Privacy, Security & Government Surveillance

Geoffrey Stone has a great rebuttal to John Ashcroft’s op-ed in the New York Times on wiretapping:

Suppose the government asked a private security firm to commit murder or torture or rape. Would they, too, be entitled to immunity because they acted on the basis of “explicit assurances from the highest levels of the government that the activities in question were authorized by the president and determined to be lawful”? Is there a difference in principle between these situations? Perhaps in Mr. Ashcroft’s view unlawful surveillance is different because it’s just not a sufficiently serious violation of individual freedom to expect private individuals and organizations to question the legality of the government’s request. Perhaps Mr. Ashcroft would demand legislative immunity even in cases of murder, torture, and rape. I would like to know. Second, what makes Mr. Ashcroft think that the government or the telecommunications companies could reasonably have believed in this situation that the government’s surveillance program was lawful? As a matter of fact, the clear consensus among legal and constitutional experts is that Mr. Bush’s surveillance program violated the 1978 Foreign Intelligence Surveillance Act, which expressly prohibited such conduct. Only a tiny slice of the legal profession believes that the Bush surveillance program was lawful, and almost all of them had been recruited into the Bush White House.

It was hard to pick one excerpt because it was all really good, so go read the whole thing.

An Arsticle by Ken Fisher reviews a recent talk given by Donald Kerr, principal deputy director of National Intelligence, who is second in command to Director of National Intelligence Mike McConnell.

In a recent speech, Kerr fumbled around with privacy and related concepts, concluding in Ken’s (and an AP reporter’s) opinion that he’s trying to redefine privacy in somewhat Orwellian ways.

Here’s the meat of what Kerr said:

Continue reading →

One of my favorite things about TLF is our ability to have vigorous but respectful disagreements. I appreciated Hance’s post making the case for telecom immunity, but I have to say I didn’t find it very persuasive.

I don’t understand the argument that telecom providers were facing “extraordinary circumstances” that led them to break the law. I might have some sympathy for that argument if we were talking about a program that occurred on 9/11 or in the chaotic days that followed. If the telecom providers has simply made rash decisions in their haste to prevent another attack and inadvertently broke the law, I might be sympathetic. There might be a plausible argument for providing immunity for information shared between, say, September 11 an December 31, 2001. But that’s not what we’re talking about here. If the Klein declaration is accurate—and AT&T hasn’t disputed it—the program at issue in that lawsuit started in 2003, and as far as we know it continues to this day. The Bush administration could have gone to Congress any time in 2002 and requested changes to the relevant statutes. And AT&T and Verizon could have—and indeed under the law were obligated to—do what Qwest did and tell the administration to come back when they had a warrant. They didn’t do that, and in my view they ought to be held responsible for breaking the law.

I don’t find the Posner and Kristol/Schmidtt hypotheticals very persuasive, but even if you do, they’re really beside the point. If current standards for obtaining warrants in terrorism cases are too stringent, the Bush administration should have gotten Congress to change the rules. We could have had this debate six years ago, Congress could have made a decision, and then AT&T and Verizon could have participated in whichever activities Congress approved with a clean conscience. Instead, the telcos helped the Bush administration ignore Congress, evade court scrutiny, and violate the clear requirements of the law.

So even if prospective rule changes are necessary, that doesn’t in any way justify retrospective white-washing of past lawbreaking. Granting telecom immunity will set the precedent that companies can break the law on the say-so of the executive branch, without needing to worry about what Congress or the courts might have to say about it. Which would mean the end of meaningful Congressional or judicial oversight over surveillance activities. Because telecom companies will know perfectly well that if they break the law at the request of the executive branch, the executive branch will go to the mat to make sure the law isn’t actually enforced and companies aren’t actually found liable. Once that precedent is set, it won’t matter what other rules Congress might enact, because telecom companies will have absolutely no incentive to follow them, and plenty of incentive (read: government contracts) to do the president’s bidding.

One final point: we don’t have to speculate what the world would look like if the executive branch had the power to eavesdrop on whomever it liked without meaningful judicial oversight. Martin Luther King was the most famous of the dozens of anti-war activists, civil rights leaders, journalists, and other undesirables whose communications were bugged by the Johnson and Nixon administration. There’s no evidence that the Bush administration has done anything like that. But if we eliminate meaningful judicial oversight of the executive branch’s surveillance activities, there’s every reason to think that a future administration will.

With all due respect for the views of my colleagues (here and here) and commenters, former Sen. Bob Kerrey had this, and other, mature insights in an op-ed which appeared yesterday in The Hill regarding whether to include immunity for telecom carriers in the Foreign Intelligence Surveillance Act (FISA) reauthorization:

Consider the atmosphere: the president had gone before Congress and said “one vial, one canister, one crate, slipped into this country, could bring a day of horror like none we have ever known.” So if these companies refused to cooperate, by implication, that dark day could be on their conscience. And now they cannot even defend themselves in court, because the details of the investigations remain classified.

