What's Private In The Modern Age

MS. DIANE REHM

10:06:56
Thanks for joining us. I'm Diane Rehm. A 29-year-old former CIA employee came forward yesterday as the source of the explosive information on the NSA's gigantic data collection and analysis programs. Criminal charges could be filed. The leaks have galvanized national attention on privacy expectations and rights in the modern age. Joining me to talk about the disclosures and their implications: Stewart Baker, attorney and former general counsel at NSA, Marc Rotenberg of the Electronic Privacy Information Center and Siobhan Gorman of The Wall Street Journal.

MS. DIANE REHM

10:07:47
I do invite you to join us this morning. Call us on 800-433-8850. Send us your email to drshow@wamu.org. Follow us on Facebook or send us a tweet. Good morning to all of you.

MR. STEWART BAKER

10:08:07
Good morning.

MS. SIOBHAN GORMAN

10:08:07
Good morning.

MR. MARC ROTENBERG

10:08:08
Good morning.

REHM

10:08:08
Good to see you all. Siobhan, what do we know about this young man, Edward Snowden?

GORMAN

10:08:16
Well, Mr. Snowden is a 29-year-old consultant for Booz Allen Hamilton, which is a major defense contractor. It does a lot of work in the intelligence world. And he has been a consultant working at an NSA outpost in Hawaii for the last three months or so. Prior to that, he worked at the CIA for about four years, and prior to working for the CIA, he was a security officer for NSA at University of Maryland. And he is not a high school graduate. He obtained his GED, which is pretty unusual for an intelligence officer. So we're all looking to find out more about him today.

REHM

10:09:00
OK. So he is reportedly in Hong Kong. What's involved with extraditing him?

GORMAN

10:09:09
Well, I think we're gonna have to see what happens 'cause this is gonna be almost more of a political decision on the part of China to decide how much it should be cooperating. Hong Kong does have an extradition agreement with the United States, but this is a process that could take months even if it's just going as planned.

REHM

10:09:28
Stewart Baker, how do you see that extradition or threat there going?

BAKER

10:09:35
I agree with Siobhan. This is going to be a relatively political decision. The extradition treaty undoubtedly allows Hong Kong to say this would not be a crime in Hong Kong, and therefore, we're not gonna extradite him. And spying on the United States probably is not a crime in Hong Kong.

REHM

10:09:52
And as we look at this, Marc Rotenberg, since when did the NSA outsource this kind of work to a firm like Booz Allen?

ROTENBERG

10:10:07
This has been one of the big changes in U.S. intelligence policy post 9/11. The federal government has looked increasingly to the private sector to provide the resources, the technology and the expertise. And, of course, questions have been raised about the adequacy of oversight. I think it was even Stewart Baker who pointed out that at least with government employees, there's an opportunity to go to inspector general if you have concerns about your agency's program. It's not clear what you do if you're in the private sector and you have concerns about what your company is doing.

REHM

10:10:39
Stewart, how do you respond?

BAKER

10:10:42
That's true. I think that there's at least that possibility that if he were working exclusively in contractors' bases that he would not have an idea how he could report abuses within the system. If he was working in NSA, in facilities alongside government employees, I don't think that would be a problem. And, of course, he doesn't seem to have given much thought to the idea of proceeding inside the system, which he thinks is rigged against the American people.

REHM

10:11:14
Siobhan, what does he say are the reasons for coming forward?

GORMAN

10:11:20
Well, he feels that the NSA's reach into American communications is far beyond what the public understands, and he says that he wants to provoke a public debate about it. He's made an interesting argument, in fact, that there has been little discussion about the retention of this information. And he makes the point that if you keep enough information about everybody for a long enough period of time, almost anybody looks suspicious. And I think that we'll probably see some more discussion about that point in particular.

REHM

10:11:53
Marc Rotenberg, are we clear as to the kinds of information that are being retained and how they're being used?

ROTENBERG

10:12:04
Well, I don't think we have the full picture yet, but what we have learned about the PRISM program is extraordinary. It does appear that the large U.S. Internet companies have provided to the National Security Agency, on an ongoing basis, virtually all the details of their user activity. Now, they will say that they've done this pursuant to orders issued by the FISA Intelligence Surveillance Court, which I think is a topic we'll need to come back to, and the U.S. government will say that these orders are primarily directed toward non-U.S. citizens.

ROTENBERG

10:12:39
But I think the reality at this point is that neither answer is very satisfying. The FISA court does not seem to be doing a particularly good job of oversight. And to imagine the amount of information on non-U.S. citizens that's being released is going to trouble, of course, foreign governments. And still within the U.S., we have concerns about the U.S. data collection.

REHM

10:13:00
Go ahead, Siobhan.

GORMAN

10:13:01
Well, one interesting thing that this whole episode has revealed, particularly with the phone records program where the NSA has agreements with the major telephone companies to take phone call records...

