American Spies: Modern Surveillance, Why You Should Care, and What to Do About It

Image of American Spies: Modern Surveillance, Why You Should Care, and What to Do About It
Release Date: 
February 27, 2017
Cambridge University Press
Reviewed by: 

“We are living in the Golden Age for Surveillance.”
—Jennifer Stisa Granick

Author and surveillance lawyer Jennifer Stisa Granick conveys the complex context and legal in terms understandable to non-experts. For surveillance academics, American Spies provides footnotes, a glossary, and references.

The take-away:

  1. Modern surveillance is mass surveillance
  2. Mass surveillance that targets foreigners also sweeps up Americans—it’s not intentional, that’s just how mass surveillance works.
  3. Modern surveillance lacks public oversight, depends on secret law, and is incompatible with a free society.
  4. Privacy law has fallen behind due to technology, economics, and consumer acceptance.
  5. Due to judicial and legislative deference to the executive branch of government in America, privacy law is unlikely to catch up.
  6. As surveillance laws are secret or broad in interpretation with loopholes and no penalties, does privacy law even matter?

Granick states her many reasons for writing American Spies:

• “My first goal in writing this book is to give the American voter the information she needs to understand and participate in this debate, and to make a difference.”

• ”This book explains the law and the policy of American digital surveillance in the modern era.”

• “This book offers a historical account of an extraordinarily complex policy and legal debate on modern surveillance.”

• “I am concerned with the toll surveillance can have on personal freedom.”

September 11, 2001 became the justification for broad suspicionless surveillance. For the FBI this meant a redirection from law enforcement to intelligence. Granick states the NSA and the FBI are not rogue agencies in all of this, their actions reflect their duties to the President.

Technology changes everything.

You did not need laws to protect you from something that was physically impossible. But now that it is possible, mass or bulk surveillance means indiscriminate collection— collecting it all. The NSA processed more than two billion telecommunications per day in 2012, including all Gmail and video chats from overseas. It is near impossible to separate American data from foreign data, so it is not.

When Google stores its data overseas and NSA copies it, American data is also copied. The NSA has built a data center in Utah sized to store yottabytes, which when expressed as pages of information, is a 500 followed by 18 zeros, or

500,000,000,000,000,000,000 pages of text. In March 2013, 97 billion pieces of information was collected and stored by the NSA. How many Americans have been swept up in data collection? The NSA refuses to say, and it’s possible it doesn’t even know.

Granick claims, “Mass surveillance and democracy are fundamentally incompatible.” And now that technology enables the government to perform mass surveillance, there are few laws in place that address its legality. Bulk collection began in 2001 illegally. The NSA and FBI broke the law, then hid the fact that they broke the law. After the bulk collection program was uncovered by a U.K. newspaper in 2013, Democrat and Republican Senators, provided misleading statements to the public. When an official says that data on Americans are no longer being collected under law X, it does not mean that right now the very same data isn’t being collected under law Y.

Granick states that there is a pattern to how the intelligence community acts when caught, they “[p]ut a respected figure on television to issue reassuring statements that leave the American public with an inaccurate understanding of what is actually going on.” The U.S. government did not seek a legal blessing by court order until 2016.

There’s a chapter on NSA cyber spying and hacking. The NSA has stolen stealing encryption keys, and subverted encryption standards. The NSA has hacked the Microsoft software update process. The NSA uses drones with cell phone interception equipment and taps cables connected to cell phone networks.

The NSA works with the U.K.’s spy agency GCHQ, to spy on the rest of the world; however, the NSA’s charter prevents the NSA from spying on Americans. But it does, by legal shell game. When the FBI receives 100 million customer phone service records from Verizon, the FBI hands the records over to the NSA.

It‘s not just the government, states Granick. “Spying is thriving not only because of new technology, but also because of modern business models.” People give up their data freely to commercial companies to obtain products and services, and then U.S. spies buy or steal that data from corporations.

