National Intelligence Office's Top Lawyer Fires Off Spirited Defense Of Bulk Surveillance, Third Party Doctrine

from the "in-order-for-programs-to-remain-legal,-I-must-view-it-this-way" dept

Robert Litt, General Counsel for the Office of the Director of National Intelligence, has been given space at the Yale Law Review Journal to publish his citable article "Why Everyone's Wrong About the Fourth Amendment." Or, as Litt would like us to refer to it:

Preferred Citation: Robert S. Litt, The Fourth Amendment in the Information Age, 126YALE L.J. F. 8 (2016), http://www.yalelawjournal.org/forum/fourth-amendment-information-age.
To be fair, Litt never says we're all wrong about the Fourth Amendment and the Third Party Doctrine. He only says Judge Leon is. Judge Leon was the single district court judge who found the bulk collection of phone metadata to be unconstitutional.

Technically, we're not all wrong, but we may as well be, because no court has found the collection unconstitutional save Judge Leon's and Litt doesn't agree with it. Several paragraphs follow, but the crux of Litt's argument is nothing new: it's just 1979's Smith v. Maryland decision all over again.
I do not think that Judge Leon’s efforts to distinguish Smith were successful. First, while Judge Leon is certainly right that metadata can be very revealing of personal activities, there is nothing new about that insight. Justice Stewart dissented from the decision in Smith itself in part because he recognized that metadata “easily could . . . reveal the most intimate details of a person’s life.” The point of Smith was not that metadata is innocuous, but that you have chosen to reveal it to a third party. To use an analogy, if you give a document to a third party, you have lost your expectation of privacy in that document, whether it is a laundry ticket or a confession of mortal sin. Moreover, the fact that cell phones today contain a lot of information beyond metadata does not seem relevant when the government did not actually search or collect any of that other information.

[...]

[I] find it hard to understand the alchemy by which information that you choose to disclose to a third party develops an expectation of privacy because you have chosen to disclose a lot of that information. That seems counter-intuitive to say the least. For all of these reasons, if you accept Smith’s holding that there was no expectation of privacy in the telephone metadata in that case because it had been voluntarily exposed to a third party, you can’t conclude there was an expectation of privacy in the metadata in this case.
The thing is that while people may voluntarily agree to hand over certain information to service providers (and it's safe to say the "agreement" is anything but "voluntary"), they do not naturally assume the service provider will share this -- no questions asked or warrants demanded -- with anyone else who comes asking for it. That's where the reliance on Smith v. Maryland fails. "Choose to disclose" is much different than "forced to disclose." And it's not as if it can truly be said phone users relinquish all ownership of that data. It's specifically tied to them and they "share" it with service providers -- which if that's how Litt wants to interpret the interaction, he should at least be honest and give both parties some sort of ownership, along with the privacy expectations that go with it.

A lot of the rest of it is given over to Litt's displeasure that courts have even granted plaintiffs standing in bulk metadata program lawsuits. Whatever the Third Party Doctrine doesn't shut down, the plaintiffs' inability to claim anything more than theoretical rights violations by programs the government refused to discuss publicly should have seen the cases tossed immediately. He agrees the framework is there for massive violations of privacy but these actually damaging acts simply never occurred. But abuses did occur and were covered up by the NSA, nearly resulting in the program being shut down back in 2008 by FISC Judge Reggie Walton.

This fact undercuts Litt's assertions in defense of the now-curtailed program.
For several years, and with judicial authorization, the NSA collected metadata in bulk about U.S. phone calls from telephone companies for counterterrorism purposes. The metadata was kept in secure databases. It could only be accessed by a few specially trained NSA analysts, and then only to identify telephone numbers in contact with so-called “seed” numbers as to which there was a reasonable and articulable suspicion of an association with terrorism—such as, for example, a number used by a suspected terrorist.
First off, the program was accessed by more than just a "few" specially trained analysts. It was a free-for-all until the FISA Court shut that down. Second, the reasonable, articulable suspicion standard wasn't always applied to searches of the database. For a period of time, NSA analysts ran searches against an "Alert List" of numbers the FISA Court had never approved for use -- i.e., no RAS declaration was made by the NSA to support additions to the list used for searches of the bulk data. Some of these numbers were added simply because they were two or three hops away from an RAS-supported number, meaning there was nothing supporting the use of these "connected" numbers as new "seeds" for database searches and contact chaining.

