The Good News About Spying

In 2013, the world was outraged to learn that the National Security Agency (NSA) had been spying on private communications on a mass scale. Since then, a global movement to end mass surveillance has pressed U.S. President Barack Obama to tighten privacy laws and restore civil liberties that had been diminished since 9/11. To observers’ chagrin, however, dramatic revelations of NSA spying have kept coming. A recent Pew Research Center poll shows that, as Americans have heard more about the NSA, 61 percent have become less confident that surveillance programs are serving the public interest. The lack of confidence is expressed by members of both political parties, but Republicans are especially likely to say that they are losing confidence.

Although rising public anger is welcome, it is misdirected. A fair examination of the Obama administration’s record over the last 18 months shows real accomplishments on surveillance reform. In sharp contrast to the inaction of Congress and U.S. courts, Obama has taken several meaningful steps to limit government surveillance and make surveillance policies more transparent.

Despite high hopes for a fresh start on civil liberties, during his first term in office, Obama ratified and even expanded the surveillance programs that began under former President George W. Bush. After NSA contractor Edward Snowden began revealing the agency’s spying programs to The Guardian in 2013, however, Obama responded with a clear change of direction. Without great fanfare, his administration has made changes that open up the practices of the United States intelligence community and protect privacy in the United States and beyond. The last year and a half has been the most significant period of reform for national security surveillance since Senator Frank Church led the charge against domestic spying in the late 1970s. 

In 2013, at Obama’s direction, the Office of the Director of National Intelligence (ODNI) established a website for the intelligence community, IC on the Record, where previously secret documents are posted for all to see. These are not decades-old files about Cold War spying, but recent slides used at recent NSA training sessions, accounts of illegal wiretapping after the 9/11 attacks, and what had been highly classified opinions issued by the Foreign Intelligence Surveillance Court about ongoing surveillance programs.

Although many assume that all public knowledge of NSA spying programs came from Snowden’s leaks, many of the revelations in fact came from IC on the Record, including mistakes that led to the unconstitutional collection of U.S. citizens’ emails. Documents released though this portal total more than 4,500 pages—surpassing even the 3,710 pages collected and leaked by Snowden. The Obama administration has instituted other mechanisms, such as an annual surveillance transparency report, that will continue to provide fodder for journalists, privacy activists, and researchers.

The transparency reforms may seem trivial to some. From the perspective of an intelligence community steeped in the need to protect sources and methods, however, they are deeply unsettling. At a Brown University forum, ODNI Civil Liberties Protection Officer Alexander Joel said, “The intelligence community is not designed and built for transparency. Our culture is around finding our adversaries’ secrets and keeping our own secrets secret.” Accordingly, until only a few years ago, the intelligence community resisted making even the most basic information public. The number of FISA court opinions released to the public between 1978 and 2013 can be counted on one hand.

Beyond more transparency, Obama has also changed the rules for surveillance of foreigners. Until last year, privacy rules applied only to “U.S. persons.” But in January 2014, Obama issued Presidential Policy Directive 28 (PPD-28), ordering intelligence agencies to write detailed rules assuring that privacy protections would apply regardless of nationality. These rules, which came out in January 2015, mark the first set of guidelines for intelligence agencies ordered by a U.S. president—or any world leader—that explicitly protect foreign citizens’ personal information in the course of intelligence operations. Under the directive, the NSA can keep personal information in its databases for no more than five years. It must delete personal information from the intelligence reports it provides its customers unless that person’s identity is necessary to understand foreign intelligence—a basic rule once reserved only for Americans.

The new rules also include restrictions on bulk collection of signals intelligence worldwide—the practice critics call “mass surveillance.” The NSA’s bulk collection programs may no longer be used for uncovering all types of diplomatic secrets, but will now be limited to six specific categories of serious national security threats. Finally, agencies are no longer allowed simply to “collect it all.” Under PPD-28, the NSA and other agencies may collect signals intelligence only after weighing the benefits against the risks to privacy or civil liberties, and they must now consider the privacy of everyone, not just U.S. citizens. This is the first time any U.S. government official will be able to cite a written presidential directive to object to an intelligence program on the basis that the intelligence it produces is not worth the costs to privacy of innocent foreign citizens.

THOSE IN GLASS HOUSES

Obama’s reforms make great strides toward transparency and protecting civil liberties, but they have been neither celebrated nor matched abroad. When Chancellor Angela Merkel of Germany found out she had been the target of American eavesdropping, her reaction was swift. “This is not done,” she said, as if scolding a naughty child. Many Germans cheered. They and other Europeans believe that their laws protect privacy better than U.S. laws. But that is only partly true: Although Europe has stronger regulations limiting what private companies (such as Google and Facebook) can do with personal data, citizens are granted comparatively little protection against surveillance by government agencies. European human rights law requires no court approval for intelligence surveillance of domestic targets, as U.S. law has since 1978. Similarly, European governments do not observe limits on electronic surveillance of non-citizens outside of their own territories, as the United States now does under Obama’s presidential policy directive.

By blaming only the NSA for mass surveillance, the public and foreign leaders let other intelligence services off the hook. No wonder that some human rights organizations, including Privacy International and Big Brother Watch UK, have filed legal challenges against mass surveillance by the NSA’s British counterpart, the Government Communications Headquarters (GCHQ). But foreign leaders have taken few steps to limit government surveillance, and none have done anything remotely comparable to what Obama did in last year’s directive.

