MEMORANDUM FOR: Privacy and Civil Liberties Oversight Board
FROM: Veteran Intelligence Professionals for Sanity (VIPS)
Subject: Two Administrations and Congress Dismantled the Constitution – How Can It Be Restored?
Drastic Erosion of Citizen Privacy Since 9/11
Since the events of September 11, 2001, actions by successive U.S. administrations – backed by legislation such as the Patriot Act and the FISA Amendments Act (FAA) – have eroded privacy provisions guaranteed under the U.S. Constitution. Lawsuits challenging these actions have languished, with the U.S. Supreme Court having declined to hear the one case to reach it for review, Clapper vs. Amnesty International.
Post-9/11 DOJ Legal Opinions Roll Back Rights
How did America manage to arrive at such a wretched state of affairs? Following the 9/11 attack, the Office of Legal Counsel (OLC) at the Department of Justice issued a series of legal opinions asserting that the President’s commander-in-chief powers vis-a-vis the so-called “Global War on Terror” were not to be challenged by the legislative or judicial branches. The DOJ based its opinion regarding the President’s executive power on its broad interpretation of Article 2 of the Constitution.
Then, Vice President Dick Cheney stated in the aftermath of 9/11 that “we also have to work through … the dark side …”, suggesting that because the “War on Terror” had migrated to U.S. shores, the U.S. would stray from constitutional rule-of-law protections, and that extreme measures – perhaps even including lifting privacy protections under the Foreign Intelligence Surveillance Act (FISA) of 1978 – might be taken.
However, the legal opinion issued by the Justice Department exceeded its authority, since the clause under Article 2, Section 2 does not provide for any executive powers beyond that granted the President as commander-in-chief of the U.S. military. It reads: “The President shall be Commander-in-Chief of the Army and Navy of the United States, and of the Militia of the several States, when called into the actual Service of the United States.”
The straightforward language does not grant the President the power to ignore other provisions of the Constitution or to dismiss any Public Law enacted by Congress; but shortly after 9/11, that overreach was exactly what the OLC set about to “legalize” in its series of opinion memorandums.
Despite Legal Reversals, Constitutional Abuse Unabated
In 2008 the OLC issued two reversals of the earlier post-9/11 OLC opinions of John C. Yoo, former Deputy Assistant U.S. Attorney General. The 2008 opinion issued by Steven G. Bradbury, Principal Deputy Assistant Attorney General urged that caution be exercised before relying on the Feb. 8, 2002 OLC legal opinion that the Authorization for Use of Military Force (AUMF) of Sept. 18, 2001, P.L. No. 107-40, 115 Stat. 224 (2001) be used as a precedent to conduct warrantless surveillance for the prevention of catastrophic attacks on the United States, since that 2002 interpretation of the AUMF no longer reflected the current views of the OLC.
Bradbury also took issue with the Sept. 25, 2001 OLC opinion recognizing court precedent that “deadly force is reasonable under the Fourth Amendment if used in self-defense or to protect others” and by extension of that recognition, that the “[G]overnment’s heightened interest in self-defense justifies the use of deadly force, then it certainly would also justify warrantless searches.”
Mr. Bradbury opined that by applying the deadly force principle and the Fourth Amendment’s “reasonableness” standard to warrantless searches, the fact-dependent nature of the Fourth Amendment’s “reasonableness” review is absent and is not necessarily the same “in its inception and in its scope” as is the constitutionality of the use of deadly force. Here, six years ago, the U.S. is provided two separate OLC reversals of the purported “legal” basis behind warrantless domestic surveillance, but Congress has persisted in allowing two Administrations to subvert our Constitution!
When the Edward Snowden revelations began to appear in newsprint in 2013, a strong public outcry immediately arose demanding legislation to rein in unconstitutional Government practices of the post-9/11 Surveillance State. In response, Congress drafted numerous bills to reform procedures and processes that were considered objectionable.
