David Greene, EFF Senior Staf Attorney Katita !odrigue, EFF "nternational !ig#ts Director This document was produced by the Electronic Frontier Foundation (EFF), an international non-governmental organization with nearly 30,000 members worldwide rom over !00 countries, dedicated to the protection o everyone"s right to privacy, reedom o e#pression, and association$ Founded in !%%0, EFF engages in strategic litigation, policy, and advocacy in the &nited 'tates and wor(s in a range o international and national policy venues to promote balanced laws that protect human rights, oster innovation, and empower consumers$ EFF is based in 'an Francisco and was one o the (ey civil society groups involved in the drating o the )ecessary and *roportionate +uiding *rinciples$ ELECTRONIC FRONTIER FOUNDATION EFF$%!G & Table of Contents Foreword$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 3 E#ecutive 'ummary$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ , - .rie 'urvey o /ngoing )'- 'urveillance -ctivities$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0 /rigins o the 1urrent *rograms$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0 2nown /ngoing 3ass 'urveillance -ctivities$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 4 F5'- 'ection 607 (00 &$'$1$ sec$ !88!a)$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 4 9&pstream:$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 6 *;5'3$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 6 &'- *-T;5/T -ct 'ection 7!0$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 6 1-<< =ET-5< ;E1/;=' 1/<<E1T5/)$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 8 E#ecutive /rder (E/) !7333$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 8 3>'T51$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ % 3&'1&<-;$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ % ?2E>'1/;E$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ % .&<<;&)$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ % =5'@F5;E$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !0 1/-T;-AE<E;$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !0 &' <egal 1hallenges to )'- 'urveillance$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !0 1hallenges to 9&pstream: 5nternet 'urveillance$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !0 1hallenges to 'ection 7!0 Telephone 1all =etail ;ecords 1ollection$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$!! -pplication o the *rinciples to &' 'urveillance$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !7 =eBinitions$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !7 93etadata:C:1ontent: =istinction$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !7 .ul( and *ersistent 'urveillance$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !, 91ollection: D 9'urveillance: D 5ntererence with *rivacy$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$!0 -pplying the *rinciples$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !0 The <egality *rinciple$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !0 )ecessity and *roportionality in *ursuit o a <egitimate -im$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$!4 1ompetent Eudicial -uthority$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !6 =ue *rocess$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !8 &ser )otiBication$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !% Transparency and *ublic /versight$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !% 5ntegrity o 1ommunications and 'ystems$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 7! E#traterritorial -pplication o @uman ;ights <aw$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 7! EFual *rivacy *rotection For Everyone$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 73 1onclusion$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 73 ELECTRONIC FRONTIER FOUNDATION EFF$%!G ' Foreword The ocus o this paper is to show how the publicly-(nown )ational 'ecurity -gency ()'-) surveillance operations constitute a violation o human rights as deBined by international human rights norms$ EFF supports the concluding recommendation o the 70!, @uman ;ights 1ommittee ! on the &nited 'tates" compliance with the 5nternational 1ovenant on 1ivil and *olitical ;ights (511*;), which calls upon the &nited 'tates to ta(e measures to ensure that any intererence with the right to privacy comply with the principles o legality, proportionality, and necessity regardless o the nationality or location o individuals whose communications are under direct surveillance$ 7 Ge have used the 5nternational *rinciples on the -pplication o @uman ;ights to 1ommunications 'urveillance (the 9)ecessary and *roportionate *rinciples: or 9Thirteen *rinciples:) 3 as a guiding ramewor( to e#plain how the &nited 'tates is currently ailing to implement those e#isting human rights protections$ The *rinciples have been endorsed by ,00 organizationsH they have also gathered support rom European and 1anadian *arliamentarians, political parties in several 'tates, , and various prominent domain e#perts$ 0 The *rinciples were developed to apply e#isting human rights law to the issues arising rom the technically sophisticated and pervasive digital surveillance o ordinary individuals$ This is, o course, most relevant to the communications surveillance 6 being conducted by the )'- and +1@I$ .ut similarly intrusive practices are also achievable, and are li(ely currently practiced, by many 'tates$ EFF believes that, in order to restore the strong protections provided or by international human rights law, we do not need a new human rights ramewor($ 5nstead, we need to interpret and apply e#isting human rights protections appropriately in light o new technological developments and changing patterns o communications, and do so with an ! The @uman ;ights 1ommittee is the treaty body that monitors 'tate implementation o the 511*;, the main human rights treaty$ 7 The @uman ;ights 1ommitteeJs 1oncluding /bservations during its !!0 th session$ httpKCCtbinternet$ohchr$orgCLlayoutsCtreatybodye#ternalC'ession=etails!$asp#M'ession5=D470N<angDen 3 95nternational *rinciples on the -pplication o @uman ;ights to 1ommunications 'urveillance$: -vailable in over thirty languages$ Euly !0, 70!3$ httpsKCCnecessaryandproportionate$orgCte#t , httpsKCCnecessaryandproportionate$orgCte#tOelectedLoBicialsLpoliticalLparties 0 httpsKCCnecessaryandproportionate$orgCte#tOe#perts 4 -ccording to the *rinciples, 91ommunications surveillanceP in the modern environment encompasses the monitoring, interception, collection, analysis, use, preservation and retention o, intererence with, or access to inormation that includes, reBlects, arises rom or is about a person"s communications in the past, present, or uture$ P1ommunicationsP include activities, interactions, and transactions transmitted through electronic media, such as content o communications, the identity o the parties to the communications, location- trac(ing inormation including 5* addresses, the time and duration o communications, and identiBiers o communication eFuipment used in communications$ ELECTRONIC FRONTIER FOUNDATION EFF$%!G ( intention to protect human rights$ -s with all human rights protections, we need to implement these steps in domestic laws to ensure everyone"s right o privacy remains legally protected in the digital age$ Executive Suar! -s set orth below, the &' mass communications surveillance programs, as conducted by the )'- and e#posed by Edward 'nowden and other whistleblowers, violate several o the )ecessary and *roportionate *rinciplesK Q The )'- surveillance lac(s 9legality: in that )'- surveillance laws are largely governed by a body o secret law developed by a secret court, the Foreign 5ntelligence 'urveillance 1ourt (F5'1), which selectively publishes its legal interpretations o the lawH Q The )'- surveillance programs are neither 9necessary,: nor 9proportionate,: in that the various programs in which communications data are obtained in bul( violate the privacy rights o