In 2004, an internal debate over a dangerous Bush administration surveillance policy nearly triggered a crisis of resignations to rival the Saturday Night Massacre of the Nixon administration. This narrowly avoided scandal — as well as the misconduct that triggered it — is not commonly known because it was bound up in the same toxic trait that all “war on terror” mass surveillance was built on: secrecy. Secrecy, even if it diminished effective policy. Secrecy, despite how it undercut democratic governance and obstructed the key role of the legislative and judicial branches. Secrecy, no matter how it damaged the rule of law itself.
Now, 20 years after the war on terror began, we are still working to unravel many of the dangerous and dysfunctional surveillance systems that were put into place in response to the attacks on 9/11. And perhaps even more importantly, we are striving to learn from past mistakes rather than perpetuate them.
Secret Surveillance Undermining Rule of Law
After the shock and tragedy of September 11, 2001, leaders and experts across the government were desperate to do anything to prevent another attack. One immediate priority for them was surveillance: the conventional wisdom became that the government needed to grab as much private information as possible to stay alert. The mantra at the top echelon of the intelligence community would literally become “collect it all.”
In retrospect, we know this mentality was mistaken. The National Commission on Terrorist Attacks Upon the United States (commonly known as the 9/11 Commission) described the attacks as “a shock, not a surprise.” A month before 9/11, a top intelligence official presented then-President George W. Bush with a daily intelligence brief that warned “Bin Laden determined to strike in U.S.” Later, the CIA director at the time would say that throughout the summer of 2001, “the system was blinking red.”
“These systems were built on nationwide dragnet orders demanding companies continuously supply private information not on suspects, but rather from all individuals across the United States.”
Yet despite the fact that intelligence failures related to 9/11 were primarily based not on a lack of data points but on an inability to connect the dots, the Bush administration launched an effort to collect dots on an unprecedented scale. The President’s Surveillance Program, known by the code name Stellar Wind, undertook three audacious aims: First, to collect the content of international communications on a mass scale. Second, to collect telephony communications records (who you call, when, and for how long) on a nationwide scale. And third, to collect internet metadata, also on a bulk scale.
These systems were built on nationwide dragnet orders demanding companies continuously supply private information not on suspects, but rather from all individuals across the United States. The records the government collected on hundreds of millions of Americans reveal sensitive associations and interactions and can be used to map out the intimate details of a person’s daily life. The scale and impact of the system would enrage the public when it eventually came to light.
If this type of surveillance regime seems incompatible with the Constitution’s protection against unreasonable searches and seizures, it is because it almost certainly was. In order to put its dragnet into action, the Bush administration went around Congress and the courts entirely, apparently convinced that it needed neither their permission nor even their awareness to move forward with Stellar Wind.
Its justification was built on legal reasoning from then-Deputy Assistant Attorney General John Yoo at the Office of Legal Counsel, an ostensibly independent entity within the Department of Justice that advises the executive branch on the legality of its plans and policies. Yoo, who saw virtually no limit to how far executive power stretched, argued that the president’s role as commander-in-chief gave him unilateral authority to carry out Stellar Wind. His October 2001 memo approving the surveillance was one of the most egregious examples of how the Office of Legal Counsel often works to supercharge executive power rather than provide sound legal analysis. The memo lacked basic legal reasoning. And it ignored an important judicial precedent holding that executive power is at its weakest when Congress has asserted its authority on an issue.
In fact, Congress had asserted its authority on national security surveillance in 1978, when it passed the Foreign Intelligence Surveillance Act (FISA). FISA established clear bounds for when the president can — and cannot — engage in domestic surveillance for national security purposes. But while the Office of Professional Responsibility and a joint inspectors general investigation would later castigate Yoo for his unprofessional legal analysis and circumvention of peer review (he would again be criticized for his lack of professional candor in authoring the infamous “Torture Memos”), his analysis was kept hidden from review by Congress, the courts, and the public. With no one to object, the OLC gave the Bush administration a blank check for dragnet surveillance.
Rule of Law Crumbles Further
The President’s Surveillance Program continued with impunity for years, collecting Americans’ private information on a mass scale. In October 2003, Jack Goldsmith took over as head of the Office of Legal Counsel. Soon after, he concluded that portions of Stellar Wind (specifically the bulk internet metadata component) were legally unsound.
