INTL613Wk3

Full Terms & Conditions of access and use can be found at https://www.tandfonline.com/action/journalInformation?journalCode=fint20

Intelligence and National Security

ISSN: 0268-4527 (Print) 1743-9019 (Online) Journal homepage: https://www.tandfonline.com/loi/fint20

A review of security and privacy concerns in digital intelligence collection

Aaron Pulver & Richard M. Medina

To cite this article: Aaron Pulver & Richard M. Medina (2018) A review of security and privacy concerns in digital intelligence collection, Intelligence and National Security, 33:2, 241-256, DOI: 10.1080/02684527.2017.1342929

To link to this article: https://doi.org/10.1080/02684527.2017.1342929

Published online: 22 Jun 2017.

Submit your article to this journal

Article views: 3698

View related articles

View Crossmark data

IntellIgence and natIonal SecurIty, 2018 Vol. 33, no. 2, 241–256 https://doi.org/10.1080/02684527.2017.1342929

ARTICLE

A review of security and privacy concerns in digital intelligence collection

Aaron Pulver and Richard M. Medina

ABSTRACT In recent years, government leaks have brought many alleged potential privacy violating intelligence collection programs to the public arena. Intelligence collection can affect the privacy rights of citizens from any country. While the concept of privacy is a complicated one, United States citizen privacy is protected by various policies and laws. This paper reviews these alleged intelligence collection programs, as well as specific laws set in place to protect privacy. Also presented are discussions on public opinion and whether or not digital intelligence collection are providing a safer environment for Americans.

There has always been a delicate balance between security and privacy with respect to intelligence collection. Many governments are in a sensitive situation where they must do enough to protect the public, while not infringing on citizen privacies. As nations continue to globalize and security threats from domestic and foreign sources increase, it is important to gather foreign and domestic intelligence.

Advancements in technology have given rise to the internet, cell phones, drones, and real-time satellite and aerial imagery feeds. The more people become dependent on technologies that enable spatial and temporal data access and collection, the more useful the exploitation of these technologies becomes to intelligence agencies. Many technologies today have location, time, and other metadata associated with them and this information can be exploited with hopes of stopping or decreasing illegal activities. It may be essential to use these sources of information to provide national security. For some, ‘the question is not whether we will have a surveillance state in the years to come, but what sort of surveillance state we will have’.1

The techniques used to collect intelligence are very powerful, and often undisclosed to the public. Though this paper focuses on US policies, the effects of intelligence collection are globally distributed. Technologies and motivations do not halt at the US borders. Because of this, overreach by governments, whether within or outside national boundaries, is a concern for all global citizens.

It is, therefore, reasonable to question the motivations and methods of intelligence collection. This review investigates three main areas. First, it examines 10 alleged controversial intelligence programs in an attempt to understand modern techniques used to collect intelligence. Second, the US Constitution, laws, and court cases relevant to national security and privacy are discussed, as well as how these policies have evolved over time. This is followed by a discussion on US public opinion of security and privacy. Finally, a discussion on potential overreaching of digital intelligence collection programs is provided.

© 2017 Informa uK limited, trading as taylor & Francis group

CONTACT richard M. Medina [email protected]

242 A. PULVER AND R. M. MEDINA

Recent alleged intelligence programs

We now investigate recent reports of leaked information on several alleged intelligence collection programs. Many of these pertain to documents stolen and released by former National Security Agency subcontractor, Edward Snowden.

Decryption

In September 2013, The Guardian, New York Times, and ProPublica, simultaneously released details about how US and British intelligence agencies have decrypted many forms of online encryption.2 It was reported that ‘large amounts’ of encrypted data were decrypted and monitored. One of the key components of success for the National Security Agency (NSA) and the United Kingdom’s Government Communications Headquarters (GCHQ) has been collaborations with technology companies to insert commercial encryption system backdoors. These vulnerabilities are reportedly known only by the NSA and GCHQ. According to the media sources, leaked classified documents state that ‘… to the consumer and other adversaries … the systems’ security remains intact’.3

This is not the first time that the NSA has collaborated with technology companies to increase intelligence collection. Microsoft worked with the NSA to evade Outlook.com chat and email service securities, though Microsoft claimed that they were forced to comply with ‘existing or future lawful demands’.4 The NSA program, known as Bullrun encapsulates the agency’s abilities to crack HTTPS, SSL, and many other common encryption techniques used to protect information from passwords, to bank statements, to Facebook messages.

GCHQ is invested in decryption efforts as well. Tempora is a GCHQ program that taps into transat- lantic fibre cables of major telecommunications corporations. By decrypting internet traffic, GCHQ was able to monitor the internet activities of three major internet companies.5 However, as more people implement encryption methods, the effectiveness of the Tempora program decreases.

Although, intelligence collection is very important for national security, it may lead to economic decline as American companies lose business. Christopher Soghoia, a senior policy analyst for the American Civil Liberties Union (ACLU) states that, ‘Backdoors are fundamentally in conflict with good security’.6 Backdoors expose all users and systems, not just targeted computers.

An example of trust issues between entities with regard to hardware and firmware is given by an open source operating system, FreeBSD. Three months after The Guardian published information about the NSA infiltrating US companies to weaken encryption and insert backdoors, FreeBSD announced that they would continue to not use the built-in hardware number generators in chips manufactured by Intel and via Technologies as the sole source of random numbers for encryption. FreeBSD stated that ‘It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more’.7

Firmware modification

Another example of intelligence agencies exploiting consumer hardware and software is found in a report issued by Kaspersky Lab, which illustrates the ability to modify the firmware of over a dozen dif- ferent manufactures, including but not limited to Western Digital Corp., Seagate Technology Plc., Toshiba Corp., IBM, Micron Technology Inc., and Samsung Electronics Co Ltd. Lead researcher at Kaspersky Lab, Costin Raiu, stated ‘The hardware will be able to infect the computer over and over’.8

Firmware modification allows foreign agents to remotely control infected computers. Kaspersky reports that infected personal computers were found in 30 countries and the targets include gov- ernment and military institutions, telecommunication companies, energy companies, banks, and Islamic activists. Researchers also stated that this firmware modification is closely related to Stuxnet, a computer worm used to attack uranium enrichment plants in Iran in 2010. The NSA made no public

INTELLIGENCE AND NATIONAL SECURITY 243

statement regarding this firmware modification, though an anonymous former NSA employee con- firmed Kaspersky’s analysis.9

According to Raiu, ‘There is zero chance that someone could rewrite the [hard drive] operating systems using public information’.10 This implies the NSA required the source code from at least 12 different companies. Former NSA employees have stated that there are many ways to obtain source code including directly asking for it, using inside developers, and keeping source code that has been recorded for use in sensitive areas of the government.

Cisco networking gear interception

In May 2014, Glenn Greenwald, the reporter who broke the story about Edward Snowden, alleged that since at least 2010 the NSA has routinely received or intercepted routers, servers, and other networking equipment being exported from the US to foreign customers.11 This information comes from a June 2010 report from the NSA’s Access and Target Development Department. The agency, allegedly, obtains the package, implants their backdoor tools, then repackages the devices with a factory seal and forwards them to the customer. The infected devices eventually connect back to the NSA. For years, United States officials have warned US businesses to avoid Chinese manufacturers such as ZTE and Huawei for fear of their devices being compromised.12 It is possible that the US has been doing the same thing.

