National Intelligence Office's Top Lawyer Fires Off Spirited Defense Of Bulk Surveillance, Third Party Doctrine

from the "in-order-for-programs-to-remain-legal,-I-must-view-it-this-way" dept

Robert Litt, General Counsel for the Office of the Director of National Intelligence, has been given space at the Yale Law Review Journal to publish his citable article “Why Everyone’s Wrong About the Fourth Amendment.” Or, as Litt would like us to refer to it:

Preferred Citation: Robert S. Litt, The Fourth Amendment in the Information Age, 126YALE L.J. F. 8 (2016),

To be fair, Litt never says we’re all wrong about the Fourth Amendment and the Third Party Doctrine. He only says Judge Leon is. Judge Leon was the single district court judge who found the bulk collection of phone metadata to be unconstitutional.

Technically, we’re not all wrong, but we may as well be, because no court has found the collection unconstitutional save Judge Leon’s and Litt doesn’t agree with it. Several paragraphs follow, but the crux of Litt’s argument is nothing new: it’s just 1979’s Smith v. Maryland decision all over again.

I do not think that Judge Leon’s efforts to distinguish Smith were successful. First, while Judge Leon is certainly right that metadata can be very revealing of personal activities, there is nothing new about that insight. Justice Stewart dissented from the decision in Smith itself in part because he recognized that metadata “easily could . . . reveal the most intimate details of a person’s life.” The point of Smith was not that metadata is innocuous, but that you have chosen to reveal it to a third party. To use an analogy, if you give a document to a third party, you have lost your expectation of privacy in that document, whether it is a laundry ticket or a confession of mortal sin. Moreover, the fact that cell phones today contain a lot of information beyond metadata does not seem relevant when the government did not actually search or collect any of that other information.


[I] find it hard to understand the alchemy by which information that you choose to disclose to a third party develops an expectation of privacy because you have chosen to disclose a lot of that information. That seems counter-intuitive to say the least. For all of these reasons, if you accept Smith’s holding that there was no expectation of privacy in the telephone metadata in that case because it had been voluntarily exposed to a third party, you can’t conclude there was an expectation of privacy in the metadata in this case.

The thing is that while people may voluntarily agree to hand over certain information to service providers (and it’s safe to say the “agreement” is anything but “voluntary”), they do not naturally assume the service provider will share this — no questions asked or warrants demanded — with anyone else who comes asking for it. That’s where the reliance on Smith v. Maryland fails. “Choose to disclose” is much different than “forced to disclose.” And it’s not as if it can truly be said phone users relinquish all ownership of that data. It’s specifically tied to them and they “share” it with service providers — which if that’s how Litt wants to interpret the interaction, he should at least be honest and give both parties some sort of ownership, along with the privacy expectations that go with it.

A lot of the rest of it is given over to Litt’s displeasure that courts have even granted plaintiffs standing in bulk metadata program lawsuits. Whatever the Third Party Doctrine doesn’t shut down, the plaintiffs’ inability to claim anything more than theoretical rights violations by programs the government refused to discuss publicly should have seen the cases tossed immediately. He agrees the framework is there for massive violations of privacy but these actually damaging acts simply never occurred. But abuses did occur and were covered up by the NSA, nearly resulting in the program being shut down back in 2008 by FISC Judge Reggie Walton.

This fact undercuts Litt’s assertions in defense of the now-curtailed program.

For several years, and with judicial authorization, the NSA collected metadata in bulk about U.S. phone calls from telephone companies for counterterrorism purposes. The metadata was kept in secure databases. It could only be accessed by a few specially trained NSA analysts, and then only to identify telephone numbers in contact with so-called “seed” numbers as to which there was a reasonable and articulable suspicion of an association with terrorism—such as, for example, a number used by a suspected terrorist.

First off, the program was accessed by more than just a “few” specially trained analysts. It was a free-for-all until the FISA Court shut that down. Second, the reasonable, articulable suspicion standard wasn’t always applied to searches of the database. For a period of time, NSA analysts ran searches against an “Alert List” of numbers the FISA Court had never approved for use — i.e., no RAS declaration was made by the NSA to support additions to the list used for searches of the bulk data. Some of these numbers were added simply because they were two or three hops away from an RAS-supported number, meaning there was nothing supporting the use of these “connected” numbers as new “seeds” for database searches and contact chaining.

What Litt does get right is that the NSA has done itself no favors with its decades of opacity.