What Litt does get right is that the NSA has done itself no favors with its decades of opacity.
Where we fell short was on the third leg of the stool, transparency. There would have been less damage to the Intelligence Community from the disclosures of the last couple of years had we been more forthcoming about our activities before those leaks. Obviously, intelligence activities have to be conducted with some degree of secrecy, and the same is true of some law enforcement activities. Specific methods and targets of surveillance have to be protected. But if we don’t discuss what we are doing and how we are regulating it even in general terms, we cede the field to those who are hostile to intelligence activities.
And, perhaps inadvertently, Litt lets us know President Obama is just as big a fan of the NSA as his predecessor was.
A decision by Congress to authorize certain activities under certain controls, made after discussion and debate, should be a strong factor in support of the reasonableness of those activities. Congress is going to have a number of opportunities to address these issues. For example, Section 702 expires at the end of 2017, and there are continued efforts to modernize the Stored Communications Act. It may be too much to hope that in the current political environment, Congress could have a dispassionate and comprehensive discussion about such weighty issues, but the Executive Branch would welcome such a discussion.
Given the selection of presidential frontrunners, I have no reason to believe Litt's assessment of the situation will be any less accurate by the time the Section 702 expiration date rolls around.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 3 May 2016 @ 9:11am

    Adding to the ranks

    But if we don’t discuss what we are doing and how we are regulating it even in general terms, we cede the field to those who are hostile to intelligence activities.

    Not just that, but by consistently lying and being caught out on their lies they created people 'hostile to intelligence activities'. People that might have sided with the spy agencies had they been honest, 'Yes we did X. Here's why, and here's the limits that are in place to avoid abuse.' when the evidence came out are much less likely to do so when the agency lies, and then has their lies exposed. If they lied about X, what about their other claims, are those lies as well?

    Among their legion of mistakes lying when they aren't staying silent is certainly up there as far as 'things that poisoned public opinion against them'.

    reply to this | link to this | view in chronology ]

    • identicon
      I.T. Guy, 3 May 2016 @ 10:05am

      Re: Adding to the ranks

      He acts like this is something new. Nobody ever liked LEOs. Look at the attitude in the 50's and 60's. Jump to now and look at all the shady shit they do behind our backs in the name of "National Security." Secret documents to hide secret spying devices... not only hiding it from the people but courts, Judges and lawyers. The shit that's going on right now makes the mid 80's KGB look like amateurs.

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 3 May 2016 @ 10:24am

        Re: Re: Adding to the ranks

        For some of us that's part of the disappointment. I believed the United States was better than the USSR when it came to things like law-enforcement treatment of civilians.

        Cameras in civilian hands are just showing what's been going on the whole time, though granted with more military weapons and untrained SWAT teams.

        And now we are clearer how much the US sucks, our system isn't even trying to make it better. They just pretend it doesn't.

        At least the Soviet Union admitted its methods were brutal. We're brutal and we can't stop lying!

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 3 May 2016 @ 10:32am

          Re: Re: Re: Adding to the ranks

          domestic policy tends to mirror foreign policy.

          reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 3 May 2016 @ 11:33am

          Re: Re: Re: Adding to the ranks

          "I believed the United States was better than the USSR when it came to things like law-enforcement treatment of civilians."

          A million times this.

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 3 May 2016 @ 11:51am

          Re: Re: Re: Adding to the ranks

          For some of us that's part of the disappointment. I believed the United States was better than the USSR when it came to things like law-enforcement treatment of civilians.

          Russia doesn't execute people.
          The United States does.

          reply to this | link to this | view in chronology ]

          • icon
            Uriel-238 (profile), 3 May 2016 @ 12:16pm

            Russia doesn't execute.

            We're talking the Soviet Union, not contemporary Russia. Vasily Blokin executed over 7000 people (the world record holder for kills by his own hand, at least without the aid of an atomic bomb).

