Unwarranted

COUNTERTERRORISM AND NATIONAL SECURITY

We live in the age of global terrorism. In response, some in the United States government decided—without the public’s knowledge—to adopt a sweeping program that gathered and mined the telephone and Internet data of Americans. When the country learned of these efforts, a sprawling and contentious debate began about the permissible bounds of government spying. Yet, at least as a constitutional matter, these issues are not nearly as complicated as they appeared. There is much the government can do to keep us safe, guided by constitutional principles that should by this point be well familiar. The problem is not so much what those in government did; it is how they went about doing it.

THE RIGHTS OF U.S. PERSONS

The Daily Show—June 10, 2013. John Oliver is sitting in at anchor, hosting for the very first time. On the screen is the graphic “Good News! You’re Not Paranoid.”1

The topic: NSA Oversight.

Oliver plays a video.

It is a hearing before the Senate Select Intelligence Committee. Seated in a padded leather swivel chair behind the rostrum is Senator Ron Wyden, Democrat from Oregon. His chiseled face is deadly earnest (though he’s looking rather natty in a blue checked shirt and bright red tie). Speaking into the microphone, Wyden asks the witness:

“So, I want to see if you can give me a yes or no answer to the question: Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?”

And there behind the witness table, is—as the television caption tells us, although the bulldog face and bald pate of America’s then top spy already has become quite familiar—Lieutenant General James Clapper (Ret.), Director of National Intelligence. Clapper, as captured on the video, is forced to play the straight man to John Oliver’s comedic riff.

Clapper is scratching at the top of his head repeatedly, his body language oozing discomfort, unable to make and keep eye contact with Wyden.

“No, sir,” responds Clapper, looking up, looking down, rubbing his head more.

“It does not?” asks Wyden.

“Not wittingly.”2

Jump back to John Oliver, shaking his head in disbelief, aping Clapper’s head-rubbing, as the audience begins a roll of laughter that builds to a roar by the time Oliver puts up a picture of Clapper with a full head of hair. “Here’s how much this guy was rubbing his forehead. This is him at the start of the hearing.” “No spy,” announced Oliver, coming to the punch line, “should have that big a tell.”

The video of Clapper, shot three months before the Daily Show episode, is funny only because Oliver is showing it five days after the country first heard about the NSA’s breathtaking surveillance—of all of us. In a breaking story in The Guardian, Glenn Greenwald reported that “under the Obama administration the communications records of millions of US citizens are being collected indiscriminately and in bulk—regardless of whether they are suspected of any wrongdoing.” The Guardian and The Washington Post subsequently reported on another secret spy program, PRISM, by which the NSA tapped into Internet companies such as Google, Facebook, and Apple to obtain personal data including “search history, the contents of emails, file transfers and live chats.” Continued disclosures revealed that in programs with names running from the sinister to the sublime—MUSCULAR, EVILOLIVE, HAPPYFOOT, ROYAL CONCIERGE—the NSA was collecting and collating an almost unfathomable amount of information. By June 9, a day before Oliver took Clapper on, the world learned the leaker was Edward Snowden, the then twenty-nine-year-old former intelligence consultant who had secreted away thousands of classified intelligence documents and leaked them to the press.3

Snowden’s revelations kicked off a national dialogue, one Senator Wyden had been trying to provoke for years. In May 2011, Wyden took to the Senate floor and in an impassioned speech delivered a “warning” to his colleagues: “[W]hen the American people find out how their government has secretly interpreted the Patriot Act,” he said, “they are going to be stunned and they are going to be angry.” He was right.4

Wyden’s central and correct point—as true in foreign intelligence gathering as in any other area of policing—is that the American people need to be “in a position to ratify or reject the decisions their elected officials make on their behalf.” That’s why all-encompassing secrecy is “fundamentally inconsistent with democratic principles.” Wyden brushes aside the argument that this sort of information needs to be kept hush-hush, explaining “American citizens recognize” that the details of intelligence operations cannot be revealed, but “I do not believe the law should ever be kept secret. Voters have a right and a need to know what the law says and what their government thinks the text of the law means.”5

Many disagree with Wyden. It is their position that when it comes to national security, to decisions about foreign intelligence gathering, matters should rest in the hands of the executive branch alone. Or, in any event, that these surveillance decisions can and should be kept as a secret between executive branch officials and a small number of members of Congress who are briefed in, and who will “represent” the rest of us. They believe open debate is inappropriate, and begrudge the participation of the full Congress, the courts, and the American people.

But the Constitution says otherwise. What matters under the Constitution is not the purpose of the surveillance—i.e., national security—but who is spied upon. The moment the American people become targets of government surveillance, all the protections in the Constitution—from open debate and legal authorization of surveillance programs to proper warrants based on probable cause—kick in.

As is so often the case when the government acts in secret, unauthorized ways, there are grave doubts about whether these government programs have been efficacious. Wyden asserts that intelligence community “misstatements have consistently exaggerated the effectiveness of domestic surveillance programs and consistently understated their intrusiveness.” There is plenty of evidence that he is right about this as well.6

Some—and perhaps much—of what the government set out to do could have been done constitutionally, had it been done openly and properly. Bulk collection may be just fine, so long as we approve it and all are subjected to it. Targeting of particular citizens also is permitted, so long as there are warrants and sufficient cause. But what the executive branch may not do, and yet did on a colossal scale, is decide on its own to conduct surveillance on the American public.

