The decay of individual privacy in the United States has been closely intertwined with the evolution of national security programs – accelerated in the wake of the terrorist attacks of 9/11, when a deluge of legislative measures were passed in the name of preventing further terrorism. The true extent of intelligence programs and the effect they have had on civil liberties has been brought to light largely thanks to whistleblower leaks over the years, notably those revealed by Edward Snowden in 2013. Yet despite public outcry – and evidence of inefficacy – no substantial reforms have been made to redress the privacy harms that the post-9/11 intelligence landscape has caused.
U.S. citizens today continue to live in a surveillance state that increasingly reaches into other parts of the globe. Under the Trump administration, the mass monitoring of electronic communications has been fueled by ever-more-powerful technological tools, developed hand-in-hand with private sector companies and targeted at undocumented immigrants, Muslim Americans, and other vulnerable populations. In this climate of weakened civil liberties and racial and religious profiling, The Privacy Issue looks back on key developments in the past two decades of mass surveillance in the United States – and enlists the expert insight of Neema Singh Guliani, Senior Legislative Counsel at the American Civil Liberties Union, to shed light on the questions we should be asking ourselves
U.S. Government Surveillance Pre-9/11
In the two decades following the establishment of the United States National Security Agency (NSA) in 1952, there was very little regulation stipulating how government agencies could collect information on individuals. That changed in 1973, when the Supreme Court ruled that warrants were required for domestic intelligence surveillance. Two years later, the Senate’s Church Committee investigation found that the NSA had been illegally spying on anti-war protestors, activists, and political opponents. The committee prophetically noted that “no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn't matter. There would be no place to hide.”
It was against this backdrop that the two main legal authorities regulating U.S. spy activities came into effect – the Foreign Intelligence Surveillance Act of 1978 (FISA), and Executive Order 12333, signed by President Reagan in 1981.
Foreign Intelligence Surveillance Act (1978)
Signed into law in 1975, the Foreign Intelligence Surveillance Act (FISA) establishes procedures for the government’s collection of foreign powers and their agents. It also permits surveillance against U.S. citizens and other people on U.S. territory if the surveillance agency can demonstrate probable cause that the person is engaged in espionage or terrorism on behalf of a foreign power. While the Fourth Amendment of the U.S. Constitution ordinarily requires law enforcement to apply for a court-issued warrant to conduct a search, warrants issued under FISA are processed by a specially-established court, the Foreign Intelligence Surveillance Court (FISC), which conducts its hearings in utmost secrecy. Surveillance methods under FISA were originally limited to electronic monitoring and wiretapping, and were later expanded to physical searches (1995) and pen registers and trap devices (1998).
Executive Order 12333 (1981)
Executive Order 12333 stipulates what, when, and how all 17 U.S. intelligence organizations can collect information about citizens and foreign nationals abroad. It allows for the dragnet monitoring of not only the metadata of foreign nationals’ communications (e.g. when and how long calls were made) but also their content (i.e. what was said during them) to be monitored en masse. If the content of a U.S. citizen’s call is collected “incidentally” in the course of a lawful foreign intelligence mission, it may be retained for five years without the need for suspicion of that person’s wrongdoing. Because the Order is not a statute, it is not subject to oversight by the courts or Congress – therefore many loopholes and broadly interpreted clauses have allowed the Order to be used intensively for surveillance purposes. Many of these purposes are classified, but a series of disclosures over the years have shed light on some of them over recent years. According to the EFF, these include empowering the NSA’s top-level hacking department, the Tailored Operations Unit, enabling the NSA’s capability to record "100 percent of a foreign country's telephone calls”, the collection of U.S. citizens’ email contacts and friend lists, and the infiltration of Google and Yahoo data centers around the world.
Surveillance Under the Bush Administration (2001-2009)
In the wake of the 9/11, the Bush administration acted swiftly to implement a host of legal and policy changes in the name of national security. Their lasting effect, however, has been to establish a landscape of surveillance on U.S. citizens – as the Snowden Files would come to reveal in 2013.
USA Patriot Act (2001)
Section 215 of USA Patriot Act (2001) enabled and strengthened many forms of dragnet government surveillance, allowing the CIA to access a wide range of sensitive information on U.S. citizens. This included phone and email communication, Internet use, bank and credit reporting record, school records, and details of criminal investigations and grand jury proceedings. An infographic published by the American Civil Liberties Union brings into focus how the Act’s provisions – passed under the banner of preventing terrorism – have denied U.S. citizens of their civil liberties, and has had the effect of “turn[ing] regular citizens into suspects.” Shortly after the Patriot Act was signed into law, the Information Awareness Office was created as part of the Defense Advanced Research Projects Agency (DARPA). Its stated goal of "Total Information Awareness" was implemented via a mass surveillance program that collected information about every person in the U.S. in vast electronic databases without a search warrant. This included highly sensitive personal information including medical records, bank transactions and travel documents. The highly-criticized program was shut down in late 2003. Much of the information gathered under it was transferred to the NSA.