This set off an internal debate within the Bush administration: then-Deputy Attorney General James Comey agreed, while White House Chief of Staff Andrew Card, White House counsel Alberto Gonzales, and vice president’s counsel David Addington all pushed for the program to continue. During one sparring session, Comey argued the legal justification for the program was “flawed — in fact, fatally flawed. No lawyer reading that could reasonably rely on it.” When Addington replied, “Well, I’m a lawyer and I did,” Comey shot back, “No good lawyer.”
“No good lawyer.”Deputy Attorney General James Comey
The debate came to a head in March 2004. Surveillance orders through the program had been issued every few months with Justice Department sign-off. But just days before a new authorization was required, Attorney General John Ashcroft was hospitalized with a severe illness, leaving Comey acting attorney general and the decision in his hands. This set off an infamous hospital showdown. The program’s defenders (Gonzales and Card) rushed to the hospital to convince Ashcroft, bed-ridden in intensive care, to approve the program; its opponents (Comey and Goldsmith) quickly moved to intercept them.
When Ashcroft confirmed Comey’s status as acting attorney general, Card and Gonzales took their shocking effort even further: They had the surveillance program reauthorized under Gonzales’ authority as White House counsel. Such an authorization had no basis in law or logic. The White House counsel is not an independent arbiter of the law. Their role is to provide legal advice as an agent of the president. By attempting to have Gonzales authorize the program, the White House was essentially arguing that it’s legal if the president says it is.
This escalation triggered a crisis. Comey, then-FBI Director Robert Mueller, and other high-ranking Department of Justice officials threatened to resign en masse. The next morning, Bush spoke personally to Comey and Mueller and relented, agreeing to discontinue the surveillance system under this dubious — and now unsupported by the Department of Justice — legal rationale.
Secret Surveillance Undermining Democracy
The 2004 showdown did not end Stellar Wind’s bulk collection of personal information; it merely sparked a change in how the executive justified that collection and continued to cloak it in secrecy. Rather than stop its mass surveillance programs, the Department of Justice went to the FISA Court — a court created by Congress when it first enacted FISA for the exclusive purpose of approving foreign intelligence warrants and surveillance orders — and argued that the dragnet surveillance systems it had developed unilaterally and in secret had actually been authorized by Congress when it passed the PATRIOT Act in October of 2001.
A portion of that law (Section 215, controversially labeled the “library provision” after it was created) authorized the government to collect any tangible record that was “relevant” to an international terrorism investigation. The executive claimed that since there were likely to be some useful records of suspects and chains of contacts within the nationwide pool of call records and metadata, the entire bulk set was relevant.
This legal argument was incredibly dubious. It effectively rendered the term “relevant,” and the limits it placed on the statute, devoid of all meaning. It was also hard to believe Congress intended to permit bulk collection: not only was the concept of this dragnet surveillance totally absent from debate over the PATRIOT Act, the law was not passed until after Stellar Wind programs were already underway.
“This legal argument was incredibly dubious. It effectively rendered the term relevant, and the limits it placed on the statute, devoid of all meaning.”
But the FISA Court proved to be the perfect tool for the executive to get legal approval while minimizing scrutiny. This court, which holds its deliberations in secret and hears only the executive branch’s arguments without any adversarial testing or presentation by an advocate to defend civil rights and liberties, approved the new system. Not only was there no counsel to highlight the flaws of this argument, there was no one to appeal the ruling to a higher court.
Congress, meanwhile, moved from being entirely excluded to being just mostly excluded. While a small set of lawmakers (the group of congressional and intelligence committee leaders known as the “Gang of Eight”) was informed about the surveillance, most of Congress remained in the dark, with no reason to suspect that their authorization to gather relevant records had now been warped to mean all records.
But even as the executive temporarily tamped down the conflict over bulk collection, another part of Stellar Wind came under scrutiny. In December 2005, the New York Timesbroke news revealing the existence of the component of Stellar Wind focused on warrantless monitoring of international communications. Rather than rebuke the White House for engaging in unilateral, warrantless surveillance, Congress chose to give its blessing to this system. By passing the Protect America Act in 2007, and then refining it as the FISA Amendments Act in 2008 (commonly called “FISA Section 702”), Congress set up a system within FISA for warrantless surveillance of international communications, even though it knew full well that this would lump surveillance of calls and emails to and from Americans in with the foreign surveillance FISA was originally designed to authorize.