Opposition to immunity isn’t aimed so much at punishing the telecom providers, but at obtaining information about what really happened and about reaffirming the significant legal duties that telecom providers have for safeguarding the privacy of their law-abiding customers.

Continue reading →

AFP is reporting that more than a hundred people with false identification documents were given employee security passes to Chicago’s O’Hare airport.

This is a good opportunity to compare conventional wisdom to actual security wisdom.

Continue reading →

The Information Technology & Innovation Foundation, ordinarily the source of quality thinking, has produced an embarrassingly bad paper called Don’t Shoot the Messenger: Telecommunications Carriers Deserve Immunity for facilitating illegal wiretapping and surveillance.

Here’s a sampling of the kind of reasoning that pegged my b.s. detector:

[I]n its legislation to overhaul the Foreign Intelligence Surveillance Act (FISA), Congress is poised to condone lawsuits against telecommunications carriers for complying with what they thought was a legal information-sharing program that was approved by the highest levels of government.

The D.C. Examiner reported yesterday that the D.C. Department of Motor Vehicles plans to embed drivers’ licenses with SmarTrip chips, the RFID chips increasingly used to access the Metro system.

This is another step taken to make Metro access more convenient – oh, and more subject to surveillance.

Continue reading →

In today’s New York TImes, John Ashcroft jumps on the bandwagon for giving telcos blanket immunity for their participation in illegal wiretapping programs:

At the outset, it is critical to understand what the immunity provisions the administration and Congress have negotiated actually do. This is not “blanket immunity,” as it is sometimes caricatured by its opponents. The Senate bill would confer immunity in only two limited circumstances: if the carrier did not do what the plaintiffs claim; or if the carrier did do what the plaintiffs claim but based on explicit assurances from the highest levels of the government that the activities in question were authorized by the president and determined to be lawful. Longstanding principles of law hold that an American corporation is entitled to rely on assurances of legality from officials responsible for government activities. The public officials in question might be right or wrong about the advisability or legality of what they are doing, but it is their responsibility, not the company’s, to deal with the consequences if they are wrong. To deny immunity under these circumstances would be extraordinarily unfair to any cooperating carriers. By what principle of justice should anyone face potentially ruinous liability for cooperating with intelligence activities that are authorized by the president and whose legality has been reviewed and approved by our most senior legal officials?

A couple of points immediately spring to mind here. In the first place, if “longstanding principles of law” tell us that the telcos are “entitled to rely on assurances of legality from officials responsible for government activities,” then why is new legislation necessary? Why can’t AT&T simply invoke those principles in court and get the lawsuits dismissed without Congress having to get involved?

Second, the claim that this is not “blanket immunity” is absurd. Obviously, AT&T and Verizon aren’t going to hand over customer data the executive branch hasn’t asked for. And the executive branch would never admit that its information requests were unlawful. So granting immunity for any requests the executive branch says are lawful means granting immunity for any conceivable information request. That’s blanket immunity; there’s nothing “limited” about it.

Third, the “principle of justice” Ashcroft is looking for here is the warrant requirement of the Fourth Amendment. The fundamental principle of the Fourth Amendment is that the judicial branch, not the executive branch, gets to decide when a search is “authorized.” No matter how many executive branch officials “review and approve” a search, the search isn’t constitutional unless it’s approved by a judge.

But actually, if I were in Congress I would be willing to call Ashcroft’s bluff. I’d support immunity legislation on the condition that the president appoint a special prosecutor that would commence a top-to-bottom review of all the wiretapping programs the White House has undertaken, and bring criminal charges against the relevant administration officials (including, ahem, Ashcroft himself) if he finds that any of them ran afoul of the law. Of course, the White House would never consent to that. Because they don’t really believe that executive branch officials should “deal with the consequences” of the decisions they make. To the contrary, I suspect one reason the White House is pushing so hard for immunity is that it would be embarrassing if a court found participation in its programs was illegal. They don’t believe anyone should suffer consequences for breaking the law.

An ACLU release issued yesterday reports that the Department of Homeland Security is telling state leaders that it will not enforce the REAL ID law.

“In discussions I participated in with the Department of Homeland Security, they were asked point blank, ‘What will happen to states that don’t participate?’” said Maine Secretary of State Matthew Dunlap, who was on the phone call with [DHS Assistant Secretary Richard] Barth. “The response was, ‘Nothing will happen. There will be no penalty. You can still get on a plane.’”

It’s hard to make out why the DHS is saying this and what it means. Most likely, Barth and the DHS are trying to shrink REAL ID down so far that they can convince a substantial number of states to announce compliance so they can claim a “successful program.” Later regulations could then grow it into the national ID it’s meant to be.

The fact that the REAL ID Act has no teeth, of course, means that states can refuse to comply entirely. There’s not even the (long known to be impotent) threat that their residents wouldn’t be able to get on planes.

Whatever the case, the program is in shambles. It would be cool if Congress were to go ahead and admit it, but nothing needs to happen for the last nail to go into REAL ID’s coffin.