Stewart Baker is head of the technology practice at Steptoe & Johnson, a former general counsel of the National Security Agency, and co-author of a book titled The Limits of Trust: Cryptography, Governments, and Electronic Commerce. Eugene Volokhteaches constitutional law at UCLA School of Law and is the author of a textbook on the First Amendment and many law review articles on rights questions.This week they discuss specific security technologies that the U.S. government might adopt in the wake of recent terrorist attacks, and their effect on civil liberties.
Eugene,
Let’s get down to specifics. Let’s take a close look at the legal changes now under consideration and ask whether they pose any threat to civil liberties. As you say, we’d better like the laws we’re passing. We’ll be living with them a long time.
So far, only the Senate has actually passed anything—a package of anti-terrorism amendments that it tacked on to an appropriations bill last Thursday. It held no hearings and only a short debate. The amendments passed by voice vote, and the full bill was adopted 97-0.
Whenever I hear about a bill that passes like that, I think of the TV show Yes, Minister, where the bureaucrats met crises by dusting off an old agenda and serving it up to their bosses with the following unanswerable logic:
1. We must do something.2. This is something.3. Therefore, we must do this.
In fact, though, the Senate bill does little damage to civil liberties; the real question is whether it does much to address the threat.
There are three or four provisions that seem to worry civil libertarians. First, the bill would add terrorism to the list of crimes that justify a wiretap. Is that a good idea? As my daughter once would have said, “Well, duh!” The real question is why it wasn’t added to the list long ago. The answer is that you can’t be much of a terrorist without violating some other law that is already on the wiretap list. So this amendment falls under the heading of nice to have but no big deal.
Second, the bill authorizes the use of the FBI’s disastrously named “Carnivore” device to conduct certain Internet wiretaps. (Actually, the bureau calls it the DCS-1000 these days, but no one can remember that—which is probably the point of the new name.) Carnivore is controversial because it is a network “sniffer” that could be programmed—by someone willing to risk a felony prosecution—to scarf up all the communications on a network, not just those of suspected terrorists. But for all the bad publicity it’s received, it is already legal and in common use. It only appears in the bill because the wiretap laws were written with telephones in mind, not networks.
In the telephone world, the police have a choice when they investigate a suspect. If they have a good basis for suspecting him, the courts will allow them to tap the suspect’s phone and listen to all his calls. Alternatively, if they only have a suspicion that he might be relevant to their investigation, they can’t listen to his calls, but they can record all the numbers he calls or that call him.
How can we apply this model to the Internet? It’s easy to imagine what a full wiretap looks like in cyberspace. The police get to see everything the target does online—every e-mail he writes or reads, every site he visits, every password he types. But suppose they can only meet the lower standard. What is the Internet equivalent of acquiring every phone number the target dials? The Justice Department thinks that’s an easy question—it’s the Internet address of the sites he visits, the “to” line on his e-mails—essentially the addressing and routing information for his network activities. The Senate amendments would specifically approve that interpretation.
I can understand why this might raise at least some privacy concerns. Law enforcement can get a remarkable amount of data about people—many of whom are not even suspects—just by saying that the information might be relevant to some investigation. They can get a list of every site I visited, how long I spent there, where I went next, who I e-mailed, and when they replied. That sure feels a lot more private than a list of the numbers called from my home phone.
The problem is that phone numbers don’t have a perfect digital equivalent. That means that we have to choose between either reducing the government’s investigative reach a lot or expanding it a little. After last week, that doesn’t seem like a hard choice. If it were up to me, I’d add some safeguards to the bill. For example, we ought to let people—especially people who aren’t charged with anything—know when their records have been gathered in this way. And we should audit access to that data; anyone who pulls my records should be able to explain why—if not to me, then at least to his superiors.
On a different note, I’d also make sure that the ISPs and phone companies who are working overtime to respond to this crisis know that they won’t be sued later for carrying out a national security wiretap and will get reimbursed for the costs of pulling masses of paperwork (the days of adding such costs to a monopoly rate base are pretty much gone). In short, I’d prefer a somewhat different bill. But try as I might, I can’t say that the lack of those safeguards threatens freedom as we know it.
The same is true of the other wiretap provisions. The Senate would allow the FBI to get one wiretap order against a suspect, an order that could be used everywhere in the country. This just seems to recognize that the Internet and roving cell phones allow terrorists and other criminals to be active in many different jurisdictions at practically the same time.
Finally, the amendments expand the number of people who can authorize an emergency warrantless wiretap. God knows there are times when minutes are precious, and the tap needs to begin even before the judge can be pulled out of bed. Since warrantless taps must be confirmed by a court within 48 hours, it’s hard to see much risk in them. As long as we know who is authorizing such taps, it will be easy to assign blame if abuses emerge.
Are you yawning yet? That may well be the right response. This is inside-baseball stuff at best. The Senate amendments wave the center fielder a few yards to the right. If this is the worst threat our liberties face, we’re doing very well indeed.
******
Tacking back for just a moment to yesterday’s exchange, you pointed out that there’s a cost to asking that the press stop putting national security secrets on the front page. The cost is that we lose one of the possible checks on stupid bureaucratic behavior or worse. I agree.
I am deeply fond of the dedicated patriots I worked with in government, but even the best government bodies are prone to the failings of government bodies everywhere. One of those is “information management,” something that remains a particular problem in agencies that heavily classify their activities. We need checks on such behavior. But when we’re talking about secrets that could help us forestall terrorists, the price of using the press as a corrective is just too high.
I would rely instead on the internal dynamic of competing bureaucrats for a rough substitute. As I once said to an outsider skeptical of NSA’s commitment to the law, “Why am I sure that the agency isn’t breaking the law? Because there are five outside offices with authority to audit our conduct, and those agencies are headed by five ambitious people whose careers would be made if they could uncover violations of law at NSA.” Maybe that’s not perfect either, but it’s better than exposing the agency’s secrets to the public—and to Osama Bin Laden at the same time.
