The Snowden Reader
Page 32
We recommend that for big data and data-mining programs directed at communications, the US Government should develop Privacy and Civil Liberties Impact Assessments to ensure that such efforts are statistically reliable, cost-effective, and protective of privacy and civil liberties.
Recommendation 36
We recommend that for future developments in communications technology, the US should create program-by-program reviews informed by expert technologists, to assess and respond to emerging privacy and civil liberties issues, through the Civil Liberties and Privacy Protection Board or other agencies.
Recommendation 37
We recommend that the US Government should move toward a system in which background investigations relating to the vetting of personnel for security clearance are performed solely by US Government employees or by a non-profit, private sector corporation.
Recommendation 38
We recommend that the vetting of personnel for access to classified information should be ongoing, rather than periodic. A standard of Personnel Continuous Monitoring should be adopted, incorporating data from Insider Threat programs and from commercially available sources, to note such things as changes in credit ratings or any arrests or court proceedings.
Recommendation 39
We recommend that security clearances should be more highly differentiated, including the creation of “administrative access” clearances that allow for support and information technology personnel to have the access they need without granting them unnecessary access to substantive policy or intelligence material.
Recommendation 40
We recommend that the US Government should institute a demonstration project in which personnel with security clearances would be given an Access Score, based upon the sensitivity of the information to which they have access and the number and sensitivity of Special Access Programs and Compartmented Material clearances they have. Such an Access Score should be periodically updated.
Recommendation 41
We recommend that the “need-to-share” or “need-to-know” models should be replaced with a Work-Related Access model, which would ensure that all personnel whose role requires access to specific information have such access, without making the data more generally available to cleared personnel who are merely interested.
Recommendation 42
We recommend that the Government networks carrying Secret and higher classification information should use the best available cyber security hardware, software, and procedural protections against both external and internal threats. The National Security Advisor and the Director of the Office of Management and Budget should annually report to the President on the implementation of this standard. All networks carrying classified data, including those in contractor corporations, should be subject to a Network Continuous Monitoring Program, similar to the EINSTEIN 3 and TUTELAGE programs [that protect against intrusions into government civilian and military networks], to record network traffic for real time and subsequent review to detect anomalous activity, malicious actions, and data breaches.
Recommendation 43
We recommend that the President’s prior directions to improve the security of classified networks, Executive Order 13587, should be fully implemented as soon as possible.
Recommendation 44
We recommend that the National Security Council Principals Committee should annually meet to review the state of security of US Government networks carrying classified information, programs to improve such security, and evolving threats to such networks. An interagency “Red Team” should report annually . . . with an independent, “second opinion” on the state of security of the classified information networks.
Recommendation 45
We recommend that all US agencies and departments with classified information should expand their use of software, hardware, and procedures that limit access to documents and data to those specifically authorized to have access to them. The US Government should fund the development of, procure, and widely use on classified networks improved Information Rights Management software to control the dissemination of classified data in a way that provides greater restrictions on access and use, as well as an audit trail of such use.
Recommendation 46
We recommend the use of cost-benefit analysis and risk-management approaches, both prospective and retrospective, to orient judgments about personnel security and network security measures.
Liberty and Security in a Changing World: Report and Recommendations of the President’s Review Group on Intelligence and Communications Technologies, December 12, 2013, Executive Summary, 14–42.
Source: White House, http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf.
31
Privacy and Civil Liberties Oversight Board,
Report on the Telephone Metadata Program
and FISC, Executive Summary
As Lee Hamilton described in chapter 3, the 9/11 Commission recommended in 2004 the establishment of an oversight board to ensure respect for civil liberties in counterterrorism policies, but years passed before the Privacy and Civil Liberties Oversight Board (PCLOB) was established and functioning. Within one week of the initial Snowden disclosures about the telephone metadata and Section 702 programs, members of Congress asked the PCLOB to investigate these programs to contribute to the debate Congress and the public were starting to have about the NSA’s activities and civil liberties. The PCLOB issued its report on the telephone metadata program and the operations of the FISC on January 23, 2014. Although President Obama announced reforms to NSA activities in his January 17, 2014, speech (Document 36) and a presidential policy directive, the PCLOB’s report still made waves by arguing that the telephone metadata program had no legal basis in Section 215 of the USA PATRIOT Act, violated other U.S. laws, raised serious constitutional concerns, and had not demonstrated any effectiveness as a counterterrorism tool.
