Law-Checking WSJ Article on Domestic Spying
The Wall Street Journal's detailed article on domestic spying (Wall Street Journal, NSA's Domestic Spying Grows As Agency Sweeps Up Data (March 10, 2008), p. A1) provides critical detail and confirmation of the NSA's wholesale acquisition of domestic communications, and helps us understand the Administration's word games. It also shows that the Administration is relying upon erroneous views of electronic communications privacy law, including some that contradict the Department of Justice's own published interpretations.
The article contains an infobox listing material that "the NSA can look at without a judicial warrant." Contrary to the NSA's claim, information like email subject lines, internet searches and cellphone location information all require a warrant under law. Moreover, even where a "probable cause" warrant is not necessary, the NSA still needs to obtain an appropriate court order.
The infobox incorrectly asserts that the subject lines of email are not "content," and can be obtained without a warrant. According to the article, "[f]or an email, the[NSA's] data haul can include the identities of the sender and recipient and the subject line, but not the content of the message."
But this is contradicted by the Department of Justice's own 2002 Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations manual, which states that "[t]he subject headers of e-mails are also contents." Judges agree. See In Matter of Application of U.S. For an Order Authorizing the Installation and Use of a Pen Register and a Trap & Trace Device on E-Mail Account, 416 F.Supp.2d 13 (D.D.C. 2006) ("the stricture to avoid the contents of e-mail communications should be easy to comply with so long as the pen register and trap and trace processes or devices exclude all information relating to the subject line …." (emphasis added)); In re United States for an Order Authorizing the Use of a Pen Register & Trap, 396 F.Supp.2d 45, 48 (D. Mass. 2005) ("information contained in the 'subject' would reveal the contents of the communication and would not be properly disclosed pursuant to a pen register or trap and trace device.")
In addition, the law requires legal process for the government to obtain the recipient and sender's address.
The infobox incorrectly asserts that the NSA can review "[s]ites visited and searches conducted" without a warrant. "According to current and former intelligence officials, the spy agency now monitors huge volumes of records of ... Internet searches." "The [NSA's] haul can include ... records of Internet browsing."
To the contrary, courts have held that search terms are "content" within the meaning of the Electronic Communications Privacy Act:
"A user may visit the Google site. . . . [I]f the user then enters a search phrase, . . . . [t]his would reveal content—that is, it would reveal, in the words of the statute, '. . . information concerning the substance, purport or meaning of that communication.' Title 18 U.S.C. § 2510 (8). The 'substance' and 'meaning' of the communication is that the user is conducting a search for information on a particular topic."
In re United States for an Order Authorizing the Use of a Pen Register & Trap, 396 F.Supp.2d at 49.
The United States Attorney Manual, Section 9-7.500, prohibits the collection of URLs without prior consultation with DOJ to determine whether the URLs to be collected will constitute content or not. "Among the factors that should be considered in deciding whether to apply for such a pen register are (1) the investigative need for the pen register order, (2) the litigation risk in the individual case, (3) how much of any given URL would be obtained, and (4) the impact of the order on the Department's policy goals."
The DOJ's cautious approach reflects the constitutional concerns arising from obtaining URLs. In United States v. Forrester, 495 F.3d 1041, 1049 n. 6 (9th Cir. 2007), the Ninth Circuit Court of Appeals noted that:
Surveillance techniques that enable the government to determine not only the IP addresses that a person accesses but also the uniform resource locators ('URL') of the pages visited might be more constitutionally problematic. A URL, unlike an IP address, identifies the particular document within a website that a person views and thus reveals much more information about the person's Internet activity. For instance, a surveillance technique that captures IP addresses would show only that a person visited the New York Times' website at http://www.nytimes.com, whereas a technique that captures URLs would also divulge the particular articles the person viewed.
While Forrester did not have to confront the URL issue directly, it is simply incorrect to assert that the current state of the law allows the NSA to obtain records of the web pages you visit without a warrant.
The infobox asserts that the NSA can get cellphone location data without a warrant. "The information [obtained by the NSA] can give such transactional information as a cellphone's location …."
The issue of obtaining cell phone location information has been contentious for some time, but the vast weight of judicial interpretation is that a probable cause warrant is required. Indeed, several courts have strongly rejected the government's legal arguments for warrantless cell phone tracking, including a decision by a Judge in New York that referred to the government's legal arguments variously as "unsupported," "misleading," and "contrived," and a Texas court that called the convolutions of the government's theory "perverse" and likened its twists and turns to a "three-rail bank shot."
The infobox asserts that the NSA can get the "[n]umbers incoming or outgoing" and the "length of call" without a warrant.
The Government needs to obtain a Pen Register or Trap and Trace Order to obtain such call records, either through the Pen/Trap statute or the Foreign Intelligence Surveillance Act's pen register provisions. In both cases, a court order is required.
The Wall Street Journal article provides important confirmation of the scope and extent of the Administration's domestic spying program. As the article confirms:
telecom companies ... are giving the government unlimited access to a copy of the flow of communications, through a network of switches at U.S. telecommunications hubs that duplicate all the data running through it.
Critically, the article clarifies that the spying is not limited to communications with terrorists overseas: "for instance ... the government's spy systems may be directed to collect and analyze all electronic communications into and out of the city [of Detroit]." As the article notes, "some intelligence officials now say the broader NSA effort amounts to a driftnet."
However, the article appears to accept the NSA's dubious interpretations of what is "content" under the law and those interpretations are just wrong in key ways that impact privacy. Rather than detailing what the government is doing that is legal, then, the article actually demonstrates the massive, illegal surveillance of millions of ordinary Americans, in violation of the law and the Constitution.
As Judge Walker noted when examining EFF's allegations of dragnet surveillance: "AT&T cannot seriously contend that a reasonable entity in its position could have believed that the alleged domestic dragnet was legal." Nor can the NSA seriously contend that it can legally obtain dragnet information about Americans' online searches, web browsing, email subject line, cell phone locations, et cetera, all without a warrant.
Recent DeepLinks Posts
May 5, 2016
May 5, 2016
May 4, 2016
May 3, 2016
May 3, 2016
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- UK Investigatory Powers Bill
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Bloggers' Rights
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Genetic Information Privacy
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games