Security-State Creep: The Real NSA Scandal Is What's Legal

By Rebecca J. Rosen

"We doubt," the Supreme Court held, "that people in general entertain any actual expectation of privacy in the numbers they dial." And even if they did, the opinion continued, such an expectation would not be a "reasonable" one, for once you've disclosed anything to a third party, you cannot "reasonably" expect it to remain private.

That decision, in a case called Smith v. Maryland, is highly relevant again today. The Court decided that a local police department did not violate the Fourth Amendment ("unreasonable searches and seizures") when, without obtaining a warrant, the police asked a telephone company to record all the numbers dialed from a suspect's home. The year of that decision? 1979, long before the rise of our modern, counter-terrorist security state.

But our post-9/11 terrorism fears are only half the reason that that date places the case squarely in another era. Technological change in recent decades has transformed what sorts of "searches" and "seizures" are possible -- so much so that it hardly makes sense to refer to mass government surveillance of the sort revealed first in 2006 and then again this week with those terms. 

Moreover, we daily (hourly? by the minute?) convey our information to third parties -- Google, our cell-service provider, Facebook. For most people in America today, eschewing disclosures of this kind would leave them unable to go about their daily business. Can it really be that participating in life, the economy, and society require a forking over of one's claim to a "reasonable" expectation of privacy? 

Well, maybe. As much as one might be personally appalled by the notion of the NSA collecting everybody's call records, disgust doesn't make something unconstitutional. Rather, the real scandal here is what's legal -- namely, how the surveillance powers enabled by modern technology have been embraced and expanded by Congress and a succession of presidents, and how the Court has failed to develop a robust system for applying the Fourth Amendment meaningfully to the questions of the 21st century.

This failure of the Court boils down to the difficulty of applying a "reasonable expectation" standard to fast-changing technology and the equally fast-changing (though slightly lagging) societal norms regarding that technology's use. Justice Scalia made this point beautifully earlier this week in his dissent in the DNA case, which found that swabbing an arrestee's cheek was akin to fingerprinting and photographing, and thus "a legitimate police booking procedure that is reasonable under the Fourth Amendment." Scalia wasn't too impressed with this line of reasoning (citations removed):

The Court asserts that the taking of fingerprints was "constitutional for generations prior to the introduction" of the FBI's rapid computer-matching system. This bold statement is bereft of citation to authority because there is none for it. The "great expansion in fingerprinting came before the modern era of Fourth Amendment jurisprudence," and so we were never asked to decide the legitimacy of the practice. As fingerprint databases expanded from convicted criminals, to arrestees, to civil servants, to immigrants, to everyone with a driver's license, Americans simply "became accustomed to having our fingerprints on file in some government database." But it is wrong to suggest that this was uncontroversial at the time, or that this Court blessed universal fingerprinting for "generations" before it was possible to use it effectively for identification.

In other words, expectations change, and we become inured to a degree of government invasion that was previously intolerable. I call this phenomenon security-state creep, and if the Court were to review and approve of the NSA's call-collection practices on account of the Smith v. Maryland decision, we'd be seeing it again. (It's important to note that the Court earlier this year dismissed Clapper v. Amnesty International, a case related to the sort of order that was revealed Wednesday night on the grounds that no one had standing, since no one -- then -- could be certain that he or she had actually been surveilled.)

Of course, it is possible that the Court would review the NSA's programs and find that they had gone too far. Metadata, what the NSA has been collecting for some seven years, is not protected by the Fourth Amendment because Smith recognized a distinction between that information -- conveyed knowingly to the phone company -- and the call's contents. This distinction itself rests on an even older technological metaphor, one between a letter itself and the writing on its envelope, which would could not "reasonably" expect to be private. 

It's easy to see how one metaphor (a phone number is like an envelope) leads to another (an email's metadata is like a phone number), but over time this sort of reasoning breaks down. Is the collection and analysis of all the metadata of American's calls really like the writing on the outside of an envelope? Orders of magnitude different is an understatement. Metadata this deep can "reveal sensitive political information, showing, for instance, if opposition leaders are meeting, who is involved, where they gather, and for how long," Jane Mayer writes in The New Yorker. "Such data can reveal, too, who is romantically involved with whom, by tracking the locations of cell phones at night." 

Simply put, the quantity of this data makes it nothing like the information scrawled on an envelope. The Court could certainly apply its "reasonable person" standard and find that today's NSA programs go so far beyond the sort of surveillance in Smith that the Fourth Amendment prohibit them, that our constant conveyance of information constitutes a major shift in what we can reasonably expect to remain private. But it could, just as easily, find that the NSA phone-record collection is not materially different than a pen register -- the technology at issue in Smith -- and green-light the whole thing.

But what of the PRISM program revealed last night? That does include access to email contents. The details on this are extremely muddled at the moment, making any serious legal analysis quite strained. At least for the moment, it seems that many of the legal questions will hinge on whether the Internet companies voluntarily participated in the program. If that is the case, that might be enough to satisfy any Fourth Amendment concerns.

If they didn't know, a lot may depend on the program's use of "selectors" to "produce at least 51 percent confidence in a target's 'foreignness' " -- people, that is to say, who are not protected by the Fourth Amendment. FISA requires that targeted individuals are "reasonably believed to be located outside the United States." Is a standard of 51 percent confidence sufficiently reasonable? What percent would be sufficient? The Court could answer that question, but, if it follows its own reasoning in Clapper, you're first going to have to find an American who knows that he or she was targeted, and good luck with that. 

Just because technology makes something possible doesn't mean government has to do it. Laws can constrain practice; in a healthy democratic system, society should be able to make judgment calls about what that practice looks like -- which technologies are on the table and which are off. But the example of the Fourth Amendment demonstrates why this is so difficult: Legislators and judges have to make these decisions half-blind, without full knowledge about what possibilities they are foreclosing, and which they are inadvertently leaving open. It's not clear what the best way to proceed would be, nor if any could be better; maybe the Court's muddling approach to the Fourth Amendment will, in the end, provide it with the flexibility it needs to address surveillance-state creep.

In a weird twist, the best-case scenario is that the NSA's surveillance programs are legal -- or, at least, that the NSA believes that they are. The administration has certainly expanded its powers to fill every crack available, but it seems not to have broken any bricks, hewing assiduously to the letter of the law (as far as we know). It may be of small comfort, but overly broad laws are an easier problem to solve than that of a government that does whatever it wants, regardless. Let's hope that that is not what we have.

This article available online at:

http://www.theatlantic.com/technology/archive/2013/06/security-state-creep-the-real-nsa-scandal-is-whats-legal/276625/