B does not allow for any warrantless surveillance above and beyond what 105A allows (i.e. anything "directed at" someone outside the U.S.).
But what 105B does do is provide the government with the authority to collect, without warrants, just about any non-content information, so long as it "concerns" people believed to be located outside of the country.
That's significant because FISA is not the only law that requires the government to seek warrants. There are a number of other laws (such as the Communications Act, the Stored Communications Act, and the Pen Register Statute) that either require the government to get a warrant before collecting information or bar the custodians of that information from turning it over absent a court order.
But 105B's provisions apply "notwithstanding any other law," meaning that once invoked, this authority trumps all other statutes. As Marty observes, "perhaps the evisceration of FISA is the least of it."
Moreover, there is also a lot of information out there in the hands of people or organizations who are under no obligation to provide it to the government absent a court order. But under 105B, the "communications service provider, custodian, or other person" in possession of the information must turn it over. Cooperation is compulsory. To quote Marty once again, "the compulsory service provisions do appear to vastly increase the ability of the NSA to enlist the service of many private parties to obtain information that once would have been difficult or impossible for NSA to acquire, thereby dramatically increasing the breadth of NSA surveillance as a practical matter."
Just an Observer puts it this way:
105B is a powerful new government tool for warrantless surveillance directed at a whole new set of platforms where compulsory process is needed. It is vastly easier to issue an administrative "directive" under 105B than to get a court order. The recipients of such directives can be the legion of ISPs, email hosts such as employers, colleges, etc., and the fragmented Internet hosting industry in general.Of course you'd never know any of this if all you did was read the paper and watch the news. And I'm not convinced that even a fraction of the members of Congress who voted for this bill understand what it actually does or how it interacts with other provisions of FISA or other laws. Both 105A and 105B appear to vastly alter the pre-existing legal landscape in ways that dramatically increase the ability of the NSA to surveil and collect information about Americans. To put it bluntly, I find sections 105A and 105B of this bill to be significantly more troubling than any provision contained in the Patriot Act. And the Patriot Act was passed by a Republican-controlled Congress in the immediate aftermath of 9/11. How ironic that the real blow to civil liberties would come from a Democratic-controlled Congress six terror-free years later.
105B all by itself is national security letters on steroids, the equivalent of administrative warrants allowing direct-connect, real-time acquisition of a universe of data that never was part of the TSP.
posted by A.L. at 10:36 PM
14 Comments:
A.L.,
Thank you for translating the FISA changes for those of us who are not lawyers. I am still trying to sort out the motivation behind the democratic leadership's actions.
by the way, I believe that JaO is author of your quote, rather than Occasional Observer.
JaO = Just an Observer. The same person.
"Occasional Observer" is someone else entirely.
JaO,
I've said this before, but you really ought to consider starting your own blog. I'd read it.
And you don't have to answer this, but just out of curiosity, what kind of law do you practice (assuming you're a lawyer)?
A.L.,
As I have said before, I am just an observer. :-)
I have followed the example taught by a very wise commenter called "Medis," who used to post frequently at Volokh but lamentably has ceased to do so.
Medis declined not to disclose anything about personal credentials, preferring to be judged purely on the quality and content of his/her comments. For all I know, Medis might have been Justice Breyer, or might have been an exceptionally clever dog. Regardless, I found the comments worthwhile.
JaO,
Fair enough.
Questions arise, especially to those of us who are not expert in the pertinent fields. While we should not presume that the questions will or should be answered in a blog such as this, maybe we should share them.
Does an electronic transmission present enough information to geolocate the parties without decoding, listening to, or transcribing the message? Put another way, must a message be thoroughly surveilled and analyzed in order to determine whether it is legal to surveil it?
Choosing the anonymous option is fine, but my comment above got away from me while I was typing my handle.
Good question, anonymous, and I'm not sure what the answer is. I suspect it is easier to determine the probable location of participants on a telephone call than an email exchange.
Based on what I've read in the press, it appears that the NSA places interception devices on switches that connect international networks to U.S. networks. They can then be reasonably sure that most traffic coming through that switch is international in nature. Apparently.
A.L.,
I think data transmissions may be reasonably deduced to be international on the network level, but I'm less sure about an email message itself as it relates to FISA definitions.
Suppose JohnDoeForeigner, an unknown party we omnisciently postulate to be secretly in Germany, is an authorized but anonymous user of an email account on a server located in the United States. Jane Rasputin in Moscow sends him an email message. At the point where her international data packets are intercepted on the telecom network on the way to that U.S. server, it is not known purely from the IP packets or even the reconstructed email headers where the "person" JohnDoeForeigner is located. He has not yet retrieved the message from the server, and the account there may be disposable.
