Case answers

Internet freedom answers

AT: NSA overreach

Obama policy statement minimizes data abuse risks and is binding US policyMargulies, 14 - Professor of Law, Roger Williams University School of Law (“CITIZENSHIP, IMMIGRATION, AND NATIONAL SECURITY AFTER 9/11: THE NSA IN GLOBAL PERSPECTIVE: SURVEILLANCE, HUMAN RIGHTS, AND INTERNATIONAL COUNTERTERRORISM” 82 Fordham L. Rev. 2137, April, lexis)

Edward Snowden's disclosures have thus far centered on two NSA programs. One is domestic - the so-called metadata program, operated pursuant to section 215 of the USA PATRIOT Act, n13 and entailing the bulk collection of call record information, including phone numbers and times of calls. n14 The other is foreign - the PRISM program, operated pursuant to section 702 of the Foreign Intelligence Surveillance Act (FISA). n15 Under section 702, the government may conduct surveillance targeting the contents of communications of non-U.S. persons reasonably believed to be located abroad when the surveillance will result in acquiring foreign intelligence information. n16 The FISC must approve any government request for surveillance under section 702, although these requests can [*2141] describe broad types of communications without identifying particular individuals. n17

Under section 702, "foreign intelligence information" that the government may acquire includes a number of grounds related to national security, such as information relating to an "actual or potential attack" or "other grave hostile acts of a foreign power or an agent of a foreign power." n18 It also includes information relating to possible sabotage n19 and clandestine foreign "intelligence activities." n20 Another prong of the definition appears to sweep more broadly, including information relating to "the conduct of the foreign affairs of the United States." n21 Despite the greater breadth of this provision, President Obama informed a domestic and global audience that U.S. intelligence agencies seek a narrow range of information centering on the national security and foreign intelligence concerns described above. n22 While the U.S. intelligence agencies acquire a substantial amount of data that does not fit under these rubrics, the president's speech confirmed that U.S. analysts do not rummage through such data randomly or for invidious purposes. n23 A scatter-shot approach of this kind would be unethical, illegal, and ineffective. Instead, NSA officials query communications using specific "identifiers" such as phone numbers and email addresses that officials reasonably believe are used by non-U.S. persons abroad to communicate foreign intelligence information. n24 The government must also have in place minimization procedures to limit the acquisition, retention, and dissemination of nonpublic information about U.S. persons. n25 The NSA deletes all irrelevant content, including content from non-U.S. persons, after five years. n26

In acknowledging the "legitimate privacy interests" of both U.S. and non-U.S. persons, President Obama affirmed the U.S. commitment to core principles in January 2014. n27 First, he narrowed the operating definition of [*2142] foreign intelligence information, limiting it to "information relating to the capabilities, intentions, or activities of foreign governments or elements thereof, foreign organizations, foreign persons, or international terrorists." n28 In addition, he asserted that the NSA would engage in bulk collection of communications for purposes of "detecting and countering" terrorism, espionage, nuclear proliferation, threats to U.S. forces, and financial crimes, including evasion of duly enacted sanctions. n29 Addressing anticipated concerns that these limits still left the NSA with too much

discretion, President Obama declared what the United States would not do. First, it would not collect communications content "for the purpose of suppressing or burdening criticism or dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion." n30 Second, it would disseminate and store information regarding any person based on criteria in section 2.3 of Executive Order 12,333 n31: cases involving "foreign intelligence or counterintelligence," public safety, or ascertainment of a potential intelligence source's credibility. n32

Of course, President Obama's speech did not quell the complaints of NSA critics. One could argue that even the description the president provided has legal flaws under domestic and/or international law. One can also argue that the president's policy directive, statutory provisions, and case law cannot wholly eliminate the possibility of systemic or individual abuse of NSA authority. That said, there are compelling reasons for treating the president's speech and directive as an authoritative and binding statement of U.S. policy. The most compelling reason may be the simplest: no American president has ever been so forthright on the subject of intelligence collection, and few heads of state around the globe have ventured down the path that President Obama chose. n33 That alone counsels treating President Obama's guidance as more than "cheap talk."

Existing oversight checks NSA overreachCordero, 14 - Carrie F. Cordero is the Director of National Security Studies at Georgetown University Law Center (“Fear vs. Facts: Exploring the Rules the NSA Operates Under” 6/13, http://www.cato-unbound.org/2014/06/13/carrie-f-cordero/fear-vs-facts-exploring-rules-nsa-operates-under

There is no doubt the Snowden disclosures have launched a debate that raises significant issues regarding the extent of U.S. government national security surveillance authorities and activities. And Julian Sanchez’s essay Snowden: Year One raises a number of these issues, including whether the surveillance is too broad, with too few limits and too little oversight. But an overarching theme of Sanchez’s essay is fear – and fear of what might be overshadows what actually is, or is even likely. Indeed, he suggests that by just “tweaking a few lines of code” the NSA’s significant capabilities could be misdirected from targeting valid counterterrorism suspects to Americans involved in the Tea Party or Occupy movements.

So really, what would it take to turn NSA’s capabilities inward, to the dark corner of monitoring political activity and dissent? It turns out, quite a lot. So much, in fact, that after a considered review of the checks and balances in place, it may turn out to be not worth fearing much at all.

First, a little history. Prior to 1978, NSA conducted surveillance activities for foreign intelligence purposes under Executive authority alone. In 1978, Congress passed the Foreign Intelligence Surveillance Act (FISA), which distinguished between surveillance that occurred here at home and that which occurred overseas. FISA requires that when electronic surveillance is conducted inside the United States, the government seek an order from the Foreign Intelligence Surveillance Court (FISC or the Court) based on probable cause. So, if the government wants to conduct surveillance targeting a foreign agent or foreign power here in the United States, it must obtain FISC approval to do so. By law, the Court may not issue an order targeting an American based solely on activities protected by the First

Amendment to the Constitution. The Attorney General is required to report on the full range of activities that take place under FISA to four congressional committees: both the intelligence and judiciary committees in Congress. The law requires that the committees be “fully informed” twice each year.

There have been a number of amendments to FISA over the years. In 1994, the statute was amended to require that physical searches for national security purposes conducted inside the United States also happen by an order from the FISC. The USA-PATRIOT Act of 2001 amended several provisions of FISA, one of which enabled better sharing of information between terrorism and criminal investigators. And in 2008, FISA was amended to provide a statutory framework for certain approvals by the Attorney General, Director of National Intelligence, and FISC regarding the targeting of non-U.S. persons reasonably believed to be outside the United States for foreign intelligence purposes, when the cooperation of a U.S. communications service provider is needed.

So how do we know that this system of approvals is followed? Is the oversight over NSA’s activities meaningful, or “decorative,” as Sanchez suggests?

It is worth exploring. Here is how oversight of the Section 702 surveillance works, as one example, since it has been the subject of a significant part of the debate of the past year. Section 702 was added to FISA by the FISA Amendments Act of 2008. It authorizes the NSA to acquire the communications, for foreign intelligence purposes, of non-U.S. persons reasonably believed to be outside the United States. These are persons with no Constitutional protections, and yet, because the acquisition requires the assistance of a U.S. electronic communications provider, there is an extensive approval and oversight process. There is a statutory framework. Specifically, the Attorney General and Director of National Intelligence jointly approve certifications. According to declassified documents, the certifications are topical, meaning, the way the statute is being implemented, the certifications are not so specific that they identify individual targets; but they are not so broad that they cover any and everything that might be foreign intelligence information. The certifications are filed with the FISC, along with targeting and minimization procedures. Targeting procedures are the rules by which NSA selects valid foreign intelligence targets for collection. Minimization procedures are rules by which NSA handles information concerning U.S. persons. The FISC has to approve these procedures. If it does not approve them, the government has to fix them. The Court reviews these procedures and processes annually. The Court can request a hearing with government witnesses (like senior intelligence officials, even the NSA Director, if the judge wanted or needed to hear from him personally) or additional information in order to aid in its decisionmaking process. Information about the 702 certifications is reported to the Congressional intelligence committees.

Once the certifications are in effect, attorneys from the Department of Justice’s (DOJ) National Security Division and attorneys and civil liberties officials from the Office of the Director of National Intelligence (ODNI) review the NSA’s targeting decisions and compliance with the rules. They conduct reviews at least every 90 days. During that 90-day period, oversight personnel are in contact with NSA operational and compliance personnel. Compliance incidents can be discovered in one of at least two ways: the NSA can self-report them, which it does; or the DOJ and ODNI oversight personnel may discover them on their own. Sometimes the NSA does not report a compliance incident in the required timeframe. Then the time lag in reporting may become an additional compliance incident. The DOJ and ODNI compliance teams write up semi-annual reports describing the results of their reviews. The reports are approved by

the Attorney General and Director of National Intelligence and provided to the FISC and to Congress. According to the one report that has been declassified so far, in August 2013, for a six-month period in 2012, the rate of error for the NSA’s compliance under Section 702 collection was .49% - less than half of one percent. If we subtract the compliance incidents that were actually delays in reporting, then the noncompliance rate falls to between .15-.25% - less than one quarter of one percent. Hardly an agency run amok.

--xt – squo solves

Squo Congressional oversight prevents abuse and oversight reform is better than scaling backCordero, 14 - Carrie F. Cordero is the Director of National Security Studies at Georgetown University Law Center (“Fear vs. Facts: Exploring the Rules the NSA Operates Under” 6/13, http://www.cato-unbound.org/2014/06/13/carrie-f-cordero/fear-vs-facts-exploring-rules-nsa-operates-under

Generally, however, Congressional committees charged with oversight of the Intelligence Community do their job. The Intelligence Committees of Congress have professional staff, often with deep experience in national security matters. The Committees conduct substantive hearings, although, due to the sensitive and operational nature of the topics discussed, often in classified session. Congressional staff also receive briefings. During the debate surrounding the passage of the FISA Amendments Act of 2008, many members of Congress and their staffs visited the NSA and received dozens of briefings regarding its details and subsequent implementation.

Decorative? Returning to the question implicitly posed by Sanchez’s argument: what would it take to turn this system inside out? Most likely, it would take either a conspiracy of the highest order, or the complete incompetence of everyone involved in the process – from operators to leadership inside the Intelligence Community, from lawyers to senior officials at the Justice Department, from legal advisors to judges of the FISC, from staff to members of Congress.

Here’s what happens in the real world: people make mistakes; technological implementation goes awry; bureaucracy gets in the way of getting down to the bottom line. The adequacy and rigor of Congressional oversight waxes and wanes based, at times, on the quality of the leadership of the various committees at any time. Government employees also sometimes do the wrong thing, such as the twelve cases in ten years that the NSA has explained to Congress, and then they are held accountable. Oversight and compliance systems sometimes fail, too, such as the delay in recognizing the problems in the technical implementation of the phone metadata program that was subsequently brought to the Court’s attention. These are all valid reasons to work on improving auditing, compliance, oversight and accountability mechanisms. They are not valid reasons for adopting reforms that would dramatically scale back important national security capabilities that keep the nation safe.

The NSA already implemented technical reforms to PRISM that prevent overreachSales, 14 - Associate Professor of Law, Syracuse University College of Law (Nathan, I/S: A Journal of Law and Policy for the Information Society, “Domesticating Programmatic Surveillance: Some Thoughts on the NSA Controversy” 10 ISJLP 523, Summer, lexis)

The second program--known as PRISM or section 702--uses court orders issued under section 702 of FISA n18 to collect the content of certain international communications. In particular, the NSA targets

specific non-Americans who are reasonably believed to be located outside the country, and also engages in bulk collection of some foreign-to-foreign communications that happen to be passing through telecommunications infrastructure in the United States. n19 The FISA [*527] court does not approve individual surveillance applications each time the NSA wishes to intercept these communications; instead, it issues once-a-year blanket authorizations. n20 As detailed below, in 2011 the FISA court struck down the program on constitutional and statutory grounds after the government disclosed that it was inadvertently intercepting a significant number of communications involving Americans; n21 the court later upheld the program when the NSA devised a technical solution that prevented such over-collection. n22

Zero incentive exists to expand PRISM – practicality prevents abuseLempert, 13 - Richard O. Lempert is a Visiting Fellow in Governance Studies at the Brookings Foundation and the University of Michigan’s Eric Stein Distinguished University Professor of Law and Sociology emeritus (“PRISM and Boundless Informant: Is NSA Surveillance a Threat?” 6/13, http://www.brookings.edu/blogs/up-front/posts/2013/06/13-prism-boundless-informant-nsa-surveillance-lempert

The protection most of us enjoy under PRISM may be more practical than legal. The amount of data that can be collected limits the reach of the program. Not only is capturing too much information from innocent Americans a waste of resources, but also suspicious communications can be lost in a forest of irrelevant data. The NSA thus has powerful reasons to limit impermissible observations, at least where there is no good reason to suspect Americans of terrorist involvements. Still we lack two bits of information important in assessing this program. One is the fate of information pertaining to Americans who should not have been observed in the first place. If this information is purged from all databases except perhaps when the person is dangerous, erroneous capture is less of a concern than it otherwise would be. Second, we don’t know how monitoring targets are determined or the number of targets selected. To the extent that individuals, organizations and sites are targeted based on target-specific concerns about the threats they pose, the net cast is likely to be narrow, and even if the reasons for targeting do not rise to the level of legally cognizable probable cause, they tend in this direction. But if targets are selected based on the impersonal outputs of other data mining efforts like the telephone records that feed Boundless Informant, all bets are off. Depending on the algorithms used and the degree to which they have been empirically validated, the net could be wide or narrow, and the likelihood that a target would be involved in terrorism or that citizens would be swept into the net may be great or small. Congress in overseeing PRISM should demand this information if it is not already provided.

It is easy to be cynical about government and the respect that agencies show for the laws under which they operate. Cynicism is fed by occasional scandals and by the more frequent pseudo-scandals which make it appear that within the Beltway things are out of control. Having spent four years as a Division Director at the National Science Foundation and three years as Chief Scientist in the Human Factors/ Behavioral Science Division of DHS’s Science and Technology Directorate, I am not cynical. Time and again I have seen government employees seek to follow the law even when it seems silly and interferes

with their mission. When I joined DHS I was most surprised by the fierceness of efforts to comply with the U.S. Privacy Act. At times interpretations of what the Act protected were so broad as to border on the ridiculous, and costs were real: research projects with national security implications were delayed, redesigned or even precluded because privacy officers, sometimes with little basis in the statute, felt there was a risk that personally identifiable information (PII) would be impermissibly collected. The absence of any reason to fear revelation or misuse made no difference. The strict scrutiny applied to research that might involve PII is, to be sure, relaxed in front line operational settings like PRISM and legal restrictions may differ, but my experience in two agencies as well as conversations with people in the intelligence community (IC) lead me to believe that it is a mistake to regard as a sham the legal restrictions on PRISM or other IC data mining and surveillance activities.

Through its PRISM and Boundless Informant efforts, NSA is working to protect the nation, apparently with some success. The 99.9% of us who pose no threat of terrorism and do not inadvertently consort with possible terrorists should not worry that the government will track our phone or internet exchanges or that our privacy will be otherwise infringed.