Stellarwind (2003)
A key element of the NSA "President’s Surveillance Program" – as revealed by the Snowden leaks in 2013 – was Stellarwind, the code name for a program that allowed the NSA to monitor call and text metadata of U.S. citizens and tap any international calls that included a U.S.-based caller. Millions of electronic communications were scanned on a daily basis via AT&T’s facilities and satellites to search for associations with the terrorist group Al-Qaeda, and leads were forwarded to the FBI. A classified internal FBI document from 2006 revealed there was no evidence that Stellarwind was successful in preventing terrorism. The program was shut down in early 2019.
PRISM & Upstream (2007-)
PRISM is an NSA internet surveillance tool created to collect the private Internet data of foreign nationals – but in doing so, also sweeps up the data of U.S. citizens, including emails, files and photos, through accessing user accounts on Gmail, Facebook, Apple, Microsoft and other tech companies. PRISM, and its partner program Upstream – which infiltrates the infrastructure of the Internet to copy and filter its traffic — came to light in the Snowden leaks of 2013, when the former NSA contractor and whistleblower shared a classified 43-page document detailing the inner workings of PRISM with journalists at The Guardian and The Washington Post. Shortly afterward, the Obama administration declassified some information about PRISM, which further intensified the nationwide reckoning with the realities of mass surveillance.
FISA Amendments Act (2008)
In 2008, the Bush Administration passed the FISA Amendments Act (FAA) which added Section 702 to FISA. Its effect was to significantly expand the NSA’s surveillance powers by removing the requirement for intelligence agencies to obtain a warrant in order to surveil communications between Americans and foreign targets. Section 702, which involved the PRISM and Upstream programs, resulted in the “incidental collection” of communication between thousands of Americans who were not under suspicion of breaking any laws. In 2018, Senate renewed Section 702 without debate of reforms proposed by privacy advocates – ones that would have limited cross-agency data sharing by requiring the FBI to be obtain a warrant before accessing the information the NSA collected via PRISM and Upstream.
Amendments to Executive Order 12333 (2008)
In the same month that the FISA Amendments Act was passed, President Bush signed off on amendments to Executive Order 12333, which allowed the NSA to share its findings with the Director of National Intelligence – subject to certain rules created with the Attorney General and Defense Secretary. As the New York Times reported, it took eight more years for those rules to be negotiated. They stipulate that any evidence of an American committing a crime that is found incidentally in the course of foreign intelligence operations must be shared with the Justice Department. Furthermore, they permit analysts to use metadata (logs revealing who contacted whom and when they did so) to investigate unknown associates of targeted suspects.
Surveillance Under the Obama Administration (2009-2017)
Shortly after entering the U.S. Senate in 2005, Barack Obama gave a speech imploring his fellow senators not to renew the Patriot Act. “If someone wants to know why their own government has decided to go on a fishing expedition through every personal record or private document […] this legislation gives people no rights to appeal the need for such a search in a court of law,” he argued during a speech defending civil liberties. “This is just plain wrong.” Over the next three years, with the Iraq War raging and critical opponents accusing him of being weak on terrorism, Obama had changed tack, aligning himself with former CIA director John Brennan – whose views he had once rallied against – and writing on a campaign blog, “In a dangerous world, government must have the authority to collect the intelligence we need to protect the American people.” Once in power, Obama’s years as President saw him implement a wide range of surveillance measures, including extensive cooperation with the Five Eyes network an extension of the NSA’s information sharing powers just days before leaving office.
SOMALGET & MYSTIC (2009–2014)
One of the first major surveillance developments under Obama was a program that listened to the content of phone conversations of a country’s entire population – that of the Bahamas. In 2009, the NSA infiltrated the communication networks of the Bahamas under the guise of a mission to clamp down on illegal drug trading. Unbeknownst to Bahamian officials, however, the monitoring technology allowed the NSA to monitor and record every phone conversation going to, from or within the Bahamas. Within two years, it had achieved 100% warrantless surveillance – including snooping on the phone conversations of the millions of U.S. residents who visited annually or owned homes there. Calls were intercepted, surreptitiously recorded, and their "full take audio" could be replayed for up to 30 days. In their exposé published by The Intercept, journalists Ryan Devereaux, Glenn Greenwald, and Laura Poitras reported that the country’s relatively small population provided a manageable “test bed for system deployments, capabilities, and improvements” – in other words, a test case for this powerful technology that could be then fine-tuned and deployed elsewhere on a larger scale.
