Government Plays a Dangerous Game with Mass Surveillance

Coauthored with Sean Vitka of Demand Progress. This op-ed was originally published at The Hill on June 28, 2017.

Innocent Americans should not fear their government. Few issues are as truly bipartisan as this. When we are afraid, we change our activity in fundamental ways. We avoid actions that we fear might put us in the crosshairs of the government’s overwhelming power. We speak differently. We associate with different people.

We think — maybe just for a moment — about whether people in the government are listening to us for the wrong reasons. Multiplied across society as a whole, the effects are massive, and dangerous.

Section 702 of the Foreign Intelligence Surveillance Act (FISA) is a provision of law that allows the government to conduct mass surveillance of innocent people, including Americans. Title VII, including Section 702, is scheduled to expire at the end of 2017. Absent a fundamental rewrite, Congress should let it.

The Fourth Amendment was designed to guard against the harms government invasions of privacy wreak on a free people. It protects our homes and our private conversations, including those online, because these are where we should feel most protected from government interference. Absent a warrant or an emergency, it has no right to violate this reasonable expectation of privacy.

Unfortunately, that’s not the America we live in today.

How many of those people were simply trying to learn more about the world around them, including ongoing and seemingly endless conflicts? Another study found that those who believe innocent people need not worry about these kinds of invasions of privacy were the most likely to suppress their own minority opinions.

The lead researcher told The Washington Post: “The fact that the ‘nothing to hide’ individuals experience a significant chilling effect speaks to how online privacy is much bigger than the mere lawfulness of one’s actions.”

People have good reason to be worried. Section 702 specifically allows the government to compel American companies to provide massive amounts of information without a warrant. The Office of Director of National Intelligence (ODNI) reported an estimated 106,469 targets in 2016. These targets are not supposed to be U.S. persons — but hold your breath for one more second.

A target can be an individual but it can also be “a foreign government or international terrorist group,” according to a report on Section 702 by the executive branch’s own Privacy and Civil Liberties Oversight Board (PCLOB). The government then “‘tasks’ certain ‘selectors,’ such as telephone numbers or email addresses, that are associated with targeted persons, and it sends these selectors to electronic communications service providers to begin acquisition.”

Quoting the PCLOB again, “the Attorney General and Director of National Intelligence make annual certifications … without specifying to the FISA court the particular non-U.S. persons who will be targeted. There is no requirement that the government demonstrate probable cause to believe that an individual targeted is an agent of a foreign power.”

And about that breath: intelligence agencies can query the troves of information this collection produces for U.S. person identifiers (often called “backdoor searches”), and no “showing of suspicion that the U.S. person is engaged in any form of wrongdoing is required.”

While selectors are often described as emails or phone numbers, the “such as” in the above quote is critical: the public has no clear answer as to what could be used as a selector (and some experts wonder whether particularly broad selectors, like IP addresses of Tor nodes, might be used).

One type of selector that may satisfy the statute would be account identifiers for things like Facebook or Twitter — and that alone would explode the number of selectors (think about all the different accounts you have, plus the related cookies on your computer). The plausible range of number of selectors is exponentially greater than the incredibly large number we already know about.

Let’s distill this. Under 702, the government scans potentially all internet traffic handled by U.S. companies and then acquires all information related to an estimated 106,469 targets in 2016 alone. Each target could be as large as a foreign government. And then each individual therein has selectors, which include at least all those people’s phone numbers and email addresses, and plausibly much, much more. And while that initial batch of targets isn’t supposed to include Americans, the government claims the right to specifically search for Americans in the massive databases populated by all that information.

And they do. The 2016 transparency report shows 5,288 backdoor searches in 2016, up from 4,672 in 2015. More importantly, that number does not include the FBI, which is inexplicably exempt from these reporting requirements. That exemption is all the more stunning given another finding by PCLOB that when “an FBI agent or analyst initiates a criminal assessment or begins a new criminal investigation related to any type of crime, it is routine practice … to conduct a query of FBI databases in order to determine whether they contain information on the subject of the assessment or investigation. The databases queried may include information collected under various FISA authorities, including data collected under Section 702.”

Each level of detail adds a chill. What happens next with these selectors shows the PRISM/Upstream distinction in action. PRISM collects data “at rest” — inside the servers owned by companies like Facebook and Google. Upstream collects data “in transit,” moving across the internet’s physical infrastructure.

In short, the government claims that Section 702 allows it to scan all internet traffic on or traveling through American servers and infrastructure, to then collect all information tied to a massive number of selectors that no judge reviews, to populate databases it then specifically searches for Americans.

Damn right the public should be alarmed. Especially since all of the above is deliberate — we haven’t even touched how profound the consequences of political abuse of this power could be — which, we should note, the world has seen every time mass, warrantless surveillance has been allowed to thrive. Even in America — especially in America.

One more study illuminates the danger to freedom posed by Section 702. In 2015, Pew found that “30 [percent] of all [American] adults have taken at least one step to hide or shield their information from the government” in response to reports of mass surveillance. That’s tens of millions of Americans changing their behavior. Tens of millions of innocent people. That trust is far easier lost than gained. If Section 702 continues unchecked, the number of Americans acting less free will grow, and it will shrink only when Americans start using the internet without an expectation of privacy from their own government.

Members of Congress have a rare chance this year to thaw this chilled speech, rebuild trust, and restore privacy by rewriting Section 702 or simply by letting it expire. If they don’t, the American people will know who to blame.

Jason Pye is the director public policy and legislative affairs for FreedomWorks, an organization dedicated to limited government and lower taxes. Sean Vitka is counsel for Demand Progress and Fight for the Future, organizations dedicated to using the internet to expand democracy.