The Senate Judiciary Committee held an open hearing Tuesday on the FISA Amendments Act, the law that ostensibly authorizes the digital surveillance of hundreds of millions of people both in the United States and around the world. Section 702 of the law, scheduled to expire next year, is designed to allow U.S. intelligence services to collect signals intelligence on foreign targets related to our national security interests. However — thanks to the leaks of many whistleblowers including Edward Snowden, the work of investigative journalists, and statements by public officials — we now know that the FISA Amendments Act has been used to sweep up data on hundreds of millions of people who have no connection to a terrorist investigation, including countless Americans.
What do we mean by “countless”? As became increasingly clear in the hearing Tuesday, the exact number of Americans impacted by this surveillance is unknown. Senator Franken asked the panel of witnesses, “Is it possible for the government to provide an exact count of how many United States persons have been swept up in Section 702 surveillance? And if not the exact count, then what about an estimate?”
Elizabeth Goitein, the Brennan Center director whose articulate and thought-provoking testimony was the highlight of the hearing, noted that at this time an exact number would be difficult to provide. However, she asserted that an estimate should be possible for most if not all of the government’s surveillance programs.
None of the other panel participants — which included David Medine and Rachel Brand of the Privacy and Civil Liberties Oversight Board as well as Matthew Olsen of IronNet Cybersecurity and attorney Kenneth Wainstein — offered an estimate.
Tuesday’s hearing reaffirmed that it is not only the American people who are left in the dark about how many people or accounts are impacted by the NSA’s dragnet surveillance of the Internet. Even vital oversight committees in Congress like the Senate Judiciary Committee are left to speculate about just how far-reaching this surveillance is. It’s part of the reason why we urged the House Judiciary Committee to demand that the Intelligence Community provide the public with a number.
The lack of information makes rigorous oversight of the programs all but impossible. As Senator Franken put it in the hearing Tuesday, “When the public lacks even a rough sense of the scope of the government’s surveillance program, they have no way of knowing if the government is striking the right balance, whether we are safeguarding our national security without trampling on our citizens’ fundamental privacy rights. But the public can’t know if we succeed in striking that balance if they don’t even have the most basic information about our major surveillance programs.”
Senator Patrick Leahy also questioned the panel about the “minimization procedures” associated with this type of surveillance, the privacy safeguard that is intended to ensure that irrelevant data and data on American citizens is swiftly deleted.
Senator Leahy asked the panel: “Do you believe the current minimization procedures ensure that data about innocent Americans is deleted? Is that enough?”
David Medine, who recently announced his pending retirement from the Privacy and Civil Liberties Oversight Board, answered unequivocally:
Senator Leahy, they don’t. The minimization procedures call for the deletion of innocent Americans’ information upon discovery to determine whether it has any foreign intelligence value. But what the board’s report found is that in fact information is never deleted. It sits in the databases for 5 years, or sometimes longer. And so the minimization doesn’t really address the privacy concerns of incidentally collected communications — again, where there’s been no warrant at all in the process… In the United States, we simply can’t read people’s emails and listen to their phone calls without court approval, and the same should be true when the government shifts its attention to Americans under this program.
One of the most startling exchanges from the hearing Tuesday came toward the end of the session, when Senator Dianne Feinstein — who also sits on the Intelligence Committee — seemed taken aback by Ms. Goitein’s mention of “backdoor searches.”
Feinstein: Wow, wow. What do you call it? What’s a backdoor search?
Goitein: Backdoor search is when the FBI or any other agency targets a U.S. person for a search of data that was collected under Section 702, which is supposed to be targeted against foreigners overseas.
Feinstein: Regardless of the minimization that was properly carried out.
Goitein: Well the data is searched in its unminimized form. So the FBI gets raw data, the NSA, the CIA get raw data. And they search that raw data using U.S. person identifiers. That’s what I’m referring to as backdoor searches.
It’s deeply concerning that any member of Congress, much less a member of the Senate Judiciary Committee and the Senate Intelligence Committee, might not be aware of the problem surrounding backdoor searches. In April 2014, the Director of National Intelligence acknowledged the searches of this data, which Senators Ron Wyden and Mark Udall termed “the ‘back-door search’ loophole in section 702.” The public was so incensed that the House of Representatives passed an amendment to that year’s defense appropriations bill effectively banning the warrantless backdoor searches. Nonetheless, in the hearing Tuesday it seemed like Senator Feinstein might not recognize or appreciate the serious implications of allowing U.S. law enforcement agencies to query the raw data collected through these Internet surveillance programs. Hopefully Tuesday’s testimony helped convince the Senator that there is more to this topic than what she’s hearing in jargon-filled classified security briefings.
Tuesday’s hearing saw powerful testimony from Hon. Medine and Ms. Goitein on the need for additional oversight and reform of surveillance under Section 702, and many of the Senators present indicated deep concern about the privacy implications of these surveillance programs. Nonetheless, the hearing fell short of what we might have hoped.
It’s vitally important to improve the transparency surrounding these surveillance programs, close loopholes being exploited by the government, and ensure appropriate oversight. But unaddressed was the question of whether, as a society, we believed mass surveillance of the overwhelming majority of Internet communications is in the best interests of our society, much less Constitutional.
Section 702 of the FISA Amendments Act is set to sunset next year, which means Congress should be debating whether we benefit from renewing it at all. Are the privacy harms suffered by our society, which have a chilling effect on free speech and ramifications for a free democracy, a trade we want to make? Do we believe that the benefits of the data currently collected under Section 702 are worth such sacrifices? Or could a more conservative, carefully cabined form of signals intelligence provide necessary data for our national security interests without sacrificing our values in the process? Must we treat every person outside of the United States as if they had no right to privacy, regardless of whether they had done anything to merit surveillance? Those are the questions we’d like to see Congress addressing in the coming weeks and months.
For now, it’s clear that absent powerful reforms and safeguards for individual privacy, Congress should let Section 702 sunset altogether.
Any and all original material on the EFF website may be freely distributed at will under the Creative Commons Attribution License, unless otherwise noted. All material that is not original to EFF may require permission from the copyright holder to redistribute.