President Donald Trump wasted no time in making good on his promises to take a more aggressive stance on immigration policy and deportations. The question many administration watchers are asking is how will this effort intertwine with potential changes to domestic surveillance policies.
Beyond the bulk collection of email and phone records, there are other controversial surveillance issues that will play out over the next four years. For instance, the Electronic Frontier Foundation (EFF) has raised concerns about the use of social media monitoring of foreign visitors, biometric surveillance of immigrant communities and rapid DNA analyzers.
As a presidential candidate, Trump made several comments in favor of restoring the post-9/11 Patriot Act and said that he errs “on the side of security” in the debate over the National Security Agency’s bulk phone metadata program. Now that he is in office, privacy advocates and policy experts are watching his executive orders and key appointees for signals of surveillance policy change, some of which could be made without informing the public.
One early executive order eliminated the extension of Privacy Act coverage to non-U.S. persons for data about them held by the federal government. Previously both U.S. and non-U.S. persons could request to see the information the Department of Homeland Security held on them, such as details from an immigration application, information about a citizen’s comings and goings from the country, and interactions with the government.
Surveillance law and policy are complicated because there are overlapping statutes and court decisions and a collection of executive directives, some of which are secret, noted William Bendix, a professor at Keene State College in New Hampshire who focuses on surveillance policy.
“It’s not so much what they collect; it is what they do with the data once they have it,” Bendix said. “Can they mine it indiscriminately? Can they share it widely? Keep it indefinitely?” For the most part, surveillance statutes don’t provide answers to those questions, he said. At most, they require the executive branch to create “minimization procedures,” which are supposed to place limits on what data is reviewed and shared. “Those are classified and can be changed easily by the president and his officials. If the president imposes serious restrictions on agencies, then we will have strong privacy protections,” he said, “but if the president waters down or decides to discard these minimization procedures, then watch out.”
Michael German, a fellow with the New York University School of Law’s Brennan Center for Justice’s Liberty and National Security Program, said it would be difficult to imagine creating a legal regime over the intelligence community that would give them any more power than they already have.
“Over the course of two administrations, we have deconstructed the restrictions that came out of the J. Edgar Hoover/Nixon/Watergate situation, to ensure that the rule of law would apply to this secretive activity and that there would be enough independent oversight even in a closed system to prevent the types of abuses we are having,” said German, who served as a special agent with the FBI, where he specialized in domestic terrorism and covert operations.
One internal watchdog people will be watching is the Privacy and Civil Liberties Oversight Board (PCLOB). The five-member board is one of the few independent actors in the executive branch that can actually conduct thorough oversight of intelligence agencies, Bendix said. The problem is that it needs three members to maintain a quorum to issue public reports. As of press time, it had only one member, Elisebeth Collins, so the board won’t be able to issue any public reports. PCLOB staff can continue working, but it won’t be able to tell the public what it has concluded.
German said PCLOB has never really operated the way it should have. Despite the great intentions and incredible effort by its members, it was never established to be effective as a watchdog, he claims. “The intelligence community is a $70 billion operation and five people and a staff of 10 are supposed to oversee it?” he asked incredulously. “The situation there could be made worse, but not much worse.”
It is the same with the Intelligence Oversight Board, he added. When an Inspector General’s report on FBI abuses of National Security Letters was published, it came out that the Intelligence Oversight Board had never met during the Bush administration. “And it hasn’t been very effective except in short bursts in response to crises,” German said. “I understand that now it is down to just a handful of members. Again, it is a structure built to perform a task for which it is completely under-resourced, and nobody has ever really attempted to use it in the way it was designed.”
Still another place to watch is the Foreign Intelligence Surveillance (FISA) Court. After the Snowden leaks, it was revealed that one FISA Court judge had approved the National Security Agency’s mass metadata collection program in secret with no debate or consultation. “Given these very intrusive and large-scale surveillance programs have been authorized by a single judge, it was decided that was not good enough — that the court is not engaging in the kinds of deliberations we would expect from a judicial body,” Bendix explained.
Now, when the court receives an application from the Justice Department that pushes into a new, legally controversial area, a friend of the FISA Court is invited to advocate for the privacy position. But it is up to the discretion of the director of national intelligence to inform the public when this happens.
“If the new administration wants to be more secretive and not tell the public about these cases, it would be perfectly legal for them to do that,” Bendix said.