THE PERILS OF INTELLIGENCE GATHERING

Intelligence gathering to protect their security is what nations do, and the United States is no exception. George Washington employed spies to great effect to win the Revolutionary War. During the Civil War telegraph lines were tapped; the Union Army even had an aerial balloon corps for a while, though between camouflage on the ground and the difficulty of moving the equipment it proved not worth the bother.7

When it comes to foreign intelligence gathering, the United States often has scrambled to keep up with its foes. Until mid-twentieth century, the oceans surrounding the continent offered a comfort that lowered our guard when it came to developing a sophisticated apparatus to detect what our foes were up to. Both world wars required hasty assembly of intelligence operatives.8

Many of our worst moments have been the result of massive intelligence failures. That was true of Pearl Harbor. And it was true of the second war in Iraq as well. The events of 9/11 may have been no exception. It is counterfactual to assert that we definitely could have stopped the attacks had things all gone right. Still, the 9/11 Commission Report is a damning record of missed leads and opportunities.9

But some of our most inexcusable failures have involved turning the nation’s national-security intelligence-gathering apparatus on the American people themselves.

On December 22, 1974, The New York Times published a story by Seymour Hersh headlined “Huge C.I.A. Operation Reported in U.S. Against Antiwar Forces, Other Dissidents In Nixon Years.” Following on the heels of the June 17, 1972, Watergate break-in, Hersh documented how the CIA kept files on more than ten thousand Americans, with information gathered by illegal break-ins, wiretapping, and opening of private mail.10

A Senate committee appointed to investigate the government spying—the Church Committee, named after its Chair, Senator Frank Church of Idaho—uncovered jaw-dropping evidence of government malfeasance from the 1940s into the 1970s. In the name of national security, the CIA, NSA, and FBI had gone after Americans notable and ordinary, from senators such as Adlai Stevenson to groups including the John Birch Society and the Socialist Workers’ Party. The FBI had files on half a million people; the CIA opened a quarter of a million letters, and the FBI over 100,000 more. In an eerie foreshadowing of the Snowden revelations, the NSA obtained “[m]illions of private telegrams sent from, to, or through the United States … under a secret arrangement with three United States telegraph companies.” The civil rights movement was a frequent target; the FBI plotted to bring down Martin Luther King, Jr., and replace him with a black leader more to its liking. The CIA launched Operation CHAOS, sending spies to foment distrust among groups deemed “domestic dissidents,” including the antiwar movement and the women’s liberation movement.11

What’s most disturbing is how those conducting these activities so easily turned a blind eye on the Constitution. One witness explained how the government started with national security targets and moved to groups expressing political dissent, moving “from the kid with the bomb to the kid with a picket sign, and from the kid with the picket sign to the kid with the bumper sticker of the opposing candidate. And you just keep going down the line.” The decade-long head of the FBI Intelligence Division testified that “never once did I hear anybody” ask of what they were doing “is it legal, is it ethical, or moral … we were just naturally pragmatic.” In one particularly emotional moment, Senator Phillip Hart of Michigan, known as the “conscience of the Senate”—who everyone knew was dying of cancer—came to testify in a tearful mea culpa, saying this is what his family, his kids, had been telling him was going on, but “in my great wisdom and high office … I assured them that they were [wrong]—it just wasn’t true, it couldn’t happen.”12

In light of what it uncovered, the Church Committee insisted that “[c]lear legal standards and effective oversight and controls are necessary to ensure that domestic intelligence activity does not undermine the democratic system it is intended to protect.” Its members did not believe that “mere exposure of what has occurred in the past will prevent its recurrence.” The “natural tendency of Government is toward abuse of power” and “[a]buse thrives on secrecy.” While “[o]bviously” one cannot reveal “the names of intelligence agents or the technological details of collection … in the field of intelligence, secrecy has been extended to inhibit review of the basic programs and practices themselves.”13

That is absolutely right, and yet history cannot seem to keep from repeating itself.

THE PROTECTIONS IN PLACE

Electronic surveillance of the American public, though often controversial, has long been a staple of intelligence gathering in the name of national security. When Attorney General (and later Supreme Court Justice) Robert Jackson—like some of his predecessors in office—banned wiretapping in 1940, he was quickly overruled by his boss, at least for “matters involving the defense of the nation.” FDR authorized wiretapping of people “suspected of subversive activities against the Government of the United States.” FDR’s policy, with variations, persisted at least until the administration of Lyndon Johnson. During this thirty-some-year stretch, Congress considered legislation to restrict wiretapping, but proved unable to act.14

In 1978, prodded by the Church Commission revelations, Congress finally regulated electronic spying for national security purposes. And when it did, it was guided by the only case to date in which the Supreme Court had spoken to the issue.15

On September 28, 1968, several sticks of dynamite went off outside the CIA recruitment office on Main Street in Ann Arbor, Michigan. Just over a year later, a grand jury indicted three members of the White Panthers, a far-left group united in goals with the Black Panthers. One of the three, White Panther Minister of Defense Lawrence “Pun” Plamondon, went underground, earning a spot on the FBI’s Ten Most Wanted list. He was captured when an occupant of a car he was driving tossed a can out the window, getting them stopped by the police. Plamondon’s lawyers asked to see any electronic surveillance that had been conducted of their client.16

The government admitted that it had gathered information on Plamondon without a warrant. But it claimed the warrantless wiretapping was fine. It insisted that it could even withhold the information from the defendant—because it was collected as part of the president’s power to protect national security.17

The question the Supreme Court was asked to answer in the Keith case (so named for the trial judge, Damon Keith, who ordered the information disclosed) was whether the government could engage in warrantless wiretapping of U.S. citizens if it was doing so for national security purposes. The justices were willing to assume that the government had ample reason—cause—to tap Plamondon’s conversations. The issue was whether it could do so without “prior judicial approval.”18

