Taking Stock After Snowden

Since Snowden’s disclosure of the NSA’s massive global surveillance programs, organizations like EFF and the ACLU have brought countless legal challenges to protect civil liberties, technologists have developed new tools to safeguard data privacy, and even policymakers have begun to rein in surveillance authorities. Andrew Crocker, staff attorney on the Electronic Frontier Foundation’s civil liberties team, takes stock of what’s changed since Snowden first revealed a cache of classified NSA documents in June 2013. 

There’s a simple but powerful shot at the beginning of Citizenfour, Laura Poitras’ Oscar-winning documentary about Edward Snowden’s disclosure of a cache of NSA documents to the press in June 2013. The camera moves in slow motion through a nearly pitch-black tunnel, illuminated only by a narrow line of fluorescent ceiling lights. In voiceover, Poitras reads from an email sent by Snowden that lists the paranoid-sounding security precautions he wants her to take. After she has set the scene—jumping between courtroom arguments about NSA surveillance, congressional oversight hearings, and speeches by activists and whistleblowers—the tunnel shot returns. No longer artificially slowed down, the camera breaks out into the daylight and the skyline of Hong Kong, where Poitras will meet with Snowden.

The visual metaphor is clear: Seemingly out of nowhere, Snowden’s disclosures brought radical transparency to the U.S. intelligence community, which had operated with little oversight since the attacks on September 11, 2001. Soon after 9/11, the Bush administration secretly expanded the NSA’s electronic surveillance, including warrantless wiretapping of phone and Internet communications, and the mass collection of the records of these communications, known as metadata. For more than a decade, the NSA and its partners around the world expanded their surveillance capabilities with the goal to  “collect it all,” as one leaked slide put it.

In 2016, it can be hard to remember that many of the NSA surveillance programs detailed in the Snowden documents were already partially known to the public. Reports in 2005 and 2006 by the New York Times and USA Today revealed the contours of the wiretapping and records programs. These reports inspired litigation by civil liberties advocates, including the Electronic Frontier Foundation (EFF) where I work. EFF and others spent years suing telecommunications companies and the government, drawing on evidence from whistleblowers who predated Snowden by almost a decade. In Congress, Senators Ron Wyden, Russ Feingold, Mark Udall, and others tried to inform the public without revealing classified information. (EFF has a detailed timeline of these events from before 9/11 to the present.) But the Snowden documents reached much further, focusing global attention on the NSA.

This January, the Heinrich Böll Foundation North America hosted a screening and discussion of Citizenfour to reflect on what has changed since Snowden’s disclosures in June 2013. Thanks to Snowden, we have learned more about the NSA’s programs, the laws used to justify them, and their evocative code names. Three of the most important and contested of the NSA’s authorities are:

  1. Section 215 of the Patriot Act, used to collect billions of domestic telephone records from major telecommunications providers;
  2. Section 702 of the FISA Amendments Act, which includes “Upstream,” the interception of communications between Americans and foreigners from the internet backbone, as well as “PRISM,” which collects user data from providers like Google and Yahoo; and
  3. Executive Order 12333, which provides the framework for surveillance conducted abroad, including taps of US providers’ private networks in other countries.

Other leaked documents detail efforts to look into encrypted communications, remotely install malware, and map social networks.

Legal Challenges to NSA Surveillance

The very first document published by Glenn Greenwald and the Guardian in June 2013—an order from the secretive Foreign Intelligence Surveillance Court (FISC) allowing bulk, ongoing collection of phone records from Verizon—quickly spawned new constitutional challenges by EFF (First Unitarian Church of Los Angeles v. NSA), the ACLU (ACLU v. Clapper), conservative activist Larry Klayman (Klayman v. Obama) and others.

