Privacy & National Security
"War is an ugly thing, but not the ugliest of things. The decayed and degraded state of moral and patriotic feeling which thinks that nothing is worth war is much worse. The person who has nothing for which he is willing to fight, nothing which is more important than his own personal safety, is a miserable creature and has no chance of being free unless made and kept so by the exertions of better men than himself."
-- John Stuart Mill
One of the most glaringly absent pieces from my thoughts on privacy in the digital realm was national security. Really, all levels of security were absent, from national security and local law enforcement. When Facebook, Twitter, blogs, and traditional news outlets talk about national security, they tend to invoke the three cruxes to freedom and safety:
Drugs, children, and terrorism.
We have thus defined the ultimate moral problem that democratic freedom faces, and it is that holy trinity of spin. All three represent the thing we wish to protect or defeat most. Anything that would hinder such a goal is immediately jumped upon by pundits and political spin masters. Some might say I am in favor of child pornography because I don’t want internet traffic to be tracked and retained for the rest of eternity. Or they might suggest I condone the murder of Americans because cutting back on license plate data tracking and retention might make it difficult for police officers to catch criminals. Both suggestions are entirely false.
Those three concepts- drugs, children, and terrorism- make up the moral dilemma of the day when it comes to our legislative efforts. Any way a private company or government can chip away at our rights, liberties, and freedoms by justifying it via one or more of the holy trinity of spin is most certainly the way to go from a political career standpoint. It has to be, because those same people are deathly afraid of the political backlash that might result if they vote against a bill labeled as the “Children’s Internet Protection Act” or something equally pleasant sounding. With a bill named that, even if it proposes to allow law enforcement the right to take any website offline if suspected of child pornography without warrant or oversight, voting against such censorship and for due process of law gets spun into headlines like “Senator So-And-So voted against removing child pornography from the internet.” The level of spin involved is ridiculous.
But that’s what happens. Politicians and pundits thrive on messing with your perceptions, changing your reality to suit their needs. Organizations come in and throw around the notion that children need to be protected, that terrorism will kill everyone, and drugs will be so widespread that we’ll be swimming in rivers of cocaine before you know it. To combat that, we need to destroy our freedoms, especially our right to privacy. If you can hide, you can distribute pictures of nude Boy Scouts or you can help ISIS launder money or you can buy kilos of heroin from some cartel across the border. Or, heaven forbid, you pirate a TV show because we all know that pirate sites are sponsored by terrorists and pirating means ad revenue to terrorists which is then used to kill innocent Americans.
Sorry if my sarcasm is getting away from me. It may sound like I’m belittling the horrors of child pornography, terrorism, and rampant drug use, but I’m not. I will to the end of my days wish to see abuse and exploitation of children ended, to see terrorism done in, and to shrink the drug market.
But I absolutely will not sacrifice our Rights, liberties, privacy, and freedoms to do so.
Governments and industries around the world have come to view privacy as the enemy of security. This is nothing new, but rather an exacerbated problem thanks to technological advances giving innocents and criminals alike the power to find each other, plan, and execute on those plans through digital means, means that can be monitored and tracked on the digital super highway if we, the people of the world, decide to sacrifice our privacy and freedoms to do so.
Many of you have probably heard about Edward Snowden. He’s a computer guy who leaked classified information from the NSA to the world. Not just the NSA, but other intelligence agencies as well. Through him, we’ve come to know about the NSA’s mass surveillance programs, metadata collection, its attacks on internet security, domestic spying by the federal government on Americans, domestic spying by European nations on their own citizens, and more. And in the months and years following the reveals about data collection and privacy invasion, we’ve seen Congress tackle the issue with incredible lopsidedness. Encryption, privacy, and all-around personal digital security become a threat to national security from the perspective of many. On top of that, national security becomes the means to trample on other rights as well, including our right to know what’s happening in government, business rights to refuse to assist government without proper legal authority, and more. Federal agencies have begun twisting the meaning of laws to suit their needs, protections become evaluated on a "if it doesn’t hurt you then it doesn’t matter" basis, and secret FISA-derived courts can do just about anything without any oversight from we, the people, including classifying the very justification for why much mass surveillance is hunky dory. Even our own representatives in Congress are given the runaround when it comes to details and understandings of these programs.
