National Intelligence Office's Top Lawyer Fires Off Spirited Defense Of Bulk Surveillance, Third Party Doctrine
from the "in-order-for-programs-to-remain-legal,-I-must-view-it-this-way" dept
Robert Litt, General Counsel for the Office of the Director of National Intelligence, has been given space at the Yale Law Review Journal to publish his citable article "Why Everyone's Wrong About the Fourth Amendment." Or, as Litt would like us to refer to it:
Preferred Citation: Robert S. Litt, The Fourth Amendment in the Information Age, 126YALE L.J. F. 8 (2016), http://www.yalelawjournal.org/forum/fourth-amendment-information-age.To be fair, Litt never says we're all wrong about the Fourth Amendment and the Third Party Doctrine. He only says Judge Leon is. Judge Leon was the single district court judge who found the bulk collection of phone metadata to be unconstitutional.
Technically, we're not all wrong, but we may as well be, because no court has found the collection unconstitutional save Judge Leon's and Litt doesn't agree with it. Several paragraphs follow, but the crux of Litt's argument is nothing new: it's just 1979's Smith v. Maryland decision all over again.
I do not think that Judge Leon’s efforts to distinguish Smith were successful. First, while Judge Leon is certainly right that metadata can be very revealing of personal activities, there is nothing new about that insight. Justice Stewart dissented from the decision in Smith itself in part because he recognized that metadata “easily could . . . reveal the most intimate details of a person’s life.” The point of Smith was not that metadata is innocuous, but that you have chosen to reveal it to a third party. To use an analogy, if you give a document to a third party, you have lost your expectation of privacy in that document, whether it is a laundry ticket or a confession of mortal sin. Moreover, the fact that cell phones today contain a lot of information beyond metadata does not seem relevant when the government did not actually search or collect any of that other information.The thing is that while people may voluntarily agree to hand over certain information to service providers (and it's safe to say the "agreement" is anything but "voluntary"), they do not naturally assume the service provider will share this -- no questions asked or warrants demanded -- with anyone else who comes asking for it. That's where the reliance on Smith v. Maryland fails. "Choose to disclose" is much different than "forced to disclose." And it's not as if it can truly be said phone users relinquish all ownership of that data. It's specifically tied to them and they "share" it with service providers -- which if that's how Litt wants to interpret the interaction, he should at least be honest and give both parties some sort of ownership, along with the privacy expectations that go with it.
[...]
[I] find it hard to understand the alchemy by which information that you choose to disclose to a third party develops an expectation of privacy because you have chosen to disclose a lot of that information. That seems counter-intuitive to say the least. For all of these reasons, if you accept Smith’s holding that there was no expectation of privacy in the telephone metadata in that case because it had been voluntarily exposed to a third party, you can’t conclude there was an expectation of privacy in the metadata in this case.
A lot of the rest of it is given over to Litt's displeasure that courts have even granted plaintiffs standing in bulk metadata program lawsuits. Whatever the Third Party Doctrine doesn't shut down, the plaintiffs' inability to claim anything more than theoretical rights violations by programs the government refused to discuss publicly should have seen the cases tossed immediately. He agrees the framework is there for massive violations of privacy but these actually damaging acts simply never occurred. But abuses did occur and were covered up by the NSA, nearly resulting in the program being shut down back in 2008 by FISC Judge Reggie Walton.
This fact undercuts Litt's assertions in defense of the now-curtailed program.
For several years, and with judicial authorization, the NSA collected metadata in bulk about U.S. phone calls from telephone companies for counterterrorism purposes. The metadata was kept in secure databases. It could only be accessed by a few specially trained NSA analysts, and then only to identify telephone numbers in contact with so-called “seed” numbers as to which there was a reasonable and articulable suspicion of an association with terrorism—such as, for example, a number used by a suspected terrorist.First off, the program was accessed by more than just a "few" specially trained analysts. It was a free-for-all until the FISA Court shut that down. Second, the reasonable, articulable suspicion standard wasn't always applied to searches of the database. For a period of time, NSA analysts ran searches against an "Alert List" of numbers the FISA Court had never approved for use -- i.e., no RAS declaration was made by the NSA to support additions to the list used for searches of the bulk data. Some of these numbers were added simply because they were two or three hops away from an RAS-supported number, meaning there was nothing supporting the use of these "connected" numbers as new "seeds" for database searches and contact chaining.
