National Security Agency in the United States
National Security Agency (NSA), Edward Snowden and the Homeland Security
By Bill Blum, who was a California Lawyer contributing writer.
In June 2013, when The Guardian newspaper published a secret court order compelling Verizon Business Network Services to turn over “all call detail records or ‘telephony metadata’ ” on a daily basis to the National Security Agency, a lot of people were shocked.
But not Cindy A. Cohn.
To Cohn, legal director and chief counsel of the San Francisco-based Electronic Frontier Foundation, the document only confirmed her long-held belief that the National Security Agency (NSA) has been running roughshod over the Constitution. The Verizon order, issued by the Foreign Intelligence Surveillance Court, was part of a trove of classified documents leaked by Edward Snowden, the former NSA contractor turned whistleblower and international fugitive.
“Edward Snowden did the American people a tremendous favor,” Cohn told me during an interview at EFF’s offices in a gritty section of San Francisco near City Hall. “He started a vital conversation about what our government is doing, and the need to bring some boundaries to an agency that has to be reined in.”
More than initiating a conversation, Snowden’s leaks presented the Electronic Frontier Foundation – which had been litigating against the NSA since 2006 – with a fresh opportunity to restrain the agency. In July, Cohn and her colleagues joined forces with a group of private-sector litigators to file a multi-cause lawsuit alleging that the NSA’s practice of collecting the metadata of virtually every American telephone user runs afoul of the First, Fourth, and Fifth amendments, as well as statutory directives set forth in the Foreign Intelligence Surveillance Act (FISA) of 1978 (50 U.S.C. §§ 1801-1885c). Additional named defendants include NSA Director Gen. Keith B. Alexander and Attorney General Eric Holder. (First Unitarian Church of Los Angeles v. Nat’l Sec. Agency, No. 13-CV-03287 (N.D. Cal. filed Jul. 16, 2013).)
The First Unitarian case is one of a handful of lawsuits targeting the NSA filed since the Snowden revelations. The others include a complaint brought by the American Civil Liberties Union (ACLU v. Clapper, No. 13-CV-03994 (S.D.N.Y. filed Jun. 11, 2013)); another filed by an Idaho nurse (Smith v. Obama, No. 13-CV-0257 (D. Idaho)); and two initiated by Larry Klayman, a former Justice Department prosecutor in the Reagan administration who founded the Tea Party-affiliated Freedom Watch (Klayman v. Obama Nos. 13-CV-851 & 13-CV-881 (D.D.C. filed Jun. 6 and 11, 2013)).
An earlier Electronic Frontier Foundation case filed in San Francisco also remains active. (Jewel v. Nat’l Sec. Agency, No. 08-CV-04373 (N.D. Cal. filed Sept. 18, 2008).) But another recent NSA challenge by the Electronic Privacy Information Center (EPIC) of Washington, D.C. – a petition for writ of mandate filed directly with the U.S. Supreme Court – ended abruptly last year when the Court denied the petition. (In re Electronic Privacy Information Ctr., No. 13-58 (petition denied Nov. 18, 2013).)
The pending lawsuits call into question the NSA’s two principal surveillance programs authorized under the FISA. The first, under section 215 of the U.S.A. Patriot Act (50 U.S.C. § 1861(b)(2)(A)), allows the government to obtain an order requiring the production of “any tangible things” upon a showing that those things are relevant to a foreign intelligence investigation. Section 215 has been used to collect bulk business records, including the phone numbers that customers dial as well as the date, time, and duration of their calls.
The second program, authorized under FISA section 702 (50 U.S.C. § 1881a), permits specific types of warrantless surveillance programs – one of them code-named Prism by the NSA – that intercept email and other electronic communications of certain non-U.S. citizens abroad. The First Unitarian and ACLU complaints concern only telephone metadata, while the Jewel and Klayman suits target the Prism program as well.
Exposure of the National Security Agency’s dragnet surveillance has aroused plenty of ire, as the list of organizations and named plaintiffs behind these lawsuits indicates.