The government’s position in Keith is precisely the one we hear so much about today in the battle against terrorism. National security cases and criminal cases are two different things, the government argued then and argues now. Unlike in ordinary criminal cases, courts are said to lack the expertise necessary to assess the need for surveillance in the national security context. Besides, the government argued, secrecy is particularly essential in this context, and obtaining warrants risks leaks of sensitive information.19

The Supreme Court in Keith was sympathetic to the government’s concerns, and yet the justices were unequivocal in concluding that the executive branch must get a warrant before wiretapping its citizens. Indeed, they noted that national security investigations present particular dangers “because of the inherent vagueness of the domestic security concept, the necessarily broad and continuing nature of the intelligence gathering, and the temptation to utilize such surveillances to oversee political dissent.”20

“The warrant clause of the Fourth Amendment is not dead language,” the Keith Court insisted. Neither “Fourth Amendment freedoms” nor those in the related First Amendment can “properly be guaranteed if domestic surveillance may be conducted solely within the discretion of the executive branch.”21

Although it had ruled against the government and in favor of warrants, the Supreme Court provided some qualifiers in Keith that paved the way for the action Congress subsequently took. First, the justices were clear that their opinion touched only on “the domestic aspects of national security”; they “express[ed] no opinion” regarding “the issues which may be involved with respect to activities of foreign powers or their agents.” Second, the Court said Congress was free to adopt different standards even for domestic intelligence gathering. This is because criminal investigation and intelligence gathering are different: “gathering of security intelligence is often long range and involves the interrelation of various sources and types of information,” and “the exact targets of such surveillance may be more difficult to identify than in” ordinary criminal cases. Thus, a different sort of showing of “probable cause” might apply in the national security intelligence-gathering context. Finally, the Court suggested that Congress could designate a special court to hear the warrant requests.22

When Congress adopted the Foreign Intelligence Surveillance Act (FISA) in 1978, it was with the Keith Court’s guidance in mind. Although FISA is a complicated statute, its basics are simple enough. FISA provided that a “United States Person” (basically, citizens and those resident in the United States) could not be searched—including by electronic surveillance—without a warrant. The warrant application had to include certifications from high officials that the “purpose” of the surveillance was foreign intelligence gathering and that the target was an “agent of a foreign power.” And Congress created a special court—the Foreign Intelligence Surveillance Court (FISC)—to hear warrant applications from the government in the utmost secrecy.23

There matters stood, until nineteen Islamist fanatics hijacked four planes on September 11, 2001.

THE PATRIOT ACT, AND THE WALL

In the wake of the 9/11 terrorist attacks, Congress enacted the USA-Patriot Act, which granted the government substantially more freedom in intelligence gathering. It was not just about terrorism: law enforcement used 9/11 to obtain tools that had long been on its wish list. To this day, the Patriot Act remains a subject of huge controversy, with many claiming it allowed the government too much leeway to invade citizens’ liberties.24

Notably, though, the Patriot Act adhered to FISA’s insistence on warrants from the FISC—and indeed relied on them to solve the curious problem of “the Wall.” “The Wall” was a set of information-sharing limitations erected to keep the relatively more permissive standards for national security warrants from eroding the rights of suspects in ordinary criminal investigations. Because FISA warrants could stay in place longer, with less oversight than ordinary warrants, and could be granted with a different sort of probable cause, the concern was that law enforcement would use FISA warrants as a workaround in ordinary criminal prosecutions. In response to these concerns, the Department of Justice put in place strict rules limiting when investigators on the criminal side of a case could share information with those on the intelligence side, and vice versa.25

The Wall, already controversial among law enforcement and intelligence officers, was widely condemned after 9/11 when it became clear that it prevented the sharing of some information that may have contributed to stopping the attacks. Khalid al-Mihdhar was one of the five hijackers of AA Flight 77, which struck the Pentagon. The CIA had long been interested in him, tracked him to a meeting in Kuala Lumpur, and lost him. A month before the attack, FBI officials realized al-Mihdhar might be in the United States and sent out a lead for him. An agent in New York who was investigating the bombing of the U.S.S. Cole in Yemen, in which al-Mihdhar was believed complicit, jumped into the search, but was waved off—despite an appeal to high FBI legal counsel—on the ground that because he was working on a criminal case, it would violate the Wall. The agent shot off an angry email:

Whatever has happened to this—someday someone will die—and wall or not—the public will not understand why we were not more effective and throwing every resource we had at certain “problems.” Let’s hope the National Security Law Unit will stand behind their decision then, especially since the biggest threat to us, UBL [Usama Bin Laden], is getting the most protection.26

Among the many things it did, the Patriot Act was meant to tear down the Wall. Whereas previously “the purpose” for a FISA warrant had to be foreign intelligence gathering, the Patriot Act said it only had to be “a significant purpose.” So other purposes—such as criminal investigation—were fine. It also made clear that prosecutors and foreign intelligence officials could share information with one another.27

At some level, the idea of the Wall was always crazy. As we saw in Chapter 7, it’s practically impossible to distinguish criminal prosecution from other purposes of government searching. In fact, that is exactly what the FISA Court of Review—the appellate judges that on rare occasion review FISA court decisions—said after some judges on the FISA court tried to put the Wall back in place following enactment of the Patriot Act. The FISA Court of Review judges pointed out that surveillance often will have two key goals—the gathering of foreign intelligence, and the gathering of evidence for a criminal prosecution—and that the two simply cannot be separated.28

The right answer, as a matter of law and policy both, is to require effective warrants whenever executive branch officials seek information about citizens, even when national security is at stake. That’s exactly what the FISA Court of Review said. Once it overturned the lower court’s attempt to reerect the Wall, the Court of Review realized it had to decide whether FISA warrants met Fourth Amendment standards. Otherwise, it understood, national security surveillance of citizens would present a serious constitutional problem. But FISA warrants were just fine, the Court of Review easily concluded, because—like regular warrants—they are “issued by neutral, disinterested magistrates”; there is a showing of cause to believe someone is a foreign agent (which, under the Patriot Act, typically involved a showing of the commission of a U.S. crime); and the warrant was specific about what was to be gathered.29

And so the Wall was down for good, warrants were in place, and to the public eye all looked fine and well. Except for what was going on behind our backs. It turned out that a massive system of surveillance was being constructed and deployed—often against the American people—with no proper legal authorization.