All of this because of 9/11. All of this because a few thousand Americans died in a cowardly, horrific attack on our nation and our well-being. What happened on that day in 2001 I will never forget. I was home, in my basement chatting with friends in mIRC- an old school online chat system from way back- when one of them says a plane just flew into the Twin Towers. I didn’t believe him, but then another friend said so. I turned on the news and there is was. I tuned in just in time to see the second plane fly into it. And my first thought was disbelief, then shock which was followed quickly by “oh crap, we’re going to war.” When I heard about the Pentagon attack and then the plane over Pennsylvania, my biggest worry was not the quiz I would miss in class that day or the deaths of thousands or the loss of the Twin Towers, but for the knee jerk reaction that could’ve possibly occurred. My biggest fear that morning was we would find out who was responsible for such an attack and go nuclear in a show of might and as a warning that the United States of America is not to be messed with.
Those fears did come true, in a way. We didn’t go nuclear in the traditional "atom bomb" sense, but we did go nuclear on rights and liberties in the name of protecting, in the name of potentially saving lives. The knee jerk reaction was to say that saving one American life from an act of terrorism is worth keeping tabs on everyone and anyone, here and abroad, in every aspect of their life with as minimal judicial holdup as possible. Time wasted meant potential attacks and potential deaths; not knowing private details meant potential hiding of attacks; hiding anything meant potential to do something nefarious. And the knee jerk reaction was to say saving a life is worth giving up all that.
I’m here to tell you right now it is not. Freedom ensures that it is not. And I’m probably the only candidate that will tell this. The current path of our country, one we’ve been on with support from both Democrats and Republicans, seeks to give much of those liberties up.
Right now, President Obama and Congress feel the only way they can combat the threat of terrorism is through force and destruction of privacy. Theoretically, the idea is that good national security can only be obtained if government and law enforcement know anything and everything going on with anyone and everyone, giving them the theoretical ability to stop plots before they hatch, to save children before they are hurt, and to liberate us from the id-fisted grip of drugs and narcotics.
America, this is the all-seeing, all-knowing eye of Big Brother that we deplore. This is government invoking national security in any matter it deems too sensitive, even when it comes to combating copyright infringement. This is government labeling possible suspects based on name, race, religion, or perception for "additional security checks" and restricted freedoms. This is government that seeks to by-pass our Fourth Amendment, skip over those pesky warrants, and monitor anyone and everyone for troublemakers.
So let me ask you: how does this honor America? How does it honor the men and women who fought, bled, and died to protect our freedoms? Every member of Congress will tell you how great the military is, and then crap all over their legacy with an overly abused and ironically named Patriot Act. They’ll tell you the NSA’s metadata collection really doesn’t hurt and is for the greater good. They don’t care if a few innocents get caught because, hey, maybe we’ll catch a terrorist! And the secret Foreign Intelligence Surveillance Court making all these decisions with little oversight and almost no transparency? Come on. Any person knowledgeable about security will tell you that security through obscurity is crap. If our Department of Defense’s hope is that obscuring the security measures will be enough to keep us safe and catch bad guys, then I’m sorry to say we have a long way to go.
