Perfection as the enemy of the good: Weakening surveillance reform

Last week saw a flurry of legislative to-and-fro on the Hill as the US House of Representatives pondered the passage of legislation aimed at ending bulk-collection by the US National Security Agency.  The USA Freedom Act, or HR. 3361, was passed on Thursday in a 303-121 vote, and was hailed by The New York Times as “a rare moment of bipartisan agreement between the White House and Congress on a major national security issue”.  Congressman Glenn ‘GT’ Thompson (R-Pa.) tweeted that he was the proud cosponsor of a bill “that passed uniting and strengthening America by ending eavesdropping/online monitoring.”

It was perhaps inevitable that compromise between the intelligence and judiciary committees would see various blows against the bill in terms of scope and effect.  When legislators want to posture about change while asserting the status quo, ambiguity proves their steadfast friend.  After all, with the term “freedom” in the bill, something was bound to give.

Students of the bill would have noted that its main author, Rep. Jim Sensenbrenner (R-Wi.), was also behind HR. 3162, known more popularly as the USA Patriot Act.  Most roads in the US surveillance establishment tend to lead to that roughly drafted and applied piece of legislation, a mechanism that gave the NSA the broadest, and most ineffective of mandates, in eavesdropping.

Then came salutatory remarks made about the bill from Rep. Mike Rogers[2], who extolled its virtues on the House floor even as he attacked the Obama administration for not being firm enough in holding against advocates of surveillance reform.  There is a notable signature change between commending “a responsible legislative solution to address concerns about the bulk telephone metadata program” and being “held hostage by the actions of traitors who leak classified information that puts our troops in the field at risk or those who fear-monger and spread mistruth to further their misguided agenda.”

Even as Edward Snowden’s ghost hung heavy over the Hill like a moralising Banquo, Rogers was pointing a vengeful finger in his direction.  There would, after all, have been no need for the USA Freedom Act, no need for this display of lawmaking, but for the actions of the intelligence sub-contractor. Privacy advocates would again raise their eyebrows at Rogers’s remarks about the now infamous Section 215 telephone metadata program under the Patriot Act, which had been “the subject of intense, and often inaccurate, criticism. The bulk telephone metadata program is legal, overseen, and effective at saving American lives.”

Such assertions are remarkable, more so for the fact that both the Privacy and Civil Liberties Oversight Board and the internal White House review panel, found little evidence of effectiveness in the program.  “Section 215 of the USA Patriot Act,” claimed the PCLOB, “does not provide an adequate basis to support this program.”  Any data obtained was thin and obtained at unwarranted cost.

Critics of the bill such as Centre for Democracy and Technology President Nuala O’Connor expressed concern at the chipping moves.  “This legislation was designed to prohibit bulk collection, but has been made so weak that it fails to adequately protect against mass, untargeted collection of Americans’ private information.”  In O’Connor’s view, “The bill now offers only mild reform and goes against the overwhelming support for definitively ending bulk collection.”

Not so, claimed an anonymous House GOP aide.   “The amended bill successfully addresses the concerns that were raised about NSA surveillance, ends bulk collections and increases transparency.”  Victory in small steps would seem to have impressed the aide. “We view it as a victory for privacy, and while we would like to have had a stronger bill, we shouldn’t let the perfect being the enemy of the good.”

Various members of the House disagreed.  Rep. Zoe Lofgren (D-Calif.) noted that the bill had received a severe pruning by the time it reached the House floor, having a change “that seems to open the door to bulk collection again.”  Others connected with co-sponsoring initial versions of the bill, among them Rep. Jared Polis (D-Colo.) and Rep. Justin Amash (R-Mich.) also refused to vote for the compromise.

What, then, is the basis of the gripe?  For one, the language “specific selection term”, which would cover what the NSA can intercept, is incorrigibly vague.  The definition offers the unsatisfactory “term used to uniquely describe a person, entity or account.”  What, in this sense, is an entity for the purpose of the legislation?  The tip of the iceberg is already problematic enough without venturing down into the murkier depths of interpretation.

Even more troubling in the USA Freedom Act is what it leaves out. For one thing, telephony metadata is only a portion of the surveillance loot.  Other collection programs are conspicuously absent, be it the already exposed PRISM program which covers online communications, Captivatedaudience, a program used to attain control of a computer’s microphone and record audio, Foggybottom – used to note a user’s browsing history on the net, and Gumfish, used to control a computer webcam.  (These are the choice bits – others in the NSA arsenal persist, untrammelled.)

Section 702 of the Foreign Intelligence Surveillance Amendments (FISA) Act, the provision outlining when the NSA may collect data from American citizens in various cases and how the incorrect or inadvertent collection of data is to be handled, is left untouched.  On inspection, it seems the reformist resume of the Freedom Act is rather sparse.

Ambiguities, rather than perfections, end up being the enemy of the good. Laws that are poorly drafted tend to be more than mere nuisances – they can be dangerous in cultivating complacency before the effects of power. Well as it might that the USA Freedom Act has passed, signalling a political will to deal with bulk-collection of data.  But in making that signal, Congress has also made it clear that compromise is one way of doing nothing, a form of sanctified inertia.

This article was posted on May 28, 2014 at indexoncensorship.org

Limits on surveillance: A global right to privacy

shutterstock_privacy_127585253

The revelations by Edward Snowden last June about massive, unaccountable surveillance by the US National Security Agency (NSA) and its British counterpart GCHQ have raised one vital question.  Is there a global right of privacy?  If so, what form might it take?