REHM

10:13:14
And that's the PRISM program.

GORMAN

10:13:15
No, that's actually a separate -- that's the phone record program. I just -- but it applies to both.

REHM

10:13:20
OK.

GORMAN

10:13:21
There's sort of a -- there's a new legal theory -- and I'd be interested what Stewart has to say about this -- that you are now applying the investigative requirements of reasonable suspicion to the analysis of the data that's being received rather than the collection of it. So it's collect first and then determine later whether or not you can meet reasonable suspicion, which is a new way of approaching it.

REHM

10:13:42
Stewart.

BAKER

10:13:43
That's true. There really are two very separate things here, and I think that The Washington Post did a real disservice to the public by treating PRISM in the way it did. At most we know about the PRISM case is that the government has set up an arrangement with a number of companies that get a lot of FISA court orders. Say, they discover that Hotmail is being used by al-Qaida, they can serve a FISA Court order on the owners of Hotmail and say, please provide all of the contents of these emails.

BAKER

10:14:18
And the only thing that we know PRISM seems to do is it allows for an electronic delivery of the request in the information, not exactly a big difference from what we always understood the government could do with FISA court orders. So in that area, there is really not much new, and The Post had a number of inaccuracies that made this seem like a much bigger deal than it did.

BAKER

10:14:44
Plus, it came on the heels of the discovery that the government had gathered all of the call data, the numbers called and calling in to Americans, which made it sound as though the government had also gathered all of the email communications of Americans, which is not true so far as we can tell from what's been leaked so far.

REHM

10:15:09
Marc Rotenberg, you look a little skeptical.

ROTENBERG

10:15:13
Well, I'm a little surprised by Stewart's comment. I actually think Siobhan raised the right point in addressing this concern that the government has adopted a legal position, which says, in essence, we will gather all the data in the first instance and then meet the legal standard afterward as to the data that we intend to look at. And this is a particular problem putting the PRISM matter to the side for just a moment with the Verizon request. And I looked at that order.

ROTENBERG

10:15:42
I've been studying, you know, the FISA court for many years, and I had never seen an order from that court where a judge said it was fine to compel a U.S. phone company to turn over records on U.S. customers engaged in solely domestic communications. And you have to take a step back and understand just how far removed that is from the purpose of the court or the purpose of the Foreign Intelligence Surveillance Act.

ROTENBERG

10:16:07
There is, even in the Patriot Act, a requirement that the request be reasonably related to some investigation. Well, it can't be the case that all telephone records on Verizon customers in the United States are reasonably related to an investigation.

REHM

10:16:22
It does sound pretty broad.

BAKER

10:16:24
That's a fair point of discussion. I just wanted to take all of our emails and all of the communications that go through electronic communications providers off the table because The Post has misled us on that. But there is a legitimate question about why the government would seek all of the call data about domestic calls. Now, call data is another word basically for billing records. It's the records that people used to get in their long distance bill about every number they call and how much they were being charged for it.

BAKER

10:16:59
It's always been available to the government, even local governments with a mere subpoena. It's been very easy to get. No one has treated it as having high-privacy value from the point of the view of the subscriber. What's new here is the agency that's getting it and the scale on which they're getting it. And those are certainly troubling. To have an intelligence agency gather that is something that you wanna understand about. But I don't think that it is a major change in the likelihood that someone is gonna look at our records.

REHM

10:17:34
Siobhan.

GORMAN

10:17:35
Well, what's interesting about that is the Supreme Court determinations about the fact that there isn't a right to privacy when it comes to phone call data predate even cellphones, and so the law is way behind the technology in this case. And you're starting to hear people talk about things like dataveillance, which means that you take all of that data and you essentially conduct surveillance on that.

GORMAN

10:17:58
And so the idea is that once you aggregate all of this information, at some point, it may start raising some privacy concerns just because when the law was sort of last contemplated in this area, that just -- was not even conceived of as a possibility.

REHM

10:18:14
So it would seem that many people have had suspicions about how much data was being collected, but this young man has now made this very public in readiness for this kind of public discussion. Siobhan Gorman is with The Wall Street Journal, Marc Rotenberg of the Electronic Privacy Information Center, Stewart Baker. Short break. Right back.

REHM

10:20:04
And welcome back. We're talking about new revelations in regard to what's private, what's no longer private. Here in the studio: Stewart Baker, he's an attorney at Steptoe and Johnson, former general counsel at the National Security Agency, former assistant secretary of policy at the Department of Homeland Security, Marc Rosen -- Rotenberg -- pardon me -- is executive director of the Electronic Privacy Information Center.

REHM

10:20:41
He teaches information privacy law at Georgetown University Center of Law. Siobhan Gorman is intelligence and Homeland Security correspondent at The Wall Street Journal. Here is a tweet, which kind of gets to the heart of it. It says, "No, no, no. Cellphone data with tower data and device ID is so much more than your billing record." Stewart Baker.