Several laudable attempts at reform came close to being adopted, most notably the Amash-Conyers Amendment to the 2014 National Defense Authorization Act that suffered a narrow 205-to-217 defeat; the USA Freedom Act that failed by a mere two votes in the Senate; and the Massie-Lofgren Amendment to the 2015 Defense Appropriations bill that passed the House by a large 293-123 bipartisan margin but was stripped from the 2015 Omnibus spending bill by our congressional leaders.
Sadly, the efforts of numerous members of Congress failed to sway the congressional leadership despite a clear message from their constituents that they valued privacy and other constitutional rights and rejected the idea of sacrificing those freedoms for the sake of ostensible security. It now appears unlikely Congress will take decisive action to curtail flagrantly egregious surveillance practices that were authorized through prior legislation and which remain in effect today.
In retrospect, did post-9/11 domestic surveillance provide the U.S. with any effective protection from the 2009 Fort Hood shooting, the 2009 Northwest Air Flight 253 underwear bomber, the 2010 Times Square car bomber, or the 2013 Boston Marathon bombers? Did comprehensive global surveillance prevent the Charlie Hebdo and Jewish market massacres in France?
The U.S. national security strategy against terrorism is certainly not fool-proof and likely is exacerbated by former NSA Director Keith Alexander’s “collect it all” surveillance approach. That strategy requires massive amounts of yottabytes to be stored in large facilities including the 1,000,000+ square foot Utah Data Center, the 94,000 square foot San Antonio Data Center, the 600,000 square foot Fort Meade Data Center, and NSA’s planned 2,880,000 square foot East Campus at Fort George G. Meade, Maryland.
The resulting data glut clouds the search with irrelevant data and impedes uncovering and interdicting emerging terror plots. The comprehensive collection of all the world’s communications and wide focus on parties within “a second or third hop query” from known targets remains a messy operating concept – especially given the burgeoning of various social media – when so many of the communicants caught up within such winnowing are entirely innocent from any association with terrorism. The result has been that the communications of active terrorism planners have found sanctuary in the data garbage dump created by NSA.
However, there are some plausible explanations for the practice of gathering and storing all the world’s communications. The resultant repositories can provide a comprehensive historical body of information source for analyzing communications transactions for the entire post-2001 activities of any person, friend or foe. Although this does not help to “connect the dots” that might prevent a terrorist attack, after-the-incident investigators can benefit from non-constitutional “laws” and often secret interpretations of those laws.
NSA data is routinely shared with law enforcement in some cases to help target and launch investigation of non-terrorism related (e.g. drug trafficking, tax fraud) criminal suspects. The practice of “parallel construction” can hide the fact that NSA-collected data was instrumental in tipping law enforcement and providing the original indication of criminal activity. But this practice arguably circumvents citizens’ Fourth and Fifth Amendments rights.
A second useful application of such comprehensive communication repositories is that it can assist forensic investigations into terrorist events after they’ve occurred. It may have value in more quickly identifying individuals associated with the subjects responsible for past events. But for interdicting terrorist activity in advance, Keith Alexander’s approach remains too unfocused, and any successes achieved will be more likely attributable to chance.
A sampling of Snowden revelations documented by Glenn Greenwald in his 2014 book, No Place to Hide, reflects the extent to which the U.S. Government has trampled on the Constitution
–Page 30. When repeatedly questioned by members of the Senate Select Committee on Intelligence seeking an estimate of how many Americans were subjected to having their phone calls and Internet traffic collected, intelligence officials responded that they did not maintain such data. Such denials proved to be clear cases of contempt of Congress as evidenced by the revelation of the BOUNDLESS INFORMANT program, an NSA system that maintained statistics on daily telephone and email collection activity. One example reflected one element in NSA had obtained more than three billion communications “from US communication systems alone” during a 30-day period in early 2013.
–Page 98. Former NSA Director Keith Alexander’s goal of mastering the Global Network by collecting all communications traffic can be seen as progressing smoothly based on a 2012 chart entitled “Example of Current Volumes and Limits.” The chart boasts collection of approximately 25 billion Internet sessions plus 15 billion telephone communications for early May 2012. These figures represent daily collection activity that is acquired, stored, and subjected to some cursory analysis.
