In light of the recent revelations about the National Security Agency's (NSA) extensive and controversial surveillance programs, the Orient turned to our resources at Bowdoin for analysis and comment on the situation. We reached out to members of the Bowdoin community who specialize in related areas of government, media studies, computer science and information technology.
While the focus of these conversations is primarily national, we heard from Mitch Davis, Bowdoin's chief information officer, about the administrative protocol for accessing student email on campus.
All of the interviews were conducted via email in a question-and-answer format, except for our interview with Professor Richard Morgan, which was conducted by telephone. The following questions and responses have been slightly condensed for brevity.
ON THE FOURTH AMENDMENT: Professor of Constitutional Law and Government Richard Morgan
Can you speak to what extent secretly compiling phone records and search histories, etc., could be considered an “unreasonable search and seizure?”
It's not unreasonable search and seizure. What you want to look at is the Supreme Court decision called Smith v. Maryland (1979). In Fourth Amendment theory, anything that you disclose to a third party is something in which you no longer have a Fourth Amendment privacy interest. So by placing a phone call through Verizon, you have disclosed that action to Verizon—this goes all the way back to the universe of letters.
When you mail a letter, the address is on the outside of the envelope—you don't have any privacy interest in that. It's always been the case that criminal investigators could employ what were called ten-registers, where they checked the mail that you sent and the mail that you received.
Now, opening the mail up is a very different thing. Historically, there is a reasonable expectation of privacy on your part. If the government wants to get into the envelope, the government has to go to a judge, make a showing of probable cause, and get a warrant. Same thing goes for telephone communications: the number that you call is public information [but] the content of the conversation is protected.
What happens with the NSA so-called metadata collection is that their computers identify a certain pattern between numbers. Before they can even associate those numbers with a name, let alone get into the conversation, they have to go to a judge and seek authorization. All their computers are doing is identifying a pattern between numbers...The guiding principle is that phone communications are really no different from old snail mail communications.
It may not be unconstitutional, but I think in some sense it is an invasion of privacy...It would be, of course, possible to repeal the Federal Intelligence Surveillance Act (FISA) and put a new statutory framework in place that restricted government in what they can require the phone companies, Yahoo, Facebook, etc., to turn over. I think that the political chances of doing that are slim to nonexistent, but simply because the program doesn't violate the constitution doesn't mean that it couldn't, statutorily, be closed down.
Based on previous court cases concerning it, is there a constitutional interpretation that justifies PRISM?
None of us on the outside know quite how PRISM works, but this is the way I think it works: outfits like Yahoo and Facebook have a lot of foreign users. [The servers] are based in California; you're talking about people, foreign nationals located abroad, who have communicated [on social media]—their only connection to the U.S. is that they have communicated through a computer facility in California.
Our law has always held that the Fourth Amendment does not apply to foreigners abroad, and therefore, NSA historically has collected electronic communications among foreign nationals not in the United States. The assumption underlying the government's PRISM operation, I think, is that the same rule applies when its with social media.
Simply the fact that the information has passed through an electronic channel in the USA does not alter the fact that what you're looking at is a foreign national in a foreign country. One can disagree with it on policy grounds, one can say that we shouldn't do it, but the Fourth Amendment does not protect foreigners abroad against NSA over here.
How do you think the Justice Department will proceed in dealing with Edward Snowden, the whistleblower? Personally, what do you think: is Snowden a traitor or martyr or neither? Why?
Snowden is not a traitor. Treason is very strictly delineated in the constitution of the United States: giving aid and comfort to an enemy of the United States in front of two witnesses, so I don't think by any stretch of the imagination Snowden could be tried for treason.
I think Snowden certainly can be tried for a violation of the Espionage Act. A knowing revelation of information in violation of your oath—however high-minded your reasons—certainly technically constitutes a violation of the act. I would be very surprised if the justice department were not preparing a long indictment against Snowden.
Now, to make that stick, we have to get our hands on him. That may not prove easy. On the other hand, he might not find himself altogether comfortable [hiding in China]. I would anticipate that if Snowden comes under United States control that he would be prosecuted...Nonetheless, we oftentimes do not prosecute people as a matter of policy, even though the technical grounds for prosecution are there.