Like foreign governments, Congress has done little to reign in government surveillance. Obama stated his willingness to end the bulk collection of telephone records of U.S. citizens if the program is replaced with a viable alternative that better protects privacy while preserving the existing program’s speed and agility. Government and telecommunications representatives agree that the law must be amended to create such an alternative. But critics in the Senate staged a filibuster to block draft legislation. By November 2014, the measure was dead.

Congressional inaction stemmed not only from reflexive Republican hostility to Obama, but also from warnings that surveillance reforms had already gone far enough, or even perhaps too far. Former NSA and CIA director Michael Hayden and former Attorney General Michael Mukasey, blasted last year’s surveillance reform bill as one “that only ISIS could love” in a Wall Street Journal editorial. It was, they said, “exquisitely crafted to hobble the gathering of electronic intelligence.” Although their views are not shared by the intelligence community’s current leadership, they were widely cited on the Senate floor.

U.S. courts have been equally passive, doing little to limit controversial NSA programs. Judge Richard Leon’s ruling in Klayman v. Obama in December 2013 against the NSA’s bulk telephone records program is under appeal. Other courts have rejected challenges to NSA programs. The Foreign Intelligence Surveillance Court continues periodically to approve the mass collection of telephone records of U.S. citizens. Recent reforms to this program include individual judicial scrutiny of the suspect numbers from which the NSA begins its analysis, and limits to how far out from that number (how many “hops”) an analyst may proceed in building a suspect’s network of contacts. However, these reforms were not required by the surveillance court; they were made at Obama’s insistence. Former Foreign Intelligence Surveillance Court judge John Bates has even emerged as a critic of surveillance reform, objecting to language in last year’s proposed surveillance reform law that would allow security-cleared lawyers to be part of secret court proceedings in order to argue on behalf of privacy and civil liberties.

NEXT STEPS

Has surveillance reform gone far enough? Hardly. Obama has taken the first steps, but the government should take six more to enhance public confidence in surveillance programs.

First, the intelligence community should do even more to increase transparency.IC on the Record is a good start, but it is mostly reactive, providing context to programs that Snowden had already leaked. The intelligence community should continue to release as much as it possibly can about surveillance programs without compromising sources and methods—even if they have not been leaked. Given Snowden’s widespread public acclaim, coming clean about such controversial intelligence programs is not just good government, but also provides the surest way to preserve vital intelligence capabilities. With greater transparency, intelligence agencies can stay one step ahead of future leakers and earn back the trust of a skeptical public.

The United States should also pivot from its defensive position and take the lead on global privacy. The United States has an impressive array of privacy safeguards, and it has even imposed new ones that protect citizens of every country. Despite their weaknesses, these safeguards are still the strongest in the world. The U.S. government should not be shy about trumpeting them, and should urge other countries to follow its lead. It could begin by engaging with close allies, like the United Kingdom, Germany, and other European countries, urging them to increase transparency and judicial supervision of their own communications surveillance activities.

The government also needs to finish the job on telephone records. The law that allows for bulk collection of telephone records is set to expire on June 1, 2015. Congress should act now to pass sensible reforms that would replace bulk collection with a privacy-preserving alternative. The only truly viable option remains the bill that died in November last year.

Washington also needs to work with U.S. technology companies to reform PRISM and other surveillance programs that have been an embarrassment for U.S. companies. Congress should narrow the FISA Amendments Act of 2008 that authorizes PRISM. That law allows the government to obtain secret court orders targeting communications that include foreign participants of interest to the NSA with the compelled assistance of U.S. companies. Congress could start by limiting such orders to the same six specific serious security threats that are included in Obama’s policy directive for bulk signals intelligence collection.

One clear lesson of the NSA controversy is that the Foreign Intelligence Surveillance Court is in need of reform. The court needs a public advocate for every important case, and an independent technical expert to assist the court to better understand complex surveillance programs. The court could use its own authority to adopt such reforms, even if Congress fails to pass a surveillance reform bill.

Finally, the United States should promote, not undermine, strong encryption. As industry offers new solutions for communications security in the face of cybersecurity problems and surveillance fears, FBI Director James Comey has argued for a new legal requirement to ensure that government will always be able to intercept communications. This is a bad idea. Computer scientists have warned that mandating any “backdoor” for surveillance makes a cryptosystem weaker for everyone. This is a matter of science, not politics. In 2013, Obama’s own review group urged the government to put its weight behind a secure Internet, even at the expense of surveillance. Obama needs to listen to the experts: He should reject any proposal to mandate “backdoors” in secure communications systems, and order national security agencies not to pressure companies to do so.

In 2013, Obama called for a national dialogue on surveillance and privacy. Since then, he has made genuine attempts at reform. The job is far from over, but Washington has already come farther than many believe. Today, the United States confronts a variety of threats—ranging from the Islamic State, to Iran’s nuclear program, to cyber intrusions from China, North Korea, and Russia. Each of these threats requires robust intelligence capabilities. Obama has maintained these capabilities, but at the same time, has ordered surveillance reforms that are substantial indeed. Privacy and civil liberties advocates have a friend in the White House, even if they do not realize it. Obama has led, and it is time for others to follow.