What Litt does get right is that the NSA has done itself no favors with its decades of opacity.
Where we fell short was on the third leg of the stool, transparency. There would have been less damage to the Intelligence Community from the disclosures of the last couple of years had we been more forthcoming about our activities before those leaks. Obviously, intelligence activities have to be conducted with some degree of secrecy, and the same is true of some law enforcement activities. Specific methods and targets of surveillance have to be protected. But if we don’t discuss what we are doing and how we are regulating it even in general terms, we cede the field to those who are hostile to intelligence activities.And, perhaps inadvertently, Litt lets us know President Obama is just as big a fan of the NSA as his predecessor was.
A decision by Congress to authorize certain activities under certain controls, made after discussion and debate, should be a strong factor in support of the reasonableness of those activities. Congress is going to have a number of opportunities to address these issues. For example, Section 702 expires at the end of 2017, and there are continued efforts to modernize the Stored Communications Act. It may be too much to hope that in the current political environment, Congress could have a dispassionate and comprehensive discussion about such weighty issues, but the Executive Branch would welcome such a discussion.Given the selection of presidential frontrunners, I have no reason to believe Litt's assessment of the situation will be any less accurate by the time the Section 702 expiration date rolls around.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, bulk surveillance, mass surveillance, nsa, odni, privacy, robert litt, surveillance, third party doctrine
Reader Comments
Subscribe: RSS
View by: Time | Thread
Adding to the ranks
Not just that, but by consistently lying and being caught out on their lies they created people 'hostile to intelligence activities'. People that might have sided with the spy agencies had they been honest, 'Yes we did X. Here's why, and here's the limits that are in place to avoid abuse.' when the evidence came out are much less likely to do so when the agency lies, and then has their lies exposed. If they lied about X, what about their other claims, are those lies as well?
Among their legion of mistakes lying when they aren't staying silent is certainly up there as far as 'things that poisoned public opinion against them'.
[ link to this | view in chronology ]
Re: Adding to the ranks
[ link to this | view in chronology ]
Re: Re: Adding to the ranks
Cameras in civilian hands are just showing what's been going on the whole time, though granted with more military weapons and untrained SWAT teams.
And now we are clearer how much the US sucks, our system isn't even trying to make it better. They just pretend it doesn't.
At least the Soviet Union admitted its methods were brutal. We're brutal and we can't stop lying!
[ link to this | view in chronology ]
Re: Re: Re: Adding to the ranks
[ link to this | view in chronology ]
Re: Re: Re: Adding to the ranks
A million times this.
[ link to this | view in chronology ]
Re: Re: Re: Adding to the ranks
Russia doesn't execute people.
The United States does.
[ link to this | view in chronology ]
Russia doesn't execute.
During the Stalin regime, people were not only executed, but disappeared so that they ceased to exist entirely, a policy that is conspicuously echoed in our drone strike programs in the Afghanistan and Pakistan theaters. But the upshot is we don't know how many were obliterated. Millions, allegedly.
Similarly the United States does execute people, but murders by police officers are not counted, and often are not recorded, so we don't actually know how many civilians are killed by police bullets, though those should certainly count as murders by agents of the state.
[ link to this | view in chronology ]
Re: Russia doesn't execute.
The comment was about today's Russia and today's United States. Notice the present tense language.
[ link to this | view in chronology ]
Today's Russia
Part of the dialog is that the current United States regime is comparable to the USSR, that our agencies are comparable to the KGB.
