It has been a month since former State Department section chief for Internet freedom John Napier Tye wrote a Washington Post Op-Ed warning about Executive Order 12333 -- the order the executive branch uses to self-authorize spying overseas. "The order as used today," Tye wrote, "threatens our democracy." Since that time, his concerns have generated enough attention -- in part because of his testimony to the Privacy and Civil Liberties Oversight Board and a New York Times article on the order -- that the Director of National Intelligence Civil Liberties Officer Alexander Joel has seen fit to try to rebut Tye's claims.
In a column at Politico, Joel engages in some of the same old misleading jargon the intelligence community has used for 14 months, emphasizing that the NSA won't "target" an American without the assertion he has some tie to a foreign power. To his credit, Joel -- unlike some others who have adopted this argument -- admits that U.S. communications get picked up in the process of targeting others (though he implies those are communications about Americans, not by them).
Then Joel makes a boast that President Obama has implemented reforms to rein in EO 12333, which actually reveals the real problem with this claim. He points to Presidential Policy Directive 28, which Obama issued in January in response to Edward Snowden's leaks. Joel applauds the limits Obama placed on bulk collection in the PPD.
What that PPD actually permits, however, is the collection of communications in bulk -- that is, the collection of all communications from a cable or switch -- "temporarily ... to facilitate targeted collection," and more permanently, in search of espionage, terrorism, weapons proliferation, cybersecurity threats, threats to U.S. or allied armed forces or personnel, and transnational criminal threats, including illicit finance and sanctions violations. In fact, the limits on "bulk" collection are so expansive, PPD 28 would be better understood as an admission that Joel's reassurances about "targeting" are pretty meaningless, because so much collection happens in bulk.
Moreover, Joel doesn't address a key point Tye made in his PCLOB testimony. "Because of the structure of the global Internet," Tye explained, "a very large portion of Americans' communications are available for collection outside of our borders." To illustrate this, Tye described how an email sent two blocks from where he was speaking to the White House would be available for foreign collection on servers overseas. "Let's say hypothetically I was using Gmail, or Yahoo, or another big email provider, and sitting right here I sent an email to the President at that White House just two blocks away," Tye imagined. "It's almost certain that that email would be stored on servers around the world."
Tye's example is in no way hypothetical. As the Post revealed last year, the NSA was in fact breaking into Google and Yahoo's cables to access communications stored on servers overseas.
And all this treats just content. Joel makes no mention of the NSA's rules on access to Americans' metadata overseas. Documents released by both the government and Edward Snowden reveal that, at the same time as the government started admitting to illegal domestic collection that would ultimately lead to the shutdown of the U.S.-based Internet metadata program, NSA was implementing looser rules permitting analysts to conduct analysis including Americans' metadata collected overseas.
Metadata is tremendously revealing. As former NSA Director Michael Hayden admitted in May, "we kill people based on metadata." While most Americans' lives probably aren't at risk from the government accessing their metadata overseas, their privacy surely is.
And Joel's claim,"Oversight [of EO 12333 collection] is extensive and multi-layered," rings hollow. He lists four oversight positions at three executive branch agencies, then points to three more executive branch agencies he claims have a role. Having the executive oversee the executive spying on Americans poses precisely the kind of threat to our democracy Tye raised.
Then Joel claims, "Congress has the power to oversee, authorize and fund these activities." Of course, that's different from Congress actually using that power. Moreover, the record suggests Congress may not currently have the power to do anything but defund such spying, assuming they even know about it. Senate Intelligence Committee chairwoman Dianne Feinstein admitted last August that her committee doesn't receive adequate information on EO 12333 collection. Joel's boss, James Clapper, refused to answer a question from Sen. Amy Klobuchar on EO 12333 violations in a hearing in October. And when Sen. Mark Udall suggested a "vast trove" of Americans' communications collected overseas should be provided the protections laid out in FISA, Assistant Attorney General John Carlin explained the National Security Division -- the part of DOJ he oversees, which has a central role in oversight under FISA -- would not have a role in that case because the collection occurred under EO 12333.
In his column, Joel makes no mention of the third branch of government: the courts. That's because, as ACLU's Patrick Toomey laid out last week, the government doesn't give defendants any notice if their prosecutions arise from data collected under EO 12333. Criminal prosecutions are where some of the most important oversight on executive branch spying takes place. By exempting EO 12333 from any such notice, then, the government is bypassing another critical check on potentially abusive spying.
Back in 1978, our government decided that both Congress and the courts should have a role when the executive branch spied on Americans. That was the entire premise behind the FISA law. But by moving more and more of its spying overseas, the government can and -- apparently, at least to a limited extent -- is bypassing the oversight accorded through three branches of government.