–P. 111. The PRISM program targets Internet transactions by accessing the storage files maintained by ten popular and cooperative application service providers. One message excerpt reflects that PRISM was the most credited source of all NSA collection assets in fiscal year 2012 and cited to have contributed 15.1% of all intelligence reports issued. Anyone who has used Gmail, Facebook, Hotmail, Yahoo, Google, Skype, Paltalk, YouTube, AOL, or Apple applications on a computer or smart phone since September 2001 can assume their activity is safely stored in a Government data warehouse for retrospective search and analysis whenever the need arises, be it for legitimate legal purpose, some form of abusive harassment, or blackmail.
–P. 114. Although the post-9/11 rationale for warrantless domestic surveillance was for supporting the war on al Qaeda and terrorism, an April 3, 2013 message announcing that PRISM processing of Skype collection had been applied in NSA reporting with “terrorism, Syrian opposition and regime, and exec/special series reports being the top topics” and that over 2000 reports had “been issued since April 2011 based on PRISM Skype collection.” This evidence is a bold admission that the original justification for extensive domestic surveillance for interdicting al Qaeda has experienced broad mission creep.
–P. 116. The unconstitutional law enforcement practice of aiding criminal investigations through the use of “parallel construction” using NSA data was first reported by Reuters on Aug. 5, 2013. That report identified the existence of the Special Operations Division composed of two dozen partner agencies including NSA, CIA, FBI, DEA, IRS, and DHS.
A message entitled “Expanding PRISM Sharing With FBI and CIA” dated Aug. 31, 2012, announced that NSA’s “Special Source Operations (SSO) has recently expanded sharing with the Federal Bureau of Investigations (FBI) and the Central Intelligence Agency (CIA) on PRISM operations via two projects. . . . The FBI and CIA then can request a copy of PRISM collection from any selector, as allowed under the 2008 Foreign Intelligence Surveillance Act (FISA) Amendments Act law.” Thus, law enforcement entities have access to data gathered under the guise of laws enacted to counter terrorism to investigate non-terrorism related criminal activities.
–P. 125. In many instances of public testimony given by NSA leadership, the Director of National Intelligence, and the President, Americans have repeatedly been assured the public has nothing to fear as dossiers are not being gathered on us and that U.S. communications are protected by cautious and effective oversight through a process known as “minimization.”
A Memorandum of Understanding between NSA and the Israeli intelligence service states, “NSA routinely sends ISNU [the Israeli SIGINT National Unit] minimized and non-minimized raw collection.” How then are American communications being protected once collected by our Government and shared with foreign nations in the raw without having undergone minimization, the process by which the identifying attributes of U.S. persons are removed? Obviously, American elected and appointed officials have been spinning fact into fiction when it comes to the subject of minimization being an effective mechanism to protect privacy.
–P. 128. U.S. Government leaders repeatedly have assured the public that the Foreign Intelligence Surveillance Court (FISC) protects the public’s legal interests as a representative of the Judicial Branch. While the FISC is composed of judges, they are appointed by the Chief Justice and sit ex parte in secret with only Government lawyers present. The FISC is considered an Article II court, as opposed to an Article III court familiar to most Americans. Hence they do not represent the Judicial Branch, but rather the Executive Branch and claims they fulfill the third branch of government oversight, in addition to the Executive and Legislative Branches, are not grounded in truth.
The FISC repeatedly is accused of acting as a “rubber stamp” for Government’s requests for warrant authorization. Greenwald reports that throughout the period of 1979 – 2012, only eleven (11) applications for warrants were rejected, while it “approved over twenty thousand requests.” According to Wikipedia, the cumulative warrants issued by the FISC totaled 33,942 through 2012. Whichever number is closer to actuality, the message is clear that the Executive Branch pretty much gets its way, and the FISC does not appear to have the public’s privacy interests at heart.