Where we fell short was on the third leg of the stool, transparency. There would have been less damage to the Intelligence Community from the disclosures of the last couple of years had we been more forthcoming about our activities before those leaks. Obviously, intelligence activities have to be conducted with some degree of secrecy, and the same is true of some law enforcement activities. Specific methods and targets of surveillance have to be protected. But if we don’t discuss what we are doing and how we are regulating it even in general terms, we cede the field to those who are hostile to intelligence activities.

And, perhaps inadvertently, Litt lets us know President Obama is just as big a fan of the NSA as his predecessor was.

A decision by Congress to authorize certain activities under certain controls, made after discussion and debate, should be a strong factor in support of the reasonableness of those activities. Congress is going to have a number of opportunities to address these issues. For example, Section 702 expires at the end of 2017, and there are continued efforts to modernize the Stored Communications Act. It may be too much to hope that in the current political environment, Congress could have a dispassionate and comprehensive discussion about such weighty issues, but the Executive Branch would welcome such a discussion.

Given the selection of presidential frontrunners, I have no reason to believe Litt’s assessment of the situation will be any less accurate by the time the Section 702 expiration date rolls around.

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “National Intelligence Office's Top Lawyer Fires Off Spirited Defense Of Bulk Surveillance, Third Party Doctrine”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

Adding to the ranks

But if we don’t discuss what we are doing and how we are regulating it even in general terms, we cede the field to those who are hostile to intelligence activities.

Not just that, but by consistently lying and being caught out on their lies they created people ‘hostile to intelligence activities’. People that might have sided with the spy agencies had they been honest, ‘Yes we did X. Here’s why, and here’s the limits that are in place to avoid abuse.’ when the evidence came out are much less likely to do so when the agency lies, and then has their lies exposed. If they lied about X, what about their other claims, are those lies as well?

Among their legion of mistakes lying when they aren’t staying silent is certainly up there as far as ‘things that poisoned public opinion against them’.

I.T. Guy says:

Re: Adding to the ranks

He acts like this is something new. Nobody ever liked LEOs. Look at the attitude in the 50’s and 60’s. Jump to now and look at all the shady shit they do behind our backs in the name of “National Security.” Secret documents to hide secret spying devices… not only hiding it from the people but courts, Judges and lawyers. The shit that’s going on right now makes the mid 80’s KGB look like amateurs.

Uriel-238 (profile) says:

Re: Re: Adding to the ranks

For some of us that’s part of the disappointment. I believed the United States was better than the USSR when it came to things like law-enforcement treatment of civilians.

Cameras in civilian hands are just showing what’s been going on the whole time, though granted with more military weapons and untrained SWAT teams.

And now we are clearer how much the US sucks, our system isn’t even trying to make it better. They just pretend it doesn’t.

At least the Soviet Union admitted its methods were brutal. We’re brutal and we can’t stop lying!

Uriel-238 (profile) says:

Re: Re: Re:2 Russia doesn't execute.

We’re talking the Soviet Union, not contemporary Russia. Vasily Blokin executed over 7000 people (the world record holder for kills by his own hand, at least without the aid of an atomic bomb).

During the Stalin regime, people were not only executed, but disappeared so that they ceased to exist entirely, a policy that is conspicuously echoed in our drone strike programs in the Afghanistan and Pakistan theaters. But the upshot is we don’t know how many were obliterated. Millions, allegedly.

Similarly the United States does execute people, but murders by police officers are not counted, and often are not recorded, so we don’t actually know how many civilians are killed by police bullets, though those should certainly count as murders by agents of the state.

Uriel-238 (profile) says:

Re: Re: Re:4 Today's Russia

Is that ’80s Russia or the USSR?

Part of the dialog is that the current United States regime is comparable to the USSR, that our agencies are comparable to the KGB.

The other part is that it always was, and for those of us who grew up in the cold war, it’s a big disappointment to discover that our guys weren’t any better than the enemy they were demonizing.

Contemporary Russia has its issues, and Putin is a bastard, but the United States is failing to do any better.

If the US just lied to its people about being more human than the Soviet Union, then we can’t trust that the situation is any better than the Islamic State. Or, for that matter, North Korea.

Uriel-238 (profile) says:

Re: Some animals are more equal than others.

What is in their eyes justifiable measures is to us overreach without proper oversight.