In November 2013, Kenneth Roth, the executive director of Human Rights Watch, argued in favour of a global human right of privacy. “All [governments] should acknowledge a global obligation to protect everyone’s privacy, clarify the limits on their own surveillance practices (including surveillance of people outside their own borders), and ensure they don’t trade mass surveillance data to evade their own obligations.”

Fundamental to this discussion is the role technology has played in outpacing legal oversight.  In April 2013, the report of the United Nations Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression had one express focus: To examine “the implications of states’ surveillance of communications in the exercise of the human rights to privacy and to freedom of opinion and expression.”  In the Rapporteur’s view, it was clear that the march of technology, with its move to low cost mobile communications as opposed to previous fixed-line methods had “increased opportunities for state surveillance and interventions into individuals’ private communications.”  Borderless surveillance has become a reality.

In their remarkable article on privacy in the Harvard Law Review of 1890, Louis D. Brandeis and Samuel D. Warren argued that, “The press is overstepping in every direction the obvious bounds of propriety and decency.  Gossip is no longer the resource of the idle and the vicious, but has become a trade”.  Through sharp, analogical reasoning, the jurists decided that grounds for a civil wrong in breaching privacy might be found.  The law had to keep pace with the type of technology involved.  In their times, it was the telegraph.

International law accepts that a right to privacy exists and should be protected. Article 12 of the Universal Declaration of Human Rights (1948) makes it explicit.  The International Covenant on Civil and Political Rights, through Article 17, has the same effect.  Article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms has spawned rich jurisprudence on the subject.  The Organisation for Economic Cooperation and Development, and the Council of Europe, have various guidelines and protocols in place for data protection.

That said, common law countries such as Britain and Australia have shown a reluctance to find a genuine civil wrong when someone’s privacy is violated.  Preference is given to finding a breach of confidence.  In the United States, there is a reasonable expectation under the Fourth Amendment that one’s privacy will be protected, though it has no application to foreigners.  Civil code countries have shown a greater willingness to identify the human body as inviolable before unwarranted interference.

Analysts have argued that a protected global right to privacy is urgent because the global surveillance state has itself become a reality. It is not merely sufficient to restrain through warrant and judicial control the actions of the NSA regarding American citizens.  As David Cole of the Georgetown University Law Centre argues  (Just Security, Oct 29, 2013), focus must lie beyond the limited social contract between US government and its citizens.  The rights of non-US citizens to privacy, in other words, extra-territorial rights, matter.  Privacy rights are transnational issues, requiring transnational measures of protection.

In the United States, President Barack Obama has at least acknowledged the globalised nature of the surveillance problem, and the need for global protections that consider the rights of non-US citizens as well.  His latest suggestions can be found in Presidential Policy Directive 28 (PPD-28.

A notable feature in PPD-28 is the restriction on monitoring foreign citizens, which might be termed the “Merkel” clause after it was revealed that the German Chancellor’s phone was being monitored by the NSA.  Section 4 of PPD-28 also serves to create the machinery by which the US will form a “point of contact for foreign governments who wish to raise concerns regarding signals intelligence activities conducted by the United States.”

In these proposals, Obama fails, as executive director of Amnesty International USA Steven W. Hawkins explains, to accept “the abusive nature of mass surveillance or put international human rights standards at the centre of US policy”. They do not so much curtail surveillance as simply limit aspects of its reach.  Executive Order 12333 still affords Obama powers to authorise surveillance programs without judicial review. The law is still kept at arm’s length.

The normalisation of Stasiland is the great feature of the twenty first century – no political system has been spared that, largely because the technological means have outpaced the legal regulations.  A collective of some 500 writers, among them Margaret Atwood, Martin Amis, and Don DeLillo, have argued via a petition in December 2013 that, “A person under surveillance is no longer free; a society under surveillance is no longer a democracy.  To maintain any validity, our democratic rights must apply in virtual as in real space.”  It is time to consider not merely limits to the bulk surveillance, but enforceable obligations on the part of states to abide by a global rule on privacy.

This article was posted on 29 January 2014 at indexoncensorship.org

President Obama: Privacy, free expression for all

Index on Censorship is deeply concerned that neither the report nor the recommendations on the NSA prepared by the White House review panel tackles the worldwide mass surveillance carried out by the United States.  Index calls on President Obama to take urgent action to respect the right to freedom of expression and privacy of all the world’s citizens, not just those of the United States.

The report from  President Barack Obama’s Review Group on Intelligence and Communications Technology is a 300-page tome which includes 46 recommendations – from forcing telecommunications firms to store call data for on demand NSA access, to higher level signoff on surveillance of foreign leaders.

Kirsty Hughes, CEO of Index, said:

“These weak recommendations offer no privacy for non-Americans and only scant protection for foreign leaders. The NSA’s surveillance programmes continue to violate human rights on a massive scale. When Barack Obama decides what reforms to implement in January, he should remember that Americans are not the only people who deserve the right to privacy and free speech. ”

Miranda court challenge

Index on Censorship supports today’s court challenge to the use of counter-terrorism powers to detain David Miranda at Heathrow airport in August. Index is a member of a coalition of free speech and media organisations that has made a written submission in support of Miranda’s hearing.

Online Editor Sean Gallagher said:

‘The Terrorism Act should be used to counter terrorism not to undermine investigative journalism into stories that are in the public interest, such as the ongoing revelations about mass surveillance by The Guardian and David Miranda’s partner, Glenn Greenwald. Misusing counter terrorism laws in this way is an attack on the free expression rights of journalists and their sources.’

The judicial review case will decide if it was lawful to use Schedule 7 of the Terrorism Act to detain Miranda and take confidential materials from him.

Written Submissions of the Coalition of Media and Free Speech Organisatons