Show sidebar

NSA SEXINT is the Abuse You’ve All Been Waiting For

In the latest news report based on documents revealed by Edward Snowden, we’ve learned that the NSA creates profiles of porn viewing, online sexual activity and more from its vast database of Internet content and transactional data as part of a plan to harm the reputations of those whom the agency believes are radicalizing others through speeches promoting disfavored—but not necessarily violent—political views. The report—by Glenn Greenwald, Ryan Gallagher and Ryan Grim in the Huffington Post—shows how the NSA proposes to use personal information gleaned from electronic surveillance to blackmail, silence and otherwise marginalize people for advocating “radical” beliefs.

I will assume for the sake of argument that there may be rare occasions where such a tactic is a good idea—where, in the words of former intelligence lawyer Stewart Baker, it’s better to “drop[] the truth” on someone than to drop a bomb.  But history and the current Huffington Post documents show that intelligence agencies, including the NSA, are utterly incapable of knowing when that is, or of deploying such a dangerous technique safely.

This NSA is an exceedingly aggressive spy machine, pushing—and sometimes busting through—the technological, legal and political boundaries of lawful surveillance.  Democratic values including individual liberty, the right to be left alone, and freedom of expression are subordinate to the agency’s apparent goal of collecting as much information as it possibly can. Protections, limitations or safeguards against intelligence misuse or abuse of collected information are absent or uncertain. Yet, the NSA presses on, even when the subject is a U.S. person.  Current law may very well allow spying even for extortion or blackmail purposes, and potentially even against U.S. persons as well foreign nationals abroad.  What that means is that, once again, the Snowden documents show us we need more protective laws.

The Huffington Post story does not show that the NSA ever actually blackmailed the targets or revealed the embarrassing information. Of course, this practice–and the identities of the people–are secret. We simply wouldn’t know whether the NSA ever carried out this plan.  In fact, the target would probably never know either.  As Julian Sanchez points out,

Often, the point [of intelligence work] is precisely to make use of information from intercepts in ways that can never be directly or publicly traced to government. A target whose reputation or career is torpedoed by embarrassing disclosures may never know whether they were the victim of an intelligence operation or simple bad luck.

There are only six targets discussed in the paper. These six are  worthwhile “exemplars,” according to the documents. But NSA profiles more than six people, we don’t know how many more, and we don’t know why.

These targets do not all advocate violence, nor are they notably connected to terrorists or other violent people. As Marcy Wheeler points out, “[The beliefs that these] so-called ‘radicalizers’ promote range from 9/11 trutherism to intolerance for non-Sunni Muslims to justifying the killing of non-Muslim invaders.”

One target’s offending argument is that “Non-Muslims are a threat to Islam,” … Another target, a foreign citizen the NSA describes as a “respected academic,” holds the offending view that “offensive jihad is justified,” … A third targeted radical is described as a “well-known media celebrity” based in the Middle East who argues that “the U.S perpetrated the 9/11 attack.” … A fourth target, … argues that “the U.S. brought the 9/11 attacks on itself” ….

I assume that our government would not even begin to contemplate dropping a bomb on any of these identified targets for any of these reasons, Stewart Baker’s quip notwithstanding. And guess what? Polls show a number hovering up to 40% of Americans think that one or more elements of the U.S. government were responsible for some portion of the death and damage on 9/11. 9/11 conspiracy theorists are not the kind of people whose sex lives we ought to spy on.

Further, these individuals ripe for discrediting had “minimal terrorist contacts.” According to the article:

 In particular, “only seven (1 percent) of the contacts in the study of the three English-speaking radicalizers were characterized in SIGINT as affiliated with an extremist group or a Pakistani militant group. An earlier communications profile of [one of the targets] reveals that 3 of the 213 distinct individuals he was in contact with between 4 August and 2 November 2010 were known or suspected of being associated with terrorism.”

Having examined the networks of these “radicalizers” for terrorists, and finding so few, one might think that the NSA should reconsider whether it was going after the right people. Instead, the agency cited the lack of terrorist connections as justification for focusing on these people: “[V]ery few of the [English-language radicalizers’] contacts noted were associated with terrorism, suggesting that the target audience includes individuals who do not yet hold extremist views but who are susceptible to the extremist message.”

Far more people hold extremist views than commit violence, and espousing even violent views is not the same as recruiting people for terrorist attacks. The NSA is betting resources, American values and the First Amendment on a huge and unproven assumption that there is a connection between advocating violence and convincing others to commit violence.