Cisco has since responded by both writing letters to President Barack Obama and by changing their delivery practices. At a Cisco Live press panel, their security chief, John Stewart said ‘We ship [boxes] to an address that’s has nothing to do with the customer, and then you have no idea who ultimately it is going to’.13 Cisco has attempted to find possible tampering within its hardware and software and has yet to find anything.

Stingray

Intelligence collection is not limited to servers, networking equipment, and desktop computers. Several reports have been released on a technology used by police forces and the FBI known as Stingray. Stingray is an advanced surveillance product known as an International Mobile Subscriber Identity (IMSI)-catcher or cell-site simulator.14 The device mimics cell phone towers and forces nearby phones to connect through Stingray. The device records all of the Electronic Serial Numbers (ESN), IMSI, or other identifying data to attempt to find a specific phone, which can then be located and tracked.15 Once, the specified phone is identified, the Stingray device forces the phone to transmit at full power. It can then be quickly located.16 There are few details on how the device works due to Non-Disclosure Agreements between police departments, FBI, and Harris Corporation, the company that developed the technology.

The ACLU has found that at least 48 agencies in 20 states use this device. The Baltimore Police depart- ment revealed that they have used Stingray technology over 4000 times since 2007. The Guardian reports that federal authorities bind local law enforcement from revealing any information, to the extent that the FBI should support the dismissal of criminal cases if the technical specifications of Stingray devices might be revealed. Law enforcement officials must also report to the FBI any freedom of information requests ‘in order to allow sufficient time for FBI to seek to prevent disclosure through appropriate channels’.17

In most cases, law enforcement only needs to obtain a ‘pen register’ from a court to use Stingray. A pen register is a device that records all numbers called from a target telephone line. The pen register does not require probable cause and may be inadequate to cover technology with such sweeping abilities as Stingray. When judges request more information about the device, the prosecutors often retract to avoid giving details about Stingray. This results in defendants being released or accepting plea bargains.18

XKeyscore

Another alleged NSA program to raise privacy concerns is XKeyscore. This program claims to be the ‘widest reaching’ system.19 A presentation leaked by Snowden claims that XKeyscore covers ‘nearly

244 A. PULVER AND R. M. MEDINA

everything a typical user does on the internet’.20 Analysts can use this system to perform real-time interception of a person’s internet activity. Though FISA requires the NSA to obtain permission to target a US person, permission is not needed to intercept and record communication between US citizens and foreign targets. XKeyscore allows analysts to search millions of emails based on an email address. Analysts can initialize surveillance on anyone if a foreign contact is made. Data from Facebook, http requests, Gmail, and other online activities can be recorded. The NSA claims that due to such large vol- umes of data, content is stored for only three to five days while meta-data is stored for 30 days. However, analysts may store data is other databases to mitigate this problem. After attracting negative attention from the public and some high-ranking officials in Washington DC, the NSA issued this statement:

Allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKeyscore, as well as all of NSA’s analytic tools, is limited to only those personnel who require access for their assigned tasks … In addition, there are multiple technical, manual and supervisory checks and balances within the system to prevent deliberate misuse from occurring.21

MUSCULAR

Another instance of the NSA using its technical prowess is the MUSCULAR program. The joint program between GCHQ and NSA allows the intelligence agencies to connect to Yahoo and Google data centers. A slide in documents leaked by Edward Snowden shows how the NSA is able to connect where the public internet meets the Google Cloud backend.22 Although, Congress has removed some restrictions on domestic surveillance, because some foreign communications occur on US fiber, switches, and other networking gear, they have not added any restrictions to collecting information outside of the US.

These revelations have lead Google to rush encryption on the links between its various data centers, both in the US and abroad. Eric Grosse, vice president for security engineering at Google states that ‘It’s an arms race … We see these government agencies as among the most skilled players in the game’.23 On the other hand, Yahoo, as of 2013, has not announced plans to encrypt intra-data center communication.

PRISM

One of the most interesting aspects of MUSCULAR is that the NSA may already have ‘front-door’ access through another program commonly referred to as PRISM. The program was publicized by The Guardian and the Washington Post on June 7, 2013.24 A set of classified slides on PRISM revealed that intelligence analysts can collect many forms of digital data including emails, search histories, and live chats. The slides show that many prominent US corporations such as Google, Microsoft, Yahoo, Facebook, and Apple may work with the NSA to permit easier access to user data. The program architecture allows the NSA to bypass the respective companies to retrieve data. The slides justify PRISM by stating,

It took a FISA court order to collect on foreigners overseas who were communicating with other foreigners overseas simply because the government was collecting off a wire in the United States. There were too many email accounts to be practical to seek FISAs for all.25

On 8 June 2013, a day after the first articles about PRISM were published, James Clapper, Director of National Intelligence, declassified information about the program to correct ‘significant misimpres- sions’.26 Clapper released a fact sheet, which states, ‘PRISM is not an undisclosed collection or data mining program’.27 He goes on to say that, the United States does not unilaterally collect information from the servers of US electronic communication service providers. All information using PRISM is obtained with Foreign Intelligence Surveillance Court (FISC) approval.28 He continues by stating that intelligence agencies cannot intentionally target any person known to be in the United States and reiterated that intelligence collection is subject to extensive oversight through all three branches of government. The Obama administration confirmed that the NSA does in fact work with many US companies to facilitate intelligence collection.29

A 2014 report by the Privacy and Civil Liberties Oversight Board added some key insights into PRISM. The board was asked to review section 702 of the FISA Amendments Act of 2008, which outlines the

INTELLIGENCE AND NATIONAL SECURITY 245

permissible ways in which persons outside the United States can be targeted for intelligence collec- tion and restrictions put in place on the targeting of US Citizens or persons within the US.30 According to the board, in PRISM collection the intelligence agency sends selectors such as an email address, IP address, or other unique identifier to a US-based electronic communication service provider. The service provider is then compelled to give the communications sent to or from the selector to the government. As of 2011, 91 percent of the Internet communication that the NSA acquired each year was obtained through PRISM. The FBI handles all PRISM requests on behalf of the NSA. The raw data from the electronic company can then be passed along to the FBI and/or CIA for intelligence analysis after verification that it is limited to the request sent by the government. Once the agency determines that it no longer needs information about the selector, they send a de-tasking request to the company to block further surveillance.31

TREASUREMAP

Another program developed by the NSA is TREASUREMAP. This project is designed to map the inter- net in near real-time with an interactive interface. The program is reportedly used to enable a range of missions including cyber situational awareness, common operation pictures, computer attack and exploit planning, network reconnaissance, and measures of effectiveness. By analyzing the logical and physical network layers and device interactions, the NSA is able to develop a ‘Cyber Persona Layer’ that consists of digital identities. These identities can then be linked to specific persons. The program uses open source, commercial, and academic data sources. Border Gateway Protocol (BGP) information, as well as traceroutes are used to map devices connections across the internet. Analysts may search by IP address, router, DNS, MAC address, country, and other network specific information.32