We may be better served by an intelligence community that is entirely transparent regarding their methods, much the way encryption sacrifices short-term security-through-obscurity for robust penetration-tested algorithms.

Anonymous Coward says:

Re: Re:

dont recall if it was here in techdirtia, but a poster reminded me of a very important principle: the government should be transparent to us, but individual peoples’ lives should be opaque to the governmennt, unless and until they have secured legal warrants for a specific person for a specific crime…
‘we’ have turned that principle on its head, ain’t ‘we’ ?

Anonymous Coward says:

So, if the NSA is listening in on everyone’s communications and facebook posts, and everyone knows that the NSA is listening in, then no one can have any reasonable expectation of privacy in any communication. Therefore, all the NSA spying is legal since people are just voluntarily giving up all their conversations to the NSA.

Anonymous Coward says:

> The point of Smith was not that metadata is innocuous, but that you have chosen to reveal it to a third party. To use an analogy, if you give a document to a third party, you have lost your expectation of privacy in that document, whether it is a laundry ticket or a confession of mortal sin.

By that logic, the government should have no expectation of privacy after handing someone a NSL.

Anonymous Coward says:

Re: Re:

Conveniently set up a system like Dropbox for the NSL to be received through (This will be standard business practice because of policy and procedures). You are now by default sharing a document to a third party. Then Dropbox conveniently shares the Dropbox account with the rest of the world.

Problem solved!

Dismembered3po (profile) says:

I'm especially fond of this...

“The Court has long held that ‘Fourth Amendment rights are personal rights which . . . may not be vicariously asserted.’ My right to privacy is not violated when the government collects your metadata.”

…unless they do it in bulk.

This is something that, seemingly, nobody understands.

I’ve had this conversation with a number of people when discussing, for instance, Facebook.

I don’t care if Facebook gets my contact list from my phone.

Certainly, it is your choice to disclose your informaton to Facebook or not. However, if MY name, address and phone number are in your contacts list, that’s not just YOUR privacy being violated. When you take that ridiculous survey that showed up in your feed, and the app pownloads the entire content of your profile and feed, you are sacrificing your FRIENDS’ privacy as well.

Now, scale that up zillion times. If (three-letter-agency) is collecting enough metadata (which we know they are), they don’t have to be SPECIFICALLY collecting my metadata. It’s already there by virtue of the fact that I interact with the people they ARE collecting metadata on.

How could this possibly NOT also implicate MY Fourth Amendment rights?

Anonymous Coward says:

"while people may voluntarily agree"

Being compelled by deprecated infrastructure to share data with people who you don’t know is not voluntary.

Generally speaking meta data comes from two sources. It is either diagnostic data or it was transmitted in the open due to technical limitations which are now largely non-existent.

For example: Deep Packet Inspection is largely dependent on port numbers. This unciphered 16 bits in every communication was a limitation that dates back to the 80’s. Such limitations no longer exist, but this 16 bits is still transmitted with every datagram. Eventually some jackass CEO figured out that he can make a few extra bones by sniffing everybody’s knickers and selling his findings to marketers, and DPI became useful for generating marketing profiles.

It wasn’t broken when it was invented. This level of surveillance had practical limitations at the time. Those limitations no longer exist. It is broken NOW. The fact that UDP and TCP became deprecated does not create consent, any more than walking by a broken door justifies rifling somebody’s home. The door was made by a guy who knew how to make a good door. It is just old and busted.

It should also be noted that these features were NEVER the Intellectual Property of the people who are abusing them. They are public domain specifications that are precondition of interoperability. The war being waged on these features is a crime against assets that are in the public domain, and should be prosecuted as such. It is not that different from busting a guy for pissing in a public water fountain.

Yeah, the next guy may not know he’s drinking piss. That doesn’t mean it isn’t assault. What the ISP’s are doing is a crime. No, it doesn’t matter that it is digital. No it doesn’t matter that they sell data to congressional donors. It is still a crime!

Jim B. says:

What's his real motivation?

He’s writing this for any number of possible reasons.

First, he might be trying to recruit like minded law students into future governments. Ones that can and will think like they do in order to help to further justify similar actions by the government.

Secondly, he could be doing this to fend off future logical attacks on the program by these lawyers that are creative with of the law, and hence likely purse action against them.

Thirdly he could simply be trying to fend off outrage of future (soon to be disclosed) programs or the expansion of existing programs that could cause outrage within the public.

Otherwise, frankly, he shouldn’t have written nor said a thing.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...