millions o persons who are not suspected o having any connection to international terrorismH Q The )'- surveillance programs are not supported by competent judicial authority because the only Rudicial approval, i any, comes rom the secret Foreign 5ntelligence 'urveillance 1ourt, and access to courts is largely denied to the individuals whose data are collectedH Q The )'- surveillance programs lac( due process because there is reFuently no opportunity or a public hearingH Q The )'- surveillance programs lac( user notificationH those whose data is obtained do not (now that their communications have been monitored and thereore cannot appeal the decision nor acFuire legal representation to deend themselvesH Q The )'- surveillance programs operate in secret and thus rely on gag orders against the entities rom whom the data is obtained$ The secret court proceedings, i there are any, lac( necessary transparency and public oversightH Q The )'- surveillance programs damage the integrity of communication systems by undermining security systems (such as encryption), reFuiring the insertion o surveillance bac( doors in communications technologies, including the installation o Biber optic splitters in transmission hubsH and Q The &' surveillance ramewor( is illegitimate because it applies less avorable standards to non-&' persons than its own citizensH this discrimination places it in violation o the 5nternational 1ovenant on 1ivil and *olitical ;ights (511*;) as well$ 3oreover, the &nited 'tates RustiBies the lawulness o its communications surveillance by reerence to distinctions that, considering modern communications technology, are ELECTRONIC FRONTIER FOUNDATION EFF$%!G ) solely semantic rather than substantive$ The &' relies on the outmoded distinction between 9content: and 9metadata,: alsely contending that the latter does not reveal private acts about an individual$ The &' also contends that the collection o data is not surveillanceSit argues, contrary to both international law and the )ecessary and *roportionate *rinciples, that an individual"s privacy rights are not inringed as long as her communications data are not analyzed by a human being$ A "rief Surve! of On#oin# NSA Surveillance Activities )'- surveillance ta(es place in a ramewor( o massive secrecy$ 5t is easy to view those programs and activities,whose e#istence has been revealed in the press over the course o the past year, as the primary or representative activities o the intelligence agencies$ -nd, indeed, much political commentary has ocused on the most widely-documented o the programs, such as the collection o telephone calling records rom &' carriers$ .ut the ull e#tent o these programs, and the percentage o total &' governmental surveillance they comprise, remains un(nown$ The operations described in this paper, then, represent only a very small selection o the overall pervasive surveillance activities carried out by )'- and other intelligence agenciesSand even that view is limited in terms o the details it conveys regarding the scope and content o each such operation$ 'ome operations, or e#ample, may actually be sotware analysis tools or perorming particular (inds o searches or analysis over data that has already been acFuired by some other means$ 5n this scenario, 9surveillance programs: may not always involve gathering any new data or obtaining any new access to devices, networ(s, or signalsH they might Rust involve interpreting data that )'- or other intelligence agencies already have access to or already have in their databases, and drawing new inerences rom those records or combining them to reach new conclusions$ 6 This scenario ma(es clear that a core privacy intererence occurs when 'tates Birst acFuire, monitor, andCor collect inormation about people, even i the purpose o such collection was highly general and did not contemplate speciBic intrusions$ Ori#ins of t$e Current %ro#ras Following the terrorist attac(s against the &' on 'eptember !!, 700!, *resident +eorge G$ .ush empowered the )'- and other components o the &' intelligence community to conduct wide-ranging surveillance without court orders or oversight$ The surveillance was collectively called the *resident"s 'urveillance *rogram (*'*)$ The *'* remained a secret until 7000 when the e#istence o small parts o it were revealed by newspaper 6 - great deal o inormation about people, places, devices, and electronic communications seems to lac( privacy sensitivity when ta(en in isolation, but when combined with other data may turn out to be e#tremely signiBicant and sensitive$ For instance, an individual telephone call ta(es on a new signiBicance when we learn that the called party was a specialist medical clinic or a hotline or particular medical, psychiatric, abuse, or Binancial problems$ 5ndividual records o logins to an 5nternet service ta(e on new signiBicance when multiple users" records are read together to iner that those users did or did not spend the night in the same place$ ELECTRONIC FRONTIER FOUNDATION EFF$%!G * reports$ 8 .etween 700, and 7006, the &' government moved many o the *'* proRects under the authority o the Foreign 5ntelligence 'urveillance 1ourt, via various legal interpretations, and this continued with the passage o the F5'- -mendments -ct in 7008$ This, or the Birst time, e#posed those actions to any level o Rudicial review$ % @owever, some o the current surveillance activities continue to operate without Rudicial authorization$ -s discussed below, activities aimed at non-&' communications can operate under the purported authority o E#ecutive /rder !7333 and are styled as e#ecutive acts not subRected to Rudicial approval or review$ 5t is also not clear which o these programs were in operation prior to the 'eptember !! attac(s$ -ttempts to use technical means to gain access to massive amounts o private communications data are not new$ 5t is (nown that the )'- conducted some orm o broad surveillance prior to the attac(s, or e#ample, through the E1@E</) program$ !0 &nown On#oin# 'ass Surveillance Activities The )'- is (nown to engage in the ollowing orms o mass surveillance o communications, organized according to the purported legal authority or each program$ 5n addition to raising human rights concerns or &' persons, an overarching issue, especially or the international community, is that or each program noted below, the &' government ta(es the position that any protections against surveillance, such as the 9minimization: steps ta(en ater the collection, are aimed at protecting the rights o &' persons only, whose inormation may be collected as a by-product o the collection o inormation rom non-&' persons$ @istorically, the &nited 'tates has asserted no legal protection or the privacy rights o non-&' persons outside o the &nited 'tates and has not recognized any normative limits on the &' governmentJs ability to monitor these communications to any e#tent and or any reasons and this position should be soundly reRected$ FISA Section ()* +,) U-S-C- sec- .//.a0 'ection 607 was added to the F5'- by the F5'- -mendments -ct in 7008$ The &' has asserted that 'ection 607 authorizes the collection o communications o 9non-&' persons: inside the &nited 'tates or oreign intelligence purposes, and that it, in its 8 Following these disclosures, the administration o *resident +eorge G$ .ush ac(nowledged the e#istence o some o these disclosed *'* activities, collectively labeling them the 9Terrorist 'urveillance *rogram: or T'*$ .ut the term T'* appears to have no operational deBinition or signiBicance$ % The Foreign 5ntelligence 'urveillance -ct o !