Upstream collection

Similar to PRISM, the upstream collection of telephone communication and internet transactions begins by choosing a selector (e.g., name, IP Address, phone number). Once it has been shown that the selec- tor is valid, the NSA compels the US service provider to assist in the acquisition of information. In the case of upstream telephone communication collection, the NSA collects information that is either to or from the selector. Internet transactions can also be acquired in similar fashion. A key distinction is that upstream internet transaction collection also captures transactions that are about the selector. For example, if someone mentions the selector in an email, that email transaction will be acquired. There are many procedures, such as strict IP filtering, which reduce the amount of information collected and attempt to reduce extraneous data collection.33

Telephone metadata

Another document revealed by Snowden shows that as of June 2013, the NSA has collected telephone metadata from Verizon customers based in the US.34 The document requires that Verizon on an ‘ongo- ing, daily basis’ give the NSA information about all telephone calls in its system. The FISC approved of the order on 25 April 2013 and gave the NSA three months to collect these data. It is important to note, that only metadata are collected. This includes, the time of the call, session identifying infor- mation, routing information, location information, and telephone calling card numbers. The phone call content is not collected, as opposed to the communications collection in the PRISM program.35 A Washington Post article reports that the NSA is gathering nearly 5 billion phone records per day on the location of cell phones throughout the world.36 The NSA states that the programs collecting and analyzing data are lawful and strictly used to collect intelligence on foreign targets. The NSA collects the data from 27 telephone links called OPC/DPC pairs, which are points where traffic is transferred from one provider’s network to another network. The NSA has named this collection and analytics program, CO-TRAVELER.

246 A. PULVER AND R. M. MEDINA

This was not the first time that the NSA has been accused of collecting phone call data. In 2006, USA Today reported that the NSA ‘has been secretly collecting the phone calls of tens of millions of Americans’ in order to detect terrorist activity.37 Although, this data collection was approved by the FISC, it brings to light the amount of metadata that is collected. As more and more metadata are collected, the less important the actual content becomes.

Brief history of laws related to privacy

Privacy is a complicated concept where each case can be dependent on situation and circumstance.38 This is why it can be difficult to determine whether a person’s privacy was infringed upon. It is also important to note that a definition of privacy is not given in the US Constitution and that the term has evolved over time.39 Rather than entering an argument on what privacy is or what it should be, this article evaluates our right to privacy. Moor’s definition is considered here, that ‘a person has a right to (informational) privacy in a domain if and only if that person has the right to control access to personal information in that domain’.40 Fundamental laws that secure privacy for United States citizens are reviewed below.

The Fourth Amendment

Freedom of speech, privacy, and personal security have their origins in the Bill of Rights, which became effective on 15 December 1791. There are two major amendments that relate to privacy, the 4th and the 1st. The strongest protection citizens have against governmental invasions of their privacy resides in the Fourth Amendment which states:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.41

Historically, the Fourth Amendment has been concerned with only protecting physical property. A prime example of this is given in Boyd v. United States (1886) where the Court ruled that:

it is not the breaking of doors, and the rummaging of this drawers, that constitutes the essence of the offence; but it is the invasion of his indefeasible right of personal security, personal liberty, and private property …42

Another court case essential to American privacy is Olmstead v. United States (1928).43 The Court reviewed whether the use of wiretapped telephone conversations obtained by federal agents without warrants was admissible as evidence. The Court held, in a 5–4 decision, that the appellant’s rights were not infringed, reasoning that there could be no search when there was no physical invasion of personal space and that there could be no seizure since words are not tangible items.44

However, in Katz v. United States (1967),45 the Court reversed the previous precedent and ruled that unwarranted wiretapping did infringe on the appellant’s Fourth Amendment rights.46 Justice Harlan explained that there are two requirements: first that the person exhibits an expectation of privacy, and secondly that the expectation of privacy is reasonable in the eyes of modern society. There have been some exceptions; many presidents since World War II have claimed that the executive branch has the power to execute warrantless electronic surveillance when national security is at stake. Although the court has allowed this in extraordinary circumstances, the exception does not apply to domestic surveillance operations targeting United States citizens. The Fourth Amendment protects citizens from unwarranted governmental surveillance.

The First Amendment

The First Amendment declares that: Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press, or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.47

INTELLIGENCE AND NATIONAL SECURITY 247

As declared by the Supreme Court in NAACP v. Claiborne Hardware Co. in 1982, violent or illegal acts are not protected under the First Amendment. The First Amendment implicitly prohibits government surveillance that may supress free expression and political protests.48

Title III

Title III of the Omnibus Crime Control and Safe Streets Act of 1968 was enacted to regulate surveillance of oral communication.49 Title III is often seen as a legislative response to Katz v. United States. The Katz decision definitively banned government surveillance with regard to criminal investigations. However, the Court ruled that the President does not need to obtain a warrant for surveillance with regard to national security. Title III outlines constitutionally acceptable electronic surveillance and authorizes law enforcement agencies to participate in surveillance activities for criminal investigative purposes if a judge awards a warrant based on ‘probable cause’. Also, authorities may engage in surveillance activities if there is immediate danger of death or serious injury to any person, there are activities threatening national security, or there are activities characteristic of organized crime as long as an application for warrant is made within 48 h of the initiation of interception.50 Although, Title III limits domestic surveil- lance, it does not limit the Executive’s authority over foreign intelligence collection.

The Foreign Intelligence Surveillance Act (FISA)

Throughout the 1960s and 1970s, several key court cases led to the formation of the Foreign Intelligence Security Act of 1978.51 In these cases, federal courts ruled in favor of the Executive Branch’s intelligence collection as it pertained to warrantless foreign intelligence collection. However, in Zweibon v Mitchell, the D.C. Circuit found warrantless foreign intelligence to be impermissible. The Court found that the primary purpose of surveillance was not to collect foreign intelligence, but to gain information about Jewish Defence League activities. The Court stated, ‘a warrant must be obtained before a wiretap is installed on a domestic organization that is neither the agent of nor acting in collaboration with a foreign power’.52 Congress created a committee to investigate many pervasive electronic surveillance incidents and found that the CIA had spied illegally on over seven thousand individuals throughout the 1960s and 1970s, many of whom were involved in peace movements, student activist groups, or Black Nationalist groups.53

FISA was written to provide legal authorization for electronic surveillance with regard to foreign intelligence and information, however, a temporary amendment in 2007 required only that one member of a communication had to be in a foreign county.54 All surveillance must be authorized by the Foreign Intelligence Surveillance Court (FISC) through an application sent by a federal officer with the permis- sion of the Attorney General. This specialized court consists of seven district court judges appointed by the Chief Justice. A FISC judge is permitted to authorize a FISA surveillance if s/he finds that there is probable cause to believe that ‘the target of the electronic surveillance is a foreign power or an agent of a foreign power: Provided, that no United States person may be considered a foreign power or an agent of a foreign power solely upon the basis of activities protected by the first amendment to the Constitution of the United States’.55

One of the key differences between Title III and FISA is that under Title III, parties who had been under surveillance were given notice following the completion of surveillance. This allowed the targets of surveillance to file suit if s/he believes her or his Fourth Amendment rights were violated. FISA does not give notice. This ensures that surveillance efforts failing to uncover incriminating evidence, and therefore not used in prosecution, will never be known to the target.56 While several court cases have upheld FISA as constitutional, some disagree with its use, especially in its current form. Daniel Solove, author of Nothing to Hide: The False Tradeoff between Privacy and Security, argues that it should be limited to use for only espionage based activities, and that in its current form, threatens Fourth Amendment rights. Changes to FISA made within the Patriot Act relaxed the need for foreign activity in intelligence gathering. While connection to foreign power is still required, the extent to which it needs

248 A. PULVER AND R. M. MEDINA

to be part of the investigation has decreased. Privacy for Americans suspect of crimes is protected under the Electronic Communications Privacy Act of 198657; however, the suspects do not have the same privacy protection under FISA, which can be used by law enforcement if there is a foreign element in the investigation. Solove argues that the distinction must be restored between espionage and criminal investigation, because intelligence collection does not require a suspicion of criminal activity, hence, the investigating agencies are given freedoms not afforded previously in criminal investigations.58

The Patriot Act

The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA Patriot Act) was passed in October 2001 in response to the 9/11 terrorists attacks. The Patriot Act amends many previous laws including FISA, under Section 206, to permit ‘roving’ warrants, which allows all phones used by target communications to be tapped, not just target num- bers.59 This infers that private communications of people besides the intended target may be recorded without specific justification.

