Yesterday, the Ninth Circuit Court of Appeals dismissed a lawsuit against the U.S. Government by Al-Haramain Islamic Foundation, a now-defunct charity that federal agents said was a terrorist group. In the opinion, the Ninth Circuit appears to agree with a common sense reading of federal statutes generally requiring a warrant before investigators may obtain access to the contents of communications. Nevertheless, the Court held that violating that requirement has no remedy. Aggrieved parties cannot sue the U.S. for unlawful warrantless collection of messages. A right without a remedy is no right at all.
In Al-Haramain v. Obama, the charity inadvertently discovered that it and its lawyers were the subject of warrantless wiretapping when it obtained a copy of a secret Treasury Department document. Because the document was protected by the state secrets doctrine, the lawyers were not allowed to use or refer to the document and the District Court insisted the plaintiff make its case with reference to only public information. It was eventually able to show that it was subject to surveillance and demonstrate on summary judgement that the warrantless surveillance violated section 1810 of the Foreign Intelligence Surveillance Act (FISA). The group won attorney's fees and costs.
In its recent opinion, the Ninth Circuit overturned that ruling, holding that the United States cannot be sued for such warrantless wiretapping because it has not waived sovereign immunity for claims under section 1810 of FISA. Rather, federal law only explicitly says the U.S. is subject to suit under section 1806 of FISA, which prohibits improper use or disclosure of intercepted communications. Therefore, the Al-Haramain suit was barred.
Giving the United States a pass on improper collection is a travesty of justice. Here's why.
The evidence we have indicates the government accesses and copies all wire and electronic communications, whether domestic or foreign, as they pass through provider switching stations and stores that information for later data mining. James Bamford, the nation's leading authority on the National Security Agency and surveillance, reported this in his wonderfully written and exhaustively researched book The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America. Our communications are going to be stored in a massive facility in Utah for subsequent datamining. Former NSA employees and whistleblowers have also provided evidence that the NSA is vaccumming up communications wholesale by installing fiber optic splitters on telecommunications trunk lines. Former AT&T employee Mark Klein provided testimony and documents showing that the NSA had built a secret room inside the AT&T office on Folsom Street in San Francisco, and was using fiber optic splitters and high-tech network analysis tools to access, copy and analyse all communication coming in through that trunk line, which included purely domestic calls and emails, as well as messages from American's to people overseas. Former NSA employee William Binney also gave evidence that the NSA is engaged in indiscriminate mass surveillance. Referring to the gigantic data storage facility being constructed by NSA in Utah, Binney wrote:
The sheer size of that capacity indicates that the NSA is not filtering personal electronic communications such as email before storage but is, in fact, storing all that they are collecting. The capacity of NSA’s planned infrastructure far exceeds the capacity necessary for the storage of discreet, targeted communications or even for the storage of the routing information from all electronic communications. The capacity of NSA’s planned infrastructure is consistent, as a mathematical matter, with seizing both the routing information and the contents of all electronic communications.
Julian Sanchez has studied what little public information there is from the Foreign Intelligence Surveillance Court (FISC) and been able to deduce, like Kremlin readers of old, that the U.S.'s standard procedure electronic surveillance is that “large amounts of information are collected by automatic recording to be minimized after the fact.”
According to Al-Haramain, even if FISA prohibits such mass surveillance, there's no remedy for it. Victims, by which I mean everyone, cannot sue the United States. Nor can we sue responsible officials in their personal capacity, because the surveillance is official policy.
The Catch-22 is made complete when we remember that the very telecommunications providers who enabled the government to commit illegal interception by opening up their networks to fiber optic splitter boxes and secret NSA rooms are immune from suit as well. The Electronic Frontier Foundation (EFF) had sued AT&T for allowing the government on its network without a warrant, based on the information provided by Klein. That suit, Hepting v. AT&T, and others against telecom providers, were dismissed after Congress passed the FISA Amendments Act (FISAAA) in 2008. FISAAA, among other misdeeds, allowed the Bush administration to give telecom companies in pending lawsuits immunity for their participation in illegal spying.
