Exposing the Surveillance State

The mixed reactions to the IRS and NSA surveillance scandals illustrate the astuteness of Richard Nixon’s remark that:

…to the average guy, whether the Republicans bugged the Democrats doesn’t mean a… thing. It means something to intellectuals…. But the average guy is chewing his pretzel. He’s interested in jobs. He’s interested in war and peace and defense and patriotism and that’s about it… [Sep. 8, 1972]

Illegal spying (using informants, wiretaps, bugs, mail opening, break-ins, tax investigations) has been routinely practiced by both political parties since the time of FDR. At first, this was usually done through the FBI, and such operations against political enemies and subversives were centralized under the COINTELPRO program from 1956 until its exposure in 1971.

Various abuses of power (Watergate, assassinations of foreign leaders, covert coups) led to the formation of the Church Committee, whose public reports (1975-76) exposed past crimes in order to promote legislation against future abuses.

To prevent continued abuse of surveillance powers by the FBI, CIA, IRS and NSA, Congress passed the Foreign Intelligence Surveillance Act (FISA) in 1978, which prohibited surveillance of Americans by the military, CIA and NSA, and required court approval for surveillance requests, under a system subject to congressional oversight.

From its inception, the Foreign Intelligence Surveillance Court (FISC) has operated in secret, approving 99.9% of surveillance requests. It is not a mere “rubber stamp” on that account; rather, the Department of Justice vets all applications so that only those known to meet a judge’s standards will be submitted.

There are two standards that FISA requests need to meet regarding privacy: (1) probable cause against the foreign national(s) who are the primary target of surveillance; and (2) relevance (a lower standard) of persons or communications lines to be monitored. The second standard is designed to minimize surveillance of innocent parties, while recognizing that this is sometimes practically necessary.

In the 1990s, the Bush and Clinton administrations adapted the Cold War era ECHELON signal intercept system to operate on newer Internet and satellite technologies. This global surveillance system was apparently used to spy even on private entities in friendly countries and to acquire industrial secrets. The existence and abuse of this system was documented in a European Parliament report in 2001.

Prior to the 9/11 attacks, the surveillance state was already expanding its domain. From 1996 to 2000, the number of FISA line attorneys increased from six or seven to 20-25, and the number of applications increased from 839 to 1005. Yet this was mild compared to the post-9/11 spike. In 2003, there were 1727 applications, and in 2005, there were 2074 requests, 2072 of which were approved. [See FISA annual reports]

Under the PATRIOT Act of 2001, the Bush administration claimed broad surveillance authority beyond what was authorized by FISA. From 2001 through 2006, the NSA conducted wiretapping operations without FISC approval on persons inside the U.S. They claimed presidential authority sufficed as long as one party to the conversation was a suspected foreign terrorist or associate. When it was revealed that even purely domestic calls were included in surveillance, public pressure resulted in an amendment to FISA so that this “terrorist surveillance program” would require FISC approval when monitoring U.S. nationals.

Ironically, the amendment to FISA made possible the recently leaked PRISM program, which allows the NSA to access user data from major Internet companies.

The latest NSA scandal does not involve bypassing the FISA court. Nor is there a Fourth Amendment violation, since the Supreme Court ruled in Smith v. Maryland (1979) that telephone register data is not constitutionally protected. Rather, the vast number of lines monitored – all Verizon customers – suggests that the statutory FISA relevance standard has been practically obliterated.

Indeed, James Baker, Bush’s DOJ point man for FISA applications, said in 2007 regarding the warrantless wiretapping: “We had five years of building up the law before the FISA court, building up precedents, getting to where we needed to be to be able to file this application, have the court consider it and then have them approve it.” This suggests that there has been an evolution in what the judges have been willing to approve, gradually expanding what is permitted to the executive branch.

What is being monitored? First, if you are not a U.S. citizen or permanent resident, the U.S. government claims the right to spy on you with impunity. The U.S. government does not recognize privacy as a natural human right, only as an American legal right. This is contrary to the Founders’ understanding of the Bill of Rights, which was a recognition of rights already held by the people, not granted to them by the state. Instead of enlightened cosmopolitanism, we have regressed to nationalist tribalism.

Second, although the FISA request in question concerns only “metadata” (i.e., who called whom when), the “incidental” collection and viewing of content can be conducted on the authority of an analyst under section 702 of the FISA Amendments Act (FAA). Indeed, public denials that our communications are read may be only technically true. Every phone call, e-mail, and other electronic message can be stored without necessarily being read by a human. NSA whistleblowers claim that the agency collects records on all domestic phone calls, and that they may even read or listen to the content of domestic communications on the authority of an analyst alone. [A summary of past and current surveillance programs can be found in a recent Washington Post article.]

Under the 1994 law known as CALEA, all U.S. phone companies were required to make their networks facilitate wiretapping, changing the hardware at their own (and their customers’) expense. This requirement has been expanded to VoIP and broadband communications. All U.S. electronic communications are required to be accessible to the government. For foreign communications, the NSA hacks into backbone Internet architecture, since no veneer of legality is required to spy on foreigners.

The sheer capacity of the NSA’s Utah Data Center, over 1 septillion bytes, implies that far more than metadata is being stored. There are 3 billion calls per day made in the U.S., and 12.4 billion globally. There are 30 billion e-mails per day globally (excluding spam and viruses). If we generously allow 1 kilobyte of metadata per communication (100 bytes would be more reasonable), then the Utah Data Center already has a billion times more capacity than needed to log every call in the U.S. for the past seven years, or 100 million times more than needed to track every call and e-mail in the world. Yet the government is expanding the facility, adding greatly to its capacity. Clearly, content is being stored, and since the average phone call has about 200 kilobytes of audio (e-mails are even smaller), the facility is capable of comfortably storing every phone call and e-mail worldwide from the past seven years.

How should one respond? First, give the U.S. government zero trust on this matter, which is the fair price they should pay for secrecy. They have no qualms about lying or giving misleading, technically true statements, since they have rationalized their deception in the name of national security, which really means the security of their own power.

Second, assume that all electronic communications are monitored. You can try to avoid this by using encrypted e-mail, which prevents interception in transit, since RSA encryption is computationally unbreakable. Keep in mind, however, that hosting ISPs in the U.S. must be CALEA-compliant, so e-mail is vulnerable once stored on their servers. This vulnerability can be minimized by using foreign ISPs, self-hosting, or real-time downloading of e-mail off of servers. Naturally, the most sensitive data should be kept offline or at least backed up offline.

Another approach, per Martin Luther, is to “sin boldly.” That is, express subversive ideas openly and publicly, daring to be persecuted. The U.S. government’s corporate culture hates scandal and bad publicity, so it will hardly persecute a visible gadfly, as this will arouse accusations of tyranny.

On the other hand, we should not alter our behavior too much. The size of the “haystack” collected by the NSA is too gigantic to be terribly useful for Big Brother-like surveillance of all individuals. Your data is likely to remain unread. This may change in future years, as improved analytics along the lines of IBM’s Watson may make it feasible for vast sums of data to be scanned effectively by an electronic pseudo-mind. Until then, our best defense is the stupidity of the Empire. [See Mozilla’s petition to stop domestic spying.]