We know much of this because of Edward Snowden’s whistleblowing. Granick states, “Snowden’s revelations . . . confirmed civil libertarian’s worst fears . . .” The public now knows that in practice U.S. officials regularly obtains Americans’ phone calls, emails, and other communications and uses the information beyond counterterrorism.”

She provides an overview of Snowden’s revelations, pointing out “Snowden’s disclosures have changed the way the public understands what surveillance means today.” She adds that Snowden did the right thing and criticism of his actions is facile and misguided. She claims, “[t]he ‘is Snowden a traitor’ discussion isn’t actually about Snowden,” a claim similarly expressed by retired CIA agent Melvin A. Goodman in Whistleblower at the CIA, previously reviewed in NYJB.

As a consequence of Snowden there has been some pushback. President Obama stopped collecting bulk email metadata—for a while. Bulk data is still being collected but the process of collection changed. Instead of stealing the metadata itself, the NSA under a different law goes to the telecom agencies to obtain the data, though still without a warrant.

Though much of this has already been reported, what makes American Spies of value is Granick’s perspective as a lawyer. What may be most interesting for the layperson is her uncovering of fraud in surveillance law. Legal terms have been perverted to the purpose of allowing those who run the spy agencies to deny they are spying.

The term “surveillance” has a specific legal meaning. When there is a “reasonable expectation of privacy” then surveillance requires a warrant. The existence of a warrant reflects that a judge has examined the request and agrees that there is suspicion of a crime. The loophole of legal surveillance is that spying is “spying” only when there is “reasonable expectation of privacy.”

By denying that Americans have any expectations of privacy, a warrant is not required; if a warrant is not required then spying cannot have occurred and authorities can go fishing for phone billing records, Internet transactions, and the contents of hard drive backups stored on the cloud, and all without a warrant.

There are more loopholes. Warrants must identify a “target” for surveillance but the word “target” is undefined. Targets can be “bulk,” that is, targets can be groups of people having a common attribute. Other vague legal terms include “metadata,” which legally isn’t data (although it is). Another legal term is “Incidental,” which means its opposite as incidental collection of American data is intentional.

Another legal term is “Inadvertent,” which also means its opposite, i.e. significant and systemic. And as the legal term “search” has protections under the Fourth Amendment, the word “query,” which has no legal baggage is used instead. Similarly, the legal definition of “terrorism” is not precise and can be (and has been) misused by law enforcement to suppress unfavored views and civil disobedience.

Of special import is the term “minimized,” which means data is analyzed with identity information “masked,” and then shared across government agencies. Because data minimization permits data sharing, the FBI can ask for data that the NSA isn’t allowed to collect, and then hand the data over to the NSA. Also because of data sharing, the NSA can share incidentally collected data on Americans with the FBI, the DEA, the IRS, and other law enforcement agencies, including foreign spy agencies.

Though there are minimization policies that “mask” the identities of Americans, the policies are secret and there is little reason to believe that minimization procedures minimize anything. Any official can ask for and receive an “unmasking.”

When the FBI does the spying (compared to the CIA and NSA) there are more protections afforded Americans; however in regards to who is and who is not an American, the definition of American is classified. So when the president says that Americans need not be worried about surveillance, we really don’t know what he means. One might guess that an American could be assumed to be not-an-American if they meet certain criteria, such as sending email in a foreign language, or being on a chat list with a foreigner. But we really don’t know.

In the chapter We Kill People Based on Metadata, Granick explains what metadata is, how it is generated, and what it says about us. Location data is metadata. Mobile phones are essentially location trackers; “tower dumps” of cell phone towers give police position identifiers for cell phones as even when off, cell phones will at intervals connect to cell towers. There are street cameras, traffic light cameras, security cameras, and auto license plate readers. This too is metadata. Some if not all of the metadata ends up in searchable databases as business records. The government doesn’t have to pick and choose whom to wiretap; they can just demand the data as metadata from private industry.

Granick provides context on how we got to where we are—basically, everything changed after September 11, 2001. The conclusion of the National Commission on Terrorist Attacks, The 9/11 Commission, was not that there was a lack of information but the information the CIA and NSA had, was misused; they did not share their information with the FBI; there was an “inability to connect the dots.” The commission’s conclusion became the justification for broad suspicionless surveillance, and a change of direction for the FBI from law enforcement to surveillance and intelligence.