The FISA Court is supposed to be more transparent about rulings it issues that represent novel interpretations of surveillance authorities, said Kate Tummarello, who works on surveillance issues for the Electronic Frontier Foundation’s Activism Team. “They are supposed to have a public advocate,” she said. “It is unclear if they are using them the way they are supposed to be used. It is not clear President Trump will have a huge impact on the court itself. From what we know, that is going to come down to the leaders of the intelligence community he picks.”
If there are early indications of how surveillance policy will change under the new administration, it is the people being appointed to key positions. Privacy organizations such as the EFF and the Center for Democracy and Technology (CDT) paid close attention to the voting records and nomination hearings of key Trump appointees. Tummarello noted that new Attorney General Jeff Sessions once wrote an op-ed opposing the USA FREEDOM Act and said the bulk phone records collection under Section 215 of the Patriot Act was “subject to extraordinary oversight” and warned the bill “would make it vastly more difficult for the NSA to stop a terrorist than it is to stop a tax cheat.”
“We at EFF thought the USA FREEDOM Act was a small step in the right direction, and he thought it was a big step in the wrong direction,” Tummarello said. Sessions also helped derail a bill in the Senate that would have required law enforcement to get a warrant before accessing stored electronic communications, like emails. “The Email Privacy Act got bogged down, because a bunch of senators, including Sen. Sessions, attempted to attach privacy-harming amendments to a pro-privacy bill,” she said. (The U.S. House of Representatives recently passed the bill again and it now moves to the Senate.)
Tummarello said new CIA Director Mike Pompeo has also defended the country’s sweeping surveillance program and protested any narrow restraints placed on government surveillance. He introduced legislation to undo many of the USA FREEDOM Act’s changes.
Privacy and cybersecurity advocates are also concerned about written comments Sessions made during his confirmation process about “back door” encryption. Natasha Duarte, who works on data privacy, surveillance and cybersecurity issues as CDT’s Ron Plesser Fellow, said technologists tend to agree that there isn’t a way to have an encryption back door that allows law enforcement in and not people who do cyberattacks. “It is worrisome that Jeff Sessions’ written commentary seemed to imply that law enforcement needed to be able to overcome encryption,” she said.
Duarte said CDT also is watching closely reports that border agents are seeking to collect people’s social media information before allowing them into the country. Michael German said it is questionable whether requiring that social media information improves our security rather than undermines it. “How is a front-line customs official going to assess my Twitter account to determine whether I am a risk or not?” he asked. “What metrics are they using? Is that a valuable use of their time?”
Privacy watchers will also have their eye on Congress in 2017. On its docket is a renewal of Section 702 of the USA PATRIOT Act, under which PRISM and other spy programs are conducted. It could renew the government’s ability to collect the content of email and other Internet activity from technology companies, noted attorneys Richard Hsu and Jeewon Serrato in a recent blog post.
The attorneys with Shearman & Sterling LLP wrote that “Senate Republicans are expected to re-introduce legislation similar to Sessions’ proposed amendment to the Electronic
ommunications Privacy Act (ECPA), which would require companies to grant investigators access to encrypted communications. Silicon Valley has been nearly unanimous in its protestation against such surveillance and data collection. However, a Trump White House is unlikely to be sympathetic to their concerns.”
Challenges at the State Level
Some state legislatures are trying to be proactive in rejecting certain forms of increased surveillance. According to EFF’s website, California Senate Bill 54 authored by Senate President Pro Tempore Kevin de León would prevent law enforcement agencies in California from sharing department databases or private information with the federal government for immigration enforcement. Senate Bill 31, authored by Sen. Ricardo Lara, would prevent local and state government agencies from collecting data, sharing data, or using resources to participate in any program that would create a list or registry of people based on their religion, ethnicity or national origin, which EFF calls a direct response to Trump’s call for a Muslim registry, noting that SB 31 would also strictly limit law enforcement from collecting information on a person’s religion.
Law enforcement officials may take a positive view of enhanced surveillance techniques in immigration and terrorism investigations, seeing them as valuable new tools in their toolbox. But German said even those who are worried about surveillance issues shouldn’t focus their concerns on the Trump administration.
“The question isn’t how will Donald Trump change things; the question is how will he use this broad power that a bipartisan consensus in the national security establishment has given him,” German said. “The problem is not President Trump. The problem is that these powers shouldn’t be in the hands of any president. The way to stop Trump from abusing them is to make sure that the restrictions are put back in place so nobody can abuse them.”