Posted by on December 31, 2015

In the first two parts of this series we talked about the “forward defence” and the “defend the border” strategies for responding to ISIS terrorism.  Today, we will talk about the last alternative to emerge from the presidential candidates, which could be called “defend the homeland.”  The major issue here is the extent of surveillance on US citizens.

First, I will summarize the legislative debate[1].  The major question relates to the bulk collection of so-called “metadata” (more on this later) under Section 215 of the Patriot Act (and also, potentially, under other legislation).  As I am sure you noticed, this issue has recently been hotly debated by Congress, the end result being that the collection was temporarily suspended at midnight on May 31, 2015.  It was restored, under revised rules, with the passage of the USA Freedom Act, which was signed into law by President Obama on June 2, 2015.

There are three positions that have been taken on this issue by the candidates.  The first is that bulk collection should continue as it has been done previously (and Section 215 of the Patriot Act should be amended to allow this without any ambiguity); this is the position of presidential candidates Marco Rubio, Jeb Bush and, most vocally, Chris Christie.  The second is to support the USA Freedom Act, which supposedly subjects the collection of bulk data to substantially tighter rules; this is the position taken by Ted Cruz and Hillary Clinton.  Finally, there is the position that both the Patriot Act and the USA Freedom Act grant powers of surveillance which are far too broad and which specifically violate the Fourth Amendment’s strictures against unreasonable searches and seizures and the issuance of warrants without probable cause; this is the position of Rand Paul.

First, we must understand the term “metadata.”  Look up the word in a dictionary and the answer is that it is “data about data.”  This is not terribly helpful.  The important distinction, at least when it comes to communication, is that it is not content.  For a telephone call, for example, it is data about who called whom, when the phone call took place and how long it lasted, but not what was said.  For an email, the analogy is obvious.  For the internet, it is probably data on who (which IP address) visited a particular website.

(I have seen articles which claim that the metadata is anonymous, but I find this hard to believe.  One of the most useful things that can be done with metadata is cross-referencing it over multiple sources, such as building a profile of someone who speaks to or writes emails to someone in an ISIS-controlled country, while visiting a website that promotes radical Islam and another website that sells ammunition on line.  This would be impossible with anonymous metadata.  Well, at least for someone with my limited IT skills.)

Some other ground rules for this post:  First, I am not going to enter into the debate on whether the USA Freedom Act is materially more restrictive than Section 215 of the Patriot Act.  The major change is that, instead of the NSA and FBI systematically receiving telephone metadata, phone companies now have to retain it themselves and the NSA/FBI have to request the date from them, using a “a discreet term, such as a term specifically identifying a person, entity, account, address, or device.”  As is so often the case with legislation, nobody knows what this means.  Given that the bill passed with the support of the NSA and FBI, I think that we can reasonably assume that they don’t see this as much of a restriction.

Second, I am going to assume that collecting metadata is effective in fighting terrorism.  This is obviously the threshold question.  It would not surprise me if bulk data is useful in identifying candidates for greater scrutiny; something like the profile that I described above would be, I imagine, very useful for the FBI.  Also, the claim that opponents sometimes make, including Rand Paul in this video, that the bulk collection of data distracts the FBI from focussing on real terrorist suspects is, frankly, nonsense.  Shifting through reams of data to identify patterns is precisely what computers do very well.  If you don’t believe me, take a closer look at the pop-up ads the next time you are on line.

The FBI/NSA have been collecting bulk date for about ten years now.  We also have the results from different countries, many of which, such as France, have more aggressive programs than we do in the Land of the Free.  This is all by way of saying that we should have a pretty good idea whether it works or not.  But unfortunately, the public will never have the information necessary to make this judgment and we will have to rely on our elected representatives to make the call.  The effectiveness, or lack thereof, of the program can only be proven with data that cannot be disclosed.

For purposes of this post, I will simply assume that it works because, if it doesn’t, then the discussion is over.

Finally, I am not going to discuss whether the program is constitutional.  First, although I have been walking with cripples for a long time and have therefore learned to limp, I am not a lawyer; my education in criminal law comes, like for most Americans, from watching too much television.  Although a Federal Appeals Court ruled in May 2015 that Section 215 of the Patriot Act did not authorize the bulk collection of date, the ruling did not opine on the constitutionality of bulk collection and left open the possibility for Congress to pass a new law that unambiguously authorizes such collection.  This leaves a 2013 Federal Appeals Court decision as the sole ruling on constitutionality.  This court found that collecting metadata is not a violation of the Fourth Amendment.

But enough foreplay, let’s turn to the question: Under the assumption that the gathering of metadata is an effective tool for fighting terrorism, should it be allowed?  And, if so, under which conditions?

And now I am going to disappoint any hard-core libertarian readers that I have out there, because I think that the answer to the first question is “yes.”

First, let’s dismiss the argument of Rand Paul that the government should be required to get a warrant that specifies an individual before collecting metadata.  The whole point of collecting metadata is to identify people for greater scrutiny.  As Judge Pauley wrote in his 2013 Federal Appeals Court decision “(t)his blunt tool only works because it collects everything….Without all the data points, the government cannot be certain it connected the pertinent ones.”

