I wanted to add a few thoughts to Ryan Goodman’s post outlining policy arguments for and against giving foreigners the same privacy protections enjoyed by Americans (at least theoretically).
By way of context, it’s worth recalling that at issue is the interception of electronic communications and the collection of metadata on a mass scale, not espionage aimed at government or military information which has been dealt by states primarily through diplomatic means (although it is of course illegal under every country’s domestic law). It’s also important to note that each surveillance program treats Americans and foreigners differently. For example, Section 702 of the FISA Amendments Act, which authorizes the interception of communications in the United States, extends its limited privacy protections at least to those foreigners who are permanent residents of the United States. Executive Order 12333, by contrast, relates to the collection of signals intelligence collection overseas. Until recently, the order’s few privacy protections extended only to Americans. This year’s Presidential Policy Directive 28 asks the Office of the Director of National Intelligence to extend to foreigners restrictions on retention and dissemination of personal information that have thus far only applied to Americans. It also cabins how information collected under narrowly defined “bulk collection” programs is used.
Ryan rightly points out that a major concern about surveillance is that it can be abused to target people for reasons other than criminal activity (e.g., political views), but this may be less of a concern with respect to surveillance overseas where the US doesn’t have enforcement authority. In fact, there are a number of ways in which the US can harm foreigners living outside its physical jurisdiction. Last year, the Huffington Post reported that – in a move reminiscent of J. Edgar Hoover – the NSA had been gathering “records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches.” The US can nominate people for international sanctions lists, which can result in the freezing of their assets as well as travel bans. (The inability of individuals to contest their inclusion on these lists resulted in a ruling by the European Court of Justice that the scheme violated fundamental rights). Placing people on notoriously bloated and inaccurate no fly lists, as well as denying visas to travel to the US are other ways in which foreigners may be harmed based on the results of surveillance. In at least a few countries in the world, the US enjoys such enormous influence that it can essentially force local governments to take action against their own citizens or allow the US itself to exercise physical control or force. I’m thinking of drone strikes in Yemen, but also of operations against drug cartels in Mexico. Of course, the US can also act without the consent of the country concerned, particularly in places where internal governance is weak.
An additional argument for enhancing privacy protections for foreigners overseas is that the privacy of Americans is intimately bound with that of foreigners. Increased connectivity mean that we are communicating across borders at such a rate that government programs to collect overseas information inevitably pull in a great deal of information about Americans. Under EO 12333, such “incidentally” collected information about Americans can be retained by the NSA for a variety of reasons. As former State Department official John Napier Tye explained in the Washington Post earlier this year:
“Incidental” collection may sound insignificant, but it is a legal loophole that can be stretched very wide. … A legal regime in which US citizens’ data receives different levels of privacy and oversight, depending on whether it is collected inside or outside US borders, may have made sense when most communications by US persons stayed inside the United States. But today, US communications increasingly travel across US borders — or are stored beyond them. For example, the Google and Yahoo e-mail systems rely on networks of “mirror” servers located throughout the world. An e-mail from New York to New Jersey is likely to wind up on servers in Brazil, Japan and Britain. The same is true for most purely domestic communications.
Similar concerns have been raised by about incidental collection inside the US under Section 702 of the FISA Amendments Act.
While improving “back-end” protections – constraints on the government’s retention or use of incidentally collected information – may help protect Americans’ privacy, their effectiveness is limited. In many contexts, the NSA has admitted that it is unable to identify and filter out Americans’ communications.
In other words, if the NSA has free rein on to gather foreigners’ information, the pool of information it will simultaneously collect about Americans is enormous and, under current rules, barely protected.
I agree with Ryan’s conclusion that procedural rules on surveillance work best in the domestic context. Indeed, they can only work when there is public trust in the government institutions that are implementing them, generally in secret. At this point, there is considerable skepticism about the NSA’s commitment to the privacy values. Relying on procedural protections implemented by other countries, particularly non-democratic ones is even less palatable. Of course, taking the position that there are strong policy reasons for extending privacy protections to mass surveillance programs overseas is not the same as requiring individualized warrants for each interception. There are ways of raising the bar on the type of information governments can collect and about whom (just as President Obama has done with respect to the use of certain types of information in Presidential Policy Directive 28) without reverting to a Fourth Amendment warrant model.
Snowden’s revelations jump-started a conversation about privacy rights, both at home and overseas. Its time to recognize that these rights are intimately connected – stronger protections for foreigners will not only enhance their privacy, but also that of Americans.