PCLOB issues report on U.S. government surveillance under Section 702 of FISA [UPDATED]

pclob-report

The pre-release version of the Privacy and Civil Liberties Oversight Board’s Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (FISA) is now available online. [PDF]

Short version: The board found little legally awry with surveillance conducted under Section 702 of FISA, which permits the federal government to compel United States companies to assist them in conducting surveillance targeting foreign people and entities, noting that it was a strong, effective tool for counterterrorism. The extensive report explores the legal rationales for such surveillance and lists ten recommendations in its report. The scope of digital surveillance was detailed  in The Washington Post on Monday, which reported that only four countries in the world (the USA, Canada, UK, New Zealand and Australia) are not subject to the surveillance enabled by legal authority to intercept communications.

Context from Gregory McNeal in Forbes:

“Section 702 of FISA has not received the same level of attention as the 215 metadata collection program, largely because the program is not directly targeted at U.S. persons. However, under Section 702, the government can collect the contents of communications (for example examining email and other communications), rather than mere metadata, which it collects under Section 215.”

“702 is also a more powerful program because under it the government can collect the content of U.S. persons communications, if those persons are communicating with a foreign target. This means that U.S. persons communications can be incidentally collected by the agency, such as when two non-U.S. persons discuss a U.S. person. Communications of or concerning U.S. persons that are acquired in these ways may be retained and used by the government, subject to applicable rules and requirements. The communications of U.S. persons may also be collected by mistake, as when a U.S. person is erroneously targeted or in the event of a technological malfunction, resulting in “inadvertent” collection. In such cases, however, the applicable rules generally require the communications to be destroyed. Another circumstance where 702 collection has raised concerns is the collection of so-called “about” communication. An “about” communication is one in which the selector of a targeted person (such as that person’s email address) is contained within the communication but the targeted person is not necessarily a participant in the communication.” The PCLOB addresses each of these issues in their report.”

The PCLOB did find that “certain aspects of the program’s implementation raise privacy concerns,” specifically the “scope of the incidental collection of U.S. persons’ communications” when intelligence analysts targeted other individuals or entities.

As Josh Gerstein reported in Politico, the PCLOB “divided over key reforms to government collection of large volumes of email and other data from popular web businesses and from the backbone of the Internet. A preliminary report released Tuesday night hows that some of the proposals for changes to the Section 702 program caused a previously unseen split on the five-member Privacy and Civil Liberties Oversight Board: Two liberal members of the commission urged more aggressive safeguards, but a well-known privacy activist on the panel joined with two conservatives to withhold official endorsement of some of those changes.”

As Gerstein pointed out in a tweet, that means that reforms proposed in the House as Representatives go further than those recommended by the independent, bipartisan agency within the executive branch vested with the authority “to review and analyze actions the executive branch takes to protect the Nation from terrorism, ensuring the need for such actions is balanced with the need to protect privacy and civil liberties” and “ensure that liberty concerns are appropriately considered in the development and implementation of laws, regulations, and policies related to efforts to protect the Nation against terrorism”

Perhaps even more problematically, the PCLOB wrote in the report that “the government is presently unable to assess the scope of the incidental collection of U.S. person information under the program.”

As Matt Sledge observed in the Huffington Post, the report’s authors “express frustration that the NSA and other government agencies have been unable to furnish estimates of the incidental collection of Americans’ communications, which ‘hampers attempts to gauge whether the program appropriately balances national security interests with the privacy of U.S. persons.’

But without signs of abuse, the board concludes privacy intrusions are justified in protecting against threats to the U.S. Nevertheless, the board suggests that the government take on the ‘backdoor searches’ that have alarmed Wyden. In those searches, the government searches through the content of communications collected while targeting foreigners for search terms associated with U.S. citizens and residents. The House voted in June to end such searches. The searches ‘push the program close to the line of constitutional reasonableness,’ the privacy board report says, but it doesn’t recommend ending them.

Privacy and civil liberties advocates issued swift expressions of dismay about the constitutionality of the surveillance and questioned the strength of the recommendations.

“The Board’s report is a tremendous disappointment,” said Nuala O’Connor, the president of the Center for Democracy and Technology, in a statement. “Even in the few instances where it recognizes the privacy implications of these programs, it provides little reassurance to all who care about digital civil liberties. The weak recommendations in the report offer no serious reform of government intrusions on the lives of individuals. It also offers scant support to the U.S. tech industry in its efforts to alleviate customer concerns about NSA surveillance, which continue to harm the industry in the global marketplace,” she added.