A major issue with the Patriot Act seen by some is found in Section 215, which inserts into FISA: (a)(1) The Director of the Federal Bureau of Investigation or a designee of the Director (whose rank shall be no lower than Assistant Special Agent in Charge) may make an application for an order requiring the production of any tan- gible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities, provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution.60

This allows for bulk data collection of communications data by the government, which was not intended, stated Representative Jim Sensenbrenner (R-WI, 5th District).61 The release of declassified documents by the Obama Administration in 2013 unveiled the collection of bulk communications data through the Patriot Act and disclosed the misuse of intelligence collection activities.62 This caused controversy that led to the end of the NSA’s bulk telephony metadata collection program, as allowed by Section 215 of the Patriot Act. Although, the US Government retains the right to access communications data directly with the telephone companies with approval from the Foreign Intelligence Surveillance Court (FISC).63

One of the other major revisions was in Section 218, which states that a federal officer no longer has to demonstrate that the primary purpose of the proposed surveillance is to obtain foreign intelligence. Under the Patriot Act, officials may obtain surveillance authorization if they can show that ‘a significant purpose’ of the surveillance is to collect foreign intelligence information.64 This lowers the requirements to approve surveillance activities. A criminal investigation may be the primary purpose of surveillance with foreign intelligence collection being secondary and the FISC can approve surveillance. Another change includes increased sharing of information between different agencies.

Section 802 of the USA Patriot Act defines a new type of crime, ‘domestic terrorism’. The Act defines ‘domestic terrorism’ as activities that:

(A) involve acts dangerous to human life that are a violation of the criminal laws of the United States or of any State;

(B) appear to be intended–

(i) to intimidate or coerce a civilian population; (ii) to influence the policy of a government by intimidation or coercion; or (iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping; and

(C) occur primarily within the territorial jurisdiction of the United States.65

Some fear this broad definition may present a way to silence political protesters and dissidents,66 however, there is no evidence that it has been used in this way to the authors’ knowledge.

INTELLIGENCE AND NATIONAL SECURITY 249

It has been argued that the Patriot Act was a rushed piece of legislation, designed to enhance sur- veillance and to prevent further terrorist attacks, which did not necessarily protect the constitutional rights of American citizens. Though it may have been rushed, the Act requires periodic renewal of specific provisions. For example, in June 2015 the US Senate allowed three provisions of the Patriot Act to lapse, including controversial Section 215. The specific provisions deal with (1) the collection and storage for five years of telephone metadata of Americans by the NSA, (2) the ability of law enforcement to track terror suspects over various communications devices with a single warrant (roving wiretaps), and (3) the use of national security tools on ‘lone wolf’ terror suspects who are not found to be in contact with foreign terrorist organizations. The day following the lapse of these three provisions, the US House Passed the Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act (USA Freedom Act), which restores two provisions (roving wiretaps and investigations of ‘lone wolf’ terror suspects), but retains restrictions on the collection of American phone metadata.67

FISA Amendments Act of 2008

The FISA Amendment Act of 2008 (FAA)68 has its roots in some of the early intelligence programs initiated after the 9/11 terrorist attacks. Following the attacks, President George W. Bush issued a clas- sified authorization, which allows the NSA to collect foreign intelligence by electronic surveillance in order to prevent further terrorist acts. This presidential authorization permitted electronic surveillance within the United States for counterterrorism purposes without judicial warrants or court oversight for a limited number of days. This program became known as the Terrorist Surveillance Program (TSP), and authorized the NSA to collect the contents and metadata of international communications, and bulk metadata on telephone and internet communications. This authorization was renewed, albeit with some modifications, every 30–60 days until 2007. Certain members of Congress, as well as the FISC were briefed on the existence of the program. Eventually, the program became known as the President’s Surveillance Program and became less of a temporary response and more of a permanent intelligence collection solution.

In 2005, a story in the New York Times revealed the Terrorist Surveillance Program (TSP) and sparked public interest. President Bush confirmed the program and the Department of Justice issued a white paper that argued TSP was in fact constitutional.69 In early 2007, the FISC issued the ‘Foreign Telephone and Email Order’, which authorized the government to conduct electronic surveillance, provided they had probable cause regarding one of the targets and the location of the communication was reason- ably believed to be outside of the US. However, in May 2007 FISC issued an update to the order, which required that FISC determined probable cause rather than the investigators. The government insisted that this modification restricted intelligence collection too much and created an ‘intelligence gap’.70

At the same time as TSP and similar programs were under way, another method of intelligence collection was being implemented. Intelligence agencies used the existing FISA statute to obtain indi- vidual court orders that compelled private corporations to hand over communication details about foreign persons. The amount of time invested to write applications, determine probable cause, and get approval from the FISC resulted in loss of intelligence value. The process was too slow.

In order to deal with the ‘degraded’ acquisition of communications, President Bush proposed mod- ifications to FISA. In August 2007, Congress passed the Protect America Act (PAA) of 2007.71

In short, the PAA authorizes: (1) targeting of persons who are not United States persons, (2) who are reasonably believed to be located outside the United States, (3) with the compelled assistance of an electronic communication service provider, (4) in order to acquire foreign intelligence information.72

Section 702 of FISA is based on the PAA, which was a temporary solution. In July 2008, President Bush signed the FISA Amendments Act of 2008, which replaced the Protect America Act with the new Section 702 of FISA. In 2012, sections including 702 were renewed until December 2017. Section 702(b)

250 A. PULVER AND R. M. MEDINA

(Limitations – Procedures for Targeting Certain Persons outside the United States Other than United States Persons) of FISA states that acquisitions:

(1) may not intentionally target any person known at the time of acquisition to be located in the United States; (2) may not intentionally target a person reasonably believed to be located outside the United States if the purpose of such acquisition is to target a particular, known person reasonably believed to be in the United States; (3) may not intentionally target a United States person reasonably believed to be located outside the United States; (4) may not intentionally acquire any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States; and (5) shall be conducted in a manner consistent with the fourth amendment to the Constitution of the United States.73

The NSA’s use of Section 702 authorities are overseen both internally and externally. Internally, the NSA’s Office of Director of Compliance, NSA’s Office of General Counsel, NSA’s Director of Civil Liberties and Privacy Office, and other directorates ensure that the rules outlined in Section 702 are followed. Reports must be made to Congress and the FISC. There are also external reviews conducted by the Department of Justice’s National Security Division (NSD). NSD investigates the minimization procedures used at the NSA, FBI, and CIA. The NSD also oversees the targeting procedures implemented by the various agencies to ensure they meet the requirements designated in Section 702.

