Below is the full text of an email sent to my Senator in response to her email defending the Prism and the Verizon metadata collection programs (edited for formatting only). It does not contain the whole of my opinion on the subject, either as a citizen or as an employee of a technology company subject to subpoenas, warrants, and National Security Letters for users' data, but this is certainly sufficient as a long overdue response to the controversy.
All comments expressed below are my own personal opinion and do not necessarily represent those of my employer or alma mater.
Dear Parker:
I received your communication indicating your concerns about the two National Security Agency programs that have been in the news recently. I appreciate that you took the time to write on this important issue and welcome the opportunity to respond.
Dear Senator Feinstein,
Thank you for taking the time to respond to the petition about the Prism and Verizon metadata collection programs that I signed. However, I would like to point out several factual inaccuracies in your email about these (and other newly-revealed) surveillance programs, which I've taken the liberty of interspersing inline for readability:
First, I understand your concerns and want to point out that by law, the government cannot listen to an American's telephone calls or read their emails without a court warrant issued upon a showing of probable cause.
Let's ignore the fact that the EPCA currently requires only a subpoena, not a warrant, to compel an email service provider to turn over all digital records over 180 days old.
According to recent revelations about the X-Keyscore project, the NSA is regularly partaking in the capture of unencrypted electronic communication from fiber tap points inside and outside the United States (in conjunction with other international agencies). This includes "nearly everything a typical user does on the Internet", which includes the SMTP protocol used by email service providers, one of which I work for, and up to 75% of domestic Internet traffic. In this method, the NSA "touches" more of the Internet's traffic than Google: chats, emails, websites, video, everything. Scanning, filtering, and capturing content such as email in this manner are as much "reading" my email as opening the letters I mail, looking for highlighted phrases, and photocopying it for storage.
As for the "American" part of that statement, internal audits have found that the NSA requires only a "reasonable belief", a 51% probability, that a target is foreign and the NSA itself has admitted to "incidentally" scooping up the digital records of Americans and has demonstrated the ability to perform warrantless searches for emails of Americans, either though national security letters or deep packet inspection as used in the X-Keyscore project. The NSA regularly violates the privacy laws of the United States (and other countries) through this inspection. FISC judge John Bates wrote in an October 2011 opinion that "the NSA may be acquiring as many as 46,000 wholly domestic [single communication transactions] each year."
As is described in the attachment to this letter provided by the Executive Branch, the programs that were recently disclosed have to do with information about phone calls – the kind of information that you might find on a telephone bill –
Unfortunately, presumably in an effort to save paper, AT&T has eliminated the types of information from my telephone bill that the NSA presumably regularly collects on me. I also have never previously seen this information on AT&T's website. The NSA has a better record of who I call, when, and for how long than I do on my telephone bills or my telephone. And while it has not been confirmed, there is evidence to suggest that the collection of location data is both technically feasibly and likely already underway, further personally identifying myself and my whereabouts to the government without my permission and likely declared as an illegal Fourth Amendment search under United States v Jones and indicated by the New Jersey Supreme Court.
– in one case, and the internet communications (such as email) of non-Americans outside the United States in the other case.
Please see my points in the second paragraph.
Both programs are subject to checks and balances, and oversight by the Executive Branch, the Congress, and the Judiciary.
I believe you, I really do. The question is not whether there are checks and balances, but whether there are appropriate checks and balances. Many of your colleagues do not feel as you do. Internal findings have shown the NSA has repeatedly violated internal safeguards, and has the technical ability, but not the appropriate processes, to violate the privacy of all Americans.
FISC Judge John Bates noted in an 85-page opinion that his court originally approved the NSA's ability to capture a more limited and targeted amount of data. He writes: "In conducting its review and granting those approvals, the Court did not take into account NSA's acquisition of Internet transactions, which now materially and fundamentally alters the statutory and constitutional analysis."
Rep. James Sensenbrenner, one of the authors of the PATRIOT act, has filed an amicus brief in ACLU v. Clapper in which he writes: "The vast majority of the records collected will have no relation to the investigation of terrorism at all. This collection of millions of unrelated records is built-in to the mass call collection program. Defendants' theory of 'relevance' is simply beyond any reasonable understanding of the word."
As Chairman of the Senate Intelligence Committee, I can tell you that I believe the oversight we have conducted is strong and effective and I am doing my level best to get more information declassified.
