Surveillance & Privacy

How a Chain Link Fence Can Protect Privacy in the Age of “Collect It All”

Jake Laperruque , Joe Onek
Monday, May 9, 2016, 11:30 AM

In today’s digital age, virtually everything we do is in some way collected and catalogued. This phenomenon will grow as the Internet of Things expands, cameras in public become more common, and tracking technologies like GPS become more effective. At the same time, the government’s focus on counterterrorism since 9/11 has amplified the role of surveillance to an unprecedented degree.

Published by The Lawfare Institute
in Cooperation With
Brookings

In today’s digital age, virtually everything we do is in some way collected and catalogued. This phenomenon will grow as the Internet of Things expands, cameras in public become more common, and tracking technologies like GPS become more effective. At the same time, the government’s focus on counterterrorism since 9/11 has amplified the role of surveillance to an unprecedented degree. Recognizing the confluence of these factors, it is no surprise that privacy experts believe we are currently in a Golden Age of Surveillance.

Surveillance is a valuable counterterrorism tool; indeed, intelligence is the primary defense in attempting to stop largely unpredictable attacks by a small number of individuals. But surveillance is also susceptible to abuse. The government has repeatedly used surveillance tools as a mechanism to targets activists or minorities—from the Church Committee revelations; to the NYPD’s post 9/11 Surveillance Unit focused on monitoring Muslim communities; to recent revelations that the Department of Homeland Security monitored Black Lives Matter protesters. These more recent examples show how quickly well-intentioned actions can be co-opted for pernicious goals—if we wait until the next J. Edgar Hoover arises to limit surveillance powers, it may be too late to meaningfully stop the pervasive threats of potential abuse.

As technology continues to advance at break-neck speed—and the government’s power to sweep up sensitive information continues to grow—realistically achievable limits on collection are not enough to safeguard privacy. In the Golden Age of Surveillance, it is critical that we also place appropriate limits on what the government can do with the data it inevitably amasses.

Post hoc judicial authorization for searches after warrantless collection

Many people believe that any surveillance of Americans’ communications should require a warrant. And many agree that the warrant requirement should extend to those electronic communications currently shielded by statutes rooted in the outdated third-party doctrine. The Snowden revelations demonstrated a critical area where this aspiration for the protection provided by warrants goes unfulfilled. Foreign intelligence surveillance directed outside the United States does not necessarily require judicial authorization, and while it cannot target Americans, such surveillance frequently scoops up Americans’ private communications.

It is likely infeasible to require judicial authorization prior to all foreign intelligence surveillance. And many would argue a foreign intelligence collection warrant requirement is generally undesirable, particularly as it relates to military operations. But when Americans’ communications are subject to warrantless surveillance—even via incidental collection—the critical protections of a warrant requirement must be preserved. One effective method of preserving such protection is post hoc judicial authorization to search for Americans’ private communications.

Intelligence Community officials contend that Americans’ communications acquired through warrantless collection programs is “incidental collection,” a necessary byproduct of surveillance present even in domestic wiretaps, and falls outside the ambit of judicial authorization requirements. But for domestic surveillance, judicial authorization occurs prior to any collection which protects both targeted and incidental collection alike in a number of important ways.

As a general matter, warrants provide oversight to ensure proper conduct. Warrants for domestic monitoring require probable cause, and further require law enforcement to describe and set limits upon what communications facilities will be used and the duration of surveillance, which ensures that the government’s activities are not unnecessarily invasive. The limited court approval required for Section 702 demonstrates that more complete rules are needed regarding US person information: FISC documents released in 2013 revealed that the court’s limited interaction left it unaware for years that NSA collection methods were vacuuming up tens of thousands of wholly domestic communications.

