We are witnessing another swing of the pendulum in the way the U.S. conducts surveillance. This time, to ensure that National Security Agency programs remain effective without violating people's privacy, Congress needs to ensure that the NSA is subject to better judicial oversight.
For decades, domestic surveillance in the U.S. was practiced widely and somewhat indiscriminately -- for 30 years, every telegram leaving the country was collected. In 1978, Congress put its foot down by passing the Foreign Intelligence Surveillance Act. Chastened, leaders of the National Security Agency took extraordinary measures to avoid collecting any domestic information at all.
Then came Sept. 11, 2001, when 11 terrorists were able to hijack U.S. airlines after evading the NSA, the Central Intelligence Agency, the Federal Bureau of Investigation, the Immigration and Naturalization Service, and the State Department for close to two years.
So the NSA again turned its giant listening devices inward. The undifferentiated collection of domestic phone records that followed has been roundly criticized, and the House passed the USA Freedom Act this spring in order to end it.
The House bill does not, however, solve all the problems. For years, the NSA has been compelling Google, Facebook, Microsoft and Apple to cough up e-mails and other communications of non-Americans that the agency believes include "foreign intelligence information." More than 100,000 people and entities have been targeted under this program, called Prism, under Section 702 of the Foreign Intelligence Surveillance Act.
What's worrying now, as Senator Ron Wyden of Oregon has pointed out, is that the NSA can use its access to the giant pile of communications that it has collected over many years under Section 702 -- through both Prism and a companion "upstream" program that vacuums up data flowing from the U.S. to other countries -- to conduct warrantless searches for Americans' communications.
A new, detailed report by the independent Privacy and Civil Liberties Oversight Board has found that the surveillance programs now being conducted under Section 702 surveillance are "legal and effective." It's an excellent report, and that conclusion is a relief. But there's still reason to worry about U.S. spies violating people's privacy. What's needed now is better oversight by the FISA court. That means Congress needs to expand the court's authority.
The PCLOB report makes clear that the FISA court is being informed about the procedures that the surveillance authorities are following with respect to broad categories of foreign intelligence information. But that's it. The court does not otherwise exercise any judicial review over the substance of these programs.
Surveillance will inevitably continue. An overly timid NSA would not serve domestic or foreign interests. But the court needs to double-check that federal agencies don't overstep their legal limits on targeted surveillance. In this murky context, the FISA court remains at a distinct disadvantage when attempting to balance national security and privacy interests.
The FISA court was created as a way to provide the U.S. attorney general with judicial authorization to use electronic surveillance inside the U.S. specifically for foreign intelligence purposes. But the court cannot effectively play that role with respect to domestic surveillance programs. It cannot address Wyden's concern that the NSA's access to "foreign" data might be used to carry out domestic surveillance, because it has no oversight over the terms used to search that data. Nor can it require that individual non-Americans are being appropriately targeted.
Congress needs to make sure the pendulum doesn't swing too far away from privacy protection. The Senate should take up the House bill and amend it to return proper power to the FISA court.
This column does not necessarily reflect the opinion of Bloomberg View's editorial board or Bloomberg LP, its owners and investors.
To contact the author on this story:
Susan P Crawford
To contact the editor on this story:
Mary Duenwald at email@example.com