BAKER

10:21:17
There is no doubt that we are giving away more and more information to third parties than we ever did in the past.

REHM

10:21:24
But now we've got a fourth party, the U.S. government.

BAKER

10:21:27
Well, the U.S. government is serving what amounts to a subpoena on people saying we want this information because it may be relevant to an investigation. What they are essentially saying is if we waited until we saw a crime and we're trying to figure out who committed it, we might not be able to find patterns prior to the crime. We might not be able to find the activities that led up to the crime. If we gather in one place, do not search it until we have a reason to search it, then we will be able to carry out a search that the court will approve.

REHM

10:22:03
Marc Rotenberg, one thing we've learned is how advanced analyst techniques can put together these proverbial dots that Stewart's talking about.

ROTENBERG

10:22:18
Right. I think the problem today, Diane, is that our privacy laws have not been adapted for a world in which it's the data...

REHM

10:22:26
Yeah.

ROTENBERG

10:22:26
...as opposed to the underlying communication that has the real value because, you see, when you have the data, when you know identity, when you know time, when you know geolocation, you can look at networks and sequence of events, you're actually looking at a much richer world of information than simply trying to read through transcripts of telephone calls.

ROTENBERG

10:22:48
And one of the concerns that we have is I think at this point, it's actually the NSA's analytic capabilities that are driving their surveillance investigations in the United States. In other words, it's a bit upside down. We're not saying, oh, here's a threat. Let's pursue this threat because we have the leads of some concern that needs to be investigated.

ROTENBERG

10:23:11
The starting point is we have this enormous data processing capability. Let's fill these servers with whatever data we can obtain from whichever U.S. companies have this data. And on that basis, we'll pursue our investigations.

REHM

10:23:25
Go ahead, Siobhan.

GORMAN

10:23:27
Well, and the other development that has occurred in the last few years is just an enormous expansion of computing power. There have been a lot of advancements in Silicon Valley that have basically meant that you don't need supercomputers to do a lot of this really heavy duty analysis anymore. And so NSA has been piggybacking on some of these innovations, and it has adapted it into enormous sort of computing programs that it is now combining with very advanced algorithms.

GORMAN

10:23:55
And it's applied in places like Afghanistan where they say sometimes they can actually predict attacks. And so they are bringing enormous, different -- quantities of different types of data together thinking that in some cases, they can even predict the future.

REHM

10:24:07
And, Marc, here's an email from David, who says, "How does prism differ from earlier reports a decade ago about ECHELON?"

ROTENBERG

10:24:22
Well, I think one of the key differences, of course, is the rise of the U.S. Internet firms over the past decade, which we have all become so dependent on for our email and for our communications. And ECHELON, I will say frankly, I think was a bit overstated when those reports came out. It was really an intelligence sharing arrangement between five countries. It was described in the European press as a real-time intercept capability, which I don't think actually existed, not at least in the form described.

ROTENBERG

10:24:52
But the current information that we have about prism in some ways is much more troubling. We don't know the exact contours of the program, and the companies have been, you know, forcefully denying some of the characterizations.

REHM

10:25:05
What companies?

ROTENBERG

10:25:06
Well, Google and Facebook, both. Actually, over the last few days, both Mark Zuckerberg and Larry Page went out of their way to say that the reports notably in The Washington Post were not accurate with respect to their disclosure of user data. But even Google's own transparency reports reveal that they turn over about 90 percent of the information that the government seeks in the United States each year.

ROTENBERG

10:25:32
So whereas 10 years ago, the focus was on telephone communications and what type of information was being provided to the NSA. I think what we're learning today is that actually a lot more data across a lot -- many more U.S. companies is potentially being made available.

REHM

10:25:47
All right.

BAKER

10:25:48
I think Marc has left out one significant difference between what was said about ECHELON and what is -- appears to be the case here. ECHELON was described as a worldwide global intercept capability looking at phone calls. It required almost no or no judicial oversight whatsoever. The program that's going by the name of PRISM, I think, incorrectly here, is entirely overseen by the courts.

BAKER

10:26:19
None of these companies will cooperate without court orders, and the courts will conduct and independent review of what is being done to make sure they think it's lawful. This is more oversight and more legal process than we have ever seen in the past.

ROTENBERG

10:26:35
Well, look, I mean, Stewart's point really gets to the heart of the problem, and that is the question whether you think the FISA court really exercises independent oversight, and we don't. I mean, we think the system is just broken. You look at the reports of the court itself released last year. There was not a single order that was turned down. I think there were almost 1,800 orders that the government submitted to the FISA court. They may have been modified somewhat, but they were all approved.

ROTENBERG

10:27:02
And when you're operate -- and the courts, you know, not only are the court's orders kept secret but even the interpretations of law in which the court relies, and the Department of Justice seeks this data, is kept secret. So to describe this as independent judicial review, I think, is a stretch.

