Even before opening his stocking on Christmas morning, Barack Obama has his holiday reading cut out for him. His Review Group on Intelligence and Surveillance Technologies has handed him a 300-page report, with 46 recommendations that he and his advisers will be under pressure to address as soon as possible.
The report’s recommendations could, if implemented, have a major impact on US intelligence’s ability to collect civilian data, and would mean that certain kinds of collection (such as spying on foreign leaders) would have to be cleared at a higher level than is currently required. The White House is so far hedging its response to the report, with spokesman Jay Carney describing it as “extremely dense and substantive”, but there is no doubt it is a direct response to the Snowden revelations – and that its recommendations take a sweeping approach to the question of privacy and surveillance.
This is evident in the two guiding principles the report lays out early on: first, “The United States Government must protect, at once, two different forms of security: national security and personal privacy”; and second, “The central task is one of risk management; multiple risks are involved, and all of them must be considered”.
With these two principles, the group gave itself an imperative to move beyond an approach to counter-terrorism that pitches security against liberty – a call for innovation in the ways we reconcile privacy interests with security-related risk management.
To that end, the task force proposes various institutional and legal reforms that might provide a mechanism to bring the NSA under constitutional control while still affording it latitude to act for bona fide security reasons. One proposal in particular neatly encapsulate the commitment to a more textured approach to the relationship between security and privacy.
With respect to domestic surveillance, the group raises concerns about NSA collection of metadata for civil liberties including privacy. The solution proposed is not that metadata would not be collected, but rather that this would be done by a private third party (currently thought most likely to be the telecommunications companies), with the state able to access it where security concerns demand. Perceiving this to be less risky from a privacy perspective, the report places significant faith in the ability to properly restrict government access to such privately-held information.
For those familiar with data retention policies in the EU, this scheme is very reminiscent of the EU Data Retention Directive, which has proved hugely controversial. Just last week, the EU advocate general, Cruz Villalón, recommended that the Data Retention Directive be struck down. He was of the opinion that obliging telecommunications companies to retain data on personal communications seriously interferes with the right to privacy. Of particular concern was the fact that the directive does not adequately restrict governments’ access to such information and sets the maximum retention period at two years – which he considered to be disproportionate.
While the judgment of the court is yet to come, the long-running saga of the Data Retention Directive should serve as a salutary tale of the importance of reasonable retention periods and strict limitations on access to data.
When it comes to surveillance of non-US nationals, one of the most interesting proposals is for institutional reform of the FISC—the Foreign Intelligence Surveillance Court. The group recommends the establishment of a Public Interest Advocate for the court, recognising that, as it currently operates, the FISC is not presented with legal arguments in an adversarial procedure. Rather, it is required to decide often quite complex questions of law without the benefit of numerous advocates working through the legal argumentation.
Where these kinds of questions arise, the report acknowledges: “an adversary presentation of the competing arguments is likely to result in a better decision”. The Public Interest Advocate as proposed would have the task of “represent[ing] the interests of those whose rights of privacy or civil liberties might be at stake” and would appear in a case at the invitation of the judge.
Security versus liberty
Whenever we try to impose a process that would limit surveillance powers, the major challenge is how to make that process sufficiently rigorous without compromising security. It is not operationally reasonable to expect that where a government agency considers someone to be a sufficient threat to propose spying on them, the suspect ought to be able to appear in court and argue the case against such measures. This is not because there are no legitimate privacy arguments to be made, but rather because if they are a terrorist such advance notice would severely compromise the security operation itself.
In the UK we have so far tried to manage this tension in judicial proceedings by using Special Advocates; something similar operates in Guantánamo Bay. But the Public Interest Advocate as proposed allows for civil liberties concerns to be argued in full and in an adversarial process, even when the proposed target of surveillance is unaware of the proceedings. Assuming it operates effectively, the Public Interest Advocate would seem to offer a neat ex ante mechanism to ensure that all perspectives have already been taken into account when the decision about surveillance is taken.
The report as a whole makes for interesting reading, not least because of its insistence on going beyond an oppositional approach to security and liberty. This significantly advances the operational and political debate in a way that researchers in the field have sought for quite some time. Whether the report will lead to meaningful reform is questionable, but its approach is certainly to be commended.