New Year predictions are always risky, but when it comes to the NSA and its controversial surveillance programs, you don't have to be privy to secret intelligence to know that reform will arrive.
The tricky part is: How real will it be?
"I think everybody in Congress and the executive branch understands that's it gotten to the point where they have to do something," said Kurt Opsahl, senior staff attorney with the Electronic Frontier Foundation, one of the main nonprofits that's been taking on the spy agency. "You know, they can't just say, 'look, everything's fine, and no changes are necessary.' So, something will have to be done. The question is whether that will be actual reform or cosmetic."
It's true that we've seen a bang-up finish to 2013 in regard to the NSA story, with the agency and its allies taking three solid hits to the chin.
On December 16, a conservative federal judge appointed by George Bush the Second ruled, in Klayman v. Obama, that the NSA's phone-records program violates the Fourth Amendment. And he made no bones about it, calling the program "almost Orwellian" and saying it would leave founding father James Madison "aghast." (The judge's injunction against the program is on hold pending a government appeal.)
Then, on December 17, a group of tech heavy hitters including Apple's Tim Cook, Google's Eric Schmidt, and Yahoo's Marissa Mayer hijacked the agenda of a White House meeting with President Obama, shifting the emphasis from fixing Healthcare.gov to fixing a spy agency critics say has gone rogue. (This in-person push for reform followed a campaign earlier in the month that included full-page ads in The New York Times, The Washington Post, and elsewhere.)
Then, on the 18th -- prompted, perhaps by the week's prior events -- the White House decided not to wait until January as previously planned, and it released the report by the panel Obama handpicked to investigate the NSA's programs. That bipartisan group, which included a former deputy director of the CIA and a former White House counterterrorism adviser, surprised the skeptical with a report that impressed even Jameel Jaffer, deputy legal director of big-time surveillance critic the ACLU.
Among other things, the report says call data should no longer be collected by the NSA and should instead be kept by the phone companies, with the spy agency needing a court order, on a case-by-case basis, to get at it. The findings also say (as did the Bush-appointed judge, and as critics have been saying for some time) that there's no evidence the NSA's contested programs have contributed to fighting terrorism. That last point potentially takes the wind out of the agency's main defensive talking point.
If you doubt that all this had the NSA's critics a little giddy, just check out some of this eventful December week's TV appearances by journalist, Internet defender, and Edward Snowden confidant Glenn Greenwald, and watch as he tries -- unsuccessfully -- to contain his glee.
But though these noise-making New Year's Eve developments might have tempted some anti-NSA'ers to bust out the party hats, the situation is far from resolved, and the sort of reform that surveillance critics would call "real" is not ensured.
After all, the government will very probably appeal the ruling in the Klayman case; at least one source says Obama gave the tech companies no guarantee of reform; and the president has already ignored one of his panel's suggestions, opting to keep a single military official in charge of both the NSA and the Pentagon's Cyber Command, rather than split the duties between two chiefs.
And then on December 27, in a separate case (ACLU v. James R. Clapper), a judge issued a pro-NSA ruling, saying that the agency's bulk collection of telephony metadata is both reasonable and legal, and calling it a "vital tool" for disrupting terrorist attacks. At some point, the contrary judicial interpretations will have to be reconciled.
So what should we keep an eye on in 2014? Here's a rundown, chopped into subject areas.
Legislation: Congressional smackdown ahead?
Congress is batting around various reform proposals, but the two biggies seem to be the USA Freedom Act, penned by Patriot Act co-crafter Rep. Jim Sensebrenner (R-Wis.), along with Senate Judiciary Chairman Patrick Leahy (D-Vt.), and the FISA Improvements Act, sponsored by Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) and Vice Chairman Saxby Chambliss (R-Ga.).
"There's no sugarcoating it. These two trains -- one that codifies bulk collection and the other that outlaws it -- are on a collision course," Gregory Nojeim, senior counsel at privacy advocate the Center for Democracy and Technology, told The Washington Post earlier in the year.