Overall, the incident rate has been very low since the program’s inception. The most common types of incidents are delays in reporting to NSD, using the wrong selector, and delays in de-tasking a non-US target known to be traveling to the United States. These three combine for about 75 percent of all com- pliance incidents. Less common incidents may have larger privacy implications. This involves acquiring data without receiving the proper approval. Technical issues resulting in incidents include delayed de-tasking of targets known to be in the United States, unauthorized collection, and over-collection of data. Any unauthorized collection is required to be purged upon recognition.74

The FISA Amendments Act of 2008 was intended, in part, to safeguard American privacy in the homeland through oversight and compliance with the 4th Amendment, while allowing for intelligence collection on non-US citizens outside the US.75 However, it has been described as a whole by many as an unconstitutional act that allows abuse of power. For example, see the American Civil Liberties Union (ACLU), ‘Why the FISA Amendments Act is Unconstitutional’.76

A 196 page document published by the Privacy and Civil Liberties Oversight Board (2014) examined the key aspects of Section 702 and although they did not offer a concise opinion on the constitutionality of Section 702, they propose a list of changes which would enhance privacy with regards to intelligence collection. The board recommended that more knowledge about incidental data collection is necessary to determine the full impact on privacy. There are no sources reporting the amount of incidental data collection. The board also states that the judicial oversight team has not discovered any instances in which an analyst intentionally violated NSA protocol. In 2013, the Department of Justice found that 0.4 percent of all targeting decisions were for someone in the United States. The board suggested that the NSA develop better filtering techniques when using upstream data collection to protect the privacy of US persons, and made many other recommendations that can be found in their report: Report on the Surveillance Program Operated Pursuant to Section 702.77

Public opinion

After reviewing the 10 alleged intelligence collection programs and the laws pertaining to intelligence collection, it is important to consider the opinions of US citizens. A survey conducted in January 2014 by the Pew Research Center asked 607 adults various questions about their views on privacy and gov- ernment surveillance. In the report, 80 percent of adults ‘agree’ or ‘strongly agree’ that Americans should be concerned with government surveillance of phone and internet communication. Over 80 percent of those surveyed had heard ‘a lot’ or ‘a little’ about government surveillance programs. Overall, there was little confidence in the security of all electronic communication. According to the report: ‘Most [people] do not think it’s a good thing for society if people believe they are being watched online’.78 Clearly, people are concerned with their privacy and are leery of government surveillance. This survey

INTELLIGENCE AND NATIONAL SECURITY 251

is part of a larger research project to monitor public opinion of privacy and security concerns over a long period. One problem with many of the surveys investigated is that they may all suffer from recency bias. Polls and surveys completed before and after Snowden released classified documents have very different results.79

It is important to evaluate the people’s trust in the government, as mistrust can lead to national security issues. The public has been informed through media, to some degree, of these alleged intel- ligence collection programs and they are concerned with governmental surveillance. Although there are many concerns, little perceived action has been taken to enhance the privacy, or perceived privacy, of US citizens. There is question as to whether or not the US will reach an intolerable level of public surveillance. Agencies implementing these intelligence collection activities must evaluate the risks and ask if the benefits (public safety) outweigh the costs (loss of public trust),80 which can evolve into national security issues.

It seems that the public often suspects the worst from intelligence efforts. There is great potential for privacy infringement, but that may not always be the case. The public today is cautious, often feeling either that the government has already taken too much information and they should stop, or that it does not matter how much they take, as long as everybody is safe. It is a rare case with today’s media that a citizen does not feel that their privacy has been infringed. However, it is important to consider that the public may willingly give up their rights to privacy in the future. Take for example the 2016 standoff between the US Department of Justice (DOJ) and Apple Inc. where the DOJ requested Apple Inc. unlock the iPhone used by one of the San Bernardino, CA terrorists and access cell phone records. Another PEW Research survey states that 51 percent of those surveyed believe that Apple Inc. should unlock the iPhone and release the information, while only 38 percent believe Apple should not unlock the phone and 11 percent do not know.81 How much of their constitutional rights Americans are willing to give up in exchange for security is not known, but it seems that amount is tied to events of terrorism and crime and policies can be enacted in a hastily following events.

Discussion and conclusions

This review gives researchers a starting point by describing alleged controversial government programs for gathering intelligence, and laws that protect citizen rights from overreaching data collection. It does not claim to be comprehensive in either digital intelligence programs or privacy laws. Nor does it claim that all these programs are in fact real or operating, as the media has portrayed them. It does highlight the potential for digital intelligence collection in the present and future.

The information age and our dependence on digital services for communications, as well as many other aspects of our lives, provide great opportunity for those with computational resources and exper- tise to exploit this information.82 No government has ever had the capability to monitor so much. Main differences between digital and pre-digital world intelligence collection are the size of accessible data and that now location and time are often integral components of data collection, which allows for spatio-temporal data mining. While wire-tapping and manually tracking suspects was required to gain highly detailed intelligence on individuals in the past, today’s digital environment facilitates these activities in a much simpler and more comprehensive way. Access to a person’s cellular phone, social media account, or internet web browser can provide more than enough information to infer daily patterns and anomalous activities.

Domestic intelligence activities have throughout history evolved to an oppressive state. A 1976 government report found that ‘In time of crisis, the Government will exercise its power to conduct domestic intelligence activities to the fullest extent’.83 After a lengthy review of US government intel- ligence gathering activities during the civil rights era, this report found that intelligence collection activities were affecting too many people for too long without oversight, and that those activities were operating unconstitutionally. The character of the US government may not have changed in this regard. It is safe to say that the US has been in a time of crisis since 9/11 and with it have come many concerns over privacy, especially when considering the US Patriot Act, where many citizens get the sense that

252 A. PULVER AND R. M. MEDINA

privacy laws are not doing enough; that laws are constructed or adapted, such that intrusion into citizen privacies is somehow allowed in ways that were not possible before. This seems to be the case when laws are updated or new ones are enacted. The US is affected by these international crises, as well as domestic ones related to nationalism, anti-immigrant, racism, sovereignty, and other instruments of bias and marginalization. It seems that the threat to citizen privacy from intelligence collection tends to rise with the threat to citizen safety from agents of violence.

