“Administration Response to the Challenges of Protecting Privacy, The” (Swire), 141n163
Afghanistan, military operations in, 126, 133, 134, 137
Alexander, Keith, 51n91, 59, 69–70
Alito, Samuel, 40
Army intelligence, domestic spying operation of during the Vietnam War, 12
Authorization to Use Military Force (US Congress, 2011), 85
Brandeis, Louis, 2, 16–17, 152
Brazil, as a supporter of localization requirements for Internet communications, 160
Breyer, Stephen, 40
Buckshot Yankee incident, 192
Budapest Convention on Cyber Crime, 168
Bush, George W., 25n44; secret authorization of the NSA to conduct foreign intelligence surveillance of individuals who were inside the United States, 84–85
California v. Acevedo (1991), 43
Carter, Jimmy, issuance of Executive Order 12036, 25n44
Cate, Fred H., 174n175
Central Intelligence Agency (CIA): application of the Privacy Act, 108; Ford’s restrictions on, 13; prohibition from engaging in electronic surveillance, 26; surveillance of antiwar organizations and activities during the Vietnam War, 12
Central Intelligence Agency Act (1949), 25
Chief Privacy Officer Council, proposal for, xxix
Church, Frank, 14
Church Committee, 14, 147. See also Church Committee, Final Report of (April 1976)
Church Committee, Final Report of (April 1976), 12–13, 14–18, 66; specific principles and recommendations of, 18–20
Civil Liberties and Privacy Protection Board (CLPP Board), recommendation for, xxi, 142–46; CLPP Board Office of Technology Assessment (OTA), 144–45, 174–75; the CLPP Board and whistle-blowers, 144; compliance activities, 145; creating the CLPP Board, 142–44
Civil War, suspensions of the writ of habeas corpus during, 11
Clapper, James, 130
Classified Information Procedures Act (1980), 47–48
Clinton, Bill, 141
cloud computing market, 157, 157n173
Cold War, the, 27–28; intelligence collection during, 129, 130, 133; SIGINT during, 128
Communications Act (1934), 20
communications technology, and the convergence of civilian communications and intelligence collection (“dual use” communications technology), 126, 128–34; and the erosion of the distinction between domestic and foreign communications, 130–31; and “information assurance” capability, 131; and the shift from military combat zones to civilian communications, 133–34; and the shift from nation-states to well-hidden terrorists, 129–30; and the shift from wartime to continuous responses to cyber and other threats, 131–33
communications technology, future developments in, recommendations for, xxxviii, 174–75
cost-benefit analysis, xvii, 7–8; prospective analysis, 8; recommendation for, 197–98; retrospective analysis, 8
Defense Information Assurance Agency (DIAA), recommendation for, 139–40
Defense Information Systems Agency (DISA), 139
Defense Threat Reduction Agency (DTRA), 139
Department of Commerce: initiatives on the Consumer Privacy Bill of Rights, 169; National Institute for Standards and Technology (NIST), 196
Department of Defense, Technology and Privacy Advisory Committee, 174n175
Department of Homeland Security (DHS), xx, 139, 139n162; application of the Privacy Act, 107–8
Department of Justice, 170, 172; Office of the Inspector General, 46; Office of International Affairs (OIA), 171, 171–72
Department of State, 159; initiatives on the Internet Freedom agenda, 169
Department of State Bureau of Internet and Cyberspace Affairs led by an Assistant Secretary of State, recommendation for, xxxvii, 167–68
Digital Rights Management. See Information Rights Management (IRM)
disclosure of confidential information, 76
“DOD Activities that May Affect US Persons” (Department of Defense), 26n45
Doe v. Mukasey (2008), 47n81
Eagen, Claire V., 61
E-Government Act (2002), 108, 173; and Privacy Impact Assessments (PIAs), 173
Electronic Communications Privacy Act (1986), 25, 170; Title III, 82
encryption, xxii, 161–62, 172, 195; allegations that the US Government has intentionally introduced “backdoors” into commercially available software, 162; and Public Key Infrastructure (PKI), 162; recommendation for, xxxvi, 161, 162–64; and Secure Sockets Layer (SSL), 161–62
EU: EU Parliament Committee on Foreign Affairs, 156; on Internet governance issues, 160
Executive Branch, recommendations for institutional changes within, 140
Executive Orders: Executive Order 11905, 13, 25n44; Executive Order 12036, 25n44; Executive Order 12291, 8; Executive Order 12333, 25–26, 25n44, 29, 83–84n129, 109, 110, 131; Executive Order 13073, 193; Executive Order 13256, 151; Executive Order 13284, 25n44; Executive Order 13355, 25n44; Executive Order 13470, 25n44; Executive Order 13563, 8; Executive Order 13587, 189, 193