REHM

10:27:18
How important, Siobhan, do you believe this disclosure by this young man Edward Snowden is?

GORMAN

10:27:29
I think it's important in that it sort of crystallizes what a lot of us, frankly, have been reporting over many years now.

REHM

10:27:37
And concerned about.

GORMAN

10:27:39
Well, I mean, reporters aren't necessarily concerned about it, but they think it's an important issue to raise, right? I mean, we aren't taking a position on whether or not this is a problem, but certainly, raising the issue for public discussion is something that we're paid to do. So having reported on this over a number of years, when I first -- when I saw the headlines of The Guardian story, I thought, well, we kind of know this already.

GORMAN

10:28:00
But what was different about it was actually having a document. I mean, I don't -- I've never seen a FISA court order before that wasn't actually released by the government. And I think that's maybe happened once before. So, you know, seeing it in black and white and seeing the verbiage that they used gives you a much better sense of how it is that these programs are being approached. And I think that that is what people were taken by.

GORMAN

10:28:23
I think that unfortunately, in the case of the PRISM program, we haven't seen as comprehensive a showing of what it is 'cause they're just a few PowerPoint slides that have been presented publicly. And I was speaking yesterday with the former director of national intelligence official asking about sort of this difference between what the government has said and what the slide seemed to say about direct access to these Internet companies.

GORMAN

10:28:47
And he said, well, you know, I mean, these are just government Internet, you know, government PowerPoint slides. You don't expect them to be accurate, do you? It's not a form of legal document. And this is somebody who's a lawyer by training. And so he said, you know, look, a presentation you have to make to the court is going to be very precise in its language.

GORMAN

10:29:03
A presentation that you're making to some colleagues, updating them, say, on the status of a program, may not be choosing its language so precisely. And if you're no expecting this is going to be released publicly, you may not think about how it would be received by another audience.

REHM

10:29:16
So how do you summarize all this, Marc Rotenberg? Do you simply say to the public here and now, nothing is private anymore?

ROTENBERG

10:29:29
Oh, absolutely not. I mean, I think what we need to do is look at how the privacy laws are operating, how the courts are operating and ask some hard questions, you know, is the court doing its job? Are the laws working? I don't think we take away from this, oh, that's the end of privacy. I think we say, we need to update some laws. We need to strengthen the courts. I think that's the discussion, in fact, that's taking place right now in Congress.

REHM

10:29:56
Stewart.

BAKER

10:29:57
I think the fact is that we're fighting technology here and we're gonna lose. Technology is making it cheaper every day to gather, collect and analyze data. We can get mad at the U.S. government and say, well, the U.S. government will never be allowed to do this, but that just means that in five and 10 years from now, everybody else will be doing it, and the U.S. government will be constrained.

REHM

10:30:19
As the former general counsel at the NSA, how much do you care about your private information being kept private?

BAKER

10:30:32
I would love to keep it private. I think the idea that I can do that is vanishing slowly but surely. And, you know, frankly, if I could just keep it out of the hands of the Chinese government, I would be happy, and I'm not trying to do that.

REHM

10:30:46
How can you? How can you? And, Marc Rotenberg, how are you feeling about it these days?

ROTENBERG

10:30:52
Well, this is how privacy law comes about. I mean, I disagree with most people who say that because of technology, we have to give up privacy. The development of privacy law in the United States and other countries around the world proves almost the opposite point. When the telephone became wildly available and people said, this is a useful technology, and now we need some laws to ensure that communications are protected, countries put in place privacy laws.

ROTENBERG

10:31:17
Same thing for computers. Same thing for emails. It's a challenge because the technology creates the opportunity for surveillance, but the law needs to respond, and it needs to carve out those circumstances where investigations are appropriate and make clear where prohibitions are necessary.

REHM

10:31:33
But all this information is shared by companies themselves, isn't it, Siobhan? If I order something online, that information gets shared all over the place.

GORMAN

10:31:47
Yeah. I mean, it's interesting because obviously we've been providing more and more information to businesses over time. I mean, Amazon has quite a listing of the things that I've bought.

REHM

10:31:56
Exactly.

GORMAN

10:31:57
And so, you know, that's -- again, it's privacy law not quite catching up with where the technology is. You know, do we have a reasonable expectation that if I'm buying diapers online, the world's not gonna know whether or not I have a child? And so, you know, there are questions here that I think we just -- it hasn't reached crescendo, perhaps, until now, and we may well see a revisiting of some of these privacy laws just because I think that there is an increasing public awareness that we are giving more and more data away that, when pulled all together, can create quite a picture of what we're up to.

ROTENBERG

10:32:34
But let's be clear on this very important point. I don't think any Verizon telephone customer reasonably expected that the details of their telephone calls, unrelated to any investigation or any foreign intelligence collection, would be routinely made available to the National Security Agency. So there's...

