U.S. Citizenship and N.S.A. Surveillance – Legal Safeguard or Practical Backdoor?

Published 15 Oct. 2013 at Freedom to Tinker.

The main takeaway of two recent disclosures around N.S.A. surveillance practices, is that Americans must re-think ‘U.S. citizenship’ as the guiding legal principle to protect against untargeted surveillance of their communications. Currently, U.S. citizens may get some comfort through the usual political discourse that ‘ordinary Americans’ are protected, and this is all about foreigners. In this post, I’ll argue that this is not the case, that the legal backdoor of U.S. Citizenship is real and that relying on U.S. citizenship for protection is not in America’s interests. As a new CITP Fellow and a first time contributor to this amazing blog, I’ll introduce myself and my research interests along the way.  

On 14 October the Washington Post disclosed that the National Security Agency ‘collects millions of e-mail address books globally’, and on 29 September the New York Times reported that the ‘N.S.A. Gathers Data on Social Connections of U.S. Citizens’. These latest series of disclosures debunk earlier statements from senior U.S. officials that these surveillance practises are targeted at foreigners, and have little or no impact on U.S. residents; even up to President Obama. How come U.S. legal safeguards in the books don’t seem to protect Americans against such untargeted surveillance in the real world?

The Foreign Intelligence Surveillance Act (‘FISA’), in particular section 702, is the talk of the day, and rightly so. It enables untargeted surveillance of ‘foreign intelligence information’ — which includes surveillance for foreign affairs-, economic- and political purposes — of non-U.S. citizens and people living outside the U.S. without any meaningful legal restriction. The aim of FISA is to provide legal safeguards for U.S. citizens and people living in the U.S. But for the N.S.A. c.s., there exist at least three ways to work around the ‘U.S. citizenship principle’:

  1. Make favorable assumptions of non-U.S. citizenship: either uphold that you are ‘51% certain’ that a data subject is non-American, or collect data outside the U.S. and assume that those data belong to foreigners. If you make such assumptions, FISA doesn’t require consultation of the Foreign Intelligence Surveillance Court for specific intelligence operations. Such practices, subsequently, go without any check and balances, even with regard to U.S. citizens.
  2. Draft favorable exemptions in minimization procedures for U.S. citizens: see section 5(2) and 5(3) of the 21 June disclosed documents and Josh Kroll’s fine analysis. For instance, regardless of citizenship, encrypted communications can be kept forever – which given the fact that HTTPS is becoming an industry standard amounts to a large portion of your communications.
  3. Circumvent local laws through international intelligence sharing: another easy work-around is to collude with an allied agency to gather intelligence information on each other’s citizens, and subsequently share the data bilaterally. This ‘quid pro quo’ principle mediates bilateral co-operation between intelligence agencies. This could well be the driving dynamic behind the TEMPORA program, in which the N.S.A. and its English equivalent GCHQ closely work together to intercept data of fiber-optics running across the Atlantic, as well as the untargeted backbone interception at ~20 Internet Exchanges around the world that NSA-whistleblower Bill Binney pointed at during a conference recently in Lausanne, which is huge, but still (for how long?) remains absent from mainstream reporting.

This is the short version, detailed analysis can be found in two papers on FISA or my slides [pdf] from a recent talk that The Guardian live-blogged. I have worked on FISA for over two years now, and will continue to do so this year during my Fellowships at CITP and the Berkman Center at Harvard University, visiting from the Institute for Information Law in Amsterdam (bio and publications).

A closely related topic is HTTPS governance on which my papers on several Certificate Authority breaches ask the question if regulation or other species of governance should overcome the systemic vulnerabilities of SSL/TLS and the CA ecosystem. This also ties into how untargeted interception of SSL/TLS encrypted communications is conducted in practice. I wouldn’t be surprised if we find out that the N.S.A. has its legal and technical backdoors in the SSL/TLS- and CA ecosystem protecting a great deal of our social and financial communications, which the BULLRUN disclosures by The Guardian suggest. Extrapolating from these issues, the third topic I’ll dive into is whether we need a new governance model for communications security, the subject of my very early-stage research talk at CITP on 3 October.

Back to the U.S. Citizenship backdoor. Much of the societal debate has been focused on whether these programs where ‘legal’ and ‘authorized’. Currently, the only remaining meaningful obstacle against untargeted surveillance of U.S. residents is not so much in the law, and not even in the 4th Amendment of U.S. Constitution (one wonders why U.S. lawyers haven’t framed this issue more as a 1st Amendment issue of speech and associational freedom, receiving stronger protections in the U.S.). What remains is the quite trivial area of executive opportunism: ‘if this comes out, do we get away with it?’ Can our constituencies be convinced that this doesn’t impact us, but them?