EXECUTIVE SUMMARY
The statute creating the Privacy and Civil Liberties Oversight Board (“PCLOB” or “Board”) directs the Board to analyze and review actions taken by the executive branch to protect the nation from terrorism, “ensuring that the need for such actions is balanced with the need to protect privacy and civil liberties.” In pursuit of this mission, the PCLOB has conducted an in-depth analysis of the bulk telephone records program operated by the National Security Agency (“NSA”) under Section 215 of the USA PATRIOT Act (“Patriot Act”). The Board’s examination has also included a review of the operation of the Foreign Intelligence Surveillance Court (“FISC” or “FISA court”). . . .
I. Overview of the Report
A. Background: Description and History of the Section 215 Program
The NSA’s telephone records program . . . is intended to enable the government to identify communications among known and unknown terrorism suspects, particularly those located inside the United States. When the NSA identifies communications that may be associated with terrorism, it issues intelligence reports to other federal agencies, such as the FBI, that work to prevent terrorist attacks. The FISC order authorizes the NSA to collect nearly all call detail records generated by certain telephone companies in the United States, and specifies detailed rules for the use and retention of these records. Call detail records typically include much of the information that appears on a customer’s telephone bill: the date and time of a call, its duration, and the participating telephone numbers. Such information is commonly referred to as a type of “metadata.” The records collected by the NSA under this program do not, however, include the content of any telephone conversation.
After collecting these telephone records, the NSA stores them in a centralized database. Initially, NSA analysts are permitted to access the . . . records only through “queries” of the database. A query is a search for a specific number or other selection term within the database. Before any specific number is used as the search target or “seed” for a query, one of twenty-two designated NS
A officials must first determine that there is a reasonable, articulable suspicion (“RAS”) that the number is associated with terrorism. Once the seed has been RAS-approved, NSA analysts may run queries that will return the calling records for that seed, and permit “contact chaining” to develop a fuller picture of the seed’s contacts. Contact chaining enables analysts to retrieve not only the numbers directly in contact with the seed number (the “first hop”), but also numbers in contact with all first hop numbers (the “second hop”), as well as all numbers in contact with all second hop numbers (the “third hop”).
The Section 215 telephone records program has its roots in counterterrorism efforts that originated in the immediate aftermath of the September 11 attacks. The NSA began collecting telephone metadata in bulk as one part of . . . the President’s Surveillance Program. From late 2001 through early 2006, the NSA collected bulk telephony metadata based upon presidential authorizations issued every thirty to forty-five days. In May 2006, the FISC first granted an application by the government to conduct the telephone records program under Section 215. . . .
On June 5, 2013, . . . the Guardian published an article based on unauthorized disclosures of classified documents by Edward Snowden, a contractor for the NSA, which revealed the telephone records program to the public. On August 29, 2013, FISC Judge Claire Eagan issued an opinion explaining the court’s rationale for approving the Section 215 telephone records program. Although prior authorizations of the program had been accompanied by detailed orders outlining applicable rules and minimization procedures, this was the first judicial opinion explaining the FISA court’s legal reasoning in authorizing the bulk records collection. . . .
Over the years, a series of compliance issues were brought to the attention of the FISA court by the government. However, none of these compliance issues involved significant intentional misuse of the system. Nor has the Board seen any evidence of bad faith or misconduct on the part of any government officials or agents involved with the program. Rather, the compliance issues were recognized by the FISC—and are recognized by the Board—as a product of the program’s technological complexity and vast scope, illustrating the risks inherent in such a program.
B. Legal Analysis: Statutory and Constitutional Issues
Section 215 is designed to enable the FBI to acquire records that a business has in its possession, as part of an FBI investigation, when those records are relevant to the investigation. Yet the operation of the NSA’s bulk telephone records program bears almost no resemblance to that description. While the Board believes that this program has been conducted in good faith . . . , the Board concludes that Section 215 does not provide an adequate legal basis to support the program.
There are four grounds upon which we find that the telephone records program fails to comply with Section 215. First, the telephone records acquired . . . have no connection to any specific FBI investigation at the time of their collection. Second, because the records are collected in bulk—potentially encompassing all telephone calling records across the nation—they cannot be regarded as “relevant” to any FBI investigation as required by the statute without redefining the word relevant in a manner that is circular, unlimited in scope, and out of step with the case law . . . involving the production of records. Third, the program operates by putting telephone companies under an obligation to furnish new calling records on a daily basis . . . (instead of turning over records already in their possession)—an approach lacking foundation in the statute and one that is inconsistent with FISA as a whole. Fourth, the statute permits only the FBI to obtain items for use in its investigations; it does not authorize the NSA to collect anything.
In addition, . . . the program violates the Electronic Communications Privacy Act. That statute prohibits telephone companies from sharing customer records with the government except in response to specific enumerated circumstances, which do not include Section 215 orders.
