Two years after the first story based on Edward Snowden’s leaks hit the press, the U.S. government enacted the USA FREEDOM Act, ending bulk collection under Section 215. As one of five members of President Obama’s Review Group on Intelligence and Communications Technology, I applaud its passage—the biggest pro-privacy change to U.S. intelligence law since the original enactment of the Foreign Intelligence Surveillance Act in 1978.
There is a close fit between the Review Group’s work and the new law as well as multiple significant reform measures the Obama administration has already adopted without legislative change. In this era of partisan gridlock, the U.S. system of government has proved more responsive and resilient than many skeptics had predicted.
Two months after the Snowden stories began, President Obama announced formation of the Review Group and tasked it with finding an approach “that optimally protects our national security and advances our foreign policy while respecting our commitment to privacy and civil liberties, recognizing our need to maintain the public trust and reducing the risk of unauthorized disclosure.”
My own role on the Review Group was based on my work as Chief Counselor for Privacy under President Clinton, as well as ongoing writing on foreign intelligence, encryption, and related subjects.
The four other members had diverse capabilities: Richard Clarke, cyber-security and anti-terrorism advisor to both President Clinton and George W. Bush; Michael Morrell, former Deputy Director of the CIA; Geoffrey Stone, noted civil libertarian and former Provost of the University of Chicago; and Cass Sunstein, noted legal academic and former Administrator of the Office of Information and Regulatory Affairs in U.S. Office of Management and Budget. I feel honored to have had the opportunity to work with four such distinguished experts.
The Review Group initially received a fair bit of public skepticism, such as statements that “the review panel has effectively been operating as an arm of the Office of the Director of National Intelligence” and "no one can look at this group and say it's completely independent.” This skepticism was perhaps understandable, because four of the members had worked for Democratic Presidents and the fifth, Geoffrey Stone, had actually been the Dean who hired a young Barack Obama to the University of Chicago Law School faculty.
Nonetheless, in actuality, the Review Group had freedom to pursue our mandate as we wished. We had expert staffing from the relevant agencies, and received full briefings on every issue we asked about. The actual draft resulted in a unanimous, 304-page report with 46 recommendations and was subsequently reprinted by the Princeton University Press.
When the Report became public in December, 2013, the greatest attention focused on this statement: “Our review suggests that the information contributed to terrorist investigations by the use of Section 215 telephony metadata was not essential to preventing attacks and could readily have been obtained in a timely manner using conventional Section 215 orders.”
This finding of “not essential to preventing attacks” had credibility because it was based on top-secret briefings to a group that contained senior experts in intelligence and counter-terrorism. A common response to civil liberties concerns says: “If you knew what we knew, you would want this surveillance power.” After the Review Group report, that response was much harder to make in defense of Section 215 bulk collection.
There is a close fit between Review Group recommendations and the provisions of the USA Freedom Act.
Passage of any legislation such as USA FREEDOM has innumerable parents, each of whose support turns out to be vital to eventual enactment. For this law, important support came from President Obama, the intelligence community and the Obama administration generally; the members of Congress who brought together a unique coalition in both the House and the Senate; the Privacy and Civil Liberties Oversight Board, whose detailed report on Section 215 raised numerous compelling concerns with the program, and coalitions of outside supporters from the political left and right, including industry and civil society.
With the roles of innumerable others in passage clear, here is what USA FREEDOM provides, linked to Review Group recommendations:
- Recommendation 1: Issue a Section 215 order only with judicial approval and heightened standard. The administration had already adopted this approach, and USA FREEDOM confirms it legislatively.
- Recommendation 5: End government storage of bulk telephone data and have records held in the private sector, accessible only with a judicial order. USA FREEDOM does this.
- Recommendation 2: Place similar limits on bulk collection using National Security Letters. USA FREEDOM applies the limit on bulk collection to NSLs and to FISA pen-trap orders.
- Recommendation 4: Have a general rule limiting bulk collection, absent extraordinary circumstances. USA FREEDOM does not enact this sort of general rule. On the other hand, any agency lawyer going forward has received a loud and clear message from Congress to be cautious before saying there is legal authorization for a new bulk collection program.
- Recommendations 9 and 10: Create greater transparency in government reports and allow greater transparency in company reports about the nature and extent of foreign intelligence orders. USA FREEDOM takes important steps for both of these.
- Recommendation 28: Create public interest advocates to represent privacy and civil liberties interests before the Foreign Intelligence Surveillance Court (FISC). USA FREEDOM creates a panel of experts to file amicus briefs in this way.
This list exhausts the main substantive provisions of the USA FREEDOM Act, suggesting that the Review Group report played a constructive role in crystallizing specific reforms that could eventually make it through the legislative process.
Multiple measures by the Obama administration add to the roster of intelligence reforms. In considering the response of this administration, I believe President Obama himself was in an unusually good position to weigh the competing equities about intelligence reform: he taught constitutional law at the University of Chicago, and so is deeply versed on the civil liberties issues; he has been Commander in Chief of the armed forces during a period of active combat, so that he has a trained and personal sense of responsibility about protecting the nation; and, he ran as the “Internet” candidate, using new communications technologies in innovative ways.
Civil liberties, national security and high-tech, these are obviously key areas relevant to any review of intelligence and communications technology.
I have written previously about the administration’s reform measures to date, including:
- Transparency, notably de-classification of many important FISC opinions;
- Some limits on “incidental collection” under the PRISM program (Section 702);
- New White House oversight of the intelligence community, including for sensitive collection programs;
- Presidential Policy Directive 28 and other reforms to provide greater protections for non-US persons;
- Funding increases, some of which Congress has granted and others that are in the budget for this year (including much-needed staffing support for the Mutual Legal Assistance Treaty process); and
- Significant change to rules about NSLs, so that they generally will remain secret for no more than three years, rather than the previous 50.
Along with this progress to date, reform efforts should continue.
Notably, I believe the administration should adopt Review Group recommendation 29, which supports strong encryption as an essential component of cyber-security in communications.
We should also consider recommendation 12, which would create stronger safeguards for information that is “incidentally collected” as part of surveillance targeted at non-US persons under Section 702 and Executive Order 12333. The latter issue is likely to receive careful attention when Section 702 sunsets in 2017.
There has been thoughtful reform of numerous intelligence community practices in the past two years, consistent in my view with national security. Far more has changed than many skeptics predicted.
In addition, the debates on the USA FREEDOM Act have re-sensitized many members of Congress to the importance of privacy issues. These debates may prove influential as additional privacy proposals come to Congress—part of what I have called a “Second Wave of Global Privacy Protection.”
We should anticipate more changes to come.