Skip to content

The Problem at the Heart of the NSA Disputes: Legal Density

By
Wednesday, February 5, 2014 at 9:14 AM

An old friend of mine, a mathematician at an elite college, told me some time back that—while still a student—he or she had done some work for NSA and been greatly relieved by the strict assurance given in the personnel orientation that the agency does not spy on Americans. Starting with the revelations in 2005 about the warrantless wiretapping program, this person recounts feeling a bit undercut, betrayed even—as though the services had been procured under false political pretenses.

This conversation has been very much on my mind recently, because it points to a problem that, I have come to believe, lies at the true core of the NSA disputes: The law is so dense and so complicated that it cannot be accurately summarized at a level a citizen can reasonably process.

Any effort to summarize the relevant law necessarily ignores themes sufficiently important to its architecture that the reductionism will partake of serious inaccuracy. The person who told my friend that NSA does not spy on Americans was not lying. He or she was highlighting a crucially-important limitation on NSA’s authority vis a vis US persons. The law and the relevant regulations all contain significant territorial restrictions and significant protections for US persons overseas as well—all designed to separate the foreign intelligence mission of NSA from both domestic intelligence and domestic law enforcement. It’s a sincere and pervasive effort. “We don’t spy on Americans” is a common shorthand for a wealth of law and practice that really and meaningfully keeps the agency out of the business of being a covert domestic intelligence agency.

And all that said, it is not—as my friend learned—quite accurate. NSA, after all, does spy on individual Americans with an order from the FISC. It does, moreover, capture all domestic telephony metadata. And most importantly, it does routinely capture communications between Americans and the targets of its surveillance and incidentally capture other material its systems scoop up overseas—subject to rules that limit the retention and processing of US person information. In other words, to say that NSA does not spy on Americans emphatically does not mean, as a reasonable student or citizen might expect it to mean, that the agency does not regularly acquire and process the communications of Americans.

Yet all other shorthands for NSA’s relationship with US persons have the same problem: They may capture accurately some important aspects of the agency’s capabilities, authorities, and limitations, but they privilege those aspects over others that are crucial to the governing legal architecture. For example:

  • “NSA does dragnet surveillance and captures the records of all phone calls.” That gets to the comprehensiveness of the metadata program, but it focuses only on that one small program and misses the neurotically-detailed use restrictions in the metadata program, the judicial and executive oversight, and the narrow focus on terrorism in querying the metadata database.
  • “NSA is an out-of-control agency that has its hands in any and all communications.” That gets to the amazing—and sometimes scary—technical capability of the agency but ignores the degree to which it is, every day, meaningfully constrained by all sorts of legal mechanisms and a very-genuine culture of compliance in the deployment of its powers.
  • “NSA does not operate domestically.” That captures the foreign focus of what is, in fact, a foreign intelligence agency, but it ignores the fact that huge amount of collection against overseas targets now takes place domestically and by interfacing with domestic industry.

I could go on, but you get the idea. The activity and rules are complicated enough that they resist any simple summary.

For the last several days, I have been trying to come up with the simplest, shortest statement I can put together that accurately describes what the agency does and does not do with respect to spying on Americans—the statement, in other words, that NSA should be giving the new recruits. It speaks to the depth of the problem that this is the best I can come up with:

NSA does not, except in emergencies, intentionally target for collection the communications of specific Americans without seeking a court order first. And except in emergencies, it does not intentionally target for collection without first seeking a court order the communications of individuals known to be in the United States either. It does, however, routinely acquire and store the communications of US persons and some domestic communications as a necessary incident to its broad collection directed at targets overseas—and it then has rules restricting the retention and use of this material to the extent it does not have foreign intelligence value. What’s more, NSA routinely acquires in bulk the records, but not the contents, of domestic telephone communications, which it uses for narrow counterterrorism purposes.

It’s gobbledygook. It’s not short, and it’s not especially comprehensible. And I’m sure I will get emails explaining how even it is also reductionist to the point of inaccuracy.

There’s an honorable reason why the law here is so dense: Each component of the density reflects real needs and values. We want a robust foreign intelligence capability. We don’t want our domestic relations between citizens and government conditioned by an intelligence agency—which necessarily uses secrecy, deceit and trade-craft that has no part in domestic governance. We don’t want to confuse intelligence and law enforcement. We do insist on robust cooperation between intelligence and law enforcement. We don’t want Americans to lose their rights when they travel overseas. We don’t want too great a distinction between Americans and aliens domestically for espionage purposes. We do want enough distinction between Americans and foreigners that the protections we create to prevent a police state domestically do not disable our foreign intelligence capabilities. We want our communications secure from government. We want the bad guys’ communications to be insecure from government. And somehow, we have to recognize in our law that our communications and those of the bad guys are hopelessly mixed together in the giant soup of the modern telecommunications infrastructure. We know that the bad guys overseas have their communications transiting American infrastructure domestically. And we also know that our communications domestically may go through servers overseas. If there is a way to respect all of these values and give voice to all of these needs with law that can be accurately summarized in a simple sentence, that law has eluded us to date—and it’s hard to even imagine what it would look like. David Kris, in a series of guest posts, posed 28 questions you would have to answer just to begin trying.

Yet the complexity, though perhaps inevitable, is also corrosive. It makes it hard, even with a great deal of declassification, to have a conversation with the public about what this agency should and should not do—because there’s no stable understanding of what this agency does and does not do now. It makes it hard to defend the agency accurately. It makes it hard to criticize the agency accurately. And it makes it hard for the agency itself to tell a young student what intelligence collection under the rule of law looks like in any language that does not risk inducing later a sense of betrayal.

Share on Facebook25Share on Google+1Email this to someoneTweet about this on Twitter36Print this pageShare on Reddit0