The Bahamas spy operation was named SOMALGET, which formed part of MYSTIC, a formerly classified NSA program that spied on the phone calls of the entire populations of five countries. In addition to the Bahamas, the contents of call conversations in Afghanistan were monitored. MYSTIC also recorded the metadata of phone calls in Kenya, Mexico and the Philippines – covertly tracking the communication records of 250 million people in total.
Snowden Revelations (2013–) & The USA Freedom Act (2015)
In the wake of former NSA contractor-turned-whistleblower Edward Snowden’s disclosures on the U.S. intelligence community’s surveillance activities, public debate and international outrage led to pressure on the Obama administration to reform the NSA. The USA Freedom Act was passed in 2015 to replace the once-covert mass collection of Americans’ call records under section 215 of the Patriot Act. Under the new Act, call and text data remains in the possession of telecom companies, and the NSA was only allowed to request specific records relating to a surveillance target with terrorism links, as authorized by a judge. Under the Freedom Act, the NSA collected a total of 695 million call-detail records in 2016-2017, and it was revealed in 2018 that due to “technical irregularities” the agency was in possession of vast amounts of call detail record and metadata that it “had no authority to receive". The organization began purging its database of these records in May 2018.
Surveillance Failures Brought to Light
In response to the international public outcry triggered by the Snowden revelations, the Obama administration went to great lengths to justify the U.S. intelligence community’s invasion into the private lives of its citizens. In a speech during a visit to Berlin in 2013, Obama claimed he knew of over 50 terrorist threats that had been thwarted due to the information collected by the NSA’s unlawful spying operations, but did not offer examples. In October of the same year, the then-NSA director, General Keith Alexander, was called to testify before the Senate Judiciary Committee and failed to substantiate the stated justifications for the surveillance programs. “Alexander cited only one instance when an intercept detected a potential threat: a Somali taxi driver living in San Diego who sent $8,500 to al-Shabab, his home country’s notorious terrorist group,” reported Foreign Policy.
In December 2013, a panel established to review NSA operations came to the conclusion that zero terrorist attacks were prevented by the NSA under any legislation that was claimed to have been passed for the purpose of twarting attacks. In 2014, the independent Privacy and Civil Liberties Oversight Board further confirmed this in their report on mass surveillance. In the meantime, the civil liberties of U.S. citizens and people all around the world had been dismantled. They had been replaced by what law professors Jack Balkin and Sandy Levinson termed a “national surveillance state” – one devoid of new laws to protect individual privacy and counter government abuse.
Challenging the Argument of Necessity
Despite the lack of evidence of the efficacy of mass surveillance programs, the U.S. government continued to insist that national security legislation and its controversial provisions were necessary to keep citizens safe and the country’s borders secure. The Privacy Issue spoke with Neema Singh Guliani, Senior Legislative Council at ACLU, to examine this claim. “We don’t have a lot of information about efficacy, but some of what we have calls into question whether mass surveillance programs have been efficient,” Singh Guliani said. “The program we have the most public information about is the 'call detail program' [PRISM], as revealed by Snowden. Initially it was revealed that the government was collecting call records of virtually every U.S. individual. This program was reformed through legislation in 2015, but even since then the government has continued to collect massive numbers of records, and there have been compliance issues.”
An even more important question than whether the NSA’s programs were effective for their purported purpose, according to Singh Guliani, is whether they could have achieved the same outcome with a program that respected privacy and civil liberties. “Even if a program has efficacy, there are human rights and constitutional rights at play – certain lines you can’t cross, as constitutional and international law prohibits it,” she explains. “The example I often hear is 'if police could enter your home at any time with no cause, would there be cases where they might find evidence of a crime?' The answer is often yes. But are the police allowed to [enter homes without a warrant] under the Fourth Amendment? Absolutely not. That's prohibited under the United States Constitution, given the requirement for probable cause and a warrant, among other things. There are still certain constitutional restrictions on what the government can do.”
Surveillance Under the Trump Administration (2017–)
Since President Trump took office in 2017, constitutional restrictions on surveillance have been weakened considerably. Surveillance has become targeted – both internally (at activists, protesters and dissenters) and at the U.S. borders (at those trying to enter the country).
Black Lives Matter activists and those participating in protests against police brutality in the wake of the shooting of Michael Brown Jr. in Ferguson in 2014 have been targeted through social media monitoring and overhead surveillance flights. The U.S.-Mexico Border has become a new frontier in surveillance. A range of tools, including drones, body cameras, automated license plate readers, and facial recognition, are used to keep tabs at those wishing to enter the U.S., as well as undocumented immigrants. Immigration and Customs Enforcement (ICE) works closely with privately-owned tech companies like Amazon, Microsoft, and Dell, who are providing them with the software they need for surveillance in near-real time. The result is a technologically-sophisticated and highly-targeted surveillance apparatus that has been instrumental to President Trump’s oppression of opposition and war on immigration.