The extent at which our privacy and freedoms have been eroded by the NSA and the Patriot Act is quite significant, with new stories coming out almost weekly if not daily over how the agency or other DoD agencies currently skirt the law or seek to skirt the law in the name of national security and saving lives. Remember, the NSA is supposed to have limited legal authority to spy on American citizens. But here are just a small spattering of examples to show you how widespread the problem had become:
- The NSA and FBI intercepted all email and text communications in the Salt Lake City area before, during, and after the 2002 Winter Olympics under the President Bush’s warrantless wiretapping program.1
- The NSA collects and scours vast amounts of digital info from American’s who communicate with those outside of the country, even if those foreigners being communicated with are not targeted because the FISA Amendments Act in 2008 provides guilt by proxy. In other words, if there is any connection between the overseas recipient of communication and anything that could be considered a potential security concern, the American initiating communication has their communications data captured.2
- The NSA strong-armed American businesses into doing their bidding in capturing internet traffic with the PRISM program and more, risking billions in revenue and threatening the very nature of what the internet stands for.3
- Our federal government threatened companies with daily fines if they didn’t participate in the widespread surveillance via PRISM. Case in point, Yahoo was threatened with a $250,000 per day fine.4
- Our telecommunication companies- including Verizon and AT&T- handed over millions of phone records daily including the phone numbers of both call parties, the duration of the conversation, the location data of both participants, any calling card numbers, and unique identifiers pertaining to the specific phones on both ends of the call.5
- The NSA’s own internal audits show thousands of “incidents” each year regarding the vast swaths of data they collect. And by incidents I mean violations of the rules or court orders meant to try and keep that data private. And those thousands of violations are only an audit of the DC region offices, not all the NSA locations around the country.6
- Not only were some internal audits showing violations, but even the FISC found that some collection practices being carried out by the government under these programs were unreasonable and unconstitutional under the Fourth Amendment.7
- On top of this, NSA agents were instructed to withhold potentially pertinent information about why they were requesting targeting from those in charge of their oversight, namely the FISA Amendment Act overseers, the Department of Justice, and the Office of the Director of National Intelligence, as their “Targeting Rationale” document specifically calls out withholding “probable cause-like information” that proves how a targeted analytic judgment might have been made.8
- Even our elected representatives in Congress were given the runaround, kept in the dark, and didn’t find out the full extent of the program until years after its implementation.9 Some members of Congress even went so far as to try and bury their knowledge of the program, that’s how screwed up this was.10
- And with our elected representatives in the dark, in 2011, the FISA Court again approved the bulk collection of data under Section 215 of the Patriot Act, except this time they explicitly claim Congress was made aware of what the program entailed, even though as I just told you, they were not.11
- All the while our First and Fourth Amendment rights erode, with the NSA, FBI, and other groups ever more dependent on that erosion. The motto starts to become "you cannot have your privacy violated if you don’t know your privacy is violated."12
Think about this for a second, America. Government officials who are supposed to represent us and serve us said that violating our privacy rights is perfectly alright as long as you don’t know about it. The general counsel for ODNI even went so far as to claim that the NSA couldn’t determine how many American’s had their rights violated with the program because to do so would require them to violate the rights of Americans by accessing personally identifiable information in order to determine if their rights had been violated in the first place.13
To make matters worse, even the author of the Patriot Act, Representative Jim Sensenbrenner of Wisconsin, has come out to say that the vast majority of the records collected will have no relation to the investigation of terrorism at all and the nature of the program goes against what Congress intended when he wrote the bill and when it passed and got renewed.14 This was back in 2013, when a lot of the details were coming to light. Remember, many details on the program were being kept from Congress even by other members of their own parties. Back in September of 2013, Representative Sensenbrenner wrote that the bulk data collection program was unbound in scope, saying the NSA was gathering details on every call every American makes on a daily basis along with details of all calls into or out of the country by foreigners.15 And, as the author of the very piece of legislation that made such a program possible, he was taking a stand against its unintended consequences.
Turn to 2015. I’m happy to say that the NSA program and privacy rights have not been brushed aside or forgotten. Even Rand Paul has spoken out against the program. There are some big names to fight the program and I, as a 2016 Presidential candidate, am adding my voice to that. On this, Rand Paul and I agree. The program needs to end. The mentality our defense community has that you need the biggest haystack possible in order to find any needles is a bad idea for a community that supposedly prides itself on intelligence and intelligence gathering.