In December 2013, plaintiffs in Klayman won a partial injunction in a strongly worded opinion by U.S. District Judge Richard J. Leon in Washington, D.C. (Klayman v. Obama, 2013 WL 6571596 (D.D.C.).)Eleven days later, U.S. District Judge William H. Pauley III in New York granted the government’s motion to dismiss in ACLU (2013 WL 6819708 (S.D.N.Y.)). Both cases are headed for the appellate courts, where the plaintiffs face a decidedly uphill battle not only on fine points of law but also on fundamental questions of national security and the powers of the chief executive.
Cindy Cohn doesn’t seem fazed by the high-profile nature and uncertain outcome of her privacy litigation. Dressed informally in a floppy checked shirt and jeans, her eyes shielded by a pair of retro glasses, Cohn at age 50 could easily pass as just another relaxed Bay Area throwback. She even brings her faithful Bernese mountain dog to the office. But behind the glasses is an intense and accomplished lawyer. Last year the National Law Journal included Cohn among its 100 most influential attorneys in the country, and in 2012 the Northern California chapter of the Society of Professional Journalists recognized her with its James Madison Freedom of Information Award.
Still, Cohn took a circuitous path to the EFF. Born and raised in a small Iowa town, she graduated from a state university and attended the University of Michigan Law School. There, she won a fellowship to the United Nations’ Human Rights Center in Geneva, Switzerland, reviewing international compliance with treaties calling for the adoption of human rights laws. The work, Cohn says, was “an eye-opener,” but she found it abstract and sought a more direct connection with people.
Cohn began private practice in the Bay Area, working her way to partner at what is now McGlashan & Sarrail in San Mateo and earning a reputation as a privacy expert. In the early 1990s, the Electronic Frontier Foundation invited her to participate as outside lead counsel in a First Amendment challenge to U.S. export restrictions on cryptography.
Daniel J. Bernstein, a computer science grad student at UC Berkeley, had developed an encryption algorithm and source code designed to protect the privacy of communications over the Internet. Bernstein wanted to publish his code, called Snuffle, internationally, but ran up against the International Traffic in Arms Regulations (ITAR) that implement the Arms Export Control Act. The law required him to submit his ideas first for government review or face possible civil and criminal penalties.
Cohn agreed to challenge the law, and with the Electronic Frontier Foundation filed suit in 1995. Four years later the Ninth Circuit handed the EFF and Cohn a major victory, ruling that software source code is speech protected by the First Amendment and that ITAR restrictions preventing publication of Snuffle were unconstitutional. After subsequent federal regulatory changes, Bernstein’s case was dismissed as moot.
The Electronic Frontier Foundation considered Cohn’s work so significant that Sheri Steele invited Cohn to succeed her as the group’s legal director when Steele became executive director in 2000. “We had such a blast doing the Bernstein case,” Cohn recalls. “As much as I enjoyed my time at McGlashan, I couldn’t refuse the offer.”
The Electronic Frontier Foundation is both a law firm of 14 attorneys and a thriving hub of activism dedicated to protecting civil liberties in the digital arena. In addition to its litigation docket, the organization has more than 24,000 dues-paying members. It sponsors research papers on such issues as free speech, fair use, and privacy. And since its founding in 1990, the EFF has participated in grassroots organizing campaigns, such as the Stop Watching Us rally in Washington, D.C., last October.
As Electronic Frontier Foundation’s litigation supervisor, Cohn has coordinated an array of lawsuits filed on behalf of writers and Internet bloggers. But in early 2006 she turned her focus to the National Security Agency after Mark Klein, a recently retired AT&T technician in San Francisco, made an unannounced visit to the foundation’s office.
“Klein showed up and asked if anybody here cared about privacy,” Cohn says. She recalls that the front office staff noticed that Klein was “highly agitated,” and considered whether he might be just another “sad person suffering from mental illness who thinks things are happening to him.”
What set Klein apart from the tinfoil-hat crowd, however, was the documents and diagrams he brought along. They looked genuine, and they seemed to show that AT&T was helping the National Security Agency tap into the telephone and Internet records of its customers.
“We knew from a 2005 New York Times article,” Cohn says, “that the Bush administration was receiving documents from one of the nation’s largest telecommunication companies without warrants to harvest phone and Internet data.” But until Klein walked in, she says, the EFF lacked hard evidence of the NSA’s blanket access to communications data.