These cases moved through the courts in 2013 and 2014 with considerable momentum. Earlier challenges like the ACLU’s Amnesty International v. Clapper were often hindered by the constitutional doctrine of “standing”—the requirement that plaintiffs show they suffered a concrete harm, which is often difficult in cases involving classified surveillance. In addition, the executive branch frequently delayed these suits by claiming they involved “state secrets” too dangerous to litigate. But with the Snowden disclosures, the government was forced to acknowledge many aspects of the phone records program. As a result, the courts became more receptive to substantive arguments that the NSA was violating Americans’ constitutional rights. In December 2013, the federal district judge presiding over Klayman’s case in Washington D.C. ruled that the program was likely unconstitutional, describing it as an “indiscriminate and arbitrary invasion” of privacy. (The district court in the ACLU’s case ruled the other way; EFF’s case is still pending.)

Legislative Progress Since Snowden

Meanwhile, the ranks of lawmakers disturbed by the NSA’s activities grew to include even the original author of the Patriot Act, Representative Jim Sensenbrenner. Along with Senator Patrick Leahy and Representative Jon Conyers, Sensenbrenner introduced a reform bill known as the USA Freedom Act in October 2013. Although Congress had not passed legislation limiting the intelligence community’s surveillance powers since 1978, the imminent “sunset” or expiration of Section 215 in June 2015 added extra urgency to the legislative process. So did a May 2015 ruling of the Second Circuit Court of Appeals, which reversed the lower court in ACLU v. Clapper and found that the government’s reliance on Section 215 to conduct the program was “unprecedented and unwarranted.”   

Yet broad reform of the NSA has proved elusive. On June 2, 2015, Congress passed a significantly weakened version of USA Freedom. For civil liberties advocates, the bill is a mixed bag.

On the upside, the law ends the NSA’s telephone records program; it requires the NSA to query telecommunications providers with “specific selection terms,” rather than indiscriminately collecting records in bulk. It also introduces transparency to the FISC, requiring the declassification of significant opinions and allowing the judges to appoint public interest advocates in key cases.

However, there’s much that USA Freedom doesn’t do: first, it does not touch the NSA’s activities under Section 702. So far, lawsuits challenging the NSA’s 702 “Upstream” collection of communications from the Internet backbone—EFF’s Jewel v. NSA and ACLU’s Wikimedia v. Clapper—have met with the same procedural roadblocks as much of the pre-Snowden litigation. Second, USA Freedom does not address spying conducted outside the United States under Executive 12333. By many accounts, the volume of EO12333 spying dwarfs domestic surveillance, with far less congressional oversight. Finally, USA Freedom does nothing to improve protections for foreigners, who are granted little privacy protection under existing constitutional and statutory law. These are all areas where Congress could step in. With Section 702 set to expire in December 2017, privacy advocates are pushing for more comprehensive reform.

Technological Developments

Outside of the legal and policy realm, the Snowden disclosures have also profoundly affected individuals’ use of technology. A number of Internet companies have responded to increased public concern about privacy by strengthening the security of their products, and many users are taking advantage of encrypted communications applications. In particular, both Google and Apple have begun encrypting smartphones by default, and users can choose from a range of messaging applications offering “end-to-end” encryption.

The spread of encryption is an encouraging development in an age plagued by data breaches and state-sponsored hacking. Yet the U.S. government sees this as an opening to expand surveillance powers. FBI Director James Comey has argued that since Snowden, “the pendulum has swung too far in one direction.” According to this narrative, strong encryption prevents the government from access to key intelligence sources, a threat the government describes as “going dark.” As a result, Comey and others have made vague calls for companies to engineer their products to be decryptable by the government pursuant to appropriate legal authorities. However, the leading cryptography and security experts have explained that such a scheme is inherently infeasible and compromises the benefits that encryption provides. In fact, even widespread encryption will not necessarily hinder future surveillance.

Thanks to Snowden, the general public has become far more informed and concerned with issues of surveillance and encryption. The next step is to build even more public engagement and to advocate for wide-reaching policy reforms—most importantly, by working toward international standards for supporting encryption, and requiring that surveillance be limited to that which is necessary and proportionate.

 

Andrew Crocker is a staff attorney on the Electronic Frontier Foundation’s civil liberties team. This article represents his personal views.