We have no idea how many- if any- terrorists have been caught in this program, not even a ballpark number. We do know how many innocent Americans have, though, in a ballpark figure… millions. I’m almost 100% sure I’m in that database somewhere because of my international visits to countries in Europe, Asia, and sub-Saharan Africa. And you know what sucks most about the number of people whose call info had been collected? Minorities with relatives in foreign counties likely all had their privacy violated. And not even by just the NSA, but the NSA’s program’s metaphorical parent at the DEA. In case you forgot, the DEA maintained a database with records of calls made between phones in the US and overseas in any one of 100+ countries.16 Furthermore, they kept these records even if there was no evidence the callers were involved in criminal activity.17
America, distrust and fear is extremely dangerous when it goes overboard like these programs did before Snowden brought them to the public’s attention. And what good have these programs done for us? The DEA program began before 9/11 and that didn’t help. Both programs existed in the wake of the Boston bombings. The lesson learned? My guess is that those DoD agencies feel regret over their oversight and even now are working to overcorrect by gathering even more data and trying to put together more clues, treating everyone as a possible suspect because, like I said before, crushing all potentiality seems to be their way of combating terrorism.
It’s time for these programs to end in their current state, time for these secrets to come out and time for the federal government to stop treating its citizens in an interconnected global society as potential criminals. Innocent until proven guilty, remember? And probable cause. And, most warrants. And, most importantly, our Fourth Amendment. These are mental attitudes and rights by of citizens in a citizen-sanctioned government that’s supposed to be responsible for upholding said rights and more. And this is what I want to see change with the DoD programs we know of and even the ones we don’t know.
At the top of the list of changes is making sure warrants- warrants backed by probable cause- are introduced because monitoring even begins on a target or group of targets. When the FISA judges reject just 10 applications over the course of 12 years, 10 out of more than 20,000 for an average of 33 a week or almost 7 a day for a five day work week, the court of 11 judges might be going overboard.18 This needs to be reined in.
Right near the top I would see the Patriot Act replaced with Patriot Act 2.0, a brand new law that will allow out intelligence agencies to do their job while also maintaining our privacy. The presumption of guilt will be thrown out the window with innocence in place coupled with a real need to gather evidence. Many aspects of the Patriot Act would be fine, if they were adhered to. For example Section 702 of FISA says U.S. citizens may not be targeted and that if acquisition of such info is collected inadvertently- which happens- then said info must be promptly destroyed.19 I would also see Section 215 changed to have metadata collected but not reviewed or minimized to be destroyed within one year, not five like it currently is. Furthermore such data should not be collected from American citizens without a justified warrant. Any data falling into that "advertent" category of collection must be destroyed within one month.
No one, especially me, should want to see our intelligence agencies unable to do their jobs. These are some of the brightest, most talented individuals in the country. They don’t need bigger haystacks, they need more focus and more training. With both those, the need to capture all the world’s information will go to the wayside in favor of extremely effective and targeted acquisition. I will defend spying and espionage by our government on legitimate targets to my dying day, for intelligence in the field of battle and for the sake of national security is paramount. Anyone with combat experience will tell you that the more you know about the opponent, the better chance you have. But when you treat all citizens as potential opponents simply because there is potential in anyone to do truly horrible acts upon others- based on religious zealotry or not, you don’t fix the problem. You compound it.
In some ways, it’s like a digital security arms race. The NSA and other agencies feared everyone and anyone with a modicum of potential to do harm. They also feared the security that certain technology provided, such as encryption and secure network technologies like SSL, VPNs, and Tor. By including everyone under the surveillance umbrella, or even hinting that everyone might be under the surveillance umbrella, they drove would be criminals to more secure lines of communications. Had they not, many less intelligent actors would still be using plain text and RC4 ciphers. Now the world knows Big Brother is watching and taking steps to avoid detection. Security through obscurity, like I said, is not good security.
As such, I also want to see digital security standards beefed up. I mentioned PCI DSS-like items in my last speech on privacy. To take it a step further, I want to see mandatory SSL traffic across servers located in the United States by 2018 coupled with WHOIS privacy guards for all domains registered in the US by US citizens at the same time. Let’s also see implementation of DNSSEC by 2018, or 2020 if upgrades will take that long. Also, companies hosting servers on American soil need to also be given tools to stop unwarranted access requests by all levels of government without penalty. No more PRISM or daily fines for lack of cooperation. And like I said before, no American should have their information or digital content handed over without a warrant from our Judicial Branch. Those companies hosting servers will also not have any mandatory data retention, like I brought up in my last speech. I don’t care if people at the FBI feel that data retention is necessary because obeying the warrant and subpoena requirements of the Constitution takes too much time; legislated retention and skirting the Fourth Amendment are not happening under my watch.20
Outside of that, I would also encourage all Americans to look into secure email solutions and secure internet traffic solutions. There are a ton of VPN services out there along with the anonymizer Tor which, if configured properly and updated as patches become available, is pretty good at handling your privacy and security online. I subscribe to three different VPN services, each with their own benefits. It is an additional monthly cost, but I like the peace of mind.