“We referred some of Klein’s documents to a team of technical experts and also confirmed with the Justice Department that they were not classified,” Cohn says. The materials proved genuine, showing that AT&T had installed a “splitter” device on fiber-optic cables at its Folsom Street building to create a complete copy of all Internet traffic – email, Web searches, and other data – transmitted through its Worldnet Internet service. The splitter diverted the data to a secret, high-security room located in the same building but controlled and supervised by the National Security Agency. From there, the data could be forwarded to government agents for analysis.
With Klein attesting to his role installing the splitter, Cohn and the Electronic Frontier Foundation sued AT&T later that year, alleging a litany of wrongs under federal telecommunications and electronic surveillance statutes as well as breaches of the First and Fourth amendments arising from the company’s collaboration with the National Security Agency. (Hepting v. AT&T Corp., No. 06-CV-672 (N.D. Cal. filed Feb. 22, 2006).)
The case was assigned to U.S. District Judge Vaughn Walker, whom the Electronic Frontier Foundation considered open to legal arguments based on privacy rights. The Justice Department intervened, and Hepting was combined with more than 30 other complaints filed nationwide against AT&T under multidistrict litigation procedures.
Cohn was appointed co-lead counsel for the consolidated cases, which produced a frenzy of motions and appeals in the ensuing five years, before Judge Walker and at the Ninth Circuit. Cohn and her colleagues managed to fend off government motions to dismiss under the state secrets doctrine, but Walker ultimately threw out the case after Congress passed the FISA Amendments Act of 2008. Revisions to the law awarded telephone carriers retroactive immunity for both statutory and constitutional violations when conducting surveillance at the government’s behest. The Ninth Circuit upheld the dismissal. (In re Nat’l Sec. Agency Telecomm. Records Litig., 671 F.3d 881 (9th Cir. 2011).)
Cohn wasn’t about to let Congress derail her. She responded to the FISA amendments by filing the Jewel case in September 2008. But instead of naming AT&T as a defendant, Electronic Frontier Foundation sued the agency directly, along with defendants President George W. Bush, Vice President Dick Cheney, and NSA director Alexander.
Among the lawsuits filed to date against the National Security Agency’s operations, Jewel is arguably the most comprehensive. It challenges both telephone metadata surveillance and the Prism program’s interception of global email. Cohn and the Electronic Frontier Foundation contend that neither the terms of the FISA as amended nor the Constitution permit the NSA to spy on Americans except in very limited circumstances, as authorized under the statute by the FISA court.
The Foreign Intelligence Surveillance Court (FISC) is an eleven-member body of district court judges selected by the Chief Justice of the United States to oversee NSA operations. Applications that come before it are prepared and presented ex parte by Justice Department lawyers. Court sessions are closed to the public and without notice to, or appearances on behalf of, the intended surveillance targets. Telephone companies and Internet service providers can object to orders directing them to produce records. Rulings – which are classified unless approved for release – may be appealed to a three-judge Court of Review, whose members also are selected by the Chief Justice. Its decisions may be appealed to the Supreme Court.
For the National Security Agency to obtain a FISC order requiring a company to produce phone metadata, the FBI must submit a “statement of facts” showing that the requested records are relevant to an authorized investigation aimed at gathering foreign intelligence not concerning “a United States person,” or that the requested information is needed to protect against foreign terrorism or clandestine intelligence activities.
To obtain email content and other electronic communications, the Attorney General and the Director of National Intelligence must certify that the government needs the requested communications to acquire foreign intelligence about persons “reasonably believed to be located outside the United States.” Armed with an order approved by the FISC, the government may not intentionally obtain any communication involving a United States person – that is, a citizen, resident alien, or legal entity – and the FBI may only conduct authorized surveillance in a manner “consistent with” the Fourth Amendment.
The relevant FISA code sections also require the government to observe certain “minimization” procedures designed to limit the retention and use of information collected about Americans – underscoring that the NSA’s mission is to safeguard the country from foreign and international terrorism, not from suspected domestic threats. (50 U.S.C. §§ 1804-1805.)