            During the Stalin regime, people were not only executed, but disappeared so that they ceased to exist entirely, a policy that is conspicuously echoed in our drone strike programs in the Afghanistan and Pakistan theaters. But the upshot is we don't know how many were obliterated. Millions, allegedly.

            Similarly the United States does execute people, but murders by police officers are not counted, and often are not recorded, so we don't actually know how many civilians are killed by police bullets, though those should certainly count as murders by agents of the state.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 3 May 2016 @ 12:33pm

              Re: Russia doesn't execute.

              We're talking the Soviet Union, not contemporary Russia.

              The comment was about today's Russia and today's United States. Notice the present tense language.

              reply to this | link to this | view in chronology ]

              • icon
                Uriel-238 (profile), 3 May 2016 @ 1:19pm

                Today's Russia

                Is that '80s Russia or the USSR?

                Part of the dialog is that the current United States regime is comparable to the USSR, that our agencies are comparable to the KGB.

                The other part is that it always was, and for those of us who grew up in the cold war, it's a big disappointment to discover that our guys weren't any better than the enemy they were demonizing.

                Contemporary Russia has its issues, and Putin is a bastard, but the United States is failing to do any better.

                If the US just lied to its people about being more human than the Soviet Union, then we can't trust that the situation is any better than the Islamic State. Or, for that matter, North Korea.

                reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 3 May 2016 @ 9:49am

    The letter agencies have turned against the American people.

    reply to this | link to this | view in chronology ]

  • identicon
    Glenn, 3 May 2016 @ 9:50am

    It's funny. They want to watch everyone everywhere doing everything. But they're afraid of anyone watching them do anything.

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 3 May 2016 @ 9:59am

      Some animals are more equal than others.

      What is in their eyes justifiable measures is to us overreach without proper oversight.

      We may be better served by an intelligence community that is entirely transparent regarding their methods, much the way encryption sacrifices short-term security-through-obscurity for robust penetration-tested algorithms.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 May 2016 @ 12:06pm

      Re:

      dont recall if it was here in techdirtia, but a poster reminded me of a very important principle: the government should be transparent to us, but individual peoples' lives should be opaque to the governmennt, unless and until they have secured legal warrants for a specific person for a specific crime...
      'we' have turned that principle on its head, ain't 'we' ?

      reply to this | link to this | view in chronology ]

  • identicon
    Tmc, 3 May 2016 @ 9:51am

    Did he really flaunt Bluebook conventions with that self-cite? No small caps, all italics? Really?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 May 2016 @ 9:58am

    Smith v. Maryland

    was wrong. Period.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 May 2016 @ 10:20am

    The only clear, straightforward, and obviously true statement in Litt's self-serving article is "[I] find it hard to understand ...". He really could've just stopped there. Should've started there, too.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 May 2016 @ 10:26am

    How else can he support a tyrannistic police state unless he says citizen rights get in their way.

    Take away the NSA and all those other self viewed elites rights and watch them fall over themselves saying their info should be protected against random searches.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 May 2016 @ 11:28am

    So, if the NSA is listening in on everyone's communications and facebook posts, and everyone knows that the NSA is listening in, then no one can have any reasonable expectation of privacy in any communication. Therefore, all the NSA spying is legal since people are just voluntarily giving up all their conversations to the NSA.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 3 May 2016 @ 11:34am

      Re:

      This is the fundamental and fatal problem with the "reasonable expectation of privacy" standard. It guarantees that all privacy will be eliminated in the long term.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 May 2016 @ 11:58am

        Re: Re:

        Exactly. It's some kind of perverted logic that says you give up your rights if you know they're being violated.

        On the other hand, courts have also said there's no harm done if you don't know you're rights are being violated. Either way you're screwed.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 May 2016 @ 11:46am

      Re:

      And when you try and keep them private via encryption, the TLA's throw a hissy fit and try to force their way into the conversations.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 May 2016 @ 12:15pm

    > The point of Smith was not that metadata is innocuous, but that you have chosen to reveal it to a third party. To use an analogy, if you give a document to a third party, you have lost your expectation of privacy in that document, whether it is a laundry ticket or a confession of mortal sin.

