Monday, June 10, 2013

Reflecting on PRISM: The Institutional Failures that Led to Surveillance Culture

Guest Blogger

Anjali Dalal

We live in a culture of secret surveillance, a topic I have written about recently, here. PRISM and the Verizon order are instances of how such a culture can manifest. And though they are the focal point of current public outrage, they are merely symptoms - the visible manifestations of a more serious ailment: institutional failures that allow the development of secret surveillance.

There are two components of secret surveillance – the act of surveillance and the secrecy under which it takes place. Importantly, neither component is necessarily problematic. Surveillance and secrecy are in fact both necessary for effective law enforcement and national security. Law enforcement agencies surely do not have to publish the names of people they are investigating and wire-tapping (with warrants!) has led to numerous convictions. The problem arises in the secrecy of the process by which we arrive at PRISM and the Verizon order. Secrecy of process threatens both the deliberative process and public accountability. There are two important measures that have contributed to this secrecy of process. I’ll take each in turn.

No Congressionally Authorized Domestic Intelligence Agency

First, formally speaking, the United States has not authorized a domestic intelligence agency. In the U.S., the main institutional intelligence players are the FBI and the CIA, both of which have Congressional statutes that authorize their existence. The FBI’s authority emerges from 28 USC 533 which states that the Attorney General is authorized to appoint officials "to detect and prosecute crimes against the United States." The CIA’s authority emerges from a post-World War II statute, the National Security Act of 1947, which authorized the first peacetime intelligence gathering organization the country had (officially) ever seen. Whereas the FBI is responsible for federal law enforcement, the CIA is responsible for foreign intelligence gathering and is explicitly prohibited from engaging in domestic activities.

Comparatively, the UK has both an FBI corollary (the Metropolitan Police) and a CIA corollary (MI6), and it also has a specifically designated domestic intelligence gathering outfit – MI5. The United States made an active decision not to create a domestic intelligence gathering organization. This comes from the historical instinct of our founders to move away from "general warrants" and to instead require "particularized suspicion" before conducting searches or seizures, a point which has been revisited and reinforced over the course of history. Moreover, our history of domestic surveillance has also been relatively bad. Consider the following domestic surveillance initiatives: the Palmer Raids, COINTELPRO, Watergate, and the army surveillance of Americans that motivated Laird v. Tatum – each of these initiatives is characterized by governmental abuse, has created discord and mistrust between the government and the public, and has delegitimized government institutions in a way that has had repercussions for years to come.

Though we have no formal domestic intelligence program, the PRISM disclosure and the Verizon order make very clear what some have long suspected: we have a very robust informal domestic intelligence program and it looks like its managed, at least in part, by the National Security Agency (NSA). Congress has never formally authorized the NSA. Despite this, the agency has received annual funding almost yearly since 1978 under the annual intelligence authorization acts.

This is problematic because traditionally there are two steps required for Congress to legitimize an intelligence gathering agency within the Executive Branch: first, it must authorize the creation of the entity (as it did with the CIA and the FBI); and second, it must appropriate money in the annual budget to support the entity. This recognizes Congress’s authority to control Executive Power in the first instance and also for years in the future. In this way, Congress is an on-going check and balance on the administrative powers of the Executive branch. It conducts oversight through its ability to establish a source of executive power and also through its annual authority to fund or defund existing institutions.

There are important reasons why Congress has to both authorize and appropriate. They involve two wholly different conversations. The first is a conversation about whether or not to do something; the second is a conversation about how to do something that one has already decided to do. Whereas the first involves a public debate on the role of domestic surveillance in the pursuit of national security, the latter is merely an implementing debate with the assumption being that we have collectively agreed to authorize domestic surveillance. By bypassing the authorization debate and moving directly to the appropriation debate, Congress operates from a place that implicitly accepts domestic surveillance as an appropriate function of government.

Practically speaking, there are separate and distinct limitations of budgetary oversight. Budget bills are thousands of pages long, filled with detailed line items and complex analysis. The Congressional oversight given to individual intelligence programs within such a massive document is going to be comparatively less than it would be with a proposed statute authorizing an American MI5.

Another such practical limitation occurs when Congress finds itself in a budget crisis. Between 2005 and 2010, no intelligence authorizations were passed by Congress. As one Congressional Research Service report indicates, "[a]lthough the National Security Act requires intelligence activities to be specifically authorized, this requirement had been satisfied…by one-sentence catchall provisions in defense appropriations acts authorizing intelligence activities." This work-around further weakened Congressional oversight over intelligence activities in between 2005 and 2010, a critical time in the development of PRISM, which began in 2007.

NSA Was Created by a Defense Department Directive

Second, the NSA was formally created by directive of the Secretary of Defense, acting under specific instructions from the President in 1952. Since then, the NSA operates under guidance provided by Executive Order 12,333, issued under President Reagan and subsequently amended through Executive Orders 13,284, 13,355 and 13,470, all issued under President George W. Bush. Under E.O. 12,333, the role of the NSA is to "collect (including through clandestine means), process, analyze, produce, and disseminate signals intelligence information and data for foreign intelligence and counterintelligence purposes to support national and departmental mission."

This background illustrates two problematic aspects of the NSA’s creation – a) it was a national security measure created by the Executive Branch, sitting within the Executive Branch and b) the NSA is situated within the Defense Department and yet is authorized to monitor domestic conversation.

By creating and regulating the NSA largely through Executive Orders, the Executive Branch maintains significant control over operations and does so without the inter-branch or public deliberation necessary for an institution whose mere existence infringes on our most basic speech and privacy rights. Of course some of these infringing activities may be well within the bounds of the Constitution, but this discussion must be had publicly and transparently.

Furthermore, given the strength of the national security mandate and the blowback the Executive Branch faces when there is a terrorist attack, on a small or large scale, the Executive Branch has every incentive to pursue an aggressive surveillance agenda. By allowing the Executive Branch to create and provide guidance for our intelligence operations, it is unsurprising that the programs created and methods adopted are aggressive and pushing the boundaries of constitutionality.

Finally, placing the NSA within the Department of Defense further obscures it role in the lives of Americans. The Department of Defense is responsible for our military. It’s the agency that controls the brave women and men who fight our wars and defend the country against attack. However, the military is not authorized to conduct surveillance on Americans.

Nearly fifty years ago, the country convulsed upon learning about massive government-led domestic spying scandal that included Watergate, the Keith case, and Laird v. Tatum. Laird emerged from an article published in the January 1970 issue of The Washington Monthly, titled "CONUS Intelligence: The Army Watches Civilian Politics," by Christopher H. Pyle, a lawyer and former captain in Military Intelligence. Pyle stated that "[tlhe U.S. Army has been closely watching civilian political activity within the United States. Nearly 1,000 plainclothes investigators . . . keep track of political protests of all kinds-from Klan rallies in North Carolina to antiwar speeches at Harvard."

The outrage following the story was immediate and now, seemingly familiar. And though the fact the Army was spying on Americans was the cause of the outrage, the first order problem was that an institution that had no business spying on Americans was secretly authorized to spy on Americans.

As information continues to come out about PRISM and the Verizon order, shutting down problematic practices will become a priority, but correcting the institutional failures that have led to this situation will need to become a priority as well.

Anjali Dalal is a Resident Fellow at the Information Society Project at Yale Law School. You can reach her by e-mail at anjali.dalal at