Economy answers

AT: Cloud computing

NSA surveillance doesn’t undermine cloud computingHenderson, 4/9/15 (Nicole, “Impact of NSA Surveillance on US Cloud Providers Not as Bad as We Thought: Forrester” 4/9, http://www.thewhir.com/web-hosting-news/impact-nsa-surveillance-us-cloud-providers-not-bad-thought-forrester

It’s been two years since Edward Snowden leaked details of the NSA’s PRISM surveillance program, and although analysts predicted an exodus from US-based cloud and hosting services in response to the revelations, it hasn’t exactly worked out that way, a new report finds.

Forrester released a new report last week that suggests concerns around international customers severing ties with US-based hosting and cloud companies “were overblown.”

“Lost revenue from spending on cloud services and platforms comes to just over $500 million between 2014 and 2016. While significant, these impacts are far less than speculated, as more companies reported taking control of security and encryption instead of walking away from US providers,” Forrester’s principal analyst serving security and risk professionals Edward Ferrara said in a blog post.

Snowden recently told a crowd of cloud and hosting providers that use of encryption is growing, and encrypted traffic has doubled since 2013.

In 2013, Forrester predicted that US cloud providers cloud lose up to $180 billion in business by 2016 due to concerns around the scope of NSA’s PRISM program.

According to NextGov, Forrester finds that 26 percent of enterprises based in Asia Pacific, Canada, Europe and Latin America have stopped or reduced their spending with US-based firms for Internet-based services. Thirty-four percent said these concerns were related to fears of US surveillance, while others said they want to support businesses in their own country, or data sovereignty rules prevent them from storing data abroad.

Forrester surveyed more than 3,000 businesses between June and July 2014.

More than half of respondents said that they did not trust US-based outsourcers to handle sensitive information, with only 8 percent reporting to trust their company’s intellectual property with a US-based outsourced company.

Ninety-percent of decision-makers have taken steps to encrypt their data, according to the report.

No significant impact on cloud computingWeise, 4/7/15 (Elizabeth, “PRISM revelations didn't hit U.S. cloud computing as hard as expected” 4/7, http://americasmarkets.usatoday.com/2015/04/07/prism-revelations-didnt-hit-u-s-cloud-computing-as-hard-as-expected/

When Edward Snowden revealed the extent of the U.S. National Security Agency’s PRISM spying program, there were concerns that American cloud, hosting and outsourcing businesses would lose customers running to non-U.S.-based companies safe from NSA’s prying eyes.

“The assertion was that this would be a death blow to U.S. firms trying to operating in Europe and Asia,” said Forrester Research analyst Ed Ferrara.

But two recent reports from Forrester find it was less catastrophic than expected.

That’s good news for companies like Box (BOX), DropBox and others that make their money by selling U.S.-based data storage.

Forrester had originally predicted U.S. companies could lose as much as $180 billion in sales.

Instead, just 29% of technology decision-makers in Asia, Canada, Europe and Latin America halted or reduced spending with U.S.-based firms offering Internet-based services due to the PRISM scandal, Forrester’s Business Technographics Global Infrastructure Survey for 2014 found

“It’s a relatively small amount of data,” Ferrara said.

That’s because most of the companies didn’t need to move all their data, much of which was stored in-house. Instead, only 33% of the data held by that 29% of companies was at a third-party data center or in a cloud system.

Forrester believes the overall loss to U.S. cloud providers for 2015 will be about $15 billion and in 2016, $12 billion, a far cry from projections that were ten times that a year ago.

Forrester also found that companies are looking at other ways to protect the integrity of their data, not just from the NSA but also from surveillance by other nations.

Chief among them was encryption. Eighty-four percent of the companies said they’re using various encryption methods to protect sensitive material.

The survey’s definition of cloud providers is broad, and includes both platform as a service, infrastructure as a service and software as a service companies, said Ferrara.

Solvency answers

Solvency 1nc

Modeling is empirically falseEdgar, 4/13/15 - visiting fellow at the Institute and adjunct professor of law at the Georgetown University Law Center (Timothy, “The Good News About Spying”

https://www.foreignaffairs.com/articles/united-states/2015-04-13/good-news-about-spying

Despite high hopes for a fresh start on civil liberties, during his first term in office, Obama ratified and even expanded the surveillance programs that began under former President George W. Bush. After NSA contractor Edward Snowden began revealing the agency’s spying programs to The Guardian in 2013, however, Obama responded with a clear change of direction. Without great fanfare, his administration has made changes that open up the practices of the United States intelligence community and protect privacy in the United States and beyond. The last year and a half has been the most significant period of reform for national security surveillance since Senator Frank Church led the charge against domestic spying in the late 1970s.

In 2013, at Obama’s direction, the Office of the Director of National Intelligence (ODNI) established a website for the intelligence community, IC on the Record, where previously secret documents are posted for all to see. These are not decades-old files about Cold War spying, but recent slides used at recent NSA training sessions, accounts of illegal wiretapping after the 9/11 attacks, and what had been highly classified opinions issued by the Foreign Intelligence Surveillance Court about ongoing surveillance programs.

Although many assume that all public knowledge of NSA spying programs came from Snowden’s leaks, many of the revelations in fact came from IC on the Record, including mistakes that led to the unconstitutional collection of U.S. citizens’ emails. Documents released though this portal total more than 4,500 pages—surpassing even the 3,710 pages collected and leaked by Snowden. The Obama administration has instituted other mechanisms, such as an annual surveillance transparency report, that will continue to provide fodder for journalists, privacy activists, and researchers.

The transparency reforms may seem trivial to some. From the perspective of an intelligence community steeped in the need to protect sources and methods, however, they are deeply unsettling. At a Brown University forum, ODNI Civil Liberties Protection Officer Alexander Joel said, “The intelligence community is not designed and built for transparency. Our culture is around finding our adversaries’ secrets and keeping our own secrets secret.” Accordingly, until only a few years ago, the intelligence community resisted making even the most basic information public. The number of FISA court opinions released to the public between 1978 and 2013 can be counted on one hand.

Beyond more transparency, Obama has also changed the rules for surveillance of foreigners. Until last year, privacy rules applied only to “U.S. persons.” But in January 2014, Obama issued Presidential Policy Directive 28 (PPD-28), ordering intelligence agencies to write detailed rules assuring that privacy protections would apply regardless of nationality. These rules, which came out in January 2015, mark the first set of guidelines for intelligence agencies ordered by a U.S. president—or any world leader—

that explicitly protect foreign citizens’ personal information in the course of intelligence operations. Under the directive, the NSA can keep personal information in its databases for no more than five years. It must delete personal information from the intelligence reports it provides its customers unless that person’s identity is necessary to understand foreign intelligence—a basic rule once reserved only for Americans.

The new rules also include restrictions on bulk collection of signals intelligence worldwide—the practice critics call “mass surveillance.” The NSA’s bulk collection programs may no longer be used for uncovering all types of diplomatic secrets, but will now be limited to six specific categories of serious national security threats. Finally, agencies are no longer allowed simply to “collect it all.” Under PPD-28, the NSA and other agencies may collect signals intelligence only after weighing the benefits against the risks to privacy or civil liberties, and they must now consider the privacy of everyone, not just U.S. citizens. This is the first time any U.S. government official will be able to cite a written presidential directive to object to an intelligence program on the basis that the intelligence it produces is not worth the costs to privacy of innocent foreign citizens.

THOSE IN GLASS HOUSES

Obama’s reforms make great strides toward transparency and protecting civil liberties, but they have been neither celebrated nor matched abroad . When Chancellor Angela Merkel of Germany found out she had been the target of American eavesdropping, her reaction was swift. “This is not done,” she said, as if scolding a naughty child. Many Germans cheered. They and other Europeans believe that their laws protect privacy better than U.S. laws. But that is only partly true: Although Europe has stronger regulations limiting what private companies (such as Google and Facebook) can do with personal data, citizens are granted comparatively little protection against surveillance by government agencies. European human rights law requires no court approval for intelligence surveillance of domestic targets, as U.S. law has since 1978. Similarly, European governments do not observe limits on electronic surveillance of non-citizens outside of their own territories, as the United States now does under Obama’s presidential policy directive.

By blaming only the NSA for mass surveillance, the public and foreign leaders let other intelligence services off the hook. No wonder that some human rights organizations, including Privacy International and Big Brother Watch UK, have filed legal challenges against mass surveillance by the NSA’s British counterpart, the Government Communications Headquarters (GCHQ). But foreign leaders have taken few steps to limit government surveillance, and none have done anything remotely comparable to what Obama did in last year’s directive.

Circumvention inevitable Redmond, 14 – J.D. Candidate, 2015, Fordham University School of Law (Valerie, “I Spy with My Not So Little Eye: A Comparison of Surveillance Law in the United States and New Zealand” FORDHAM INTERNATIONAL LAW JOURNAL [Vol. 37:733

In the United States, the current state of surveillance law is a product of FISA, its amendments, and its strictures. An evaluation of US surveillance law proves that inherent loopholes undercut FISA’s

protections, which allows the US Government to circumvent privacy protections.182 The main problems are the insufficient definition of surveillance , the ability to spy on agents of foreign powers, the lack of protection against third party surveillance, and the ability to collect incidental information.183

First, a significant loophole arises in the interpretation of the term “surveillance.”184 In order for information collection to be regulated by FISA, it must fall under FISA’s definition of surveillance.185 This definition does not apply to certain National Security Letters , which are secret authorizations for the Federal Bureau of Investigation (“FBI”) to obtain records from telephone companies, credit agencies, and other organizations if they merely certify that the information is relevant to an international terrorism investigation.186 National Security Letters are regularly used to circumvent FISA’s warrant procedures.187

Additionally, FISA’s definition of surveillance is antiquated because it distinguishes between data acquired inside of the United States and outside of the United States.188 This distinction allows the NSA to process surveillance that is received from other countries irrespective of whether the target is a US citizen.189 Therefore, the NSA is unrestrained when a communication is not physically intercepted within the United States.190

Second, an issue arises when US citizens are construed to be agents of foreign powers under FISA because a warrant can be issued to engage in surveillance against them.191 According to FISA’s procedures, the only way to spy on a US citizen is when they can be considered to be an agent of a foreign power, or engaged in information gathering, aiding, or abetting a foreign power.192 However, this limitation does not result in total privacy protection because it only requires probable cause that a person is an agent of a foreign power, not that a crime is being committed.193 The effect of this ability is that the US Government can conduct surveillance on a US citizen with no ties to terrorism such as a suburban mother telling her friend that her son “bombed” a school play.194

Furthermore, FISA is limited to protecting against surveillance by the US Government; it does not create a reasonable expectation of privacy for individuals from surveillance by a third party.195 This rule is exploited by the United States’ participation in Echelon.196 Because US law generally does not regulate information sharing, the United States essentially violates the privacy rights of US citizens by accepting information from foreign intelligence agencies about potential threats involving US citizens.197 Thus, the lack of privacy rights when US citizens are spied on by agencies outside of the United States creates a loophole for spying on US citizens without the government restrictions created by existing law.198

Lastly, US law allows for the collection of incidental information.199 It is predicted that Echelon collects nearly all communications, many of which can be considered incidental.200 Therefore, the fact that FISA allows for the collection of incidental information suggests that privacy rights can be violated by its involvement in Echelon.201

The domestic-only limit wrecks solvencyKehl, 14 – Policy Analyst at New America’s Open Technology Institute (Danielle, “Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity” July, https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internet-freedom-cybersecurity/

The U.S. government has already taken some limited steps to mitigate this damage and begin the slow, difficult process of rebuilding trust in the United States as a responsible steward of the Internet. But the reform efforts to date have been relatively narrow, focusing primarily on the surveillance programs’ impact on the rights of U.S. citizens . Based on our findings, we recommend that the U.S. government take the following steps to address the broader concern that the NSA’s programs are impacting our economy, our foreign relations, and our cybersecurity:

1. Strengthen privacy protections for both Americans and non-Americans , within the United States and extraterritorially.

2. Provide for increased transparency around government surveillance, both from the government and companies.

3. Recommit to the Internet Freedom agenda in a way that directly addresses issues raised by NSA surveillance, including moving toward international human-rights based standards on surveillance .

4. Begin the process of restoring trust in cryptography standards through the National Institute of Standards and Technology.

5. Ensure that the U.S. government does not undermine cybersecurity by inserting surveillance backdoors into hardware or software products.

6. Help to eliminate security vulnerabilities in software, rather than stockpile them.

7. Develop clear policies about whether, when, and under what legal standards it is permissible for the government to secretly install malware on a computer or in a network.

8. Separate the offensive and defensive functions of the NSA in order to minimize conflicts of interest.

It’s a linear case turn – it expands perceptions of foreign abuseChandler and Le, 15 - * Director, California International Law Center, Professor of Law and Martin Luther King, Jr. Hall Research Scholar, University of California, Davis; A.B., Harvard College; J.D., Yale Law School AND **Free Speech and Technology Fellow, California International Law Center; A.B., Yale College; J.D., University of California, Davis School of Law (Anupam and Uyen, “DATA NATIONALISM” 64 Emory L.J. 677, lexis)

First, the United States, like many countries, concentrates much of its surveillance efforts abroad. Indeed, the Foreign Intelligence Surveillance Act is focused on gathering information overseas, limiting data gathering largely only when it implicates U.S. persons. n174 The recent NSA surveillance disclosures have revealed extensive foreign operations. n175 Indeed, constraints on domestic operations may well have spurred the NSA to expand operations abroad . As the Washington Post reports, "Intercepting communications overseas has clear advantages for the NSA, with looser restrictions and less oversight." n176 Deterred by a 2011 ruling by the Foreign Intelligence Surveillance Court barring certain broad

domestic surveillance of Internet and telephone traffic, n177 the NSA may have increasingly turned its attention overseas.

Allied info sharing makes circumvention inevitableDonohue, 15 - Professor of Law, Georgetown University Law Center (Laura, “SECTION 702 AND THE COLLECTION OF INTERNATIONAL TELEPHONE AND INTERNET CONTENT” 38 Harv. J.L. & Pub. Pol'y 117, Winter, lexis)

With GCHQ in mind, it is worth noting an additional exception to both FISA and Executive Order 12,333: to the extent that it is not the United States engaged in the collection of information, but, rather, one of our allies, rules that otherwise limit the U.S. intelligence community may not apply. From the language of the order, it appears that the United States may receive or benefit from other countries' collection of information on U.S. citizens, where it does not actively participate in the collection or specifically request other countries to carry out the collection at its behest. n142 In turn, the United States can provide information about foreign citizens to their governments that their intelligence agencies, under their domestic laws, might otherwise be unable to collect. To the extent that the programs underway are extended to the closely allied "Five Eyes" (Australia, Canada, the United Kingdom, the United States, and New Zealand), structural demarcations offer a way around the legal restrictions otherwise enacted to protect citizen rights in each region.