–P. 153 – 160. The X-KEYSCORE system is described through a series of slides indicating that its use by analysts provides capabilities for both real-time and historical recovery of each keystroke, thus permitting the reconstruction of every communication session performed by unsuspecting Internet users, even against the U.S. persons not involved with terrorism. Further, images and documents attached to emails can also be examined by the system. Any oversight of its use by analysts is limited to an after-the-fact review of the justification entered by the analyst for the basis of his/her query.
As one might deduce, such a system targeting the world’s Internet traffic vacuums up enormous quantities of data packets. A report mentioned on p. 159 states, “At some sites the amount of data we receive per day (20+ terabytes) can only be stored for as little as 24 hours based on available resources.” With volumes like that obtained by NSA’s numerous collection facilities, it’s understandable why central storage facilities such as the behemoth Utah Data Center had to be constructed.
The Risks of Permanent Privacy Loss
Americans have been living under the Surveillance State now for over 13 years, and no measures have been instituted to protect U.S. citizen privacy, only to lessen it though the authorization of the Patriot Act and the Foreign Intelligence Surveillance Act (FISA) Amendments Act (FAA). Shallow claims have been made by Presidents Bush and Obama, former NSA Directors Mike Hayden and Keith Alexander, Director of National Intelligence Jim Clapper, and congressional leaders including Senator Dianne Feinstein, Congressman Dutch Ruppersberger, and former Congressman Mike Rogers in attempts to reassure citizen privacy is safely protected using rhetoric claiming the Government is only searching for terrorist communications.
But after all the lies and denials, how are U.S. citizens to trust politicians and intelligence officials to uphold the Constitution and particularly, the First and Fourth Amendments? The U.S. Government’s past history of abusive surveillance practices is not to be ignored.
In 1956, the FBI initiated a classified program known as the Counter Intelligence Program (COINTELPRO) that focused on organization surveillance and infiltration with the intent to disrupt and hamper political dissidents. FBI COINTELPRO agents spied upon individuals associated with the civil rights movement, including the National Association for the Advancement of Colored People, the Southern Christian Leadership Council, and the Congress of Racial Equality as well as activists supporting the American Indian Movement and women’s rights, and opponents of the Vietnam War.
COINTELPRO finally was terminated 15 years later in 1971 after private citizens took a page from the FBI handbook and broke into a Pennsylvania FBI field office stealing incriminating documents that exposed the program, releasing them to the media.
Between 1967 – 1973, NSA operated the MINARET program targeting the communications of over 1,600 U.S. organizations and citizens on behalf of the FBI, CIA, Secret Service, Defense Department, and Bureau of Narcotics and Dangerous Drugs, none supported by a warrant certified by a judge. In 1969, almost 150,000 telephone calls, telegrams, and cablegrams were being collected and analyzed monthly at NSA.
Those whose communications were captured included civil rights leaders Martin Luther King, Jr. and Whitney Young, Vietnam War critics Muhammad Ali and Jane Fonda, Senators Howard Baker and Frank Church, news journalist Tom Wicker, and humorist Art Buchwald. NSA terminated the program following a Senate investigation and admitted MINARET had produced approximately 1,900 reports on targeted Americans.
Freedom of speech and self-expression were under assault by the FBI and NSA during the 50s, 60s, and 70s. Today, with congressional backing through the Patriot Act and the FAA, augmented by an absence of any truly meaningful oversight, population surveillance has returned but on a much more grandiose scale. Consequently, with the risks associated with wide-scale sharing of the acquired data, the potential for abuse is alarmingly elevated.
The Fear Factor
If Americans want to actively protest U.S. Government policies, but are aware that their communications are being monitored, some individuals will be fearful, inclined toward self-censorship and less likely to speak out – with the chilling effect of being denied their First Amendment rights to free speech and association.
With the Government’s surveillance resources devoted to electronic communications, facial image capture, retina scans, GPS and E-ZPass tracking, license plate readers, banking transactions, and air travel reservations, those with access to the data will be free to develop their own “threat” profiles to target people with tragic consequences for citizens’ freedom of speech, press, religion, and association.