The Sensenbrenner-Leahy bill is the one that would do the outlawing. It's designed to, among other things:
- End the bulk, suspicionless collection of Americans' communications records that's been done under Section 215 of the Patriot Act. Under 215, the NSA can grab data from companies such as phone carriers simply by showing the secretive Foreign Intelligence Surveillance Court that the information is "relevant" to an international terrorism investigation. The USA Freedom Act would create a stricter standard, prohibiting the NSA from accessing data unless it's associated with someone who's actually suspected of being a terrorist or a foreign agent, or who's in contact with one.
- Set up a kind of adversarial process in the Foreign Intelligence Surveillance Court. Currently, when the NSA is seeking data, the court hears only the government's arguments. The Sensenbrenner-Leahy bill would establish an Office of the Special Advocate whose job it would be to promote privacy interests before the court.
- End secret laws by requiring that all FISC decisions that contain a significant construction or interpretation of law be made public (without privacy advocates having to push for this to happen).
- Increase transparency by letting communications companies go public with the number of surveillance orders they receive.
The FISA Improvements Act, on the other hand, is the one that would do the codifying.
Feinstein, a committed supporter of the NSA, has said she believes the agency's call-records program is constitutional and "subject to extensive congressional judicial oversight" and that it "contributes to our national security." She says that more simply needs to be done "to increase transparency and build public support for [the] privacy protections [that are] in place."
Among other things, the FISA Improvements Act:
- Creates a penalty of up to 10 years in prison for intentional unauthorized access to data acquired under the Foreign Intelligence Surveillance Act.
- Mandates an annual public report on the total number of queries of the NSA's phone-metadata database.
- Allows the FISC to designate outside "friends of the court" to help review matters that involve new or significant legal interpretations.
But the bill also would, according to NSA opponent Sen. Ron Wyden (D-Ore.), "expressly authorize this bulk collection for the first time," and critics point to Feinstein's proposed legislation as exactly the sort of "cosmetic," "fig leaf" reform that the EFF's Opsahl speaks of. That's why a slew of civil liberties groups oppose it.
Feinstein has a lot of influence among Democrats in Congress, so her bill shouldn't be taken lightly. On the other hand, during wrangling this past summer over a military-spending bill, Rep. Justin Amash (R-Mich.) proposed an amendment that would've blocked funding for the NSA's bulk collection of phone records. That amendment was defeated by a scant seven votes, so the Sensenbrenner-Leahy bill may have a solid chance on the hill. It also has the backing of major privacy advocates.
"The entire nonprofit community has gotten behind the same bill," says ACLU legislative counsel Michelle Richardson, "it's the USA Freedom Act." Some, however, including the EFF's Opsahl, have said that though it's a great start, it doesn't go far enough.
The coming year will see various members of Congress campaigning for re-election, and "people in election years usually want to get everything done in the first six months," says Richardson. That, and the obvious visibility of the NSA issue, may discourage any delays on hashing out these two proposals and ultimately picking a winner.
The courts: Privacy in the era of 'the Internets'
The big news in the judicial realm as we head into 2014? The cat's out of the secret court.
Oh, and there's a chance privacy law will catch up to the Digital Age.
US District Judge Richard J. Leon, in a case called Klayman v. Obama, is the one who in late December called the NSA's bulk collection of phone metadata "almost Orwellian." And he's also the one who's freed the cat.
"In granting the plaintiffs [in the case] legal standing to sue the government on the grounds that they, most likely, had had their phone records seized," The New Yorker's John Cassidy writes, Judge Leon "breached the wall that had kept the legal arguments about domestic surveillance confined inside the secretive FISA court."
In his ruling, Leon wrote that "while Congress has great latitude to create statutory schemes like FISA, it may not hang a cloak of secrecy over the Constitution."
