We've written a few times about Executive Order 12333
, which we've described as "the NSA's biggest loophole." It's the unchecked power, created entirely via executive order, for the NSA to do anything it wants to spy on anyone -- including Americans -- so long as that data is collected overseas. Remember how the NSA had hacked into
Google and Yahoo's datacenters? That was done overseas under EO 12333, allowing them to do whatever they wanted with that information -- content and metadata -- with no oversight at all. For all the talk about how the NSA is bounded by oversight from "all three branches" of government, that's clearly not the case. Everything happening under EO 12333 is mostly considered to be only controlled by the Executive branch, which created the order in the first place. There are no reports to Congress about it, and even Dianne Feinstein has admitted that the Intelligence Committee doesn't touch any of the surveillance done under EO 12333.
In an incredibly revealing opinion piece, former State Department official John Napier Tye, who just left in April of this year, goes on in great detail about how EO 12333 is the real concern
and how it's almost certainly a violation of the 4th Amendment.
Executive Order 12333 contains nothing to prevent the NSA from collecting and storing all such communications — content as well as metadata — provided that such collection occurs outside the United States in the course of a lawful foreign intelligence investigation. No warrant or court approval is required, and such collection never need be reported to Congress. None of the reforms that Obama announced earlier this year will affect such collection.
Without any legal barriers to such collection, U.S. persons must increasingly rely on the affected companies to implement security measures to keep their communications private. The executive order does not require the NSA to notify or obtain consent of a company before collecting its users’ data.
Tye actually opens his piece with a rather revealing anecdote about a speech he wrote which had to be adjusted to make it factual. The change... is quite important:
In March I received a call from the White House counsel’s office regarding a speech I had prepared for my boss at the State Department. The speech was about the impact that the disclosure of National Security Agency surveillance practices would have on U.S. Internet freedom policies. The draft stated that “if U.S. citizens disagree with congressional and executive branch determinations about the proper scope of signals intelligence activities, they have the opportunity to change the policy through our democratic process.”
But the White House counsel’s office told me that no, that wasn’t true. I was instructed to amend the line, making a general reference to “our laws and policies,” rather than our intelligence practices. I did.
Even after all the reforms President Obama has announced, some intelligence practices remain so secret, even from members of Congress, that there is no opportunity for our democracy to change them.
In other words, for anyone who claims that the NSA's surveillance can be changed democratically via Congress -- well, the White House basically knows that's simply not true.
For his part, Tye did exactly what NSA defenders keep insisting anyone with problems should do: he filed complaints internally, making use of all the proper channels:
Before I left the State Department, I filed a complaint with the department’s inspector general, arguing that the current system of collection and storage of communications by U.S. persons under Executive Order 12333 violates the Fourth Amendment, which prohibits unreasonable searches and seizures. I have also brought my complaint to the House and Senate intelligence committees and to the inspector general of the NSA.
Tye also makes it quite clear that the NSA is almost certainly collecting email and internet data, despite denials from General Alexander. It appears that Alexander pulled a "not under this authority" trick to try to mislead people:
All of this calls into question some recent administration statements. Gen. Keith Alexander, a former NSA director, has said publicly that for years the NSA maintained a U.S. person e-mail metadata program similar to the Section 215 telephone metadata program. And he has maintained that the e-mail program was terminated in 2011 because “we thought we could better protect civil liberties and privacy by doing away with it.” Note, however, that Alexander never said that the NSA stopped collecting such data — merely that the agency was no longer using the Patriot Act to do so. I suggest that Americans should dig deeper.
Consider the possibility that Section 215 collection does not represent the outer limits of collection on U.S. persons but rather is a mechanism to backfill that portion of U.S. person data that cannot be collected overseas under 12333.
He also notes that when the Presidential task force recommended changes, it secretly intended some of the changes to apply to EO 12333 but worded it in a way to avoid revealing how much that program was used -- but the White House and the intelligence community are now resisting those changes because of the impact it would have:
The White House understood that Recommendation 12 was intended to apply to 12333. That understanding was conveyed to me verbally by several White House staffers, and was confirmed in an unclassified White House document that I saw during my federal employment and that is now in the possession of several congressional committees.
In that document, the White House stated that adoption of Recommendation 12 would require “significant changes” to current practice under Executive Order 12333 and indicated that it had no plans to make such changes.
There's a lot more in Tye's piece -- but kudos to him for coming out and making this point clearly. While we've raised concerns about EO 12333 in the past, most of the discussion has been focused on the officials programs concerning what happens domestically: Section 215 of the Patriot Act and Section 702 of the FISA Amendments Act. But as Tye makes clear, those programs are only used to "backfill" what can't be picked up under EO 12333 -- a program that has no real oversight, and which is used broadly to collect all kinds of content on people around the globe, including Americans.
Thanks to Tye for standing up and stating clearly what's going on. Hopefully it will lead others to stand up and get the White House and the NSA to come clean.