Is this the state of freedom Americans choose to live under? It was achieved through a cooperative Congress and an anxious news media that reacted on the basis of a fear-mongering Intelligence and Law Enforcement Community backed by profiteers from the private sector eager to come to the rescue with all manners of big data analytics solutions. Over the ensuing years, public malaise seems to have set in yielding a general sense of resignation over the loss of privacy wherein it’s viewed to be a small price to pay for the convenience of having perpetual electronic access within reach 24/7.
Few seem to understand what is at stake, let alone know what to do about it. Indeed the Founders fought the American Revolution after King George III forced colonists to house British troops in their homes where they could monitor behavior. Two hundred and forty-five years later, the public must realize that liberty, once lost, is seldom regained, and the freedom of privacy that American citizens enjoyed before September 11, 2001, is now forever lost unless the Government acts quickly to restore these rights.
Since such Government action is unlikely to take place absent public pressure, the public should strongly demand reforms before three key Surveillance State authorities, set to expire in June 2015, are brought up for renewal by hawkish congressmen – Section 215, the Lone Wolf provision, and the roving wiretap provision. The disclosures of assaults to our basic freedoms that have come to light since June 2013 are not solely threats to our privacy but also to the Republic itself.
Presidential Action Needed
The December 2013 report by the President’s Review Group on Intelligence and Communications Technologies stated “surveillance of American phone metadata has had no discernible impact on preventing acts of terrorism.” The study concluded that the searches under two provisions, Section 215 of the Patriot Act and Section 702 of the 2008 FISA Amendments Act, that purportedly authorize NSA bulk collection of U.S. citizens’ phone and Internet metadata were far less effective in detecting alleged terrorists than the NSA and Obama administration had reported.
Shortly after the Review Group issued its report, President Obama signed a Presidential Policy Directive on Signals Intelligence Activities (PPD-28) on Jan. 17, 2014. But although PPD-28 specifies limitations on bulk collection, a number of loopholes render the Directive useless – a mere whitewash of the problem.
Moreover, any hope that the U.S. Courts will rescue the country from its constitutional crisis remains a low probability. In most cases the Government argues that plaintiffs lack standing due to lack of proof of personal harm often resulting in suit dismissal. In contesting NSA eavesdropping complaints that surmount the legal challenge of establishing “standing,” the courts have applied a poorly reasoned precedent from Smith vs. Maryland where individuals do not have a reasonable expectation of privacy in the phone numbers they dial.
In Smith vs. Maryland, only one phone number was monitored, whereas current bulk collection based on Smith clearly violates the Fourth Amendment constraint of “particularity.” The only NSA surveillance case to be elevated to the Supreme Court, Clapper vs. Amnesty International USA, resulted in a 5-4 dismissal without trial based on plaintiffs’ lack of standing because they could not prove they had been monitored. Again, the Government said the information that would provide such proof is classified, hence not available for disclosure.
If Congress fails to act on restoring the First and Fourth Amendments to their proper standing, the President should issue an Executive Order that fully restores the legal protections inherent in the original Foreign Intelligence Surveillance Act and halts application of unconstitutional authorities granted under E.O. 12333 thus forcing Congress to repeal the FISA Amendments Act and Section 215 of the Patriot Act.
Recommended Starting Points to Restoring Privacy and Maintaining Security
U.S. Government administrators, members of Congress, and former NSA Directors cite the need to balance privacy with security, placing far greater weight on favoring security. But is it really true that security is gained only at the expense of a loss of privacy? The answer is no!
An equal or greater level of security can be achieved with little or no loss in privacy protections if the U.S. Government were to adopt some modest changes in its surveillance operations. Furthermore, security will ultimately be enhanced if public discussions of national security policy were encouraged rather than chilled through cover of state secrets and fear of reprisal. The Framers of the Constitution intended public discussion, the wisdom of which has been confirmed by failures of closed government systems.
First, the homegrown and imported terrorism risk can be more effectively dealt with through more careful review of passports, including visa waiver programs, and scrutiny of other travel documentation indicating travel to/from known war zones and terrorist training areas.
