Allow me to take a little side street on this journey toward encryption. It came to my attention this week that the American Civil Liberties Union is taking the NSA to court over its practice of intercepting, copying, and searching pretty much all of the Internet traffic that leaves America and heads abroad.
Yeah, apparently this is a thing that happens. Constantly.
How is this possible? Don’t we have a Constitutional amendment that protects us, as U.S. citizens, from unreasonable search and seizure? Wouldn’t any reasonable person agree that a search with the scope of “every email sent outside of the United States” counts as unreasonable?
Well, here’s what happened:
Back in 2001, a group of terrorists hijacked planes and few them into the World Trade Center in New York. More than 3,000 people died. And all of America was terrified.
According to The New York Times,
Months after the Sept. 11 attacks, President Bush secretly authorized the National Security Agency to eavesdrop on Americans and others inside the United States to search for evidence of terrorist activity without the court-approved warrants ordinarily required for domestic spying, according to government officials.
Under a presidential order signed in 2002, the intelligence agency has monitored the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants over the past three years in an effort to track possible “dirty numbers” linked to Al Qaeda, the officials said. The agency, they said, still seeks warrants to monitor entirely domestic communications.
The New York Times goes on to point out that this marked a dramatic shift in the scope of operations of the NSA. Up until this point in 2002, the NSA only monitored foreign communications and threats. For the first time, the NSA was spying on Americans. The only thing that makes this a little more palatable is that the NSA insisted it was only monitoring about 500 people domestically and a few thousand abroad. So, at the very least, these were at least semi-targeted searches.
Another consequence of the 2001 terrorist attacks was that Congress began tinkering with a 1978 act, the Foreign Intelligence Surveillance Act (FISA). FISA is the legislation that allows the NSA to monitor telecommunications of suspected agents of foreign governments. The NSA can apply to a special FISA court for permission to spy on overseas agents.
The first amendment, The USA PATRIOT Act, came right on the heels of 9/11, and expanded the definition of “foreign agents” to include individuals working for an overseas group, such as al Qaeda, that is not explicitly affiliated with a foreign government.
And thus ensued much debate over the provisions of the amendments. One of the most interesting arguments to come out of this legislation is the idea that the telecommunications companies that must be complicit with the government in the surveillance deserve protection from lawsuits brought by those being surveilled.
In 2007, President Bush again asked Congress for more power to spy on Americans, urging them to pass the Protect America Act allowing the U.S. government to bypass the FISA court when seeking to monitor communications in which the originating party is not in the United States. Even if that foreign person is talking to an American citizen who is sitting in Iowa. Congress obliged, giving the NSA and other government agencies the ability to spy on innocent Americans in pursuit of terrorism, as long as they believe that one party is physically located outside the United States.
But this act only lasted for six months. So Congress had to approve another amendment to FISA if any of these provisions were to become permanent.
So they did.
In 2008, Congress pass the FISA Amendments Act (FAA). Some interesting bits:
- The FAA permits the government not to keep records of searches, and destroy existing records (it requires them to keep the records for a period of 10 years).
- The FAA grants telecommunications companies immunity for cooperation with authorities.
But don’t worry. There are some protections in the act, too. Like, if the NSA was spying on an American citizen who lives abroad, and that citizen returns to the States, the NSA has to stop spying on them while they are in the country. But the NSA can resume surveillance as soon as they are “reasonably” believed to have left the country. Also, the NSA is forbidden from spying on a foreign person in contact with an American with the sole purpose of spying on the American.
I feel a lot better about all this, don’t you?
The FAA was set to expire in 2012. President Obama took office in 2009, and we all breathed a sigh of relief, because surely he wasn’t into spying on Americans the same way President Bush was.
Except. Not quite.
In 2012, Congress approved a 5-year extension of the FAA, and President Obama signed it.
One positive outcome was that a young man working for a contractor for the NSA became concerned that the government was abusing the power granted it through the FAA, which was used to justify mass surveillance programs. Edward Snowden leaked classified documents to journalists that detailed the extent of the NSA’s surveillance.
(Wired ran a fascinating interview with Edward Snowden from his exile in Russia in 2014.)
That’s the — very much abridged — history. To sum up, the NSA has been laying the groundwork for massive surveillance programs through executive orders, legislation, and litigation for over a decade.
The most recent ACLU lawsuit specifically addresses what is known as “upstream” surveillance by the NSA.
“Upstream” describes the way the NSA has parked itself on the Internet to intercept all the traffic that flows through it. Not just the metadata (information ABOUT a message rather than the content of the message, like the date it was sent and who sent it), which the NSA claimed previously was all it was collecting under its mass surveillance programs, but the actual content of the messages moving from America to foreign persons. Also, if the communication was between two Americans, but it passed through a foreign server, it is also subject to collection. And, remember, back in 2002, the NSA WAS monitoring the domestic communications of Americans. They said they have stopped.
Wikimedia (which runs Wikipedia, to which I have linked extensively in this post) is the main plaintiff in the case, arguing that the NSA is violating the First (privacy) and Fourth (unreasonable search) Amendments with this program.
To bring this side trip back around to the point, this is exactly why all Americans (and probably all people of Earth) should take steps to encrypt their communication. Although the average citizen’s most private emails might not be more provocative than the details of a surprise birthday party, there are many institutions and individuals doing really important work (Amnesty International, for one; journalists covering foreign affairs for another) that would fall subject to this upstream surveillance. Imagine the need for privacy for communications centered on obtaining asylum for a political refugee. And then realize that you can help protect that refugee by making encryption routine.