ON "OLD MEDIA" COVERAGE: Associate Professor of Government Henry Laurence
What is the significance of the news breaking on the Guardian website?*
This was a huge, old-fashioned scoop for the Guardian. It's very striking that an American citizen leaking secrets about the American government to get the attention of the American public would go to a British newspaper. Partly this reflects the fact that the Guardian has long been more "tech-savvy" about the internet and new media than most "old" news sources, and has done an impressive job of using its website to build a presence in the U.S.
In part, too, this reflects different styles of journalism. The Guardian, along with much of the European press, embraces a “public advocate” model of journalism in which it’s expected that the press be politically engaged and active. In the U.S., the culture in most mainstream newsrooms is that journalists are supposed to be objective “neutral observers,” not letting their political or moral opinions influence their news coverage. Both approaches have their good and aspects, but Snowden was clearly looking for news sources that were prepared to stick their collective necks out for a political cause. He didn’t trust the New York Times not to sit on the story, apparently.
Finally, it’s worth pointing out that for all the talk of the impact of “new media” (e.g. David Carr’s column in the New York Times on June 16), this is a very “old-media” story. Snowden could easily, and probably anonymously, have leaked everything he wanted on Twitter, YouTube or Facebook. He didn’t. He went “old-school,” using friends of friends to put him in touch with journalists from major newspapers (the Guardian, founded 1821, and the Washington Post, founded 1877), then setting up clandestine meetings to sound them out before breaking the “Big Story”—which was, of course, immediately picked up everywhere else, including all the social media sites. I suspect that the story has such legs in large part because of the heft of the papers that broke the story, and the fact that they fact-checked and substantiated many of the aspects that might otherwise have been used to kill it.
It seems that, despite his requests to the contrary, Snowden has become a large part of the story, as has Glenn Greenwald (the Guardian columnist who broke the story). Why do you think this is, particularly in Greenwald's case?
News media love to personalize stories and talk about themselves or other journalists, so at one level it’s no surprise Snowden and Greenwald have become the story. Fun fact: during the 2004 election, prime-time TV network news programs devoted 67 percent of speaking time to their own journalists, 12 percent to candidates and 21 percent to other sources.
Certainly there are aspects of Snowden that make great copy—the sensationalism of the “high-school dropout/big-money computer geek” narrative, his flight to Hong Kong/China, his pole-dancing girlfriend, etc. Beyond that, he has become a symbol on which people can project their own views, such as (David Brooks’ absurd attempt at a psychological profile). Arguments about “traitor vs. hero” and “whistle-blower vs. leaker” cut across the usual partisan lines because a Democratic president is accused of invading privacy in ways that many liberals would (and did) find unacceptable if [a Republican did] the same things.
The more salient division on this issue seems to be generational rather than partisan. Thus, older politicians from across the political spectrum (from Nancy Pelosi to John Boehner) say he’s a traitor while a different and often younger demographic (including Rand Paul, Glenn Beck, Arianna Huffington and Michael Moore) support him, or at least his actions. I think that for a lot of people, including many pro-Obama liberals, it’s easier to focus on the shortcomings of the messenger than debate the substance of the message.
I suspect Glenn Greenwald has been targeted from some on the right in part because he is a public and articulate critic of many of their core beliefs. He’s targeted by some liberals in the mainstream media because he embodies the sort of activist journalistic philosophy discussed above which is anathema to many journalists here. I heard him dismissed as a “self-styled journalist” on NPR, which is ludicrous—as if there were any formal qualifications to distinguish “real” journalists from any others. Again, it’s easier to score points with smug put-downs than tackle the difficult moral and political questions Greenwald’s reporting raises.
ON NATIONAL SECURITY: Visiting Asst. Professor of Government Marc Scarcelli
Is collecting increasing information about citizens is just a game we have to play for national security in this day and age? Do you think it’s likely that other countries or other organizations could be doing similar things?