Federal Bureau of Investigation (FBI): application of the Privacy Act, 108; and the issuance of NSLs, xviii, 44–48; Levi’s restrictions on, 13; procedures to reduce the risk of noncompliance, 46n79; surveillance of individuals and organizations opposed to the Vietnam War, 12; and the use of nondisclosure orders, 47n81
Federal Communications Commission (FCC), rule on retention of telephone toll records, 70n118
Federal Trade Commission (FTC), 174n176; jurisdiction of, 174n176
Federally Funded Research and Development Centers (FFRDCs), 181
Feinstein, Dianne, 91
financial systems, manipulation of, 165, 166
FISA Amendments Act (FAA) (2008), 85–86, 130. See also section 702
“FISA Files,” 151–52, 151–52n167; and “File Series Exemption,” 152
Ford, Gerald, issuance of Executive Order 11905, 13, 25n44
Foreign Intelligence Surveillance Act (FISA) (1978), 20, 21–25, 31, 35, 82, 147; 1998 amendment of (granting of “pen register” and “trap-and-trace” authority to the government), 35–36, 38; congressional widening of the scope of to include pen register and trap-and-trace orders and business records, 24; definition of “foreign power,” 22, 22n33; and electronic surveillance in the United States, 23; and FISC warrants, 22; and the President’s authority, 22, 22–23; safeguards instituted to prevent misuse of surveillance authority, 23–24
Foreign Intelligence Surveillance Court (FISC), xviii, 22, 47, 147; federal district court judges of, 147; the Foreign Intelligence Surveillance Court of Review (FISC-R), 151; issuance of orders under section 215, 49–55; issuance of warrants, 22, 96; legal assistants staff of, 147; private parties filing motions with, 147–48n164; selection of the judges on the FISC, 153. See also Foreign Intelligence Surveillance Court (FISC), recommendations for organizational reform of
Foreign Intelligence Surveillance Court (FISC), recommendations for organizational reform of, xxi–xxii, xxxv–xxxvi, 146–53; allocating appointment authority to the Circuit Justices, 153; bolstering technological capacity, 150–51; establishing a Public Interest Advocate, 148–50, 150n166; improving transparency, 151–52
foreign leaders/nations, surveillance of, 5–6, 120–21; and the centrality of risk management, 120; and consideration of the nations from whom information might be collected, 120; criteria for, 119, 121; purposes for which such information might be sought, 120
freedom: freedom of association, 5; freedom of the press, 5, 78; freedom of religion, 5; freedom of speech, 5; privacy as a central aspect of, 5; risks to, 5
Freedom Online Coalition, 158
“gag orders.” See nondisclosure orders
Ginsberg, Ruth Bader, 40
“Government Data Mining: The Need for a Legal Framework” (Cate), 174n175
Hale v. Henkel (1906), 37
Holmes, Oliver Wendell, 17
human rights, 5; protection of online, 5
Indonesia, as a supporter of localization requirements for Internet communications, 160
industry secrets, stealing of, 165, 166
Information Rights Management (IRM), 182, 195, 196–97
information sharing, 187–89; and the “need-to-share” principle, 188; recommendation for (Work-Related Access model), xxxix, 187
insider threats, recommendations for reducing the risks associated with, xxiii
intelligence collection, 112–13; criteria for choosing nations with which to have discussions about intelligence collection guidelines and practices, 123–24; factors that might make something sufficiently “sensitive” to require senior interagency-level review, 117; and the “Front-Page Rule,” 118–19; IT networks and current intelligence collection technology, 121–22; necessity of, 113; recommendation for cooperation with our allies, xxxiii, 122–23; setting priorities and avoiding unjustified or unnecessary surveillance, xx–xxi; and significant recent changes in the environment in which it takes place, xi–xii; uniqueness of US intelligence collection, 115. See also intelligence collection principles
intelligence collection principles: the central task is one of risk management; multiple risks are involved, and all of them must be considered, xvi, 4–6, 66; the government should base its decisions on a careful analysis of consequences, including both benefits and costs (to the extent feasible), xvii, 7–9; the idea of “balancing” has an important element of truth, but it is also inadequate and misleading, xvi–xvii, 7; the US Government must protect, at once, two different forms of security: national security and personal privacy, xv–xvi, 1–4