%68 put into place procedures or the surveillance o oreign intelligence inormation$ -mong those procedures was the creation o the Foreign 5ntelligence 'urveillance 1ourt (F5'1)$ The F5'1 was created to provide some level o Rudicial oversight o speciBic instances o surveillance when conducted inside the &', through approval o individual warrants$ -lthough the F5'1 is staed by ederal Rudges, it operates very dierently rom a ederal district court$ The proceedings o the F5'1 are secret and non-adversarial$ The F5'1 has ound that it has no obligation to publish its opinions, although it does e#ercise its discretion to publish its opinions when it so desires$ 5n 7008, 1ongress passed the F5'- -mendments -ct, which greatly e#panded the charge o the F5'1, including granting it the ability to approve general procedures or surveillance, rather than merely approving a speciBic investigation or individual warrant$ !0 European *arliamentK Temporary 1ommittee on the E1@E</) 5nterception 'ystemS;apporteur +erhard 'chmid$ 9/n the e#istence o a global system or the interception o private and commercial communications (E1@E</) interception system) (700!C70%8(5)5))$: httpKCCwww$europarl$europa$euCsidesCget=oc$doMpub;eD-CCE*CC)/)'+3<T;E*/;TT-0-700!- 074,T0T=/1T*=FTA0CCE)NlanguageDE)$ !! Euly 700!$ ELECTRONIC FRONTIER FOUNDATION EFF$%!G + eorts to collect the communications o non-&' persons, may incidentally collect the communications o &' persons as well$ The )'- has also asserted that this mass collection o &' and non-&' persons" communications data is consistent with 'ection 607 because it only 9targets: the materials pertaining to non-&' persons$ The &' government considers a 9target: a 9non-&' person: i it is more li(ely than not that the person is not a 9&' person$: (- 9&' person: is deBined as a citizen o the &nited 'tates, an alien lawully admitted or permanent residence, an unincorporated association with a substantial number o members who are citizens or lawul aliens, or a corporation incorporated in the &nited 'tates)$ The F5'1 must approve general targeting and minimization proceduresSor e#ample, any search terms used to Fuery the collected dataSbut it does not review actual targets$ These minimization procedures are designed primarily to protect &' persons$ The F5'1 review is e# parte, that is, conducted without the presence o an adversary, and the approved surveillance is never made public$ Eust recently, in response to concerns raised by the 'upreme 1ourt, the government has begun selectively notiying individuals who are acing criminal prosecution that inormation collected under the 607 program has been used in investigating them$ !! The ollowing operations are only a small subset o those publicly-(nown and operated under the purported authority o 'ection 607K Upstream Q 9&pstream: operations involve the installation o Biber optic splitters at numerous sites operated by private telecommunications companies throughout the &'$ The splitter provides the )'- with a complete copy o all 5nternet traBic (including communications content such as emails, search and browsing records, and Ao5* communications) that passes through the installations$ PRISM Q *;5'3 was launched in 7006 as a means o collecting stored 5nternet communications dataSsuch as email, video and video chat, photos, A/5*, Bile transers, and social networ(ing interactionsSon demand rom the servers o 5nternet companies such as +oogle, 3icrosot, -pple, and >ahooU$ USA %ATRIOT Act Section *., 'ection 7!0, also (nown as the 9business records: provision, was enacted as part o the &'- *-T;5/T -ct in 700!, and then amended in 7008 by the F5'- -mendments -ct$ The law authorizes the F5'1 to issue orders permitting the F.5 to collect 9tangible things: that are 9relevant to an authorized investigation,: as might be obtained via a grand Rury !! 9&dall, Gyden, @einrich &rge 'olicitor +eneral to 'et ;ecord 'traight on 3isrepresentations to &$'$ 'upreme 1ourt in 1lapper v$ -mnesty$: httpKCCwww$wyden$senate$govCnewsCpress-releasesCudall-wyden-heinrich-urge-solicitor-general-to-set-record-straight- on-misrepresentations-to-us-supreme-court-in-clapper-v-amnesty ELECTRONIC FRONTIER FOUNDATION EFF$%!G , subpoena$ 'ection 7!0 orders cannot be directed at &' persons solely on the basis o activities protected by the First -mendment$ The ollowing are a small subset o publicly-(nown programs operated under the purported authority o 'ection 7!0K CALL DETAIL RECORDS COLLECTION Q The &' government, through the )'-, is collecting the call detail records rom certain telephone service providers o every domestic and international telephone call made to or rom their networ(s$ The data collected include the telephone numbers on each end o the call, the time and length o the call, and the routing inormation$ 5t is unclear whether speciBic location data is also collected under this program or under some other program$ The content o the calls is not collected (which is why the &' labels this data 9metadata:)$ The records are retained or Bive years$ Q The program is subRect to re-approval by the F5'1 every %0 days$ The database is Fueried by way o 9selectors,: such as telephone numbers, or which there is a 9reasonable articulable suspicion: o a lin( to terrorism$ The database is Fueried to identiy every call made to or rom the selector, and then as a second 9hop,: every call made to or rom those numbers$ *rior to Eanuary 70!,, the analysis was carried out to a third 9hop: as well$ 'everal hundred selectors have been used since the beginning o the program that have resulted in the 9selection: and urther analysis o an un(nown number o calls, but li(ely well into the millions$ Executive Order +EO0 .*111 Q E#ecutive /rder !7333 authorizes surveillance conducted primarily outside the &nited 'tates, although there are indications that the government maintains that some amount o &'-based surveillance can also occur under this authority$ !7
*resident ;onald ;eagan issued E/ !7333 in =ecember !%8! to e#tend the powers and responsibilities o the various &' intelligence agencies that e#isted under previous e#ecutive orders$ The organizational structure established by E/ !7333 was revised by e#ecutive orders in 700, and 7008, the latter o which consolidated power under the *resident"s =irector o )ational 5ntelligence$ The &' government asserts that programs conducted under the authority o E/ !7333 do not reFuire Rudicial approval or non-e#ecutive oversight o any type$ !3
The ollowing is a small subset o publicly-(nown activities operated under the purported authority o E/ !7333K !7 E#ecutive /rder (E/) !7333 was amended on Eanuary 73, 7003 by E#ecutive /rder !378,, on -ugust 76, 700, by E#ecutive /rder !3300, and urther amended on Euly 30, 7008 by E#ecutive /rder !3,60$ The resulting te#t o E#ecutive /rder !7333, ollowing the 7008 amendment, is available here httpKCCwww$as$orgCirpCodocsCeoCeo-!7333-7008$pd !3 httpKCCwww$washingtonpost$comCworldCnational-securityCnsa-collects-millions-o-e-mail-address-boo(s- globallyC70!3C!0C!,C8e08b0be-3,%-!!e3-80c4-6e4dd8d77d8Lprint$html ELECTRONIC FRONTIER FOUNDATION EFF$%!G - MYSTIC Q &nder this operation, the )'- has built a surveillance system capable o recording 9!00 percent: o a oreign country"s telephone calls, enabling the agency to rewind and review conversations as long as a month ater they ta(e place,$ !, 3>'T51 has been used against one nation, according recent lea(s, and may have been subseFuently used in other countries $$ MUSCULAR Q This operation, which began in 700%, inBiltrates lin(s between global data centers o technology companies, such as +oogle and >ahooU, not on &' soil$ These two companies responded to the revelation o 3&'1&<-; by encrypting those e#changes$ XKEYSCORE Q ?2E>'1/;E appears to be the name o the sotware interace through which )'- analysts search vast databases o inormationScollected under various other operationsScontaining emails, online chats, and the browsing histories o millions o individuals anywhere in the world$ The ?2E>'1/;E data has been shared with other secret services including -ustraliaJs =eence 'ignals =irectorate and )ew VealandJs +overnment 1ommunications 'ecurity .ureau$ BULLRUN Q )ot in and o itsel a surveillance program, .