The other part is that it always was, and for those of us who grew up in the cold war, it's a big disappointment to discover that our guys weren't any better than the enemy they were demonizing.
Contemporary Russia has its issues, and Putin is a bastard, but the United States is failing to do any better.
If the US just lied to its people about being more human than the Soviet Union, then we can't trust that the situation is any better than the Islamic State. Or, for that matter, North Korea.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Some animals are more equal than others.
We may be better served by an intelligence community that is entirely transparent regarding their methods, much the way encryption sacrifices short-term security-through-obscurity for robust penetration-tested algorithms.
[ link to this | view in chronology ]
Re:
'we' have turned that principle on its head, ain't 'we' ?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Smith v. Maryland
[ link to this | view in chronology ]
Re: Smith v. Maryland
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Take away the NSA and all those other self viewed elites rights and watch them fall over themselves saying their info should be protected against random searches.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
On the other hand, courts have also said there's no harm done if you don't know you're rights are being violated. Either way you're screwed.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
--
By that logic, the government should have no expectation of privacy after handing someone a NSL.
[ link to this | view in chronology ]
Re:
Problem solved!
[ link to this | view in chronology ]
I'm especially fond of this...
...unless they do it in bulk.
This is something that, seemingly, nobody understands.
I've had this conversation with a number of people when discussing, for instance, Facebook.
"I don't care if Facebook gets my contact list from my phone."
Certainly, it is your choice to disclose your informaton to Facebook or not. However, if MY name, address and phone number are in your contacts list, that's not just YOUR privacy being violated. When you take that ridiculous survey that showed up in your feed, and the app pownloads the entire content of your profile and feed, you are sacrificing your FRIENDS' privacy as well.
Now, scale that up zillion times. If (three-letter-agency) is collecting enough metadata (which we know they are), they don't have to be SPECIFICALLY collecting my metadata. It's already there by virtue of the fact that I interact with the people they ARE collecting metadata on.
How could this possibly NOT also implicate MY Fourth Amendment rights?
[ link to this | view in chronology ]
Re: "while people may voluntarily agree"
Generally speaking meta data comes from two sources. It is either diagnostic data or it was transmitted in the open due to technical limitations which are now largely non-existent.
For example: Deep Packet Inspection is largely dependent on port numbers. This unciphered 16 bits in every communication was a limitation that dates back to the 80's. Such limitations no longer exist, but this 16 bits is still transmitted with every datagram. Eventually some jackass CEO figured out that he can make a few extra bones by sniffing everybody's knickers and selling his findings to marketers, and DPI became useful for generating marketing profiles.
It wasn't broken when it was invented. This level of surveillance had practical limitations at the time. Those limitations no longer exist. It is broken NOW. The fact that UDP and TCP became deprecated does not create consent, any more than walking by a broken door justifies rifling somebody's home. The door was made by a guy who knew how to make a good door. It is just old and busted.
It should also be noted that these features were NEVER the Intellectual Property of the people who are abusing them. They are public domain specifications that are precondition of interoperability. The war being waged on these features is a crime against assets that are in the public domain, and should be prosecuted as such. It is not that different from busting a guy for pissing in a public water fountain.
Yeah, the next guy may not know he's drinking piss. That doesn't mean it isn't assault. What the ISP's are doing is a crime. No, it doesn't matter that it is digital. No it doesn't matter that they sell data to congressional donors. It is still a crime!
[ link to this | view in chronology ]
What's his real motivation?
First, he might be trying to recruit like minded law students into future governments. Ones that can and will think like they do in order to help to further justify similar actions by the government.
Secondly, he could be doing this to fend off future logical attacks on the program by these lawyers that are creative with of the law, and hence likely purse action against them.
Thirdly he could simply be trying to fend off outrage of future (soon to be disclosed) programs or the expansion of existing programs that could cause outrage within the public.
Otherwise, frankly, he shouldn't have written nor said a thing.
[ link to this | view in chronology ]
factolex
adwokat wadowice
[ link to this | view in chronology ]