TOTAL INFORMATION AWARENESS: A PLAN TOO FAR?

In the immediate aftermath of 9/11, Admiral John M. Poindexter pushed a radical idea with a revealing name: Total Information Awareness (TIA). Poindexter, who had been a submarine hunter in the Navy, later served as Ronald Reagan’s National Security Advisor. He was forced to resign after his scheme to sell arms to Iran and use the proceeds to fund Nicaraguan rebels—what became known as the Iran-Contra Affair—was uncovered. After leaving government, tech-savvy Poindexter worked in the defense industry, and it was there that he developed the idea that ultimately led the Bush administration to invite him to head the Information Awareness Office in the Department of Defense after 9/11.30

TIA was to be an early-warning system for terrorist incidents. Poindexter and others believed there was a “signature” to the movement of terrorists planning an attack. For a former sub hunter like Poindexter, the concept was familiar: enemy submarines had a “signature” that skilled operators could detect and isolate in an ocean of “nois[e].” So too with terrorists; if one could only identify their signature, then one could search a sea of data and hope to discover the plot in advance.31

When TIA became public—and, in fairness to Poindexter, there was no real attempt to keep it secret—people went ballistic. To make the system work, the government had to vacuum up that sea of data, pretty much everything about all of us. The conservative columnist William Safire wrote an outraged piece in November 2002, titled “You Are a Suspect,” in which he explained the breadth of TIA: “Every purchase you make with a credit card, every magazine subscription you buy and medical prescription you fill, every Web site you visit and email you send or receive, every academic grade you receive, every bank deposit you make, every trip you book and every event you attend—all these transactions and communications will go into what the Defense Department describes as ‘a virtual, centralized grand database.’” “Anyone who deliberately set out to invent a government program with the specific aim of terrifying the Orwell-reading public,” opined The Washington Post, “could hardly have improved on the Information Awareness Office.”32

Congress killed TIA (though some pieces were parceled off to the NSA), and Poindexter was shipped back out to private industry. Unknown to the rest of us, though, the NSA already was working toward a vision similar to Poindexter’s. General Michael Hayden, who headed the NSA on 9/11, and who was fond of sports metaphors, described it as an agency that had “frankly played a bit back from the line” to avoid the sort of thing uncovered by the Church Committee. Determined to change that, he was fond of saying, “[W]e’re going to play inside the foul lines, but there’s going to be chalk dust on our cleats.”33

Hayden, it turned out, had an odd idea of where that constitutional chalk line was—and, more important, who decides what is fair and foul when it comes to the surveillance of Americans. As we now know, he was party to perhaps the largest unauthorized collection of Americans’ data in all of history.

COLLECTING A GIGANTIC HAYSTACK, ON THE OFF-CHANCE THERE IS A NEEDLE

In the immediate aftermath of 9/11, Hayden and Vice President Dick Cheney decided that more surveillance was necessary to deter another terrorist attack, and that the FISA warrant procedure was simply too laborious for the task. Rather than use emergency procedures built into FISA, or ask Congress to amend the law—even though, at that very moment, Congress was giving the administration most of what it wanted in the Patriot Act—the administration decided to go it alone. The president signed a secret authorization to allow the NSA to engage in an enormous data grab.34

The new program was code-named Stellar Wind. Within the closed circle, though, it was often called the President’s Surveillance Program, or simply “PSP.”35

Much of the fight has been about whether the president was authorized, on his own, to collect the information of Americans without probable cause or a warrant. Answering that question requires having a firm grasp of the almost unimaginable amount of data the executive branch has been collecting.

The first part of Stellar Wind is now common knowledge: the NSA’s bulk collection of “metadata” concerning phone calls of all Americans. The program often is referred to as the “215” program, because when the FISA court finally was asked to (and did) bless this part of what the NSA was doing, it did so under Section 215 of FISA, which provides procedures for obtaining “business records.” Under the 215 program, the government collected all the call records from communications providers. For example, AT&T—which, as we have seen, is famously complicit with the government—built a secret room through which information was shuttled to NSA servers.36

But Stellar Wind went far beyond Americans’ phone calls; it also included their e-mail addressing information, and the websites they were visiting. The government said it had abandoned Internet metadata collection in 2011; the NSA explained that the project was not valuable enough to justify the cost. But the real problem seems to be that the NSA could not get this information from U.S. Internet companies in ways that met the FISA court’s privacy requirements. What the NSA cannot collect legally domestically, however, it finds ways of gathering abroad.37

In the early days after the Snowden revelations, the government was quick to dismiss this sort of bulk collection as inconsequential because it was only collecting metadata, and not the actual “content” of communications. As we’ve come to understand by now, though, the distinction between content and metadata is in many ways a facile one: possessing information about every call anyone makes, as well as who they email with and which URLs they visit, can give a very complete picture of a person’s life.38

In any event, the government has been telling half-truths: the NSA was and still is collecting content as well, despite claims to the contrary. Consider, as an example, the NSA’s wry reaction when it was finally able to nab Skype video: “The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete ‘picture.’”39

