Published October 24, 2013
How does a 222-year-old constitutional protection—the Fourth Amendment to the U.S. Constitution prohibiting unreasonable and warrantless search and seizure—apply in an era of metadata and encrypted emails?
That conundrum was the backdrop for a spirited discussion earlier this month at the UB Law School in which three constitutional law professors explored recent revelations that the National Security Agency, in its fight against terrorism, has been gathering massive amounts of information on Americans’ electronic communications.
The event—sponsored by the law school’s newly formed student chapter of the American Constitution Society, which advocates for a progressive interpretation of the Constitution—drew about 25 people to a seventh-floor seminar room. They heard three recently hired faculty members—Professor Luis Chiesa and Anjana Malhotra and Anthony O’Rourke, both associate professors—detail some of the NSA’s work, including the controversial PRISM data mining program.
Chiesa said this surveillance, authorized under Sections 215 and 702 of the USA Patriot Act, is overseen by the Foreign Intelligence Surveillance Act (FISA) Court, an entity whose work is cloaked in secrecy. We do know, he said, that the FISA Court has distinguished between data gathering and making a targeted query, or “search” of the data, and requires a showing of “reasonable suspicion” before government officials query the database.
Some say the surveillance is ripe for abuse. Malhotra, formerly a lawyer for the American Civil Liberties Union, says, for example, that the government collected GPS metadata on every Verizon customer, and specifically on those who attended an Occupy protest nationwide for several days last year. “The Fourth Amendment applies to these searches, but requires rethinking the jurisprudence. The court will soon be confronting critical questions of how and when the Fourth Amendment protects us in the digital age,” she said.
O’Rourke said the collection of metadata—not the content of conversations, but rather who was called and when, and the exact location of the cellphone from which the call was made—“gives a tremendous amount of information to the government. You can track networks, religious practices, whom you choose to associate with—basically every aspect of your life.”
A federal judge, Malhotra noted, recently ordered the declassification of all legal opinions related to the FISA Court’s work. “This is a significant development in that it is allowing for serious accountability of the government’s requests to query the data of millions of Americans, as well as targeted groups of individuals around political affiliation or other characteristics,” she said. “This program clearly presents constitutional problems, but your hands are tied if you don’t know this critical information of how it is applied and the scope of it.” In response to a student’s question about government targeting Muslims and individuals of Middle Eastern and South Asian descent in the electronic surveillance programs, Malhotra suggested that as an example, the government could be impermissibly be engaging in systematic unjustified “digital stop-and-frisk” programs.
Much of the debate over the NSA’s surveillance, the panelists said, revolves around the question of whether this information should be considered private. Chiesa said that if a set of information is deemed to be not private, no Fourth Amendment protections apply. So, for example, he said, the Supreme Court has ruled that Americans have no right to expect privacy in the phone numbers they call, making that information fair game for NSA surveillance.
Other issues in this evolving discussion involve the difference between collecting the data and retrieving it in a meaningful way, such as looking for patterns in a person’s phone records; the distinction between a “snapshot” and a “movie” that collects information about a person over a longer time; and the difference between surveillance that captures content, such as the text of an email, and non-content data gathering.
Saying that the Patriot Act sets a standard of “relevance” for surveillance pertaining to foreign agents, O’Rourke noted that the NSA is “collecting information on everyone, whether you’ve ever been to a foreign country or talked to someone in another country. It’s a very broad standard of relevance that they’ve adopted” in relation to terrorism prevention.
He also argued that metadata can say more about an individual than even the content of communications. “As a matter of investigative reality, officials are saying that metadata is way more telling,” O’Rourke said. “Content takes a long time to look through, people say stupid stuff, it’s hard to tell what they’re saying. But metadata can provide a great deal of information about who a person is.”
It also may be worth asking, in this age of oversharing via Twitter and Facebook, whether it still makes sense to talk about privacy, Chiesa said. “We’re concerned about the government, but Google probably knows more about us than the government. Do we really have private information? Do we need to rethink what privacy means? Maybe we should move away from privacy and talk about other things.”
One way to think about the issue, he said, is the notion of “obscurity”—information that is public but typically difficult to obtain. As an example, he cited the case of a downstate newspaper that published a map, with addresses, of everyone in Westchester County who has a registered firearm. “What’s really upsetting about this article,” he said, “is that gun owners believe, yes, that information is public, but they believed it would remain obscure. You worry when something happens that makes obscure information transparent.”
In comparison to the U.S. conception of privacy, O’Rourke said, “Europe has always had this idea that you should be a person legible to the state, and that the state might put obligations on you to disclose information.” At the same time, however, European Union countries have been more active in limiting how governments may use the information they collect. So, for example, while Germany requires its citizens to possess a national ID card, it has in place strict regulations about what use the government can make of that information.
Back at home, “we’re seeing a breakdown of the American idea that you can carry on your life as a discreet person,” O’Rourke said. “That isn’t really plausible anymore. We seem to be seeing a greater acceptance that the government might have appropriate uses for this information,” but our privacy laws have not caught up to meaningfully protect against abuses of that information.