As a further complication, Jane Rasputin might be using an anonymous email service in the United States, too, and both she and JohnDoeForeigner access their email servers via web interfaces such as those on Yahoo or Gmail. Those web-server interfaces originate and retrieve the email messages, and the actual messages between the email servers would be domestic-to-domestic.
So the hypothetical above is one example that might explain why the second FISA judge might have refused to accept a presumption that the data in such network packets pertained to two persons, both foreign, without knowing more.
This is a non-trival problem of fact-determination. As a matter of pure statutory law, it already was legally outside the scope of FISA, 50 USC 1801(f), to intercept a wire communication in the United States if neither person is in the country. But there is real a problem knowing which "person" is where.
So it is quite plausible that the NSA was hamstrung without a legislative fix of some kind, creating an actual intelligence problem. The House Democrats were trying to negotiate an immediate solution focused on that problem, but the White House said it would veto that, and forced through the sweeping changes in the PAA instead.
IMHO, as an objective policy matter, the definitions and structure of FISA do need modernizing. But the devil is in the details, and the administration is using the occasion to rewrite FISA in ways that are not obvious but are hugely significant. When the issue of the non-sunsetted legislation is reopened in Congress, while Democrats will be seeking to roll back what just happened in the PAA, the administration will be proposing even deeper revisions in the statute. Yes, that is still possible.
A.L.,
Ever hear of an "open relay"?
There are plenty of them still out there, and they mean that you cannot reliably determine, from an IP address, where the message originated.
A.L., thanks so much for the analysis. Nice to see someone else obssessed with details.
I'm wondering if we're missing a nexus between the PAA, the MCA, and the recent executive orders on confiscation of property of those "hindering the reconstruction" of Iraq.
If the PAA ensures no oversight for much of the surveillance done by the Exeutive branch, and the MCA ensures little to no oversight for imprisonment, likely based on the PAA surveillance, don't we end up with an even bigger danger?
Seems like analysis of the PAA also needs to look at where the "intelligence" will be used, and analysis of the MCA and EOs also needs to look at the source of the "intelligence" used for their determinations.
Or is my tinfoil hat just too tight?
-- Zhtwn
I'd sure love to hear Senator Whitehouse's take on these interpretations of the new "FISA" exemptions [former USAttorney, former R.I. Attorney General, member of both the Judiciary and Intelligence Committees]. He was - according to multiple accounts on the Senate floor - deep into the details, late into the night, on at least the Levin/Rockefeller version of the bill, and must have started to get a handle on the underlying motives of those in the Executive Branch who put this language together. [Whitehouse got exactly one minute to speak against the bill, under Harry Reid's unconscionably-inadequate unanimous consent request/agreement that brought the bills to the floor.]
It just makes it all the more appalling that the likes of Dianne Feinstein ignored Whitehouse's experienced counsel in order to please her quivering and complicit (and obviously ignorant of the details) majority leader, and to accept the self-interested soothing assurances of DNI Mike McConnell (out in the hall during the hour-long debate), even while she herself admitted to not understanding the language she was voting on. [And why was Mike McConnell informed of and present for this vote, while at least 10 Senators were out of town and apparently caught off-guard by it??]
I wonder too, if one of the primary motives for the White House's rush job wasn't Wednesday's scheduled 9th Circuit oral argument in the 'smoking gun document' NSA/Oregon Islamic Foundation case:
http://www.dailykos.com/storyonly/2007/8/13/19852/5768
The Church Committee Congress did such a careful job crafting FISA, and basically making it airtight, that's it a triple travesty how carelessly this successor Congress knowingly, deliberately, and cavalierly threw away all that careful Constitutional craftsmanship in a moment of craven cowardice at best.
What contempt I now feel for Harry Reid and Nancy Pelosi (and Dave Obey and Steny Hoyer and John Conyers and Rahm Emaneul). I don't trust a word they say anymore. Some "open, honest" government.
anonymous,
I knew that 10 senators were not present for the vote and debate, but did not know that McConnell was out in the hall during the vote. But as they were negotiating items constantly, not surprised he knew about the timing of the vote, and not surprised he would be there.
I still feel that we don't know the full story of why the majority did what it did. It is critical to do so, especially as the netroots try to come to grips with the FISA vote and decide how to "fix" their party. You can't fix something you don't fully understand.
And how does Rove's retirement now play into this "deal" between congress and the executive branch?
I smell a recess appointment coming.
Post a Comment
Links to this post:
Create a Link
<< Home