Although the government tells us that it is collecting content only on bad guys—or, at least, maybe just foreigners—that’s not true either. Under the “702 program”—so named because section 702 of the 2008 FISA Amendments Act allowed this part of the President’s Surveillance Program to continue once it became public—the NSA gets communications companies to turn over all the content associated with foreign targets (i.e., it can wiretap phones or read email). Included in the 702 program, however, is “upstream” collection, which involves getting huge amounts of data from a variety of foreign sources. That collection unequivocally includes Americans’ content. That’s because the FISA court signed off on procedures that required the NSA to be only 51 percent sure its target is foreign and not a U.S. person. (As John Oliver quipped, “That’s basically flipping a coin, plus one percent.”) In addition, anytime the NSA is collecting information on a foreigner communicating with a U.S. person, the NSA gets to keep that as “incidental” collection. “Incidental” makes it sound like, oops, we just happened to get that information. In truth, though, this is a major purpose of the program—to collect all U.S. communications with any foreign individual the NSA targets.40

There’s more: even today, after all this became public, the executive branch has claimed its own prerogative to collect our data. Ronald Reagan, in an attempt to regulate those forms of surveillance excluded from FISA, issued Executive Order 12333. This authority allows the executive branch to gather information without warrants, ostensibly because (again) it targets only foreign nationals. But, yet again, that is not true. John Tye, who served as the State Department’s Internet freedom chief, blew the whistle on 12333 activities in a July 2014 Washington Post editorial. (Tye, unlike Snowden, cleared what he would say beforehand.) Tye’s plain message was that both the metadata and content of Americans’ communications are being collected and held under 12333, including in ways the government publicly says it has abandoned. Tye wrote, “Americans deserve an honest answer to the simple question: What kind of data is the NSA collecting on millions or hundreds of millions of Americans?” 41

Perhaps more troubling even than what the government is collecting is how that information is accessed and searched: again, without warrants. Because, unlike the NSA and CIA, the FBI’s mission is both foreign intelligence and criminal investigation, FBI agents apparently can search the 702 data for both. The Privacy and Civil Liberties Oversight Board (PCLOB), the federal agency charged with monitoring intelligence gathering, and a special Privacy Review Board appointed by the president after the Snowden revelations, said FBI searching of Americans without a warrant should come to a halt, but it has not. The volume of searches of U.S. persons in the 702 data is so large that a former FISA judge actually urged Congress not to require warrants because the number of requests would swamp the FISA court. That’s pretty revealing, even if does seem to miss the entire purpose of having the FISA court in the first place.42

Finally, it appears the government also is aggregating the data it collects in ways that look very much like the Total Information Awareness program Congress supposedly killed. In 2010, NSA analysts began to create social network charts of Americans based on phone calls and email logs. The NSA can “augment” that information with all the other information it has in its vast databases, including “bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls, and GPS location information, as well as property records and unspecified tax data.” Obama administration officials acknowledged this has been done for Americans as well as foreigners—and all without any sort of warrant or oversight outside the executive branch.43

Hayden’s successor at the NSA, General Keith Alexander, was known to say, “You need the haystack to find the needle.” Even if this “build a haystack” approach makes sense—and, as we will see, there is plenty of reason to question its efficacy—the haystack simply was not built in the way the Constitution requires.44

UNCONSTITUTIONAL AUTHORIZATION

The scope of this data grab is so large as to be almost beyond comprehension. What’s critical to see is how the whole thing went on for so long without proper democratic approval.

In March 2004, a constitutional crisis was brewing over the President’s Surveillance Program. By its own terms Stellar Wind required reauthorization every thirty to forty-five days, and this time the Attorney General refused to sign off. There had been a change of leadership at the Department of Justice’s Office of Legal Counsel, the top lawyers for the executive branch. OLC’s new head, Jack Goldsmith, concluded that Stellar Wind suffered from serious legal deficiencies. Attorney General John Ashcroft was hospitalized at the time, gravely ill from acute pancreatitis, and had stepped aside in favor of his number two, James Comey—who later became the head of the FBI. Comey agreed with Goldsmith that aspects of Stellar Wind could not be justified under existing law, and refused to sign the authorization. At 7:35 p.m. on the evening of March 10, the White House dispatched minions to Ashcroft’s hospital bedside in an attempt to get his signature on the document. Ashcroft refused. Following a dramatic meeting at the White House, Comey then sent the president a letter stating his objections formally. In a chilly reply, White House Counsel Alberto Gonzalez wrote to say the president was going ahead on his own say-so. At which point Comey, FBI Director Robert Mueller, and other top DOJ officials prepared to resign in protest. The crisis was avoided only when the president agreed to two modifications to the existing programs six days later.45

This is the sort of constitutional crisis that occurs when officials push their lawful authority well past any plausible bounds. The president never was on a sound constitutional footing in launching Stellar Wind. And when the executive branch finally accepted that, and decided to come to the FISA judges to ask permission, they never should have granted it. None of it ever was remotely consistent with the FISA law itself, not to speak of the Constitution—which requires warrants before Americans’ data is searched.

