Under growing pressure to rein in domestic surveillance, President Barack Obama recently offered a proposal to end the government's bulk collection of Americans' phone records. Under the new plan, those records would stay with phone companies but be accessible to the government with the permission of a judge. While the proposal is a step in the right direction, many questions remain about how exactly it will be implemented. But even more important, it is just a small part of what needs to be done on comprehensive surveillance reform.
Still left unaddressed are mass bulk collection and indiscriminate U.S. surveillance practices abroad, which affect many more people and include the collection of the actual content of internet activities and phone calls, not just metadata.
A number of media reports, based on documents obtained by former National Security Agency (NSA) contractor Edward Snowden, have exposed the vast and sweeping nature of these programs. According to one story, the NSA taps into main communication links of data centers around the world and collects millions of records every day, including metadata, text, audio and video. Another revealed that a program called "Mystic" had allegedly been recording “every single” telephone conversation taking place in one, unnamed country and then storing them in a 30-day rolling data base that clears the oldest calls as new ones arrive. Another, last month, reported that the Foreign Intelligence Surveillance Court, a court that handles intelligence requests, often in secret, authorized the NSA to monitor "Germany” – as in the country of. And yet another claimed that the NSA has developed and deployed an automated system, codenamed “Turbine,” that could potentially infect millions of computers and networks worldwide with malware implants that can covertly record audio and video.
In the latest twist, Snowden told the Council of Europe last week that the United States even spied on human rights organizations like my own, although details of the allegation have not yet been provided.
It is not always clear under what legal authorities the U.S. government is conducting these activities. Section 702 of amendments to the Foreign Intelligence Amendments Act (FISA) authorizes the collection of a very broad swath of information including information about things important to national security, like “international terrorism…weapons of mass destruction” and “an actual or potential attack.” But it also authorizes the collection of information about things that merely “relate[] to” the “conduct of foreign affairs of the United States.” Executive Order 12333 authorizes even broader collection – allowing for the acquisition of information merely about “foreign persons.” What is clear is that with provisions this broad the potential for indiscriminate surveillance is very high.
Why should Americans care about U.S. surveillance of foreigners abroad?
Besides the fact that an enormous amount of American communications get swept up in the surveillance abroad, there are principled reasons and practical ones. The fundamental rights to privacy and free expression so sacred to Americans are no less precious to those of other countries as well, and neither can flourish under the threat, or the fact, of mass surveillance.
From a more self-interested point of view, U.S. failure to respect privacy elsewhere could have a boomerang effect, giving other countries the green light to do the same to Americans. Data travels over the internet along the cheapest, most efficient route. Even a transfer of data between parties in the same country may result in the data transiting via other countries without the sender or recipient ever knowing. If the United States intrudes on the privacy of people abroad without compunction, other countries are more likely to do the same to U.S. data. In addition, U.S. surveillance practices are also harming U.S. business interests. Many companies are now being forced to offer alternatives to customer data being stored in the United States. Studies estimate a loss of between $35 billion and $180 billon to the U.S. cloud computer industry over the next three years.
U.S. government officials seeking to justify American snooping often point out that other countries have similarly broad surveillance laws on their books. But almost no governments come close to the United States in terms of capacity and resources. And if and when other countries do obtain the same capacity, the fact that the U.S. has chosen to engage in virtually unfettered surveillance abroad will be all the justification they’ll need to seek to do the same.
This does not of course mean that surveillance beyond U.S. borders has to stop entirely. There are certainly ways to conduct legitimate foreign surveillance in a manner narrowly tailored to important national security interests and in ways that are proportional to those interests. President Obama announced some measures in January that would restrain U.S. surveillance practices abroad, but these measures put limits only on the retention and dissemination of data collected, not the collection of the data itself.
As Obama himself said when announcing the restraints, the United States has “unique” surveillance capacities. “[T]he power of new technologies means that there are fewer and fewer technical constraints on what we can do. That places a special obligation on us to ask tough questions about what we should do.” Citing the potential for abuse of basic rights, President Obama has come to recognize the need to curb domestic data collection at home. For those same reasons, it’s time to curb data collection and indiscriminate surveillance abroad as well.