Saturday, August 17, 2013

Missing the point on NSA violations

The latest Snowden revelations are causing something of a firestorm in the media and in the halls of Congress. For those unaware, WaPo broke the story a couple of days ago. Documents released by Snowden include an internal audit of the NSA that indicates it fractured the rules pertaining to data collection and storage thousands of times in one twelve month period:
The NSA audit obtained by The Post, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications. Most were unintended. Many involved failures of due diligence or violations of standard operating procedure. The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders.
Since this story came out, there have been two basic sorts of reactions: on the one hand, there are people--mostly on the Right--up in arms over this long train of abuses. On the other hand, there are people--mostly on the Left--seeking to minimize these numbers by pointing out how most of the incidents are just simple errors with nothing nefarious behind them. The NSA, for it's part, is pushing back hard:
The official, John DeLong, the N.S.A. director of compliance, said that the number of mistakes by the agency was extremely low compared with its overall activities. The report showed about 100 errors by analysts in making queries of databases of already-collected communications data; by comparison, he said, the agency performs about 20 million such queries each month.

Mr. DeLong, speaking to reporters on a conference call, also argued that the overwhelming majority of the violations were unintentional human or technical errors and that the existence of the report showed that the agency’s efforts to detect and correct violations of the rules were robust. He said the number of willful errors was “minuscule,” involving a “couple over the past decade.”
The NSA's excuses notwithstanding, both its defenders and detractors are largely missing the point of all of this, of what this internal audit was really all about. It was undertaken to determine "compliance," to find out when specific actions by the NSA were outside the rules established for compliance with the various laws--including FISA, the Foreign Intelligence Surveillance Act--that impact its operations. Why? So such failures could be made public? No, of course not. It was done--is routinely done, I suspect--in order to tweak operations so they are no longer out of compliance. There was no thought as to whether or not these operations cross any lines, if they violate either the letter or the sense of laws like FISA, the only point here was to identify compliance failures in order to protect the agency.

The NSA is thus straddling a line between legality and illegality, when it comes to both foreign and domestic surveillance. And in that regard, it is using FISA--and the FISA Court--to push that line further and further, so as to make what was supposed to be illegal into something that is now legal. I refer back to my previous piece on the FISA Court and the idea of minimization procedures:
Why is this [requirements for minimization procedures] in here? Simple, when FISA was passed in 1978, Congress did not want the Act to become the basis for a nationwide and continuous surveillance program, nor did it want ancillary information obtained by federal agencies used for purely political purposes (again, the whole point of FISA). So in this regard, any program that collects data on U.S. citizens is supposed to be close-ended, not open-ended, and non-vital information is supposed to be dumped, forthwith. FISA is specifically about not creating a permanent database on things like phone records. It doesn't matter if the data is regular run-of-the-mill data or if it is "metadata," the federal government is not supposed to be holding on to it, period.
The above simply cannot be overstated: FISA was not supposed to be the basis for a huge surveillance program, it was supposed to prevent such a program. Yet, exactly the opposite has transpired. Why? Because FISA was poorly conceived, by and large. In an attempt to establish surveillance limits to prevent government intrusions, it instead created a means of expanding government power, mostly via the proverbial small steps, and a means of legalizing what should be illegal (the FISA Court).

The fix to all of this is not a series of hearings followed by the introduction of new laws to "prevent" abuses, it is the elimination of the legislation that allowed these transgressions--and an overly intrusive government agency--in the first place, or at least a scaling back of that legislation. The most important element to address, in my opinion, is the FISA Court. It needs to be eliminated completely, as it is being used to extend government authority via legalese, high-minded legal arguments that are about justifying behavior that is most explicitly in violation of basic constitutional tenets. The huge numbers of NSA violations goes to this point exactly: without the FISA Court's indulgence, there would have been no widespread intelligence gathering to create these violations.

We would do well to remember the entire point of the Constitution, that of establishing a limited government, and Madison's admonishments concerning excessive legislation (from Federalist #62):
It will be of little avail to the people, that the laws are made by men of their own choice, if the laws be so voluminous that they cannot be read, or so incoherent that they cannot be understood; if they be repealed or revised before they are promulgated, or undergo such incessant changes that no man, who knows what the law is to-day, can guess what it will be to-morrow. Law is defined to be a rule of action; but how can that be a rule, which is little known, and less fixed?
As well as Hamilton's words about the dangers of a a Bill of Rights (from Federalist #84):
I go further, and affirm that bills of rights, in the sense and to the extent in which they are contended for, are not only unnecessary in the proposed Constitution, but would even be dangerous. They would contain various exceptions to powers not granted; and, on this very account, would afford a colorable pretext to claim more than were granted. For why declare that things shall not be done which there is no power to do? Why, for instance, should it be said that the liberty of the press shall not be restrained, when no power is given by which restrictions may be imposed? I will not contend that such a provision would confer a regulating power; but it is evident that it would furnish, to men disposed to usurp, a plausible pretense for claiming that power. They might urge with a semblance of reason, that the Constitution ought not to be charged with the absurdity of providing against the abuse of an authority which was not given, and that the provision against restraining the liberty of the press afforded a clear implication, that a power to prescribe proper regulations concerning it was intended to be vested in the national government. This may serve as a specimen of the numerous handles which would be given to the doctrine of constructive powers, by the indulgence of an injudicious zeal for bills of rights.
With regard to FISA, note how true the last bit in the Madison quote reads: FISA was supposed to establish firm rules to limit surveillance, yet the creation of the FISA Court made those rules merely obstacles to get around, since it allowed a means to get around them: legalistic arguments. As to Hamilton, he may have been speaking specifically about a bill of rights, but his analysis works for any laws that are supposed to limit government action: if they limit powers where no powers were expressively given, such laws have the opposite effect of expanding government, not limiting it.

Since FISA was passed in 1978, the NSA has grown by leaps and bounds. Things like it's historical budgets and numbers of employees are not on the public record, but it's exponential growth is well-known at this point in time, as are its increasing number of new facilities and the expansions of existing ones.

Thus, what this audit tells us, what all these violations mean--even if most are insignificant--is that there is too much surveillance taking place, too much going on in agencies like the NSA. The laws meant to limit have led only to expansion.

Cheers, all.