Government acquisition of third party data inevitable – surveillance is only one of many toolsTurner, 15 - Brad Turner is a graduate of Duke Law School and a practicing attorney in Ohio. (“When Big Data Meets Big Brother: Why Courts Should Apply United States v. Jones to Protect People's Data” 16 N.C. J.L. & Tech. 377, January, lexis)

The government can obtain second-hand data from private parties in a variety of ways. First, the government can simply ask for it. According to Google, nearly 1% of requests for its user data from law enforcement are emergency requests. n185 A bill that has been proposed in Congress, called the Cyber Intelligence Sharing and Protection Act ("CISPA"), might dramatically increase this percentage. CISPA would make it legal for the government to ask companies for data about their customers and then protect those companies from lawsuits related to the handing over of that data, "notwithstanding any other provision of law." n186

Second, the government can demand the data with a subpoena. A subpoena need not be reviewed or pre-approved by a court to be valid and enforceable. n187 Google says that 68% of its data requests from the government are in the form of a subpoena. n188 Subpoenas can request any information or documents that are at all relevant to an investigation. Relevance is defined very broadly and includes any information or documents that "might have the potential to lead to relevant information." n189 So

long as a subpoena meets this very lenient standard, a court will deem the subpoena valid to the extent that the subpoena's demands are not overbroad or unduly burdensome. n190

Third, the government can demand the information with a court order, which, by definition, does require prior approval by a [*411] court. n191 Google says that 22% of its requests for data by the government are from warrants, and another 6% are from court orders. n192 The NSA collects much of its data by using secret FISA court orders, collecting huge sums of data from U.S. telephone companies, including AT&T, Verizon, and Sprint, and Internet service-providers like Facebook, Apple, Google, Microsoft, Yahoo, and AOL. n193 Statutes regulate these data-collection efforts. n194

Fourth, the government can purchase the information. Big Data is valuable and companies are willing to sell. n195 For the right price, [*412] government can access the same rich data-troves held by private organizations. For example, the federal government recently started buying access to a private database maintained by the credit bureau Equifax, called "The Work Numbers." n196 The database contains 54 million active salary and employment records and more than 175 million historical records from approximately 2,500 U.S. employers. n197 Equifax also sells this same data to credit card issuers, property managers, and auto lenders. n198

Finally, the government can intercept the data using wiretaps, bugs, and Trojan horses among many other available tools. The NSA collects much of its data by tapping directly into telecommunications cables, both domestically and abroad. n199 These cables are owned by private-sector telecommunications companies, not the U.S. Government. n200 According to top-secret records provided by Edward Snowden, every day the NSA "Acquisitions Directorate" collects millions of records from Yahoo and Google this way. n201 Apparently, "from undisclosed interception points, the NSA ... copies entire data flows across fiber-optic cables that carry information among the data centers of the Silicon Valley giants." n202 In just one month, the NSA had collected nearly 200 million new records, which included metadata and the content of text, audio, and video. n203 In a classic case of the pot calling the kettle black, a representative from Google blasted these activities, [*413] saying, "We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks ... ." n204 A spokesperson for Yahoo remained more reserved, saying, "We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency." n205 Google has since encrypted its dataflows between its data centers in an effort to secure its customers' data from the NSA's prying eyes. n206

Section 702 limit doesn’t resolve perception problems – the fundamental issue is fear of PRISMGranick, 13 – civil liberties director for the Center for Internet and Society at Stanford Law School (Jennifer, “REFORMING FISA: A CRITICAL LOOK AT THE WYDEN/UDALL PROPOSAL AND FOREIGN SURVEILLANCE” 9/30, http://cyberlaw.stanford.edu/publications/reforming-fisa-critical-look-wydenudall-proposal-and-foreign-surveillance

Rather than focus on section 215, I want to focus in this post on the bill’s proposed reforms to section 702 of the FISA Amendments Act, or FAA. This is the provision underlying the PRISM program—and its use to obtain the content of phone calls and Internet messages, which Glenn Greenwald revealed based on Edward Snowden’s documentation. There’s been less discussion of the problems with section 702

than of those with section 215, even as we’ve learned some worrisome things about the way the NSA uses this legal authority. The new bill would address some, but by no means all, of these problems. In my opinion, it needs to be broader.

I. Bacgkround

First, some legal and technological background is in order. Traditional FISA required the government to show probable cause that the target of the underlying foreign intelligence surveillance was an agent of a foreign power and would use the facilities at which the government planned to direct surveillance before conducting electronic surveillance. This probable cause requirement had the practical effect of limiting surveillance to communications to or from individuals who are reasonably believed to be working for another government or a terrorist group.

In addition to the expansions created in 2001 by the USA PATRIOT Act (including section 215), section 702 of the FAA created a new source of authority for conducting warrantless electronic surveillance. If the Attorney General and the Director of National Intelligence certify that the purpose of the monitoring is to collect foreign intelligence information about any nonAmerican individual or entity not known to be in the United States, the Foreign Intelligence Surveillance Court (FISC) can require companies to provide access to Americans’ international communications. The court does not approve the target or the facilities to be monitored, nor does it assess whether the government is doing enough to minimize the intrusion, correct for collection mistakes, and protect privacy. Once the court approves the certification, the government can issue top-secret directives to Internet companies like Google and Facebook to turn over calls, e-mails, video and voice chats, photos, voiceover IP calls (like Skype), and social networking information.

Enter, PRISM. PRISM surveillance is technologically complicated, involving both the aforementioned directives demanding that companies turn over the contents of user Internet messages, as well as upstream surveillance conducted directly on the fiber optic cables carrying telecommunications and Internet traffic. Pulling the right stuff off the cables as it travels is a technological challenge. Reports suggest that one way the NSA has accomplished this surveillance is via the XKeyScore tool, which appears to copy and temporarily store almost everything that flows over the network, filter that traffic based on various selection criteria, and store the subset in different databases for longer periods of time. No one has yet identified the legal authority under which the NSA justifies XKeyScore. It cannot be the FAA because that law does not authorize copying everything, even for a short period of time.

Leaving that question aside for now, I want to highlight several pernicious results of the FISA Amendments Act or FAA.

Americans’ communications with targets overseas are subject to warrantless interception. Once those communications are collected, current rules allow the NSA to search the trove for U.S. person identifiers, which Wyden has referred to as the “back door searches loophole”.

The non-U.S. targets include regular people, not just those who are agents of foreign powers. While analysts provide their foreign intelligence purpose when selecting the target, the rationale is just one short sentence.

By untethering surveillance from facilities that the target uses, the FAA greatly increased the opportunity for the NSA to collect information about rather than just to or from the target. As an

example, if I monitor a network for “Jennifer Granick” and Jennifer Granick uses that network, I’ll get her communications, and maybe some messages about her. If I can monitor any facility for “Jennifer Granick”, I’m going to pull only messages about, but not to or from her.

II. The Wyden/Udall Proposal

Enter the new bill. The fact sheet says the Intelligence Oversight and Surveillance Reform Act would reform section 702 to:

Close the “back door searches” loophole;

Prohibit the government from collecting communications that are “about the target”, in non-terrorism contexts;

Strengthen the prohibition against “reverse targeting,” or targeting a foreigner in order to warrantlessly acquire the communications of an American who is known to be communicating with that foreigner; and

Place stronger statutory limits on the use of unlawfully collected information.

These are critical reforms. I would like to see the bill further include a higher standard of care with regards to ensuring that people inside the U.S. are not targeted. As Professor Christopher Sprigman and I argued in the New York Times, PRISM is designed to produce at least 51 percent confidence in a target’s “foreignness” — as John Oliver of “The Daily Show” put it, “a coin flip plus 1 percent.” In other words, 49 percent of the time the NSA may be acquiring information it is not allowed to have, even under the terrifyingly broad auspices of the FAA.

More fundamentally, though, the Wyden/Udall bill does not fully address a fundamental problem with the FAA, which is that it authorizes surveillance of average citizens of other countries for reasons that are not necessarily related to the security of the United States. Senator Udall acknowledged in the press conference announcing the bill (at 30:17) that the NSA’s unfettered spying has had and will continue to have an adverse economic effect on U.S.-based businesses, and that this is one of the motivations behind the bill.

Prohibiting “about the target” collection is one giant step forward. That would mean that non-targets outside the U.S. could not be subject to surveillance under this law just because they talk about a target, unless their conversation is related to terrorism. Depending on the details of the targeting and minimization procedures, if my British friend in London and I email about our dismay over the Kenya attacks, that would be fair game, but our conversation about the policies of Brazilian President Dilma Roussef would be off limits.

However, targets still need not be agents of foreign powers so long as a significant purpose of the collection is foreign intelligence. Foreign intelligence is broad, and includes any information that “relates to” the conduct of U.S. foreign affairs. For example, DNI James Clapper affirmed that the U.S. collects information about economic and financial matters to “provide the United States and our allies early warning of international financial crises which could negatively impact the global economy … or to provide insight into other countries’ economic policy or behavior which could affect global markets.”

Monitoring economic and financial matters is in the United States’ national interest. However, routine eavesdropping upon common foreigners to discover information about these matters is a bad idea. First, foreigners have privacy rights, too. Freedom from arbitrary interference with one’s privacy is part of the Universal Declaration of Human Rights.

Next, this monitoring is detrimental to U.S. companies and to the United States’ long-term interests in promoting democratic ideals. As Sprigman and I argue, although it may be legal, unfettered U.S. spying on foreigners will cause serious collateral damage to America’s technology companies, to our Internet-fueled economy, and to human rights and democracy the world over. Since our Atlantic article on June 28th, and the disclosure that the NSA targeted both Petrobras and President Dilma Roussef, Brazil has announced that it will look into requiring Internet companies to store its citizens’ data locally, and take other steps that threaten to balkanize the global Internet. When Brazil takes these steps, it gives comfort and cover to authoritarian countries who will do the same, so that they can better censor, spy on, and control Internet access within their own borders.

--xt – domestic only limit

The domestic-only limit prevents solvencyKehl, 14 – Policy Analyst at New America’s Open Technology Institute (Danielle, “Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity” July, https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internet-freedom-cybersecurity/

It appears that little consideration was given over the past decade to the potential economic repercussions if the NSA’s secret programs were revealed.38 This failure was acutely demonstrated by the Obama Administration’s initial focus on reassuring the public that its programs primarily affect non-Americans, even though non-Americans are also heavy users of American companies’ products. Facebook CEO Mark Zuckerberg put a fine point on the issue, saying that the government “blew it” in its response to the scandal. He noted sarcastically: “The government response was, ‘Oh don’t worry, we’re not spying on any Americans.’ Oh, wonderful: that’s really helpful to companies [like Facebook] trying to serve people around the world, and that’s really going to inspire confidence in American internet companies.”39 As Zuckerberg’s comments reflect, certain parts of the American technology industry are particularly vulnerable to international backlash since growth is heavily dependent on foreign markets . For example, the U.S. cloud computing industry has grown from an estimated $46 billion in 2008 to $150 billion in 2014, with nearly 50 percent of worldwide cloud-computing revenues coming from the U.S.40 R Street Institute’s January 2014 policy study concluded that in the next few years, new products and services that rely on cloud computing will become increasingly pervasive. “Cloud computing is also the root of development for the emerging generation of Web-based applications—home security, outpatient care, mobile payment, distance learning, efficient energy use and driverless cars,” writes R Street’s Steven Titch in the study. “And it is a research area where the United States is an undisputed leader.”41 This trajectory may be dramatically altered, however, as a consequence of the NSA’s surveillance programs.

The NSA doesn’t comply with foreignness designation requirementsGellman, 14 – staff writer for the Washington Post; won 3 Pullitzer Prizes (Barton, Washington Post, “In NSA-intercepted data, those not targeted far outnumber the foreigners who are” 7/5, http://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html

When NSA and allied analysts really want to target an account, their concern for U.S. privacy diminishes. The rationales they use to judge foreignness sometimes stretch legal rules or well-known technical facts to the breaking point.

In their classified internal communications, colleagues and supervisors often remind the analysts that PRISM and Upstream collection have a “lower threshold for foreignness ‘standard of proof’ ” than a traditional surveillance warrant from a FISA judge, requiring only a “reasonable belief” and not probable cause.

One analyst rests her claim that a target is foreign on the fact that his e-mails are written in a foreign language, a quality shared by tens of millions of Americans. Others are allowed to presume that anyone on the chat “buddy list” of a known foreign national is also foreign.

In many other cases, analysts seek and obtain approval to treat an account as “foreign” if someone connects to it from a computer address that seems to be overseas. “The best foreignness explanations have the selector being accessed via a foreign IP address,” an NSA supervisor instructs an allied analyst in Australia.

Apart from the fact that tens of millions of Americans live and travel overseas, additional millions use simple tools called proxies to redirect their data traffic around the world, for business or pleasure. World Cup fans this month have been using a browser extension called Hola to watch live-streamed games that are unavailable from their own countries. The same trick is routinely used by Americans who want to watch BBC video. The NSA also relies routinely on locations embedded in Yahoo tracking cookies, which are widely regarded by online advertisers as unreliable.

--XT – section 702 fails

FAA isn’t a real check – aff author concedesEoyang and Bishai, 15 - *Mieke Eoyang is the Director of the National Security Program at Third Way, a center-left think tank. She previously served as Defense Policy Advisor to Senator Edward M. Kennedy, and a subcommittee staff director on the House Permanent Select Committee on Intelligence, as well as as Chief of Staff to Rep. Anna Eshoo (D-Palo Alto); **Chrissy Bishai is a Fellow at Third Way (“Restoring Trust between U.S. Companies and Their Government on Surveillance Issues” 3/19, http://www.thirdway.org/report/restoring-trust-between-us-companies-and-their-government-on-surveillance-issues

Of course, FAA Exclusivity wouldn’t solve every problem. It would not prevent foreign governments from collecting information themselves and then providing it to U.S. intelligence agencies, as U.S. law cannot bind a foreign government. And some may argue that FAA provides inadequate civil liberties protections for Americans. This proposal says nothing about the adequacy of that statute in this respect. What it says is that for data held by an American company about a target that is not a U.S. person, the checks within FAA are stronger than those solely under E.O. 12333.