The consequence is there is now too much surveillance, and too much data sharing. Even with minimization procedures, there is the potential for misuse of law enforcement through discrimination, retaliation, and blackmail.

Granick examines several secret “code word” projects (though not so secret since Snowden) that have been used for spying and collecting records in bulk. One secret NSA programs uses the concept called “contact chaining,” used to flag contacts of terrorists, that is, people whom terrorists have phoned or emailed. Targets on the chain might be terrorists—or they might deliver pizza. Granick states, “One reason for the lack of public understanding about what these tools do is that the government has been lying about it.”

Granick also examines various Executive Orders (EOs) and laws on surveillance subject to different implementations and interpretations. One law is EO (12333; another is Section 702 of The FISA (Foreign Intelligence Surveillance Act) Amendments Act of 2008.

What we do know of these laws is that they are complex, have secret parts that can change secretly, and their protection of Americans is weak. What is permitted by these laws appears to be more along the lines of stipulations of policy and not law, that is, the government can change its mind about what it wants to do without having to change the law. Granick states, “Modern surveillance in the United States was birthed illegally. Legal justifications were made after the fact.”

In the chapter Nothing to Hide? A Short History of Surveillance Abuses, Granick provides context for modern surveillance law and protections leading up to September 11, 2001. Granick points out that surveillance has been misused for political reasons for most of American history and used to go after individuals and groups that the president considers politically suspect . The FBI, initially created to monitor anarchists, sponsored the Palmer Raids in the 1920s that prioritized urgency over legality (where have we heard that before?). The Palmer Raids swept up and deported many non-violent illegal aliens along with anarchists and communists.

Of particular note are abuses made by the FBI under director J. Edgar Hoover, in particular of his going after Martin Luther King Jr., Granick points out, “people often write this off as misguided abuses by a dangerous J. Edgar Hoover. But that confusion is wrong . . . Hoover convinced Attorney General Robert Kennedy, John F. Kennedy’s brother to sign off on FBI eavesdropping on King’s hotel rooms, apartments, and telephones. It was approved government policy, not just the obsession of one man.”

During the Vietnam War, the FBI kept an antiwar list that grew until more than one million Americans were targeted. Anti-war demonstrators were investigated by the IRS, identified by photocopies of checks used to reserve seats on buses headed to antiwar events. Ironically President Nixon was put on the list for belonging to the Quakers, a Christian group known for its anti-war activities. Today’s FBI surveillance list includes not just anti-war groups but also Black Lives Matter, PETA, journalists, and Muslims.

Granick explains how wiretapping fits into current law, which appears to be a slippery slope in what starts out as sensible expands over time into abuse. Historically, there was no law placing a check on wiretapping until Katz 1967, where the “right to privacy” was first discussed by the Supreme Court. Katz 1967 was followed by The Wiretap Act of 1968, which was then followed by Keith 1971, which resulted in all Americans having a “reasonable expectation of privacy,” and the need for a warrant based on probable cause to invade that privacy.

Privacy law leaves questions on what the president can do to override Fourth Amendment protections under claims of national security. Overrides were made on a case-by-case basis up to FISA 1978, the Foreign Intelligence Surveillance Act. Granick states the FISA is, “an extraordinarily complex statute,” and outlines the legal rules.  Foreign intelligence surveillance allows surveillance of U.S. citizens without judicial review, if those citizens are believed to be acting as agents of a foreign power. Much of what is legal and what is not comes down to hair splitting, leaving much room for interpretation.

That phone calls are private but phone numbers dialed are not goes back to Smith v. Maryland 1979. Phone numbers are considered business records of the phone company —and thus do not require a warrant. The claim “if data isn’t a secret, then it isn’t private and Fourth Amendment protections don’t apply” became thin edge-of-the-wedge that allowed a loophole around the Fourth Amendment by use of “The Third-Party Doctrine,” allowing access to any third-party records without warrant.

