The recent revelations about the court order issued to Verizon asking them to hand over data about the calls made by millions of customers were chilling not so much for the specific information the government was asking for, but for what the order likely portended. Given its massive scope, the potential for spying into electronic communications made much more disturbing revelations inevitable. It didn't take long for the other shoe to drop.
In a blockbuster story, Barton Gellman and Laura Poitras of The Washington Post have revealed the existence of a more comprehensive spying program with the code name PRISM involving the National Security Agency and Federal Bureau of Investigation, as well as at least nine telecommunications giants. It's a classic case of how checks and balances have not worked in the way the framers envisioned. Far from checking executive overreach, Congress has authorized dangerous expansions of power while various levels of the judiciary break out their rubber stamps.
While I disagree with much of what Slate's William Saletan has to say in defense of the Verizon letter uncovered on Wednesday, he does raise one powerful argument. The order did not seek the content of emails, making the spying less intrusive than wiretapping. "The targeted data are mathematical," he wrote, "not verbal." I can understand the argument that—to return to the classic Fourth Amendment analogies I mentioned yesterday—the Verizon order seized data more comparable to the front of an envelope or garbage left on the sidewalk than a private telephone call.
Whatever its merits, this defense of the NSA (and FBI) is no longer operative. The PRISM program does not merely assess the number and length of phone calls or emails. As explained in the remarkable slideshow leaked to the Post, the NSA data-mining includes a wide variety of content hosted on corporate servers: emails, online chats, phone calls, data stored on cloud drives, video conferences, and a variety of other data. (including, in case that list is not quite comprehensive enough, "special requests.") PRISM has access to both stored and live data. This isn't like looking at the front of envelopes; this is like ripping open the letters, scanning the contents, and storing the information. "The PRISM program appears more nearly to resemble the most controversial of the warrantless surveillance orders issued by President George W. Bush," the Post article asserts, and "shows how fundamentally surveillance law and practice have shifted away from individual suspicion in favor of systematic, mass collection techniques."
While the data mining revealed in the Verizon order probably does not violate the Fourth Amendment as it is currently understood by the Supreme Court, the PRISM program is another story. Since 1967, the question of whether a new form of communication is protected by the Fourth Amendment has come down to whether the person being spied on has a "reasonable expectation of privacy." If emails and other data stored on personal home computers doesn't carry an expectation of privacy, the Fourth Amendment would become very nearly a dead letter. Whether these searches conform to the Fourth Amendment, then, depends on whether the content is being analyzed only in cases where there is the individualized suspicion the Fourth Amendment generally requires. It is difficult to know whether this is the case given the private nature of the Foreign Intelligence Surveillance Act (FISA) court. Saletan argues that the checks and balances FISA puts in place should allay fears, but this is highly questionable. Gellman and Poitras quote Jameel Jaffer of the ACLU, who notes, "This is a court that meets in secret, allows only the government to appear before it, and publishes almost none of its opinions. It has never been an effective check on government." It requires a major leap of faith indeed to assume that the FISA court is providing adequate protections.
Ideally, then, the federal courts will provide greater scrutiny into the program. Whether a legal challenge will succeed, however, is questionable. Challenges will be made much more difficult by an outrageous Supreme Court decision from earlier this year that made it tougher to challenge warrantless wiretapping in court. Because the program was secret, a majority of the Court (speaking through Samuel Alito, its most consistently authoritarian member) held that potential targets of spying lacked the "standing" to bring a challenge. Unless someone finds out that they have been targeted by the program, it's not clear how the program can be challenged. And the Court's strained standing ruling suggests that it is not very sympathetic to the underlying Fourth Amendment challenges either. It's unlikely that the government will face a serious challenge to the program in the near future.
Another interesting revelation in the article is the different attitudes various companies have had toward joining the PRISM program. The collaboration of private companies is crucial, the authors argue, because "[t]he engineering problems are so immense, in systems of such complexity and frequent change, that the FBI and NSA would be hard pressed to build in back doors without active help from each company." The slideshow leaked to the reporters claims that Microsoft and Yahoo joined the program during the Bush administration, while the more reluctant Apple did not join until 2012. If the timeline is accurate, special kudos must go to Twitter, which has apparently opted to protect the privacy of its customers.
The participation of companies in the PRISM program is dismaying but not surprising. In 2008, there was a conflict within Congress about whether telecom companies should be legally immunized if it turns out that they violated the privacy rights of customers. The House version of the telecom bill did not provide this immunity, but the Senate version did; alas, the latter version (with the vote of Barack Obama and the support of John McCain) prevailed. With no incentive to protect the privacy of their customers in the face of government requests, it's plausible that most companies have chosen the path of least resistance. However, it should be noted that as of now most of the companies involved are denying involvement with the program. It's possible, therefore, that PRISM is fully a government operation being done without the knowledge of the companies involved, which may lead to some pushback among the politically powerful.
Whether PRISM represents a collaboration between tech companies and the government is, at this point, unclear. What is clear is that Congress has enabled the executive branch it's supposed to be checking. The Bush administration pushed the envelope, engaging in warrantless wiretapping in defiance of the procedures established by Congress. However, the legislative body meekly surrendered by broadly delegating wiretapping power to the executive branch. The Bush administration instituted PRISM almost immediately after Congress passed the revised FISA in 2008, and the Obama administration continued and likely expanded it.
The authorization of Congress and the silence of the courts does not excuse the actions of either Bush or Obama; power delegated does not have to be used. But by the same token, Congress had the power to stop executive overreach in advance—the Obama administration, despite its many faults on civil liberties, has unlike its predecessor been willing to follow the procedures established by statute—and chose to facilitate it instead. Congress could respond by reducing the discretion it ceded, but my guess is that House Republicans will find that their indifference to civil liberties will trump their hatred of Obama. And there's little reason to expect better from the Senate, which showed substantial bipartisan support for the new FISA even with Bush in the White House.
In theory, one major check continues in the FISA regime: only the communications made by Americans with those on foreign soil are supposed to be vulnerable to state spying. This is not terribly comforting. Even if strictly adhered to, this constitutes a large number of communications. Most of the monitored communications are made by people who cannot be reasonably be considered terrorist suspects. More important, the formulas that allegedly prevent spying on purely domestic communications are not exactly airtight. At least some analysts seem to be using formulas "designed to produce at least 51 percent confidence" that the communications being examined involve at least one foreign party, a standard that is almost certain to bring purely domestic communications into its web. Moreover, the American government collaborating with corporations to invade the privacy of non-Americans who in many cases seem to be targeted without individualized suspicion is worthy of condemnation in itself.
Given the centrality of electronic communications to modern life, the potential for abuse in this program is staggering. Unwisely authorized by Congress and even more unwisely deployed by the Bush and Obama administrations, the program poses an unquestionable threat to the right of Americans not to be subject to unreasonable searches and seizures. Unfortunately, it's not clear whether any powerful force in American politics will be willing to stand up for the Fourth Amendment.