AT: FISC oversight

FISC oversight approved NSA targeting because the NSA lacks the technical capability to distinguish between domestic and foreign targetsDonohue, 15 - Professor of Law, Georgetown University Law Center (Laura, “SECTION 702 AND THE COLLECTION OF INTERNATIONAL TELEPHONE AND INTERNET CONTENT” 38 Harv. J.L. & Pub. Pol'y 117, Winter, lexis)

6. FISC Oversight of Targeting Procedures

FISC first became aware of the implications of the NSA's interpretation of TFA in 2011. n283 The court was surprised by the government's admission that it would have to intercept significantly more content to scan it for relevant information. In its first Section 702 docket, the government had indicated that the acquisition of telephonic communications:

would be limited to "to/from" communications--i.e., communications to or from a tasked facility. The government explained, however, that the Internet communications acquired would include both to/from communications and "about" communications--i.e., communications containing a reference to the name of the tasked account . . . . Based upon the government's descriptions of the proposed collection, the Court understood that the acquisition of Internet communications under Section 702 would be limited to discrete "to/from" communications between or among individual account users and to "about" communications falling within [redacted] specific categories that had been first described to the Court in prior proceedings. n284

In reviewing and granting the application for an order, the court had not taken into account the NSA's acquisition of Internet [*191] transactions, which "materially and fundamentally alter[ed] the statutory and constitutional analysis." n285

FISC was troubled by the government's revelations--making it the third time in less than three years in which the NSA had disclosed a "substantial misrepresentation" on "the scope of a major collection program." n286 One of three possibilities held: the court was particularly slow, the government had been lying, or the government had made a mistake. Regardless, "[t]he government's submissions make clear not only that NSA has been acquiring Internet transactions since before the Court's approval of the first Section 702 certification in 2008, but also that NSA seeks to continue the collection of Internet transactions." n287

FISC noted that it is a crime to "engage[] in electronic surveillance under color of law except as authorized" by statute or . . . to "disclose[] or use[] information obtained under color of law by electronic surveillance, knowing or having reason to know that the information was obtained through electronic surveillance not authorized" by statute. n288 Yet, to the extent that MCTs contained communications that the NSA was not supposed to collect (in other words, wholly domestic communications), this appeared to be precisely what had occurred with regard to the NSA's upstream collection. n289

In its October 2011 memorandum opinion, the court confronted two areas: first, targeting procedures as applied to the acquisition of communications other than Internet transactions -- that is, "discrete communications between or among the users of telephone and Internet communications facilities that are to or from a facility tasked for collection." n290 As in the past, the court found the targeting procedures with regard to non-Internet transactions to be sufficient. Second, the court considered de novo the sufficiency of the government's targeting procedures in relation to Internet transactions [*192] transactions. n291 Despite the acknowledgement by the government that it knowingly collected tens of thousands of messages of a purely domestic nature, FISC found the procedures consistent with the statutory language that prohibited the intentional acquisition of domestic communications. n292

The court's analysis of the targeting procedures focused on upstream collection. n293 At the time of acquisition, the collection devices lacked the ability to distinguish "between transactions containing only a single discrete communication to, from, or about a tasked selector and transactions containing multiple discrete communications, not all of which may be to, from, or about a tasked selector." n294 The court continued: "As a practical matter, this means that NSA's upstream collection devices acquire any Internet transaction transiting the device if the transaction contains a targeted selector anywhere within it." n295 Because of the enormous volume of communications intercepted, it was impossible to know either how many wholly domestic communications were thus acquired or the number of non-target or U.S. persons' communications thereby intercepted. n296 The number of purely domestic communications alone was in the tens of thousands. n297

Despite this finding, FISC determined that the targeting procedures were consistent with the statutory requirements that they be "reasonably designed" to (1) "ensure that any acquisition authorized under [the certifications] is limited to targeting persons reasonably believed to be located outside the United States" and (2) "prevent the intentional acquisition of any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States." n298

To reach this conclusion, the court read the statute as applying, in any particular instance, to communications of individuals "known at the time of acquisition to be located in the United [*193] States." n299 As the equipment did not have the ability to distinguish between purely domestic communications and international communications, the NSA could not technically know, at the time of collection, where the communicants were located. From this, the court was "inexorably led to the conclusion that the targeting procedures are 'reasonably designed' to prevent the intentional acquisition of any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States." n300 This was true despite the fact that the NSA was fully aware that it was collecting, in the process, tens of thousands of domestic communications. n301 As far as the targeting procedures were concerned, at least with regard to MCTs, the NSA had circumvented "the spirit" but not the letter of the law. n302

The court's reading led to an extraordinary result. The statute bans the knowing interception of entirely domestic conversations. The NSA said that it knowingly intercepts entirely domestic conversations. Yet the court found its actions consistent with the statute.

A few points here deserve notice. First, it is not immediately clear why the NSA is unable to determine location at the moment of intercept and yet can ascertain the same at a later point. Second, in focusing on the technical capabilities of any discrete intercept, the court encouraged a form of willful blindness--that is, an effort to avoid criminal or civil liability for an illegal act by intentionally placing oneself into a

position to be unaware of facts that would otherwise create liability. n303 In light of the court's interpretation, [*194] the NSA has a diminished interest in determining at the point of intercept whether intercepted communications are domestic in nature. Its ability to collect more information would be hampered. So there is a perverse incentive structure in place, even though Congress intended the provision to protect individual privacy.

The Executive Branch kept Congress fully informed about FISC's concerns with regard to MCTs and the collection of domestic conversations. Senator Dianne Feinstein later noted that the Intelligence and Judiciary Committees had received more than 500 pages of information four days after Judge Bates' opinion, relating to the operation of Section 702. n304 Following receipt of the information (which addressed domestic communications and the knowing interception of U.S. persons' information), the Senate Intelligence Committee held a closed hearing at which the matter was discussed. n305 In December 2011, the committees received more than 100 more pages of related materials, which became the focus of another closed hearing on February 9, 2012. n306

7. Law as Written Versus Law as Applied

In terms of statutory interpretation and the knowing collection of wholly domestic conversations, Congress and FISC knew what was happening and allowed PRISM and upstream collection to continue. The situation thus could be read as one in which all three branches of the government agreed: Congress passed the FAA, the intelligence community interpreted and applied it, and the judiciary extended its blessing.

Nevertheless, in light of the highly classified nature of the programs, and their direct impact on individual rights, there is something troubling about having the only public portion of the authorities--the law--suggest one thing, when in reality the statute is being understood and applied in the opposite manner. In this case, for example, the statute's plain language suggests that a particularized judicial order is required to intercept U.S. persons' international communications and that the NSA may not knowingly intercept wholly domestic conversations. Yet FISC sanctioned the scanning and potential collection of significant portions of U.S. [*195] persons' international communications, absent any particularized order, and it allowed the NSA to knowingly collect tens of thousands of wholly domestic conversations. Although national security is a matter of the highest importance, given the secrecy involved in the enterprise, one would expect a higher level of due diligence from those entrusted with oversight.

The targeting provisions also raise questions about the role in which Congress is placing FISC. In the FAA, Congress for the first time inserted a role for the court into the process of obtaining foreign intelligence outside the United States, but it also severely circumscribed FISC's authority. The court in some ways thus appears to be acting in the capacity of an oversight body, generally ensuring that procedures are in place and asking the NSA to police itself. Beyond the immediate question about the appropriate role for the court, as discussed above. n307

Ex post CP

1nc – ex post CP

Text:

The United States federal government should:

--require ex post review by the Foreign Intelligence Surveillance Court of NSA surveillance targeting criteria

--establish a public advocate at the FISC

--establish a cabinet-level privacy agency

The CP restore domestic and international confidence in US surveillance without restricting the scope of NSA activities – instead it conducts post-surveillance minimizationMargulies, 14 - Professor of Law, Roger Williams University School of Law (“CITIZENSHIP, IMMIGRATION, AND NATIONAL SECURITY AFTER 9/11: THE NSA IN GLOBAL PERSPECTIVE: SURVEILLANCE, HUMAN RIGHTS, AND INTERNATIONAL COUNTERTERRORISM” 82 Fordham L. Rev. 2137, April, lexis)

While I have concluded that U.S. surveillance policy does not violate the ICCPR, further reforms could highlight this point and silence persistent doubts here and abroad. These reforms could also remove any barriers to cooperation between the United States and foreign states, such as those in Europe, which are subject to the European Convention on Human Rights. This section identifies reforms that would add a public advocate to FISC proceedings, enhance FISC review of the criteria used for overseas surveillance, establish a U.S. privacy agency that would handle complaints from individuals here and overseas, and require greater minimization of non-U.S. person communications. These reforms would signal U.S. support of evolving global norms of digital privacy.

Although President Obama's speech in January 2014 proposed a panel of independent lawyers who could participate in important FISC cases, n161 further institutionalization of this role would be useful. A public advocate would scrutinize and, when necessary, challenge the NSA's targeting criteria on a regular basis. n162 Challenges would be brought in the FISC, after the NSA's implementation of criteria. The NSA would be able to adapt the criteria on an exigent basis, subject to ex post review by the FISC at the public advocate's behest. A public advocate and enhanced FISC review would serve three valuable functions: (1) ensure that the FISC received the best arguments on both sides; (2) serve as a valuable ex ante check on the government, encouraging the government to adopt those criteria that could withstand subsequent scrutiny; and (3) promote domestic and global confidence in the legitimacy of processes governing NSA surveillance.

A U.S. cabinet level privacy agency would also bolster the legitimacy of surveillance . The agency could provide more regular recourse to subjects of surveillance, as the ECHR requires. That change would ease

the barriers to continued U.S.-Europe cooperation on counterterrorism. A national agency would also work hand in hand with privacy officers in executive departments. It would increase the leverage of those officials, who could advocate vigorously in internal debates, knowing that their views would also have a champion in a free-standing executive department independent [*2166] of the national security bureaucracy. There are downsides to this proposal, of course. A new agency would add expense, and create some redundancy in government functions. Moreover, current models that provide recourse, such as the approach currently taken by the Department of Homeland Security, n163 have been criticized as unduly burdensome. n164 However, preserving cooperation with Europe and enhancing the overall legitimacy of U.S. surveillance provides a compelling justification.

Each of these instrumentalities - a public advocate at the FISC and a new privacy agency - could also work to strengthen minimization requirements for foreign communications. The NSA says that it disposes of all irrelevant communications within five years. There may be ways to shorten this time and require even more rigorous controls on sharing of information that lacks a clear link to terrorism or other foreign intelligence matters. More exacting minimization would also promote U.S.-European information sharing and enhance global legitimacy .

The net benefit is terrorism – the plan restricts the collection of 702 surveillance data to individualized and specific threat categories. That prevents the programmatic surveillance necessary for pattern analysis that can identify future terrorist threats Sales, 14 - Associate Professor of Law, Syracuse University College of Law (Nathan, I/S: A Journal of Law and Policy for the Information Society, “Domesticating Programmatic Surveillance: Some Thoughts on the NSA Controversy” 10 ISJLP 523, Summer, lexis)

Programmatic surveillance initiatives like these differ in simple yet fundamental ways from the traditional forms of monitoring with which many people are familiar--i.e., individualized or particularized surveillance. Individualized surveillance takes place when authorities have some reason to think that a specific, known person is breaking the law. Investigators will then obtain a court order authorizing them to collect information about the target, with the goal of assembling evidence that can be used to establish guilt in subsequent criminal proceedings. Individualized surveillance is common in the world of law enforcement, as under Title III of the Omnibus Crime Control and Safe Streets Act of 1968. n23 It is also used in national security investigations. FISA allows authorities to obtain a court order to engage in wiretapping if they demonstrate, among other things, probable cause to believe that the target is "a foreign power or an agent of a foreign power." n24

By contrast, programmatic surveillance has very different objectives and is conducted in a very different manner. It usually involves the government collecting bulk data and then examining it to identify previously unknown terrorists, spies, and other national security threats. A good example of the practice is link analysis, in [*528] which authorities compile large amounts of information, use it to map the social networks of known terrorists--has anyone else used the same credit card as Mohamed Atta?--and thus identify associates with whom they may be conspiring. n25 (It is also possible, at least in theory, to subject these large databases to pattern analysis, in which automated systems search for patterns of

behavior that are thought to be indicative of terrorist activity, but it's not clear that the NSA is doing so here.) Suspects who have been so identified can then be subjected to further forms of monitoring to determine their intentions and capabilities, such as wiretaps under FISA or other authorities. In a sense, programmatic surveillance is the mirror image of individualized surveillance. With individualized monitoring, authorities begin by identifying a suspect and go on to collect information; with programmatic monitoring, authorities begin by collecting information and go on to identify a suspect.

Programmatic surveillance is a potentially powerful counterterrorism tool . The Ra'ed al-Banna incident is a useful illustration of how the technique, when coupled with old-fashioned police work, can identify possible threats who otherwise might escape detection. Another example comes from a 2002 Markle Foundation study, which found that authorities could have identified the ties among all 19 of the 9/11 hijackers if they had assembled a large database of airline reservation information and subjected it to link analysis. n26 In particular, two of the terrorists--Nawaf al-Hamzi and Khalid al-Mihdhar--were on a government watchlist after attending a January 2000 al-Qaeda summit in Malaysia. So they could have been flagged when they bought their tickets. Querying the database to see if any other passengers had used the pair's mailing addresses would have led investigators to three more hijackers, including Mohamed Atta, the plot's operational leader. Six others could have been found by searching for passengers who used the same frequent-flyer and telephone numbers as these suspects. And so on. Again, the Markle study concerns airline reservation data, not the communications data that are the NSA's focus. But it is still a useful illustration of the technique's potential.

The government claims that programmatic surveillance has been responsible for concrete and actual counterterrorism benefits, not just hypothetical ones. Officials report that PRISM has helped detect and [*529] disrupt about 50 terrorist plots worldwide, including ten in the United States. n27 Those numbers include Najibullah Zazi, who attempted to bomb New York City's subway system in 2009, and Khalid Ouazzani, who plotted to blow up the New York Stock Exchange. n28 Authorities further report that PRISM played an important role in tracking down David Headley, an American who aided the 2008 terrorist atrocities in Bombay, and later planned to attack the offices of a Danish newspaper that printed cartoons of Mohamed. n29 The government also claims at least one success from the telephony metadata program, though it has been coy about the specifics: "The NSA, using the business record FISA, tipped [the FBI] off that [an] individual had indirect contacts with a known terrorist overseas. . . . We were able to reopen this investigation, identify additional individuals through a legal process and were able to disrupt this terrorist activity." n30 Quite apart from foiling attacks, the government also argues that the NSA programs can conserve scarce investigative resources by helping officials quickly spot or rule out any foreign involvement in a domestic plot, as after the 2013 Boston Marathon bombing. n31

These claims have to be taken with a few grains of salt. Some observers believe that the government could have discovered the plots using standard investigative techniques, and without resorting to extraordinary methods like programmatic surveillance. n32 The metadata program has elicited special skepticism: The President's Review Group on Intelligence and Communications Technologies bluntly concluded that "the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential to preventing attacks and could readily have been obtained [*530] in a timely manner using conventional section 215 orders." n33 The Privacy and Civil Liberties Oversight Board reached the same conclusion. n34 (Judicial opinion is split on the program's value. One judge has expressed "serious doubts" about its utility, n35 while another has concluded that its effectiveness "cannot be seriously disputed.") n36 Furthermore, we should always be cautious when

evaluating the merits of classified intelligence initiatives on the basis of selective and piecemeal revelations, as officials might tailor the information they release in a bid to shape public opinion. n37 But even if specific claimed successes remain contested, programmatic surveillance in general can still be a useful counterterrorism technique.

As these examples imply, effective programmatic surveillance often requires huge troves of information--e.g., large databases of airline reservations, compilations of metadata concerning telephonic and internet communications, and so on. This is why it typically will not be feasible to limit bulk collection to particular, known individuals who are already suspected of being terrorists or spies. Some officials have defended the NSA programs by pointing out that, "[i]f you're looking for the needle in a haystack, you have to have the haystack." n38 That metaphor doesn't strike me as terribly helpful; rummaging around in a pile of hay is, after all, a paradigmatic image of futility. But, the idea can be expressed in a more compelling way. Programmatic surveillance cannot be done in a particularized manner. The whole point of the technique is to identify unknown threats to the national security; by definition, it cannot be restricted to threats that have already been identified. We can't limit programmatic [*531] surveillance to the next Mohamed Atta when we have no idea who the next Mohamed Atta is--and when the goal of the exercise is indeed to identify the next Mohamed Atta.

