After an extensive investigation of the agencies’ actions, Congress passed the 1978 Foreign Intelligence Surveillance Act (FISA) to limit sweeping collection of intelligence and create rigorous oversight. But 35 years later, the NSA is using this law and its subsequent amendments as legal grounds to run even more invasive programs than those that gave rise to the statute.
We’ve learned that in April, the Foreign Intelligence Surveillance Court (FISC) ordered Verizon to provide information on calls made by each subscriber over a three-month period. Over the past seven years, similar orders have been served continuously on AT&T, Sprint and other telecommunications providers.
Another program, PRISM, disclosed by the Guardian and The Washington Post, allows the NSA and the FBI to obtain online data including e-mails, photographs, documents and connection logs. The information that can be assembledabout any one person — much less organizations, social networks and entire communities — is staggering: What we do, think and believe.
The government defends the programs’ legality, saying they comply with FISA and its amendments. It may be right, but only because FISA has ceased to provide a meaningful constraint.
Under the traditional FISA, if the government wants to conduct electronic surveillance, it must make a classified application to a special court, identitying or describing the target. It must demonstrate probable cause that the target is a foreign power or an agent thereof, and that the facilities to be monitored will be used by the target.
In 2008, Congress added section 702 to the statute, allowing the government to use electronic surveillance to collect foreign intelligence on non-U.S. persons it reasonably believes are abroad, without a court order for each target. A U.S. citizen may not intentionally be targeted.
To the extent that the FISC sanctioned PRISM, it may be consistent with the law. But it is disingenuous to suggest that millions of Americans’ e-mails, photographs and documents are “incidental” to an investigation targeting foreigners overseas.
The telephony metadata program raises similar concerns. FISA did not originally envision the government accessing records. Following the 1995 Oklahoma City bombing, Congress allowed applications for obtaining records from certain kinds of businesses. In 2001, lawmakers further expanded FISA to give the government access to any business or personal records. Under section 215 of the Patriot Act, the government no longer has to prove that the target is a foreign power. It need only state that the records are sought as part of an investigation to protect against terrorism or clandestine intelligence.
This means that FISA can now be used to gather records concerning individuals who are neither the target of any investigation nor an agent of a foreign power. Entire databases — such as telephony metadata — can be obtained, as long as an authorized investigation exists.
Congress didn’t pass Section 215 to allow for the wholesale collection of information. As Rep. F. James Sensenbrenner Jr. (R-Wis.), who helped draft the statute, wrote in the Guardian: “Congress intended to allow the intelligence communities to access targeted information for specific investigations. How can every call that every American makes or receives be relevant to a specific investigation?”
As a constitutional matter, the Supreme Court has long held that, where an individual has a reasonable expectation of privacy, search and seizure may occur only once the government has obtained a warrant, supported by probable cause and issued by a judge. The warrant must specify the places to be searched and items to be seized.
There are exceptions to the warrant requirement. In 1979 the court held that the use of a pen register to record numbers dialed from someone’s home was not a search. The court suggested that people who disclose their communications to others assume the risk that law enforcement may obtain the information.
More than three decades later, digitization and the explosion of social-network technology have changed the calculus. In the ordinary course of life, third parties obtain massive amounts of information about us that, when analyzed, have much deeper implications for our privacy than before.
As for Section 702 of FISA, the Supreme Court has held that the Fourth Amendment does not protect foreigners from searches conducted abroad. But it has never recognized a foreign intelligence exception to the warrant requirement when foreign-targeted searches result in the collection of vast stores of citizens’ communications.
Americans reasonably expect that their movements, communications and decisions will not be recorded and analyzed by the government. A majority of the Supreme Court seems to agree. Last year, the court considered a case involving 28-day GPS surveillance. Justice Samuel Alito suggested that in most criminal investigations, long-term monitoring “impinges on expectations of privacy.” Justice Sonia Sotomayor recognized that following a person’s movements “reflects a wealth of detail about her familial, political, professional, religious, and sexual associations.”
The FISC is supposed to operate as a check. But it is a secret court, notorious for its low rate of denial. From 1979 to 2002, it did not reject a single application. Over the past five years, out of nearly 8,600 applications, only two have been denied.
Congress has an opportunity to create more effective checks on executive power. It could withdraw Sections 215 and 702 and introduce new measures to regulate intelligence collection and analysis. There are many options.
James Madison put it best: “In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself.”
Read more from Outlook:
Five myths about the NSA
Obama, the ‘big data’ president
Friend us on Facebook and follow us on Twitter.