The slow-moving gears of surveillance and privacy reform churned out their first result in the early hours of Monday after the US Senate failed to stop the scheduled sunset of portions of the US Patriot Act that were used to justify the bulk collection of American phone records.
These Bush-era provisions, which include the controversial Section 215, expired at 12:01 am and will be replaced in all likelihood later this week by the USA Freedom Act—a middling attempt at reform that comes with only slightly increased transparency and accountability.
It may seem strange for any non-US citizen to care about the forced expiration of a piece of American legislation that was passed over 14 years ago. And yet, after the global surveillance disclosures made by whistleblower Edward Snowden in 2013, the Patriot Act has become both a focal point for privacy and intelligence reform and a symbol of how national security legislation across the world is being twisted to enable a global surveillance society.
The events of the past weekend, therefore, represent a tipping point, one which can be used to effect a clean break from the 9/11-surveillance era. As with any tipping point, it becomes crucial to identify the difference between purely symbolic victories and what has really been gained.
Mainstream media and activist organisations across the world have been quick to point out the obvious: that the inability of the Senate to extend the provisions of the Patriot Act represent the first real rollback of US spy powers since the late 1970s, which was when the Foreign Intelligence Surveillance Act was enacted.
This rollback, small as it may be, is a result of growing antipathy towards mass surveillance amongst the American public—with 60 per cent of voters now believing the Patriot Act ought to be reformed, according to a recent American Civil Liberties Union study— and two US federal court rulings that deemed the bulk collection of telephone metadata to be “unlawful” and “likely unconstitutional”.
Even with the new USA Freedom Act on its way, the illegal, non-specific large-scale collection of telephone metadata is now a thing of the past, which is a development that is cause for genuine celebration. In this, civil society and activist institutions such as the ACLU— which led the legal charge against Director of National Intelligence James Clapper—and the Electronic Frontier Foundation deserve applause for tackling the low-hanging surveillance fruit in such an effective manner. It took exactly six months from the time that the The Guardian published its initial story regarding the bulk collection of American phone records for a US federal judge to declare it “likely unconstitutional” and a little over a year before a reformed piece of national security legislation was placed before Congress.
The challenge for the American public, politicians and civil society, however, is to convert these largely symbolic victories into a form of change that is meaningful and lasting: the USA Freedom Act, which will replace the expired provisions of the Patriot Act if passed later this week, represents at best only mild reform. Civil society and activist institutions find themselves divided over the new legislation, with some declaring that they are neutral towards it while others trot out the old ‘some form of reform is better than none’ argument.
While the USA Freedom Act officially brings an end to the bulk collection of calling records—which was legally justified under Section 215 of the Patriot Act—by requiring collection to be limited to instances where “reasonable and articulable suspicion” is present and where a “specific selection term” can be used, it comes with no clearly mandated procedures with regard to data retention and instead introduces a ‘second hop’ data collection process that may allow for collection of records in circumstances with less than “reasonable and articulable suspicion”.
Mass online surveillance remains
But more importantly, and more disappointingly, we find ourselves nowhere closer to disentangling the Gordian knot of mass online surveillance that was made clear back in 2013: the USA Freedom Act does not concern itself with Section 702 of the FISA Amendments Act which serves as the legal basis for the PRISM and “upstream” mass Internet surveillance programmes that affect the citizens of nearly every major country across the world. This is primarily because these battles are fought in the domain of foreign intelligence, a politically sensitive area that produces little consensus in the balance between national security and civil liberties.
Reform today, therefore, consists of activists and legislators—with an acute sense of justifiable paranoia—poring over and debating the definition of simple words like ‘specific’, ‘relevance’ and ‘target’ while intelligence agencies concoct ever more intricate and illegal ways of carrying out global surveillance.
Consider one of the earliest methods of intelligence sharing and mass surveillance that was exposed by Snowden: since British law does not allow the country’s intelligence agencies to engage in electronic snooping, the UK was allegedly allowed access to the United States’ PRISM programme, thus giving it the ability to snoop without breaking any domestic laws. Not only is this process non-transparent and unaccountable, it also renders itself impervious to domestic reform: what use is it working for five years on hammering out the definitions of terms for a domestic law, when the foreign intelligence operations of another sovereign country undermine that process?
The principle of parallel construction in criminal enforcement and the ‘collect it all, use it later’ nature of foreign intelligence spur agencies such as the NSA and GCHQ into constructing an infinite number of ways of collecting the same piece of information.
How are we to start unraveling the knot of online surveillance? The first method of reform is one that is already clear: slow, baby steps towards changing legislation and clarifying definitions. The other, and more hostile, method involves notions of digital sovereignty of the kind seen in China, Russia and to a lesser extent Brazil, where critical Internet infrastructure is controlled closely and there is a reduction in reliance on American Internet companies for hardware and software services. While a merging of these two paths may seem to be a natural step, it remains unclear how they can both be used together effectively to handle the issue of surveillance.
Nevertheless, if there is one thing we should take away from the post-9/11 surveillance era, it is that we cannot afford to put off the balancing of security and privacy in a constitutional context. For every time we do so, we only entangle ourselves further.