There is more that can be done, specifics with oversight and such, but what I’ve said thus far should give you a good indication that things need to change and changes I’m advocating are meant to protect our rights and freedoms on the level of national security. The next problem to tackle is one of local security, because state and local law enforcement has taken a page from the federal government handbook and gone down the path of surveillance and warrantless monitoring as well. Little Brother following in Big Brother’s footsteps.
I already told you stories about license plate readers. The Los Angeles Police Department, for example, considered the mere act of driving as means enough to put you under investigation when it comes to capturing and retaining your license plate and location info.21 They also used the idea of privacy to claim that they cannot share information about the program and what they collect, much like the federal government. And it doesn’t stop with the LAPD or even with license plate readers.
The New York Police Department at one point designated entire mosques as terrorist organizations, giving them permission to conduct surveillance even without evidence of wrongdoing.22 Chicago started a random bag swabbing program to theoretically test for explosive residue, essentially giving them the ability to stop anyone without probable cause.23 My own city, Baltimore, has had government prosecutors withdraw evidence from cases rather than reveal details about their use of Stingray devices- that is, cell phone surveillance devices that capture data, jam cell signals, and spoof cell towers.24 Washington DC also sees police using Stingray devices, but not for counterterrorism; rather, for everyday police work like drug busts.25 And like all police departments and security organizations using such technology, it’s surrounded by great secrecy and potential threats on privacy. If law enforcement is spoofing cell towers, they could potentially capture data on not only ordinary US citizens, but also members of Congress, DoD staff, contractors, and foreign officials. Do you think diplomats would be thrilled if they knew the local police was retaining personal data on their whereabouts and cell phone activity? Probably not.
This trend of law enforcement dragnet use to catch potential criminals is scary and unwarranted- sometimes literally unwarranted. They thrive on overgeneralization and disregard for the privacy of non-targeted citizens. Don’t get me wrong, I firmly believe the vast majority of our men and women police officers do a damn good job and are severely underpaid. But at the same time, I need to be critical of the broadness with which certain activities get carried out, just as I am being with the federal government. Our rights and freedoms exists equally amongst all three levels of our Constitutionally based democracy and I would see those rights and freedoms protected.
As President, I would grant more public oversight into these programs, mandate that Freedom of Information Act requests get answered. Furthermore, I would request yearly audits covering technology use along with inadvertent tracking be submitted to a new privacy taskforce I’d setup in Washington along with the Mayors and Governors the police departments report to. This keeps everyone honest. I am not calling for any penalties, but we do need to establish a baseline for making sure our privacies remain intact, even at the cost of security on all levels. This coupled with adhering to warrant requirements will go a long way into keeping privacies respected and our freedoms maintained.
And while I don’t want to legislate how, when, or why state and local law enforcement should setup security checkpoints, I would strongly urge those municipalities like Chicago and New York and others that are doing or have done this in the past to seriously think about why. As I said earlier, the mere potential for there to be a problem or even a terrorist attack cannot be the justified reasoning for inhibiting our daily lives and our privacy. To me, that’s how terrorism wins: the moment you let fear control you is the moment terrorism claims victory, laughing at our jumpiness and our overreactions.
Rest assured nothing verbal or physical can ever tarnish America’s greatness. Our nation cannot be scarred by the triviality of words. America represents the most marvelous ideals of humanity. Burning a flag or spewing hatred can no more hurt the ideal of America than man’s insults can hurt God. Only when we let it hurt and effect us do we succumb; only when we give in to the fear and sacrifice our freedoms does terrorism win.