Further, when an individual holds views that are radical, but not necessarily violent, empirical studies have proven there is no predictable connection with terrorism. As the ACLU’s Mike German has pointed out, the concept that the adoption of a particular belief set is a precursor to violent action has been refuted in multiple empirical studies. One report published by the British think-tank Demos in 2010 found that:

“[c]ertain ideas which are sometimes associated with terrorism were, in fact, held by large numbers of people who renounced terrorism.” The authors pointed out that holding radical views and rebelling against the political and social status quo was a normal part of being young, and that “[r]adicalization that does not lead to violence can be a positive thing” when it leads to greater involvement in political and community affairs. It argued that censorship of radical ideas would be ineffective and counterproductive, and the government should ensure “that young people can be radical, dissenting, and make a difference, without it resulting in serious or violent consequences.

German says that another such study from think tank RAND showed that the “decision to engage in terrorist violence is a complex one involving a matrix of different environmental and individual factors, no one element of which is necessary nor sufficient in every case.”

Policing based on a theory that people are radicalized through listening to fiery speeches and reading incendiary texts is so very dangerous. People have a right to believe what they believe. The First Amendment protects this activity not only out of respect for personal dignity, but also because society may need to evolve over time, and evolution requires a citizenry who can think, speak and organize freely.  Civil rights, anti-war, women’s suffrage, the 40 hour work week, states’ rights, the environmental movement, gun ownership, medical self-determination, gay rights, abortion, the Tea Party, anti-commercialism—whatever the cause, and regardless of whether you agree with it, a fundamental precept of freedom is the right to advocate for it, and possibly to win the policy debate and have those views become mainstream.  The Constitution purposefully limits the power of entrenched interests, whether the government or the ideological majority, to squelch non-violent aspects of the process of social and political change.

For those who care only about the privacy and free speech rights of Americans, the document shows that while the NSA believes that all of the exemplars currently reside outside the United States, one of the six identified targets is a U.S. person, that is a citizen or someone with a green card.

Finally, we see that vast categories of information, no matter how intimate, personal, or seemingly mundane, might be labeled “foreign intelligence information” for their usefulness in discrediting “radicalizers.” For example, the document on which The Huffington Post story is based identifies “online promiscuity,” “publish[ing] articles without checking facts,” leading “a glamorous lifestyle,” and “deceitful use of funds” as bases for undermining these targets.

Remember, the NSA is allowed to collect foreign intelligence information, defined as information that is either relevant or necessary to particular U.S. national security goals, including not only counterterrorism, but also the conduct of foreign affairs.  Are “fact checking” or “overspending on lifestyle purchases” considered “foreign intelligence information,” and if so, is it only in connection with specific targets? Or does the NSA consider this personal stuff to be foreign intelligence information in general, and therefore open to NSA collection, use and dissemination more broadly, just in case?

The next question is, “under what legal authority is the NSA lawfully able to create a dossier of embarrassing factoids, including about Americans, who are not violent terrorists?”

Readers of this blog know that the agency can obtain Americans’ communications via FISA court orders based upon a showing that the target is an agent of a foreign power, or warrantlessly when we communicate with or about foreign targets about matters of foreign intelligence interest. Other suspicionless collection of information concerning Americans can come from overseas surveillance collecting things like address books and contact lists, unregulated overseas collection of Internet transactions, and warrantless domestic collection of business records, including but potentially not limited to, phone call records.  U.S. intelligence agencies also get information about Americans from foreign spying partners like the U.K.’s GCHQ. Collection on non-U.S. persons is far less regulated.

Where intelligence authorities collect information under the dictates of FISA, the statute governs use and disclosure as well.  According to David S. Kris and J. Douglas Wilson, authors of the bible on national security investigations law (and yes, this does make a great Christmas gift), there are four main limitations that may apply to the use of FISA information:

First, FISA information must be used or disclosed in accord with governing minimization procedures. Second, it may be used or disclosed only for lawful purposes. Third, … information disclosed for law enforcement purposes [cannot] be used in a criminal proceeding without the Attorney General’s permission. Finally, …privileged information acquired from electronic surveillance or production of tangible things … does not [] lose its privileged nature.

Only the first two are relevant here.

Minimization procedures are both incorporated into FISA Court orders authorizing electronic surveillance, physical searches, and the production of tangible things, and operate after the fact to govern use and disclosure of information “concerning any United States person.” None of the minimization procedures that have been leaked or declassified so far suggest that discrediting U.S. persons is a valid reason to use or disseminate collected information.  However, as Christopher Sprigman and I wrote earlier this summer, minimization procedures do not seem to prohibit abusive secondary uses of Americans’ information either. That is because:

First, the minimization procedures are themselves secret. Moreover, by law, purely domestic communications that the NSA inadvertently collects need be deleted only if they “could not be” foreign intelligence information – a provision that requires the NSA to delete very little. Some minimization procedures have been leaked to the public, and these show that the government may “retain and make use of ‘inadvertently acquired’ domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity.” Even otherwise privileged communications between individuals and their lawyers are not deleted. The agency merely stores those in a separate database so they are not sent to a law enforcement agency for use in a criminal case.