The existence of this program does not surprise me, though it is a concern. In the aftermath of 9/11, the original plan for this type of mass information-gathering was intended to be even more far-reaching. Back then they called it "total information," but it encountered some push-back even from Republicans in Congress. It has long been rumored that many of its provisions simply went into the shadows, so to speak, and this revelation would seem to confirm that. I do think it's likely that other countries are engaged in similar activities, yes, though they probably lack the resources to extend it as far as the U.S. has.
Do you think the information released by Snowden and the Guardian presents a threat to national security? Why/why not?
Based on what's been released thus far, probably not. We've known for years that al-Qaeda's core organization long ago reverted to deliberately low-tech methods in order to evade such programs, opting for handwritten letters and cash delivered by couriers, for example. The house where Osama bin Laden was killed didn't even have a phone line, much less an internet connection.
However, certain individuals, those without strong connections to the broader terror network who are sometimes referred to as "self-radicalized," have utilized modern communications in ways that warrant concern. Major Nidal Hassan, the Fort Hood shooter, had been communicating online with radical cleric Anwar Awlaki in Yemen, who is said to have encouraged the attack. Whether such isolated individuals will be deterred from using modern communications now is an important question, and if they are, what impact that will have can only be speculated.
It's important to remember, however, that the Guardian received more information from Snowden than they've released, saying some of it was so sensitive that they're reluctant to reveal it. So, we may yet see more revelations.
What provisions in the Patriot Act allow for this sort of surveillance?
I don't do the legal side of the issue, but the short answer is that after the disclosure of warrantless wiretapping under the Bush administration, Congress passed a law in the latter years of the Bush admin which allowed this type of surveillance but required FISA court oversight.
Since that's a secret court (established in 1978), that allowed the program to remain unknown to the public. The original Snowden/Guardian leak showed that the court ordered Verizon to turn over millions of files, showing that this is not done on a per-individual basis, but en masse. What they're claiming now is that in order to examine the records of any individual within that data, they need FISA court approval. I hope that's true, but I have doubts. It's also often asserted that the FISA court either never or almost never refuses requests, so that critics call it a rubber-stamp.
Many people don’t really mind the collection of telephony metadata, saying that they have nothing to be worried about. Should Americans be worried about the implications this sets for the power of the federal government? Why/why not?
As people fall back on the notion that 'as long as you have nothing to hide, you have nothing to fear,' I think that's a very poor way of rationalizing this sort of thing. First, it's important to remember that many, many authoritarian regimes in the world have used the same argument to excuse human rights abuses. I don't think that's the case here, but at a minimum, it suggests that there's something fundamentally un-American about all this. It may be worth remembering Ben Franklin's point on this: "Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
Second, the potential for misuse here is enormous, and I'm alarmed that hardly anyone is discussing this aspect of the issue. That misuse could come in any of several forms. We know that in the not-too-distant past, U.S. officials have at times used their powers for personal political gains; the obvious examples include Richard Nixon or former FBI director J. Edgar Hoover, among many others.
We also know that the U.S. government has seriously erred in the past during times of grave threats; extreme examples include the Japanese internment during WWII, while less severe examples include undercover agents infiltrating anti-war groups during both Vietnam and the early years of the Iraq War. Finally, this sort of program creates the potential for hacking or other criminal misuse that could be devastating in scope. Snowden was an employee of a contractor; a huge amount of this sort of work is now contracted out, making the risk of hacking/theft/criminality much greater.
Personally, what do you think: is Snowden a traitor or martyr or neither?
He's trying to be a whistleblower, on par with [Daniel Ellsberg, who leaked] the Pentagon Papers or Deep Throat, though it seems not many regard him as such. He's not being rewarded or bought off; on the contrary he's given up a great deal already and risked his freedom, so this is obviously something he believes in ideologically. However, the reactions have tended to condemn rather than praise him. It's odd that so many Americans are fine with this, or are only somewhat bothered by it.