(3) See How the NSA Almost Killed the Internet. See also NSA Slides Explain the PRISM Data-collection Program for a more thorough explanation on how PRISM works. See New leak shows feds can access user accounts for Google, Facebook, and more for more info on the NSA reaching out to companies and how the companies like Facebook, Microsoft, and Apple denied involvement. It would later be found out that Facebook, Microsoft, and Apple- amongst others- really were involved but legally prevented from saying so.
(4) See US gov’t threatened Yahoo with $250k daily fine if it didn’t use PRISM. Yahoo was one of the first participants in the PRISM program. Documents relating to Yahoo’s legal fight against the Foreign Intelligence Surveillance Court (FISC) can be found at the Center of Democracy & Technology’s Yahoo v. U.S. PRISM documents webpage.
(5) See Top secret doc shows NSA demands Verizon hand over millions of phone records daily. The secret order issued by the Foreign Intelligence Surveillance Court (FISC) can be found at The Guardian’s website, Verizon forced to hand over telephone data. More info on the bulk collection and passing of data to the NSA from Verizon can be found in Glenn Greenwald’s article on The Guardian website as well, see NSA collecting phone records of millions of Verizon customers daily. AT&T’s involvement had been known as well, with the company being subject to lawsuits over their active participation with the NSA’s collection programs. See NSA surveillance retrospective: AT&T, Verizon never denied it.
(8) See NSA Agents Told To Withhold Target Information From Those In Charge Of Oversight. Within the article is an embed of the leaked Top Secret NSA document on "Targeting Rationale."
(9) Senator Ron Wyden’s office issued a press release on how the NSA declassified their own documents and “leaked” them prior to a Senate Judiciary Committee hearing dealing with bulk record collection and FISA oversight. See Wyden: Declassified Documents Show How Inaccurate Statements Have Misled Congress. For the documents, themselves, see DNI Clapper Declassifies and Releases Telephone Metadata Collection Documents. See also NSA ‘Leaks’ Own Documents Before Senate Committee Grilling; Inadvertently Reveals Its Previous Lies to Congress for more information and background.
(10) See The Hidden Classified Briefing Most of Congress Missed. The amount of stories about former House of Representatives member Mike Rogers backing the NSA’s program and keeping details from other members of Congress is quite lengthy. One about former Rep. Rogers blocking other members of Congress from accessing basic information on the program can be found in Members of Congress denied access to basic information about NSA. See also Rep. Mike Rogers Blocking Other Congressional Reps From Access To Info On NSA Surveillance where Rep. Dutch Ruppersberger- also on the House Intelligence Committee- said he was unaware of any committee action on the matter.
(12) See Mike Roger’s View of Privacy from C-SPAN. In the exchange, former Representative Mike Rogers says that you can’t have your privacy violated if you don’t know it’s being violated and seems to firmly believe in what he says. Furthermore, Robert Litt, general counsel for the Office of the Director of National Intelligence, since claimed that in order to determine what privacy violations may have occurred, the NSA and other agencies would need to violate American’s privacies in order to get the personally identifiable information to match against. Thus the circular, illogical argument for the bulk collection program not too long ago was “if you don’t know, it won’t hurt you, and you can’t know because we would hurt you if we told you we knew, thus you can’t know if we know.” See NSA Transparency Hurts Americans’ Privacy, Feds Say With Straight Face.
(19) See Section 702 and Section 215 NSA Fact Sheets, courtesy of Senator Ron Wyden’s office.
(21) See Los Angeles Police Department Claims EVERY License Plate Is Part Of An Investigation. The story covers the ACLU-EFF v. LAPD & LASD case where the ACLU/EFF were trying to get details of how the automated license plate readers worked along with info on data retention, safeguards, etc. The court ultimately sided with the ACLU/EFF in the case.
(24) See Judge threatens detective with contempt for declining to reveal cellphone tracking methods. For more information on Stingray devices- both the product by the Harris Corporation and the generic use of the term, see Wikipedia’s Stingray phone tracker entry and also Meet the machines that steal your phone’s data on Ars Technica.