“If there is a silver lining, it is that the Board recognized that surveillance of people abroad implicates their human rights, as well as the constitutional rights of people in the U.S.,” said Greg Nojeim, director of the Center’s Project on Freedom, Security and Technology.  “However, the Board defers until a future date its consideration of human rights and leaves it to Congress to address the important constitutional issues.”

“If the Board’s last report on the bulk collection of phone records was a bombshell, this one is a dud,” said Kevin Bankston, policy director of New America’s Open Technology Institute (OTI).

“If the Board’s last report on the bulk collection of phone records was a bombshell, this one is a dud.  The surveillance authority the Board examined in this report, Section 702 of 2008’s FISA Amendments Act, is in many ways much more worrisome than the bulk collection program.  As the Board itself explains, that law has been used to authorize the NSA’s wiretapping of the entire Internet backbone, so that the NSA can scan untold numbers of our emails and other online messages for information about tens of thousands of targets that the NSA chooses without individualized court approval.  Yet the reforms the Board recommends today regarding this awesome surveillance power are much weaker than those in their last report, and essentially boil down to suggesting that the government should do more and better paperwork and develop stricter internal protocols as a check against abuse.

“As Chief Justice Roberts said just last week, “the Founders did not fight a revolution to gain the right to government agency protocols,” they fought to require search warrants that are based on probable cause and specifically identify who or what can be searched.  Yet as we know from documents released earlier this week, government agents are searching through the data they’ve acquired through this surveillance authority–an authority that was sold to Congress as being targeted at people outside the US–tens of thousands of times a year without having to get a warrant first.

“The fact that the Board has endorsed such warrantless rummaging through our communications, just weeks after the House of Representatives voted almost three to one to defund the NSA’s “backdoor” searches of Americans’ data, is a striking disappointment.  The Board is supposed to be an independent watchdog that aggressively seeks to protect our privacy against government overreach, rather than undermining privacy by proposing reforms that are even weaker than those that a broad bipartisan majority of the House has already endorsed.

“We are grateful to the Board for its last report and are grateful to them now for laying out, in the clearest and most comprehensive way we’ve seen so far, exactly how the NSA is using its surveillance authority.  But Congress shouldn’t wait for the NSA to take the Board’s weak set of recommendations and get its own house in order.  Congress should instead move forward with strong reforms that protect our privacy and that tell the NSA, as the Supreme Court told the government last week: if you want our data you need to come back with a warrant.”

The Electronic Frontier Foundation was even stronger, with Cindy Cohn calling the PCLOB report “legally flawed and factually incomplete.”

Hiding behind the “complexity” of the technology, it gives short shrift to the very serious privacy concerns that the surveillance has rightly raised for millions of Americans. The board also deferred considering whether the surveillance infringed the privacy of many millions more foreigners abroad.

The board skips over the essential privacy problem with the 702 “upstream” program: that the government has access to or is acquiring nearly all communications that travel over the Internet. The board focuses only on the government’s methods for searching and filtering out unwanted information. This ignores the fact that the government is collecting and searching through the content of millions of emails, social networking posts, and other Internet communications, steps that occur before the PCLOB analysis starts.  This content collection is the centerpiece of EFF’s Jewel v. NSA case, a lawsuit battling government spying filed back in 2008.

Trevor Timm, writing in the Guardian, said the PCLOB “chickened out of making any real reform proposals” and questioned why one member of the panel didn’t support more aggressive recommendations in

“More bizarrely, one of the holdouts on the panel for calling for real reform is supposed to be a civil liberties advocate. The Center for Democracy and Technology’s vice president, James Dempsey, had the chance to side with two other, more liberal members on the four-person panel to recommend the FBI get court approval before rummaging through the NSA’s vast databases, but shamefully he didn’t.

Now, as the Senate takes up a weakened House bill along with the House’s strengthened backdoor-proof amendment, it’s time to put focus back on sweeping reform. And while the PCLOB may not have said much in the way of recommendations, now Congress will have to. To help, a coalition of groups (including my current employer, Freedom of the Press Foundation) have graded each and every representative in Washington on the NSA issue. The debate certainly isn’t going away – it’s just a question of whether the public will put enough pressure on Congress to change.”

Editor’s note: This post has been substantially rewritten. More statements were added, and the headline has been amended.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s