The Executive Branch Lacked Power to Go It Alone

The highly irregular way this massive surveillance was implemented in the immediate aftermath of 9/11 should have signaled to all concerned that things were awry. Only one lawyer at the Office of Legal Counsel was read into the program: an academic on temporary assignment named John Yoo. Even Yoo’s boss, Jay Bybee, the head of OLC, was kept in the dark. The NSA’s legal counsel also was not consulted. The authorization for Stellar Wind was kept secreted away, in Hayden’s safe. In a scathing report years later, the NSA’s Inspector General deemed it “strange that NSA was told to execute a secret program that everyone knew presented legal questions, without being told the underpinning legal theory.” 46

This secret and irregular authorization process was a power grab. Since 1947, the National Security Act had mandated Congress be kept “fully informed” of intelligence activity. At the least, the president should have briefed the Gang of Eight—the top congressional leaders on intelligence matters—at the outset. But Vice President Dick Cheney didn’t like the idea that the executive branch should have to ask for permission. He not only wanted more surveillance, he was seeking to establish a precedent regarding presidential power.47

When Jack Goldsmith replaced Bybee as head of OLC on October 6, 2003, and read Yoo’s legal opinions justifying Stellar Wind, he balked at the errors of legal analysis. Yoo later became notorious for his “torture memos,” which justified the aggressive treatment of prisoners in CIA hands, and Yoo’s memos on the President’s Surveillance Program were no better. For example, Yoo advised that absent a “clear statement” from Congress that the executive could not move ahead in an emergency situation without warrants, the NSA was good to go. The problem, as Goldsmith instantly recognized, was that Congress had made a perfectly clear statement. FISA contained an explicit fifteen-day emergency exception, the clear inference being that if the executive wanted to wiretap Americans for a longer period, it needed a warrant from the FISA court.48

Goldsmith fixed Yoo’s errors, but ultimately he, too, concluded that the executive branch was on firm legal ground in capturing the communications of Americans without a warrant. In times of war, Goldsmith reasoned, presidents have always exercised the power to intercept communications, even of Americans. Goldsmith also had a backup argument that Congress had authorized the executive branch’s conduct in its post–September 11 Authorization for Use of Military Force.49

The difficulty with Goldsmith’s arguments is that in FISA Congress had said as plainly as one could that there was to be no gathering of any American’s communications without a warrant. That clarity mattered hugely under the chief Supreme Court precedent in the area—Youngstown Sheet & Tube Co. v. Sawyer. Youngstown involved Harry Truman’s decision to seize the U.S. steel mills during the Korean War, when a union dispute threatened to shut them down. Truman argued that his seizure of the property of U.S. citizens was entirely legitimate, emphasizing his role as commander in chief, and the need for uninterrupted steel production to support the war effort. Justice Robert Jackson’s famous opinion in Youngstown set out a three-part test for analyzing claims of executive power. If Congress had approved what the president did, the executive was at its greatest power—most likely the executive’s actions were lawful. If Congress was silent, there was a complicated gray area. But if Congress had said no to the executive—as the Supreme Court concluded in Youngstown that Congress had, invalidating Truman’s actions—then the executive’s power was at its “lowest ebb.” In the face of an explicit congressional no, it required an extraordinary determination of presidential power to conclude that no matter what, the president could go it alone.50

Just think about it for a minute. How plausible is it that—as a constitutional matter—the executive branch could proceed to collect the communications and other private information on hundreds of millions of Americans, in secret, after Congress had explicitly prohibited it? At the very, very least, it was beyond the extraordinary, and deeply ill advised.

Confirmation of this comes from none other than Jack Goldsmith. In October 2007, some three years after he left government service, Goldsmith was asked to testify before the Senate Judiciary Committee on the subject of “Preserving the Rule of Law in the Fight Against Terrorism.” Goldsmith is a bright, talented, and dedicated man who rightly saw his job as supporting the president’s goals to the extent remotely plausible, while still refusing to wander beyond the pale as Yoo had. But in his congressional testimony he was direct in criticizing the Bush administration as “excessively secretive.” The ill effects of this secrecy were “exacerbated by the fact that the people inside the small circle of lawyers working on these issues shared remarkably like-minded and sometimes unusual views about the law. Close-looped decision-making by like-minded lawyers resulted in legal and political errors.”51

What the president should have done, Goldsmith concluded, was ask Congress for explicit approval. Goldsmith acknowledged that “[f]orcing Congress to assume joint responsibility for counterterrorism policy weakens presidential prerogatives to act unilaterally.” But there are higher and more long-term goals. “When the Executive branch forces Congress to deliberate, argue, and take a stand, it spreads accountability.” That is exactly right.52

The FISA Court Should Never Have Approved Stellar Wind

The DOJ, at Goldsmith’s urging, ultimately persuaded the president to seek FISA court approval. But the statutes that the administration now claimed gave it authority just didn’t. The FISA judges should have sent the executive packing to Congress for approval, just as Goldsmith himself later suggested. Instead, they gave a judicial thumbs-up to the President’s Surveillance Programs.53

The FISA judges were well aware they were being asked to allow something unprecedented. In 2004, for example, the court was asked to authorize the Stellar Wind program under FISA, forcing telecommunications and Internet companies to turn over vast amounts of information on targets. It described its order as one of “first impression,” “resulting in the collection of metadata from an enormous volume of communications, the large majority of which will be unrelated to international terrorism.”54

Still, the judges went ahead, although it was perfectly apparent that they were being asked to squeeze a large square peg into a much smaller round hole. For example, surveillance orders are supposed to specify “the identity, if known, of the person” to whose line the surveillance device is to be attached. But the administration was, as we all now know, not specifying any person whatsoever: it was collecting data on everyone. The gap between FISA’s text and the executive’s request was so wide that the court should then and there have required the executive to go to Congress. Instead, the FISA court simply waved the problem away, saying (remarkably) “there is no requirement to state the identify of such a person if it is not ‘known.’”55

Most extraordinarily, the FISA court signed off on the NSA collecting all our phone metadata—without writing any legal opinion at all. That is just not done. It is a fundamental canon of judging that consequential decisions are accompanied by a written legal justification, one that is subject to critique and appeal. The fact that the FISA judges did not write the requisite opinion serves to underscore the difficulty they must have understood they had in justifying the program under existing law.56