Furthermore, warrants reasonably limit the scale of surveillance. By requiring proper demonstration of suspicion to a judge, warrants reasonably limit the magnitude of targets and incidental surveillance. Warrants require specific links to suspicion of wrongdoing. In contrast, Section 702 and Executive Order 12333 (EO 12333) authorize surveillance of a broad range of targets based on potential to yield foreign intelligence information, including individuals not suspected of wrongdoing. With this broader application of surveillance comes a much broader scale of incidental collection, opening the door to incidental surveillance not only of individuals associated with a suspected wrongdoer, but also those merely communicating with a non-US person. In the context of domestic searches of US persons a warrant would require more specific cause than mere association.

The full range of limits imposed by a warrant protects both the target and those subject to incidental collection, acting as a key safeguard to privacy and bedrock of Fourth Amendment rights. Requiring a warrant for any foreign intelligence surveillance that could impact Americans may not be feasible, but absent that broader application, post hoc judicial authorization provides at least some level of protection. In line with the value warrants provide, post hoc judicial authorization would ensure that there is proper independent oversight of searches for US persons’ communications, and reasonably limit the scale of surveillance. Further, it would ensure US persons are protected in their baseline privacy rights, and that the government can not deliberately seek out their private communications without first demonstrating some suspicion of wrongdoing to a judge.

Such measures are not unprecedented. Beginning in 2014, the government required court approval prior to searching the (now defunct) NSA telephony metadata bulk collection database. There is no evidence this requirement impaired operational needs.

Last year the House of Representatives voted to enact this rule for surveillance under Section 702 of FISA, a strong step forward on this issue, although on this and in other occasions it was stripped out by Congressional leadership before being passed and sent to the Senate. This policy should be enacted into law, and we should consider applying post hoc judicial authorization more broadly to all authorities that permit warrantless collection of Americans’ communications.

Developing reasonable use restrictions and the “Chain-Link Fence”

Another key post-collection reform is setting proper bounds on how the government can use sensitive information after it is obtained and shared. Information collected under less stringent rules based on special needs should be used only for those special needs—and perhaps for serious and imminent threats as well—and not for generalized law enforcement purposes.

Use restrictions naturally raise concerns of rebuilding “the Wall.” Prior to 9/11, a major check on executive power was the “stove piping” of information at various intelligence agencies. The Wall served as an important barrier between foreign intelligence and law enforcement, ensuring that surveillance powers used to fight the Cold War were not handed over to local law enforcement investigating American citizens. However, the Wall was a significant factor in the government failing to “connect the dots” in advance of the 9/11 attacks. Post-9/11 intelligence reforms were aimed at ending the practice of stove piping to move towards greater information sharing and operational collaboration.

Eliminating the Wall made sense towards the specific end of allowing intelligence agencies to properly understand and combat national security threats. But today’s use of intelligence surveillance stretches far beyond that goal. Information collected through Section 702 can be used to start or support an investigation of any federal crime. This means, for example, NSA surveillance authorized for the purpose of preventing terrorism could be used in service of low-level investigations for tax fraud or drug possession.

The demise of the Wall leads not only to the proper sharing of national security information between agencies, but also to a troubling use of military and intelligence agencies’ power for domestic law enforcement. We need a middle-ground between the Wall and the status-quo: a “Chain Link Fence” that permits national security information to pass unobstructed between agencies, but blocks the unrestricted merger of domestic law enforcement with military and intelligence surveillance.

This already occurs in one key area: information obtained via bulk collection under Executive Order 12333. Presidential Policy Directive 28 (PPD-28) limits use of data obtained via bulk collection under EO 12333 to six enumerated national security purposes. PPD-28 demonstrates that reasonable use restrictions for intelligence can work, and could serve as a model for future action.

Section 702 of FISA also has use restrictions, but they are significantly more permissive than those enumerated in PPD-28. Last year, the ODNI announced that information obtained under Section 702 would only be used as evidence in court for national security cases and for a finite list of serious offenses. However this rule contains a major loophole: It allows domestic law enforcement agencies to use intelligence surveillance as the backbone of an investigation for any crime, as long as they do not use the original Section 702 data as evidence in court.