Until Snowden’s revelations were published, the FISC had released only a few redacted opinions setting forth its views on NSA surveillance programs, including one written in the early 1980s, another in 2002, and a third in 2008. The 2002 and 2008 opinions by the Court of Review are published in the official reports. (In re Sealed Case, 310 F.3d 717 (FISA Ct. Rev. 2002); In re Directives, 551 F.3d 1004 (FISA Ct. Rev. 2008).) After Snowden’s document release, however, the Obama administration declassified and published selected opinions, which are posted online.
Among the official disclosures is a highly redacted 85-page memorandum decision written in 2011 by FISC Judge John D. Bates, who scolded the NSA for collecting more than 50,000 “wholly domestic” electronic communications per year without observing the required minimization safeguards. Later in 2011 Judge Bates issued another ruling, approving revised NSA procedures that are designed to strengthen compliance with the minimization rules.
Congress has also responded to Snowden’s revelations, with a flurry of bills to revamp the NSA and the FISC. The U.S.A. Freedom Act (H.R. 3361, S. 1599), a bipartisan proposal co-sponsored by Rep. Jim Sensenbrenner (R-Wisconsin) and Sen. Patrick Leahy (D-Vermont), was introduced in October. Among other reforms, it would end the NSA’s bulk metadata collection program and establish a “special advocate” office within the FISC to represent the privacy concerns of U.S. persons. In mid-December, President Obama promised a reform package of his own, based on 46 recommendations by a high-level panel commissioned to review the NSA’s operations.
Just as Hepting was fiercely defended by government lawyers, the Jewel case has moved fitfully between the trial court and the Ninth Circuit. Last year the EFF won a significant ruling when District Judge Jeffrey S. White in San Francisco rejected another attempt by the Justice Department to assert a state secrets defense. (Jewel v. Nat’l Sec. Agency, 2013 WL 3829405 (N.D. Cal. 2013.).) But in a late December filing, the government renewed the secrets defense and again asked the judge to dismiss the case.
The other cases prompted by the Snowden disclosures have the potential to resolve more quickly. Within weeks after the initial stories about Snowden broke in The Guardian, the ACLU and Klayman filed their complaints in New York and Washington, D.C., respectively, and the Electronic Frontier Foundation filed First Unitarian in San Francisco. “We could have stayed with Jewel,” Cohn says. “But we wanted a more targeted approach that focused on the phone metadata program and addressed not only FISA and Fourth Amendment violations but also the impact the program has on the exercise of First Amendment rights.”
Cohn has moved for partial summary judgment in First Unitarian, which Judge White has scheduled for hearing in April. In support of the motion, she has filed declarations from the 22 named plaintiffs in the case, including Rev. Rick Hoyt, minister of the First Unitarian Church of Los Angeles.
Hoyt claims in his declaration that the National Security Agency’s collection of church phone records resulted in “harassment, membership withdrawal, and/or discouragement of new members, and … other consequences which objectively suggest an impact on, or ‘chilling’ of, the members’ associational rights.”
In an interview, Hoyt elaborated that the church has a history of political and social activism dating from the 1950s, when it defended Hollywood writers subpoenaed by the House Un-American Activities Committee. In the 1980s, it provided sanctuary for undocumented Central American immigrants fleeing persecution in their home countries. Hoyt says the legacy of those efforts – together with ongoing food distribution and tutoring programs – gives the church a high profile, creating a “sense of unease within the membership and the wider community” that association with the church could result in government scrutiny.
First and foremost among the legal barriers government spying cases face is the issue of standing.
“The Supreme Court has a very narrow view of standing,” says Douglas W. Kmiec, a professor at Pepperdine University law school who headed the Justice Department’s Office of Legal Counsel during the Reagan and George H. W. Bush administrations. Kmiec points to the Court’s dismissal last term of a complaint brought by the ACLU challenging the same FISA email intercept provision (50 U.S.C. § 1881a) currently at issue in Jewel. In a 5-4 majority opinion written by Justice Samuel Alito, the Court held that none of the plaintiffs could prove that their email had actually been intercepted or would be intercepted in the future – and therefore, none had suffered the legal harm needed to satisfy standing requirements under Article III of the Constitution. (Clapper v. Amnesty Int’l USA, 133 S.Ct. 1138 (2013).) Unless the Supreme Court suddenly broadens its view on standing, Kmiec says, a similar fate may await both the Jewel and First Unitarian cases.
