A pedestrian is hit by a car. He sues the driver, seeking compensation for his injuries. He wins that compensation. Does this now mean the accident never happened? Of course not. Well, not unless you follow the strange logic that the UK Investigatory Powers Tribunal did when, in December 2014, it found that GCHQ’s involvement in NSA surveillance was sufficiently transparent—when the only thing that made it transparent enough was information the agency disclosed, in court, after being sued.
In fairness to the Tribunal, it released a follow-up judgment last month, clarifying (upon correction by the plaintiffs’ barrister) that the surveillance was unlawful until those disclosures were made. The resulting victory in this case, brought by several major NGOs, could be downplayed as a narrow win on a technicality. Still, unlawful is unlawful, and the outcome is significant. A tribunal that has never previously ruled against the intelligence services has found that the shroud of secrecy within which their surveillance has operated was contrary to the rule of law—the idea that powers wielded by the executive should not be unfettered but definite in scope and set out in laws accessible to ordinary citizens.
It is, however, easy to forget that the very effectiveness of surveillance techniques can often depend on secrecy—on targets not knowing that they’re being listened to, and on criminal enterprises being unaware of the methods that could be used to monitor them. But equally, most of us (including lawmakers) were taken aback by the staggering expansiveness of surveillance operations revealed by Edward Snowden’s 2013 leaks. From the NSA directly accessing servers of popular online services and retaining in bulk the personal communications of millions globally, to GCHQ tapping into fibre optic cables carrying internet traffic across the Atlantic, these mass data harvesting programs appeared to markedly depart from the paradigm of targeted surveillance of individuals, authorized by warrants upon a showing of suspected wrongdoing. We continue to be inundated with almost daily reports about intrusive actions—most recently the claim that the two agencies hacked into a SIM card manufacturer’s database to gain access to billions of cellphones.
None of this activity was publicly debated. The problem is that, as the UN special rapporteur on counter-terrorism and human rights puts it, “if [s]tates deploying this technology retain a monopoly of information about its impact, a form of conceptual censorship will prevail that precludes informed debate.” Equipped with almost no details with which to evaluate the justifiability of these measures, we’re expected to take officials and politicians at their word when they claim that such powers have prevented attacks, and when they make sweeping assertions—sometimes exploiting the emotions of a tragedy—that more powers will prevent future attacks. Granted, the dearth of information can make us unfairly skeptical of the intelligence agents who no doubt work extremely hard to protect us. As Clark Gregg’s FBI agent on The West Wing remarked, “we don’t take curtain calls.” Only the failures become public; never the successes. Still, unquestioningly accepting what political leaders tell us is dangerous because, well, it can prove false.
The powers that be (watching you)
Here’s a précis on the legal powers that intelligence agencies in the UK and US currently have to intercept electronic communications (in other words, to obtain the content of emails, Facebook posts, web searches etc). The powers available depend on whether the target is within the country’s territory or abroad.
First, domestic monitoring: under “RIPA” (the Regulation of Investigatory Powers Act 2000), interception of communications sent and received by persons inside the UK can be authorized by a warrant issued by the Home Secretary. She is empowered to issue such a warrant on request of a UK intelligence / law enforcement agency, naming an individual or premises to be targeted, if she believes the interception is necessary in the interests of national security, crime prevention or (in narrower circumstances) the UK’s economic wellbeing, and is a proportionate means of protecting those interests.
US federal law on domestic interceptions differs in two major respects: 1) a warrant for interception must be issued by a court rather than an executive branch official, and 2) the court can only issue a warrant if there is probable cause to believe the target is involved in crime. These two features—impartial judicial scrutiny and a showing of suspected individual wrongdoing—stem directly from the Fourth Amendment to the US Constitution, a 200-year-old entrenched privacy provision. There’s clearly far stronger protection of the individual in this system than under RIPA, which turns on a politician’s subjective belief of necessity. This is presumably what Snowden meant when he warned that GCHQ is relatively unchecked.
That said, when it comes to foreign intelligence, both countries’ laws give wide latitude to agencies. The UK’s RIPA, and section 702 of the US Foreign Intelligence Surveillance Act (FISA) allow bulk interception/acquisition of communications of persons outside the respective country (under US law it is limited to non-US citizens/residents abroad)—without a need to specify individual targets or show any suspicion of wrongdoing—if authorized by a minister who certifies that necessity-type criteria are met.
The mere fact of this latitude may not be objectionable (actually it is, especially if you’re Angela Merkel). What would be highly objectionable, indeed outrageous, is if GCHQ were piggybacking on the NSA’s unfettered power to surveil Brits (foreigners under US law) in order to slyly acquire their communications when it cannot itself legally get them under RIPA.
Hence the lawsuit brought by Amnesty, Liberty and Privacy International, among others.
These NGOs argued that the lack of a publicly visible legal basis for GCHQ requesting intercepted communications from the NSA violated the requirement, under Article 8 of the European Convention on Human Rights, that any power to interfere with privacy be set out in accessible laws which make it foreseeable how such a power will be exercised.
The plaintiffs also argued that requesting intercepts from the NSA in order to deliberately circumvent restrictions under RIPA would be unlawful. The defendant agencies accepted this and, after a ‘closed’ (aka non-public) hearing from which the plaintiffs were excluded, they disclosed that their policy is to only make such requests where it “does not amount to a deliberate circumvention of RIPA.” There is an almost farcical tautologous quality to this. It reminds this author of a high school English lesson where the teacher picked on a disruptive student, demanding that he explain to the group the importance of quoting from sources to back up your arguments. The student stood up, grimaced and simply parroted: “it’s important to quote.”
This satisfied the tribunal (though of course it was privy to classified information in the closed hearing). One cannot help but read the tribunal’s judgment as bending over backwards to vindicate the agencies, arguably even diluting what the law requires. Its finding that the overinclusive concept of “external” (i.e. non-UK) communications (which may be intercepted without individual targeting) was not unlawfully vague, even though it may (or may not—the court declined to decide) include posts by a Brit on the Facebook wall of another Brit, contrasts with the US surveillance court’s holding that the NSA’s “Upstream” program (under s702) was unconstitutional for failing to adequately minimize the number of US communications caught in its net.
In fairness, there are two positive things this case shows us about the Tribunal. First, the fact that it exists and enables people to challenge actions of the security services. In the US, challenges involving classified information are invariably dismissed right out of the gate when the Obama administration asserts the state secrets privilege. The UK’s use of closed hearings, while highly problematic, actually allows these cases to be adjudicated while respecting the need to protect sensitive information. Second, even though these NGOs had no way of knowing (and thus proving) they had been victims of the surveillance they challenged (because it’s covert), the Tribunal allowed them to challenge the activities on the basis of hypothetical / assumed facts. By contrast, the US Supreme Court dismissed Amnesty’s challenge to FISA for lack of standing—because unsurprisingly it couldn’t prove it had been subject to the surveillance.
The great constitutional scholar J.A.G. Griffith wrote: “[I]t is not by attempting to restrict the legal powers of government that we shall defeat authoritarianism. It is by insisting on open government.” The agencies’ powers to intercept communications are broad. And the wholesale secrecy with which they are exercised—understandable to an extent—has limited the “openness” of government. It is easy to get surveillance fatigue with all the constant leaks and reports. But as the “snoopers charter” rears its head in the Lords again, and greater surveillance powers will be an election issue, the debate needs to be had.
Photo credit: Jonathan McIntosh via Flickr. Licensed under Creative Commons 2.0.