Saturday August 31st, 2013 informationliberation.com
The NSA and Its "Compliance Problems" (Ben O'Neill)
One of the core principles of good governance in society is the idea that the authority of law ought to prevail over the brute power of people -- i.e., that society should operate under the rule of law, not the rule of men. Aristotle wrote that "[t]he law ought to be supreme over all ..." and argued that ... where the laws are not supreme, there demagogues spring up." The principle has many important ramifications for society, but the most important is the view that government agents and agencies must be bound by the same law as their subjects.

This principle is of great relevance in the present NSA scandals, especially in light of recent NSA admissions of "compliance problems" with the legal constraints that are supposed to operate on the agency. For ordinary citizens, "compliance problems" with the law are better known as "crimes" (or possibly civil wrongs) and these lead to judgment debts, fines, and possibly even jail time, depending on the severity of the lack-of-compliance. But for government officials such notions are irrelevant -- legal compliance problems are just something you file a report about, and send to another bureaucrat higher up in the government chain, so that he can bury it on his desk.

Unfortunately, this is not a new phenomenon. The notion of the rule of law is the wellspring of an endless stream of hypocrisy in the modern social-democratic welfare-warfare state. It is difficult to find anyone who does not speak highly of the principle when it is presented in abstract form, yet it is simultaneously rare to find people who really take the idea seriously when applied to concrete situations involving government wrongdoing. In the case of the NSA, the principle of rule of law has been jettisoned entirely, and the agency operates without any effective legal constraints.

Data collection, storage and access by the NSA

Present limitations on the surveillance activities of the NSA are almost entirely technological or logistical. The agency focuses mostly on gathering "metadata" from phone and internet communications, but its capacity to record the content of these communications is also increasing rapidly. According to media reports, the agency has collected over one-trillion metadata records, and has new technology that will allow it to record the voice content of one-billion mobile phone conversations per day. Internet data is continuously collected and recorded by the agency, and the volume of content recorded is so large that it can presently only be stored for only a few days, while internet metadata is stored for thirty days. This allows the NSA to obtain access to the internet activities of a user, including his or her browsing history, as well as the contents of emails and online chats and posts. Data of interest to the agency is stored in a separate database that holds records for up to five years.

Throughout the NSA scandal, the US Government has sought to convince the public that its surveillance activities are targeted exclusively at suspected terrorists and their associates, and that data collection is used exclusively for the purposes of combating terrorism, with strict legal constraints and oversight operating to prevent mass surveillance. However, despite initial protests to the contrary, it is now evident that the NSA does indeed indiscriminately collect and store metadata and communication content under its surveillance programs.

The collection of metadata and communication content occurs without any probable cause to believe that that the people targeted are a threat to anyone. It also occurs in violation of the U.S. Constitution and the already very broad requirements of the Patriot Act, which requires applications for access to records to have "a statement of facts showing that there are reasonable grounds to believe that the [records] sought are relevant to an authorized investigation." In a recently declassified (but still heavily redacted) opinion from the Foreign Intelligence Surveillance Court, Judge James Bates wrote that "[t]his court is troubled that the government's revelations regarding NSA's acquisition of Internet transactions mark the third instance in less than three years in which the government has disclosed a substantial misrepresentation regarding the scope of a major collection program." In an earlier ruling the court had found that legal requirements for data queries had been "frequently and systematically violated."

The NSA has taken a two-pronged approach to its legal defense of its surveillance activities. It has claimed that it may collect any and all information it wishes without any warrant or restriction, and that this does not constitute real "collection" of data unless the database is later queried. In other words, collection of data is not really collection of data, so long as the data sits idle and is not accessed. It has then claimed that querying of its databases is only ever done under warrant and only under circumstances where there are specific facts to yield a reasonable suspicion of terrorist activity. This is clearly false in view of the broad searches and indiscriminate data mapping that shows up in NSA documentation.

NSA operations and their "compliance problems"

After a long period of fervent denials, the NSA has now acknowledged that its analysts have often exceeded their legal limits even under the widest interpretations of the Patriot Act by the NSA itself. An internal audit of the agency found that in a single year there were 2,776 "incidents" of unauthorised collection, storage, access or distribution of communications of US citizens, with many individual incidents covering large numbers of communications. This included violation of court orders from the Foreign Intelligence Surveillance Court.

Rather than referring to these as instances of lawbreaking as what they are, the Director of National Intelligence has instead referred to these legal violations as "compliance problems" with the programs. He has made a point to stress that these kinds of problems are monitored and assessed regularly by the agency and are to be expected in such a complex program. One consequence of this view is that there is no actual sanction for unlawful activity by the NSA. If "compliance problems" are just an expected part of government operations then there is no sense in having any sanction for these legal breaches. The agency then operates above the law, in the sense that its agents are pre-emptively acquitted of lawbreaking, on the grounds that some degree of non-compliance with the law is expected.

Even for the Foreign Intelligence Surveillance Court, tasked with supposed judicial oversight of the agency, attempting to hold the NSA to the rule of law has been a farce. Chief Judge Reggie Walton explained to the press that, "[t]he FISC is forced to rely upon the accuracy of the information that is provided to the Court. ... The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing [government] compliance with its orders."

The NSA has "compliance problems" in its surveillance programs in the same way that a serial killer has "compliance problems" with the law against murder -- neither of them are willing to follow the rules. In a society which respects the rule of law this matters. And as the demagogues spring up to defend the actions of the agency, it is useful to bear in mind what these "compliance problems" really mean for the rule of law.
_
Ben O'Neill is a lecturer in statistics at the University of New South Wales (ADFA) in Canberra, Australia. He has formerly practiced as a lawyer and as a political adviser in Canberra. He is a Templeton Fellow at the Independent Institute, where he won first prize in the 2009 Sir John Templeton Fellowship essay contest. Send him mail. See Ben O'Neill's article archives.