Intelligence Community, 29–33, 112; central objective of, 29; and the importance of collecting foreign intelligence, 30; key organizational changes, 126
International Covenant on Civil and Political Rights, Article 17, 105
International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World (2011), xxii, 154–55, 169
International Telecommunications Union (ITU), 160, 170
Internet, the: Internet freedom, 5; Internet governance and localization requirements, 159–61, 165, 167; US Internet freedom policy, 158–59; recommendation for US Government support of international norms or international agreements for specific measures that will increase the security of online communications, xxxvii, 165–67; as a “splinternet,” 167
Internet Corporation for Assigned Names and Numbers (ICANN), 169
Iraq, military operations in, 126, 133, 134, 137
Jackson, Robert H., 17
Johnson, Lyndon, 12
Johnson v. United States (1948), 43
Kagan, Elena, 40
Katz v. United States (1967), 20
Kris, David S., 60
Levi, Edward, imposition of restrictions on the FBI by, 13
liberty. See freedom
localization requirements, 159–61, 165, 167
mass collection of personal information, 61–67; and the danger of abuse, 65–66; and false positives, 65; recommendation for, xxvi, 61
Mayer, Jonathan, 131n160
McCarthy era, campaign to expose and harass persons suspected of “disloyalty” during, 11
McLaughlin, Mary A., 60
meta-data: the distinction between “meta-data” and other types of information, 72–73; the meaning of “meta-data” in the e-mail context, 72; the meaning of “meta-data” in the telephony context, 72; recommendation for a study of, xxvi, 71–72, 73
Miller v. United States (1976), 38, 39, 60, 64
minimization procedures, 24, 31, 31n49; and NSA’s upstream collection, 91; of section 702, 88
multi-communication transactions (MCTs), 92, 92n138
Mutual Legal Assistance Treaty (MLAT) process, 170–71. See also Mutual Legal Assistant Treaty (MLAT) process, recommendations for reform of
Mutual Legal Assistance Treaty (MLAT) process, recommendations for reform of, xxxviii, 170, 171–72; create an online submission form for MLATs, 171; increase resources to the office in the Department of Justice that handles MLAT requests, 171; promote the use of MLATs globally and demonstrate the US Government’s commitment to an effective process, 172; streamline the number of steps in the process, 171–72; streamline provision of the records back to foreign countries, 172
National Academy of Sciences (NAS), National Research Council, 62–63
National Intelligence Priorities Framework (NIPF), 113; annual review, approval, and issuance of, 114; coordination of by the Office of the Director of National Intelligence, 114; division of intelligence collection into categories or tiers (Tiers One through Five), 114; need for improvement of oversight, 115; priorities and appropriateness, 113–16; recommendation for a Sensitive Activities Office, 118; recommendations for leadership intentions, xxxii–xxxiii, 119, 121; recommendations for monitoring sensitive collection, xxxi–xxxii, 116–17
National Research Council, 174n175
national security, xvi, 1–2; threats to, xv, 4
National Security Act (1947), 23, 25
National Security Agency (NSA), xv, 125–26, 127–28; Compliance program of, 145; e-mail meta-data program of, 51–52n91; focus of on collecting foreign intelligence information that is relevant to protecting the national security of the United States and its allies, 31; Ford’s restrictions on, 13; Information Assurance Directorate (IAD), 138–39; as the manager for Signals Intelligence (SIGINT), 26, 125, 127; recommendations for organizational reform of, xxi, xxxiv, 127, 135–40, 141; upstream collection of, 91, 91n137. See also section 215 bulk telephony meta-data program
National Security Agency Act (1959), 23, 25
National Security Letters (NSLs), xviii; as administrative subpoenas, 44; distinctions between NSLs and federal grand jury subpoenas, 46n76; as highly controversial, 46–47; recommendations for, xxvii–xxviii, 43–44, 48n83, 74–75
network security: recommendations for, xxiii, xxxix–xli, 189–97; use of a Thin Client architecture, 197
networks, and “air-gapping,” 195
Nixon, Richard, 12
nondisclosure orders, 45, 47, 47n81, 50, 80n125; recommendations for, 74
Obama, Barack, 154–55; criticism of restrictive Internet legislation, 158; issuance of Executive Order 13526, 151; issuance of Executive Order 13563, 8; issuance of Executive Order 13587, 193; issuance of Presidential Policy Directive/PPD-19, 78n124