&<<;&) is an operation by which the )'- undermines the security tools relied upon by users, targets and non-targets, and &' persons and non-&' persons ali(e$ The speciBic activities include dramatic and unprecedented eorts to attac( security tools, includingK Q 5nserting vulnerabilities into commercial encryption systems, 5T systems, networ(s, and endpoint communications devices used by targetsH Q -ctively engaging &' and oreign 5T industries to covertly inBluence andCor overtly leverage their commercial productsJ designsH Q 'haping the worldwide commercial cryptography mar(etplace to ma(e it more vulnerable to the )'-"s surveillance capabilitiesH Q 'ecretly inserting design changes in systems to ma(e them more vulnerable to )'- surveillance, and Q 5nBluencing policies, international standards, and speciBications or commercial public (ey technologies$ !, +ellman, .arton and -sh(an 'oltani$ 9)'- surveillance program reaches Winto the past" to retrieve, replay phone calls$: 78 3arch 70!,$ httpKCCwww$washingtonpost$comCworldCnational-securityCnsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone- callsC70!,C03C!8C774d74,4-ade%-!!e3-a,%e-64adc%7!0!%Lstory$html ELECTRONIC FRONTIER FOUNDATION EFF$%!G . DISHFIRE Q The =ishBire operation is the worldwide mass collection o records including location data, contact retrievals, credit card details, missed call alerts, roaming alerts (which indicate border crossings), electronic business cards, credit card payment notiBications, travel itinerary alerts, meeting inormation, te#t messages, and more$ 1ommunications rom &' phones were allegedly minimized, although not necessarily purged, rom this database$ The messages and associated data rom non-&' persons were retained and analyzed$ CO-TRAELER Q &nder this operation, the &' collects location inormation rom global cell tower, Gi- Fi, and +*' hubs$ This inormation is collected and analyzed over time, in part, in order to determine the traveling companions o targets$
5n addition to these programs, the )'- also surveilled messaging conducted through 9lea(y: mobile applications, monitored the mobile phone communications o 30 world leaders, and monitored, or e#ample, appro#imately 60 million phone calls per month originating in France and 40 million per month originating in 'pain$ -lso, the )'- collected Binancial recordsS!80 million in 70!!Srom 'G5FT, the networ( used by worldwide Binancial institutions to securely transmit interban( messages and transactions$ US Le#al C$allen#es to NSA Surveillance The &' +overnment has asserted that its current communications spying operations are ully in compliance with international law, primarily by claiming that its practices are conducted according to domestic &' law$ @owever, there are several ongoing legal challenges in &' courts to )'- surveillance, including several in which EFF serves as counsel$ !0 These lawsuits challenge the programs as being both unconstitutionalSunder the ,th -mendment, !st -mendment, and in some places the 0th -mendment o the &nited 'tates 1onstitutionSand illegal under the statutes used to Rustiy them$ There have thus ar been no legal challenges in &' courts to any o the &' actions under the purported authority o E/ !7333 and no challenges directly regarding the rights o non-&' persons$ C$allen#es to 2U3strea4 Internet Surveillance The ollowing lawsuits are challenges to the collection o 5nternet data through the installation o Biber optic splitters at transmission hubsK !0 EFF"s statements and positions here are not those o its clients in the litigations where EFF is counsel and nothing said here shall be construed as a statement or admission by any o those plaintis$ ELECTRONIC FRONTIER FOUNDATION EFF$%!G &/ Jewel v. NSA (an action by -TNT customers in a ederal court in 1aliornia)H !4 Shubert v. Obama (a class action on behal o all -mericans against the )'-Js domestic dragnet surveillance)H 1riminal prosecutionsK 'ection 607 surveillance is being challenged in several cases in which the government has brought criminal charges, largely terrorism-related$ The deendants, many o whom only recently received notice o their prosecution despite being charged long ago, are mounting challenges to the evidence used against them on the grounds that it was illegally and unconstitutionally collected and used$ C$allen#es to Section *., Tele3$one Call Detail Records Collection The ollowing lawsuits challenge the mass collection o telephone call detail records rom &' personsK First Unitarian Church of os An!eles v. NSA (an action by 77 organizations in a ederal court in 1aliornia)H !6 Jewel v. NSA (see above)H ACU v. Cla""er (an action by the -1<& and its )ew >or( chapter in a ederal court in )ew >or(H the trial Rudge dismissed the lawsuit, that dismissal is currently on appeal)H #layman v. United States (a class action in the ederal court in the =istrict o 1olumbiaH the trial Rudge ound the call detail records surveillance unconstitutional on ,th -mendment groundsH that decision has been appealed)H Smith v. Obama (an action by an individual Biled in a ederal court in 5daho)H $aul v. Obama (a class action Biled in ederal court in the =istrict o 1olumbia)H $ere% v. Cla""er (an action by two individuals Biled in a ederal court in Te#as)$ These lawsuits all address the legality o the program with respect to &' persons$ These lawsuits do not raise the non-discrimination rights o non-&' persons under the 511*; and European law, or the 5nter--merican system$ !4 Eewel vs$ )'-, httpsKCCwww$e$orgCcasesCRewel !6 First &nitarian 1hurch o <os -ngeles v$ )'-, httpsKCCwww$e$orgCcasesCBirst-unitarian-church-los-angeles-v-nsa ELECTRONIC FRONTIER FOUNDATION EFF$%!G && A33lication of t$e %rinci3les to US Surveillance The &' surveillance programs plainly violate international human rights law, especially when compared to the )ecessary and *roportionate *rinciplesH the gaps between &' surveillance programs and the standards or human rights are readily apparent$ The )ecessary and *roportionate *rinciples are based upon the e#istence o a undamental human rightSthe right to privacySas recognized under international human rights law$ !8 The right to privacy is not only a undamental right in and o itsel, it bolsters other undamental rights as wellSincluding reedom o e#pression, reedom o inormation, and reedom o association$ !% De5nitions 2'etadata464Content4 Distinction The *rinciples deBine 9protected inormation: to include 9all inormation that includes, reBlects, arises rom or is about a person"s communications and that is not readily available and easily accessible to the general public$: The deBinition is aimed at protecting both privacy and reedom o e#pression, which in many cases Blourishes only with assurances that communications and associations can remain ree rom governmental trac(ing$ The *rinciples recognize that individuals, who believe that the government is gaining access to records containing inormation that reveals, or e#ample, to whom they are spea(ing, when they are spea(ing, and or how long, especially over time, they are spea(ing, will be less willing to communicate about sensitive or political topics$ 5n doing so, the *rinciples e#pressly recognize that the old distinctions between content and 9non-content: or 9metadata: are 9no longer appropriate or measuring the degree o intrusion that communications surveillance ma(es into individuals" private lives and associations$: 5ndeed, 9metadata: is inormation-richH this inormation may reveal a person"s identity, behavior, political and social associations, medical conditions, race, or se#ual orientation$ The inormation may enable the mapping o an individual"s movements and interactions over time, revealing whether the individual was present at a !8 &niversal =eclaration o @uman ;ights -rticle !7, &nited )ations 1onvention on 3igrant Gor(ers -rticle !,, &) 1onvention o the *rotection o the 1hild -rticle !4, 5nternational 1ovenant on 1ivil and *olitical ;ights, 5nternational 1ovenant on 1ivil and *olitical ;ights -rticle !6H regional conventions including -rticle !0 o the -rican 1harter on the ;ights and Gelare o the 1hild, -rticle !! o the -merican 1onvention on @uman ;ights, -rticle , o the -rican &nion *rinciples on Freedom o E#pression, -rticle 0 o the -merican =eclaration o the ;ights and =uties o 3an, -rticle 7! o the -rab 1harter on @uman ;ights, and -rticle 8 o the European 1onvention or the *rotection o @uman ;ights and Fundamental FreedomsH Eohannesburg *rinciples on )ational 'ecurity, Free E#pression and -ccess to 5normation, 1amden *rinciples on Freedom o E#pression and EFuality$ !