2nc – ex post solves

The CP’s ex post review process deters executive abuse and restores legitimacy to US surveillanceSales, 14 - Associate Professor of Law, Syracuse University College of Law (Nathan, I/S: A Journal of Law and Policy for the Information Society, “Domesticating Programmatic Surveillance: Some Thoughts on the NSA Controversy” 10 ISJLP 523, Summer, lexis)

As for the structural considerations, one of the most important is what might be called an anti-unilateralism principle. A system of programmatic surveillance should not be put into effect on the say-so of the executive branch, but rather should be a collaborative effort that involves Congress (in the form of authorizing legislation) or the judiciary (in the form of FISA court review of the initiatives). n42 An example of the former is FISA itself, which Congress enacted in 1978. At the time, the NSA was engaged in bulk collection, without judicial approval, of certain international communications into and out of the United States--namely, by tapping into offshore telecommunications cables and by eavesdropping on satellite based radio signals. FISA's [*533] famously convoluted definition of "electronic surveillance" n43 preserved these preexisting practices even as Congress was imposing a new requirement of judicial approval for other kinds of monitoring. n44 An example of the latter concerns the warrantless Terrorist Surveillance Program, under which the NSA was intercepting, outside the FISA framework, certain communications between suspected al-Qaeda figures overseas and people located in the United States. After that program's existence was revealed in late 2005, the executive branch persuaded the FISA court to issue orders allowing it to proceed subject to various limits. n45 (That accommodation eventually proved unworkable, and the executive then worked with Congress to put the program on a more solid legislative footing through the temporary Protect America Act of 2007 n46 and the permanent FISA Amendments Act of 2008.) n47

Anti-unilateralism is important for several reasons. To take the most obvious, Congress and the courts can help prevent executive overreach. n48 The risk of abuse is lessened if the executive branch must enlist its partners before commencing a new surveillance initiative. Congress might decline to permit bulk collection in circumstances where it concludes that ordinary, individualized monitoring would suffice, or it might authorize programmatic surveillance subject to various privacy protections . In addition, inviting many voices to the decision-making table increases the probability of sound outcomes. More participants with diverse perspectives can also help mitigate the groupthink tendencies to which the executive branch is sometimes [*534] subject. n49 If we're going to engage in programmatic surveillance, it should be the result of give and take among all three branches of the federal government, or at least between its two political branches, not the result of executive edict.

A second principle follows from the first: Programmatic surveillance should, wherever possible, have explicit statutory authorization. Congress does not "hide elephants in mouseholes," n50 the saying goes, and we should not presume that Congress meant to conceal its approval of a potentially controversial programmatic surveillance system in the penumbrae and interstices of obscure federal statutes. Instead, Congress normally should use express and specific legislation when it wants to okay bulk data collection. Clear laws will help remove any doubt about the authorized scope of the approved surveillance, thereby

promoting legal certainty. Express congressional backing also helps give the monitoring an air of legitimacy. And, a requirement that programmatic surveillance usually should be approved by clear legislation helps promote accountability by minimizing the risk of congressional shirking. n51 If the political winds shift, and a legislatively approved program becomes unpopular, Congress will not be able to hide behind an ambiguous statutory grant of power and deflect responsibility to the President.

Ex post oversight is key to effective programmatic surveillance – the CP allows the government to collect all available data – it just puts ex post restrictions on the data analysis stage that deters executive data abusesSales, 14 - Associate Professor of Law, Syracuse University College of Law (Nathan, I/S: A Journal of Law and Policy for the Information Society, “Domesticating Programmatic Surveillance: Some Thoughts on the NSA Controversy” 10 ISJLP 523, Summer, lexis)

As for the operational considerations, among the most important is the need for external checks on programmatic surveillance. In particular, bulk data collection should have to undergo some form of judicial review, such as by the FISA court, in which the government demonstrates that it meets the applicable constitutional and statutory standards. Ideally, the judiciary would give its approval before collection begins. But this will not always be possible, in which case timely post-collection judicial review will have to suffice. (FISA has a comparable mechanism for temporary warrantless surveillance in emergency situations.) n60 Programmatic surveillance also should be subject to robust congressional oversight. This could take a variety of forms, including informal consultations with members of Congress when designing the surveillance regime (including, at a minimum, congressional leadership and members of the applicable committees), [*537] as well as regular briefings to appropriate personnel on the operation of the system and periodic oversight hearings.

Of course, judicial review in the context of bulk collection won't necessarily look the same as it does in the familiar setting of individualized monitoring of specific targets. If investigators want to examine the telephony metadata associated with a particular terrorism suspect, they can apply to the FISA court for a pen register or trap and trace order upon a showing that the information sought is relevant to an ongoing national security investigation. n61 But, as explained above, that kind of particularized showing often won't be possible where authorities are dealing with unknown threats, and where the very purpose of the surveillance is to identify those threats. In these situations, reviewing courts may find it necessary to allow the government to collect large amounts of data without individualized suspicion. This doesn't mean that privacy safeguards must be abandoned and the executive given free rein. Instead, courts could be tasked with scrutinizing the initiative's overall structure and operation to determine its compatibility with constitutional and statutory requirements. And courts further could require authorities to demonstrate some level of individualized suspicion before accessing the data that has been collected. Protections for privacy and civil liberties thus can migrate from the collection phase of the intelligence cycle to earlier and later stages, such as the systems design and analysis stages. n62

In more general terms, because programmatic surveillance involves the collection of large troves of data, it likely means some dilution of the familiar ex ante restrictions that protect privacy by

constraining the government from acquiring information in the first place. It therefore becomes critically important to devise meaningful ex post safeguards that can achieve similar forms of privacy protection . In short, restrictions on the government's ability to access and use data that it has gathered must substitute for restrictions on the government's ability to gather that data at all; what I have elsewhere called use limits must stand in for collection limits. n63

This sort of oversight by the courts and Congress provides an obvious, first-order level of protection for privacy and civil liberties--an external veto serves as a direct check on possible executive [*538] misconduct. Judicial and legislative checks also offer an important second-order form of protection. The mere possibility of an outsider's veto can have a chilling effect on executive misconduct , discouraging officials from questionable activities that would have to undergo, and might not survive, external review. n64 Moreover, external checks can channel the executive's scarce resources into truly important surveillance and away from relatively unimportant monitoring. This is so because oversight increases the administrative costs of collecting bulk data--e.g., preparing a surveillance application, persuading the judiciary to approve it, briefing the courts and Congress about how the program has been implemented, and so on. These increased costs encourage the executive to prioritize collection that is expected to yield truly valuable intelligence and, conversely, to forego collection that is expected to produce information of lesser value.

Ex ante requirements amount to a rubber stampHarvard Law Review, 8 – no author cited, “SHIFTING THE FISA PARADIGM: PROTECTING CIVIL LIBERTIES BY ELIMINATING EX ANTE JUDICIAL APPROVAL” http://cdn.harvardlawreview.org/wp-content/uploads/pdfs/shifting_the_FISA_paradigm.pdf

The FISC approves virtually every application for an order with which it is presented. According to Electronic Privacy Information Center (EPIC) statistics, the court denied only five applications from its inception through 2006.40 In that time, it has approved thousands of others, including a new high of 2176 in 2006.41 Of course, “[i]t is possible to draw divergent conclusions from this data. One could infer that the extensive FISA safeguards have forced the Executive to self-censor its requests. One could also argue, however, that the courts act merely as a ‘rubber stamp’ whenever the Executive invokes national security.”42 Upon analyzing FISA’s structure and track record, the nature of electronic surveillance in service of national security, and more general separation of powers and national security lessons, it seems that something more like the latter is the ultimate result of FISA.

Limitations inherent in the project of judicial pre-approval of national security surveillance render the system unable to perform the function for which it was created; each of the problems described below mutually reinforces the others, leading to systemic ineffectiveness . In the absence of the notice requirements that attach in domestic surveillance, 43 and in light of the ex parte nature of FISC proceedings, no opportunity for meaningful review may ever present itself.44 “The potential for abuse is substantial, since all applications remain sealed and unavailable to the public, and since targets are never notified that they have been under surveillance.”45

The lack of adversariality, reliance on executive representations and national security framing mean it’s a rubber stampHarvard Law Review, 8 – no author cited, “SHIFTING THE FISA PARADIGM: PROTECTING CIVIL LIBERTIES BY ELIMINATING EX ANTE JUDICIAL APPROVAL” http://cdn.harvardlawreview.org/wp-content/uploads/pdfs/shifting_the_FISA_paradigm.pdf

1. Non-adversariality. — One of the most striking elements of the FISA system is the total absence of adversariality. Because the collection of intelligence in this context requires by its very nature that the surveilled party not receive notice in advance, the ex ante approval system is almost by definition also ex parte. This puts the FISC in an “anomalous position,”46 in the words of the current Attorney General, similar to that of a court reviewing FISA materials for admission in a criminal case. In such situations, “[t]he judge is forced not only to act as an arm of the prosecution in weighing the prosecution’s arguments about whether disclosure would or would not compromise national security, but also to act as a defense lawyer in determining whether the information is useful to the defendant.”47 Similarly, in reviewing a FISA application, the FISC must attempt the difficult, if not impossible, task of simultaneously occupying the roles of advocate and neutral arbiter — all without the authority or ability to investigate facts or the time to conduct legal research.48 The judge lacks a skeptical advocate to vet the government’s legal arguments, which is of crucial significance when the government is always able to claim the weight of national security expertise for its position. It is questionable whether courts can play this role effectively, and, more importantly, whether they should.49

2. Reliance on Executive Representations. — One frequently overlooked element of the FISA system is its almost complete reliance upon the Executive’s representations and willingness to abide by the statutory terms.50 This would be all the more true if Congress lowers the degree of factual specificity necessary for issuance of a FISC order, a change that is included in both the Senate and House bills.51 Even under the current standard, however, the FISC cannot inquire behind the representations made by the applicant; so long as the applicant presents a “statement of facts showing that there are reasonable grounds”52 for the order to issue, “the judge shall enter an ex parte order as requested.”53

There is a strong connection between the difficulties of relying on executive branch representations and the ex parte nature of the FISC inquiry: the FISC lacks the presence of an adversarial voice drawing into focus any concerns with an application. In this sense, the two problems are mutually reinforcing. Indeed, the FISC on one occasion detailed “misstatements and omissions of material facts” that the government confessed “in some 75 FISA applications,”54 problems that did not come to light at the time the orders were issued. In this context it is also worth noting that the Executive has never actually accepted that it is bound by FISA, citing inherent presidential authority over national security under Article II of the Constitution.55 The current administration acted in part on this basis in operating the TSP.56 Lacking the ability to initiate an inquiry beyond what the Executive brings to its attention, the FISC’s oversight of the process is substantially controlled by the very entity it is designed to oversee.

3. Institutional Limitations of the Judiciary. — Even if the above problems could be overcome, institutional factors that are inherent in the national security arena will always function to limit the ability of the judiciary to serve as an effective check. First, the surveillance that FISA deals with necessarily involves secrecy, inherently requires policy judgments, and takes place in the context of the

increased powers of the Executive in the national security arena. As a result, policymakers are rightly fearful of giving too much review power to courts and face inevitable pressure to scale back the amount of decisionmaking authority left to the judiciary.

Second, the courts are, and have always been, extremely passive in exercising jurisdiction over cases touching upon national security, both because of the reasons just noted (political judgment and executive power) and because of resultant concerns for institutional legitimacy and judicial restraint.57 Courts tend to be highly deferential because of “concern for the efficiency and expertise of the nation’s foreign intelligence process and the deleterious effects that might result from judicial interference.”58 Judges are most certainly aware of the limits of their own policy expertise. This effect is greatly enhanced when judges must weigh the national security necessity ex ante, rather than being asked to review it after the fact.

Indeed, it is interesting to note that the scope of review exercised by the FISC has steadily narrowed over time. To be sure, it was narrow to begin with,59 but both legislative action and limiting constructions applied by the courts themselves have narrowed the FISC’s authority even further. For example, when Congress amended FISA to require only that national security be a “significant purpose,” rather than the “primary purpose,” of the surveillance for which authorization is sought,60 the FISCR read the statutory shift quite broadly. It held that when surveillance of a foreign agent is undertaken for purposes of both national security and law enforcement, the government need only “entertain[] a realistic option of dealing with the agent other than through criminal prosecution” in order to satisfy the test.61 The court reasoned that the new provisions “eliminated any justification for the FISA court to balance the relative weight the government places on criminal prosecution as compared to other counterintelligence responses.” 62 Yet this seems a far less robust limit than the plain language or legislative history indicated: importantly, the legislature considered and rejected requiring only “a” rather than “a significant” purpose.63 Given a hint of statutory ambiguity, then, the court effectively read the requirement of “significant purpose” out of the statute, resulting in a regime of even less exacting scrutiny. Ultimately, “[t]hrough a combination of government tactics, the mandate of the FISA court, and federal court interpretations of the FISA law, the FISA safeguards which were intended to balance individual rights against the government’s claims of national security have been essentially eviscerated.”64

As a result, “[c]harging a panel of federal judges with insufficient background information on specific cases, and little intelligence experience, with approving foreign intelligence surveillance applications has resulted in an essentially rubber stamp process where applications are practically never denied.”65 Primary reliance on judicial oversight will virtually always tend toward deference, both in exercising jurisdiction and in determining individual cases.

Ex ante review undermines effective restrictions on domestic surveillance and shuts down an engaged citizenryHarvard Law Review, 8 – no author cited, “SHIFTING THE FISA PARADIGM: PROTECTING CIVIL LIBERTIES BY ELIMINATING EX ANTE JUDICIAL APPROVAL” http://cdn.harvardlawreview.org/wp-content/uploads/pdfs/shifting_the_FISA_paradigm.pdf

Ex ante judicial review is not only of limited effectiveness, but it is also affirmatively harmful in several respects. Ex ante judicial approval imparts a broader imprimatur of validity than is warranted given the limited effectiveness of the review. Further, it clouds accountability and can be a cumbersome and intrusive process harmful to national security interests. In fact, “the creation of FISA courts may actually have resulted in fewer restrictions on the domestic surveillance activities of intelligence agencies”69 because “[t]he secrecy that attends FISC proceedings, and the limitations imposed on judicial review of FISA surveillance, may insulate unconstitutional surveillance from any effective sanction.”70

1. The Judicial Imprimatur. — The issuance of an order by the FISC confers a stamp of approval from the widely respected Article III courts. A FISC order makes a strong statement that a neutral arbiter has looked closely at the situation and found the surveillance warranted. Yet, as the set of limitations just discussed indicates, the protective force of a FISC order may not align with the actual vigor of the inquiry.

This disparity may give rise to several problems. First, changed circumstances following the issuance of the order may undermine the validity of the surveillance. Minimization procedures are largely unhelpful in solving this problem: “[T]he Act provides for the same kind of incoherent and largely unenforceable ‘minimization’ requirements that plague criminal wiretap statutes.”71 Much more importantly, the judicial order may mask and indeed later provide cover for improper governmental motives and improper intrusions on liberty.72 In these situations, ex ante review may sanitize the improper surveillance . The presence of the judicial order may function to dissuade legislative or executive oversight entities from inquiry. Worse, judicial orders offer the potential for the government to hide behind the nominally objective, even if only minimally rigorous, scrutiny that they represent.

Surveillance conducted for political reasons, for example, might escape detection, condemnation, and consequences — political, if not legal — if that surveillance is given judicial protection.73 Indeed, this sanitization could occur on an even broader level: ex ante judicial approval interferes with the healthy public skepticism that attends political actors and that may help keep the citizenry engaged in considering the difficult tradeoffs between liberty and security necessary in this context. This is not to say that the judiciary should decline to play a constitutionally permissible role; rather, the point is that system designers concerned with protecting civil liberties should keep in mind the drawbacks of ex ante approval. In total, the capacity of ex ante approval to enable some of the most dangerous sorts of abuses far outweighs its middling ability to provide a useful check.