The Court does identify some FISA violations for which we can sue. As the Court explains:
Contrasting § 1810 liability, for which sovereign immunity is not explicitly waived, with § 1806 liability, for which it is, also illuminates congressional purpose. Liability under the two sections, while similar in its reach, is not identical. Section 1806, combined with 18 U.S.C. § 2712, renders the United States liable only for the “use[ ] and disclos[ure]” of information “by Federal officers and employees” in an unlawful manner. Section 1810, by contrast, also creates liability for the actual collection of the information in the first place, targeting “electronic surveillance or . . . disclos[ure] or use[ ]” of that information. (emphasis added). Under this scheme, Al-Haramain can bring a suit for damages against the United States for use of the collected information, but cannot bring suit against the government for collection of the information itself. Cf. ACLU v. NSA, 493 F.3d 644, 671 (6th Cir. 2007) (Lead Opinion of Batchelder, J.) (noting that FISA potentially allows limitless information collection upon issuance of warrant, but limits use and dissemination of information under, inter alia, § 1806(a)).
But, for the limited offenses of improper use or disclosure of collected information that the Ninth Circuit says have a remedy, the practical obstacles to such a suit are almost insurmountable. As the trial court judge in Al-Haramain pointed out, "unlike the electronic surveillance carried out by federal law enforcement agencies under the general wiretap statute, Title III, 18 USC §§ 2510-22, much of the electronic surveillance undertaken for national security purposes does not result in criminal proceedings in which the existence of the surveillance evidence would be disclosed as a matter of course. Moreover, unlike Title III, FISA does not require that the target of an electronic surveillance ever be informed of its occurrence."
When it comes to warrantless surveillance, the law on the books is just ink on paper.
What good can be gleaned from Al-Haramain?
First, I'm very glad that the Cybersecurity Act did not pass Congress this term, and we have time to truly consider the language in that 211 page bill. Seemingly little things, like whether the statute says you can sue "the United States" (waiving statutory immunity) or "any person" (excluding suits against the government) make all the difference when it comes to enforcing privacy protections.
Second, the Al-Haramain opinion contains a tiny silver lining. The Court distinguishes between "collection of information in the first place", for which no civil suit lies against the government (§1810), and "use and disclosure" of such information, for which the government can be held liable (§1806).
This is not an idle point. In public statements and congressional hearings regarding U.S. surveillance practices, the Director of NSA, General Keith Alexander disavowed wholesale interception of American's communications. According to Senator Ron Wyden, we simply do not know what the NSA is actually doing, because it will not tell Congress. As near as we can tell, government officials keep a straight face when claiming NSA does not indiscriminately collect and copy communications based on a kind of double-think about the meaning of the word "collect". As Julian Sanchez points out, in the few official statements we have about national security surveillance, government agencies consider information "collected" at the point a human receives the data for analysis, not at the point that a machine intercepts, accesses and copies the data.
The Defense Department’s somewhat counterintuitive definition of “collection” for intelligence purposes. As the Department’s procedures manual explains: Information shall be considered as “collected” only when it has been received for use by an employee of a DoD intelligence component in the course of his official duties…. Data acquired by electronic means is “collected” only when it has been processed into intelligible form.
In other words, neither the executive agencies nor the FISC are imposing statutory or Fourth Amendment considerations at the point of wholesale collection of communications data, but only later when the messages are pulled out of the database and sent to a government employee. Sanchez again:
This is a huge departure from what has traditionally been understood to be constitutionally permitted. We do not normally allow the government to indiscriminately make copies of everyone’s private correspondence, so long as they promise not to read it without a warrant: The copying itself is supposed to require a warrant, except in extraordinary circumstances. It appears almost certain that a very different rule is in effect now, at least for the NSA.
The good news is, on the Al-Haramain Court's reading of FISA, collection is separate and distinct from use, and also, technically, prohibited under FISA. This contradicts the government's Orwellian position that the vast databases of calls, emails and faxes do not constitute a collection of communications data. The bad news is, without a waiver of sovereign immunity, there is not much we can do about it via the judicial system.
Thus, I join the Ninth Circuit panel in issuing a call to Congress. "Although [soverign immunity for collection but not use or disclosure] may seem anomalous and even unfair, the policy judgment is one for Congress, not the courts." But I'm not going to hold my breath.