% The reedom o association and reedom o speech are inherently lin(ed$ The reedom o association recognizes that individuals may have a stronger and more inBluential voice in public discussions by Roining with other li(e-minded persons and advocating as a group$ The right to privacy bolsters this right by allowing such groups to orm and communicate while permitting the individual associates to remain anonymous$ This ability to remain anonymous is especially important where the group"s views are unpopular, dissenting, or involve deeply personal private inormationSsituations in which one might choose not to spea( at all i the act o her association with the group were to become (nown$ ELECTRONIC FRONTIER FOUNDATION EFF$%!G &' political demonstration, or e#ample$ .ecause o this, the *resident"s ;eview +roup cited the *rinciples in noting that the distinction between content and non-content was increasingly untenable$ 70 &seul e#planations about how using metadata can reveal intimate and private inormation about people are contained in a declarationSBiled by *rinceton proessor, Edward FeltenSin support o one o the lawsuits challenging the telephone records collection and recent research by a team rom 'tanord &niversity, which notes how intimate details o a persons" lie can be discerned rom a relatively small amount o metadata$ 7! The *rinciples also instruct that 9XwYhen adopting a new communications surveillance techniFue or e#panding the scope o an e#isting techniFue, the 'tate should ascertain whether the inormation li(ely to be procured alls within the ambit o Wprotected inormation" beore see(ing it, and should submit to the scrutiny o the Rudiciary or other democratic oversight mechanism$: The &', particularly in Rustiying the 'ection 7!0 mass collection o call detail records, has relied on this distinction between 9content: and 9metadata,: citing 'upreme 1ourt authority rom over ,0 years ago. && The &' has argued that there are no privacy interests in non-content inormation protected by the ,th -mendment$ This position is inconsistent with the *rinciples and inconsistent with the need to protect privacy and reedom o e#pression in the digital age$ Metadata Matters 5* addresses collected by a web service can reveal whether two people spent the night in the same place$ This is because an 5* address at a particular point in time will usually be uniFue to a single residence$ 5 two people both logged in to services rom the same 5* address late at night and early in the morning, they probably spent the night together in the place distinguished by that 5* address$ 'tanord researchers ound (e#perimentally) that inormation about who people call can be used to iner e#traordinarily sensitive acts about them, including the act that they sought and received treatment or particular a medical condition, that they had an abortion, or that they purchased Birearms, among other things$ 73 70 9<iberty and 'ecurity in a 1hanging GorldH ;eport and ;ecommendations o The *resident"s ;eview +roup on 5ntelligence and 1ommunications Technologies$: !7 =ec$ 70!3$ httpKCCwww$whitehouse$govCsitesCdeaultCBilesCdocsC70!3-!7-!7LrgLBinalLreport$pd 7! Felton, Edward G$ 91ase !K!3-cv-03%%,-G@* =ocument 76,: Biled -ugust 74, 70!3$ httpsKCCwww$documentcloud$orgCdocumentsC68!,84-declaration-elten$html 77 'mith v$ 3aryland' ,,7 &$'$ 630 (!%6%)$ httpKCCcaselaw$lp$Bindlaw$comCscriptsCgetcase$plMcourtD&'NinvolD630NvolD,,7 73 3ayer, Eonathan and *atric( 3utchler$ 93eta*honeK The 'ensitivity o Telephone 3etadata$: !7 3arch 70!,$ httpKCCwebpolicy$orgC70!,C03C!7Cmetaphone-the-sensitivity-o-telephone-metadataC ELECTRONIC FRONTIER FOUNDATION EFF$%!G &( ;etail stores now have the ability to trac( individualsJ physical whereabouts by observing data pac(ets transmitted rom smartphones and other mobile devices$ They can recognize when people return to a store (and how oten), see which part o the store visitors spend their time in, and Bigure out how long people wait in lines$ 'ome entities are in a position to associate this inormation with a personJs name because the entities observe mobile device identiBiers together with other identiying inormation$ <aw enorcement and intelligence agencies are using technology to trac( individualsJ whereaboutsSon a massive scale, twenty-our hours a daySwhether by directly observing the signals transmitted rom phones or by demanding that mobile carriers turn over inormation about usersJ locations$ 5normation about where people go reveals sensitive religious, medical, se#ual, and political inormation about them, including the (inds o medical specialists, religious services, or political meetings a person meets with or attends$ 5normation about the pro#imity or lac( o pro#imity o multiple people to one another can reveal individuals who attended a protest, the beginning or end o a romantic relationship, or a personJs marital inBidelity$ 5normation rom telephone companies has been repeatedly sought and used to identiy the sources who gave inormation to Rournalists$ First <oo( 3ediaJs publication, (he )nterce"t, reported that the &nited 'tates is using telecommunications metadata as a means o targeting lethal drone stri(es aimed at the cellular phones o individual people, recognized by wireless signals that they transmit$ 5n the &(raine, cell tower dumps were used to determine who had participated in the 3aidan protests against the previous regime, and then to let them (now that the government was watching$ The ability to automatically get a complete list o who attended a protest is an e#tremely serious threat to the reedom o e#pression and association i people believe that there is a potential or uture bac(lash (or violenceU) rom being identiBied as a participant$ "ul7 and %ersistent Surveillance -ccording to the *rinciples, in determining whether surveillance will sweep up 9protected inormation,: the orm, scope, and duration o the surveillance must be consideredK 9.ecause pervasive or systematic monitoring has the capacity to reveal private inormation ar in e#cess o its constituent parts, it can elevate surveillance o non-protected inormation to a level o invasiveness that demands strong protection$: 7, 7, P3oreover, public inormation can all within the scope o private lie where it is systematically collected and stored in Biles held by the authorities$ That is all the truer where such inormation concerns a personJs distant pastZ5n the 1ourtJs opinion, such inormation, when systematically collected and stored in a Bile held by agents o the 'tate, alls within the scope o Jprivate lieJ or the purposes o -rticle 8(!) o the 1onvention$P (;otaru v$ ;omania, X7000Y E1@; 783,!C%0, paras$ ,3-,,)$ ELECTRONIC FRONTIER FOUNDATION EFF$%!G &) The 'ection 7!0 program and signiBicant (inds o collection under 'ection 607 and E/ !7333 involve bul( or mass collection o communications data over an e#tended period o time on a continuous or nearly continuous basis$ For the 'ection 7!0 program, at any point in time, the )'- is li(ely to have Bive years worth o call detail records about an individual$ 2Collection4 8 2Surveillance4 8 Interference wit$ %rivac! 