Cato Debate on Surveillance
Today brings news that the “Electronic Privacy Information Center [has] filed a request under the Freedom of Information Act for documents related to any agreement between Google and the NSA” on cybersecurity and related matters. The controversy over the request reminds me of an excellent recent debate on the digital surveillance state at Cato Unbound. Glenn Greenwald leads off by documenting an array of intrusive surveillance practices:
[T]he Bush administration . . . ordered the National Security Agency to eavesdrop on American citizens without the warrants required by law and without any external oversight at all. Despite the fact that the 30-year-old FISA law made every such act of warrantless eavesdropping a felony, “punishable by a fine of not more than $10,000 or imprisonment for not more than five years, or both,” and despite the fact that all three federal judges who ruled on the program’s legality concluded that it was illegal, there was no accountability of any kind. . . .
[Medical] “files” are maintained through a 2005 law which, the Government claims, authorizes it to monitor and record all prescription drug use by all citizens via so-called “Prescription Drug Monitoring Programs.” And there is a slew of other under-discussed surveillance programs whereby the U.S. government stores vast data on our private activities: everything from every domestic telephone call we make to “risk assessment” records based on our travel activities. A bipartisan group of Senators is currently promoting mandated “biometric ID cards” for every American as a purported solution to illegal immigration.
Paul Rosenzweig responds that there are several programs internal to federal agencies designed to protect privacy, including DHS’s “statutorily required Privacy Officer” and “Officer for Civil Rights and Civil Liberties.” Julian Sanchez insists that, regardless of these formal protections, the overall architecture of communications and data storage has enabled a quantum leap in surveillance:
The plummeting cost of data storage, the increasing ubiquity of network communications, and the vastly increased capacity of law enforcement to fruitfully analyze “transactional data” subject to far more anemic protections than the contents of communications all combine to make an extraordinary degree of monitoring both more feasible and more attractive to investigators, even holding constant the legal framework within which that monitoring occurs. A few decades ago, intelligence agents might have found it convenient to compare a list of everyone reading unsavory publications with a list of people who share group memberships with a suspicious number of subjects already under investigation — but they would have had no practical way of doing so. Now it is not only feasible, but inundated telecom providers and profit-seeking contractors are racing to find plug-and-play solutions that make the process ever cheaper and easier.
There’s also ample evidence suggesting that individualized, subject-based monitoring of communications themselves is yielding to a broader algorithmic approach that seeks to monitor entire data streams. John Yoo, who wrote the (now repudiated) memoranda providing the legal basis for the NSA wiretapping program, for example, has described a system in which “computers are initially searching through communications first and only bringing correlations to the attention of a human, to a security officer when there’s a certain level of confidence that they might involve terrorism.” Where once we identified targets and then looked for suspicious behavior or incriminating communications, the “new” approach — whose closest precedent may be the NSA’s scandalous SHAMROCK program uncovered by the Church Committee’s investigations in the 1970s — involves monitoring behavior patterns and communications streams in search of targets.
Sanchez’s closing thoughts have particular relevance for the Google/NSA litigation: “Surveillance infrastructures and databases built for benign purposes tend to persist even when their administrators cease to be benign.”