Still, Kris and Wilson say that because FISA authorizes use or disclosure only in accordance with minimization procedures, uses not specifically authorized should be considered forbidden.  Which minimization provisions authorize targeting a U.S. person, even one located overseas, on the basis of his or her political radicalism? This is an especially pertinent question since FISA prohibits certain intelligence activities affecting Americans based on First Amendment conduct alone.

Second, no FISA information “may be used or disclosed … except for lawful purposes.” Congress enacted this provision because use minimization procedures restrict information concerning only U.S. persons.  Apparently, Congress wanted to protect foreigners from illegal use as well.

Before our foreign friends say, “thanks for the favor!,” Kris and Wilson go on to report that FISA’s legislative history shows a debate directly relevant to today’s news about what would constitute illegal use.  Specifically, the 1978 Senate Judiciary Committee report says that the

Committee does not intend nor does the bill permit that information gathered about a foreign visitor be used to blackmail him into becoming an agent against his country.

However, the House report says that while the U.S. government

[s]hould not seek purely personal information [about a U.S. person] who is a suspected spy, merely to learn something that would be “compromising” [this] restriction might not be applicable to non-U.S. persons “because compromising information about their private lives may itself be foreign intelligence information.”

Case law on the subject lends little further guidance on whether using personal foibles to undermine “radicalizers” would be lawful, even if the target is a U.S. person. Kris and Wilson cite the case of U.S v. Singleton suggesting it implies that anti-blackmail laws do not apply to the federal government acting in its sovereign capacity.  Nor is it clear that the statute prohibiting official extortion applies to efforts to sway individuals away from even lawful political advocacy. The cases interpreting the law talk about the official obtaining money or something of value from the victim, not about dissuasion or even recruitment as a foreign agent.  (See also Kris and Wilson §28.3.)

Of course, much of the surveillance used to obtain information for undermining these sorts of targets may have been obtained overseas and outside of the parameters of FISA.  If so, then the minimization/lawful use restrictions in the statute would not apply at all.  The far less restrictive, and less policed, limitations in Executive Order 12333 would apply. Those give a nod to protecting the legal rights of U.S. persons (§1.1) and require covert intelligence to be evaluated for “consistency with applicable legal requirements” (§1.2) but not much else in the order appears to constrain uses of collected information.

Once again, there appear to be few, uncertain and inconsistent legal standards, no checks and balances or identified oversight for when NSA decides to use the information it collects via mass surveillance against someone, even an American citizen.

The public and policy makers may hear “foreign intelligence information” and think it means data which helps identify and neutralize people who want to kill Americans, and not that which identifies and undermines peaceable people who merely hold radical, violent or even revolutionary ideas in the eyes of those currently in power.

Of course, intelligence agencies have used embarrassing information against people for their political beliefs in the past. The Federal Bureau of Investigation used recordings it gleaned from bugging Dr. Martin Luther King Jr.’s private quarters to attempt to blackmail him into silence, despite the fact that King unwaveringly supported non-violent means. It was his revolutionary idea of social equality for all races, and his anti-war beliefs, that made him dangerous.

As Bret Max Kaufman, Legal Fellow at the ACLU National Security Project writes:

King was not alone on the government’s long list of targets; he shared marquee billing with boxer Muhammed Ali, humorist Art Buchwald, author Norman Mailer, and even Senator Howard Baker. But the greater scandal was that — as the Church Committee revealed in 1976 — these big names appeared alongside more than one million other Americans, including half a million so-called “subversives.”

Julian Sanchez at the Cato Institute points out another historical examples of actual and threatened blackmail:

[FBI Director J. Edgar] Hoover’s right hand Cartha DeLoach proudly reported that the Bureau had learned of a truculent senator caught driving drunk with a “good looking broad.”  The senator, DeLoach explained, was promptly made “aware that we had the information, and we never had trouble with him on appropriations since.”

These practices were disgusting, dangerous and abusive then, just as they are now. What’s new is that, in a mass surveillance ecosystem, the scale and scope on which this kind of activity can take place is unprecedented. Once it collects information about hundreds of millions of people in mass, “dossiers” of potentially embarrassing information—or blackmail quality secrets—dirt on anyone is just a few searches away. Intelligence operatives can secretly tar anyone, seemingly at will, since the NSA has the technological capacity, and no one has identified a law which would, if followed, intercede. These abilities, never mind the will to use them, are incompatible with individual freedom and democracy.

[For more posts like this one, follow Just Security on Twitter @just_security and on Facebook at https://www.facebook.com/JSBlog]

Filed Under: ,


About the Author

is the Director of Civil Liberties at the Stanford Center for Internet and Society. Follow her on twitter @granick