Once the dots have been connected and a specific individual has been identified, then, yes, the government should have to seek a warrant before engaging in further surveillance, including accessing the content of communications.  This warrant should only be granted once the government has met, on the basis of the metadata and other non-protected information, the standard burden of proof of “probable cause.”  But to require the government to identify specific individuals and prove probable cause before collecting metadata is not a modification of the program.  It is its elimination.

I think that the major objection to collecting metadata is that it can be “mined” for patterns other than terrorism.  Here is a pretty representative example of the literature, which attempts to show how the dots of metadata can be connected to infer highly personal information such as having an affair, holding certain religious beliefs or harboring suicidal tendencies.  (Of course, this article, like so many of its ilk, then immediately contradicts itself by also claiming that metadata is an ineffective tool against terrorism.  Sorry, guys, you can’t have it both ways: you cannot simultaneously claim that metadata is a transparent window into our souls while also saying that it is useless for combating terrorism.)

Let’s grant that metadata can be used in this highly revealing way.  This means that collecting metadata might give someone information about you that you would prefer remains private.  Although this may be disturbing in itself for certain sensitive souls, I think that most people are worried about more than the mere possession of this information.  They are worried about someone using it.  For example, for blackmail or threats or tax audits or denying credit or denying insurance or just for embarassment.  Or destroying a life like what happened to Will Smith in the film Enemy of the State[2].   In other words, in order for the private information to do real damage, it must be used against us.  And, as the above list shows, it is hard to imagine cases where this could happen accidentally.

But here’s the thing: the use of metadata for any purpose other than identifying potential terrorism suspects for further scrutiny is illegal.  Which means that we have to assume a violation of the law before any of the metadata could do real damage.  But this makes the argument rather circular.  In order to get any real damage out of collecting metadata, I have to assume rogue behavior on the part of the government or a government employee.  But in order to stop the collection of metadata, I have to assume that a rogue government or rogue government employee would comply with a law banning its collection.  (Remember, Angela Merkel never said that the NSA could listen in on her phone calls, but they still did it.)  So, it is not clear that banning the collection of metadata would provide much stronger protection than banning its misuse.

I have clearly pushed this argument to its limit.  Obviously, it is easier to misuse already legally collected metadata than it is to collect and misuse it, both illegally.  But I still think that there is a point here.  Either we think that we can enforce rules against the government, and its employees, or not.  If the former, then we should be able to provide very substantial protection by prohibiting the misuse of information.  If, conversely, we are dealing with a government or a government employee hell bent on breaking the law to misuse our private information, then passing another breakable law doesn’t seem to offer much protection.

So, what are some of the rules that we should impose?  I have already mentioned the first: a categorical prohibition on using the data for any purpose other than identifying potential terrorism suspects.  To back this up, we should include the following further provisions:

  • We need a robust “whistleblower” program to protect anyone who discloses the misuse of metadata.  This is by far the most likely source of disclosure of misuse.  The path of a future Edward Snowden should be clear, both with respect to his legal protections and also in how to blow the whistle without damaging our national interests.
  • The misuse of metadata should, in addition to giving rise to a civil claim for damages, be a criminal offense for the specific people involved.  As I have previously argued about financial crimes (see the “FIFA” sub-title here), nothing focuses the mind like the possibility of personal criminal prosecution.  Any government employee, whether acting under orders or acting rogue, who misuses metadata should be looking at a long jail term.  Ditto anyone who orders its misuse, all the way up the line.
  • There should be a robust “fruit of the poison tree” rule which prevents the government from using any of the metadata in any other prosecution or administrative action, such as a tax audit.
  • Finally, as with the current law, there should be frequent sunset provisions which require its reauthorization.  Among other things, this would force Congress to reconsider periodically the program’s threshold issue of effectiveness and also to reconsider the program in light of the current terrorism threat.

I have no idea if these protections have been incorporated into the USA Freedom Act, but I suspect not.

I think that there is one final justification for the collection of metadata.  And that is to help forestall worse decisions.  As I argued in part one of this series, there is a large political risk that attacks like San Bernardino become the justification for bad policy decisions, such as plunging us into more nation-building madness.   This risk is amplified, in the sphere of privacy and elsewhere, if we have done nothing and the attacks multiply.  Some controlled metadata collection at this point may spare us something far worse in the future.

**********

This series of posts is now over.  For those who were hoping for a magic formula, myself included, it should be obvious that there is none.  There is no silver bullet for terrorism, Islamic or otherwise.    And we should be wary of any politician peddling one.

Like so many things, this situation can be made better through basic blocking and tackling – better gathering of information, better sharing of information, stricter border controls, better tracking of visa holders, better international cooperation, better control over people who have travelled to potential training areas, a stronger outreach to Muslim communities to help in identifying potential terrorists, etc. – but it cannot be eliminated.  England proved this in its 30-year battle with “The Troubles” in Ireland.  But England also proved that, although terrorism could not be cured, it could be endured.  America will simply have to do the same.   Because the greatest threat posed by Islamic terrorism is that risk that it will stampede us into a response which is far worse than the disease.

Roger Barris

Weybridge, United Kingdom

[1] These background sections draw heavily on a Wikipedia write up on the USA Freedom Act.

[2] If you haven’t seen this film, then it’s a strong recommendation.

print
Posted in: Foreign Affairs, Policy

Comments

Be the first to comment.

Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>