When the FISA court finally felt forced to explain its approval in writing—after Snowden’s disclosures—its opinion was threadbare, to say the least. Section 215 of FISA requires the government to show that the information being requested is “relevant” to an ongoing international terrorism investigation. How was the phone information of every American “relevant” to such an investigation? The court simply bought the government’s argument that “[a]nalysts know that the terrorists’ communications are located somewhere in the metadata,” they just don’t know where right now. So looking everywhere was apparently okay under the statute. As Congressman James Sensenbrenner, the author of the Patriot Act, points out, “The government may need the haystack to find the needle, but gathering the haystack without knowledge that it contains the needle is precisely what the relevance standard and Section 215 are supposed to prevent.”57

Once caught in the act, the FISA court became defensive, blaming Congress for the public brouhaha. It defended approving bulk collection by saying that even if the words of FISA don’t bear the desired meaning, Congress reauthorized FISA in 2011 knowing full well what had been going on, so if anyone was at fault it was Congress. In support of this claim the court pointed to a briefing document that members of Congress got about the bulk telephone collection. It (and another, later, federal court opinion) basically called out members of Congress who claimed they did not know what was happening as incompetents, liars, or both. That was hardly fair: members of Congress were only allowed to look at the briefing document in a special secure space, with no staff to help them understand what was going on. Nothing like this has ever remotely counted in law as congressional authorization, nor should it. Congress can’t strip our rights in secret.58

Why the judges acted as they did is difficult to fathom. Perhaps it was because they—being in no position to question the executive branch’s claims of necessity—thought it better to try to bring the program within their notion of what was proper procedure, rather than letting it continue without any supervision.

In any event, it was simply wrong. When the FISA court finally had to justify its long negligence, it passed the buck: “[W]hether and to what extent the government seeks to continue the program … is a matter for the political branches to decide.” That is what the court should have said when it was first asked to approve such extraordinary measures, not years later. Rather than approving an extraordinary program that defied existing law, it should have sent the administration immediately to Congress, thus forcing the very democratic deliberation the Constitution requires.59

Is the FISA Court a Court?

The FISA court had a far more profound reason to be defensive: It is a not a real law court, and thus should not be making legal determinations of such a serious magnitude anyway.

Law courts act in public. Under our justly famous adversarial system, judges hear all sides of an argument, not just the government’s. They decide in written opinions that are open to public scrutiny and debate. Any affected party can appeal initial decisions. All these proceedings are open to public scrutiny.

None of this is true of the FISC, which was designed to act in secret. As the FISA court was originally conceived, secrecy was just fine. The FISA court’s imagined role was to act as a magistrate, granting warrant requests for searches of specific targets based on individualized suspicion. Magistrates typically consider particularized warrant requests in secret, hearing only from the government.60

But when it comes to deciding legal questions of great constitutional moment, the FISA judges—lacking all the accoutrements of a real court—were in over their head. The benefit of our public, adversarial system is that judges hear both sides of a tough question, and know their resultant opinion will have to stand up under public scrutiny.

The Fourth Amendment Failings of the FISA Opinions

The result of the FISA court’s one-sided secret proceedings was a series of inadequate legal opinions, nowhere more so than regarding the constitutionality of the President’s Surveillance Program under the Fourth Amendment.

Take the issue of bulk telephone data collection. The FISA court said the question was controlled by the Supreme Court’s 1979 decision in Smith v. Maryland. That was the case involving the telephone stalker, critiqued in Chapter 10, in which the justices held that collecting the phone numbers dialed by one person (who there was cause to believe had committed the offense) was not a “search” within the meaning of the Fourth Amendment. It would seem perfectly obvious even to the greenest law student that there is a bit of distance between what got approved in Smith, and collecting the data of an entire nation. Yet all the FISA court could say was, “Whether a large number of persons are otherwise affected by the government’s conduct is irrelevant.” 61

Courts that have handled this issue since, in public, with full briefing by both sides, have acknowledged that the question is considerably more difficult than the FISA court believed. The data from the Smith pen register was collected for a short time, and not retained; the bulk collection data is collected nonstop and retained for years. At the time of Smith, the information was collected from an independent third party, the phone company, while today the communications companies are so clearly in cahoots with the government that it is little different from the government simply gathering the data itself. The information collected under PSP was different than Smith: it included not just the number dialed, but also whether the call was completed, the call’s duration, and the “trunk identifier” that can be used for location tracking. Since Smith, the Supreme Court itself has pointed to the perils of data collection that allows long-term location tracking. None of this, apparently, even occurred to the FISA court as worthy of discussion.62

Even more difficult to get one’s head around—if that were possible—was the FISC Court of Review’s decision that the executive branch could engage in surveillance of Americans, without warrants, so long as the purpose was foreign intelligence gathering. The case, In re Directives, arose when Yahoo balked at turning over data under a 2007 stopgap measure that allowed warrantless spying on Americans so long as they were “reasonably believed to be located outside the United States.” Yahoo argued that allowing the executive branch to search on its own say-so invited “abuse.” The Court of Review brushed aside Yahoo’s argument, saying it is “little more than a lament about the risk that government officials will not operate in good faith.” But isn’t the whole point of the Constitution to trust in law rather than the good faith of government employees? As the Supreme Court in Keith pointed out—and it is awfully hard to square the Yahoo decision with Keith—“The Fourth Amendment contemplates a prior judicial judgment, not the risk that executive discretion may be reasonably exercised.” Stated more plainly: Don’t just trust in the good faith of the executive branch—get a warrant.63

UNCERTAIN EFFICACY

What the executive branch and the FISA court should have done was force Congress to decide in the first instance whether the sort of widespread surveillance of PSP was appropriate. When authorization is not sought, there is insufficient debate about the plusses and minuses, or the costs and benefits, of what government agencies wish to do. Bad decisions get made.