Limiting law enforcement use to national security and threats of serious harm is the right approach, but restrictions should apply to both investigative and evidentiary use. Furthermore, use limitations should apply to all surveillance conducted under EO 12333, not just data collected via bulk surveillance. A Chain Link Fence would not obstruct the necessary sharing of national security information with those who need it, but it would appropriately separate intelligence programs from the realm of domestic policing.

Limits on “tagging” technologies

An additional area ripe for post-collection reform concerns video surveillance. As video recordings have grown exponentially more common, powerful “tagging” technology has developed in conjunction. Using facial recognition software and license plate readers, it is possible to identify an individual from photos or video in an automated manner. With the ability to tag, video surveillance risks unprecedented intrusion into private lives.

Indeed, tagging technologies are already profoundly impacting law enforcement. The FBI Next Generation Identification database is compiling millions of face prints, and DHS is employing a large-scale license plate reader program. Such programs create serious concerns. License plate readers could be used for pervasive location tracking, constantly monitoring thousands of citizens’ locations. Facial recognition enables law enforcement to take images of participants at a protest, patients at a health clinic, or attendees at a religious ceremony, and to list individual identities in a database.

Tagging technologies make everything in video—location, association, activities—searchable, giving one CCTV more power than a 10,000-person police force. The doctrine that there is no expectation of privacy in public places should not apply when our every movement and every action can be monitored and cataloged. Our public actions may, by definition, not be “private,” but they still include highly sensitive activities (e.g. entering a protest meeting or an abortion clinic.). These activities have generally been protected by a different shield than physical walls: obscurity. Video surveillance augmented by tagging technology risks the end of obscurity.

As with some other modes of collection, closing the door on video surveillance is not feasible. But we can place limits on tagging technologies, which would preserve the protections of obscurity even in the face of ever-increasing video collection. For example, a warrant requirement for use of tagging technologies would allow law enforcement action, but prohibit generalized application and abuse. This rule should apply to both the creation of tagging profiles (such as a face print) and the use of tagging technologies to search real-time or stored photos and videos. A warrant rule would establish the same check on powerful tagging technologies that we have for other invasive activities such as wiretapping and attachment of GPS devices. If government does use tagging technologies, it should be in a limited manner, directed at suspected wrongdoers, and subject to judicial approval.

***

The magnitude of government surveillance is enormous and is in some respects unstoppable. But reasonable post-collection restrictions can ensure that collection does not beget abuse, and provide the confidence that is essential to democratic society. Measures such as post-hoc judicial authorizations, building a Chain-Link Fence in place of the Wall, and limiting tagging technologies will help us achieve that goal, and enhance privacy and security in the process.


Jake Laperruque is Deputy Director of the Security and Surveillance Project at the Center For Democracy & Technology (CDT). His work focuses on national security surveillance, facial recognition, location privacy, and other key issues at the intersection of new technologies with privacy, civil rights, and civil liberties. Prior to joining CDT, Jake worked as Senior Counsel at the Constitution Project at the Project On Government Oversight. He also previously served as a Program Fellow at the Open Technology Institute, and a Law Clerk on the Senate Subcommittee on Privacy, Technology, and the Law. Jake is a graduate of Harvard Law School and Washington University in St. Louis.
Joe Onek is a Principal in The Raben Group, and a national security advisor to TCP. Prior to joining The Raben Group, he served as senior counsel to then-Speaker Nancy Pelosi. A graduate of Harvard College and Yale Law School, Joe began his legal career as a law clerk to Chief Judge David L. Bazelon of the D.C. Circuit Court of Appeals. He also clerked on the U.S. Supreme Court for Justice William J. Brennan. In the Carter Administration, he served on the White House Domestic Policy Staff as associate director of health and human resources and later as deputy counsel to the President. In the Clinton Administration, Joe was the senior coordinator for rule of law at the State Department and principal deputy associate attorney general at the Department of Justice.

Subscribe to Lawfare