Two main questions to ask are, are these digital intelligence programs now necessary to protect American citizens from an increased insider threat? And, does increased digital intelligence collection create a safer environment for Americans, at least in the homeland? Most privacy laws are aimed at protecting American citizens, but that is not the case for foreign citizens. If the major threat has become one in which Americans are the main perpetrators, do the laws need to reflect this for effective security? Many of the policy updates were motivated by terrorist activities around 9/11 and following threats, but there are other threats to US citizens including extremism, drug and narcotics networks, and gang violence. These threats may be treated with the same digital security behaviors that the terrorists and terrorist suspects are faced with.84

With consideration to terrorist violence, the US has suffered very few attacks post 9/11, though the actual number of terrorist attack attempts in the US is a surprise for many Americans. Post 9/11, the US has had at least 139 cases of homegrown violent extremist activity and in 2015 alone 79 Islamic State supporters have been arrested.85 It is also important to consider that the threat from domestic right-wing extremist violence was greater than the threat from Jihadist violence with respect to lethality, up until the 2016 Orlando Nightclub Shooting.86 To shed light on the question of whether or not these digital intelligence efforts are creating a safer America, further research by the New America Foundation shows that NSA bulk surveillance programs have not been effective in stopping terrorists. More specifically, NSA programs, bulk and targeted, are only responsible for initiating 7.5 percent of the examined 225, post 9/11 investigations on individuals charged with terrorism. Telephone metadata is responsible for 1.8 percent of that 7.5 percent. The majority of criminal cases (60 percent) were initiated by traditional investigative methods (e.g., informant, suspicious activity, routine law enforcement).87 Some might argue that if even one terrorist attack is thwarted, intelligence communities and law enforcement are successful. Others might argue that too much money and effort is spent protecting citizens from something that is a low risk, comparing this situation to the billions spent protecting US citizens from biological or chemical weapons of mass destruction (WMD) attack, which is virtually impossible for terrorists to carry out in a massive way.

It is clear that technologies and our dependencies on them have enhanced intelligence collection over the last century. This opens many doors for intelligence gathering. While technology has advanced tremendously since 1976, the warnings of the Church Committee report remain very relevant –

In an era where the technological capability of Government relentlessly increases, we must be wary about the drift toward ‘big brother government’. The potential for abuse is vast and requires special attention to fashioning restraints which not only cure past problems but anticipate and prevent the future misuse of technology.88

The best policy may be continued oversight and all that is required to make sure that oversight is effective, which includes adequate staffing, sufficient training, and funding, given the difficulties and subjectivity inherent in the interpretation of privacy laws.

Notes 1. Balkin, “The Constitution in the National Surveillance State,” 3. 2. Ball, Borger, and Greenwald, “Reveled”. 3. Ibid., n.p. 4. Greenwald et al., “Microsoft Handed the NSA Access”. 5. Ball, Borger, and Greenwald, “Reveled”. 6. Ibid., n.p. 7. Goodin, “‘We cannot trust’,” n.p. 8. Menn, “Russian Researchers Expose Breakthrough,” n.p.

INTELLIGENCE AND NATIONAL SECURITY 253

9. Ibid. 10. Ibid., n.p. 11. Greenwald, “How the NSA”. 12. Ibid. 13. Pauli, “Cisco Posts Kit to Empty,” n.p. 14. Glenza and Woolf, “Stingray Spying”. 15. United States District Court, D. Arizona, United States v. Rigmaiden. 16. Leon County Circuit Court, State of Florida v. James L. Thomas. 17. Glenza and Woolf, “Stingray Spying,” n.p. 18. Ibid. 19. Greenwald, “XKeyscore”. 20. Ibid., n.p. 21. Ibid. 22. Gellman and Soltani, “NSA Infiltrates Links to Yahoo”. 23. Ibid., n.p. 24. Greenwald, “NSA Prism Program Taps”. 25. Ibid., n.p. 26. Ovide, “U.S. Official Releases Details,” n.p. 27. Office of the Director of National Intelligence, “Facts on the Collection of Intelligence,” 1. 28. Walsh and Miller, “Rethinking ‘Five Eyes’ Security”. 29. PBS, “Obama on Mass Government Surveillance”. 30. Director of National Intelligence, “Facts on the Collection of Intelligence”. 31. Privacy and Civil Liberties Oversight Board, Report on the Surveillance Program. 32. Müller-Maguhn et al., “Treasure Map”. 33. Privacy and Civil Liberties Oversight Board, Report on the Surveillance Program. 34. Greenwald, “NSA Collecting Phone Records”. 35. Walsh and Miller, “Rethinking ‘Five Eyes’ Security”. 36. Gellman and Soltani, “NSA Tracking Cellphone Locations”. 37. Cauley “NSA Has Massive Database”. 38. Moor, “Towards a Theory of Privacy”; McArthur, “Reasonable Expectations of Privacy”; and Volkman, “Privacy as

Life, Liberty, Property”. 39. Ibid. 40. Moor, “How to Invade and Protect Privacy,” 59. 41. United States Constitution, Amendment 4. 42. United States Supreme Court, Boyd v. United States 116 U.S. 616, n.p. 43. United States Supreme Court, Olmstead v. United States. 44. Rackow, “How the USA Patriot Act”; and United States Supreme Court, Olmstead v. United States, n.p. 45. United States Supreme Court, Katz v. United States 389. 46. Jordan, “Decrypting the Fourth Amendment”. 47. United States Constitution, Amendment 1. 48. United States Supreme Court, NAACP v. Claiborne Hardware Co. 458. 49. Jordan, “Decrypting the Fourth Amendment”. 50. Rackow, “How the USA Patriot Act”. 51. Ninety Fifth Congress of the United States of America, “Foreign Intelligence Surveillance Act”. 52. United States Court of Appeals, Zweibon v. Mitchell, 516, 614; and Rackow, “How the USA Patriot Act,” 1665. 53. Rackow, “How the USA Patriot Act”. 54. Balkin, “The Constitution in the National Surveillance State”. 55. United States Government, 50 U.S. Code Ch. 36. 56. Rackow, “How the USA Patriot Act”. 57. United States Department of Justice, Electronic Communications Privacy Act. 58. Solove, Nothing to Hide. 59. Sinha, “NSA Surveillance Since 9/11”. 60. One Hundred Seventh Congress of the United States of America, Uniting and Strengthening America. 61. Serwer, “Sensenbrenner Wants Tweaks”. 62. Savage and Risen, “Latest Release of Documents”. 63. Office of the Director of National Intelligence, “ODNI Announces Transition”. 64. Rackow, “How the USA Patriot Act”. 65. One Hundred Seventh Congress of the United States of America The Uniting and Strengthening America, 105. 66. Rackow, “How the USA Patriot Act”. 67. Diamond, “Patriot Act Provisions have Expired”; and 114th Congress, H.R. 2048 – USA Freedom Act. 68. One Hundred Tenth Congress of the United States of America, Foreign Intelligence Surveillance Act (FISA).

254 A. PULVER AND R. M. MEDINA

69. United States Department of Justice, Legal Authorities Supporting the Activities. 70. Privacy and Civil Liberties Oversight Board, Report on the Surveillance Program. 71. One Hundred Tenth Congress of the United States of America, Protect America Act of 2007. 72. Privacy and Civil Liberties Oversight Board, Report on the Surveillance Program. 73. One Hundred Tenth Congress of the United States of America, Foreign Intelligence Surveillance Act. 74. Privacy and Civil Liberties Oversight Board, Report on the Surveillance Program. 75. See United States Director of National Intelligence, Facts on the Collection of Intelligence; and National Security

Agency, “Fact Sheet on Section 702”. The NSA Fact Sheet has been removed from the NSA website. 76. American Civil Liberties Union (ACLU), “Why the FISA Amendments Act”. 77. Privacy and Civil Liberties Oversight Board, Report on the Surveillance Program. 78. Pew Research Center, “Public Perceptions of Privacy and Security,” n.p. 79. Pew Research Center, “What Americans Think about NSA”. 80. Walsh and Miller, “Rethinking ‘Five Eyes’ Security”. 81. Pew Research Center, “More Support for Justice Department”. 82. Thompson, “Privacy, Secrecy, and Security”. 83. Church Committee, Intelligence Activities and the Rights, 289. 84. Walsh and Miller, “Rethinking ‘Five Eyes’ Security”. 85. United States National Counterterrorism Center, Counterterrorism Digest. 86. New American Foundation, “Terrorism in America After 9/11”. 87. Bergen et al., Do NSA’s Bulk Surveillance Programs. 88. Church Committee, Intelligence Activities and the Rights, 289.

