Friday, June 14, 2013

Cameron Smith: Government data grab: Privacy and the PRISM

  Last week The Guardian released a classified order from the United States Foreign Intelligence Surveillance Court (FISC) requiring Verizon to hand over a massive amount of information about their phone customers. According to Senator Saxby Chambliss (Ga.), the PRISM program used to sweep up massive amounts of information has been in operation since 2007.

  Subsequently The Washington Post released a classified slide show about the PRISM program which identified major participant companies such as Microsoft, Yahoo, Google, Facebook, AOL, Skype, YouTube, and Apple.

  The Fourth Amendment to the U.S. Constitution guarantees that Americans have a right to be secure from unreasonable searches and seizures by the government absent probable cause. Keep in mind that, even in an era where we choose to share much of our lives through technology, this constitutional protection has not changed.

  The most shocking aspect of the PRISM program is that the government essentially asserts Americans have no expectation or constitutionally protected interest in the privacy of the information about their communications or activities (metadata) related to their interaction with businesses.

  The government bases its perspective on two Supreme Court cases from the 1970s: United States v. Miller and Smith v. Maryland. Both cases hail from a time when technology played a radically different role than it does today, and both reached conclusions that simply reject modern privacy expectations.

  According to the Director of National Intelligence, James Clapper, PRISM is “an internal government computer system used to facilitate the government’s … collection of foreign intelligence information” as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a).

  Curiously, the authorizing code section also specifically states that the government “may not intentionally target any person known at the time of acquisition to be located in the United States.” It also requires “targeting procedures” “reasonably designed to prevent the intentional acquisition of any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States.”

  Clearly, as evidenced by the Verizon order, the government intentionally obtained information pertaining to individuals in the United States communicating domestically. Clapper argues that the vast majority of the millions of people whose information was compelled were not targets. He further assured Americans that the program was administered in a fashion designed to “minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.”

  While Clapper stated that the PRISM program was authorized by Section 702 of FISA, the classified Verizon order cited the information as compelled by 5 U.S.C. § 1861. That section of the code requires that the government demonstrate “reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation.” Clearly, the metadata related to your phone calls to your mother, doctor or pastor has nothing to do with foreign surveillance.

  Prior to the leak, many Americans who may have been uneasily supportive of the Protect America Act and the 2008 FISA Amendments might have thought that “incidentally acquired” described the information of an unwitting individual communicating with a probable terrorist. The government unilaterally filtering through such a vast amount of information from the most significant data carriers in the world to “target” a proportionally miniscule number of terrorists seems on its face to be both overreaching and ripe for potential abuse.

  If the government has a target or targets related to foreign surveillance, they must narrowly tailor the request for that information, adopt stringent minimization protocols and discard unused information. If the government has no terrorist targets, then FISA does not and should not give them permission to begin sifting through trillions of pieces of domestic information.

  Most Americans reasonably expect the details of their location (especially on private property), who they are communicating with and when they do it to remain confidential between them and their respective service providers. Every one of the companies participating in PRISM carries a privacy policy that specifically assures users and customers of the limited range of access to their information. At the same time, it also makes sense to keep those records to aid law enforcement in operations where probable cause definitively exists.

  With the Department of Justice (DOJ) spying on reporters and the Internal Revenue Service targeting political groups, bald assertions that “targeting” will not occur fall particularly flat. To make matters worse, the FISC, without any adversarial arguments to the government’s requests for information, is a rubber stamp for federal information requests. According to a DOJ report, the FISC “did not deny, in whole or in part” any of the 212 applications for business records during calendar year 2012.

  While national security remains a high federal priority, America must ensure that its laws are able to keep up with technology and the privacy expectations of its citizens. The government’s intentions of keeping us safe from terror are noble and necessary, but the means to that end must be bounded by the Constitution and as transparent as possible to those not under criminal scrutiny.

  About the author: Cameron Smith is policy director and general counsel for the Alabama Policy Institute an independent, non-profit research and education organization dedicated to the preservation of free markets, limited government and strong families. He may be reached at camerons[at] or on Twitter @DCameronSmith.

  This article was published by the Alabama Policy Institute.

No comments:

Post a Comment