And so, in the words of the EFF's Opsahl, "over the course of the next year, we're going to have open-court analysis of these programs, where judges will have heard from both sides and seen the problems with the government's arguments, and I think that's going to be very useful for assessing the legality and also helping the judges and the public understand what's going on."
What, then, is likely to come up? And what of the Digital Age? Well, as the Klayman case goes to appeal -- and other cases, such as those filed by the EFF and the ACLU, wend their way through the courts -- we'll no doubt be hearing a fair amount about two Supreme Court cases: Smith v. Maryland, from 1979, and 2012's United States v. Jones.
In justifying the NSA's warrantless collection of phone and other metadata, the government relies heavily on the Supreme Court's finding in Smith that the plaintiff in the case didn't have a reasonable expectation of keeping the telephone numbers he dialed private. That's because, the court said, he freely transmitted the numbers to the phone company and knew they'd be recorded. In his December 27 ruling in favor of the NSA in the case brought by the ACLU, Judge William Pauley found much to like in the Smith precedent.
But critics of the NSA's application of that precedent to its bulk, suspicionless surveillance programs say the Smith case isn't relevant: It had to do with the collection, by law enforcement, of a single person's phone-call data for two days. And the police, though they hadn't requested a probable-cause warrant, had compelling evidence the person was guilty of a crime. How could that reasonably be extended to the collection of everyone's metadata all the time?
Beyond that, however, is the fact that the Smith ruling is more than 30 years old, and, as we all know (while perhaps reading this article on a laptop or a tablet or a smartphone) a lot has changed in that span.
Supreme Court Justice Sonia Sotomayor makes this point in her concurring opinion in US v. Jones, a case related to the placing of a GPS device on a suspect's car. Citing the Smith ruling, she writes:
"It may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the Digital Age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. Perhaps, as Justice Alito notes, some people may find the "tradeoff" of privacy for convenience "worthwhile," or come to accept this "diminution of privacy" as "inevitable," and perhaps not. I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year."
And in the Klayman ruling, Judge Leon is on Sotomayor's wavelength, also citing Smith. "When," he writes, "do present day circumstances -- the evolution in the government's surveillance capabilities, citizens' phone habits, and the relationship between the NSA and telecom companies -- become so thoroughly unlike those considered by the Supreme Court 34 years ago that a precedent like Smith does not apply. The answer, unfortunately for the government, is now."
Leon's ruling has "invited higher courts, and ultimately the Supreme Court, to revisit the entire issue of how privacy can be defined, and protected, in the information age," The New Yorker's Cassidy writes. And that may not work out so well for the NSA and its supporters.
We're not likely to see the Supreme Court weigh in on the intelligence agency's spy programs in 2014, says the EFF's Opsahl. After all, we don't yet have even an appellate court ruling on an NSA case. But, he says, you never know: "It's possible for the Supreme Court to act very quickly. You may recall in the Bush v. Gore case concerning the 2000 election, the court moved quite rapidly." And Dianne Feinstein herself says she hopes the Supreme Court will take on the Klayman case.
How would the Supremes rule? In the Jones GPS case, says Opsahl, five of the justices were signaling, in separate opinions, that they were ready "to provide some clarification that would put some doubt on the Smith v. Maryland case the DOJ is urging" and "that's all you need for a positive Supreme Court decision."
But who knows? Feinstein points out that "Judge Leon's opinion...differs from those of at least 15 separate federal district court judges who sit, or have sat, on the FISA Court."
In any, um, case, this time around we'll get the chance to observe the proceedings.
The president: Executive decision
What we may likely see first in 2014 regarding NSA reform is at least some action from President Obama on the recent recommendations made by the independent panel he assembled to review the agency's spy programs.
During the last regularly scheduled White House press conference of the year, on December 20, Obama said that come January he'd make a "pretty definitive" statement about the panel's suggestions.