BAKER

10:32:51
Well, you're using made available in a very special way. That is to say, in a computer database...

ROTENBERG

10:32:53
I'd use a stronger term. Verizon was compelled to turn over the information. That's what the court authorization does. It forces the company to make customer records available.

BAKER

10:33:02
But you know as well as I do the minimization rules that restrict the ability to search that data.

REHM

10:33:07
All right. And you're listening to "The Diane Rehm Show." I'm going to open the phones now. We'll go first to Homestead, Fla. Good morning, Stuart. You're on the air.

STUART

10:33:22
Good morning. Great show. I think it goes beyond privacy. I think it goes beyond -- it deals with the Constitution. Aren't we all presumed innocent until proven guilty? They are now presuming all of us guilty by casting this wide net. And my belief is there are either two reasons: Either we have a shadow government that is the most paranoid entity the world has ever seen, or we are under dire, imminent attack.

GORMAN

10:33:53
Well, I think he's raising an issue we were talking about a little bit earlier, and I think that this is why it's valuable to have a public discussion about these things and I think why we saw senators talking about the U.S. government practicing secret law, that if the presumption of reasonable -- or the requirement to show reasonable suspicion is now applied after the government collects data. That's an important discussion to have, and I think we're now having it.

REHM

10:34:18
Stewart.

BAKER

10:34:18
Let me give just one example. The Tsarnaev brothers, they were not suspects prior to the Boston bombing. If we wanted to find out who they were talking to a month ago, two months ago, the only way we're gonna be able to do that is if we have the data and it's readily searchable.

REHM

10:34:36
But then the question is why didn't we?

BAKER

10:34:39
Well, because they weren't suspects, and because we did not have a basis for searching that database.

ROTENBERG

10:34:46
Although apparently we were notified twice by the Russian government that we should investigate them. So we'll put that aside for the moment. I think your caller actually raised a very important point. Sometimes when you talk about these privacy issues, we focus a little too narrowly about who has access to personal information, but there are typically other interests involved. And the key interest here, of course, is the transparency of government...

REHM

10:35:08
Exactly.

ROTENBERG

10:35:08
...and the independence of the judicial authorities. And our view is that this surveillance program has also imposed an enormous cost in terms of government secrecy that also needs to be considered.

REHM

10:35:21
It also raises, I think, a great deal of paranoia on the part of some people who may believe -- who argue that the government is too big. It has too much power. Rush Limbaugh even used the word government coup taking place, Siobhan.

GORMAN

10:35:42
Well, it's interesting that we're now seeing sort of the right and the left ends of the spectrum coming together on this issue. I mean, you're seeing Rand Paul make the same kinds of arguments that Marc would make, and I don't know that they're always on the same page when it comes to political issues. But I think that -- especially when it comes to civil liberties -- you are starting to see the political beliefs come full circle here.

ROTENBERG

10:36:08
One other point -- and, of course, I think privacy is one of the issues that tends to unite Americans. It's something we all feel strongly about. Now, this problem of secrecy is a serious one, and the U.S. Supreme Court this year heard an important challenge to the FISA Amendments Act, the Clapper case. We wrote a brief for the court.

ROTENBERG

10:36:26
One of the points we made is that the government's secrecy regarding the program does, in fact, contribute to people's reasonable belief that they may be subject to unlawful surveillance, because without the oversight and accountability, we simply don't know how the authorities are used.

REHM

10:36:42
But, Stewart, the argument that the president made, the argument that those in the security industry are making is if you wanna stay safe, you may lose part of your security.

BAKER

10:36:59
I think there's no doubt that that's a significant risk. The last time we saw this sort of left-right coalition over privacy was toward the -- in the second term of Bill Clinton. Not -- it's not a coincidence. And the fever of attacks on government efforts to investigate terrorism helped to set the stage for 9/11 in very significant ways, including the FISA court's excesses.

REHM

10:37:26
Stewart Baker, former general counsel at the National Security Agency. Short break here. When we come back, more of your calls, your email. I look forward to speaking with you.

REHM

10:40:06
And we're back, talking about privacy and security. And I must mention that Booz Allen is one of the corporate sponsors of WAMU FM, and I did want to be transparent about that. Here's a tweet, "Are the records gathered by the NSA subject to Freedom of Information Act request? Could we all file FOIA request for our records?" Marc.

ROTENBERG

10:40:45
Well, having tried to sue the NSA several times on privacy issues, the right exists. But these are difficult cases to pursue, in part, because the National Security Agency has a very broad exemption for its activities. And it can even, in some circumstances, deny the existence of records that it has in its possession. We ran into that in one case. But I do think the person who sent you this note is onto a key issue, which is that, by tradition, in U.S. law and the Privacy Act, we are supposed to know what information the government is keeping about us.