Granick explains the qualitative difference between telephone metadata and email metadata. Making phone calls and sending email use significantly different technologies and telephone metadata holds much less information than email metadata. As email metadata contains more information it should be more strongly protected, yet under current surveillance law, telephone, and email records are treated the same.

The Electronic Communications Privacy Act (ECPA) and the Stored Communications Act (SCA) of 1986 added legal process (though still less than a search warrant) to obtain customer records, except in certain circumstances, for certain records. As the law is not settled in all aspects (by “settled” meaning not yet decided by the Supreme Court), these laws are open to interpretation. Much depends on the ongoing legal challenge of Riley v. California 2014 currently before the Supreme Court—though this particular case does not address email metadata.

For more on how we got to where we are today, Granick provides a history and context secret laws passed after September 11, 2001. First, the Department of Justice (DOJ) Office of Legal Counsel (OLC) immunized government representatives from criminal and civil liability, which provides a “get out of jail free” card if the crimes they commit are done in the belief that they are doing the right thing.

The point was to protect officials from later being sued personally after the fact, if secret law was discovered and overturned. Then mass collection was authorized secretly under “Section 215” of the Patriot Act. Interpretation of this law allowed the NSA to spy on Americans outside of its original legal charter. John Yoo, a junior member of the OLC (who also wrote the legal opinion permitting torture) wrote the legal opinion on STELLARWIND—the code name for secret surveillance. Granick notes that secret opinions were not reviewed by a judge because secret opinions were not allowed to be reviewed.

Chapter 14 of American Spies, addresses the limits of the Fourth Amendment as to “whether the Fourth Amendment protects Americans from suspicionless spying.” Granick states that this is not yet settled law, and is not likely to be decided anytime soon. “We aren’t likely to get any answers soon because the way the federal government has managed to insulate its practices from legal challenge.”

There are many ways for the executive branch to avoid legal challenge in the courts, for example the need for “legal standing.” For legal standing on a Fourth Amendment surveillance case a defendant would have to prove he or she was spied on. Proof is hard to come by because if proof existed it would have to been secret, that is, the proof would have to have been illegally obtained.

Another legal tactic is through plea-bargaining. Defendants to “plea out” to a reduced sentence to avoid the risk of a jury decision but in doing so also avoid challenging the law.

Yet another tactic is through use of “parallel construction.” Parallel construction is an alternate legal explanation of how surveillance information was obtained.

Yet another is pre-compliance that has been built into laws requiring government licenses to operate. For example, FCC approval of foreign ownership of U.S. telecoms requires their acceptance of government surveillance.

Another tactic to avoiding going to court over the Fourth Amendment is by claiming “special needs.” Spying on Americans as part of foreign intelligence surveillance is allowed under “special need,” and not part of original intent of the constitution. The complex arguments in the support of special needs have evolved, travelling down the slippery slope from acceptance in a case by case basis of “carefully limited” situations to what is now anything that can be called “reasonable.”

In chapter 15, The Failures of External Oversight, Granick provides the context and history of the Foreign Intelligence Surveillance Court (FISC). FISC was created to provide oversight over surveillance of foreigners in the U.S., Secret spying on Americans was made legal through the FISA court, though the court has little power.

Granick states, “[t]he record shows that the FISC is not in the business of saying ‘no.’” For example, when the NSA was caught doing something not allowed and FISA judges on record asked the NSA why they ignored the government rule, the NSA “provided no comprehensive explanation” and got away with it. No one was punished. FISA later changed the rules to make NSA rule violations permissible.

There appears to be a game of Whack-A-Mole going on between the executive and judicial branches, and the executive branch appears to be winning. Even when surveillance is determined illegal by the courts, the surveillance rules will be manipulated, abused, and ignored. And when surveillance is stopped under one law, it is be restarted under another. Granick muses, “[s]urveillance doesn’t seem to stop, it just shifts around, as do the rules under which they operate.”

The last chapter addresses how to make things better (sigh).

American Spies is well organized, to the point, and thoroughly depressing.