FISA Amendments Reauthorization Act
In January 2018, President Trump signed the FISA Amendments Reauthorization Act of 2017 into law, which extends foreign intelligence collection powers under the controversial section 702 of the FISA Amendments Act until 2023. While section 702 officially governs foreign intelligence by U.S. authorities, it allows for a back door into the communications of U.S. citizens through programs like the NSA’s PRISM. The Reauthorization Act of 2017 further extended the NSA’s powers by allowing the interception of communications that are not only to or from a target of surveillance, but also communications which simply mention that target.
National Vetting Enterprise
February 2018 marked a turning point in the convergence between national security, law enforcement, and immigration with the establishment of the National Vetting Enterprise (NVE), part of the National Vetting Center (NVC). Under the NVE, a host of new sources of data, paired with a wide range of technologies for scraping, analyzing, and sharing that data, give immigration authorities highly-effective tools for real-time monitoring of everyone who “seek[s] a visa, visa waiver, or an immigration benefit, or a protected status” in the United States. In a brief by the Arab American Institute, which reviewed official and leaked reports on terrorism and customs and border protection, the continuation of President Trump’s targeted anti-Muslim agenda that first manifested in his 2017 Muslim travel ban is examined. “President Trump’s demands for “extreme vetting” require both draconian border security policies and continuous, automated surveillance of certain communities inside the United States, particularly Arab Americans and American Muslims,” the authors write.
ICE & Technological Developments in Surveillance
For the Trump administration, the next innovation in surveillance is undoubtedly big data analytics. The monitoring of so-called "persons of interest", of both those already within the U.S. and those seeking to immigrate, is becoming increasingly-automated. In May 2018, a Department of Homeland Security (DHS) proposition to use artificial intelligence and machine learning to surveil immigrants was put aside after public outcry. By August, it had authorized the Visa Lifecycle Vetting Initiative (VLVI). Under this initiative, Immigration and Customs Enforcement (ICE) is developing software to “determine and evaluate [via automation] an applicant’s probability of becoming a positively contributing member of society” by scraping information from social media profiles.
Government departments are working closely with private-sector tech companies, notably the secretive software firm Palantir, founded in 2004 by Peter Thiel and Alex Karp. Palantir had once sold its products to military organizations to track crime and "enemy activity". In 2018, despite protests from its employees, Palantir renewed its contracts with ICE, providing ICE with “investigative case management software” for building extensive databases used to monitor the undocumented immigrants who are being targeted by President Trump’s immigration crackdown, including the separation of children from their families at the border. Palantir’s databases are designed to quickly and accurately identify patterns and links in large swathes of data, which allows law enforcement officials to efficiently go from knowing one or two data points about a person to creating a highly-specific profile of them – including photos, biometrics, vehicle information, phone records, criminal records, and police reports. Since Palantir began working with ICE, there has been a sharp increase in arrests for civil immigration violations – 1,525 between October 2017 to 2018, compared to 172 in the previous year.
Keeping Intelligence in Check
Law by law, program by program, mass surveillance is eroding the democratic values and constitutional rights the U.S. was founded upon. “Take the effect of chilling speech, for instance,” notes Singh Guliani. “Certain studies have shown that, after the Snowden revelations, there were journalists who reported fear of talking about certain issues, as they were afraid that certain communications could be monitored. Further studies that have shown that individuals are less willing to say or search for things privately because they were worried about government monitoring. When we talk about privacy, there's privacy in the abstract, in the sense that it’s something we all want to have – that certain activities and things we do belong to us privately, and shouldn't be seen by other people – but there are also the broader effects too, like those on the values of free speech and democratic values.”
A related question pertains to the democratic principle of equality under the law, given that not all people are equally impacted by surveillance activity. Singh Guliani explains, “We’ve seen that, historically, surveillance has often been targeted at certain communities – in the U.S., communities of color – and has often been used a tool to suppress the voices of critics and dissenters. For all of those reasons it's important to make sure we don't have a surveillance apparatus that isn't governed by clear laws, and isn't inconsistent with our Constitution and human rights.”
What, then, can be done to keep the U.S. government and its intelligence efforts in check? “One of the things [the ACLU] has urged is laws that prohibit racial profiling, targeting based on protected status, religion, and First Amendment activities, including in a surveillance context,” Singh Guliani says. “We need to restrict the basis for which individuals can be targeted. At a top level, we need to make sure that there is transparency and oversight to prevent abuse. We also need to make sure individuals are notified – so they know when surveillance is happening, and if abuse does occur, they can raise legal challenges, or go to an independent court to enforce their rights. Surveillance needs an actual, factual basis grounded in probable cause, and it must be constrained by time and other limitations.” What it comes down to – and what the ACLU is working towards – in Singh Guliani’s words, is “clear guidance on targeted profiling to limit surveillance that occurs in those ways, as well as accountability mechanisms so that when abuse occurs we know about it and can take action.”