Office of the Director of National Intelligence (ODNI), 152
Office of Management and Budget (OMB), 141; Chief Counselor for Privacy in, 141
Office of Technology Assessment (OTA), 144
Olmstead v. United States (1928), 2, 16–17, 20
personnel vetting and security clearances, how the system works now, 179–81; levels of security clearance (Secret, Top Secret, and Top Secret/SCI [Sensitive Compartmented Information]), 179; personnel whose security clearances were revoked (FY 2012), 187 (table); personnel with security clearances, October 2012, 186 (table); polygraphing, 185; the re-vetting process, 186
personnel vetting and security clearances, recommendations for, xxxviii–xxxix, 177–79, 181–87; Access Scoring Program, 182–83, 184; Additional Monitoring Program, 183–84, 184; greater use of Information Rights Management (IRM) software, 182; Personnel Continuous Monitoring Program (PCMP), xxiii, 182, 184; Work-Related Access approach to the dissemination of sensitive, classified information, xxiii, 181–82
President, the, inherent constitutional authority of as commander-in-chief, 85
Presidential Policy Directive/PPD-19, 78n124
privacy: as a central aspect of freedom, 5; risks to, 4–5. See also privacy, right of
privacy, right of, xiii, 2; as a basic human right, 105; recognition of in international law, 82, 82n126; security as a central component of, 2
Privacy Act (1974), xx, 25, 107; application of to non-US persons, 106–9; application of to US persons, 106–9; provision of “privacy fair information practices,” 107
Privacy and Civil Liberties Impact Assessments, recommendation for, xxii, xxxviii, 173–74
Privacy and Civil Liberties Oversight Board (PCLOB), recommendation for, xxi, xxxv, 142–43
Privacy and Civil Liberties Oversight Board (PCLOB) statute, recommended technical amendments to, 145–46
privacy and civil liberties policy official, recommendation for, xxxiv, 141
“Privacy and Information Sharing in the War Against Terrorism” (Swire), 174n175
“Privacy Policy Guidance Memorandum” (Department of Homeland Security), 107
Protect America Act (PAA) (2007), 85
“Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment” (National Research Council of the National Academy of Sciences, 2008), 62–63, 174n175
Public Interest Declassification Board (PIDB), 77
Reagan, Ronald: issuance of Executive Order 12291, 8; issuance of Executive Order 12333, 25n44, 83
reports from providers, 79; recommendations for, 80
Right to Financial Privacy Act (1978), 38
risk management, xvi, 4–6; recommendation for, 197–98; and the surveillance of foreign leaders/nations, 120. See also cost-benefit analysis
risks: to freedom and civil liberties, on the Internet and elsewhere, xvi, 5; to national security, xvi, 4; to our relationships with other nations, xvi, 5–6; to privacy, xvi, 4–5; to trade and commerce, including international commerce, xvi, 6
Roosevelt, Franklin Delano, 104
Safe Harbor agreement, 156
“Safeguarding Privacy in the Fight Against Terrorism” (Technology and Privacy Advisory
“Safeguarding Privacy in the Fight Against Terrorism” (cont.) Committee of the Department of Defense, 2004), 174n175
secrecy, 75–77; reasons for secrecy, 76; recommendation for, xxviii–xxix, 75. See also secrecy vs. transparency issue
secrecy vs. transparency issue, 77–79
section 215, and “ordinary” business records, 41–43, 41n68; recommendation for, xxv, 41
section 215 bulk telephony meta-data program, xvii–xviii, 48–61, 126; and compliance issues, 58–60; constitutional argument against, 60; contribution to the nation’s security, 71n119; FISC issuance of orders concerning under section 215, 49–55, 52n92; the government’s view of communications meta-data, 62n110; how the program works in practice, 56–57; oversight of, 54–55; rationale of, 50–51; recommendation for the termination of, xxvi, 67–71; restrictions governing the use of the telephony meta-data, 52–54; statutory objection to, 60–61; telephone database of, 129; the telephony meta-data that must be produced, 49–50
section 702, 82–95, 130; categories of targets specified by FISC-approved certifications, 86; and compliance issues, 91–92; contribution to the nation’s security, 71n119; Department of Justice and the Office of the Director of National Intelligence’s assessment of, 93–94; imposition of reporting requirements on the government, 89–91; and NSA identifiers, 56, 57, 59, 87, 87n133; NSA’s assessment of, 93; restrictions governing the use of section 702, 88–89; US Senate Select Committee on Intelligence’s assessment of, 94; surveillance under, 110. See also section 702, privacy protections for non-US persons; section 702, privacy protections for US persons