Cohn, not surprisingly, is more sanguine. “We’ll have to see if Judge White revisits the standing question in Jewel,” she says, noting that prior to the Clapper ruling, the trial judge had held in the EFF’s favor on standing. She concedes that since the Clapper decision, White has suggested the standing issue may have to be reevaluated. Still, Cohn argues that in light of Snowden’s revelations, the plaintiffs’ claims of actual NSA surveillance can no longer be considered speculative.
In December, Judge Leon ruled in Klayman not only that two plaintiffs – both subscribers of Verizon Wireless – had standing to challenge the NSA’s Verizon telephone metadata order, but also that the order was issued in violation of the Fourth Amendment. In a sharp rebuke to the government, Leon railed that James Madison “would be aghast” at the order’s broad sweep and the “almost-Orwellian” technology available to the NSA. (Klayman v. Obama, No. 2013 WL 6571596 (D.D.C. at *20, *24).) That ruling, now before the D.C. Circuit Court of Appeals, will come under close scrutiny.
At the same time, Leon agreed with the Justice Department that the Klayman plaintiffs lacked standing under Clapper to contest the Prism program. (See 2013 WL 6571596 at *1 & n. 6.) Though that aspect of his opinion does not control the Electronic Frontier Foundation’s cases, Cohn may face a similar Catch-22 as a result of the program’s secrecy: Even with Snowden’s revelations, the EFF may not be able to prove that its clients’ emails were actually intercepted. By such circular logic, plaintiffs are unable to establish the standing needed to sue.
By contrast, just as it has for Klayman, the telephone metadata issue presents Cohn with an easier avenue of attack. She is confident the First Unitarian plaintiffs have standing to sue on metadata collection because the NSA has admitted to gathering virtually everyone’s telephone activity records.
Notwithstanding Judge Leon’s opinion, the Justice Department to date hasn’t changed its own position on standing, either as to metadata collection or email surveillance. The department has cited Clapper in both ACLU and Klayman, arguing that any claims of injury – whether associational rights under the First Amendment or privacy under the Fourth Amendment – are too conjectural to demonstrate impending harm. It will no doubt raise that same objection in First Unitarian.
Regardless of whether the plaintiffs have standing to contest the metadata programs, the Justice Department contends that their claims lack merit. In a white paper released last August, the Obama administration argues that its metadata programs are entirely legal, asserting that the FISC had upheld them on 34 separate occasions since the court was authorized in 2006.
As to the statutory claims, the government insists that section 215 of the Patriot Act precludes any person other than the recipient of an FISC order from challenging the orders’ legality. In his order dismissing ACLU, Judge Pauley agreed, concluding that to hold otherwise “could frustrate Congress’s intent” and “spawn mischief.”
Pauley also found, however, that Congress did not bar the ACLU’s constitutional claims, which challenge a long-standing U.S. Supreme Court decision in a wiretapping case. (Smith v. Maryland, 442 U.S. 735 (1979).)
In Smith, the Court held that the government’s installation of a “pen register” device in telecom equipment to record the phone numbers – but not the content – of calls dialed by a robbery suspect was not a search within the meaning of the Fourth Amendment because telephone users voluntarily surrender that information whenever they place a call.
Echoing that rationale, an FISC opinion by Judge Claire V. Eagan, released in September, held that the difference in scale between the NSA’s bulk collection of telecom metadata and the numbers dialed by a criminal suspect from a single telephone in Smith was constitutionally irrelevant. (In re Application of FBI, No. 2013 WL 5741573 (FISC).)
Cohn disputes Eagan’s reasoning, contending that facts of the NSA’s bulk telephony metadata program are distinguishable from those confronting the Supreme Court decades earlier in Smith. She draws support from the Klayman opinion by Leon, who wrote, “The notion that the Government could collect similar data on hundreds of millions of people and retain that data for a five-year period, updating it with new data every day in perpetuity, was at best, in 1979, the stuff of science fiction.” (Klayman v. Obama, 2013 WL 6571596 at *20 (D.D.C.).)
