Obama must recognize Fourth Amendment protection for metadata, the author writes. Getting serious on NSA reform

Last week, President Obama met with the five-member review board that he recently appointed to review the National Security Agency’s (NSA) controversial electronic surveillance program. The review board is part of the president’s effort to build confidence in the surveillance program and its respect for privacy rights.

But when Obama speaks about the program, he leaves the impression that its existing privacy protections are sufficient, if only we knew enough to appreciate them. That hardly instills confidence. If the president is serious about fixing the enormous overreach of U.S. surveillance that Edward Snowden helped to highlight, he should take these steps:


First, recognize 4th Amendment protection for our metadata. More than 30 years ago, in a different technological era, the Supreme Court ruled that, unlike the content of our phone conversations, we have no privacy rights in the numbers we call. The rationale was that we share those numbers with the phone company. The intrusion mattered little at the time because if the police wanted to reconstruct someone’s circle of contacts, they had to undertake the enormously time-consuming process of manually linking phone number to phone number.

Today, though, with a few computer commands, the government can easily reconstruct our entire direct and extended network of phone and email contacts, as well as (using the GPS signals from our phone) everywhere we visit. That astonishingly detailed picture of our lives – our metadata — can be more revealing of private matters than even the contents of our communications.

Moreover, the claim that we give up our privacy rights by sharing this data with communications companies makes no sense. We “share” the contents of our emails as well, and those are better protected by the 4th Amendment. Moreover, in today’s world, we have no real choice but to share our contact data if we are to communicate with anyone other than by word of mouth. In what amounted to a warning, a majority of the Supreme Court justices hinted last year that at least some of this data should receive 4th Amendment protection. The administration should get in front of the issue and propose legislation before the court rules for it.

Second, recognize the privacy rights of non-Americans outside the United States. Because the courts have interpreted the U.S. Constitution to protect the rights of American citizens and legal residents everywhere, but non-Americans only in the United States, the U.S. government recognizes no privacy rights for non-Americans abroad. It thus intercepts even the content of their communications with few restrictions. Needless to say, that intrusion does not go over well with the rest of the world. This narrow view of privacy also lets the government review the content when Americans communicate with others overseas, so long as the American is not the “target” of the surveillance. In a world where international communication is routine, this parochial view of privacy makes no sense.

Moreover, it is a disaster for U.S. Internet companies, which aspire to serve the world but risk losing business to competitors in foreign countries that recognize privacy rights for non-Americans. And if distrust of the United States yields pressure to move servers to where users are, all companies become more vulnerable to probing by governments like China, whose interest may not be simply fighting terrorism but also fighting dissent. Unlike the U.S. Constitution, international human rights law protects everyone, including the right to privacy. That’s not how the U.S. government likes to read the law, but it should.

Third, treat privacy rights as implicated as soon as information is collected. One favorite refrain of the NSA is to claim that our privacy rights are not affected when our communications are scooped up and stored in a government computer, only when an official examines that information. The NSA then insists we have nothing to worry about because the rules for “querying” this information are strict. But that logic crumbles on examination. Would our privacy interest in blocking the government from placing a video camera in our bedroom begin only when someone actually looked at the film?

Moreover, once our communications are in government computers, they are there for the long haul — in some cases five years or more — yet rules on querying them can change with administration or even time. The government claims it needs to store our communications because private companies may erase them too soon, but people tend to be more comfortable with private storage (competition is a restraint on private abuse that does not exist for the government). In any event, the NSA has been unable to identify any terrorist plot that would have remained concealed but for its undifferentiated scooping up of our metadata. That is true for even the most recent parts of its vast database, let alone the parts held for five or more years.

Fourth, revamp the FISA court. The administration’s case for the legality of its electronic surveillance depends on scrutiny by the Foreign Intelligence Surveillance Act (FISA) court, yet the court hardly engenders confidence. Its members are hand-picked by Chief Justice John Roberts (until recently, he picked only conservative Republican appointees), it hears only from the government, and its opinions have mostly been kept secret. It is difficult for any judge to evaluate the government’s claims when no one is there to challenge its evidence and arguments, especially in so technically complex an area as electronic surveillance — as the court’s chief judge recently conceded. Efforts to justify this process by analogy to judges who privately hear from only the government to approve an ordinary search warrant are off base because most of those warrants can ultimately be challenged in a public adversarial hearing as part of a criminal prosecution.

At minimum, as Obama has suggested, the FISA court should hear from a government-appointed “devil’s advocate,” who would have the necessary security clearances and could challenge the government’s case without tipping off the surveillance target. That person should have the right to appeal adverse rulings to a higher tribunal and ultimately the Supreme Court. A presumption of public disclosure should govern all FISA court opinions about general surveillance policy and the right to privacy, since excessive secrecy has helped the surveillance state flourish.

Fifth, protect whistleblowers. The whistleblower protection provided to government employees who expose evidence of wrongdoing does not extend to those who disclose what is deemed national security information. Whistleblowers facing prosecution can’t even defend themselves by showing that their disclosures caused no harm and promoted the public interest. Wrongdoing involving this information is supposed to be revealed only to an agency’s inspector general or to the congressional intelligence committees. Yet government employees who tried to use these procedures to complain about NSA overreaching faced retaliation and even prosecution – which might help explain why Snowden skipped these mechanisms and went directly to the media. The problem is aggravated by the government’s temptation to protect information that is simply embarrassing or politically fraught rather than truly a matter of national security. A better balance should be struck between the government’s interest in keeping certain information secret and Americans’ right to know when government activities violate their rights.

Finally, appoint a meaningful reform commission. There’s a real need for an independent reform group with the security clearances and technical expertise needed to review all aspects of U.S. electronic surveillance and to publicly suggest reforms. The five-person group that Obama recently created purports to be such a commission, but its mandate as publicly announced does not even mention privacy, going only so far as to ask whether U.S. intelligence collection “appropriately account[s] for other policy considerations.” Only after the group’s first meeting did a White House press release finally mention the “p———” word as well as “civil liberties.” The White House should make clear that these key concerns are part of the group’s mandate, including the privacy rights of both Americans and non-Americans.

We have learned enough about the NSA’s overreach to know there are real problems with its electronic surveillance. Obama arguing that we should just trust him will no longer placate concerns. Real reform is needed to convince us that in the NSA’s preoccupation with security, our privacy rights have not been lost.

Kenneth Roth is executive director of Human Rights Watch. Follow him on Twitter @KenRoth.