section 702, privacy protections for non-US persons, 101–6; recommendations for, xxx–xxxi, 100–101, 106, 108–9, 109
section 702, privacy protections for US persons, 96–100; recommendation for, xxix, 95–96, 100n150; and the risk of inadvertent interception, 65, 97; and the risk of incidental interception, 97–100
security, 1–4; “balancing” the two forms of security, xvi, xvi–xvii, 7; etymology of the word “security” (Latin “securus”), 3; in a free society, 2–3; homeland security, xvi, 1; multiple meanings of, xv–xvi, 1; national security, xvi, 1–2; personal privacy, xvi, 1, 2–3
Sedition Act (1798), 11
Signals Intelligence (SIGINT), 113, 128–29
Smith v. Maryland (1979), 38, 39, 60, 64, 72
Special Assistant to the President for Privacy, proposal for, xxi
Stone, Harlan Fiske, 15
subpoenas, 42–43; administrative subpoenas, 44n72, 47; comparison between the traditional subpoena and section 215, 42
surveillance of foreign leaders/nations. See foreign leaders/nations, surveillance of
surveillance of non-US persons, 109–11. See also Privacy Act (1974), application of to non-US persons; section 702, privacy protections for non-US persons
surveillance of US persons. See National Security Letters (NSLs); Privacy Act (1974), application of to US persons; secrecy; section 215, and “ordinary” business records; section 215 bulk telephony meta-data program; transparency; section 702, privacy protections for US persons
Swire, Peter, 141n163, 174n175
terrorism/terrorist attacks, 1–2, 27–29, 105; 9/11, 1, 27; al-Qa’ida, 113, 114; al-Qa’ida-related groups, 113; and the global communications network, 27; “Lone Wolf” terrorism, 113; and the necessity of detection in advance, 27–28; and weapons of mass destruction, 27, 28
trade and commerce: international trade and economic growth, 155–58; risks to, 6
Transatlantic Trade and Investment Partnership (T-TIP), 156
transparency, 165, 166–67; improving the transparency of FISC decisions, 151–52; lack of, 152; and the promotion of accountability, 152; recommendation for, xxvii, 73. See also secrecy vs. transparency issue
trust, public, 6, 9, 35, 69, 135, 139, 145, 159
United Nations, and Internet governance, 159–60
United States, goals of: promoting other national security and foreign policy interests, xii–xiii; promoting prosperity, security, and openness in a networked world, xiii; protecting democracy, civil liberties, and the rule of law, xiii; protecting the nation against threats to our national security, xii; protecting the right to privacy, xiii; protecting strategic alliances, xiii–xiv
United States v. Cuevas-Perez (2011), 69
United States v. Jones (2012), 39–40, 69
United States v. United States District Court for the Eastern District of Michigan (1972), 21
United States v. Verdugo-Urquidez (1990), 102n151, 103n152
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act. See USA PATRIOT Act
Universal Declaration of Human Rights, Article 12, 82n126, 105
US Agency for International Development, 159
US Code: Title 10, 137; Title 50, 137
US Constitution, 23; First Amendment, 13, 37n54, 41n68, 46, 47n81, 53, 66, 108, 159; Fourth Amendment, xvi, 2, 17, 20–21, 37, 38, 39, 40, 62, 64, 88, 91, 92, 97, 100, 101, 102–3, 102n151, 103n152; on security, 3
US model of Internet governance, recommendation for, xxxvii, 168–70
US person, definition of, 53n93, 86
US Senate Select Committee on Intelligence, 94
US Senate Select Committee to Study Governmental Operations with Respect to Intelligence Activities. See Church Committee
US Signals Intelligence Directive 18 (USSID-18) (NSA), 26n45
USA PATRIOT Act (2001), 35, 39; expansion of the FBI’s authority to issue NSLs, 45; section 215, 35, 36
USA PATRIOT Improvement and Reauthorization Act (2005), section 215, 36–37, 37n54 (see also section 215, and “ordinary” business records; section 215 bulk telephony meta-data program)
Vietnam, as a supporter of localization requirements for Internet governance, 160
Vietnam War, government surveillance of alleged “subversives” in the antiwar movement during, 11, 12–13
“Web Is Flat, The” (Mayer), 131n160
whistle-blowing, 77–78, 78n124, 144
World War I, suppression of dissent during, 11
World War II: and the breaking of German and Japanese codes, 133; internment of Japanese-Americans during, 11; SIGINT during, 128
Y2K software upgrades, 193
Zazi, Najibullah, 93
Zero Day attacks, 164, 194; recommendation for, xxxvi–xxxvii, 163–64, 164–65