ROTENBERG

10:41:21
That was the post-Watergate response to the concern of government spying on its citizens, that we would have the ability to know what is known about us by the government.

REHM

10:41:30
All right. Let's go to Virginia Beach. Good morning, David. You're on the air.

DAVID

10:41:36
Good morning, Diane. Great show. Wonderful topic. I'm an attorney who practices in the security clearance world. So both as an attorney and with regard to Mr. Snowden's release, I have two comments both related to the comment of one of your speakers who said that there is very little difference between the government's ability to get your records under this blanket order from the FISA court and the distinction between that and the ability to mine the data.

DAVID

10:42:02
First off, for a typical court, you have to -- the government has to prove that they have probable cause before the access to information is granted. Whereas here, they're simply asking for the information and then once they have the information, of course, once they actually can mine the data, they'll find what they're looking for.

DAVID

10:42:21
And for those who say, well, why didn't we know this about the Boston bombers, the fact that the technology that the government has not yet provided the capacity to adequately and efficiently mine that data does not mean that it won't exist at some point in the future.

DAVID

10:42:35
So I'm extremely troubled that the government can simply get any data they want and then look to see if there's something, as opposed to the requirement that we've always relied upon that the government prove first that they have probable cause...

REHM

10:42:48
Stewart Baker.

BAKER

10:42:50
You know, David, I think there is a misunderstanding here, and I understand how that would happen because of the way the stories broke. But the fact is that the government is collecting this information, but it is still subject to a host of minimization rules that mean that it has to establish the relevance of each inquiry into the data. And so in a sense, the government is collecting it first but being overseen in its searches of the data as opposed to having the oversight come before it can collect the data.

BAKER

10:43:24
But that's a very basic, you know, there's a long tradition of putting restrictions on the collection. But as a practical matter, the question whether you impose those restrictions before the collection or before the search may make less difference than you think.

REHM

10:43:39
Stewart, do you believe we are safer because the government is doing this kind of data collection?

BAKER

10:43:48
I have no doubt.

REHM

10:43:50
You have no doubt?

BAKER

10:43:51
Yes.

REHM

10:43:52
Siobhan.

GORMAN

10:43:53
Well, I think that the remains to be seen because what we can't know is, if they had collected the information another way, could they have basically gotten the same result? And this is the problem that we run into with a lot of the controversial counterterrorism programs. One thing I did want to hit on, though, it's a good point that the caller made, which is that the analytical capabilities of the U.S. government and everybody are developing very rapidly.

GORMAN

10:44:16
And so the notion that we can't necessarily make all the use of the data now, so maybe we don't need to be so worried, is a tough one to sort of see through down the line just because we've seen the analytical capabilities, particularly of NSA, improve over the years. And -- I mean, my understanding is, they still have much more data that they can every truly manage. But you don't know what sorts of technological evolutions are gonna take place down the line.

ROTENBERG

10:44:42
Well this last point is critical, actually, because it's those analytical capabilities that are eroding the minimization requirement in law. And so to say, for example, the government will collect the data but will then be very good about using the data only in certain ways, I think completely misses the evolution of the techniques that the government is using.

REHM

10:45:02
And here's an email on that point from Marylyn in St. Augustine. She says, "Remember how outraged we were when the government wanted to know what books we were checking at the library? We have come a long way in just a few years. It's beyond scary to me." Stewart Baker.

BAKER

10:45:26
Yeah. Actually, I'm not sure the government was ever all that interested in getting access to the books we were checking out. That was...

REHM

10:45:33
Somebody was.

BAKER

10:45:34
Yeah. That was mostly a story in which the librarian said, we wanna be sure the government can't get access to that data as opposed to a host of such requests.

REHM

10:45:43
All right. Let's go now to Scranton, Pa. Good morning, Michael.

MICHAEL

10:45:49
Yes. Hi. I was just wondering. There are a very strict HIPAA laws regarding medical information and restricting the access to medical information. How do you feel in light of this trusting the government with your medical information?

REHM

10:46:03
What do you think about that, Siobhan?

GORMAN

10:46:05
Well, I have had people raise that issue with me, speaking with former NSA officials. They are concerned that it may be possible for NSA in certain inquiries to get access to medical records and that it will become increasingly the case. I mean, my understanding is that NSA has also been tapping so-called data brokers that have a whole host of information, and I don't have the details on the circumstances governing that. But those types of repositories of information, over time, could become, you know, quite informative when it comes to what's going in our personal lives.

REHM

10:46:42
Marc Rotenberg, you would acknowledge, I think, that we live in a more dangerous world today than perhaps 20 years ago?

ROTENBERG

10:46:54
Well, I don't know, Diane. I've actually thought about this issue quite a bit. I thought about the period in time when the Foreign Intelligence Surveillance Act was enacted. You know, it was the mid-1970s. We were looking at the Soviet Union, a great superpower with nuclear capabilities. Are we really more at risk today than we were in the mid-1970s? I'm, you know, I'm sure Stewart could help make that case. But nonetheless, in the 1970s, Congress said we need to establish some meaningful oversight even in national security matters.