But just two weeks later, Judge Pauley in the ACLU case reinforced the government’s reliance on Smith. “The ACLU’s pleading reveals a fundamental misapprehension about ownership of telephony metadata,” Pauley wrote. “First, the business records created by Verizon are not ‘Plaintiffs’ call records.’ … Under the Constitution, that distinction is critical because when a person voluntarily conveys information to a third party, he forfeits his right to privacy in the information. Second, the Government’s subsequent querying of the telephony metadata does not implicate the Fourth Amendment – anymore than a law enforcement officer’s query of the FBI’s fingerprint or DNA databases to identify someone.” (2013 WL 6819708 at *21.) The appellate courts must now determine Smith’s relevance.
Ultimately, however, the Obama administration’s most important argument in support of dragnet National Security Agency surveillance may be national security. In a series of public statements following the Snow-den leaks, President Obama and other officials – including NSA Director Alexander and Rep. Mike Rogers (R-Michigan) – claimed that intelligence gathered under the NSA’s programs helped to thwart more than 50 specific terrorist threats. They argued that widespread surveillance is critical to combating international terrorism, and that the benefits outweigh any legal harm it may cause.
The administration has conceded that collecting call activity records on all Americans is akin to gathering a haystack in search of a needle. But it asserts that the needle could not be found otherwise. And the government’s white paper promised that phone records would not be individually examined by NSA personnel unless there was “reasonable, articulable suspicion” to believe the records were related to international terrorist activity – invoking the standard required by the Supreme Court for stop-and-frisk pat-downs in Terry v. Ohio (392 U.S. 1 (1968)).
To Cohn and other civil liberties advocates, the administration’s white paper argument is fraught with legal fallacies. And factually, she insists, the claims that NSA surveillance prevented specific acts of terrorism remain largely unproven.
The administration has declined on national security grounds to document most of the claims. But in testimony before the Senate Judiciary Committee in October, Alexander acknowledged that only 13 – a small minority – of the alleged threats at issue had a “nexus” to the United States.
Cohn is frustrated by the unverifiable claims. “We have a constitution in part to place limits on what the government can force us to do, even on the grounds of safety,” she told me. Using a dry-erase board in her office, Cohn quickly sketched a complex diagram of the NSA’s surveillance network, replete with collection nodes and connecting arrows. “Constitutional violations occur when the National Security Agency gathers all our phone records indiscriminately,” she argued. “There’s nothing that says the government can act first, vacuum up everything, and wait until later to meet a standard like ‘reasonable articulable suspicion.’ ”
When and if other federal judges rule on the constitutional questions raised by National Security Agency surveillance, Cohn believes they will see the issues her way.
Fred H. Cate, a law professor at Indiana University in Bloomington who drafted an amicus brief for EPIC’s writ petition last year, emphasizes that NSA’s dragnet surveillance isn’t just constitutionally suspect. “The metadata program also violates the terms of the FISA itself,” he contends.
Cate argues that Congress enacted the FISA as a reform measure following revelations of government abuse in the 1970s by a Senate select committee chaired by Sen. Frank Church (D-Idaho). The Church committee confirmed widespread unauthorized wiretapping and other illegal activity committed by the FBI as part of its Cointelpro campaign, intended to disrupt left-wing political groups.
“FISA was designed to restrict NSA surveillance to specific investigations of foreign agents and powers,” Cate says. Although he acknowledges the agency’s powers grew exponentially under the U.S.A. Patriot Act of 2001 and further still with the FISA amendments enacted in 2008 and 2012, he maintains that nothing in the law permits the NSA to access records of every phone call made or received by every American. Sooner or later, he hopes, someone – either in Congress or in an appellate court – “will have the courage to step in and do something.”
But will they? Even if federal district judges have the fortitude to curtail aspects of the National Security Agency’s surveillance programs, how long will it take for such rulings to make their way to the Supreme Court, where the constitutional issues ultimately must be resolved?
For her part, Cohn remains optimistic. “For quite some time, the NSA’s spying programs were my white whale,” she concedes. “It seemed to me that no one was listening. Now everyone is.”
Resources
See Also
National Security Division
National Security Agency Act Of 1959
National Security Council
FISA Amendments Act
National Security
National Security Act Of 1947
National Security Act Amendments of 1949