    --

    By that logic, the government should have no expectation of privacy after handing someone a NSL.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 May 2016 @ 12:42pm

      Re:

      Conveniently set up a system like Dropbox for the NSL to be received through (This will be standard business practice because of policy and procedures). You are now by default sharing a document to a third party. Then Dropbox conveniently shares the Dropbox account with the rest of the world.

      Problem solved!

      reply to this | link to this | view in chronology ]

  • icon
    Dismembered3po (profile), 3 May 2016 @ 1:54pm

    I'm especially fond of this...

    "The Court has long held that 'Fourth Amendment rights are personal rights which . . . may not be vicariously asserted.' My right to privacy is not violated when the government collects your metadata."

    ...unless they do it in bulk.

    This is something that, seemingly, nobody understands.

    I've had this conversation with a number of people when discussing, for instance, Facebook.

    "I don't care if Facebook gets my contact list from my phone."

    Certainly, it is your choice to disclose your informaton to Facebook or not. However, if MY name, address and phone number are in your contacts list, that's not just YOUR privacy being violated. When you take that ridiculous survey that showed up in your feed, and the app pownloads the entire content of your profile and feed, you are sacrificing your FRIENDS' privacy as well.

    Now, scale that up zillion times. If (three-letter-agency) is collecting enough metadata (which we know they are), they don't have to be SPECIFICALLY collecting my metadata. It's already there by virtue of the fact that I interact with the people they ARE collecting metadata on.

    How could this possibly NOT also implicate MY Fourth Amendment rights?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 May 2016 @ 3:31pm

    Re: "while people may voluntarily agree"

    Being compelled by deprecated infrastructure to share data with people who you don't know is not voluntary.

    Generally speaking meta data comes from two sources. It is either diagnostic data or it was transmitted in the open due to technical limitations which are now largely non-existent.

    For example: Deep Packet Inspection is largely dependent on port numbers. This unciphered 16 bits in every communication was a limitation that dates back to the 80's. Such limitations no longer exist, but this 16 bits is still transmitted with every datagram. Eventually some jackass CEO figured out that he can make a few extra bones by sniffing everybody's knickers and selling his findings to marketers, and DPI became useful for generating marketing profiles.

    It wasn't broken when it was invented. This level of surveillance had practical limitations at the time. Those limitations no longer exist. It is broken NOW. The fact that UDP and TCP became deprecated does not create consent, any more than walking by a broken door justifies rifling somebody's home. The door was made by a guy who knew how to make a good door. It is just old and busted.

    It should also be noted that these features were NEVER the Intellectual Property of the people who are abusing them. They are public domain specifications that are precondition of interoperability. The war being waged on these features is a crime against assets that are in the public domain, and should be prosecuted as such. It is not that different from busting a guy for pissing in a public water fountain.

    Yeah, the next guy may not know he's drinking piss. That doesn't mean it isn't assault. What the ISP's are doing is a crime. No, it doesn't matter that it is digital. No it doesn't matter that they sell data to congressional donors. It is still a crime!

    reply to this | link to this | view in chronology ]

  • identicon
    Jim B., 4 May 2016 @ 3:22pm

    What's his real motivation?

    He's writing this for any number of possible reasons.

    First, he might be trying to recruit like minded law students into future governments. Ones that can and will think like they do in order to help to further justify similar actions by the government.

    Secondly, he could be doing this to fend off future logical attacks on the program by these lawyers that are creative with of the law, and hence likely purse action against them.

    Thirdly he could simply be trying to fend off outrage of future (soon to be disclosed) programs or the expansion of existing programs that could cause outrage within the public.

    Otherwise, frankly, he shouldn't have written nor said a thing.

    reply to this | link to this | view in chronology ]

  • identicon
    adwokat wadowice, 24 Jun 2016 @ 4:57am

    factolex

    Jesteśmy najlepszym Kancelaria w Olkuszu. Odwiedź nas na prawnika (adwokat) do wynajęcia w Chrzanowie, Wadowicach i Olkuszu. Lokalny prawnik lub adwokat do wynajęcia.

    adwokat wadowice

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.