ROTENBERG

10:47:24
And I think it's important to keep that a bit of history in mind because we've now entered the current era where we don't face these great superpowers as adversaries, and yet we have significantly diminished those safeguards that were put in place in the 1970s.

REHM

10:47:39
But we do face the existence of this overwhelming web of messaging, of Internet use, and that does create a huge difference from, say, 20, 30 years ago.

ROTENBERG

10:47:57
Right. But this actually comes back to my original point, which is a concern, and that is that our surveillance activities are being driven today by our surveillance capabilities as opposed to the identification and pursuit of threats. And I think that particular paradigm will not end well. I don't think we should be allowing our laws to bend so that the NSA has greater abilities to capture data on U.S. citizens.

REHM

10:48:22
Siobhan.

GORMAN

10:48:23
Well, I'm also interested to see how much discussion and -- because I'm not a technical person. But my sense is that there's also a lot of technology out there to promote privacy. I mean, there are anonymization on capabilities and things like that. I'm sort of wondering whether or not we will see maybe more of a push for development of those types of capabilities, and the kinds of things that would drive that development would be changes in law or at least changes in sort of parameter and understanding of privacy rights.

REHM

10:48:51
So how are we going to find this balance between safety and privacy?

BAKER

10:49:00
So I -- it seems to me that we -- the government has tried just about everything that can be done consistent with maintaining the confidentiality of our capabilities. All three branches of government were briefed on this, presidents from both parties, congressional delegations from both parties, a dozen members of the judiciary allowed these things to go forward. If that's not sufficient, then I don't think it's possible to do intelligence gathering with the kind of constraints that people may want effectively. I think we really are at the moment of great choice.

REHM

10:49:43
So Sen. Feinstein, for example, has said that the Congress was fully informed. But you've got Congressman Udall and others hinting otherwise.

ROTENBERG

10:49:58
Well, Sen. Feinstein, of course, chairs the Senate Foreign Intelligence Committee. She's intimately familiar with the program and certainly, you know, is defending it. But I think many members of Congress are very surprised. I think, again, coming back to the Verizon order where it's pure domestic communications that that court authorized access to is just -- it's almost breathtaking.

ROTENBERG

10:50:21
And I would disagree with Stewart when he talks about imposing constraints. I don't know if there's so much talk about imposing constraints. I think what we're talking about is imposing accountability. And it isn't just the three branches of government. You actually need public reporting. This is in our federal wiretap laws. You need the public and journalists and others to be able to see how many of these orders are being issued, how effective this program is. I think the one thing we've learned over the years about these secret surveillance programs is that secrecy is the wrong approach.

REHM

10:50:49
All right. To San Antonio, Texas. Blake, you're on air.

BLAKE

10:50:55
Hi. I just wanted to comment on, you know, the dichotomy, I guess, of trying to not attack the bad guys on their own turf. I mean, they're using computers and cellphones and all that sort of thing, and if we're gonna foil or catch them, we're gonna have to use comparable technology.

REHM

10:51:14
Siobhan.

GORMAN

10:51:15
Well, yeah. I mean, that certainly is the case, and that's what NSA is doing. However, the question that you're raising is, well, what is on their own turf? And when you're talking about the Internet, turf is a lot less clear, and I think that's the challenge that NSA has been running into, that these things don't neatly fit into geography anymore.

REHM

10:51:33
Stewart.

BAKER

10:51:34
So it does seem to me, though, this comes to the question of whether we face greater risk now. There is no doubt that the development of this technology has empowered individuals and small groups to have a kind of security of communication, ability to coordinate across the globe that didn't exist before in the hands of a small group. And, you know, in 1974, we would not have seen a few people in Afghanistan able to kill 3,000 Americans. It's just a development of the technology that has empowered a lot of people. And if we don't take advantage of it, their empowerment will hurt us.

REHM

10:52:08
All right. To Gwendolyn in Fresno, Calif. Good morning.

GWENDOLYN

10:52:14
Hi, Diane.

REHM

10:52:15
Hi. Go right ahead, please.

GWENDOLYN

10:52:17
I'm sorry. As I understand it, our Constitution protect us from illegal searches and seizures. However, it almost seems that we have stopped addressing the potential illegality of the seizure in lieu of this future oversight of the search.

REHM

10:52:37
Marc.

ROTENBERG

10:52:38
Well, this is very important question. And it's the point that we raised last week in objecting to the Verizon where -- which has there is a Fourth Amendment prohibition as to the seizure of personal information in addition to the search. And so the question becomes, you know, how can the government compel a private company, which is what a court order does, to turn over information about all of its customer's detailed information, by the way, without meeting some Fourth Amendment standard?