3uch o the e#pansive )'- surveillance revealed in the past year has been deended by the &nited 'tates on the basis that the mere collection o communications data, even in troves, is not 9surveillance: because a human eye never loo(s at it$ 5ndeed, under this deBinition, the )'- also does not surveil a person"s data by subRecting it to computerized analysis, again up until the point a human being lays eyes on it$ The *rinciples, reBlecting the human right to privacy, deBines 9surveillance: to include the monitoring, interception, collection, analysis, use, preservation, and retention o, intererence with, or access to inormation that includes, reBlects, or arises rom or a person"s communications in the past, present, or uture$ 'tates should not be able to bypass privacy protections on the basis o arbitrary deBinitions$ A33l!in# t$e %rinci3les T$e Le#alit! %rinci3le The Birst o the )ecessary and *roportionate *rinciples is 9<egality$: -ny limitation to the right to privacy must be prescribed by law$ The 'tate must not adopt or implement a measure that intereres with the right to privacy in the absence o an e#isting publicly reviewable legislative act, which meets a standard o clarity and precision that is suBicient to ensure that individuals have advance notice o and can oresee its application$ -s the European 1ourt o @uman ;ights has e#plained, 9Firstly, the law must be adeFuately accessibleK the citizen must be able to have an indication that is adeFuate in the circumstances o the legal rules applicable to a given case$ 'econdly, a norm cannot be regarded as a Wlaw" unless it is ormulated with suBicient precision to enable the citizen to regulate his conductK he must be ableSi need be with appropriate adviceSto oresee, to a degree that is reasonable in the circumstances, the conseFuences which a given action may entail$: 70 Thus the <egality principle reFuires that laws be non-secret and subRect to oversight and that they not vest governmental oBicials with e#cessive discretion$ 74 70 Eudgment in The 'unday Times v$ The &nited 2ingdom, -pplication no$ 4038C6,, Eudgment o 74 -pril !%6%, para$,%$ 74 'iver v$ the &2, *etra v$ ;omania, !%%8$ The @uman ;ights 1ommittee ta(es the very same approach$ +eneral 1omment )o$ 3,, 11*;C1C+1C3,, !7 'eptember 70!!, paras$ 7, [ 74$ httpKCCtbinternet$ohchr$orgCLlayoutsCtreatybodye#ternalC=ownload$asp#M symbolnoD11*;\71\7+1\73,N<angDen ELECTRONIC FRONTIER FOUNDATION EFF$%!G &* The <egality principle is not a mere reerence to domestic law$ 5t is thereore not suBicient or the &' to contend that its surveillance programs are sanctioned by &' laws (even i that lawulness were not subRect to ongoing litigation)$ The <egality principle is violated by the act that the &' surveillance programs are almost all conducted in secret, and are largely governed by a body o secret law developed by a secret courtSthe F5'1Swhich selectively publishes its legal interpretations o the law$ 3any, i not most, o the F5'1"s rulings are not subRect to public review or oversightH individuals are thus uninormed as to what their rights are vis-]-vis the &' surveillance programs$ 3oreover, many o the programs, especially under E/ !7333 as described above, are not subRect to any Rudicial oversight, and lac( any deBined standards o implementation$ This position has been recently conBirmed by the &) @uman ;ights 1ommittee in its concluding observations rom the &nited 'tatesJ review on its compliance with the 511*;$ Necessit! and %ro3ortionalit! in %ursuit of a Le#itiate Ai The principle o 9)ecessity: reBlects the reFuirement under 5nternational law that restrictions on undamental rights, such as the right o privacy, must be strictly and demonstrably necessary to achieve a legitimate aim$ Each o these actorsSnecessity, legitimate aim, adeFuacy, and proportionalitySis included in the *rinciples$ -s stated in the *rinciples, the 'tate must establish 9that (!) other available less invasive investigative techniFues have been considered, (7) inormation accessed will be conBined to what is reasonably relevant and any e#cess inormation collected will be promptly destroyed or returned to the impacted individual, and (3) inormation is accessed only by the speciBied authority and used or the purpose or which the authorization was given$: The &' mass surveillance programs under 'ection 7!0 and 607 and E/ !7333 ail to meet these reFuirements in that the dragnet collection o inormation about non- suspicious individuals is a ar too inclusive, and thus disproportionate, method$ The &' government is accumulating a tremendous amount o data and, as the &' concedes, the vast amount o it will ultimately prove to be wholly unrelated to international terrorism$ 3oreover, the &' legal system ails to reFuire a threshold o showing or collection o any communications or communications records or an individualized suspicion or targeting non-&' persons$ -s 3artin 'cheinin, the ormer &nited )ations special rapporteur on human rights and counterterrorism, has noted, mass surveillance is inherently a disproportionate measure$ 76 The collection o all data is seldom, perhaps never, a 9necessary: measure, by 76 Eoergensen, ;i((e Fran($ 91an human rights law bend mass surveillanceM: 76 Feb$ 70!,$ httpKCCpolicyreview$inoCarticlesCanalysisCcan-human-rights-law-bend-mass-surveillance ELECTRONIC FRONTIER FOUNDATION EFF$%!G &+ any deBinition o the word 9necessary$: 3ass surveillance will inevitably and unavoidably sweep up masses o private inormation that will be o no use or relevance in anti- terrorism investigations$ This lac( o necessity has been borne out, at least as to the 'ection 7!0 surveillance programs, by the reports o two committees, hand-pic(ed by the *resident, the *resident"s ;eview +roup, and the *rivacy and 1ivil <iberties /versight .oard$ Each received classiBied inormation about the necessity and eBicacy o the program and each concluded that it had not resulted in the prevention o any terrorist attac(s or had even been more than marginally useul in a terrorism investigation$ Facts: The &' is 9sitting on the wire,: that is, much o the global 5nternet traBic travels through wires on &' territory$ The )'- accesses this traBic to illegitimately trac( who visits online pornography websites, and use this inormation to discredit those it deems dangerous$ 78 The F5'- surveillance law was originally intended to be used only in certain speciBic, authorized national security investigations$ .ut inormation-sharing rules implemented ater %C!! allow the )'- to hand over inormation to traditional domestic law-enorcement agencies, without any connection to terrorism or national security investigations$ 7% -s the )'- scoops up phone records and other orms o electronic evidence while investigating national security and terrorism leads, they have turned over PtipsP to a division o the =rug Enorcement -gency, which is inappropriate to ulBill the speciBic <egitimate -im identiBied$ 30 The telephone records program, at least, has now been evaluated by two hand-pic(ed *residential panels to be unnecessary, since it has not had a signiBicant impact in preventing terrorist attac(s or been more than marginally useul to terrorism investigations in the &nited 'tates$ 3! Co3etent 9udicial Aut$orit! The *rinciples reFuire that 9determinations related to communications surveillance must be made by competent Rudicial authority that is impartial and independent$ This Rudicial authority must beK !) separate rom the authorities conducting communications surveillanceH 7) conversant in issues related to and competent to ma(e Rudicial decisions 78 /psahl, 2urt$ 9The )'- is Trac(ing /nline *orn Aiewing to =iscredit J;adicalizers$J: 76 )ov$ 70!3$ httpsKCCwww$e$orgCdeeplin(sC70!3C!!Cnsa-trac(ing-online-porn-viewing-discredit-radicalizers 7% Fa(houry, @anni$ 9=E- and )'- Team &p to 'hare 5ntelligence, <eading to 'ecret &se o 'urveillance in /rdinary 5nvestigations$: 4 -ug$ 70!3$ httpsKCCwww$e$orgCdeeplin(sC70!3C08Cdea-and-nsa-team-intelligence-laundering 30 )d. 3! ;eport and ;ecommendations o The *resident"s ;eview +roup on 5ntelligence and 1ommunications Technologies$ !7 =ec$ 70!3$ httpKCCwww$whitehouse$govCsitesCdeaultCBilesCdocsC70!3-!7-!7LrgLBinalLreport$pd 'ee EFFJs 9'tatement on *residentJs ;eview +roupJs )'- ;eport$: !8 =ec$ 70!3$ httpsKCCwww$e$orgCdeeplin(sC70!3C!7Ce-statement-presidents-review-groups-nsa-report 'ee 9*resident"s ;eview +roup *uzzlerK Ghy is 3assively /verbroad 'urveillance Grong under 7!0 but /2 under 'ection 607M$: !0 Ean$ 70!,$ httpsKCCwww$e$orgCdeeplin(sC70!,C0!Cpresidents-review-group-puzzler-why-mass-surveillance-wrong-under-7!0-o(-under ELECTRONIC FRONTIER FOUNDATION EFF$%!G &, about the legality o communications surveillance, the technologies used and human rightsH and 3) have adeFuate resources in e#ercising the unctions assigned to them$: 'igniBicant doubts e#ist as to whether the mass surveillance operations are reviewed by 9competent: Rudicial authority$ Gith regard to surveillance under *atriot -ct section 7!0 or F5'- -mendments -ct section 607, there are serious Fuestions about whether the F5'1 has a suBicient understanding o the technologies used, or has suBicient resources to conduct the oversight reFuired o it$ The 1hie Eudge o the F5'1, Eudge Galton, has recognized that the court is limited in its ability to scrutinize the )'-Js abusesK 9The F5'1 is orced to rely upon the accuracy o the inormation that is provided to the 1ourtZThe F5'1 does not have the capacity to investigate issues o noncompliance$P 37