Ex ante review undermines political accountability – key to checking abuses and fostering public engagementHarvard Law Review, 8 – no author cited, “SHIFTING THE FISA PARADIGM: PROTECTING CIVIL LIBERTIES BY ELIMINATING EX ANTE JUDICIAL APPROVAL” http://cdn.harvardlawreview.org/wp-content/uploads/pdfs/shifting_the_FISA_paradigm.pdf

2. Clouded Accountability. — Although several of FISA’s provisions recognize the need for clear lines of accountability, the statute’s broad structure fails to account for this crucial element. A simple comparison is useful: The Attorney General would be far more politically exposed if he or she signed off

on an improper emergency order, which permits an exception to the ex ante approval requirement, rather than a regular FISA order approved by the FISC. In fact, the emergency authorization procedures under 50 U.S.C. § 1805(f) recognize the need for accountability by requiring notice if the application is turned down after the Attorney General has authorized it on an emergency basis.74 Similarly, the personal review provisions of § 1804(e) establish clear lines of authority for approval. But the presence of a judicial order authorizing surveillance permits a culpable official to escape the political consequences of his or her improprieties by using the court’s approval as evidence of reasonableness, claiming reasonable reliance, or foisting blame upon the court.

Exposing the Attorney General — and through him or her the President — to the political consequences of these decisions is crucial for two reasons: First, it minimizes the possibility of politically motivated surveillance that would pass minimal judicial review, because such invasions of privacy would be seen as wholly illegitimate.75 Second, it would both enable and force the American public to confront the fact that, ultimately, it is responsible for determining the proper balance between liberty and security. The public will be much more comfortable with allowing invasions of fellow citizens’ privacy when judges authorize them. In the end, “if a government is intent on engaging in interrogation to protect national security there is little the judges can do about it anyway.”76 Forcing citizens to think hard about their values is of particular importance in the context of a vague “war on terror” devoid of identifiable boundaries.

Ex post review creates the best overall balance between liberty and national securityHarvard Law Review, 8 – no author cited, “SHIFTING THE FISA PARADIGM: PROTECTING CIVIL LIBERTIES BY ELIMINATING EX ANTE JUDICIAL APPROVAL” http://cdn.harvardlawreview.org/wp-content/uploads/pdfs/shifting_the_FISA_paradigm.pdf

C. The Role of the Courts

While the limitations and dangers associated with ex ante judicial approval of national security surveillance counsel in favor of developing a new core means of protecting civil liberties in this arena, they in no way mandate a complete elimination of the judicial role. To the contrary, an appropriately modified role for the judiciary is of fundamental importance to address some of the limitations of the system of political checks. Ultimately, a return of the judiciary to its pre-FISA role of ex post reasonableness review would permit the federal courts to complement the proposed broader oversight system and to meet Fourth Amendment requirements by restoring judicial focus to individual constitutional rights and relaxing national security pressures on the courts.101

1. Fourth Amendment Strictures. — It is worth noting initially that FISA has always contemplated situations in which full-on ex ante judicial oversight is not necessary to permit domestic electronic surveillance. At present, FISA conceives of three situations in which a court order is not necessary. These are all situations in which the balance in favor of the government is most compelling because the risk to privacy interests is low, the need for dispatch is great, or a drastic change of circumstances takes place. First, 50 U.S.C. § 1802 gives the Attorney General power, upon written certification under oath, to authorize up to one year of electronic surveillance directed at communications “exclusively between or

among foreign powers” or “technical intelligence . . . from property or premises under the open and exclusive control of a foreign power” so long as “there is no substantial likelihood that the surveillance will acquire the contents of any communication to which a United States person is a party” and minimization procedures are complied with. Second, under § 1805(f), the Attorney General may authorize emergency surveillance without court interference for seventy-two hours if he or she determines that a standard FISA order could not be acquired in time and that there is a sufficient “factual basis for issuance of an order.” Finally, for fifteen days following a declaration of war, § 1811 permits non-court-ordered, Attorney General–authorized surveillance.

Foreign intelligence surveillance occupies a unique spot in the Court’s Fourth Amendment jurisprudence.102 In Katz v. United States,103 the Court issued perhaps its sternest statement on the obligation of obtaining a warrant prior to exercising a search,104 while also extending Fourth Amendment protection to include electronic surveillance. 105 Importantly, however, the Court expressly reserved the issue of electronic surveillance in the national security context.106 In United States v. U.S. District Court107 (the Keith case), the Court again focused on the need for “prior judicial scrutiny” in rejecting the government’s claim for an exception to the warrant requirement in the domestic national security context.108 Yet once again, the Court made a crucial reservation: “[T]his case involves only the domestic aspects of national security. We have not addressed, and express no opinion as to, the issues which may be involved with respect to activities of foreign powers or their agents.”109 It is thus an open constitutional question whether foreign intelligence surveillance falls within an exception to the Fourth Amendment’s warrant requirement.

While full argumentation for the proposition that the Fourth Amendment embodies such an exception is beyond the scope of this Note,110 the case law is clear that the true “touchstone of the Fourth Amendment is reasonableness,”111 such that the Fourth Amendment only “[s]ometimes . . . require[s] warrants.”112 Especially in light of the increasing number of exceptions to the warrant requirement,113 it seems likely that an exception is appropriate in the context of foreign intelligence surveillance for purposes of national security, not only in terms of meeting a more formalist reading of the Fourth Amendment, but even more forcefully meeting a functionalist reading, under which the improved protections of civil liberties could render the decreased reliance on ex ante judicial review preferable under the Fourth Amendment.

2. Policy Benefits. — A proponent of a national security exception notes that “[t]he repeal of FISA . . . would simply effectuate the nation’s return to its previous tradition.”114 Yet the obvious retort is that the very abuses detailed in the Church Committee report were a major product of that tradition. Still, the old tradition did have some benefits that can be obtained by coupling the ex post reasonableness role of reviewing courts with the political checks described above. For one, rather than shielding meaningful inquiry, as ex ante review can, ex post review may produce “a renewed focus on Fourth Amendment principles”115 by both the judicial and political branches. Indeed, the more developed factual setting available in ex post review would help with the effort to define reasonableness.

Further, it could be argued that since only a small number of people are likely to be affected by surveillance, and especially given that those affected are likely to be disfavored or underrepresented groups such as members of minority religions or immigrants, the political process cannot be trusted to perform oversight. Yet ex post judicial review would remain a powerful check if the government seeks to use FISA-gathered information in other legal settings, such as criminal trials, habeas corpus proceedings,

or motions for prospective relief. Ex post reasonableness review thus provides an important backstop to the oversight process.

IV. CONCLUSION

The current FISA system is illogical. Its purported benefits are at best questionable, and it features serious drawbacks in terms of the efficient functioning of national security surveillance and the numerous ways it undermines protections of liberty. While the Senate bill falls short of instituting the sort of robust political checks buttressed by ex post judicial review necessary to provide adequate protections, it offers an important paradigm shift in the way that FISA is conceived. This reconceptualization should be embraced and bettered by incorporating some of the terms of the House bill, rather than rejected as insufficiently protective of the role of the judiciary. Those concerned with protecting civil liberties should view an end to reliance on ex ante judicial review as a chance to develop real political checks that can vigorously protect both national security and liberty interests.

AT: FISC oversight weak

The public advocate part of the CP and the strengthening of PCLOB to make it a cabinet level agency remedies existing weaknesses of the FISCSetty, 15 - Professor of Law and Associate Dean for Faculty Development & Intellectual Life, Western New England University School of Law (Sudha, “Surveillance, Secrecy, and the Search for Meaningful Accountability” 51 Stan. J Int'l L. 69, Winter, lexis)

One promising move with regard to oversight and transparency has been the establishment and staffing of the Privacy and Civil Liberties Oversight Board (PCLOB). n186 This board, tasked with assessing many aspects of the government's national security apparatus both for efficacy and for potentially unnecessary incursions into civil liberties, has a broad mandate and, compared with many national security decision makers, significant independence from the executive branch. n187 Retrospectively, the PCLOB has, among other things, issued the highly critical report of the NSA Metadata Program in January 2014 that led to further public pressure on the Obama administration to curtail this program; it is promising that the PCLOB's prospective agenda includes further analysis of various surveillance programs. n188 However, the PCLOB's potential influence in protecting civil rights may be limited by its position: The PCLOB is an advisory body that analyzes existing and proposed programs and possibly recommends changes, but it cannot mandate that those changes be implemented. The ability to have a high level of access to information surrounding counterterrorism surveillance programs and to recommend changes in such programs is important and should be lauded, but over-reliance on the PCLOB's non-binding advice to the intelligence community to somehow solve the accountability and transparency gap with regard to these programs would be a mistake.

For example, on prospective matters, it is likely that intelligence agencies would consult the PCLOB only if the agency itself considers the issue being faced new or novel, as the NSA metadata program was labeled prior to its inception. In such cases, decision makers within an agency generally ask whether the contemplated program is useful or necessary, technologically feasible, and legal. If all three questions are answered affirmatively, the program can be implemented. Now that the PCLOB is fully operational, it seems likely that if a contemplated program is considered new or novel, an intelligence agency would consult the PCLOB at some stage of this process for its guidance on implementing the program. This nonpartisan external input may improve self-policing within the [*102] intelligence community and help intelligence agencies avoid implementing controversial programs or, even if implemented, set better parameters around new programs. n189

If the PCLOB is able to exert some degree of soft power in influencing national security decision-making, then the judiciary represents hard power that could be used to force the protection of civil liberties where it might not otherwise occur. The FISC should be reformed to include a public advocate lobbying on behalf of privacy concerns, making the process genuinely adversarial and strengthening the FISC against charges that it merely rubber stamps applications from the intelligence community. n190 Article III courts need to follow the lead of Judge Leon in Klayman in conceptualizing privacy as broad and defensible, even in a world where electronics-based communication is dominant and relatively easy for the government to collect. If the judicial defense of privacy were combined with the possibility of

liability for violations of that privacy, it is likely that this would incentivize increased self-policing among the members of the intelligence community. The creation of an active PCLOB and a more adversarial process before the FISC will not provide a perfect solution to the dilemmas posed by the government's legitimate need for secrecy and the protection of the public against potential abuse. Yet because these changes are institutional and structural, they are well-placed to improve the dynamic between the intelligence community, oversight mechanisms, and the public.

Conclusion

Genuine accountability should not depend on the chance that an unauthorized and illegal leak will occur. In the comparative example of the United Kingdom, engagement with a European Union energized with a commitment to increase privacy protections, along with domestic parliamentary oversight, provide two potential avenues for increased constraint on surveillance. In India, the parliament and the courts historically enabled, not constrained, the intelligence community. Whether that stance will continue as the government's technological capabilities increase is yet to be seen.

Domestically, it could be argued that the types of reform recommended here to improve actual accountability and transparency over programs like the NSA Metadata Program are overkill: They involve multiple branches of government, the PCLOB, and the public. However, much of the accountability apparatus that has been in place was dormant until the Snowden disclosures, and would have remained passive without those disclosures. A multi-faceted, long-term, structural approach [*103] to improving transparency and accountability - one that involves at a minimum the courts and the PCLOB, but hopefully Congress, the executive branch, and the public as well - improves the likelihood of sustained and meaningful accountability as new surveillance capabilities are developed and implemented.

2nc terrorism link wall – FAA restrictions

FISA’s authority alone is insufficient to prevent terrorism – the government needs the widest possible net, including domestic surveillancePosner, 6 - judge on the United States Court of Appeals for the Seventh Circuit in Chicago and a Senior Lecturer at the University of Chicago Law School (Richard, Not a Suicide Pact: The Constitution in Time of National Emergency, p. 94-96

According to the administration, these are just interceptions of communications to and from the United States in which one of the parties is suspected of terrorist connections, though the suspicion does not rise to the probable-cause level that would be required for obtaining a warrant. There may be more to the program, however. Most likely the next terrorist attack on the United States will, like the last one, be mounted from within the country but be orchestrated by leaders safely ensconced somewhere abroad. If a phone number in the United States is discovered to have been called by a known or suspected terrorist abroad, or if the number is found in the possession of a suspected terrorist or in a terrorist hideout, it would be prudent to intercept all calls, domestic as well as international, to or from that U.S. phone number and scrutinize them for suspicious content. But the mere fact that a suspected or even known terrorist has had a phone conversation with someone in the United States or has someone’s U.S. phone number in his possession doesn’t create probable cause to believe that the other person is also a terrorist; probably most phone conversations of terrorists are with people who are not themselves terrorists. The government can’t get a FISA warrant just to find out whether someone is a terrorist; it has to already have a reason to believe he’s one. Nor can it conduct surveillance of terrorist suspects who are not believed to have any foreign connections, because such surveillance would not yield foreign intelligence information .

FISA has yet another gap. A terrorist who wants to send a message can type it in his laptop and place it, unsent, in an e-mail account, which the intended recipient of the message can access by knowing the account name. The message itself is not communicated. Rather, it’s as if the recipient had visited the sender and searched his laptop. The government, if it intercepted the e-mail from the intended recipient to the account of the “sender,” could not get a FISA warrant to intercept (by e-mailing the same account) the “communication” consisting of the message residing in the sender’s computer, because that message had never left the computer.

These examples suggest that surveillance outside the narrow bounds of FISA might significantly enhance national security. At a minimum, such surveillance might cause our foreign terrorist enemies to abandon or greatly curtail their use of telephone, e-mail, and other means of communicating electronically with people in the United States who may be members of terrorist sleeper cells. Civil libertarians believe that this is bound to be the effect of electronic surveillance, and argue that therefore such surveillance is futile. There is no “therefore.” If the effect of electronic surveillance is to close down the enemy’s electronic communications, that is a boon to us because it is far more difficult for terrorist leaders to orchestrate an attack on the United States by sending messages into the country by means of couriers. But what is far more likely is that some terrorists will continue communicating electronically, either through carelessness— the Madrid and London bombers were prolific users of electronic

communications, and think of all the drug gangsters who are nailed by wiretaps—or in the mistaken belief that by using code words or electronic encryption they can thwart the NSA. (If they can, the program is a flop and will be abandoned.) There are careless people in every organization. If al-Qaeda is the exception, civil libertarians clearly are underestimating the terrorist menace! In all our previous wars, beginning with the Civil War, when telegraphic communications were intercepted, our enemies have known that we might intercept their communications, yet they have gone on communicating and we have gone on intercepting. As for surveillance of purely domestic communications, it would either isolate members of terrorist cells (which might, as I said, have no foreign links at all) from each other or yield potentially valuable information about the cells.

FISA’s limitations are borrowed from law enforcement. When a crime is committed, the authorities usually have a lot of information right off the bat—time, place, victims, maybe suspects—and this permits a focused investigation that has a high probability of eventuating in an arrest. Not so with national security intelligence, where the investigator has no time, place, or victim and may have scant idea of the enemy’s identity and location; hence the need for the wider, finer-meshed investigative net. It is no surprise that there have been leaks from inside the FBI expressing skepticism about the NSA program. This skepticism reflects the Bureau’s emphasis on criminal investigations, which are narrowly focused and usually fruitful, whereas intelligence is a search for the needle in the haystack. FBI agents don’t like being asked to chase down clues gleaned from the NSA’s interceptions; 999 out of 1,000 turn out to lead nowhere. They don’t realize that often the most that counterterrorist intelligence can hope to achieve is to impose costs on enemies of the nation (as by catching and “turning” some, or forcing them to use less efficient means of communication) in the hope of disrupting their plans. It is mistaken to think electronic surveillance a failure if it doesn’t intercept a message giving the time and place of the next attack.