Disclosure statement No potential conflict of interest was reported by the authors.

Notes on contributors Aaron Pulver is currently a product engineer at Esri, in Portland, ME. He received his MS in Geography from the University of Utah with a focus on spatial optimization and medical geography.

Richard M. Medina is an assistant professor in the Department of Geography at the University of Utah. His research focuses on terrorism and homeland security, network science, Geographic Information Systems (GIS), and complex social systems.

Bibliography American Civil Liberties Union (ACLU). “Why the FISA Amendments Act is Unconstitutional.” (N.D.). Accessed April 24, 2017.

https://www.aclu.org/sites/default/files/field_document/asset_upload_file846_36126.pdf Balkin, J. M. “The Constitution in the National Surveillance State.” Minnesota Law Review 93 (2008): 1–25. Ball, J., J. Borger, and G. Greenwald. “Reveled: How US and UK Spy Agencies Defeat Internet Privacy and Security.” The

Guardian, September 6, 2013. Accessed April 16, 2016. http://www.theguardian.com/world/2013/sep/05/nsa-gchq- encryption-codes-security

Bergen, P., D. Sterman, E. Schneider, and B. Cahall. Do NSA’s Bulk Surveillance Programs Stop Terrorists?. Washington, DC: New America Foundation, 2014.

Cauley, L. “NSA Has Massive Database of Americans’ Phone Calls.” USA Today, Washington/Politics Section. 2006. Accessed April 18, 2017. http://usatoday30.usatoday.com/news/washington/2006-05-10-nsa_x.htm

Church Committee. Intelligence Activities and the Rights of Americans, Book II. Final Report of the Select Committee to Study Governmental Operations with Respect to Intelligence Activities. United States Senate. Report No. 94-755. Washington, DC: U.S. Government Printing Office, 1976.

Diamond, J. “Patriot Act Provisions Have Expired: What Happens Now?” CNN, June 1, 2015. Accessed April 19, 2017. http:// www.cnn.com/2015/05/30/politics/what-happens-if-the-patriot-act-provisions-expire/

Director of National Intelligence. Facts on the Collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act. Washington, DC. 8 June 2013. Accessed April 27, 2017. https://www.dni.gov/files/documents/Facts%20 on%20the%20Collection%20of%20Intelligence%20Pursuant%20to%20Section%20702.pdf.

Gellman, B., and A. Soltani “NSA Infiltrates Links to Yahoo, Google Data Centers Worldwide, Snowden Documents Say.” Washington Post, October 30, 2013. Accessed April 12, 2016. https://www.washingtonpost.com/world/national-security/ nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166- 11e3-8b74-d89d714ca4dd_story.html

INTELLIGENCE AND NATIONAL SECURITY 255

Gellman, B., and A. Soltani. “NSA Tracking Cellphone Locations Worldwide, Snowden Documents Show.” The Washington Post, December 4, 2013. Accessed April 16, 2016. <https://www.washingtonpost.com/world/national-security/nsa-tracking- cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_ story.html

Glenza, J., and N. Woolf. “Stingray Spying: FBI’s Secret Deal with Police Hides Phone Dragnet from Courts.” The Guardian, April 10, 2015. Accessed April 16, 2016. http://www.theguardian.com/us-news/2015/apr/10/stingray-spying-fbi-phone- dragnet-police

Goodin, D. “‘We cannot trust’ Intel and Via’s Chip-based Crypto, FreeBSD Developers Say.” arstechnica, December 10, 2013. Greenwald, G., E. MacAskill, L. Poitras, S. Ackerman, and D. Rushe. “Microsoft Handed the NSA Access to Encrypted Messages.”

The Guardian, July 11, 2013. Accessed April 16, 2016. http://www.theguardian.com/world/2013/jul/11/microsoft-nsa- collaboration-user-data

Greenwald, G. “How the NSA Tampers with US-Made Internet Routers.” The Guardian, May 12, 2014. Accessed April 16, 2016. http://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden

Greenwald, G. “NSA Collecting Phone Records of Millions of Verizon Customers Daily.” The Guardian, June 5, 2013. Accessed April 16, 2016. http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order

Greenwald, G. “NSA Prism Program Taps In To User Data of Apple, Google and Others.” The Guardian, June 7, 2013. Accessed April 16, 2016. http://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data.

Greenwald, G. “XKeyscore: NSA Tool Collects ‘Nearly Everything A User Does On the Internet’.” The Guardian, July 31, 2013. Accessed April 16, 2016. http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data

Jordan, D. A. “Decrypting the Fourth Amendment: Warrantless NSA Surveillance and the Enhanced Expectation of Privacy Provided by Encrypted Voice Over Protocol.” Boston College Law Review 47, no. 2006 (2006): 505–546.

Kushner, D. “The Real Story of Stuxnet.” IEEE Spectrum, February 26, 2013. Leon County Circuit Court. State of Florida v. James L. Thomas, No. 2008-CF-3350A. August 23, 2010. Accessed October 14,

2015. https://www.aclu.org/files/assets/100823_transcription_of_suppression_hearing_complete_0.pdf McArthur, R. L. “Reasonable Expectations of Privacy.” Ethics and Information Technology 3 (2001): 123–128. Menn, J. “Russian Researchers Expose Breakthrough in U.S. Spying Program.” Reuters, February 17, 2015. Accessed April 16,

2016. http://www.reuters.com/article/us-usa-cyberspying-idUSKBN0LK1QV20150217 Moor, J. H. “How to Invade and Protect Privacy with Computers.” In The Information Web: Ethical and Social Implications of

Computer Networking, edited by Carol C Gould, 57–70. Boulder, CO: Westview Press, 1989. Moor, J. H. “Towards a Theory of Privacy in the Information Age.” ACM SIGCAS Computers and Society 27 (1997): 27–32. Müller-Maguhn, A., L. Poitras, M. Rosenbach, M. Sontheimer, and C. Grothoff. “Treasure Map: The NSA Breach of Telekom and

Other German Firms.” Spiegel Online, September 14, 2014. Accessed March 30, 2016. http://www.spiegel.de/international/ world/snowden-documents-indicate-nsa-has-breached-deutsche-telekom-a-991503.html

National Security Agency. “Fact Sheet on Section 702.” N.D. Accessed April 26, 2017. https://fas.org/irp/news/2013/06/ nsa-sect702.pdf

New America Foundation. “Terrorism in America After 9/11.” N.D. Accessed April 26, 2017. https://www.newamerica.org/ in-depth/terrorism-in-america/

Ninety Fifth Congress of the United States of America. “Foreign Intelligence Surveillance Act of 1978 (FISA), 50 U.S.C. 1801.” US Government Publishing Office, 1978. Accessed April 24, 2017. https://www.gpo.gov/fdsys/pkg/STATUTE-92/pdf/ STATUTE-92-Pg1783.pdf

Office of the Director of National Intelligence. Facts on the Collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act. Washington, DC, June 8, 2013.