This warrantless surveillance of Americans quickly ended up in court. And again, the executive shielded itself with a pernicious argument with secrecy at its foundation. When the Electronic Frontier Foundation (EFF) filed a lawsuit in 2008, the executive argued that the state secrets privilege prevented it from revealing any details of how the program operated. Absent these details, the plaintiffs could not show they were impacted by the surveillance, even as it operated as a dragnet that scanned the backbone of the internet.
Just last month, 13 years after the suit began, the Ninth Circuit dismissed the case on procedural grounds without ever reviewing its merits, a decision that EFF lamented “renders government mass surveillance programs essentially unreviewable by U.S. courts.” By operating under the umbrella of national security — and by invoking the state secrets privilege that many experts and judges see as overbroad and dubiously invoked — this warrantless surveillance system has become too secret to fail.
After warrantless FISA Section 702 surveillance was ratified by Congress, and as it eluded scrutiny in court, bulk collection of internet metadata continued in secret. Then, in March 2013, the path to unwinding the secrecy over this component of Stellar Wind surveillance regressed even further.
In a public hearing, Senator Ron Wyden (D-OR) asked then-Director of National Intelligence James Clapper about the National Security Agency: “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Clapper replied, “No, sir.” As a member of the Senate Intelligence Committee, Wyden at this point knew of the bulk collection program and knew that Clapper’s answer was improperly denying such a system existed. He pressed for clarification: “It does not?” But Clapper replied, “Not wittingly.”
Clapper would later apologize, claiming he had misunderstood the question and describing his remarks under oath as the “least untruthful” answer he could provide. But regardless of whether his response was dishonesty or error — the fact that Wyden had briefed Clapper’s office on his plans to ask this question days before the hearing gives doubt to the latter explanation — the disastrous result was the same. In front of the Senate and under oath, the top intelligence officer in the United States government had misled the public, sending a clear message that the bulk collection program could not exist.
Just a few months later, this denial was publicly proven wrong. The system of secret surveillance was thrown upside down when a series of stories based on leaks by NSA contractor Edward Snowden surfaced. The Snowden disclosures became top news in Washington, throughout the United States, and across the globe. First among them was the revelation that the bulk collection program had not only existed for 12 years in secret, but was still vacuuming up every record of every phone call nationwide.
The Snowden revelations lifted the veil on bulk collection, making it subject to significantly more judicial scrutiny. While in the past the FISA Court was the sole judicial entity examining the program, it was now challenged in open court. With experts in technology and civil liberties law arguing against the program, and with its rulings and the reasoning behind them subject to public scrutiny, the judiciary struck back. A federal court ruled that bulk collection likely violated the Constitution, and a federal appeals court held the executive was wrong to claim the PATRIOT Act had authorized it.
The revelation of bulk collection also set off a furor in Congress. Members were appalled not only by dragnet surveillance itself, but also by the president’s claim that they had authorized a system they never imagined existed. Then-Representative James Sensenbrenner (R-WI), the author of the PATRIOT Act, was especially enraged. He instantly became one of the most vocal critics of bulk collection and advocates for reform, stating, “if the bulk collection program was debated by the Congress … it never would have been approved.”
While Congress and courts would eventually strike down bulk collection and make other reforms, the process required drawn-out legal and legislative battles. And the executive branch forced concessions along the way, limiting reporting and transparency on its warrantless surveillance system. The heavy lift of reform and lack of accountability showed that for the executive, it was much more advantageous to ask for forgiveness than permission.
Secret Surveillance Undermining Policymaking
In the fall of 2013, lawmakers led by Sensenbrenner and Senator Patrick Leahy (D-VT) started to push legislation that would end bulk collection and make a series of other significant reforms to mass surveillance and the lax oversight systems around it. But intelligence agencies were committed to fighting for mass surveillance. And while the continued bulk collection of phone records was no longer secret, many details of how this surveillance system worked still were, and secrecy quickly became a weapon for defending it.