And those suggestions are a "game changer," Greg Nojeim, an attorney for privacy group the Center for Democracy and Technology, told Beltway blog The Hill. The consensus seems to be that the relatively aggressive suggestions for reform in the group's 300+ page report (PDF) took the White House by surprise, and could force Obama to alter policy to a greater extent than he otherwise might have. Still, it's a matter of debate as to just how much the recommendations -- even if fully implemented -- would change the key components of the intelligence community's game.
The panel came up with more than 40 potential reforms for the NSA. In addition to the suggestion that call data be kept by phone companies and shared with the spy agency only under court order, the group recommends that the NSA be prohibited from monkeying with commercial software to get around encryption, and that, to avoid conflicts of interest, the part of the agency charged with strengthening computer security to protect US systems be split off from the part charged with cracking into foreign systems.
It also suggests that foreigners be given essentially the same protections US citizens enjoy under the Privacy Act of 1974 and that the power to choose FISA court judges be spread among all 12 Supreme Court Justices, rather than resting only with Chief Justice John Roberts, as it does now. And the group says the FBI's power to demand data from companies by way of National Security Letters should be strongly limited.
Obama said that in the next few weeks, he'll be talking with the intelligence community and people inside and outside of government about the recommendations. Some of the panel's reforms could be ordered into effect by the president; others would need to be legislated by Congress. Various reports say the panel's ideas are likely to get significant pushback from the intelligence agencies and the Department of Justice, and at least one report says an internal White House group of national security officials will offset the outside panel's suggestions with more-conservative ones.
But if statements made at press conferences are any indication, Obama does seem to have altered his tune somewhat. In August, he said, "The programs are operating in a way that prevents abuse, that continues to be true, without the reforms." At the December 20 presser, he said, "programs like 215 could be redesigned in ways that give [the NSA] the same information when [it needs] it, without creating these potentials for abuse" and that "there might need to be different checks on how those requests [for data] are made." That would appear to suggest the imposition of at least some additional privacy protections and legal safeguards.
And it may mean that the panel has, as The New Yorker's Cassidy writes, "performed a valuable service in confirming that the electronic spooks have overstepped their bounds and need reining in, at least somewhat. Until very recently, that was a minority view in Washington." That does seem to change the game a bit.
However, when it comes to scaling back the surveillance programs, Obama is clearly still concerned about terrorism -- and, perhaps, public opinion. At the recent White House gathering he told reporters, "If something slips, then the question that's coming from you the next day at a press conference is, 'Mr. President, why didn't you catch that; why did the intelligence people allow that to slip; isn't there a way that we could have found out that in fact this terrorist attack [was going to take] place?'"
Tech firms: The turn toward reform
Tech companies have been feeling the heat since the very first Snowden revelations, when secret NSA documents involving the agency's Prism system came to light, explicitly mentioning AOL, Apple, Facebook, Google, Microsoft, and Yahoo, and suggesting -- at least according to initial media reports -- that the agency enjoyed "direct access" to company servers.
The direct access claim was quickly disputed, and Silicon Valley and other tech hubs rang with denials and protestations. But the companies stopped short of calling for reform of the spy agency's surveillance programs. Instead they focused on winning the right to let the public know just how many requests for customer data they receive from agencies focused on national security (the idea being that such numbers would help calm customer fears of unlimited data vacuuming).
But as the months have passed, and the revelations have poured forth, the companies have moved beyond the push for transparency. Domestic PR bruises have played a role, as have threats to business overseas -- caused by suspicion that American tech offerings place customers in the hands of US intelligence outfits, either through data-sharing arrangements or backdoors built in to products.
The big turning point seemed to come at the end of October, when it was reported that the NSA had secretly tapped into the private fiber-optic networks that connect Google's and Yahoo's worldwide data centers, allowing it to suck up "at will" metadata and content belonging to users of the companies' services.
