Last week, former National Security Agency Director Michael Hayden declared that he was “cool” with the recently enacted USA Freedom Act, which reined in government bulk collection of Americans’ phone records. His characterization of that program as “little” is no doubt accurate. Information from the archive of documents released by NSA whistleblower Edward Snowden has revealed many other programs that pose equal or greater risks to Americans’ privacy.
But Hayden is too quick to assume that the phone records program will be the only reform. The passage of the USA Freedom Act is the first curtailment of intelligence authorities since the 9/11 attacks and should mark the beginning — not the end — of reform.
It’s no surprise that Congress chose to tackle the phone record program first. It is relatively straightforward for people to understand, and its goal of amassing a vast database of information about Americans is patently difficult to square with our constitutional values. Two review boards found it to be of minimal counterterrorism value, and a federal appeals court declared it illegal. Even the intelligence community and the president were amenable to reform.
But Congress is well aware that this reform is insufficient. Many of the votes against the act in the House and Senate came from lawmakers who believe it didn’t go far enough.
Several NSA programs are carried out under 2008’s FISA Amendments Act, which permits the agency to collect information in the U.S. as long as it is targeting foreigners who are thought to be overseas. Despite their purported foreign focus, these programs undoubtedly pull in huge pools of Americans’ communications. International communications have grown exponentially in the last years as it has become easier and cheaper to talk and text with people abroad. In our increasingly interconnected world, the notion that surveillance targeted at foreigners overseas pulls in only a negligible amount of Americans’ private correspondence is simply outdated.
Nor is the NSA limited to targeting terrorism suspects. It is permitted to collect “foreign intelligence information,” a capacious category that includes the open-ended class of material relevant to foreign affairs. This allows the NSA to scan all our international communications and keep those that it thinks are interesting. E-mails sent by a Human Rights Watch lawyer to a researcher in Nigeria would be scanned, even if neither is suspected of involvement in wrongdoing. If they mention something about the political situation there of interest to the NSA, they could be retained. A text message from an American journalist to a colleague in Turkey asking a question about the Islamic State in Iraq and the Levant could be picked up as well.
We don’t know how many NSA databases of Americans’ information exist or how large they are. We do know that the Federal Bureau of Investigation dips into these archives of emails, texts, videos and chat messages with few constraints. In other words, information collected without any type of warrant or judicial review for intelligence purposes can be obtained by a U.S. law enforcement agency and used in a domestic criminal proceeding.
The House of Representatives recently passed an amendment to the defense appropriations bill (the National Defense Authorization Act) that would end these backdoor searches by defunding them. While this initiative might not pass, lawmakers will have another chance to stop the program when the extraordinary and controversial grant of powers in the FISA Amendments Act expires in 2017.
Even that would just be skimming the surface. The vast majority of U.S. surveillance doesn’t take place under any law passed by Congress. When our intelligence agencies collect information overseas — for example, by tapping into fiber optic cables to scoop up all information that flows through them — they operate under an order issued by President Ronald Reagan in 1981, Executive Order 12333, which gives the NSA even greater latitude to collect information with even fewer privacy safeguards than any legislation.
Just because information is collected from a cable overseas doesn’t mean that it concerns only foreigners. Purely domestic emails may be routed through another country and picked up. Copies of documents are stored by cloud providers overseas, sometimes in multiple locations. Domestic websites often have ads, pop-ups and other such links that are hosted on foreign servers, effectively sending search queries into the international ether. Americans’ privacy is just as affected by overseas collection as it is by what happens on U.S. soil.
Of course, the NSA must retain the capacity to collect information necessary for the national defense and security. The question that needs urgent attention is whether it needs quite as much as it is currently hoarding or whether a more targeted approach would keep us both safe and free from the fear that our every move is being watched.