BAKER

10:53:07
Well, the Fourth Amendment standard is unreasonableness, and the question is what's reasonable.

REHM

10:53:11
And you're...

ROTENBERG

10:53:11
This was not.

REHM

10:53:12
And you're listening to "The Diane Rehm Show." Is that what it comes down to reasonable versus unreasonable, Siobhan?

GORMAN

10:53:23
Well, certainly, I mean, that's the standard in the Fourth Amendment. But I think that what we are now seeing with the development of technology is a new sense of what's reasonable because, yes, phone call records, what you get on your phone bill, maybe you don't -- you may or may not feel like that's private information. Your location on a moment-to-moment basis you may feel is private information.

GORMAN

10:53:44
However, you know, former government officials have pointed out to me that the FBI is actually empowered to follow you around on the street if it so chooses, and it doesn't need a warrant to do that. So the question is, if you can do that en masse electronically, is it substantially different, and is it unreasonable?

REHM

10:54:02
And here is another tweet, "The EU is light-years ahead of the U.S. in terms of privacy protection." Your thoughts, Marc.

ROTENBERG

10:54:14
This is a very interesting aspect of the story that I think most of your listeners are probably not aware of. But the Europeans, for the last several years, have been making steps to update their privacy laws. And it was appropriate and sensible that they would do this. They were also being told on the U.S. side that they were taking privacy too seriously and that they shouldn't worry so much.

ROTENBERG

10:54:35
And that self-regulation and, you know, the other U.S. approaches were sufficient. And there were some effort actually to try to reach an accommodation between Europe and the U.S. I think now, based on the news of the past week, the response in Europe is likely to be, you know, we had this right. We need new privacy safeguards. And I think that's where the movement will be.

BAKER

10:54:56
If I could, I negotiated with them on some of those things. And it is my observation they are not light-years ahead of the United States on restrictions on the government. If this kind of program were operating as it probably is in many European countries, the government would simply say to the providers, why don't you volunteer us that information? Just give it to us. And that would be lawful everywhere in many places in Europe. It's not lawful here. We are way ahead of them in posing restrictions.

ROTENBERG

10:55:22
That's actually not correct, Stewart, 'cause if you look at the recent opinions of the European Court of Human Rights, the Article 8 authority has been expanded significantly with respect to those disclosures from private companies to police agencies. There's been a significant pushback within the European courts against the type of practices you're describing.

BAKER

10:55:40
But the practice doesn't get reviewed.

ROTENBERG

10:55:40
And I think in the U.S. interestingly, if the Clapper case had been decided later in this time, you might have also seen the U.S. court reach a decision similar to what the European courts have.

REHM

10:55:50
So where do you think we're headed, Stewart?

BAKER

10:55:55
We're gonna have a debate about this for sure. I do not think there's a solution here that involves making public our classified intelligence gathering programs. And, therefore, there are relatively few easy answers in this area. And it really will boil down to a question of, are we willing to take action that will harm our ability to respond to threats or -- in the name of privacy? Some people will obviously feel that that's necessary, but I don't.

REHM

10:56:29
Stewart -- go ahead, Marc.

ROTENBERG

10:56:31
I think Congress needs to look much more closely at the operation of the Foreign Intelligence Surveillance Court. Right now, the oversight system has simply broken down, and I think people in Washington are aware of that. And it means there is going to be a need to reestablish those structures that I'm sure the government pursues lawful investigation.

REHM

10:56:50
Siobhan.

GORMAN

10:56:50
I also think that we're gonna see a discussion about the role of the Foreign Intelligence Surveillance Court. And there may be a press against the government to actually show a little bit more information about what it is that this court does because there's gonna have to be a decision as to whether we can outsource accountability to this court.

REHM

10:57:08
Siobhan Gorman of The Wall Street Journal, Marc Rotenberg of the Electronic Privacy Information Center, Stewart Baker, he is the former general counsel at the National Security Agency. Thank you all so much.

GORMAN

10:57:28
Thank you.

ROTENBERG

10:57:28
Thank you.

BAKER

10:57:28
Thanks.

REHM

10:57:29
And thanks for listening. I'm Diane Rehm.
Transcripts of WAMU programs are available for personal use. Transcripts are provided "As Is" without warranties of any kind, either express or implied. WAMU does not warrant that the transcript is error-free. For all WAMU programs, the broadcast audio should be considered the authoritative version. Transcripts are owned by WAMU 88.5 FM American University Radio and are protected by laws in both the United States and international law. You may not sell or modify transcripts or reproduce, display, distribute, or otherwise use the transcript, in whole or in part, in any way for any public or commercial purpose without the express written permission of WAMU. All requests for uses beyond personal and noncommercial use should be referred to (202) 885-1200.

Our address has changed!

The Diane Rehm Show is produced by member-supported WAMU 88.5 in Washington DC.