Second, no U.S. person is to be treated by general FISC warrants. Bulk electronic surveillance previously supported under Sec. 215 of the Patriot Act and Sec. 702 of the FAA should be banned. Storage and analysis of any U.S. person metadata and/or content previously made possible through general FISC warrants, must be conducted with a specific warrant describing the person or thing to be searched and supported by satisfaction of the probable cause standard.
Application of the low standard known as “reasonable articulable suspicion” is not an acceptable metric for acquiring, storing, or analyzing the electronic communications of any U.S. person. (As defined under FISA, “United States person” means a citizen of the United States, an alien lawfully admitted for permanent residence, an unincorporated association a substantial number of members of which are citizens of the United States or aliens lawfully admitted for permanent residence, or a corporation which is incorporated in the United States, but does not include a corporation or an association which is a foreign power).
Third, in the normal course of electronic surveillance activity, data associated with a private U.S. person whose communications are incidentally acquired (i.e. not intentionally targeted) in the course of an authorized and targeted collection activity is to immediately be subjected to an anonymization process.
All personally identifying attributes associated with the person are thus to be encrypted and remain encrypted in storage until a specific warrant is obtained (should probable cause develop) from the FISC permitting decryption of the person’s identifying attributes (e.g. name, address, phone number, SIM card number, IP address, domain name server address). The anonymization of the data would take place prior to recording in any form of storage, and would also apply to any U.S. person engaging in communication with terrorist targets or their web sites – whether intentional or unintentional.
With these few changes, sufficient security could be maintained with more focused targeting. Most pre-9/11 privacy protections could then be restored. U.S. Government data warehouses would no longer be cluttered with the electronic communications of innocent persons — shrinking the digital haystack to focus on targets for which surveillance is supported by “probable cause.”
But it is not enough to restore the privacy rights of U.S. citizens. There must also be a formal, comprehensive government-wide review of surveillance operations, followed by the enactment of reforms. Furthermore, regular ad hoc “surprise” inspections and technology-enabled audits of surveillance system information technology components should be conducted by trained U.S. Government officials and be completely independent and unobstructed.
Any individual or agency found to have violated the law by overstepping surveillance restrictions should face immediate accountability, including termination and revocation of security clearances as warranted, and be appropriately charged under the relevant U.S. laws.
Edward Loomis (NSA, ret.) is the principal drafter of this Memorandum. It updates the Jan. 7, 2014 VIPS Memorandum for the President, from former senior NSA officials, entitled “Input for Your Decisions on NSA.”
For the Steering Group, Veteran Intelligence Professionals for Sanity (VIPS)
William Binney, former Technical Director, World Geopolitical & Military Analysis; Co-founder of the SIGINT Automation Research Center
Thomas Drake, former Defense Intelligence Senior Executive Service, NSA
Philip Giraldi, CIA, Operations Officer (ret.)
Larry Johnson, CIA analyst & State Department/counterterrorism, (ret.)
John Kiriakou, Former CIA Counterterrorism Officer
Edward Loomis, NSA Cryptologic Computer Scientist, (ret.)
David MacMichael, USMC & National Intelligence Council (ret.)
James Marcinkowski, attorney/former CIA operations officer
Ray McGovern, Army Infantry/Intelligence officer & CIA presidential briefer (ret.)
Elizabeth Murray, Deputy National Intelligence Officer for the Near East, National Intelligence Council (ret.)
Todd E. Pierce, MAJ, U.S. Army Judge Advocate (ret.), former U.S. Army military commissions defense counsel
Diane Roark, former staff, House Permanent Select Committee on Intelligence (associate VIPS)
Coleen Rowley, retired FBI Agent and former Minneapolis Division Legal Counsel
Peter Van Buren, former diplomat, Department of State (associate VIPS)
Kirk Wiebe, Senior Analyst, SIGINT Automation Research Center, NSA (ret.)
Lawrence Wilkerson, Colonel (USA, ret.), Distinguished Visiting Professor of Government and Public Policy at the College of William and Mary
Ann Wright, retired U.S. Army reserve colonel and former US diplomat who resigned in 2003 in opposition to the Iraq War