Toward a Saner Surveillance Strategy
A Middle Way For Those Willing To Seek It
By Michael Tanji | March 5, 2008
The ongoing fight over what the US intelligence community is allowed to do under pending revised Foreign Intelligence Surveillance Act (FISA) legislation has been clouded by suspicion, hyperbole, and a lack of knowledge regarding the intelligence business. Those who are suspicious of government intentions are right to be cautious, but fail to consider the mitigating factors. On the other hand, the government's efforts to explain why they need legislative reforms have been inadequate. Despite the polarizing debate, there is room for compromise. An honest effort to consider both sides of the argument finds plenty of middle ground that will preserve our liberties and improve our ability to defeat our enemies.
The Technical Issues
When the original FISA law was drafted in 1978, it was intended to protect Americans by focusing on communications networks physically located in the US. Most domestic phone traffic traveled on wired networks that crisscrossed the country, while international telecommunications traffic traveled through satellite links. There was no such thing as email. Wiretapping a network in the US virtually guaranteed that you would be eavesdropping on a discussion between a “US Person” (citizens and permanent resident aliens, among others) – an act that requires a warrant. The original FISA law paid particular attention to the prevailing technology of the time, and that portion of it has become obsolete as technology has advanced. Today, international and domestic telecommunication traffic – emails, instant messages, etc. - travels through the same fiber optic networks, thereby making it more difficult to separate the two for surveillance purposes. Moreover, as a result of the way these networks are designed and operated, the US is a major transit point for such traffic, even when neither sender nor receiver is physically in the US.
The physical location of where the government accesses such communications is driven as much by the changing nature of the intelligence problem as it is the changing nature of our adversaries. Tapping foreign phone lines, bugging embassies, and building large collection facilities to intercept satellite communication were suitable strategies when our primary adversaries were largely contained within certain political and geographic boundaries. However, the shift towards non-state, transnational actors means access to the largest global communications pathways is essential if we are to mount an effective intelligence collection strategy.
The Legal Issues
Opponents to a revised FISA statute commonly raise the issues of individual privacy and corporate liability. With regards to individual privacy, FISA requires that surveillance which targets a US Person be executed only after a warrant has been obtained (proposed revisions to the FISA law do not change that requirement). Thus, "spying on Americans" can only occur if agents of the government believe that the particular US Person in question are a part of criminal enterprise or terrorist conspiracy, and a judge concurs.
The argument against corporate liability focuses on the fact that the telecommunications companies knew that FISA precluded their cooperation with the executive branch, but they chose to cooperate despite this. The problem is that if subjected to privacy lawsuits, US telecommunications companies will simply cease cooperation with the government even when the law may be on their side and the case for surveillance obvious and well-supported. The risk of expensive litigation – even if the companies come out on top - is too great. No cooperation means not only no surveillance of legitimate foreign targets located in the US, but also no surveillance of a vast amount of telecommunications traffic.
The Intelligence Issues
The reliance on technical surveillance mechanisms is primarily driven by the fact that US intelligence lacks sufficient human sources to provide necessary close-access information. A sure demonstration of the US’s human intelligence shortcomings (not an easy job in the best of circumstances) is the need for a drag-net approach to electronic surveillance. Without access to more granularly targeted information the US has no choice but to vacuum up everything and sort through it all later.
While it is the vacuuming of data that concerns people, it is important to note that the intelligence process is driven by the need to answer questions from policymakers. Thus, intelligence collection efforts are focused on the best way to obtain potential answers. Analysts search through collected information using various indicators – name of personalities, scientific or technical data associated with weapons programs, code words terrorist use to help mask their true activities - to find the proverbial needles amongst the hay: everything else is detritus to be discarded. The overwhelming majority of the communications of a US Person are never seen or heard by an intelligence officer simply because they hold no intelligence value.
The Privacy Issues
Privacy advocates balk at the mass-collection approach being applied by intelligence agencies. Such an approach is not nefarious; it is merely the strategy we are forced to apply due to the aforementioned intelligence shortcomings and resource constraints. Computers can help eliminate the bulk of communications that have no intelligence value, but computers are not perfect and there will be ambiguous items that need to have a human touch applied to them. There are only so many people on hand to do such work. Despite how technical surveillance is portrayed in popular culture, government agents are not able to track your every move and record your every action in real-time from secret undisclosed locations.
Protocols designed to protect a US Person from unnecessary exposure to the intelligence apparatus are rigid and well promulgated. Mistakes have been known to happen. In the latest issue of the New Yorker, for example, author Lawrence Wright relates how the FBI mistakenly linked Wright's daughter to phone calls he made overseas to individuals with terrorist links. But mistakes like this are extraordinarily rare and the procedures designed to remedy the mistakes are swift and thorough. More often than not such mistakes are the result of someone not doing their homework, as with Lawrence Wright’s case, or poor communication between those who collected the information and those who act on it.
The Way Forward
Regardless of the political party in executive power, the need to detect and monitor the communications of our enemies will not abate and neither will the technical and legal problems. Passing a revised FISA law that focuses on people – those who need protecting and detecting - and not a given technology or physical boundaries will help reduce the chances that we will have to fight this battle again in the future.
Political operatives do not implement intelligence policy: career professionals do. As someone who has conducted foreign intelligence eavesdropping missions, I cannot stress enough just how seriously the privacy of Americans is taken. The government's career foreign intelligence eavesdroppers would sooner walk off the job en masse than "spy on Americans," but there is no serious effort to explain just how strongly and how often intelligence officers are cautioned about our duty to our fellow citizens and the law. Clearing what is essentially administrative material for public release could help assuage concerns about the seriousness with which US intelligence agencies handle privacy issues.
While the protocols in place that are designed to avoid gross violations of the law are generally successful, the reality that mistakes are possible necessitates strong and vigilant oversight capability is essential for the protection of civil rights. The fact that the Privacy & Civil Liberties Oversight Board is effectively defunct and legislative oversight of intelligence in general has not been what it could be needs to be addressed in the pending legislation. Boosting oversight committee staff or allowing the GAO authority to act on behalf of oversight committees would show that the privacy and security are not mutually exclusive goals.
The long war against terrorism is primarily an intelligence-driven war, and the US needs to equip itself in the best manner possible if it is going to succeed.