I'm pretty sure that will continue to be taken care of for you by journalists around the world with greater speed and completeness than our government's efforts. We need more transparency without attempting to make half-hearted rebuttals and defenses for these programs and invoking state secrets. Without the government being willing to be fully transparent with its citizens about the existence and full purposes and capabilities of these programs, and the legal justification for them, we cannot trust the oversight of unaccountable branches of government.
Please know that it is equally frustrating to me, as it is to you, that I cannot provide more detail on the value these programs provide and the strict limitations placed on how this information is used. I take serious my responsibility to make sure intelligence programs are effective, but I work equally hard to ensure that intelligence activities strictly comply with the Constitution and our laws and protect Americans' privacy rights.
I would love to see the rulings from the FISC that justify the programs as legal; as of yet, all we've seen declassified are rulings that say they are not, such as the October 2011 ruling in which the FISC found that collection carried out under the NSA's minimization procedures was unconstitutional, and statements from the Director of National Intelligence admitting surveillance that was "unreasonable under the Fourth Amendment" and that "circumvented the spirit of the law." Your colleagues are working in a bipartisan manner to attempt to declassify many of these opinions, and yet as Chairman of the Intelligence Committee, I can't help but miss your name on that roster of sponsors; I hope you're indeed working with them on this effort.
These surveillance programs have proven to be very effective in identifying terrorists, their activities, and those associated with terrorist plots, and in allowing the Intelligence Community and the Federal Bureau of Investigation to prevent numerous terrorist attacks. More information on this should be forthcoming.
Not only has Congress been briefed on these programs, but laws passed and enacted since 9/11 specifically authorize them.
"Authorize them" in the sense that Section 215 of the Patriot Act was poorly written to encompass "business records" for parties "relevant to an authorized investigation" OR pertaining either to a suspected "agent of a foreign power" or someone in direct contact with the suspect, or pertaining to the "activities" of a suspect, rather than "relevant to the authorized investigation" AND with agency, contact, or shared activity. This means that all sorts of other business records might be "relevant" and meet the criteria as authorized, as the recent NSA leaks and thus by proxy the FISC have shown us they believe to be true.
The surveillance programs are authorized by the Foreign Intelligence Surveillance Act (FISA), which itself was enacted by Congress in 1978 to establish the legal structure to carry out these programs, but also to prevent government abuses, such as surveillance of Americans without approval from the federal courts. The Act authorizes the government to gather communications and other information for foreign intelligence purposes. It also establishes privacy protections, oversight mechanisms (including court review), and other restrictions to protect privacy rights of Americans.
The laws that have established and reauthorized these programs since 9/11 have passed by mostly overwhelming margins. For example, the phone call business record program was reauthorized most recently on May 26, 2011 by a vote of 72-23 in the Senate and 250-153 in the House. The internet communications program was reauthorized most recently on December 30, 2012 by a vote of 73-22 in the Senate and 301-118 in the House.
And yet while the FISC is happy to continue the renewal of these programs as it did on July 19, some of our esteemed elected representatives in the House are not so happy: "In terms of the oversight function, I feel inadequate most of the time," said Rep. Jan Schakowsky (D-IL), a member of the House Intelligence Committee. Bulk surveillance "certainly was approved by Congress. Was it approved by a fully knowing Congress? That is not the case."
And a few weeks ago we saw the House of Representatives came within eight votes of defunding the NSA program that collects telephone metadata by amendment.
Attached to this letter is a brief summary of the two intelligence surveillance programs that were recently disclosed in media articles. While I very much regret the disclosure of classified information in a way that will damage our ability to identify and stop terrorist activity, I believe it is important to ensure that the public record now available on these programs is accurate and provided with the proper context.
These programs may provide some security, but I believe our security as a nation is worth little if the values of freedom, personal privacy, and transparency and accountability in democratic government are ruined in the process. I therefore welcome any and all further information on these programs in order to promote a healthy, accurate understanding of their Constitutional context.
Again, thank you for contacting me with your concerns and comments. I appreciate knowing your views and hope you continue to inform me of issues that matter to you.
Sincerely yours,
Dianne Feinstein
United States Senator
Sincerely yours,
H. Parker Shelton
Microsoft Corporation
Johns Hopkins University '10
All comments expressed above are my own personal opinion and do not necessarily represent those of my employer or alma mater.