I always teach my students to think about such issues from both a normative and a practical perspective. The normative I've already touched on; I think this is clearly a violation of our Fourth Amendment rights, and could have a "chilling effect" on free speech as well. I don't think most Americans yet realize how far this sort of thing could go. Private companies are already spending enormous resources gathering information about us; Google scans the content of its users' emails and searches, Netflix/Amazon/Visa track our viewing and shopping habits, etc. Our cell phones are already function as tracking devices (not just those with GPS), and law enforcement is increasingly requesting such data in criminal investigations...So, the potential, and the original vision of Total Information, is for a central database in which all of our communications, shopping habits, and even our movements are being tracked all the time just in case any one of us becomes a suspect. I do not think we're all the way there yet, but we're clearly moving in that direction.
The assurance that they'll only use this against terrorists, and with oversight, should not be a sufficient answer. First, Director of National Intelligence (DNI) James Clapper was just asked by Congress in March whether this type of NSA program existed and he said "no." So the "trust us" approach suffers a serious credibility problem. Second, see the examples above regarding potential for misuse. Third, who gets labeled a terrorist is itself a highly politicized process. Nelson Mandela was once classified as a terrorist by the US government. Some of the anti-Iraq War protesters investigated as possible terrorists included a group of Catholic nuns.
But beyond the normative questions about morality, we must also examine it from a practical perspective: is it working? On that question, the public is at a massive disadvantage, as most of the information that would be needed to answer that question is classified. Lately we're being told that this program has disrupted "dozens" of terrorist plots, and that may well be true, but thus far we're being asked to take them at their word on that point...We're told that more specific examples are forthcoming which will demonstrate its efficacy, so that remains to be seen.
ON THE NSA: Professor of Government Andrew Rudalevige
Can you provide a brief history of the NSA and its role in the executive branch?
The NSA was created in 1952, building on some previous “Comint” (Communications Intelligence) organizations, especially military code-breaking efforts in World War II. President Truman created a commission that recommended unifying those tasks in a new agency after the Armed Forces Security Agency (AFSA) got bad reviews from its military “consumers” during the Korean War. Since then NSA has dealt not only with Comint but Comsec (Communications Security) as a key part of the large and rather competitive intelligence community—but the joke used to be that the acronym stood for “No Such Agency.” These days NSA’s existence is not hidden well (just drive down Route 295 in Maryland) but its activities have been. Until this month!
Members of Congress have argued that they were not sufficiently briefed by NSA or were not briefed at all. What is your take on this instance of executive accountability, or lack thereof?
Keep in mind that when a senator asked the DNI a direct question about the data NSA were collecting, the DNI lied. (In his words, he gave the “least untruthful” answer.) Likewise, this spring’s confirmation hearings for the CIA director showed how little information the administration had given even the intelligence committees about the agency’s drone program. It’s hard to conduct real oversight under those circumstances. Legislators might feel a bit like mushrooms—kept in the dark and fed “fertilizer.”
That said, members of Congress could almost certainly be more proactive about seeking out information here. Rarely do they see the political benefits of doing so—they are convinced, and probably rightly, that the credit they will gain from seeking to limit these programs is far less significant than the blame they will get if those limits can be blamed for a successful attack. So the House hearing on the NSA on June 18 was hardly confrontational, with committee members falling over one another to come up with words to describe how “rich” and “robust” oversight of these programs is.
The only thing is, that oversight is not really by them; it is largely internal to the executive branch. The FISA court is absolutely a useful institution, but it is constrained in what it can do. For instance, so long as the Department of Justice certified that the phone metadata was “relevant” to an investigation, under the Patriot Act the court had little choice but to sign off on the requests.
Legally, should all members of Congress (not just those on Intelligence committees, in which briefings are often confidential) be briefed on these issues?
Legally, no. Coming out of the 1970s Church and Pike Committee revelations of the CIA’s “family jewels” (assassinations, domestic spying, etc.), the Select Committees on Intelligence were created precisely to seek to balance legislative oversight with the real demands of secrecy. The executive branch—not without justification—fears that telling a member of Congress something is tantamount to sending out a press release. I should stress that while there is a plague of over-classification in government, that does not mean that every leak is a good idea, and certainly not heroic—people abroad that had worked with the United States died as a result of the Wikileaks revelations.