Bureaucratization of ex ante review undermines counter-terrorism investigationsHarvard Law Review, 8 – no author cited, “SHIFTING THE FISA PARADIGM: PROTECTING CIVIL LIBERTIES BY ELIMINATING EX ANTE JUDICIAL APPROVAL” http://cdn.harvardlawreview.org/wp-content/uploads/pdfs/shifting_the_FISA_paradigm.pdf

3. The Demands of National Security. — Finally, while the focus of this Note is on the protection of civil liberties, the current system may also do a poor job of promoting security. From an institutional competence perspective, it seems questionable that judges should occupy a gatekeeping role. Indeed, all the reasons discussed above that judges have invoked in reducing their own authority over such issues apply with equal force here.77

The inefficiencies of the current system are even more problematic. Given the permissiveness of the statutory standards and the FISA courts, inefficiency is the primary motivating force behind attempts to reduce judicial oversight. As DOJ has noted, “[n]umerous Congressional and Executive Branch reviews of the FISA process have recommended that the FISA process be made more efficient.”78 Others are more forthright, describing the FISC order procedures as “hopelessly slow and bureaucratic.”79 On the whole, “if we are seeking a model of judicial review that advances security, there is little reason to think that the FISA Court, at least as currently set up, advances that goal.”80

FISA can’t identify unknown terrorists – advance surveillance is necessary to generate enough information Sales, 14 - Associate Professor of Law, Syracuse University College of Law (Nathan, I/S: A Journal of Law and Policy for the Information Society, “Domesticating Programmatic Surveillance: Some Thoughts on the NSA Controversy” 10 ISJLP 523, Summer, lexis)

Programmatic surveillance thus can help remedy some of the difficulties that arise when monitoring covert adversaries like international terrorists. FISA and other particularized surveillance tools are useful when authorities want to monitor targets whose identities are already known. But they are less useful when authorities are trying to identify unknown targets. The problem arises because, in order to obtain a wiretap order from the FISA court, the government usually must demonstrate probable cause to believe that the target is a foreign power or agent of a foreign power. n39 This is a fairly straightforward task when the target's identity is already known--e.g., a diplomat at the Soviet embassy in Washington, DC. But the task is considerably more difficult when the government's reason for surveillance is to detect targets who are presently unknown--e.g., al-Qaeda members who operate in the shadows. How can you convince the FISA court that Smith is an agent of a foreign power when you know nothing about Smith--his name, nationality, date of birth, location, or even whether he is a single person or several dozen? The government typically won't know those things unless it has collected some information about Smith--such as by surveilling him. And there's the rub. Programmatic monitoring helps avoid the crippling Catch-22 that can arise under particularized surveillance regimes like FISA: officials can't surveil unless they show that the target is a spy or terrorist, but sometimes they can't show that an unknown target is a spy or terrorist unless they have surveilled him.

Ex post restrictions can protect information being used against people for anything other than preventing terrorismPosner, 6 - judge on the United States Court of Appeals for the Seventh Circuit in Chicago and a Senior Lecturer at the University of Chicago Law School (Richard, Not a Suicide Pact: The Constitution in Time of National Emergency, p. 98-101)

Concerns with privacy could be alleviated, moreover, by adopting a rule forbidding the intelligence services to turn over any intercepted communications to the Justice Department for prosecution for any offense other than a violation of a criminal law intended for the protection of national security. Then people would not worry that unguarded statements in private conversations would get them into trouble. Such a rule would be a modification, urged in a parallel setting by Orin Kerr, of the “plain view” doctrine of search and seizure. That doctrine, another of the exceptions to the requirement of a warrant to search or seize, allows the seizure of evidence that the police discover in plain view in the course of an unrelated lawful search—even though the discovery is accidental and a warrant could not have been obtained to search for the evidence discovered. But what if an intelligence officer, reading the transcript of a phone conversation that had been intercepted and then referred to him because the search engine

had flagged it as a communication possibly possessing intelligence value, discovers that one of the parties to the communication seems to be planning a murder, though a murder having nothing to do with any terrorist plot? Must the officer ignore the discovery and refrain from notifying the authorities? Though the obvious answer is no, my answer is yes.

There is much wild talk in private conversations. Suppose the communication that has been intercepted and read for valid national security reasons contains the statement “I’ll kill the son of a bitch.” The probability will be very high that the statement is hyperbole, that there is no serious intent to kill anyone. But suppose intelligence officers have been told that if a communication they read contains evidence of crime, they should turn it over to the FBI. The officer in my hypothetical case does that, and the Bureau, since the matter has been referred to it by a government agency, takes the threat seriously and investigates (or turns the matter over to local police for investigation, if no federal crime is suspected). As word of such investigations got around, people would learn that careless talk in seemingly private conversations can buy them a visit from the FBI or the police. At this point the risk that national security surveillance would significantly deter candor in conversation would skyrocket. It is more important that the public tolerate extensive national security surveillance of communications than that an occasional run-of-the-mill crime go unpunished because intelligence officers were not permitted to share evidence of such a crime with law enforcement authorities. But if the evidence is of a crime related to national security, then sharing it with law enforcement authorities is appropriate and should be (and is) required. Other exceptions may be needed. Suppose that what is overheard is a conversation that identifies one of the parties as a serial killer. Serial killing is not terrorism, but it is such a serious crime that clues to it picked up in national security surveillance should be communicated to law enforcement authorities.

If such a rule (with its exceptions) were in place, I believe that the government could, in the present emergency, intercept all electronic communications inside or outside the U nited States, of citizens as well as of foreigners, without being deemed to violate the Fourth Amendment, provided that computers were used to winnow the gathered data, blocking human inspection of intercepted communications that contained no clues to terrorist activity. We know that citizens (and permanent residents) can be terrorists operating against their country, even without any foreign links. The United States has had its share of U.S. citizen terrorists, such as the Unabomber and Timothy McVeigh and presumably whoever launched the anthrax attack on the East Coast in October 2001. The terrorist bombings of the London subway system in July 2005 were carried out by British citizens. And U.S. persons who are not terrorists or even terrorist sympathizers might have information of intelligence value—information they might be quite willing to share with the government if only they knew they had it. The information that enables an impending terrorist attack to be detected may be scattered in tiny bits that must be collected, combined, and sifted before their significance is apparent. Many of the bits may reside in the e-mails or phone conversations of innocent people, such as unwitting neighbors of terrorists, who may without knowing it have valuable counterterrorist information—one consequence of the jigsaw puzzle character of national security intelligence.

A further question, however, is whether the Fourth Amendment should be deemed to require warrants for such surveillance. The Keith case that I mentioned earlier held that warrants are required for conducting purely domestic surveillance even when the purpose is to protect national security, though the Court suggested that perhaps the probable-cause requirement could be attenuated. It would have to be. If the goal of surveillance is not to generate evidence of criminal activity but to detect terrorist

threats, including those too incipient to be prosecutable as threats, and even threats of which the persons under surveillance may be unaware because the significance of the clues they possess eludes them, then to insist that the investigators establish probable cause to believe criminal activity is afoot will be to ask too much. The amendment’s requirement of particularity of description of what is to be searched or seized would also have to be relaxed for surveillance warrants adequate to national security to be feasible, because intelligence officers will often not have a good idea of what they are looking for.

Requiring a particular demonstration of threat wrecks terrorism investigationsPosner, 6 - judge on the United States Court of Appeals for the Seventh Circuit in Chicago and a Senior Lecturer at the University of Chicago Law School (Richard, Not a Suicide Pact: The Constitution in Time of National Emergency, p. 138-141)

Civil libertarians argue that the government ought to be required to demonstrate that it has a reasonable basis for believing that the person to whom the records pertain is involved in terrorist activity. But as should be clear by now, that would be too restrictive a requirement. To impose it would be either to misunderstand the needs of intelligence or to underestimate the value of intelligence in the struggle against terrorism (or perhaps to underestimate the terrorist threat). Information about an individual who is not part of a terrorist ring may nevertheless be highly germane to an investigation of the ring or, what may be as important, to an investigation aimed at discovering the existence of such rings. The information might concern an imam who, though not himself involved in terrorism, was preaching holy war. It might concern family members of a terrorist, who might have information about his whereabouts. It might consist of sales invoices for materials that could be used to create weapons of mass destruction, or of books and articles that expressed admiration for suicide bombers.

The impact of section 215 on civil liberties is quite limited— only a few dozen section 215 demands have been served on libraries. Most records custodians will, as I said, voluntarily hand over nonprivileged records to the government when told the records may contain information relevant to national security. A custodian’s refusal to disclose the records might generate enough suspicion to enable the government to obtain a subpoena even under a much narrower version of section 215.

One understands, though, why civil libertarians have labeled section 215 the “libraries provision” despite its being used so rarely against libraries. To discover what people have been reading, as distinct from discovering their financial or health status, is to gain insight into what they are thinking—and what they are planning. This is why the government might want to obtain a record of a person’s library borrowings (not to mention his bookstore purchases, records of which also fall within the scope of section 215). And when the quest for knowledge of what a person is thinking is driven by concern with terrorism, which is almost always politically motivated, success in the quest is likely to include the acquisition of a comprehensive picture of the subject’s political beliefs. Knowing that the government is seeking to compile such pictures, people of unorthodox views may hesitate to buy or borrow books that express such views. This is the same issue that is raised by the government’s conducting surveillance of mosques. Whether such surveillance presents Fourth Amendment problems depends on the method used to conduct it; surveillance as such, as we saw in Chapter 4, does not violate the First Amendment despite its undoubted effect on the exercise of free speech.

The Miller line of decisions, in holding that a voluntary disclosure of information manifests a willingness to waive or forfeit any right of privacy, seems unrealistic about the meaning not only of “voluntary” but also of “privacy” itself. Informational privacy does not mean refusing to share information with everyone. Obviously a telephone conversation is not private in that sense, nor a letter, nor a conversation between spouses or friends. Every conversation is at least twosided. The fact that I disclose symptoms of illness to my doctor does not make my health a public fact, especially if he promises (or the rules of the medical profession require him) not to disclose my medical history to anyone without my permission.

One must not confuse solitude with secrecy; they are distinct forms of privacy. Solitude fosters individualistic attitudes; conversely, the constant presence of other people or the sense of being under constant surveillance enforces conformity. But one also needs freedom to communicate in private. The planning of organized activity obviously is impossible without communication; less obviously, productive independent thinking almost always requires bouncing ideas off other people. And few of us are sufficiently independent-minded to persist in an unorthodox idea if we don’t discover that others share it.

If “liberty” in the Fifth Amendment’s due process clause can connote sexual freedom, and “due process” can be understood to require that any restriction on liberty be no greater than is necessary, why can’t there be a due process right to control information about oneself that is not already public knowledge, unless one is trying to use that control for unlawful ends or the government has a pressing need for the information? Maybe there can be—provided, however, that the “pressing need” qualification is taken seriously. Constitutional rights, as we have seen throughout this book, are not absolutes whose scope is fixed without regard to competing interests. How much information about oneself one should be permitted to withhold from the government depends critically on how valuable the information is to the government. In an era of global terrorism and proliferation of weapons of mass destruction, the government has a compelling need to gather, pool, sift, and search vast quantities of information, much of it personal.

Restrictions on collection of data aid terrorism – protections against misuse of data solve betterPosner, 6 - judge on the United States Court of Appeals for the Seventh Circuit in Chicago and a Senior Lecturer at the University of Chicago Law School (Richard, Not a Suicide Pact: The Constitution in Time of National Emergency, p. 143-144)

Privacy is the terrorist’s best friend , and the terrorist’s privacy has been enhanced by the same technological developments that have both made data mining feasible and elicited vast quantities of personal information from innocents: anonymity combined with the secure encryption of digitized data makes the Internet a powerful tool of conspiracy. The government has a compelling need to exploit digitization in defense of national security. But if this is permitted, intelligence officers are going to be scrutinizing a mass of personal information about U.S. citizens. And we know that people don’t like even

complete strangers poring over the details of their private lives. But the fewer of these strangers who have access to those details and the more professional their interest in them, the less the affront to privacy. One reason people don’t much mind having their bodies examined by doctors is that they know that doctors’ interest in bodies is professional rather than prurient; we can hope that the same is true of intelligence professionals.

The primary danger of such data mining is leaks by intelligence personnel to persons inside or outside the government who might use the leaked data for improper purposes. Information collected by a national security data-mining program would have to be sharable within the national security community, which would include in appropriate cases foreign intelligence services, but not beyond. Severe sanctions and other security measures (encryption, restricted access, etc.) could and should be imposed in order to prevent—realistically, to minimize—the leakage of such information outside the community. My suggestion in the last chapter that the principle of the Pentagon Papers case be relaxed to permit measures to prevent the media from publishing properly classified information would reinforce protection of the privacy of information obtained by national security data mining.

I have said both that people value their informational privacy and that they surrender it at the drop of a hat. The paradox is resolved by noting that as long as people don’t expect that the details of their health, love life, or finances will be used to harm them in their interactions with other people, they are content to reveal those details to strangers when they derive benefits from the revelation. As long as intelligence personnel can be trusted to use their knowledge of such details only for the defense of the nation, the public will be compensated for the costs of diminished privacy in increased security from terrorist attacks.

Distinguishing between domestic and foreign targets is frequently impossibleHarvard Law Review, 8 – no author cited, “SHIFTING THE FISA PARADIGM: PROTECTING CIVIL LIBERTIES BY ELIMINATING EX ANTE JUDICIAL APPROVAL” http://cdn.harvardlawreview.org/wp-content/uploads/pdfs/shifting_the_FISA_paradigm.pdf

4. The Nature of Terrorism. — Institutional limitations are especially pressing given the vagaries of “terrorism.”66 Substantial gray areas exist in distinguishing domestic from foreign and criminal from intelligence interests. Courts, fearful of treading too heavily in the national security arena, will be loath to tell the government that someone it has determined to be connected to terrorism is in fact being targeted unfairly for his or her religion or national origin.

Indeed, recent statutory developments have greatly clouded the already difficult task of making such distinctions. For example, the legislative move from “primary” to “significant” purpose discussed above, and the related tearing down of the “wall” that prevented information sharing between intelligence and law enforcement entities,67 means that a court must accuse the government of not reasonably suspecting a target’s involvement with terrorism if it is to deny an application. Similarly, the standard for pen/trap orders68 was lowered from a showing that the device was used to communicate with an agent of a foreign power under the old 50 U.S.C. § 1842(c)(3) to a much lower showing of “relevant to an ongoing investigation” under the new 50 U.S.C. § 1842(c)(2). Whereas before the FISC may at least have

been able to point to the relatively objective question of whether an individual was in fact an agent of a foreign power, the current loose standard would force the court to tell the government that the desired target bore no relevance to a terrorism investigation.

