Regular readers will know that I’m pretty hardline as a civil libertarian, so of course I’m not happy about the size and scope of the United States electronic surveillance programs revealed last week by whistleblower Edward Snowden. I basically agree with the points made about them in Crikey yesterday by Bernard Keane and Guy Rundle. But I’m not as worked up about it as a lot of people seem to be, and for the past couple of days I’ve been struggling to articulate why.
Now an article in this week’s New Republic does it for me. In it, Robert Chesney and Benjamin Wittes distinguish – as most media reports fail to do – between the two different cases of surveillance that are involved: trawling the servers of internet companies such as Google and Facebook (the operation known as PRISM), and obtaining phone logs from domestic telecommunications companies.
The first, fundamentally, is good old-fashioned espionage. It is, as Chesney and Wittes put it, “a vacuum cleaner-like affair, with the government free to scoop up everything it can get, and then figure out what to make of it.” Governments have always done whatever they could to spy on the communications of their enemies and allies (because every ally is a potential enemy).
We’ve always known that the National Security Agency had powerful eavesdropping capabilities, so there shouldn’t be anything terribly surprising about this latest revelation. People in Australia and other allied countries, of course, had always imagined such techniques being directed at the Russians or Chinese rather than themselves, but fundamentally that’s an issue of foreign policy that our governments should be dealing with.
Perhaps traditional foreign policy is ill-equipped to deal with a globalised world with a single military hegemon – indeed I think it is. But since no-one has come up with any new rules, it’s hard to blame the NSA too much for playing by the old ones. Nor does it seem to be disputed that PRISM is directed at foreign communications, not at American citizens (which doesn’t mean it isn’t an issue for Americans – I’ll come to that shortly).
Chesney and Wittes go too far, however, when they say “it does not significantly advance our understanding of the government’s authorities or policies, and its advance in our understanding of its technical capabilities comes at significant cost.” I beg to differ: the advance in understanding, while perhaps not significant for the expert, is very important for the general public, and I’m not convinced that the cost is significant at all.
But they’re right to say that it’s the second disclosure, about the creation of “giant datasets of telephony metadata”, that’s more surprising. This is domestic surveillance – a government spying on its own citizens – which can’t legally be done without a warrant. So the government has a warrant, in the shape of an order from the Foreign Intelligence Surveillance Act Court; the trouble is that instead of being directed to the calls of a particular person or a particular phone, it sweeps up data from all calls made within a certain (large) time frame.
As they say, this is “simply different and grander in scope and scale from anything we had thought the law meant.”
The problem here is that technology has changed the fundamentals of this sort of surveillance. In the old days, wiretapping meant that someone had to physically listen to your phone calls (they could be recorded automatically, but that was of no earthly use until at some point a human listened to it). So of course the government only tapped into calls that it thought might possibly be useful.
Now, through data matching across a large dataset, we can learn interesting things without anyone having to listen to anything. So from an intelligence point of view, the more data that gets collected, the better, but collection no longer automatically means surveillance.
Instead of placing tight restrictions on what data can be collected, it therefore makes sense to allow collection on a large scale but put tight restrictions on how the data can be used – provided (and it’s a very big proviso) one can be confident those restrictions will be obeyed.
Stewart Baker, a former general counsel to the NSA, explained it in an article last week in Foreign Policy:
On top of that, national security law also requires that the government “minimize” its collection and use of information about Americans – a requirement that has spawned elaborate rules that strictly limit what the agency can do with information it has already collected. Thus, one effect of “post-collection minimization” is that the NSA may find itself prohibited from looking at or using data that it has lawfully collected. …
In the standard law enforcement model that we’re all familiar with, privacy is protected because the government doesn’t get access to the information until it presents evidence to the court sufficient to identify the suspects. In the alternative model, the government gets possession of the data but is prohibited by the court and the minimization rules from searching it until it has enough evidence to identify terror suspects based on their patterns of behavior.
This is where the confusion between the two sorts of surveillance becomes understandable. Although the PRISM operation, unlike the telecommunications order, is directed only against foreigners, the reality of globalisation makes it difficult to separate the two: physical location is less and less important, while dual citizenship and complex loyalties are common. It’s hard to stop data collection from getting out of hand.
Nonetheless, that’s the FISA Court’s job, and so far at least there’s no evidence that the government is trying to pre-empt it. You might think that the court has interpreted the law too widely, or that even if its interpretation of the law is correct then the law itself falls foul of the fourth amendment (both plausible arguments), but it’s hard to argue that it’s a lawless operation. (There is apparently at least one instance where the government went too far and the FISA Court had to rein it in.)
Politics being what it is, however, everyone wants to think that it’s only the other side that does the wrong thing. While on one level it’s heartening to see the Republicans trying to reinvent themselves as civil libertarians, there’s been a collective amnesia about the way these things were handled under the Bush administration. As a friend put it on my Facebook feed, “Imagine if George W Bush had pulled this stunt.”
But in fact we don’t have to imagine: Bush pulled a much more serious stunt, authorising the wiretapping of US citizens without applying for FISA warrants. And although that produced some dark muttering about impeachment it didn’t, unless my memory is playing tricks on me, get anything like the same publicity that we’ve seen in the last week.
So yes, be concerned, by all means. Be vigilant, be outraged, and pray that Snowden has somehow made his way to a place that won’t extradite him. But don’t expect the end of the world just yet.
*UPDATE* 3pm the same day
I’ve now read a very interesting article (written last week) by Marc Ambinder at The Week that goes into more detail about how the FISA Court and the “minimising” process work. It’s well worth a read. Here’s how he sums up:
So merely “collecting” the data is like receiving a box full of records but not opening it until and unless they had a good reason to do so.
That metaphor is not terribly comforting, but it does appear to be the government’s justification for insisting that they don’t actually, actively “spy” on you. It is true: If they only compile these transactional records and don’t do anything with them, and they faithfully honor this distinction, then the scale of the actual surveillance is not necessarily harmful, although it feels heavy. That’s a big if. It depends on whether you believe the NSA follows the rules. I think its employees and analysts probably do, to the best of their ability.