Today, due to the new technology used for surveillance the principles of the 4th Amendment face new challenges. Surveillance has moved from passive to active collection, from targeted to bulk collection and more intrusive methods of surveillance are being utilized.
Passive to Active Collection
Traditional forms of passive collection like eavesdropping are being replaced by new methods of more aggressive collection. Surveillance used to involve situations in which someone was communicating, and law enforcement could capture the information and analyze it. The new methods are characterized by proactive surveillance, whereby law enforcement is interfering with the communication flow in order to reach out and access the data.
When you communicate bank online you see a little lock icon on the screen. This lock icon symbolizes the communication is secure, encrypted and validated. However, technology now exists to allow for law enforcement to get between the customer and the bank. These “man in the middle attacks” can reveal personal information.
What happens is that signals can been sent to pretend that the person doing the surveillance is actually the authorized person meant to receive the message. By fooling the system into believing it is communicating with the intended recipient, law enforcement can infiltrate a computer system and observe communication flows. Such surveillance will undermine trust in the larger communication system, but it can provide valuable information.
Another example would be an active attack called QUANTUM — a global targeting attack method that can intervene in one’s communication tools (essentially poke a hole in a browser) to capture keystrokes, passwords, and spy on the user.
Targeted to Bulk
As an example of the move from targeted collection to bulk collection is a program called MUSCULAR, which allows the National Security Agency (NSA) to essentially tap the data links of the Yahoo and Google data centers and collect all of the information sent over those links. The NSA would have access to everything, sweeping up more information than the agency could possible use. The problem, of course, was that approximately 99.9 percent of the information captured was from individuals who were absolutely innocent of any wrongdoing and yet, the NSA had it all. They were basically collecting all the hay in the haystack to get access to however many needles were in the haystack.
Unintrusive Methods to Intrusive Methods
A combination of sophisticated analytical techniques and the subversion of technical hardware and software; one example, NSA intercepted Cisco products while they were en route to their destination without Cisco’s knowledge. These products were then modified to allow the NSA access to ordinary consumer actions, undermining the security and integrity of the products. This type of intrusion, built right into the hardware of the technology marks a new form of surveillance.
The Patriot Act
Section 215 of the Patriot Act currently allows the government to get a FISA court order compelling companies to turn over business records, including phone records. Before 9/11, the government was required to demonstrate that the subject of the records was a foreign power, or an agent of a foreign power. The Patriot Act amended the law so that the government now does not have to show anything about the subject of the records, but only that the records themselves are “relevant” to the investigation. Further, the FISA court interpreted “relevance” to mean that millions of telephone records can be collected if there are relevant records buried somewhere within these records. The consequence is that records can be collected in bulk without any individualized suspicion.
FISA § 702
Section 702 of the FISA Amendments Act, which relates to the collection of communications content, and metadata from calls and emails between Americans and foreigners overseas, has provided broader access to that communications data. Before the FISA Amendments Act, the government was required to show probable cause to the FISA court that the target of the surveillance was a foreign power or its agent. In 2007 and 2008 Congress amended the law to get rid of any requirement for an individualized court order when the communications are between an American and a foreign target and the information is for foreign intelligence purposes. The target no longer needs to be a foreign power or agent of a foreign power. The target only need be a foreigner abroad. We have moved from essentially something that required a warrant to mass collection with no suspicion of wrongdoing.
Executive Order 12333
Executive Order 1233312 allows for the overseas collection of signals intelligence, including communications content and metadata. This Executive Order is the most expansive of the government’s foreign intelligence surveillance authorities, and it never contained a requirement of individualized suspicion. The Executive Order allows agencies to collect foreign intelligence, defined to include any information about the activities of foreign persons, with the understanding that incidentally obtained U.S. person data would be “minimized” unless it included foreign intelligence or evidence of a crime. What has changed here is not the legal constraints but the practical ones. The limits on data storage and analytical capacity have nearly vanished.
Also, as data travels internationally, it becomes confusing and ineffectual to rely on territorial limitations for protections, he “legal distinction between collecting information at home and collecting information overseas has become a legal fiction given the way digital data is transmitted and stored.” The notion that Americans have no constitutional interests at stake when the NSA taps into data centers in Europe no longer makes sense.
It is important to remember that local law enforcement was also impacted by the post-9/11 changes. The targeting of homegrown terrorism and the transfer of funds to domestic counterintelligence created new surveillance technologies available on a local level. Because money was made available to secure ports, cities like Seattle purchased drones from a “port security grant.” Because there was money for border security, non-border states adopted border security technologies. Because the technology was available, local law enforcement purchased and implemented it.
Other technologies invented for terrorism investigations were also put to use in ordinary law enforcement. Stingray devices, which replicate a cell phone tower in a way that allows for wireless cell phone tracking, have been purchased for terrorism investigations but are used for ordinary drug crime investigations.
Automatic license plate readers are now able to track automobiles in a city, and facial recognition technologies will be able to track individuals. Even more startling is that when the Federal Government provides money to purchase the surveillance equipment a federal policy asks the states and localities to hide the use of new surveillance technology. As revealed of Freedom Of Information Act requests, the Department of Justice has encouraged local authorities to keep secret certain technologies (Stingray IMSI, devices, Dirtbox, DRT devices thus prevent them from being litigated in court.
The federal government has asked state governments to dismiss cases, hide the source of information, by referring to a confidential source, or offer attractive plea deals such that defendants have no choice but to take the deal and forsake litigating the issues.
These secrecy agreements should be ended through a clear federal policy. Federal and state law enforcement agencies should also be prohibited from withholding information about the technology from judges. In a few recent cases, judges signed warrant requests or court orders (pen trap requests) without understanding the technology at issue. There was a case in Tacoma, Washington, in which judges signed off on 170 orders to use cell site simulators without understanding the technology. The request did not explain the technology or the impact of the technology, and the judges were unaware of how the technology worked.