To be clear, several agencies in Europe have joined the bilateral party, so this is not a beauty contest between legal regimes. Nonetheless, it becomes clear that it is in America’s interest to re-think the U.S. citizenship legal criterion, that functions as a practical backdoor for untargeted surveillance of both them and us. I would argue that the question Americans of all sides of the political spectrum, notably the centre, need to ask is whether the reliance on a trivial legal safeguard and executive opportunism is sufficient when (the next) Edward Snowden illuminates another legal backdoor connected to the U.S. citizenship principle.

A broader perspective on that question would also factor in the implications of this principle for the credibility of the U.S. internet freedom agenda, U.S. moral leadership in the world, U.S. business opportunities abroad and universal human rights obligations in the U.N. conventions to which the U.S. is also a party. Is the U.S. citizenship principle a tenable way forward for both Americans’ privacy, broader U.S. interests and even more broadly for a robust and trustworthy information society in the 21st century?

47 thoughts on “U.S. Citizenship and N.S.A. Surveillance – Legal Safeguard or Practical Backdoor?”

  1. Whats up this is kind of of off topic but I was wanting to know ifblogs use WYSIWYG editors or if you have to manuallycode with HTML. I’m starting a blog soon but have no coding experience so I wanted to get advice from someone withexperience. Any help would be enormously appreciated!

  2. I think this is among the most important information for me. And i’m glad reading your article. But want to remark on some general things, The site style is ideal, the articles is really great : D. Good job, cheers

  3. Asking questions are genuinely pleasant thing if you are not understanding anything entirely, but this paragraph presents fastidious understanding even.

  4. Thanks a bunch for sharing this with all of us you actually
    realize what you’re speaking about! Bookmarked.

    Kindly additionally seek advice from my site =). We may have a
    link exchange arrangement between us

  5. Hello there, just became aware of your blog through Google,
    and found that it’s truly informative. I am gonna watch out for brussels.
    I will be grateful if you continue this in future.
    Many people will be benefited from your writing. Cheers!

  6. I absolutely love your blog.. Excellent colors & theme.

    Did you build this website yourself? Please reply back as I’m wanting to create my own personal blog and would like to
    learn where you got this from or just what the theme is called.
    Many thanks!

  7. Awesome blog! Do you have any recommendations for aspiring writers?
    I’m planning to start my own site soon but I’m a little lost on everything.
    Would you propose starting with a free platform like WordPress or go for a paid option? There are so many choices
    out there that I’m completely confused ..
    Any suggestions? Kudos!

  8. Hey there! I just wanted to ask if you ever have any trouble with hackers?
    My last blog (wordpress) was hacked and I ended up losing several
    weeks of hard work due to no data backup.
    Do you have any methods to prevent hackers?

  9. Howdy, I believe your website could be having web browser compatibility problems.
    When I look at your blog in Safari, it looks fine however, if opening in I.E., it has some overlapping issues.
    I simply wanted to provide you with a quick heads up! Other than that, wonderful blog!

  10. Please let me know if you’re looking for a
    article writer for your weblog. You have some really
    great articles and I feel I would be a good asset. If you ever want to take some of the load
    off, I’d absolutely love to write some articles for your blog in exchange for a link back to
    mine. Please send me an email if interested.
    Thank you!

  11. Hi! I’ve been reading your weblog for a long time now and finally got
    the bravery to go ahead and give you a shout out from Humble Texas!
    Just wanted to say keep up the fantastic work!

  12. You actually make it appear really easy with your
    presentation however I to find this topic to be actually something that I feel
    I might never understand. It sort of feels too complicated and very
    wide for me. I’m looking ahead in your next post, I’ll attempt
    to get the dangle of it!

  13. Excellent website you have here but I was wondering if you knew of
    any user discussion forums that cover the same topics
    discussed in this article? I’d really love to be a
    part of online community where I can get feedback from other experienced individuals that share the same interest.

    If you have any recommendations, please let me know.
    Thanks a lot!

  14. My spouse and I absolutely love your blog and find many of your post’s to be just what I’m looking for.
    Does one offer guest writers to write content for yourself?
    I wouldn’t mind composing a post or elaborating on most
    of the subjects you write about here. Again, awesome weblog!

  15. hello!,I like your writing very a lot! share we communicate more approximately your post on AOL?
    I need an expert on this house to solve my problem.
    May be that is you! Having a look forward to peer you.

  16. After exploring a few of the blog articles on your website, I seriously like your technique of blogging.

    I bookmarked it to my bookmark site list and will be checking back in the near future.

    Please check out my website as well and let me
    know your opinion.

  17. Thanks for the marvelous posting! I certainly enjoyed reading it, you may be a great author.
    I will always bookmark your blog and may come back in the foreseeable future.
    I want to encourage one to continue your great work, have a
    nice day!

  18. Hello! I could have sworn I’ve been to this website before but after browsing through some of the post I realized it’s new to me.

    Anyways, I’m definitely happy I found it and I’ll be book-marking and checking back often!

Leave a Reply

Your email address will not be published.