Finally, we do not agree that the program can be considered statutorily authorized because Congress twice delayed the expiration of Section 215 during the operation of the program without amending the statute. The “reenactment doctrine,” under which Congress is presumed to have adopted settled administrative or judicial interpretations of a statute, does not trump the plain meaning of a law, and cannot save an administrative or judicial interpretation that contradicts the statute itself. Moreover, the circumstances presented here differ in pivotal ways from any in which the reenactment doctrine has ever been applied, and applying the doctrine would undermine the public’s ability to know what the law is and hold their elected representatives accountable for their legislative choices.
The NSA’s telephone records program also raises concerns under both the First and Fourth Amendments. . . . We explore these concerns and explain that while government officials are entitled to rely on existing Supreme Court doctrine in formulating policy, the existing doctrine does not fully answer whether the Section 215 telephone records program is constitutionally sound. In particular, the scope and duration of the program are beyond anything ever before confronted by the courts, and as a result of technological developments, the government possesses capabilities to collect, store, and analyze data not available when existing Supreme Court doctrine was developed. Without seeking to predict the direction of changes in Supreme Court doctrine, the Board urges as a policy matter that the government consider how to preserve underlying constitutional guarantees in the face of modern communications technology and surveillance capabilities.
C. Policy Implications of the Section 215 Program
The threat of terrorism . . . is real. The Section 215 telephone records program was intended as one tool to combat this threat. . . . However, . . . the Section 215 program has shown minimal value in safeguarding the nation from terrorism. Based on the information provided to the Board, including classified briefings and documentation, we have not identified a single instance involving a threat to the United States in which the program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack. And we believe that in only one instance over the past seven years has the program arguably contributed to the identification of an unknown terrorism suspect. Even in that case, the suspect was not involved in planning a terrorist attack and there is reason to believe that the FBI may have discovered him without the contribution of the NSA’s program.
The Board’s review suggests that where the telephone records . . . have provided value, they have done so primarily in two ways: by offering additional leads regarding the contacts of terrorism suspects already known to investigators, and by demonstrating that foreign terrorist plots do not have a U.S. nexus. . . . But with respect to the former, our review suggests that the Section 215 program offers little unique value but largely duplicates the FBI’s own information gathering efforts. And with respect to the latter, . . . we question whether the American public should accept the government’s routine collection of all of its telephone records because it helps in cases where there is no threat to the United States.
The Board also has analyzed the Section 215 program’s implications for privacy and civil liberties and has concluded that they are serious. Because telephone calling records can reveal intimate details about a person’s life, particularly when aggregated with other information and subjected to sophisticated computer analysis, the government’s collection of a person’s entire telephone calling history has a significant and detrimental effect on individual privacy. The circumstances of a particular call can be highly suggestive of its content, such that the mere record of a call potentially offers a window into the caller’s private affairs. Moreover, when the government collects all of a person’s telephone records, storing them for five years in a government database that is subject to high-speed digital searching and analysis, the privacy implications go f
ar beyond what can be revealed by the metadata of a single telephone call.
Beyond such individual privacy intrusions, permitting the government to routinely collect the calling records of the entire nation fundamentally shifts the balance of power between the state and its citizens. With its powers of compulsion and criminal prosecution, the government poses unique threats to privacy when it collects data on its own citizens. Government collection of personal information on such a massive scale also courts the ever-present danger of “mission creep.” An even more compelling danger is that personal information collected by the government will be misused to harass, blackmail, or intimidate, or to single out for scrutiny particular individuals or groups. To be clear, the Board has seen no evidence suggesting that anything of the sort is occurring at the NSA and the agency’s incidents of non-compliance with the rules approved by the FISC have generally involved unintentional misuse. Yet, while the danger of abuse may seem remote, given historical abuse of personal information by the government during the twentieth century, the risk is more than merely theoretical.
Moreover, the bulk collection of telephone records can be expected to have a chilling effect on the free exercise of speech and association, because individuals and groups engaged in sensitive or controversial work have less reason to trust in the confidentiality of their relationships as revealed by their calling patterns. Inability to expect privacy vis-à-vis the government in one’s telephone communications means that people engaged in wholly lawful activities—but who for various reasons justifiably do not wish the government to know about their communications—must either forgo such activities, reduce their frequency, or take costly measures to hide them from government surveillance. The telephone records program thus hinders the ability of advocacy organizations to communicate confidentially with members, donors, legislators, whistleblowers, members of the public, and others. For similar reasons, awareness that a record of all telephone calls is stored in a government database may have debilitating consequences for communication between journalists and sources.