AT: Perm do both

The perm links to terrorism – the existing FAA structure is carefully balanced to allow ex post review. Increasing the ex ante nature of the FAA could wreck terrorism investigationsBlum, 9 (Stephanie, “WHAT REALLY IS AT STAKE WITH THE FISA AMENDMENTS ACT OF 2008 AND IDEAS FOR FUTURE SURVEILLANCE REFORM” 18 B.U. Pub. Int. L.J. 269, Spring, lexis)

In sum, under traditional FISA, certain kinds of international communications have always been completely outside of FISA review. Under the FAA, there is now FISC reviews of targeting and minimization procedures as well as the ex post oversight mechanisms. Additionally, it is not even clear that a warrant would be required to gather foreign intelligence within the country. While per Keith, a warrant is required if the threat is solely domestic, it is unsettled whether a warrant is required when there is a connection to a foreign power. Significantly, in August 2008, the FISCR upheld the constitutionality of the PAA (that had expired) explicitly finding that there was a foreign intelligence exception to the Fourth Amendment warrant requirement. n241 Although the petitioners (telecommunication companies who did not want to comply with an order under the PAA) argued that the PAA would result in incidental communications of innocent Americans being retained due to warrantless surveillance of people reasonably believed to be overseas, the FISCR rejected that argument. It stated, "The petitioner's concern of incidental collections is overblown. It is settled beyond peradventure that incidental collections occurring as a result of constitutionally permissible acquisitions do not render those acquisitions unlawful." n242

The FISCR's holding that the PAA was constitutional means that it would likely find the FAA - which has more judicial review and reporting requirements than the PAA - to be similarly lawful. Hence, it seems a legal stretch to maintain that the government needs a warrant when it targets foreign nationals overseas who may incidentally communicate with U.S. persons in the United States. While the FAA, as applied to U.S. persons, must still be reasonable under the Fourth Amendment, given the FISC-monitored minimization procedures and ex post oversight mechanisms, it seems that the FAA has struck a [*306] nuanced compromise between the need to expeditiously gather foreign intelligence, and the protection of civil liberties.

Furthermore, compared to traditional FISA, the FAA relies more heavily on ex post oversight mechanisms than on ex ante warrants based on individualized suspicion - and this may be a benefit. Several scholars have questioned the effectiveness of FISA's ex ante warrants issued by a secret court based on only one-sided information provided by the government. n243 Critics of FISA argue that because the FISC approves virtually all requests for warrants, it merely serves as a rubber stamp and does not provide any genuine judicial review. The FISC has, indeed, approved almost all warrant requests - as of 2006, the FISC had approved all but five out of over 17,000 requests. n244 According to a Note written by the Harvard Law Review, ex ante judicial review to conduct foreign surveillance may be counterproductive and unworkable:

The [FISC] judge lacks a skeptical advocate to vet the government's legal arguments, which is of crucial significance when the government is always able to claim the weight of national security expertise for its position. It is questionable whether courts can play this role effectively, and, more importantly, whether they should. n245

Because the FISC has no way to evaluate the facts presented by the government, it has to assume that the government-provided facts are correct. Problematically, the FISC identified evidence of governmental misstatements and omissions of material facts in seventy-five FISA applications. n246 This evidence did not come to light until after the FISC issued the warrants. n247

Judges are also extremely deferential to claims of national security, especially when they "must weigh the national security necessity ex ante, rather than being asked to review it after the fact." n248 The Harvard Note argues that "ex ante judicial review is not only of limited effectiveness, but it is also affirmatively harmful" in that it "imparts a broader imprimatur of validity than is warranted given the limited effectiveness of judicial review." n249 Hence, as the Note observes, ex ante judicial review may impede security without providing any real privacy interest protection . n250 Therefore, the Note argues that "Congress is better situated constitutionally and better equipped institutionally to make the sort of value judgments and political determinations that are necessary [*307] to fulfill FISA's purposes." n251 The Note concludes that "those concerned with protecting civil liberties should view an end to reliance on ex ante judicial review as a chance to develop real political checks that can vigorously protect both national security and liberty interests." n252

The permutation increases the burden on the government and inhibits investigationsKerr, 10 - Professor, George Washington University Law School (Orin, “EX ANTE REGULATION OF COMPUTER SEARCH AND SEIZURE” Virginia Law Review, October, SSRN)

At the same time, all of the ex ante restrictions will necessarily be poor proxies for an ex post review of reasonableness. Instead of substituting for ex post review of reasonableness, ex ante restrictions supplement those restrictions. Ex ante limitations force the government to follow two sources of law: the reasonableness of executing the warrant imposed by reviewing courts ex post, and the restrictions imposed by the magistrate judge ex ante. If the ex ante restrictions happen to be modest, or are drafted in a way that ensures that they are always less than or equal to the restrictions of reasonableness ex post, then such restrictions will merely replicate the ex post reasonableness determinations. But every time an ex ante restriction goes beyond ex post reasonableness, the restrictions will end up prohibiting the government from doing that which is constitutionally reasonable. The limitations will be unreasonable limitations caused by judicial error.

Ex ante restrictions are highly error proneKerr, 10 - Professor, George Washington University Law School (Orin, “EX ANTE REGULATION OF COMPUTER SEARCH AND SEIZURE” Virginia Law Review, October, SSRN)

Ex ante restrictions tend to introduce constitutional errors in this environment. To be sure, such restrictions stem from the best of intentions: they reflect a good-faith effort to identify what will be constitutionally reasonable.201 However, ex ante predictions of reasonableness will be more error prone than ex post assessments for two major reasons. First, ex ante restrictions require courts to “slosh [their] way through the factbound morass of reasonableness” 202 without actual facts. Second, ex ante restrictions are imposed in ex parte hearings without legal briefing or a hearing. Both reasons suggest that ex ante restrictions often will inaccurately gauge the reasonableness of how warrants are executed. The major difficulty with ex ante restrictions is that the reasonableness of executing a warrant is highly factbound, and judges trying to impose ex ante restrictions generally will not know the facts needed to make an accurate judgment of reasonableness. Granted, magistrate judges might have a ballpark sense of the facts, from which they might derive a sense of what practices are ideal. For example, they might think that it is unreasonable to seize all of a suspect’s home computers if on-site review is possible. Alternatively, they might think it is unreasonable to conduct a search for image files if the warrant only seeks data not likely to be stored as an image. They might think it is unreasonable to keep a suspect’s computer for a very long period of time without searching it. All of these senses will be based on a rough concept of how the competing interests of law enforcement and privacy play out in typical computer searches and seizures.

At the same time, these ballpark senses of reasonableness can never improve past very rough approximation. A magistrate judge cannot get a sense of the exigencies that will unfold at each stage of the search process. The reasonableness of searching on-site will not be known until the agents arrive and determine how many computers are present, what operating systems they use, and how much memory they store. The needed time window before the government searches the seized computer depends on how much the government can prioritize that case over other cases, given existing forensic expertise and resources, as well as which agency happens to be working that case.203 The reasonableness of different search protocols depends on the operating systems, an analyst’s expertise in forensics, which forensics programs the government has in its possession, what kind of evidence the government is searching for, and whether the suspect has taken any steps to hide it.204 Finally, the reasonableness of retaining seized computers that have already been searched depends on whether the government might need the original computer as evidence or whether it ends up containing contraband that should not be returned and is subject to civil forfeiture. 205

The magistrate presented with an application for a warrant simply cannot know these things. Judges are smart people, but they do not have crystal balls that let them predict the number and type of computers a suspect may have, the law enforcement priority of that particular case, the forensic expertise and toolkit of the examiner who will work on that case, whether the suspect has tried to hide evidence, and if so, how well, and what evidence or contraband the seized computers may contain. Magistrate judges can make ballpark guesses about these questions based on vague senses of what happens in typical cases. But even assuming they take the time to learn about the latest in law enforcement resources and the computer forensics process—enough to know about typical cases—they cannot do more than come up with general rules that they think are useful for those typical cases.

The errors of ex ante restrictions are particularly likely to occur because warrant applications are ex parte. The investigators go to the judge with an affidavit and a proposed warrant.206 The judge reads

over the materials submitted. The judge can modify the warrant, but his primary decision is whether to sign or reject it. The entire process takes a matter of minutes from start to finish. No hearing occurs. There is no testimony beyond the affidavit in most cases, and the affidavit usually contains only standard language about computer searches.207 A prosecutor may be present, but need not be. Obviously, no representative of the suspect is present to offer witnesses or argument.

In that setting, judges are particularly poorly equipped to assess reasonableness. The most they can develop is a standard set of ex ante restrictions that they use in all computer warrants, perhaps one shared with other magistrate judges in their district. More careful scrutiny is both impractical and unlikely. The ability of a magistrate judge to assess reasonableness in that setting is a far cry from her ability to rule on reasonableness in an ex post hearing, in which agents and experts can take the stand and counsel for the defendant can cross-examine the agent, offer his own witnesses, submit written briefs, and present oral argument.

Ex post review significantly decreases the risk of judicial errorsKerr, 10 - Professor, George Washington University Law School (Orin, “EX ANTE REGULATION OF COMPUTER SEARCH AND SEIZURE” Virginia Law Review, October, SSRN)

The proper answer is “no.” Ex ante restrictions are unworkable and unwise for two core reasons. First, the combination of error-prone ex ante judicial review and more accurate ex post judicial review will result in systematic constitutional error. Instead of requiring reasonableness, ex ante review will result in reasonable steps being prohibited by judicial error. The likelihood of error will be a function of constitutional uncertainty. The more unclear the relevant legal rules, the more uncertain will be the restrictions needed to ensure reasonableness. However, as the law of reasonableness becomes clear, ex ante restrictions also become useless: the police will follow the rules because they know they will be imposed ex post, without a need for ex ante restrictions. From this perspective, the perceived need for ex ante restrictions is merely a response to present legal uncertainty.

Of course, it is better to prohibit unreasonable searches ex ante than invalidate them ex post while the law remains uncertain. Perhaps this carves out a role for ex ante restrictions, just as a placeholder until the law becomes settled? Again, the answer is “no.” The difficulty is that ex ante restrictions impair the ability of appellate courts and the Supreme Court to develop the law of unreasonable searches and seizures in the usual case-by-case fashion. Assuming ex ante restrictions are not null and void, they transform Fourth Amendment litigation away from an inquiry into reasonableness and towards an inquiry into compliance with the magistrate’s commands. Search and seizure law cannot develop in this environment. For that reason, ex ante restrictions cannot be temporary measures used until the law becomes settled. Ironically, those measures will actually prevent the law from being settled.

AT: Perm do the CP

The plan relies on FISA authorization to limit surveillance – that’s by definition ex ante. The CP establishes robust FISC review of surveillance after it has occurred – that’s ex postMorgan, 8 - Law Clerk to the Honorable Samuel H. Mays, Jr., United States District Court for the Western District of Tennessee. J.D., 2007, New York University School of Law (Alexander, “A BROADENED VIEW OF PRIVACY AS A CHECK AGAINST GOVERNMENT ACCESS TO E-MAIL IN THE UNITED STATES AND THE UNITED KINGDOM” 40 N.Y.U. J. Int'l L. & Pol. 803, Spring, lexis)

In this Note, I use "oversight" to refer to any form of review, be it internal or external, judicial or nonjudicial, that accompanies e-mail surveillance either before (ex ante) or after (ex post) its use. The American regime includes both ex ante and ex post oversight of e-mail surveillance. Ex ante oversight includes departmental protocols, as well as the judicial authorization requirements under the ECPA and FISA. Departmental protocols that require senior agency officials to approve applications to courts provide an administrative hurdle that informally limits the number of surveillance applications and ensures a good-faith basis for their submission. n61 Though these protocols provide initial limits on e-mail surveillance, the judiciary remains the most important, as judges provide an extrinsic check that agency officials cannot. Judges are less likely than prosecutors or executive agents to have a vested interest in an investigation's success and are therefore better suited to oversee compliance with surveillance requirements. n62

[*815] Courts are the only forum for ex post oversight in the United States. Where the government conducts surveillance in violation of statute, courts may impose penalties on the persons guilty of unauthorized surveillance and, in some cases, they may exclude the evidence from trial. n63 Suppression of evidence obtained in violation of the ECPA is available for wire or oral communications, but is inexplicably absent for e-mail. n64 Legal commentators denounce this distinction as "baseless" n65 and further argue that, without a statutory hook, criminal defendants have a lesser "incentive to raise challenges to the government's internet surveillance practices." n66

When government surveillance abridges constitutional rights, there are two avenues of redress. n67 At trial, criminal defendants may seek to suppress evidence obtained through unconstitutional means, as well as evidence derived therefrom (deemed "fruit of the poisonous tree"). n68 Victims of unconstitutional searches may also bring civil actions seeking damages for deprivation of rights under color of law. n69

Ex post oversight is qualitatively different from the plan – it allows all surveillance to occur, but establishes protections against the misuse of surveillance data. The plan severs because it has to curtail surveillance from the startSales, 14 - Associate Professor of Law, Syracuse University College of Law (Nathan, I/S: A Journal of Law and Policy for the Information Society, “Domesticating Programmatic Surveillance: Some Thoughts on the NSA Controversy” 10 ISJLP 523, Summer, lexis)

In addition to oversight by outsiders, a programmatic surveillance regime also should feature a system of internal checks within the executive branch, to review collection before it occurs, after the fact, or both. As for the ex ante checks, internal watchdogs should be charged with scrutinizing proposed bulk collection to verify that it complies with the applicable constitutional and statutory rules, and also to ensure that appropriate protections are in place for privacy and civil liberties. The Justice Department's Office of Intelligence is a well known example. The unit, which presents the government's surveillance applications to the FISA court, subjects these requests to exacting scrutiny with the goal of increasing the likelihood of surviving judicial review. n65 Indeed, the office has a strong incentive to ensure that the applications it presents are airtight, so as to preserve its credibility with the FISA court. n66 Ex post checks include such commonplace mechanisms as agency-level inspectors general, who can audit bulk collection programs, assess their legality, and make policy recommendations to improve their operation, as well as entities like the Privacy and Civil Liberties Oversight Board, which perform similar functions across the executive branch as a whole. Another important ex post check is to offer meaningful whistleblower protections to officials who know about programs that violate constitutional or statutory requirements. Allowing officials to bring their concerns to ombudsmen within the executive branch (and then eventually to Congress) can help root out lawlessness and also relieve [*539] the felt necessity of leaking information about highly classified programs to the media.

The CP doesn’t curtail surveillance – it curtails what authorities may DO with the data after it’s collected – it’s a form of harm minimization onlySales, 14 - Associate Professor of Law, Syracuse University College of Law (Nathan, I/S: A Journal of Law and Policy for the Information Society, “Domesticating Programmatic Surveillance: Some Thoughts on the NSA Controversy” 10 ISJLP 523, Summer, lexis)

A third operational consideration is the need for strong minimization requirements. Virtually all surveillance raises the risk that officials will intercept innocuous data in the course of gathering evidence of illicit activity. Inevitably, some chaff will be swept up with the wheat. The risk is especially acute with programmatic surveillance, in which the government assembles large amounts of data in the search for clues about a small handful of terrorists, spies, and other national security threats. n71 Minimization is one way to deal with the problem. Minimization rules limit what the government may do with data that does not appear pertinent to a national security investigation--e.g., how long it may be retained, the conditions under which it will be stored, the rules for accessing it, the purposes for which it may be used, the entities with which it may be shared, and so on. Congress appropriately has required

intelligence officials to adopt minimization procedures, both under FISA's longstanding particularized surveillance regime n72 and under the more recent authorities permitting bulk collection. n73 But the rules need not be identical. Because programmatic surveillance often involves the acquisition of a much larger trove of non-pertinent information, the minimization rules for bulk collection ideally would contain stricter limits on the use of inadvertently collected information for purposes unrelated to national security. In other words, the minimization procedures should reflect the anti-mission-creep principle described above.