So the structure itself makes sense. But everyone involved has to want to make it work the way it was intended to. After all, creating a subset of legislative specialists in this area does have potential downsides. It can make other legislators less willing to undertake any sort of oversight (“that’s their job, not mine”), while at the same time the Intelligence Committee members can wind up enraptured—“captured”—by the intelligence community. “Trust us” is not a good motto for inter-branch relations, in my view.
How much oversight do President Obama and his aides exercise over PRISM and related NSA surveillance programs?
I assume you mean the White House staff itself? (Since NSA staff are his aides, too.) The assistant to the president for national security and—in this administration, the specific White House adviser on counterterrorism (John Brennan, before moving back to CIA; now Lisa Monaco)—have the most direct responsibility for making sure the president knows what is going on in this area. The DNI, who reports directly to the President, is also very much in the flow of this process (or should be, this has varied).
If by “exercising oversight” you mean “constraining,” then you’ll find that presidential personality is much less important than what you might call presidential “positionality” — that is, the position shapes one’s policy preferences. Things look a lot different from that side of the desk. Just look at Senator Obama’s comments on the Patriot Act renewal of 2006, versus President Obama’s use of the vague language of Section 215 of that act to justify the broad collection of phone metadata. The perils of writing broad delegations of power into law, as Congress has done consistently, is that someone will use them.
Is this a partisan issue?
Certainly Democrats are a lot more sympathetic to Obama’s surveillance regime than they were to Bush’s, at least by 2005 or 2006. Being outraged by presidential power tends to correlate pretty well with whether a president you like is in power.
Still, the current controversy isn’t perfectly predictable on a partisan basis—there are civil liberties advocates and security hawks on both sides of the aisle. The flip side is that neither party has much institutional pride here. Congress has not insisted on being informed or in being involved in shaping the rules of the system or doing the harder day-to-day work of enforcing them. James Madison argued that the system depended on “ambition counteracting ambition” —legislators have not been very ambitious here, on a bipartisan basis. Supreme Court Justice Robert Jackson wrote back in 1952 that, “comprehensive and undefined presidential powers hold both practical advantages and grave dangers.” I would like to see a national debate that focuses on how to maximize those advantages and minimize the dangers.
ON INTERNET PRIVACY: Asst. Professor of Computer Science Daniela Oliveira
Individuals are increasingly unaware yet compliant with surveillance, whether from government or the private sector. Do you think online privacy could ever be increased, given where we are today? Is secret data collection the norm we can expect?
The Internet is not private and it never was...the main questions are what privacy is and whether we can define it. I think privacy is becoming an increasingly complex issue because our society is dependent on networked computer systems. We have a great number of private information stored in servers elsewhere: personal information, health records, business transactions, email messages, electronic chats, social network interactions, etc.
With cloud computing, where computations and data storage are increasingly outsourced to remote servers the situation is expected to worsen. Even when private information is stored using cryptographic methods, there are many inferences that can be made on computations involving these data. For example, queries from an oncologist to a set of health records can imply that the corresponding patients have cancer.
There is also the issue of removing information from the Internet: once digital data is created and made available in the Internet, it can be copied multiple times, moved, edited and it is nearly impossible to delete it. Also, do we have the right to delete information from the Internet? Would this be considered rewriting history?
ON EMAIL PRIVACY AT BOWDOIN: CIO Mitchel Davis
The Bowdoin administration can access all Bowdoin email accounts. How often and easily is this done? How many people can access Bowdoin email accounts?
Student email accounts were accessed maybe five times over the last 10 years. Some were approved by the email account owners to resolve a problem. For example: a student told a faculty he had sent in the assignment on time. The faculty member said it was not received. The student gave us the name of the file. We contacted the faculty member and did a search for that file name and found it in the trash. No one has ever been granted open access to read a student’s email account. The additional requests were made for emergency purposes and always asked for information on a specific date or time or file.
The CIO or Technology Security Officer and the Dean’s Office and senior officer would have to sign off on a request to access a student email account. Only two people in IT are authorized to provide that service.
(For further information, Bowdoin’s web privacy policy can be read here.)
*Full disclosure: Nora Biette-Timmons recently completed a work-study program at the GuardianUS.