-nd as discussed above, there is no Rudicial oversight at all or )'- surveillance RustiBied under under E/ !7333$ Facts: E/ !7333 programs, consisting mainly o oreign collection, are conducted without any Rudicial involvement$ 33 /versight o domestic collection programs is conducted by a secret court, the Foreign 5ntelligence 'urveillance 1ourt$ The F5'1 is ully dependent on the authorities conducting the surveillance to provide it with inormation about their activities$ Due %rocess The *rinciples reFuire that every individual see(ing a determination about whether or not her human rights are being inringed upon have access to 9a air and public hearing within a reasonable time by an independent, competent and impartial tribunal established by law$: )'- surveillance violates this principle in that those whose inormation is gathered are given neither notice nor any opportunity to contest the practice$ The F5'- and the F5'- -mendments -ct speciBically limit Rudicial access to the F5'1 to the third-party entities rom which the inormation is sought$ Those about whom the inormation pertains have no opportunity to contest the demand made to the third party$ 3oreover, the &' has stated that no telecommunication service provider who has been reFuired to produce records under 'ections 7!0 or 607 has ever contested those demands in the F5'1$ -s a result, the F5'1 proceedings have been non-adversarial within a traditionally adversarial 37 <eonnig, 1arol =$ 91ourtK -bility to police &$'$ spying program limited$: !0 -ug$ 70!3$ httpKCCwww$washingtonpost$comCpoliticsCcourt- ability-to-police-us-spying-program-limitedC70!3C08C!0C,a8c8c,,-00cd-!!e3-a06-,%ddc6,!6!70Lprint$html$ 33 Eayco#, 3ar( 3$ 9Three <ea(s, Three Gee(s, and Ghat GeJve <earned -bout the &' +overnmentJs /ther 'pying -uthorityK E#ecutive /rder !7333$: 0 )ov$ 70!3$ httpsKCCwww$e$orgCdeeplin(sC70!3C!0Cthree-lea(s-three-wee(s-and-what-weve-learned-about- governments-other-spying ELECTRONIC FRONTIER FOUNDATION EFF$%!G &- Rudicial systemSwith the government presenting its case, but with no one representing the case against such surveillance practices$ Ghile the litigation described above is attempting to bring at least some process to bear on the surveillance, the &' government"s position is that all such challenges should be dismissed without a substantive review o its activities$ Facts: )'- surveillance violates due process since, at least as the government currently maintains, those subRect to it have no right to learn about it, much less challenge it$ (he New *or+ (imes reports that communications between an -merican law Birm and its oreign client may have been among the inormation the -ustralian 'ignals =irectorate shared with the )'-$ 'urveillance o attorney-client communications is anathema to the undamental system o Rustice$ 3, User Noti5cation The *rinciples, with certain e#ceptions, reFuire that individuals be notiBied o decisions authorizing surveillance o their communications with enough time and inormation to appeal the decision or see( other orms o remedial relie$ @owever, with ew e#ceptions, the 'ection 7!0 and 607 programs are conducted in secret and individuals are never notiBied that the )'- is collecting their communications data$ 'urveillance under E/ !7333 is similarly conducted without notice$ 3oreover, those telecommunications service providers that do receive demands or business records, under 'ection 7!0, or any materials as described in )ational 'ecurity <etters, are orbidden rom notiying anyone o the demands$ These gags are perpetual$ Facts: )'- surveillance prevents those surveilled to be notiBied about it, much less be notiBied in time to either challenge it beorehand or see( some remedial relie aterwards$ The purported governing legal authority ails to reFuire the )'- to provide notice, and reFuires that permanent gag orders be placed on service providers who were ordered to disclose their customers" data$ Trans3arenc! and %ublic Oversi#$t The *rinciples reFuire that 'tates be transparent about their use and scope o communications surveillance techniFues and powers, and that they publish enough inormation to enable the public 9to ully comprehend the scope, nature and application o the laws permitting communication surveillance$: 'ervice providers must be able to 3, 2ayyali, )adia$ 9The Tepid )'---merican .ar -ssociation 9=ialogue: -round 'pying on <awyers$: 7! 3arch 70!,$ httpsKCCwww$e$orgCdeeplin(sC70!,C03Ctepid-nsa-american-bar-association-dialogue-around-spying-lawyers ELECTRONIC FRONTIER FOUNDATION EFF$%!G &. publish the procedures they apply when addressing surveillance, adhere to those procedures, and publish records o surveillance$ The *rinciples urther reFuire that, 9'tates should establish independent oversight mechanisms to ensure transparency and accountability o communications surveillance$: The *rinciples reFuire independent oversight mechanisms in addition to any oversight provided through another branch o the government$ )'- surveillance does not meet these reFuirements$ The )'- surveillance programs operate almost entirely in secret$ 5ndeed, much o what we (now now about the programs was provided to the public by various whistleblowers$ The &' government, until very recently, has steadastly wor(ed to ma(e sure that the public does not 9ully comprehend the scope, nature and application o the laws permitting communications surveillance$: 3oreover, service providers receiving demands or customer inormation are typically gagged rom reporting even the act o the demand$ First, many o the )'- surveillance programs are subRect to no e#ternal oversight at all, such as those under E/ !7333$ 'econd, even the programs subRect to 1ongressional and Rudicial review ace problems with transparency and accountability$ 30 -lthough the programs run under the F5'- are subRect to F5'1 reviewSwhich has not been completely toothlessH the F5'1 shut down the phone records collection or % months in 700% because o the government"s ailure to comply with minimization proceduresSthere is no oversight provided by an e#ternal entity, as reFuired by the *rinciples$ 3oreover, because it lac(s technical e#pertise in anti-terrorism, the F5'1 is oten orced to deer to the Rudgments made by the )'- regarding the eectiveness and necessity o the surveillance operations$ The 'enate 5ntelligence 1ommittee, which provides 1ongressional oversight o the )'-, relies on the inormation provided by the )'-$ 3any members o 1ongress have complained o a lac( o candor and a ailure to provide suBicient inormation to allow them to conduct genuine oversight$ 34 Facts: 3embers o &' 1ongress conBirm that they were repeatedly misled about the mass surveillance or denied reasonable access to inormation necessary to conduct oversight$ 36 30 1ohn, 1indy and 3ar( 3$ Eayco#$ 9)'- 'pyingK The Three *illars o +overnment Trust @ave Fallen$: !0 -ug$ 70!3$ httpsKCCwww$e$orgCdeeplin(sC70!3C08Cnsa-spying-three-pillars-government-trust-have-allen 34 Timm, Trevor$ :- +uide to the =eceptions, 3isinormation, and Gord +ames /Bicials &se to 3islead the *ublic -bout )'- 'urveillance$: !, -ug$ 70!3$ httpsKCCwww$e$orgCdeeplin(sC70!3C08Cguide-deceptions-word-games-obuscations-oBicials-use-mislead-public- about-nsa 36 