As if the trespass itself weren't enough, an internal "NSA presentation slide" published by The Washington Post featured a Post-It Note sketch showing where the public Internet meets the private cloud maintained by Google. And it pointed out -- with a cute hand-drawn smiley face -- that the data within the cloud was unencrypted and thus accessible (though Google has been working to encrypt such information). This seeming display of how delighted the NSA was by its maneuverings stoked the ire of Google's engineers -- and inspired some no-nonsense vocabulary. And the move toward reform shifted into high, and highly visible, gear.
December saw Apple, Facebook, Google, Twitter, and other firms band together to take out full-page ads in major newspapers, informing the president and Congress of "the urgent need to reform government surveillance practices worldwide." A companion Web site, ReformGovernmentSurveillance.com, lists five principles, including the assertion that "governments should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications."
And the final month of 2013 also saw major tech celebrities such as Tim Cook, Eric Schmidt, and Marissa Mayer pitching these principles to President Obama in person, at the White House (while previously introduced Beltway lobbying efforts continued in the background).
It's not clear how much of an impact all this will have. Obama has reportedly given the tech companies no guarantees, and despite their deep pockets and major role in the US economy, the big tech firms have "not always, or even often, got their way on policy issues," Zoe Lofgren, whose congressional district includes part of Silicon Valley, recently told the Guardian. (The companies themselves haven't been holding their breath; they've been busily encrypting their offerings to defend them from NSA snooping -- and they'll no doubt continue those efforts into the New Year.)
Still, if you're a critic of the NSA, it probably can't hurt to have some of the world's biggest companies pushing for change.
"I think it's a great start," says the ACLU's Richardson. "You have to look at the last 12 years, and the companies have not worked for privacy in a national security context before, so this is new; it's the first time they've spoken out, and we're very excited." But, she also says, "the proof will be in the pudding, so we'll have to see what their next steps are and whether they're willing to work for actual changes that are going to be necessary to stop spying."
More data to collect (i.e., other things to watch)
The NSA story is so huge and complex, it's tough to vacuum up all the details. Here, briefly, are a few other areas to spy on in the New Year.
Edward Snowden will see his yearlong temporary asylum in Russia come to an end. Germany has reportedly cited trans-Atlantic alliance priorities in saying nein to asylum for the whistle-blower, but Brazil is debating whether to welcome him in. If Snowden did wind up in Brazil, he could presumably stop chatting with Glenn Greenwald via encrypted instant-messaging software and simply drop by the journalist's Rio home for an IRL conversation.
Speaking of Glenn Greenwald, he says there will be "definitely more" reports coming based on his cache of Snowden documents. Also, his fledgling newsgathering outfit, hatched with millions in backing from eBay founder Pierre Omidyar, recently lost its temporary "NewCo" moniker and is now known as First Look Media. In a recent post on his Press Think blog, press critic and journalism educator Jay Rosen, a First Look team member, says the company will be both a nonprofit and a for-profit: "The news and editorial operation will be a nonprofit. The technology company will be a business run for profit." Expect its team to continue growing in 2014.
The NSA's character could shift in some way beginning this spring, when current Director Keith Alexander retires, after eight years at the agency's helm. His leaving "has nothing to do with media leaks," an agency representative told Reuters earlier this year, adding that "the decision for his retirement was made prior." In a September profile of Alexander, Foreign Policy quoted an unnamed former intelligence official as saying Alexander "tended to be a bit of a cowboy: 'Let's not worry about the law. Let's just figure out how to get the job done.'" (Alexander told the publication in a written statement that "the missions of NSA and USCYBERCOM are conducted in a manner that is lawful, appropriate, and effective, and under the oversight of all three branches of the US government.") As for a replacement, Foreign Policy has cited unnamed sources in reporting that "the odds-on-favorite is Adm. Michael Rogers, the current head of Navy signals intelligence and the service's cyberwarfare operations. Another name has also surfaced as a contender: Army Lt. Gen. Mary Legere, currently the head of intelligence for the Army."