Following the Snowden disclosures, the NSA depicted bulk collection as an essential tool for keeping Americans safe, claiming it had been key to discovering or disrupting 50 terrorist plots. Because these alleged successes were all based on classified investigations and documents, it was impossible to vet the claim. But over time critical members of Congress, especially Leahy, dug in and began to press the NSA to justify their assertion. And under steady scrutiny, the number of terrorist plots the NSA claimed were thwarted through bulk collection dropped from over four dozen to just one. Finally, that one instance was revealed to be not a plot at all, but a case involving $8,000 of alleged “material support.”
Independent investigators similarly found the executive branch’s claims that bulk collection was a critical national security tool to be lacking. After over a year of investigating classified materials, the Privacy and Civil Liberties Oversight Board — an oversight body created specifically to examine how war on terror policies impacted civil liberties — produced an extensive report on bulk collection. It concluded that there was “no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack.” And the President’s Review Group on Surveillance, a task force of experts including former high-ranking intelligence officials, wrote that bulk collection “was not essential to preventing attacks and could readily have been obtained in a timely manner using conventional [i.e., targeted] section 215 orders.”
Eventually, the intelligence community acknowledged that ending bulk collection would not harm national security. But it only did so after two years of legislative debate, and with several important provisions of the reform legislation, the USA FREEDOM Act, weakened or removed along the way.
Passed in June 2015, the USA FREEDOM Act made critical changes to FISA and to our national security surveillance system, principal among them a ban on bulk collection. It also improved the FISA Court and combatted secrecy. It required the intelligence community to disclose any decisions that created a “novel or significant” interpretation of law (as its approval of bulk collection under the PATRIOT Act had done), and it created a position for a “special advocate” to defend privacy rights and bring broader perspective to important FISA Court deliberations. Finally, the law required new public reporting to give better perspective on the scale of government surveillance.
Twenty Years On, What Is Ahead?
The USA FREEDOM Act served as the most significant reform to national security surveillance in nearly four decades. But in many ways, the law was just a first step in remedying the dangerous surveillance policies enacted after September 11. While bulk collection is a thing of the past, the legacy of the war of terror has left many obstacles for us to overcome.
In a compromise with the intelligence community, the act created the authority for a new “call detail records” program that allowed for broad requests for sets of phone records. This system proved to be so dysfunctional that the intelligence community was forced to pull the plug on it only a few years after it went into operation. Thanks to the work of advocates, outlawing this problematic system is virtually guaranteed as a feature of any future PATRIOT Act reauthorizations.
Additionally, the USA FREEDOM Act largely failed to fix or even expose the problems with warrantless FISA Section 702 surveillance. A fix to the “backdoor search loophole,” a deeply problematic practice whereby the NSA, CIA, and FBI query FISA Section 702 databases for Americans’ communications, essentially using these queries as a work-around to seek out Americans’ emails without a warrant, was stripped out of the original bill. Nor did the law require the intelligence community to report how many Americans’ communications were swept up in Section 702 surveillance, undermining future debates over Section 702 by keeping the scale of how often warrantless surveillance impacts Americans hidden.
Obtaining an estimate of how often FISA Section 702 collects Americans’ communications has proven especially elusive. In late 2016, then-Director of National Intelligence Clapper pledged to the House Judiciary Committee that the intelligence community would compile an estimate of how many Americans had their communication collected through warrantless Section 702 surveillance. But early the next year his successor, Dan Coats, reversed the office’s promise, keeping the impact of warrantless surveillance hidden from both Congress and the public.
Hopefully, the new administration will follow through on Clapper’s commitment, especially since FISA Section 702 is set to expire in 2023. Insights into how often Section 702 surveillance collects Americans’ communications would be highly valuable to demonstrating the impact of key reforms, such as closing the backdoor search loophole and creating use limits to stop the growing problem of warrantless Section 702 data further bleeding into domestic law enforcement.
Organizations like POGO are working for these changes and for new policies that increase transparency and oversight: setting disclosure requirements to end the practice of hiding warrantless surveillance from defendants, further expanding transparency rules and the role of the special advocate at the FISA Court, and establishing new requirements for research and reporting on the disparate impact of FISA surveillance. Sunlight remains the best disinfectant for the war on terror surveillance system that remains shrouded in secrecy.