There are serious questions as to whether the government’s bulk collection efforts—which occurred at breathtaking expense—make any sense. As the Privacy and Civil Liberties Oversight Board explained, in its skeptical review of the 215 bulk collection program, “[C]ounterterrorism resources are not unlimited, and if a program is not working those resources should be directed to other programs that are more effective in protecting us from terrorists.” 64

In the aftermath of the Snowden revelations, officials—including President Obama, General Keith Alexander, the NSA Director, and Representative Mike Rogers, the chair of the House Intelligence Committee—all claimed that bulk data collection had prevented some fifty terrorist incidents. The one federal judge outside the FISA court who upheld the bulk collection under the 215 program detailed three specific cases, including a plot to bomb New York’s subways and another to attack the New York Stock Exchange.65

Under the cold eye of critical examination, however, the number of thwarted incidents dwindled pretty much to zero. The Privacy and Civil Liberties Oversight Board could find no instance of any threat where telephony data made a difference. The Privacy Review Board appointed by the president to review the PSP concluded the same. A joint report by the Inspectors General of the NSA, Department of Defense, CIA, Office of the Director of National Intelligence, and the DOJ determined that “most PSP leads were determined not to have any connection to terrorism.” Even Matt Olsen, the lawyer at the DOJ who smoothed the path for FISC approval of bulk collection, conceded that it is really “a bit of an insurance policy … it’s a way to do what we otherwise could do, but do it a little bit more quickly.” 66

The difficulty is that we are gathering vast amounts of information simply because we can. Technology has always been a driver of intelligence. In the 1960s, for example, advances in flight led to the U-2 spy plane and a greater emphasis on aerial surveillance. Similar advances in data collection, storage, and mining led to the PSP.67

When the 9/11 Commission member Richard Shelby called out the spy agencies for failing to connect the dots before the disaster, something serious was lost in translation. The first word in “connecting the dots” is connecting, not collecting. In his exhaustive and engrossing study of intelligence gathering post-9/11, Shane Harris concluded: “[T]he Watchers have become very good at collecting the dots and not very good at connecting them.” Intelligence professionals and scholars worry we are drowning in a sea of data. Their oft-expressed concerns are about analytic capabilities, not data collection. Even an NSA internal report expressed concern that gathering location data was “outpacing our ability to ingest, process, and store that data.” Today’s mantra, “drowning in data, [yet] starving for wisdom,” is as true in intelligence as elsewhere.68

There is, furthermore, good is reason to be skeptical that the government’s entire endeavor of predictive data mining can ever be successful. Jeff Jonas is a data engineer who has had great success with commercial data mining, and who worked for a time with Poindexter on TIA. Subsequently, he and his coauthor Jim Harper wrote a scathing denunciation of what was being done. For predictive data mining to work—as it does in fighting credit card fraud or targeting consumers—one needs a good model of what one is looking for. Yet terrorist plots come in so many varieties that it is ultimately impossible to find them in all the noise, quite unlike the submarines Poindexter hunted long ago. “[D]esign of a search algorithm based on anomaly is no more likely to turn up terrorists than twisting the end of a kaleidoscope is likely to draw an image of the Mona Lisa.” Thus, they conclude, “pursuing this use of data mining wastes taxpayer dollars, needlessly infringes on privacy and civil liberties, and misdirects the valuable time and energy of the men and women in the national security community.”69

WHAT’S CONSTITUTIONAL?

Whether efficacious or not, the American people are entitled to have the programs they want, so long as they are constitutional. That’s what democracy is all about. What is notable here, however, is that when portions of the PSP have been debated publicly, judgments about what is constitutional and what is efficacious have altered. As we have seen time and again, policy changes when the public participates.

After intense national debate, in 2015 Congress adopted the USA Freedom Act. (Correcting, it should be noted, some of the abuses that occurred under the USA Patriot Act. There may be a message there.) Under the Freedom Act, the government is no longer permitted to collect and hold our information in bulk. Rather, that data rests with the telecom companies. More important, in order to access it the government now must have a court order, founded on reasonable suspicion.

These measures, readily approved after public debate, are all that the Constitution may require. Suspicionless collection of data is just fine so long as it is authorized by law, and the data of all of us is collected, in a nondiscriminatory manner. This was the lesson of Chapter 7, about suspicionless searches.

As for searching the data in government hands, that is fine too—so long as there is a warrant supported by cause whenever an American’s data is being searched. That is the bedrock constitutional requirement, widely violated in the aftermath of 9/11. Voices on the left and right now agree that when the government searches United States persons, warrants should be required. The Privacy and Civil Liberties Oversight Board and the Privacy Review Board expressed this view in the strongest of terms.70

In other words, the government could have had much of what it wanted after 9/11 if it had only asked for prior approval. And it’s not apparent why a congressional debate over those requests could not have been had publicly. With programs as general as these, it is difficult to know how public debate would have informed the terrorists of much of anything—except that they had better beware because the NSA has enormous capabilities, and has wide permission from the American people to exercise them. Indeed, it is a hallmark of deterrent programs that their existence is made public to put the bad guys on notice not to even try. Yes, there will be operational details we may not know—but we do not need to know so long as approval is sought and granted in general terms.

In sharp contrast to the national mood after 9/11, when the American people were—rightly or wrongly—prepared to give the government virtually all the tools it wanted, that is no longer the case. Today, pleas of necessity and good faith from the executive branch are met with skepticism, and moving legislation through Congress has proved extremely difficult. The cost of going it alone, it seems, has been a loss of the trust needed to govern, not of intelligence-gathering capability. And for that, we are all the poorer.