Office of the Director of National Intelligence. “ODNI Announces Transition to New Telephone Metadata Program.” November 27, 2015. Accessed April 27, 2017. https://icontherecord.tumblr.com/post/134069716908/odni-announces-transition- to-new-telephone

One Hundred Fourteenth Congress of the United States of America. H.R. 2048 – USA Freedom Act of 2015. 2015. Accessed April 19, 2017. https://www.congress.gov/bill/114th-congress/house-bill/2048/text

One Hundred Seventh Congress of the United States of America. The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA Patriot Act). US Government Publishing Office, 2001. Accessed April 18, 2017. https://www.gpo.gov/fdsys/pkg/BILLS-107hr3162enr/pdf/BILLS-107hr3162enr.pdf.

One Hundred Tenth Congress of the United States of America. Foreign Intelligence Surveillance Act (FISA) of 1978 Amendments Act of 2008, Public Law No: 110-261. 2008. Accessed April 24, 2017. https://www.congress.gov/bill/110th-congress/house- bill/6304

One Hundred Tenth Congress of the United States of America. Protect America Act of 2007. 2007. Accessed April 18, 2017. https://www.govtrack.us/congress/bills/110/s1927/text

Ovide, S. “U.S. Official Releases Details of Prism Program.” Wall Street Journal, June 8, 2013. Accessed April 16, 2016. http:// www.wsj.com/articles/SB10001424127887324299104578533802289432458

Pauli, D. “Cisco Posts Kit to Empty Houses to Dodge NSA Chop Shops.” The Register, March 18, 2015. Accessed April 16, 2016. http://www.theregister.co.uk/2015/03/18/want_to_dodge_nsa_supply_chain_taps_ask_cisco_for_a_dead_drop/

PBS. “Obama on Mass Government Surveillance, Then and Now.” Frontline, May 13, 2014. Accessed October 25, 2016. http:// www.pbs.org/wgbh/frontline/article/obama-on-mass-government-surveillance-then-and-now/

256 A. PULVER AND R. M. MEDINA

Pew Research Center. “More Support for Justice Department than for Apple in Dispute Over Unlocking iPhone.” 2016. Accessed April 16, 2016. http://www.people-press.org/2016/02/22/more-support-for-justice-department-than-for- apple-in-dispute-over-unlocking-iphone/

Pew Research Center. “Public Perceptions of Privacy and Security in the Post-Snowden Era.” 2014. Accessed April 16, 2016. http://www.pewinternet.org/2014/11/12/public-privacy-perceptions/

Pew Research Center. “What Americans Think about NSA Surveillance, National Security and Privacy.” 2015. Accessed April 16, 2016. http://www.pewresearch.org/fact-tank/2015/05/29/what-americans-think-about-nsa-surveillance-national- security-and-privacy/

Privacy and Civil Liberties Oversight Board. Report on the Surveillance Program Operated Pursuant to Section 702. 2 July 2014. Washington, DC.

Rackow, S. H. “How the USA Patriot Act Will Permit Governmental Infringement upon the Privacy of Americans in the Name of ‘Intelligence’ Investigations.” University of Pennsylvania Law Review 150 (2002): 1651–1696.

Savage, C., and J. Risen. “Latest Release of Documents on N.S.A. Includes 2004 Ruling on Email Surveillance.” New York Times, November 18, 2013. Accessed April 27, 2017. http://www.nytimes.com/2013/11/19/us/latest-release-of-documents- on-nsa-includes-2004-ruling-on-email-surveillance.html

Serwer, A. “Sensenbrenner Wants Tweaks to His Own Patriot Act.” MSNBC. November 19, 2013. Accessed April 27, 2017. http://www.msnbc.com/msnbc/the-patriot-act-never-would-have-passed

Sinha, G. A. “NSA Surveillance Since 9/11 and the Human Right To Privacy.” Loyola Law Review 31 (2013). Solove, D. J. Nothing to Hide: The False Tradeoff between Privacy and Security. New Haven, CT: Yale University Press, 2011. Thompson, P. B. “Privacy, Secrecy, and Security.” Ethics and Information Technology 3 (2001): 13–19. United States Constitution. Amendment 1. United States Constitution. Amendment 4. United States Court of Appeals. Zweibon v. Mitchell, 516 F. 2d 594. Argued 23 October 1974, Decided 23June 1975, As

amended 24 June 1975. United States Department of Justice. Electronic Communications Privacy Act of 1986 (ECPA), 18 U.S.C. § 2510-22. 1986. Accessed

April 18, 2017. https://it.ojp.gov/PrivacyLiberty/authorities/statutes/1285 United States Department of Justice. Legal Authorities Supporting the Activities of the National Security Agency Described by

the President, 19 January 2006. Washington, DC, 2006. United States Director of Intelligence. Facts on the Collection of Intelligence Pursuant to Section 702 of the Foreign Intellignece

Surveillance Act. June 8, 2013. Washington, DC. Accessed April 26, 2017. https://www.dni.gov/files/documents/Facts%20 on%20the%20Collection%20of%20Intelligence%20Pursuant%20to%20Section%20702.pdf

United States District Court, D. Arizona. United States v. Rigmaiden, CR08-814-PHX-DGC, Dkt. #0674-1. United States of America, Plaintiff, v. Daniel David Rigmaiden, Defendant. May 8, 2013. http://www.leagle.com/decision/In%20FDCO%20 20130508G77/U.S.%20v.%20RIGMAIDEN

United States Government. 50 U.S. Code Ch. 36: Foreign Intelligence Surveillance, § 1805, Title 50 War and National Defense. Accessed May 18, 2017. http://uscode.house.gov/view.xhtml?path=/prelim@title50/chapter36&edition=prelim

United States National Counterterrorism Center. Counterterrorism Digest. Washington, DC, January 20–26, 2016. United States Supreme Court. Boyd v. United States 116 U.S. 616 (1886). Argued 11, 14 December 1886, Decided 1 February

1886. Accessed February 6, 2016. https://supreme.justia.com/cases/federal/us/116/616/case.html United States Supreme Court. Katz v. United States 389 U.S. 347 (1967). Argued 17 October 1967, Decided 18 December

1967. Accessed April 18, 2017. https://supreme.justia.com/cases/federal/us/389/347/case.html United States Supreme Court. NAACP v. Claiborne Hardware Co. 458 U.S. 886 (1982). Argued 3 March 1982, Decided 2 July

1982. Accessed March 16, 2017. https://supreme.justia.com/cases/federal/us/458/886/case.html United States Supreme Court. Olmstead v. United States 277 U.S. 438 (1928). 20, 21 Argued February 1928, Decided 4 June

1928. Accessed February 6, 2016. https://supreme.justia.com/cases/federal/us/277/438/case.html Volkman, R. “Privacy as Life, Liberty, Property.” Ethics and Information Technology 5 (2003): 199–210. Walsh, P. F., and S. Miller. “Rethinking ‘Five Eyes’ Security Intelligence Collection Policies and Practice Post Snowden.”

Intelligence and National Security, early online publication 22 January 2015.