Statement from Gregory T. Nojeim, CDT Director, Project on Freedom, Security & Technology
Chairman Grassley, Ranking Member Leahy, and Members of the Senate Judiciary Committee:
The Center for Democracy & Technology (CDT) submits the following statement for the record summarizing the privacy and civil liberties concerns presented by surveillance under Section 702 of the Foreign Intelligence Surveillance Act (FISA), along with policy recommendations for addressing those concerns. Section 702 is scheduled to sunset on December 31, 2017, and the reauthorization process presents an opportunity to consider reforms. Unlike the independent reviews of bulk collection of telephone call records conducted under Section 215 of the Patriot Act, independent reviews of Section 702 surveillance confirm that 702 surveillance has been useful in thwarting terrorist attacks. Accordingly, our recommendations are calibrated to focus the warrantless surveillance program onto its appropriate purpose: intelligence gathering for the detection and prevention of national security threats to the United States, including terrorism.
The 2008 FISA Amendments Act, which added Section 702 to FISA, made a fundamental change in FISA for surveillance conducted in the US of non-US persons: it did away with the requirement that the target of surveillance be a terrorist, a spy, or another agent of a foreign power. The only meaningful limitation on the scope of Section 702 surveillance of non-U.S. persons abroad is the limitation that “a significant purpose” of surveillance must be to collect “foreign intelligence information.” The primary purpose can be something else entirely, including investigation of crime or tax evasion. Moreover, “foreign intelligence” is broadly defined to include information that merely relates to U.S. foreign policy and national security. When protesters gather in Istanbul, Brasília, Cairo, or Paris to protest government policies, the reasons for their protests “relate” to U.S. foreign policy. Section 702 gives the NSA statutory authority to compel U.S. communications service providers to disclose the protesters’ stored email or to assist with wiretapping them. This is far too broad an authority, and it goes well beyond fighting terrorism.
Reports resulting from disclosures by Edward Snowden and subsequent declassifications by the federal government confirm that Section 702 surveillance sweeps broadly, and compromises the privacy rights of non-targets of the surveillance. In 2014, the Washington Post examined a large sample of e-mails and instant messenger conversations collected under Section 702 between 2009 and 2012, and found that 90 percent of the communications the government had captured and retained were from online accounts not belonging to foreign surveillance targets. A surveillance program purportedly geared towards foreign intelligence has instead swept up a huge amount of communications content belonging to innocent, untargeted people, and the fruits of those warrantless searches have been used to conduct criminal investigations against Americans – investigations that are unrelated to national security and terrorist activity.
Overall, the Section 702 program has strayed too far from the world envisaged by the authors of the U.S. Constitution – a world where an American need not worry about general “writs of assistance” because his government may only intrude upon his sensitive papers and effects when a judicial authority finds there is strong evidence that he is up to no good. Moreover, the overbroad collection, retention, and querying of data for a myriad of purposes unrelated to national security has violated the privacy obligations of the United States under the International Covenant on Civil and Political Rights and the American Declaration of the Rights and Duties of Man.
This broad surveillance program threatens not just privacy rights in the U.S. and abroad, but the flow of data for commercial reasons between the U.S. and Europe. In Schrems v. Data Protection Commissioner, the Court of Justice of the European Union (CJEU) struck down the U.S.-E.U. Safe Harbor agreement, an agreement vital to transatlantic trade on which over 4,000 U.S. companies had relied for fifteen years. The CJEU found that the European Commission, in approving the Safe Harbor, had not adequately accounted for the extent to which Europeans’ data transferred to the United States by U.S. companies was accessible for surveillance purposes. In addition, a 2014 analysis found that U.S. technology companies, particularly in the cloud-computing sector, are likely to lose billions of dollars in revenue due to U.S. warrantless surveillance.
As the Section 702 sunset date approaches, CDT encourages Congress to embrace the reforms below not just because they would facilitate commercial trade, but because they would advance the human rights of people on a global basis, strengthen the tenuous constitutional foundation on which the surveillance program now rests, and better focus the surveillance on terrorism and other national security threats the United now faces.
[Full statement in the PDF]