Focus on privacy: How to fight mass surveillance that Congress just reauthorized
For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the internet. We've just lost an important battle. On Jan. 18, when President Donald Trump signed the renewal of Section 702, domestic mass surveillance effectively became a permanent part of U.S. law.
Section 702 was passed in 2008 as an amendment to the Foreign Intelligence Surveillance Act of 1978. It was billed as a way for the National Security Agency to spy on non-Americans located outside the United States. It was supposed to be an efficiency and cost-saving measure.
The problem is that this authority also allowed the NSA to collect foreign communications and data in a way that swept up Americans' communications as well, without a warrant. Other law enforcement agencies may ask the NSA to search those communications, give their contents to the FBI and other agencies, and then lie about their origins in court.
In 1978, after Watergate had revealed the Nixon administration's abuses of power, we erected a wall between intelligence and law enforcement that prevented this kind of sharing of surveillance data under any authority less restrictive than the Fourth Amendment. Weakening that wall is incredibly dangerous, and the NSA should never have been given this authority in the first place.
Arguably, it never was. The NSA had done these types of surveillance illegally for years. Section 702 was secretly used as a way to paper over that illegal collection, but nothing in the text of the later amendment gives this authority to the NSA.
Civil libertarians have battled this law in both Congress and the courts ever since it was proposed. What this most recent vote tells me is that we've lost the fight.
Section 702 was passed in 2008 under George W. Bush, reauthorized in 2012 under Barack Obama, and now is reauthorized again under Trump. It's inconceivable that it will ever be repealed.
So what do we do? There are, it turns out, reasonable modifications that target surveillance more generally, and not in terms of any particular statutory authority.
First, we must strengthen the minimization procedures to limit “incidental” collection. The intelligence community needs much stronger restrictions on which American communications channels it can access without a court order. Second, we must limit how other law enforcement agencies can use data collected incidentally. Today, those agencies can query a database of incidental collection on Americans and the NSA can legally pass information to those agencies. This must stop. Third, we must end what's called “parallel construction.” When a law enforcement agency uses evidence found in this NSA database to arrest someone, it doesn't have to disclose that fact in court.
This problem exists primarily because internet companies collect and retain personal data, which they allow to be sent across the network with minimal security. Since the government has abdicated its responsibility to protect our privacy and security, tech companies need to step up: Minimize data collection. Don't save data longer than necessary. Encrypt what has to be saved.
It's important not to give up hope. Everything we do to keep the issue in the public eye hastens the day when we will reaffirm our rights to privacy in the digital age.
Bruce Schneier is a security technologist and a lecturer at the Kennedy School of Government at Harvard University. His latest book is “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.”