Electronic Frontier Foundation$ 9The +overnmentJs Gord +ames Ghen Tal(ing -bout )'- =omestic 'pying$: httpsKCCwww$e$orgCnsa- spyingCwordgames ELECTRONIC FRONTIER FOUNDATION EFF$%!G '/ 'imilarly, the 1hie Eudge o the F5'1 has conBirmed that the court cannot conduct broad oversight o the )'-$ 38 ;ecently the government has allowed service providers to release very general inormation about reFuests or inormation by the )'-, but those are still grossly insuBicient$ Inte#rit! of Counications and S!stes The )ecessary and *roportionate *rinciples state that, 9'tates should not compel service providers or hardware or sotware vendors to build surveillance or monitoring capability into their systems, or to collect or retain particular inormation purely or 'tate surveillance purposes$: The e#tent to which the )'-, +1@I, and others have done Rust that has been one o the most signiBicant revelations this year$ They have secretly undermined the global communications inrastructure and services, as speciBied in the 3&'1&<-; operation described above$ 3% They have obtained private encryption (eys or commercial services relied upon by individuals and have, in general, undermined international security standards$ The assumption underlying such eortsSthat no communication can be permitted to be truly secureSis inherently dangerous$ 5t leaves people vulnerable on communication systems (nown to be under attac( by criminals and state actors ali(e$ =egrading or disabling the security o hundreds o millions o peopleSwho rely on secure technologies or conBidential communication and Binancial transactionsSin order to enhance the surveillance capabilities o the intelligence community is e#tremely shortsighted and grossly inconsistent with the *rinciples$ Extraterritorial A33lication of :uan Ri#$ts Law The &' contends that its human rights treaty obligations under the 511*; do not apply to its actions abroad, a view that deeats the obRect and purpose o the treaty$ The @uman ;ights 1ommittee reRected the &nited 'tatesJ position and reiterated that the &nited 'tates has an e#traterritorial duty to protect human rightsSincluding the right to privacy Sto its actions abroad regardless o the nationality or location o the individuals$ ,0 The &nited 'tates asserts control over any data held by companies based in the &nited 'tates regardless o where the data may be physically stored$ Thus, the &' controls data located outside the &', even as it argues that it is not responsible or any intererence with privacy that results$ ,! 38 <eonnig, 1arol =$ 91ourtK -bility to police &$'$ spying program limited$: !4 -ug$ 70!3$ httpKCCwww$washingtonpost$comCpoliticsCcourt- ability-to-police-us-spying-program-limitedC70!3C08C!0C,a8c8c,,-00cd-!!e3-a06-,%ddc6,!6!70Lstory$html 3% -uerbach, =an and 2urt /psahl$ 91rucial &nanswered Iuestions about the )'-Js .&<<;&) *rogram$: % 'eptember, 70!3$ httpsKCCwww$e$orgCdeeplin(sC70!3C0%Ccrucial-unanswered-Fuestions-about-nsa-bullrun-program ,0 9@uman ;ights 1ommittee considers report o the &nited 'tates, !!0th session$: !, 3arch 70!,$ httpKCCwww$ohchr$orgCenC)ewsEventsC*agesC=isplay)ews$asp#M)ews5=D!,383N<ang5=DE ,! @uman ;ights Gatch and Electronic Frontier FoundationSEoint 'hadow ;eport to the @uman ;ights 1ommittee$ !, Feb$ 70!3$ httpsKCCwww$e$orgCBilesC70!,C03C!7ChrwesubmissionLonLprivacyLusLccprLBinal$pd ELECTRONIC FRONTIER FOUNDATION EFF$%!G '& +iven the e#traordinary capabilities and programs o the &' to monitor global communications, it is essential that the protection o privacy applies e#traterritorially to innocent persons whose communications the )'- scans or collects$ Githout such protections, the obRect and purpose o the &nited 'tatesJ international human rights obligationsSwith regard to the right o privacy in borderless global communicationsS would be deeated$ ,7 EFF and @uman ;ights Gatch have urged the @uman ;ights 1ommittee toSgiven the e#traordinary capabilities and programs o the &nited 'tates to monitor global communicationsSadvise the &nited 'tates that it must ac(nowledge its obligations, with respect to the right o privacy, apply e#traterritorially to persons whose communications it scans or collects$ To accept otherwise would deeat the obRect and purpose o the 511*; with regard to the privacy o borderless, global digital communications$ -lthough the precise scope o &' surveillance programs is un(nown, a steady stream o press revelations suggests that these programs may be sweeping in communications and personal data o potentially millions o people worldwide$ Facts: Three major shifts in technology have made it especially easy for the US to conduct broad, systematic surveillance of individuals outside its borders. 4 3uch o the world"s digital communications Blow through Biber optic cables inside the &', even when such communications do not involve a &'-based 5nternet user$ Through cooperative agreements, the &' appears to have access to inormation gathered in bul( by oreign intelligence services, including +1@I in the &$2$ 3any o the world"s most popular 5nternet companies (email providers, social media services, etc$) are &'-based companies$ These Birms store and process global user data inside the &', ma(ing such data more readily available to the &' government$ The &' also believes that it has Rurisdiction over all o these companies" operations, wherever they occur, since they are incorporated in the &'$ This is true even when the user is not in the &' and is not communicating with anyone in the &'$ +lobal communications have increased and shited a substantial degree to 5nternet-enabled services such as email, social media, voice services, and other online tools$ 1ross-border communication is now instant, commonplace, and cheap (compared to international phone calls)$ The 5nternet has also enabled users to e#ercise the right to reedom o e#pression and has provided access to (nowledge and inormation on an unprecedented global scale$ 'torage and analysis o digital data across borders is also possible on an unprecedented scale, and at a relatively low cost, lowering barriers to present and uture mass surveillance$ ,7 )d. ,3 Electronic Frontier Foundation and @uman ;ights Gatch, 9'upplemental 'ubmission to the @uman ;ights 1ommittee =uring its 1onsideration o the Fourth *eriodic ;eport o the &nited 'tates$: !, Feb$ 70!,$ httpsKCCwww$e$orgCdocumentCe-and-human-rights- watch-Roint-submission-human-rights-committee ELECTRONIC FRONTIER FOUNDATION EFF$%!G '' E;ual %rivac! %rotection For Ever!one &' surveillance law violates the *rinciple o 5llegitimacy because it involves unRustiBied discrimination against non-&' personsSproviding less avorable standards to them than its own citizens$ @uman rights law must protect 9everyone,: meaning all human beings$ -s the &niversal =eclaration o @uman ;ights has stated, 99-ll human beings are born ree and eFual in dignity and rights$: 5ndeed, everyone must be entitled to eFual protection under the law and the 1onstitution$ Conclusion This document can provide only the broadest overview o how )'- surveillance programs ail to comport with their international human rights obligations, including the )ecessary and *roportionate *rinciples$ There is still more analysis to be done$ )onetheless, we hope the *rinciples and this document will together serve as an initial overview or understanding how the &', and any other state operating mass surveillance programs on innocent citizens in secret, ail to meet current international human rights standards$ Ge hope that the )ecessary and *roportionate *rinciples provide guidance to the 'tates on how to implement their obligations to protect human rights in light o our new digital environment, and allow our communication networ(s to live up to the promise o a global interconnected inrastructure that protects, not undermines, our undamental reedoms$ ELECTRONIC FRONTIER FOUNDATION EFF$%!G '(
The Manhattan-Rochester Coalition, Research On The Health Effects of Radioactive Materials, and Tests On Vulnerable Populations Without Consent in St. Louis, 1945 - 1970