5 items in the PRISM report you need to read
Last week, the Congressional Research Service released a report on the National Security Agency’s domestic spying programs. Essentially, it is a “What You Need To Know, Mr. Representative” memo, mostly a summary of issues that have already been discussed publicly at length. It is nonetheless a useful document for the public to catch up on what is known.
Packed in its 15 pages are a number of interesting datapoints, with these being the big things you should know:
1. The standard for investigation is subjective.
The report notes the authority to investigate and take someone’s domestic phone records is invoked by crossing a very low bar. Section 50 USC § 1861 (b)(2)(a) asks that an investigator submit “a statement of facts showing there are reasonable grounds to believe” an investigation is necessary. The report notes there is no statutory definition of “reasonable grounds,” though it speculates that the standard is probably less stringent than “probable cause” and may be merely a synonym for “reasonable suspicion.”
Moreover, federal statute authorizes law enforcement to obtain personal communications data if “there are reasonable grounds to believe” that data is “relevant and material to an ongoing investigation.” There’s no definition of relevancy, either. Relevancy, instead, is “generally understood” (the report’s words) to require “only that the information sought would tend to prove or disprove a fact at issue.”
In today’s surveillance world, that doesn’t serve as much of a check on government snooping. If agents believe your records of ordering pizza (or ordering pornography) may disprove or prove some fact at issue, then they’ll be sure to get those records.
Now to be fair, a degree of subjectivity is necessary. Part of the reason we don’t have solid definitions is that our legal tradition is based on common law, not civil law. Our system is based on previous laws and legal precedents stretching back to old England. The other is that legislators don’t want to hamstring investigators, and you need a bit of leeway in order to determine just who to go after. But it’s also something to keep in mind: if a government agent wants to investigate you, he or she can.
2. There are two distinct spying programs.
Many have lumped the NSA’s spying into one large program (frequently referred to as PRISM), though there are actually two programs. One, authorized under Section 215 of the Foreign Intelligence Surveillance Act (FISA), focuses on domestic spying. Under the domestic program, agents are prohibited from collecting message content, but do grab quite a bit of metadata. Meanwhile, Section 702 of FISA, which authorizes foreign spying, has more restrictive rules on whom investigators can target, but permits a broader collection of actual data, including content.
This distinction may seem tiny, but it is important in trying to figure out if these rules have been broken. Which, as I point out below, we really can’t even begin to discern.
3. They don’t need a court order to search your data.
Here’s a disturbing bit of news from the report:
FISC (Foreign Intelligence Surveillance Court) approval is not necessary prior to searching the data already held at NSA. Rather, 22 individuals at NSA have been authorized to approve requests to query the data and to determine whether information meets the reasonable suspicion standard.
So there you have it. The institution that is meant to serve as the “oversight” control of these programs, the secret FISA court, isn’t even necessary in a great many cases. Because the NSA has been grabbing everyone’s data in an indiscriminate manner, pretty much everything is being held at NSA, which renders the FISA court more or less moot.
If there is anything in the report you must know, it is that even the weak protections your data once had have since been swept away. Oh, sure, the report does go on to note that less than 300 phone numbers were queried in the database in 2012, and they have monthly reports and quarterly meetings and semiannual reports to Congress. But what sort of protections are those?
4. There’s really no way to evaluate these programs.
One theme constantly reiterated in the report is that no one can make heads or tails of anything. Because the very nature of the spying programs is secret, and that includes the so-called oversight court, we don’t really know any of the standards that are used. This leads to language such as:
“It has been suggested…”
“Beyond that, the scope of the intelligence collection, the type of information collected and companies involved, and the way in which it is collected remain unclear.”
“…there are not any publicly available judicial opinions interpreting this language,”
“It is likely…”
“Although the order has been leaked to various media outlets, other pieces of information that would significantly help inform any understanding of how the legal standard in Section 215 is being applied have not yet been disclosed. Specifically, it is not known what was included in the statement of facts that is required to be submitted as part of the application for a Section 215 order. Similarly, there have not been any widespread disclosures of the manner in which the FISC or FICR is applying the ‘reasonable grounds to believe’ or ‘relevant to an investigation’ standards provided in Section 215.”
You get the idea.
Again, there are national security considerations that mitigate releasing too many details. But the bottom line is that we really have no clue what is going on, which makes it difficult to even properly critique these programs. And therein lies the danger; that when the public does not even know what the government is doing, democracy can’t function. How can a republic survive if its citizens don’t know what’s happening?
5. All the guarantees in the world are useless.
And now for something not in the CRS report: how our phone numbers and records won’t be made public, or otherwise misused by government officials.
It really harkens back to the controversy over full-body scanners, which were finally removed from airports just a couple of months ago. When the program first started in 2010, the government promised that images of our naked selves would not be made public because they could not saved, stored, or transmitted. Instead, U.S. Marshals saved over 35,000 images on their computers, probably illegally.
And therein lies the problem. You can have all the “safeguards” in the world, all the reporting requirements, all the standards, yet if the person operating the program doesn’t follow the rules, our rights are still violated.
Congresscritters say that when they authored the PATRIOT Act, the sort of things happening under this spy program were never meant to occur. Yet happen they have. It’s a stark message: it doesn’t matter what good intentions or steps you take. If you give government officials the power, they will use it, and often in ways you could never imagine.